[docs-agent] Rename Alchemy Rollups overview page title to "Alchemy Rollups"#1261
Closed
JackReacher0807 wants to merge 1 commit intomainfrom
Closed
[docs-agent] Rename Alchemy Rollups overview page title to "Alchemy Rollups"#1261JackReacher0807 wants to merge 1 commit intomainfrom
JackReacher0807 wants to merge 1 commit intomainfrom
Conversation
Change frontmatter title from 'Alchemy Rollups Overview' to 'Alchemy Rollups' on the /docs/rollups page. Refs DOCS-64
🔗 Preview Mode
|
🔍 Link CheckStatus: ❌ Failed Summary
Broken links (20) — click to expandErrors per inputErrors in ./content/wallets/wallet-integrations/privy/jwt-auth-migration.mdx
Errors in ./content/tutorials/alchemy-university/cryptography-basics/patricia-merkle-tries.mdx
Errors in ./content/wallets/wallet-integrations/privy/signer-migration-overview.mdx
Errors in ./content/wallets/wallet-integrations/privy/react-migration.mdx
Errors in ./content/api-reference/arbitrum-nova/arbitrum-nova-deprecation-notice.mdx
|
Collaborator
Author
|
cancelling because was a test |
1 similar comment
Collaborator
Author
|
cancelling because was a test |
SahilAujla
added a commit
that referenced
this pull request
Apr 25, 2026
Codex P1 (id 3141513483) plus three additional gaps caught in a full audit before pushing this commit. End-to-end tested locally against PRs #1261 (no trailer), #1263 (no trailer), and #1264 (trailer present) across 6 cases: originator dismissal (canonical + case-variant), non-originator allow, missing-attribution warn for various approvers. All 6 cases produce the expected outcome. 1. Add `contents: read` permission (codex P1) Setting `permissions:` explicitly removes any unlisted permission (sets to `none`). Without `contents: read`, `actions/checkout` fails on private/internal repos before the dismissal logic runs, so the self-approval rule is never enforced. Adds the read-only permission needed for sparse checkout of the pubkey file. 2. Verify pubkey loaded after gpg --import (audit gap) If the pubkey import silently succeeded-but-loaded-no-keys (corrupted file, empty file, etc.), every commit's signature verification would fail the trust filter, ALL_REQUESTED_BY would end up empty, and the workflow would silently degrade to the missing-attribution warn-only path on EVERY PR — never enforcing. Now: `gpg --list-keys $EXPECTED_FPR` after import; if absent, dismiss the approval and exit 1. 3. Paginate the comments-list call used for duplicate-warning suppression (audit gap) PRs that accumulate >30 comments (over weeks) could push the existing warning comment off the first page; without pagination the duplicate-suppression check would miss it and post a duplicate every approval. Adds `--paginate -F per_page=100` + `jq -s 'add'`. 4. Explicit `event=DISMISS` on dismissals API calls (audit gap) The PUT /dismissals endpoint defaults `event` per most-recent docs but historical behavior has varied. Setting it explicitly avoids relying on an undocumented default for a security-critical call. Test matrix run locally before this commit: PR #1264 approver=SahilAujla expected=dismiss actual=dismiss OK PR #1264 approver=danielcoyle expected=allow actual=allow OK PR #1264 approver=SAHILAUJLA expected=dismiss actual=dismiss OK PR #1263 approver=SahilAujla expected=warn actual=warn OK PR #1263 approver=anyone expected=warn actual=warn OK PR #1261 approver=SahilAujla expected=warn actual=warn OK Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SahilAujla
added a commit
that referenced
this pull request
Apr 25, 2026
Codex flagged a P1 where `gpg --verify` returning non-zero (BADSIG on a tampered payload, NO_PUBKEY for an unrelated signer, malformed signature data) would abort the step under `set -euo pipefail` before the else branch could run — turning "skip an untrusted commit" into a hard workflow failure that prevented the dismissal logic from running for legitimately verified commits later in the loop. Wrap the verify in `if gpg_status="$(...)"; then ...` so a non-zero exit just falls through to the SKIP path with primary_fpr="". Pre-push audit also caught four init-path gaps where a transient or silent failure could have left an approval intact: 1. gpg --import itself can fail (corrupted .asc, wrong format) — now wrapped in `if !` and fail-closed. 2. .github/workflows/docs-agent-pubkey.asc could be deleted from main — added existence check before --import, fail-closed if missing. 3. Dismissal API calls were single-attempt — added dismiss_with_retry() with 3 attempts and exponential backoff; used everywhere we dismiss. 4. Originator-match dismissal previously appended `|| true` — now exit 1 if all 3 retries fail, so a transient API hiccup surfaces instead of silently leaving the approval intact. Local test matrix (PR #1264 with Requested-by: @SahilAujla, PR #1263 with no trailer, PR #1261 likewise, plus PR #1262 which has only human-authored commits): all 7 cases produce the expected outcome (dismiss / allow / warn-only). Tampered-payload BADSIG test confirms the step survives instead of aborting. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Renames the page title at https://www.alchemy.com/docs/rollups from "Alchemy Rollups Overview" to "Alchemy Rollups".
Changes
content/api-reference/alchemy-rollups/rollups-quickstart.mdx: frontmattertitlechanged fromAlchemy Rollups OverviewtoAlchemy Rollups.Notes
rollups) is unchanged, so no redirects are needed.Rollups Overview) and H1 headings inside the page (Intro,What is a Rollup?) are unchanged per the request (title-only rename).Refs DOCS-64.
Requested via Slack.