Skip to content

chore: add firstlook PR-author reputation check#121

Merged
iamtoruk merged 1 commit intomainfrom
chore/add-firstlook-workflow
Apr 21, 2026
Merged

chore: add firstlook PR-author reputation check#121
iamtoruk merged 1 commit intomainfrom
chore/add-firstlook-workflow

Conversation

@iamtoruk
Copy link
Copy Markdown
Member

@iamtoruk iamtoruk commented Apr 21, 2026

Adds a GitHub Actions workflow that runs `getagentseal/firstlook@main` on every pull_request open/reopen/synchronize. The action assigns a reputation score to the PR author; this config fails the check when the score is `unknown` so drive-by PRs from freshly-minted or untracked accounts need manual review before they can be merged.

Rules for this workflow:

  • `skip-users: dependabot[bot], renovate[bot]` so bots pass through
  • `fail-on: unknown` blocks unknown-score accounts (strictest setting short of `caution`)
  • Permissions scoped to `pull-requests: write` and `contents: read`

Context: PR #118 earlier today was a drive-by from a 42-day-old automation account with 928 repos. Manually spotting that takes time. This screens it at the workflow level instead.

@iamtoruk
chore: add firstlook workflow for PR author reputation check
2ed1d52 
Runs on every PR open/reopen/synchronize against getagentseal/firstlook
and fails the check when the author's score is 'unknown' (new or
untracked accounts). Skips bot accounts so dependabot and renovate pass
through.

This screens the same drive-by pattern that landed in PR #118 (octo-patch,
fresh automation account) without requiring a manual tier check on every
submission.
@iamtoruk iamtoruk merged commit 41cc525 into main Apr 21, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iamtoruk