Skip to content

fix(github): fix response bugs and add missing endpoint coverage#5471

Merged
waleedlatif1 merged 3 commits into
stagingfrom
validate/github-integration
Jul 7, 2026
Merged

fix(github): fix response bugs and add missing endpoint coverage#5471
waleedlatif1 merged 3 commits into
stagingfrom
validate/github-integration

Conversation

@waleedlatif1

Copy link
Copy Markdown
Collaborator

Summary

  • Fixed unauthenticated internal sub-fetch in pr.ts (list PR files) that 401'd on private repos and burned the anonymous rate limit
  • Fixed hardcoded/placeholder output fields in add_labels, delete_comment, delete_file
  • merge_pr now correctly handles 409 (sha mismatch) as a failure, not just 405
  • request_reviewers.reviewers loosened to optional to support team-only review requests
  • Added items schema to get_commit parents array output
  • Added 4 new tools (+ v2 variants), each verified against live GitHub REST docs: github_get_readme, github_create_pr_review, github_get_latest_release, github_list_tags
  • Ran a full /validate-integration pass plus an independent parallel re-verification (API alignment, internal wiring, backwards compatibility) — no backwards-incompatible changes, no orphaned/missing registry entries

Type of Change

  • Bug fix
  • New feature (new tools)

Testing

Tested manually. Verified every changed/added endpoint against live GitHub REST API docs across 3 independent verification passes. bun run lint and tsc --noEmit both clean.

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

- Fix unauthenticated internal sub-fetch in pr.ts (list_pr_files) that
  401'd on private repos and burned anon rate limits
- Fix hardcoded/placeholder output fields in add_labels, delete_comment,
  delete_file
- Handle 409 (sha mismatch) in merge_pr in addition to 405
- Loosen request_reviewers.reviewers to optional (team-only reviews)
- Add items schema to get_commit parents array output
- Add github_get_readme, github_create_pr_review,
  github_get_latest_release, github_list_tags (+ v2 variants)
@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Jul 7, 2026 3:38pm

Request Review

@cursor

cursor Bot commented Jul 7, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Changes affect PR merge/review flows and authenticated GitHub calls; bugs fixed reduce false success and auth failures, but workflows that relied on incorrect success flags or required reviewers may behave differently.

Overview
Fixes several GitHub tool response and API-call bugs and expands the integration with four new operations wired through the block, registry, and v1/v2 tools.

Bug fixes: pr.ts now sends the user token on the follow-up PR files fetch and surfaces failures instead of silently using unauthenticated requests (private repos / rate limits). add_labels, delete_comment, and delete_file populate metadata from request params instead of placeholders; delete_comment ties success to HTTP 204. merge_pr treats 409 (stale head SHA) as failure alongside 405. request_reviewers makes reviewers optional and only includes non-empty reviewer/team arrays in the POST body. get_commit documents parent objects in output schema.

New capabilities: Tools (and GitHub block operations) for create PR review, get README (decoded content), get latest release, and list tags, each with v2 variants and types/registry exports.

Reviewed by Cursor Bugbot for commit f754759. Configure here.

Comment thread apps/sim/tools/github/pr.ts
@greptile-apps

greptile-apps Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR fixes several bugs in existing GitHub tools (unauthenticated sub-fetch, hardcoded output fields, missing 409 handling in merge_pr) and adds four new tools (github_get_readme, github_create_pr_review, github_get_latest_release, github_list_tags) each with v1 and v2 variants.

  • Bug fixes: pr.ts now passes auth headers for the internal files sub-fetch, add_labels.ts/delete_file.ts now populate output fields from params, merge_pr.ts handles 409 (SHA mismatch) as a failure, and request_reviewers.ts no longer requires reviewers when team_reviewers is supplied.
  • New tools: All four new tools include response.ok guards (addressing issues flagged in a prior review pass) and follow the v1/v2 output pattern consistently used across the codebase.
  • Registry & block config: All new tools are wired into registry.ts and the block UI in github.ts with correct switch-case and tool-access entries.

Confidence Score: 5/5

This PR is safe to merge — all bug fixes address real defects (unauthenticated sub-fetches, hardcoded outputs, missed 409 status), and the four new tools follow the same defensive patterns already established in the codebase.

Every changed code path has been hardened with proper auth forwarding, response.ok guards, and correct output mapping. The new tools are wired up consistently (registry, block config, exports, types) with no orphaned or missing entries. No regressions were identified against existing tool contracts.

No files require special attention — the most complex change (pr.ts dual-fetch with auth) is straightforward and well-guarded.

