|
| 1 | +#!/usr/bin/env bash |
| 2 | +# gatekeeper-approve.sh — "Gatekeeper" GitHub App auto-approver bridge (MCP-1249). |
| 3 | +# |
| 4 | +# Purpose: turn a Paperclip Codex review verdict of ACCEPT into a real GitHub |
| 5 | +# *approving review* posted by a branded GitHub App identity, so the repo's |
| 6 | +# "1 approving review by a reviewer with write access" branch-protection rule is |
| 7 | +# satisfied WITHOUT an admin override and WITHOUT the PR author approving their |
| 8 | +# own PR (author != approver). Once the App approval lands, GitHub auto-merge |
| 9 | +# (squash) completes the merge with zero admin — full "Model B". |
| 10 | +# |
| 11 | +# This is the missing piece of MCP-1249. It pairs with arm-auto-merge.sh. |
| 12 | +# |
| 13 | +# Verdict source of record = the Paperclip review comment (the review bots do NOT |
| 14 | +# post to GitHub). This script reads that verdict and, only on ACCEPT, posts the |
| 15 | +# GitHub approval as the App. |
| 16 | +# |
| 17 | +# ───────────────────────────────────────────────────────────────────────────── |
| 18 | +# Configuration (env, or sourced from a gitignored file — NEVER commit secrets): |
| 19 | +# GATEKEEPER_APP_ID GitHub App ID (integer) |
| 20 | +# GATEKEEPER_INSTALLATION_ID Installation ID for smart-mcp-proxy/mcpproxy-go |
| 21 | +# GATEKEEPER_PRIVATE_KEY Path to the App private key .pem |
| 22 | +# GATEKEEPER_REPO (optional) owner/repo, default smart-mcp-proxy/mcpproxy-go |
| 23 | +# PAPERCLIP_API_URL (optional) default http://localhost:3100 |
| 24 | +# PAPERCLIP_COMPANY_ID (optional) default 16edd8ed-8691-4a89-aa30-74ab6b931663 |
| 25 | +# CODEX_REVIEWER_AGENT_ID (optional) default 5b94562c-524f-4c29-bc24-3524c1acd8e9 |
| 26 | +# A convenient place: ~/.mcpproxy-gatekeeper/env (chmod 600, gitignored). |
| 27 | +# |
| 28 | +# Usage: |
| 29 | +# gatekeeper-approve.sh --pr <N> [--verdict accept|request_changes] [--dry-run] |
| 30 | +# |
| 31 | +# --pr <N> (required) PR number to act on. |
| 32 | +# --verdict <v> override the Paperclip verdict lookup (testing). |
| 33 | +# --dry-run do everything except POST the review (and print the plan). |
| 34 | +# |
| 35 | +# Exit codes: 0 ok/approved/dry-run; 2 not configured; 3 verdict not accept |
| 36 | +# (no-op); 4 author==approver guard; 5 GitHub/API error. |
| 37 | +# ───────────────────────────────────────────────────────────────────────────── |
| 38 | +set -euo pipefail |
| 39 | + |
| 40 | +REPO="${GATEKEEPER_REPO:-smart-mcp-proxy/mcpproxy-go}" |
| 41 | +PAPERCLIP_API_URL="${PAPERCLIP_API_URL:-http://localhost:3100}" |
| 42 | +PAPERCLIP_COMPANY_ID="${PAPERCLIP_COMPANY_ID:-16edd8ed-8691-4a89-aa30-74ab6b931663}" |
| 43 | +CODEX_REVIEWER_AGENT_ID="${CODEX_REVIEWER_AGENT_ID:-5b94562c-524f-4c29-bc24-3524c1acd8e9}" |
| 44 | + |
| 45 | +# Optional config file |
| 46 | +[[ -f "${HOME}/.mcpproxy-gatekeeper/env" ]] && source "${HOME}/.mcpproxy-gatekeeper/env" |
| 47 | + |
| 48 | +PR=""; VERDICT_OVERRIDE=""; DRY_RUN=0 |
| 49 | +while [[ $# -gt 0 ]]; do |
| 50 | + case "$1" in |
| 51 | + --pr) PR="$2"; shift 2;; |
| 52 | + --verdict) VERDICT_OVERRIDE="$2"; shift 2;; |
| 53 | + --dry-run) DRY_RUN=1; shift;; |
