-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathgithub-events.mjs
More file actions
319 lines (268 loc) · 9.52 KB
/
github-events.mjs
File metadata and controls
319 lines (268 loc) · 9.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
/**
* GitHub webhook event formatting and filtering for the broker bridge.
*
* Pure functions — no side effects, no env vars, no I/O.
* The bridge imports these and wires them into the message pipeline.
*/
import { wrapExternalContent } from "./security.mjs";
// ── Security Boundary Wrapping ──────────────────────────────────────────────
/**
* Wrap a GitHub event message with security boundaries.
*
* Uses shared security wrapping (notice + marker sanitization + boundaries)
* with GitHub-specific metadata (Repo, Event, Ref, Actor).
*/
export function wrapGitHubContent({ body, repo, event, action, actor, ref }) {
const metadataLines = [
`Repo: ${repo}`,
`Event: ${event}${action ? ` (${action})` : ""}`,
...(ref ? [`Ref: ${ref}`] : []),
...(actor ? [`Actor: ${actor}`] : []),
];
return wrapExternalContent({
text: body,
source: "GitHub",
metadataLines,
});
}
// ── Filtering ───────────────────────────────────────────────────────────────
const DEFAULT_IGNORED_USERS = ["baudbot-agent"];
/**
* Parse GITHUB_IGNORED_USERS env var into a Set of login names.
* Always includes "baudbot-agent" to prevent loops.
*/
export function parseIgnoredUsers(envValue) {
const extra = (envValue || "")
.split(",")
.map((s) => s.trim().toLowerCase())
.filter(Boolean);
return new Set([...DEFAULT_IGNORED_USERS.map((u) => u.toLowerCase()), ...extra]);
}
/**
* Extract the actor login from a GitHub webhook payload.
* Different event types store the actor in different fields.
*/
export function extractActor(type, payload) {
if (!payload || typeof payload !== "object") return null;
// Most events have a top-level sender
if (payload.sender?.login) return payload.sender.login;
// push events use pusher.name
if (type === "push" && payload.pusher?.name) return payload.pusher.name;
return null;
}
/**
* Determine if a GitHub event should be skipped (filtered out).
* Returns a reason string if skipped, or null if the event should be processed.
*/
export function shouldSkipEvent(type, payload, ignoredUsers) {
const actor = extractActor(type, payload);
// Skip events from ignored users (bot loop prevention)
if (actor && ignoredUsers.has(actor.toLowerCase())) {
return `ignored user: ${actor}`;
}
const action = payload?.action;
// Skip noisy check_suite lifecycle events (only care about completed)
if (type === "check_suite" && (action === "requested" || action === "created" || action === "rerequested")) {
return `check_suite action: ${action}`;
}
// Skip noisy check_run lifecycle events (only care about completed)
if (type === "check_run" && (action === "requested" || action === "created" || action === "rerequested")) {
return `check_run action: ${action}`;
}
// Skip pull_request synchronize (force-push noise)
if (type === "pull_request" && action === "synchronize") {
return "pull_request action: synchronize";
}
return null;
}
// ── Event Formatting ────────────────────────────────────────────────────────
function repoName(payload) {
return payload?.repository?.full_name || "unknown/repo";
}
function truncate(text, maxLen = 200) {
if (!text || typeof text !== "string") return "";
const oneLine = text.replace(/\r?\n/g, " ").trim();
if (oneLine.length <= maxLen) return oneLine;
return `${oneLine.slice(0, maxLen)}…`;
}
function formatPullRequest(payload) {
const pr = payload.pull_request;
if (!pr) return null;
const repo = repoName(payload);
const action = payload.action;
const merged = action === "closed" && pr.merged;
const displayAction = merged ? "merged" : action;
const actor = pr.user?.login || extractActor("pull_request", payload) || "unknown";
const lines = [
`PR #${pr.number}: ${truncate(pr.title, 120)}`,
`Action: ${displayAction}`,
`Author: ${actor}`,
pr.html_url ? `URL: ${pr.html_url}` : null,
].filter(Boolean);
return wrapGitHubContent({
body: lines.join("\n"),
repo,
event: "pull_request",
action: displayAction,
actor,
ref: pr.head?.ref,
});
}
function formatPullRequestReview(payload) {
const review = payload.review;
const pr = payload.pull_request;
if (!review || !pr) return null;
const repo = repoName(payload);
const actor = review.user?.login || extractActor("pull_request_review", payload) || "unknown";
const state = review.state || "unknown"; // approved, changes_requested, commented