Important Files Changed

Filename Overview
apps/sim/tools/github/pr.ts Fixed unauthenticated files sub-fetch (adds auth headers) and adds response.ok guard + safe array fallback for the files response in both v1 and v2 tools.
apps/sim/tools/github/create_pr_review.ts New tool implementing the GitHub POST reviews endpoint; includes response.ok guard, correct body construction, and distinct v1/v2 output shapes.
apps/sim/tools/github/get_readme.ts New tool for fetching repository README; correctly base64-decodes content via Buffer, guards non-2xx responses, and exposes both simplified (v1) and raw (v2) output shapes.
apps/sim/tools/github/get_latest_release.ts New tool fetching the latest stable release; correctly guards response.ok and maps assets in v2 using the shared RELEASE_OUTPUT/RELEASE_ASSET_OUTPUT_PROPERTIES constants.
apps/sim/tools/github/list_tags.ts New tool listing repository tags; guards non-2xx responses, safely maps tag items, and provides structured v1/v2 outputs aligned with the GitHub Tags API schema.
apps/sim/tools/github/merge_pr.ts Added 409 (SHA mismatch) alongside 405 as an explicit failure path in both v1 and v2, with a descriptive fallback message for each status code.
apps/sim/tools/github/add_labels.ts Fixed hardcoded placeholder output fields: issue_number now reads from params, html_url is constructed from owner/repo/issue_number.
apps/sim/tools/github/delete_comment.ts Fixed success field to reflect actual delete status (response.status === 204) instead of always returning true, in both v1 and v2 tools.
apps/sim/tools/github/delete_file.ts Fixed path output field to use params.path instead of the commit tree SHA.
apps/sim/tools/github/request_reviewers.ts Loosened reviewers to optional and rewrote body builder to omit the field when no reviewers are provided, enabling team-only review requests.
apps/sim/tools/registry.ts All 8 new tool variants correctly imported and registered; no orphaned or missing entries.
apps/sim/blocks/blocks/github.ts Block config updated with UI parameters and switch-case entries for all four new operations; new global params (event, commit_id) added for PR review.
apps/sim/tools/github/types.ts Added type interfaces for all new params and responses; RequestReviewersParams.reviewers correctly marked optional; ReleaseResponse added to GitHubResponse union.
apps/sim/tools/github/get_commit.ts Added items schema to the parents array output; schema-only change, no behavioral impact.
apps/sim/tools/github/index.ts Correctly exports all new tool instances; import order follows the existing alphabetical pattern.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Client
    participant prTool
    participant GH_PR as GitHub /pulls/{num}
    participant GH_Files as GitHub /pulls/{num}/files

    Client->>prTool: call with apiKey, owner, repo, pullNumber
    prTool->>GH_PR: GET (with Authorization header)
    GH_PR-->>prTool: PR JSON

    prTool->>GH_Files: GET (with Authorization header — fixed in this PR)
    alt filesResponse not OK
        GH_Files-->>prTool: 401/403/404 error
        prTool-->>Client: success: false, partial PR metadata
    else filesResponse OK
        GH_Files-->>prTool: files JSON array
        prTool-->>Client: success: true, full PR + files output
    end

    participant createPRReview
    participant GH_Review as GitHub /pulls/{num}/reviews
    Client->>createPRReview: call with event, body?, commit_id?
    createPRReview->>GH_Review: "POST {event, body?, commit_id?}"
    alt response not OK
        GH_Review-->>createPRReview: 422 (missing body for REQUEST_CHANGES)
        createPRReview-->>Client: success: false, error.message
    else OK
        GH_Review-->>createPRReview: review JSON
        createPRReview-->>Client: "success: true, {id, state, html_url, commit_id}"
    end
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Client
    participant prTool
    participant GH_PR as GitHub /pulls/{num}
    participant GH_Files as GitHub /pulls/{num}/files

    Client->>prTool: call with apiKey, owner, repo, pullNumber
    prTool->>GH_PR: GET (with Authorization header)
    GH_PR-->>prTool: PR JSON

    prTool->>GH_Files: GET (with Authorization header — fixed in this PR)
    alt filesResponse not OK
        GH_Files-->>prTool: 401/403/404 error
        prTool-->>Client: success: false, partial PR metadata
    else filesResponse OK
        GH_Files-->>prTool: files JSON array
        prTool-->>Client: success: true, full PR + files output
    end

    participant createPRReview
    participant GH_Review as GitHub /pulls/{num}/reviews
    Client->>createPRReview: call with event, body?, commit_id?
    createPRReview->>GH_Review: "POST {event, body?, commit_id?}"
    alt response not OK
        GH_Review-->>createPRReview: 422 (missing body for REQUEST_CHANGES)
        createPRReview-->>Client: success: false, error.message
    else OK
        GH_Review-->>createPRReview: review JSON
        createPRReview-->>Client: "success: true, {id, state, html_url, commit_id}"
    end
Loading

Reviews (3): Last reviewed commit: "fix(github): guard new tools against non..." | Re-trigger Greptile

Comment thread apps/sim/tools/github/delete_comment.ts
Comment thread apps/sim/tools/github/pr.ts
- pr.ts: surface a real failure instead of silently returning
  success:true with an empty files array when the files sub-fetch
  fails; unify the sub-fetch Accept header with the rest of the file
- delete_comment: success now tracks the actual deletion outcome
  instead of being hardcoded true
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

Comment thread apps/sim/tools/github/list_tags.ts

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit b321202. Configure here.

list_tags, get_readme, get_latest_release, and create_pr_review
(v1 + v2) now check response.ok before parsing the payload as
success data, returning success:false with a real error message
instead of crashing on .map() or silently returning undefined
fields when GitHub returns a 404/422/etc.
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit f754759. Configure here.

@waleedlatif1 waleedlatif1 merged commit a1e6744 into staging Jul 7, 2026
18 checks passed
@waleedlatif1 waleedlatif1 deleted the validate/github-integration branch July 7, 2026 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant