Skip to content

fix(#202): replace GITHUB_TOKEN fallback with REVIEW_TOKEN in post-review CLI#507

Open
fullsend-ai-coder[bot] wants to merge 1 commit into
mainfrom
agent/202-fix-review-token-fallback
Open

fix(#202): replace GITHUB_TOKEN fallback with REVIEW_TOKEN in post-review CLI#507
fullsend-ai-coder[bot] wants to merge 1 commit into
mainfrom
agent/202-fix-review-token-fallback

Conversation

@fullsend-ai-coder

Copy link
Copy Markdown

When --token is empty, the post-review CLI now falls back to REVIEW_TOKEN instead of GITHUB_TOKEN. In GitHub Actions, GITHUB_TOKEN inherits the workflow initiator identity, causing 422 self-review errors when the PR author matches the workflow identity (common in per-repo installs).

The new resolveReviewToken helper enforces this priority:

  1. Explicit --token flag value
  2. REVIEW_TOKEN environment variable
  3. Fail with a clear error explaining the GITHUB_TOKEN risk

The --token flag help text is updated to document $REVIEW_TOKEN as the default source.


Closes #202

Post-script verification

  • Branch is not main/master (agent/202-fix-review-token-fallback)
  • Secret scan passed (gitleaks — b776cf6006a12016eaa21412dc65a3001100e801..HEAD)
  • Pre-commit hooks passed (authoritative run on runner)
  • Tests ran inside sandbox

…view CLI

When --token is empty, the post-review CLI now falls back to
REVIEW_TOKEN instead of GITHUB_TOKEN. In GitHub Actions,
GITHUB_TOKEN inherits the workflow initiator identity, causing
422 self-review errors when the PR author matches the workflow
identity (common in per-repo installs).

The new resolveReviewToken helper enforces this priority:
  1. Explicit --token flag value
  2. REVIEW_TOKEN environment variable
  3. Fail with a clear error explaining the GITHUB_TOKEN risk

The --token flag help text is updated to document $REVIEW_TOKEN
as the default source.

Closes #202
@github-actions

Copy link
Copy Markdown

E2E tests did not run

E2E tests run automatically for org/repo members and collaborators on pull requests.

For other contributors, a maintainer must add the ok-to-test label after the latest push.

See E2E testing guide for details.

@fullsend-ai-review

fullsend-ai-review Bot commented Jul 14, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 3:29 PM UTC · Completed 3:33 PM UTC
Commit: b776cf6 · View workflow run →

@fullsend-ai-review

Copy link
Copy Markdown

Review

Verdict: Approve

Summary

Clean, well-scoped fix that replaces the GITHUB_TOKEN env-var fallback in the post-review CLI with REVIEW_TOKEN. The change correctly addresses the 422 self-review error described in #202: GitHub's default GITHUB_TOKEN inherits the workflow initiator's identity, so when the PR author matches that identity, the review submission is rejected.

What the change does

  1. Extracts the inline token-resolution logic into a new resolveReviewToken(flagValue string) (string, error) helper with a clear priority chain: explicit --token flag → REVIEW_TOKEN env var → error with an explanatory message.
  2. Updates the --token flag help text from $GITHUB_TOKEN to $REVIEW_TOKEN.
  3. Adds four table-driven test cases covering: flag priority, env-var fallback, explicit non-fallback to GITHUB_TOKEN, and the no-token error path.

Analysis

Correctness: The function is straightforward and the test coverage is thorough. The t.Setenv calls properly scope env changes per-subtest. The "does not fall back to GITHUB_TOKEN" test case (setting GITHUB_TOKEN but not REVIEW_TOKEN) verifies the core behavioral change.

Scope is appropriate: Only post-review is affected. The other CLI commands (reconcile-status, post-comment) correctly continue using GITHUB_TOKEN — they perform comment/status operations that are not subject to GitHub's self-review restriction. The post-review.sh script already passes --token "${REVIEW_TOKEN}" explicitly (lines 59, 147), so the env-var fallback is defense-in-depth for direct CLI usage.

Security: This is a security improvement. Using a dedicated app installation token (REVIEW_TOKEN) with scoped pull-requests:write permission instead of the ambient GITHUB_TOKEN is the correct pattern for review submission.

Style: The helper function follows existing Go idioms in this codebase. The error message is longer than typical but justified — it explains a non-obvious design choice that would otherwise puzzle users.

No issues found. The change is minimal, correct, well-tested, and properly scoped.


Labels: Bug fix in CLI post-review token resolution

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge type/bug Confirmed defect in existing behavior labels Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ready-for-merge All reviewers approved — ready to merge type/bug Confirmed defect in existing behavior

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[ARCHIVED] Original issue 202

0 participants