fix(#511): add GH_TOKEN validation to pre-retro.sh#540
fix(#511): add GH_TOKEN validation to pre-retro.sh#540fullsend-ai-coder[bot] wants to merge 1 commit into
Conversation
Add a gh auth status check after URL validation in pre-retro.sh to fail fast when GH_TOKEN is invalid. This prevents wasting compute on sandbox creation and model inference when the token cannot authenticate. Behavior: - GH_TOKEN set and valid: logs success, continues - GH_TOKEN set and invalid: exits 1 with ::error:: - GH_TOKEN unset: logs ::warning::, continues Add pre-retro-test.sh with mock gh to verify all three cases. Closes #511
E2E tests did not runE2E tests run automatically for org/repo members and collaborators on pull requests. For other contributors, a maintainer must add the See E2E testing guide for details. |
|
🤖 Finished Review · ✅ Success · Started 5:37 PM UTC · Completed 5:47 PM UTC |
ReviewVerdict: request-changes SummaryThe intent is sound — fail fast when GH_TOKEN is invalid so the retro agent doesn't waste compute. However, A secondary issue: GH_TOKEN is treated as optional (warn and continue when unset), but The test file is well-structured and follows existing Findings1.
|
| fi | ||
|
|
||
| # Validate GH_TOKEN before starting the sandbox. | ||
| if [[ -n "${GH_TOKEN:-}" ]]; then |
There was a problem hiding this comment.
[high] correctness
gh auth status produces false negatives — rejects tokens that work for API access. Verified: gh api /rate_limit succeeds (4972 remaining) while gh auth status returns exit 1 with 'The token in GH_TOKEN is invalid' on this runner (gh 2.93.0). This would block valid retro runs, violating issue #511 validation criterion 4.
Suggested fix: Replace gh auth status with a lightweight API call: if ! gh api /rate_limit >/dev/null 2>&1; then echo '::error::GH_TOKEN is invalid'; exit 1; fi
| # ORIGINATING_URL — HTML URL of the PR or issue that triggered retro | ||
| # | ||
| # Optional env vars: | ||
| # RETRO_COMMENT — The /retro comment text (empty for automatic triggers) |
There was a problem hiding this comment.
[medium] contract-mismatch
GH_TOKEN is listed as 'Optional' and the else branch warns-and-continues when unset. But post-retro.sh line 17 hard-fails with : ${GH_TOKEN:?GH_TOKEN is required}. The warning path wastes compute — sandbox + model inference runs then post-retro fails.
Suggested fix: Make GH_TOKEN required in pre-retro.sh with : "${GH_TOKEN:?GH_TOKEN is required}" to match the post-retro.sh contract and fail fast.
| fi | ||
|
|
||
| # Validate GH_TOKEN before starting the sandbox. | ||
| if [[ -n "${GH_TOKEN:-}" ]]; then |
There was a problem hiding this comment.
[low] error-handling
2>/dev/null on the validation call suppresses diagnostic stderr. Network failures, DNS errors, and TLS issues are indistinguishable from invalid tokens — operators see only the generic ::error:: message.
Suggested fix: Let stderr through to the step log, or capture and include in the error message on failure.
| "GH_TOKEN is invalid" \ | ||
| 1 \ | ||
| "GH_TOKEN=bad-token" | ||
|
|
There was a problem hiding this comment.
[low] test-adequacy
Test 'no-token-warns' checks for warning message and exit 0 but does not verify the script runs to completion (unlike 'valid-token-continues-to-completion' which checks for 'Pre-retro validation complete.').
| echo "${FAILURES} test(s) failed" | ||
| exit 1 | ||
| fi | ||
| echo "All tests passed" |
There was a problem hiding this comment.
[low] test-adequacy
Missing edge case: whitespace-only GH_TOKEN (e.g., ' ') passes the -n check and would attempt token validation. No test covers this.
Add a gh auth status check after URL validation in pre-retro.sh to fail fast when GH_TOKEN is invalid. This prevents wasting compute on sandbox creation and model inference when the token cannot authenticate.
Behavior:
Add pre-retro-test.sh with mock gh to verify all three cases.
Closes #511
Post-script verification
agent/511-pre-retro-token-validation)b776cf6006a12016eaa21412dc65a3001100e801..HEAD)