docs(#1662): ADR 0043 — require authorization on all slash commands#1688
docs(#1662): ADR 0043 — require authorization on all slash commands#1688fullsend-ai-coder[bot] wants to merge 2 commits into
Conversation
Site previewPreview: https://8eefdf73-site.fullsend-ai.workers.dev Commit: |
ReviewFindingsNo findings. The ADR accurately describes the current authorization gap — verified against Previous runReviewFindingsNo findings. The ADR is well-structured, addresses all four design questions from the linked issue (#1662), and proposes a consistent authorization pattern across all slash commands. Cross-references to ADR 0034, ADR 0042, and the security threat model are valid. The automatic-event and bot-bypass carve-outs are clearly scoped and well-reasoned. No existing documentation is made stale by this change. Previous run (2)ReviewFindingsNo findings. The ADR is well-structured, factually accurate, and fully addresses all four design questions from #1662 (automatic event triggers, bot-to-bot workflows, error messaging, per-repo configurability). The authorization gating table was verified against |
![fullsend-ai-review[bot]](https://avatars.githubusercontent.com/in/3478501?s=60&v=4){kind=small}
fullsend-ai-review
Bot
added
the
ready-for-merge
ascerra
force-pushed
the
agent/1662-adr-auth-slash-commands
branch
from
eee399d to
27584e3
Compare
fullsend-ai-review
Bot
added
ready-for-merge
ascerra
force-pushed
the
agent/1662-adr-auth-slash-commands
branch
from
e1e7613 to
c6d4382
Compare
Add ADR proposing that /fs-triage, /fs-code, and /fs-review use the same is_authorized gate already enforced by /fs-fix, /fs-retro, and /fs-prioritize. The ADR addresses the four design questions from the issue: automatic event triggers remain ungated, bot-to-bot workflows are preserved via the existing Bot-type bypass, unauthorized users see silent failure (consistent with existing gated commands), and is_authorized is a platform-level boundary not overridable per-repo. Note: make lint could not run due to sandbox Go toolchain permission error. ADR-specific linters (lint-adr-frontmatter, lint-adr-numbers, lint-adr-status) all passed. Closes #1662 Signed-off-by: Adam Scerra <ascerra@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Address reviewer feedback: - Expand scope from slash commands to all dispatch paths (including issues.opened and pull_request_target.opened) - Replace silent failure with visible feedback for unauthorized users - Remove #553 reference (tangential), keep #877 - Rename file to match updated title Signed-off-by: Adam Scerra <ascerra@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
ascerra
force-pushed
the
agent/1662-adr-auth-slash-commands
branch
from
c6d4382 to
dca8138
Compare
fullsend-ai-review
Bot
added
ready-for-merge
2 participants
Add ADR proposing that /fs-triage, /fs-code, and /fs-review use the same is_authorized gate already enforced by /fs-fix, /fs-retro, and /fs-prioritize. The ADR addresses the four design questions from the issue: automatic event triggers remain ungated, bot-to-bot workflows are preserved via the existing Bot-type bypass, unauthorized users see silent failure (consistent with existing gated commands), and is_authorized is a platform-level boundary not overridable per-repo.
Note: make lint could not run due to sandbox Go toolchain permission error. ADR-specific linters (lint-adr-frontmatter, lint-adr-numbers, lint-adr-status) all passed.
Closes #1662
Post-script verification
agent/1662-adr-auth-slash-commands)11cdd7674a31c564785e9daa2efaf7b931385e1c..HEAD)