const lines = [
`PR #${pr.number}: ${truncate(pr.title, 120)}`,
`Review: ${state}`,
`Reviewer: ${actor}`,
review.body ? `Comment: ${truncate(review.body, 300)}` : null,
review.html_url ? `URL: ${review.html_url}` : null,
].filter(Boolean);
return wrapGitHubContent({
body: lines.join("\n"),
repo,
event: "pull_request_review",
action: state,
actor,
ref: `#${pr.number}`,
});
}
function formatIssueComment(payload) {
const comment = payload.comment;
if (!comment) return null;
const repo = repoName(payload);
const actor = comment.user?.login || extractActor("issue_comment", payload) || "unknown";
// issue_comment fires for both issues and PRs; the payload has .issue
const issue = payload.issue;
const number = issue?.number || "?";
const isPR = Boolean(issue?.pull_request);
const lines = [
`${isPR ? "PR" : "Issue"} #${number}: ${truncate(issue?.title, 120)}`,
`Commenter: ${actor}`,
comment.body ? `Body: ${truncate(comment.body, 300)}` : null,
comment.html_url ? `URL: ${comment.html_url}` : null,
].filter(Boolean);
return wrapGitHubContent({
body: lines.join("\n"),
repo,
event: "issue_comment",
action: payload.action || "created",
actor,
ref: `#${number}`,
});
}
function formatCheckSuite(payload) {
const suite = payload.check_suite;
if (!suite) return null;
const repo = repoName(payload);
const conclusion = suite.conclusion || suite.status || "unknown";
const branch = suite.head_branch || "unknown";
const actor = extractActor("check_suite", payload) || "unknown";
const prInfo = suite.pull_requests?.[0];
const lines = [
`Conclusion: ${conclusion}`,
`Branch: ${branch}`,
prInfo ? `PR: #${prInfo.number}` : null,
prInfo?.url ? `PR URL: ${prInfo.url}` : null,
].filter(Boolean);
return wrapGitHubContent({
body: lines.join("\n"),
repo,
event: "check_suite",
action: conclusion,
actor,
ref: branch,
});
}
function formatCheckRun(payload) {
const run = payload.check_run;
if (!run) return null;
const repo = repoName(payload);
const conclusion = run.conclusion || run.status || "unknown";
const name = run.name || "unknown";
const actor = extractActor("check_run", payload) || "unknown";
const prInfo = run.pull_requests?.[0];
const lines = [
`Check: ${name}`,
`Conclusion: ${conclusion}`,
prInfo ? `PR: #${prInfo.number}` : null,
run.html_url ? `URL: ${run.html_url}` : null,
].filter(Boolean);
return wrapGitHubContent({
body: lines.join("\n"),
repo,
event: "check_run",
action: conclusion,
actor,
ref: prInfo ? `#${prInfo.number}` : undefined,
});
}
function formatPush(payload) {
const repo = repoName(payload);
const ref = payload.ref || "unknown";
const branch = ref.replace(/^refs\/heads\//, "");
const actor = payload.pusher?.name || extractActor("push", payload) || "unknown";
const commits = Array.isArray(payload.commits) ? payload.commits : [];
const commitSummaries = commits
.slice(0, 5)
.map((c) => `• ${c.id?.slice(0, 7) || "?"} ${truncate(c.message, 80)}`)
.join("\n");
const lines = [
`Branch: ${branch}`,
`Pusher: ${actor}`,
`Commits: ${commits.length}`,
commitSummaries || null,
commits.length > 5 ? ` … and ${commits.length - 5} more` : null,
payload.compare ? `Compare: ${payload.compare}` : null,
].filter(Boolean);
return wrapGitHubContent({
body: lines.join("\n"),
repo,
event: "push",
action: null,
actor,
ref: branch,
});
}
/**
* Format a GitHub webhook event into a security-wrapped message for the agent.
*
* Returns { message, isPing, isUnknown } where:
* - message: the formatted string to send (null for ping events)
* - isPing: true if this was a ping event (no message needed)
* - isUnknown: true if the event type is not explicitly handled
*/
export function formatGitHubEvent(type, payload) {
if (type === "ping") {
return { message: null, isPing: true, isUnknown: false };
}
const formatters = {
pull_request: formatPullRequest,
pull_request_review: formatPullRequestReview,
issue_comment: formatIssueComment,
check_suite: formatCheckSuite,
check_run: formatCheckRun,
push: formatPush,
};
const formatter = formatters[type];
if (formatter) {
const message = formatter(payload);
return { message, isPing: false, isUnknown: false };
}
// Unknown event type — build a minimal summary
const repo = repoName(payload);
const actor = extractActor(type, payload) || "unknown";
const preview = truncate(JSON.stringify(payload), 200);
const message = wrapGitHubContent({
body: `Unhandled event type. Payload preview:\n${preview}`,
repo,
event: type,
action: payload?.action || null,
actor,
});
return { message, isPing: false, isUnknown: true };
}