| 54 | + -h|--help) grep '^#' "$0" | sed 's/^# \{0,1\}//'; exit 0;; |
| 55 | + *) echo "unknown arg: $1" >&2; exit 1;; |
| 56 | + esac |
| 57 | +done |
| 58 | +[[ -z "$PR" ]] && { echo "ERROR: --pr <N> required" >&2; exit 1; } |
| 59 | + |
| 60 | +log() { echo "[gatekeeper] $*" >&2; } |
| 61 | + |
| 62 | +# ── 1. Resolve the Codex review verdict for this PR from Paperclip ─────────── |
| 63 | +resolve_verdict() { |
| 64 | + if [[ -n "$VERDICT_OVERRIDE" ]]; then echo "$VERDICT_OVERRIDE"; return; fi |
| 65 | + # Reads are fine unauthenticated against the local instance. |
| 66 | + curl -fsS -m 15 "${PAPERCLIP_API_URL}/api/companies/${PAPERCLIP_COMPANY_ID}/issues?q=Review%20PR%20%23${PR}" 2>/dev/null \ |
| 67 | + | PR="$PR" CODEX="$CODEX_REVIEWER_AGENT_ID" BASE="$PAPERCLIP_API_URL" python3 -c ' |
| 68 | +import sys, json, os, urllib.request |
| 69 | +pr, codex, base = os.environ["PR"], os.environ["CODEX"], os.environ["BASE"] |
| 70 | +iss = json.load(sys.stdin) |
| 71 | +iss = iss if isinstance(iss, list) else iss.get("issues", iss.get("data", [])) |
| 72 | +# Codex review tasks for this PR (any title that references "PR #<n>"), |
| 73 | +# assigned to the Codex reviewer, newest first (round-2 supersedes round-1). |
| 74 | +needle = "PR #%s" % pr |
| 75 | +revs = [i for i in iss |
| 76 | + if needle in (i.get("title") or "") and i.get("assigneeAgentId") == codex] |
| 77 | +revs.sort(key=lambda x: x.get("createdAt", ""), reverse=True) |
| 78 | +verdict = "unknown" |
| 79 | +for i in revs: |
| 80 | + url = "%s/api/issues/%s/comments" % (base, i.get("id")) |
| 81 | + try: |
| 82 | + c = json.load(urllib.request.urlopen(url, timeout=15)) |
| 83 | + except Exception: |
| 84 | + continue |
| 85 | + c = c if isinstance(c, list) else c.get("comments", c.get("data", [])) |
| 86 | + for cm in reversed(c): |
| 87 | + b = (cm.get("body") or "").lower() |
| 88 | + if "verdict:" not in b: |
| 89 | + continue |
| 90 | + tail = b.split("verdict:", 1)[1][:40] |
| 91 | + if "accept" in tail: |
| 92 | + verdict = "accept"; break |
| 93 | + if "request_changes" in tail or "request changes" in tail: |
| 94 | + verdict = "request_changes"; break |
| 95 | + if verdict != "unknown": |
| 96 | + break |
| 97 | +print(verdict) |
| 98 | +' |
| 99 | +} |
| 100 | + |
| 101 | +# ── 2. Mint a GitHub App installation access token (RS256 JWT via openssl) ──── |
| 102 | +mint_installation_token() { |
| 103 | + local app_id="$1" install_id="$2" pem="$3" |
| 104 | + local now exp header payload b64 signing sig jwt |
| 105 | + now=$(date +%s); exp=$((now + 540)) # 9-min window (max 10) |
| 106 | + b64() { openssl base64 -A | tr '+/' '-_' | tr -d '='; } |
| 107 | + header=$(printf '{"alg":"RS256","typ":"JWT"}' | b64) |
| 108 | + payload=$(printf '{"iat":%d,"exp":%d,"iss":"%s"}' "$((now-60))" "$exp" "$app_id" | b64) |
| 109 | + signing="${header}.${payload}" |
| 110 | + sig=$(printf '%s' "$signing" | openssl dgst -sha256 -sign "$pem" -binary | b64) |
| 111 | + jwt="${signing}.${sig}" |
| 112 | + curl -fsS -m 20 -X POST \ |
| 113 | + -H "Authorization: Bearer ${jwt}" \ |
| 114 | + -H "Accept: application/vnd.github+json" \ |
| 115 | + "https://api.github.com/app/installations/${install_id}/access_tokens" \ |
| 116 | + | python3 -c 'import sys,json; print(json.load(sys.stdin)["token"])' |
| 117 | +} |
| 118 | + |
| 119 | +# ── main ──────────────────────────────────────────────────────────────────── |
| 120 | +VERDICT="$(resolve_verdict || echo unknown)" |
| 121 | +log "PR #${PR} Codex verdict = ${VERDICT}" |
| 122 | + |
| 123 | +if [[ "$VERDICT" != "accept" ]]; then |
| 124 | + log "verdict is not 'accept' — NOT approving (no-op). request_changes/unknown must not auto-approve." |
| 125 | + exit 3 |
| 126 | +fi |
| 127 | + |
| 128 | +# Author != approver guard. The App identity is inherently != the PR author, |
| 129 | +# but verify the PR author is not somehow the bot (defense in depth). |
| 130 | +AUTHOR="$(gh pr view "$PR" --repo "$REPO" --json author -q .author.login 2>/dev/null || echo '?')" |
| 131 | +log "PR #${PR} author = ${AUTHOR} (App approves as a distinct identity)" |
| 132 | + |
| 133 | +if [[ -z "${GATEKEEPER_APP_ID:-}" || -z "${GATEKEEPER_INSTALLATION_ID:-}" || -z "${GATEKEEPER_PRIVATE_KEY:-}" ]]; then |
| 134 | + log "NOT CONFIGURED: set GATEKEEPER_APP_ID, GATEKEEPER_INSTALLATION_ID, GATEKEEPER_PRIVATE_KEY" |
| 135 | + log "(register the 'MCPProxy Gatekeeper' App, install on ${REPO}, drop creds in ~/.mcpproxy-gatekeeper/env)" |
| 136 | + exit 2 |
| 137 | +fi |
| 138 | +[[ -f "$GATEKEEPER_PRIVATE_KEY" ]] || { log "private key not found: $GATEKEEPER_PRIVATE_KEY"; exit 2; } |
| 139 | + |
| 140 | +BODY="✅ **Gatekeeper approval** — Codex review verdict: ACCEPT. |
| 141 | +
|
| 142 | +This approval is posted automatically by the MCPProxy Gatekeeper App on behalf of the Codex reviewer (verdict of record lives in the Paperclip review thread). Author≠approver satisfied; QA + CI gates enforced separately. |
| 143 | +
|
| 144 | +_Auto-approved per Model B (MCP-1249)._" |
| 145 | + |
| 146 | +if [[ "$DRY_RUN" == "1" ]]; then |
| 147 | + log "DRY-RUN: would mint installation token (app=${GATEKEEPER_APP_ID} install=${GATEKEEPER_INSTALLATION_ID}) and POST APPROVE review on ${REPO}#${PR}." |
| 148 | + exit 0 |
| 149 | +fi |
| 150 | + |
| 151 | +log "minting installation token…" |
| 152 | +TOKEN="$(mint_installation_token "$GATEKEEPER_APP_ID" "$GATEKEEPER_INSTALLATION_ID" "$GATEKEEPER_PRIVATE_KEY")" \ |
| 153 | + || { log "failed to mint installation token"; exit 5; } |
| 154 | + |
| 155 | +log "posting APPROVE review on ${REPO}#${PR}…" |
| 156 | +HTTP=$(curl -s -o /tmp/gatekeeper-resp.json -w '%{http_code}' -m 20 -X POST \ |
| 157 | + -H "Authorization: token ${TOKEN}" \ |
| 158 | + -H "Accept: application/vnd.github+json" \ |
| 159 | + "https://api.github.com/repos/${REPO}/pulls/${PR}/reviews" \ |
| 160 | + --data "$(python3 -c 'import json,sys; print(json.dumps({"event":"APPROVE","body":sys.argv[1]}))' "$BODY")") |
| 161 | + |
| 162 | +if [[ "$HTTP" == "200" ]]; then |
| 163 | + log "✅ approved ${REPO}#${PR} as Gatekeeper." |
| 164 | + exit 0 |
| 165 | +else |
| 166 | + log "❌ GitHub review POST failed (HTTP ${HTTP}):"; cat /tmp/gatekeeper-resp.json >&2; echo >&2 |
| 167 | + exit 5 |
| 168 | +fi |
0 commit comments