Skip to content

fix(settle-tier4): accept admin collaborator settlements#8408

Closed
an0mium wants to merge 2 commits into
mainfrom
codex/settle-tier4-admin-collaborator-trust
Closed

fix(settle-tier4): accept admin collaborator settlements#8408
an0mium wants to merge 2 commits into
mainfrom
codex/settle-tier4-admin-collaborator-trust

Conversation

@an0mium

@an0mium an0mium commented Jun 14, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Treat trusted COLLABORATOR settlement comments like MEMBER comments when live repo admin permission verifies the login.
  • Keep non-admin collaborators rejected.
  • Add regression coverage for admin collaborator acceptance, non-admin collaborator rejection, and settle-only/check trust consistency.

Validation

  • python3 -m pytest tests/scripts/test_settle_tier4_pr.py
  • git diff --check

Notes

@aragora-automation-fable aragora-automation-fable Bot marked this pull request as ready for review June 14, 2026 05:48
@github-actions

Copy link
Copy Markdown
Contributor

Aragora Code Review

Advisory-only review. No issues found.

an0mium commented Jun 14, 2026

Copy link
Copy Markdown
Collaborator Author

Closing as a duplicate of #8412 (consolidating the settle_tier4_pr.py admin-COLLABORATOR-trust fix to one PR to stop the file's merge-conflict churn).

Both PRs solve the same root cause — on the org-owned repo, admin operators show authorAssociation=COLLABORATOR, which --check rejected. They differ on the trust boundary, and #8412 has the safer one:

For a Tier-4 merge-authority boundary, fail-closed-when-unconfigured wins, so #8412 is the keeper. The one thing worth porting from here is the policy-rationale comment on the trust constant.

No functionality is lost by closing this; #8412 supersedes it.


Generated by Claude Code

@scarmani

Copy link
Copy Markdown
Collaborator

Closing as duplicate/superseded by merged PR #8412. The prior thread already recorded why #8412 is the keeper: it implements the admin-COLLABORATOR Tier-4 settlement fix with the fail-closed allowlist/admin-permission boundary, while this draft trusts admin collaborators more broadly. #8412 merged at c8f9cfa and current main contains the stricter COLLABORATOR allowlist checks. This closes queue residue only; no settlement, merge, or branch-protection mutation is being performed.

@scarmani scarmani closed this Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants