Skip to content

Dont filter content from trusted bots #1464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Dont filter content from trusted bots #1464

wants to merge 1 commit into from
+41 −13

Conversation

@JoannaaKL
Copy link
Contributor

@JoannaaKL JoannaaKL commented Nov 21, 2025

Lockdown mode improvement: if the author is trusted bot, don't filter out content. For now the list of trusted bots is hardcoded but it can easily be configurable if needed.

@JoannaaKL JoannaaKL requested a review from a team as a code owner November 21, 2025 10:56
Copilot AI review requested due to automatic review settings November 21, 2025 10:56
Copilot finished reviewing on behalf of JoannaaKL November 21, 2025 11:00
Copilot AI reviewed Nov 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request enhances lockdown mode to allow content from trusted bots (dependabot, github-actions, github-copilot) to bypass content filtering. The changes add a ViewerType field to track whether the GitHub API viewer is a Bot, and implement a isTrustedBot() check with a hardcoded list of trusted bot logins.

Key changes:

  • Added ViewerType field to track the __typename from GitHub's GraphQL API
  • Added trustedBotLogins map with hardcoded trusted bot identifiers
  • Modified IsSafeContent() to check for trusted bots before filtering content

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
pkg/lockdown/lockdown.go Added ViewerType field, trustedBotLogins map, isTrustedBot() method, and modified IsSafeContent() to check trusted bots; updated GraphQL query to fetch __typename
pkg/lockdown/lockdown_test.go Updated test mocks and assertions to include ViewerType field with value "User"

@JoannaaKL JoannaaKL force-pushed the allow-copilot-in-lockdown branch from 7f851b4 to 869c024 Compare November 21, 2025 11:04
@JoannaaKL JoannaaKL force-pushed the allow-copilot-in-lockdown branch from 869c024 to 8400964 Compare November 21, 2025 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JoannaaKL