fix(github): fix response bugs and add missing endpoint coverage#5471
Conversation
- Fix unauthenticated internal sub-fetch in pr.ts (list_pr_files) that 401'd on private repos and burned anon rate limits - Fix hardcoded/placeholder output fields in add_labels, delete_comment, delete_file - Handle 409 (sha mismatch) in merge_pr in addition to 405 - Loosen request_reviewers.reviewers to optional (team-only reviews) - Add items schema to get_commit parents array output - Add github_get_readme, github_create_pr_review, github_get_latest_release, github_list_tags (+ v2 variants)
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryMedium Risk Overview Bug fixes: New capabilities: Tools (and GitHub block operations) for create PR review, get README (decoded content), get latest release, and list tags, each with v2 variants and types/registry exports. Reviewed by Cursor Bugbot for commit f754759. Configure here. |
Greptile SummaryThis PR fixes several bugs in existing GitHub tools (unauthenticated sub-fetch, hardcoded output fields, missing 409 handling in
Confidence Score: 5/5This PR is safe to merge — all bug fixes address real defects (unauthenticated sub-fetches, hardcoded outputs, missed 409 status), and the four new tools follow the same defensive patterns already established in the codebase. Every changed code path has been hardened with proper auth forwarding, response.ok guards, and correct output mapping. The new tools are wired up consistently (registry, block config, exports, types) with no orphaned or missing entries. No regressions were identified against existing tool contracts. No files require special attention — the most complex change (pr.ts dual-fetch with auth) is straightforward and well-guarded. Important Files Changed
Sequence Diagram%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant Client
participant prTool
participant GH_PR as GitHub /pulls/{num}
participant GH_Files as GitHub /pulls/{num}/files
Client->>prTool: call with apiKey, owner, repo, pullNumber
prTool->>GH_PR: GET (with Authorization header)
GH_PR-->>prTool: PR JSON
prTool->>GH_Files: GET (with Authorization header — fixed in this PR)
alt filesResponse not OK
GH_Files-->>prTool: 401/403/404 error
prTool-->>Client: success: false, partial PR metadata
else filesResponse OK
GH_Files-->>prTool: files JSON array
prTool-->>Client: success: true, full PR + files output
end
participant createPRReview
participant GH_Review as GitHub /pulls/{num}/reviews
Client->>createPRReview: call with event, body?, commit_id?
createPRReview->>GH_Review: "POST {event, body?, commit_id?}"
alt response not OK
GH_Review-->>createPRReview: 422 (missing body for REQUEST_CHANGES)
createPRReview-->>Client: success: false, error.message
else OK
GH_Review-->>createPRReview: review JSON
createPRReview-->>Client: "success: true, {id, state, html_url, commit_id}"
end
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant Client
participant prTool
participant GH_PR as GitHub /pulls/{num}
participant GH_Files as GitHub /pulls/{num}/files
Client->>prTool: call with apiKey, owner, repo, pullNumber
prTool->>GH_PR: GET (with Authorization header)
GH_PR-->>prTool: PR JSON
prTool->>GH_Files: GET (with Authorization header — fixed in this PR)
alt filesResponse not OK
GH_Files-->>prTool: 401/403/404 error
prTool-->>Client: success: false, partial PR metadata
else filesResponse OK
GH_Files-->>prTool: files JSON array
prTool-->>Client: success: true, full PR + files output
end
participant createPRReview
participant GH_Review as GitHub /pulls/{num}/reviews
Client->>createPRReview: call with event, body?, commit_id?
createPRReview->>GH_Review: "POST {event, body?, commit_id?}"
alt response not OK
GH_Review-->>createPRReview: 422 (missing body for REQUEST_CHANGES)
createPRReview-->>Client: success: false, error.message
else OK
GH_Review-->>createPRReview: review JSON
createPRReview-->>Client: "success: true, {id, state, html_url, commit_id}"
end
Reviews (3): Last reviewed commit: "fix(github): guard new tools against non..." | Re-trigger Greptile |
- pr.ts: surface a real failure instead of silently returning success:true with an empty files array when the files sub-fetch fails; unify the sub-fetch Accept header with the rest of the file - delete_comment: success now tracks the actual deletion outcome instead of being hardcoded true
|
@greptile review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit b321202. Configure here.
list_tags, get_readme, get_latest_release, and create_pr_review (v1 + v2) now check response.ok before parsing the payload as success data, returning success:false with a real error message instead of crashing on .map() or silently returning undefined fields when GitHub returns a 404/422/etc.
|
@greptile review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit f754759. Configure here.
Summary
pr.ts(list PR files) that 401'd on private repos and burned the anonymous rate limitadd_labels,delete_comment,delete_filemerge_prnow correctly handles 409 (sha mismatch) as a failure, not just 405request_reviewers.reviewersloosened to optional to support team-only review requestsitemsschema toget_commitparents array outputgithub_get_readme,github_create_pr_review,github_get_latest_release,github_list_tags/validate-integrationpass plus an independent parallel re-verification (API alignment, internal wiring, backwards compatibility) — no backwards-incompatible changes, no orphaned/missing registry entriesType of Change
Testing
Tested manually. Verified every changed/added endpoint against live GitHub REST API docs across 3 independent verification passes.
bun run lintandtsc --noEmitboth clean.Checklist