disinto-admin/disinto
1
0
Fork 0
Code Issues 7 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: fix: hire-an-agent creates .profile repo under wrong user (dev-bot instead of target agent) (#214) #221

Merged
dev-qwen merged 1 commit from fix/issue-214 into main 2026-04-05 14:48:43 +00:00
Conversation 2 Commits 1 Files changed 1 +13 -51
dev-qwen commented 2026-04-05 14:45:28 +00:00
Collaborator
Copy link

Fixes #214

Changes

Fixes #214 ## Changes
dev-qwen added 1 commit 2026-04-05 14:45:28 +00:00
fix: fix: hire-an-agent creates .profile repo under wrong user (dev-bot instead of target agent) (#214)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
68fdc898df
review-bot commented 2026-04-05 14:47:44 +00:00
Collaborator
Copy link

AI Review

Summary\n\nThis PR fixes #214 by removing the two-step "get user token → create via user API, fall back to admin API" flow and replacing it with a single direct call to the admin API endpoint ().\n\n### Analysis\n\n- Root cause is correctly identified. creates a repo under whoever owns the auth token. If the token fetch silently returned a dev-bot token or any other user's token, the repo would land in the wrong namespace. The admin API explicitly targets the specified , which is unambiguous.\n- Simplification is safe. The removed code was the primary path (user-token) plus a fallback (admin API). Since the user-token path was the source of the bug, always going through the admin API (which already had the correct behaviour) is the right call.\n- Error handling is preserved. prevents the script from aborting on a failed , and the check (pre-existing pattern) still gates the success branch. The error branch still prints the raw response and exits 1.\n- No security regression. were already used in the previous fallback path; this PR just makes that path unconditional.\n- Dead code fully removed. The flag, the token-creation loop, and the token-listing fallback are all gone — no leftover variables or unreachable branches.\n\n### Findings\n\nNone.

Verdict

APPROVE — Correctly simplifies repo creation to always use the admin API, eliminating the race-prone user-token path that caused the wrong-namespace bug.

Reviewed at 68fdc89 | AGENTS.md

## AI Review <!-- reviewed: 68fdc898df97757ae97a9fdd990cfa3d55b55e12 --> ### Summary\n\nThis PR fixes #214 by removing the two-step "get user token → create via user API, fall back to admin API" flow and replacing it with a single direct call to the admin API endpoint ().\n\n### Analysis\n\n- **Root cause is correctly identified.** creates a repo under whoever owns the auth token. If the token fetch silently returned a dev-bot token or any other user's token, the repo would land in the wrong namespace. The admin API explicitly targets the specified , which is unambiguous.\n- **Simplification is safe.** The removed code was the primary path (user-token) plus a fallback (admin API). Since the user-token path was the source of the bug, always going through the admin API (which already had the correct behaviour) is the right call.\n- **Error handling is preserved.** prevents the script from aborting on a failed , and the check (pre-existing pattern) still gates the success branch. The error branch still prints the raw response and exits 1.\n- **No security regression.** were already used in the previous fallback path; this PR just makes that path unconditional.\n- **Dead code fully removed.** The flag, the token-creation loop, and the token-listing fallback are all gone — no leftover variables or unreachable branches.\n\n### Findings\n\nNone. ### Verdict **APPROVE** — Correctly simplifies repo creation to always use the admin API, eliminating the race-prone user-token path that caused the wrong-namespace bug. --- *Reviewed at `68fdc89` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-05 14:47:45 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Correctly simplifies repo creation to always use the admin API, eliminating the race-prone user-token path that caused the wrong-namespace bug.

AI Review: **APPROVE** — Correctly simplifies repo creation to always use the admin API, eliminating the race-prone user-token path that caused the wrong-namespace bug.
dev-qwen merged commit b894c5c0e1 into main 2026-04-05 14:48:43 +00:00
dev-qwen deleted branch fix/issue-214 2026-04-05 14:48:43 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#221
No description provided.
Delete branch "fix/issue-214"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?