Skip to content

fix(review): preserve per-repo issue cap when miner global cap is set to off#5205

Merged
JSONbored merged 1 commit into
mainfrom
codex/propose-fix-for-miner-cap-bypass
Jul 12, 2026
Merged

fix(review): preserve per-repo issue cap when miner global cap is set to off#5205
JSONbored merged 1 commit into
mainfrom
codex/propose-fix-for-miner-cap-bypass

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Motivation

  • Fix a regression where GLOBAL_CONTRIBUTOR_OPEN_ITEM_CAP_MINER=off caused an early return in the issues processing path, which inadvertently skipped the repository-level contributorOpenIssueCap enforcement for confirmed miners.

Description

  • Replace the early-exit behavior in src/queue/processors.ts so the install-wide check is guarded by if (globalCap !== null) { ... } instead of if (globalCap === null) return;, ensuring only the install-wide branch is skipped while the per-repo cap logic still runs.
  • Add a regression test in test/unit/queue-3.test.ts titled install-wide contributor open-item cap (#4511): miner cap off still falls through to the per-repo issue cap that simulates a confirmed miner with the miner cap set to "off" and asserts the issue is closed and an audit event is written.
  • Changes touch src/queue/processors.ts and test/unit/queue-3.test.ts and keep existing plan/execution flow for install-wide closes.

Testing

  • Ran the focused test: npx vitest run test/unit/queue-3.test.ts -t "miner cap off", which passed.
  • Ran the file-level suite: npx vitest run test/unit/queue-3.test.ts and observed all tests in that file (including the new regression) passed (130/130).
  • Ran static checks via npm run typecheck, which completed with no type errors.

Codex Task

@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.35%. Comparing base (9fa67f5) to head (311ff4f).
⚠️ Report is 7 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #5205   +/-   ##
=======================================
  Coverage   94.34%   94.35%           
=======================================
  Files         473      473           
  Lines       39973    39973           
  Branches    14573    14573           
=======================================
+ Hits        37712    37715    +3     
  Misses       1585     1585           
+ Partials      676      673    -3     
Flag Coverage Δ
shard-1 46.34% <14.28%> (-0.13%) ⬇️
shard-2 34.41% <14.28%> (-0.14%) ⬇️
shard-3 30.80% <0.00%> (-0.15%) ⬇️
shard-4 33.28% <0.00%> (-0.02%) ⬇️
shard-5 33.52% <0.00%> (-0.17%) ⬇️
shard-6 45.18% <100.00%> (+0.32%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
src/queue/processors.ts 95.61% <100.00%> (+0.10%) ⬆️
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@loopover-orb loopover-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 12, 2026
@loopover-orb

loopover-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-12 09:52:11 UTC

2 files · 1 AI reviewer · 2 blockers · readiness 93/100 · CI green · unstable

⏸️ Suggested Action - Manual Review

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.

Review summary
This fixes a real regression: the prior `if (globalCap === null) return;` exited the entire enclosing block for issues, skipping the per-repo `contributorOpenIssueCap` enforcement whenever the miner global cap env var was set to 'off'. The new `if (globalCap !== null) { ... return; }` correctly scopes the early-return to only the install-wide branch, letting execution fall through to per-repo cap logic when the global cap is disabled. The added regression test simulates a confirmed miner with the cap off and two existing issues plus a third, asserting the third is closed via the repo-level cap and an audit event is recorded, which matches the described bug and fix.

Nits — 5 non-blocking
  • test/unit/queue-3.test.ts:4992 stubs a githubId/token value in the mocked miners response that a secret scanner flagged as a generic_secret_assignment — worth confirming it's just test fixture data and not an accidentally committed real credential.
  • codecov/patch is at 85.71% (target 99%), so some of the moved lines in the new `if (globalCap !== null)` block likely lack branch coverage beyond the single new test case — consider a test where per-repo cap is also not exceeded (miner cap off, contributor under repo cap) to cover that fall-through path.
  • Add a companion test asserting that when the miner global cap is 'off' AND the contributor is under the per-repo cap, no close happens, to cover the negative branch alongside the existing regression test.
  • Double check the flagged line in test/unit/queue-3.test.ts:4992 isn't a real leaked token before merging.
  • test/unit/queue-3.test.ts:4996 uses a catch-all `Response.json({})` fetch fallback, which can mask an unexpected API call in this regression instead of failing loudly.

Concerns raised — review before merging

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
Signal Result Evidence
Code review ❌ 2 blockers 1 reviewer
Linked issue ⚠️ Missing No linked issue or no-issue rationale found.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 45 registered-repo PR(s), 37 merged, 409 issue(s).
Contributor context ✅ Confirmed Gittensor contributor JSONbored; Gittensor profile; 45 PR(s), 409 issue(s).
Gate result ❌ Blocking Repo-configured hard blocker found.
Improvement ✅ Minor risk: clean · value: minor — Code changes are accompanied by test evidence.
Review context
  • Author: JSONbored
  • Role context: owner (maintainer lane)
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 45 PR(s), 409 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Treat this as maintainer-lane context rather than normal contributor-lane activity.
  • Explain no-issue PR.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@loopover-orb loopover-orb Bot added the manual-review Gittensor contributor context label Jul 12, 2026
… to off

maybeCloseIssueOverContributorCap's early return fired whenever ONLY the
miner-global-cap resolver returned null (e.g.
GLOBAL_CONTRIBUTOR_OPEN_ITEM_CAP_MINER=off), which skipped the per-repo
cap check too, not just the global one. Scopes the early return to the
install-wide branch so the per-repo cap still runs independently.

Adds a regression test for the fix (miner-cap-off falls through to the
per-repo cap) and a second test covering the empty-plan branch on the
install-wide path (an over-cap issue with no autonomy granted plans no
action and never executes a close) -- both changed branches on the
pre-existing (now-reindented) install-wide block.
@JSONbored
JSONbored force-pushed the codex/propose-fix-for-miner-cap-bypass branch from abb8764 to 311ff4f Compare July 12, 2026 09:46
@JSONbored
JSONbored merged commit 352507c into main Jul 12, 2026
16 checks passed
@JSONbored
JSONbored deleted the codex/propose-fix-for-miner-cap-bypass branch July 12, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant