Skip to content

feat: manage PR creation cap bypass list from config#135

Merged
MarshallOfSound merged 3 commits into
mainfrom
claude/pr-cap-bypass-list
Jul 2, 2026
Merged

feat: manage PR creation cap bypass list from config#135
MarshallOfSound merged 3 commits into
mainfrom
claude/pr-cap-bypass-list

Conversation

@claude

@claude claude Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Requested by Samuel Attard · Slack thread

Before / After

Before: exempting a good-faith contributor from a repository's pull request creation cap meant clicking around in GitHub's UI, per repository, with no record in config.

After: the exemption is declared in .permissions config via a new pr_creation_cap_bypass_list key under a repository's settings block, and Sheriff reconciles the repo's bypass list to match. Maintainers add/remove contributors by editing config instead of clicking in the UI.

The setting is opt-in per repo: when it is absent (after merging repository_defaults with the repo's settings), Sheriff does not touch the bypass list (unmanaged). When it is present — including an empty [], which clears the list — that exact set becomes the desired state. Because it lives under settings, it can also be defaulted org-wide via repository_defaults.

How

  • New optional pr_creation_cap_bypass_list?: string[] on RepoSettings (a repository's settings) in src/permissions/types.ts.
  • Matching Joi rule pr_creation_cap_bypass_list: Joi.array().items(Joi.string().min(1)).optional() in both the settings and repository_defaults sub-schemas of validateConfigFast() (src/permissions/run.ts).
  • Reconciliation in checkRepository(): read the desired list from the computed settings (repository_defaults merged with the repo's settings), GET the current bypass list, diff it case-insensitively against the desired list, then add missing users and remove extra users. This uses the generic octokit.request(...) escape hatch because the pinned @octokit/plugin-rest-endpoint-methods@17.0.0 (already the latest release) exposes no typed method for the interaction-limits/pulls/bypass-list endpoints. The change is dry-run gated (if (!IS_DRY_RUN)) and Slack-logged via builder.addContext(...), mirroring the fork PR contributor approval reconciliation.

Per the GitHub REST docs (apiVersion=2026-03-10), there is no wholesale "set" operation for this list — only:

  • GET /repos/{owner}/{repo}/interaction-limits/pulls/bypass-list (list)
  • PUT .../bypass-list with { users: string[] } (add users)
  • DELETE .../bypass-list with { users: string[] } (remove users)

so reconciliation is expressed as an add + remove diff rather than a single replace.

Notes

No octokit bump was needed or possible: @octokit/plugin-rest-endpoint-methods@17.0.0 is the latest release and still lacks a typed method for these endpoints, hence the octokit.request(...) escape hatch.

🤖 Generated with Claude Code

https://claude.ai/code/session_01MRt32Rsnbd6W6CVEt4hw4k


Generated by Claude Code

claude added 2 commits July 1, 2026 00:55
Add a new optional `prCreationCapBypassList` field to a repository's
config so maintainers can declaratively manage the set of users exempt
from a repo's pull request creation cap. When the field is present,
checkRepository() reconciles the repo's bypass list via the generic
octokit.request() escape hatch (the pinned octokit has no typed method
for the interaction-limits/pulls/bypass-list endpoint), dry-run gated
and Slack-logged like the fork PR contributor approval reconciliation.
Confine the raw off-spec octokit request route strings and the single
unavoidable response cast to a dedicated module, and refactor the
reconciler to call the typed helpers instead.
@MarshallOfSound MarshallOfSound marked this pull request as ready for review July 1, 2026 01:17
@MarshallOfSound MarshallOfSound requested a review from a team as a code owner July 1, 2026 01:17
Move the bypass-list config from a top-level `prCreationCapBypassList`
field on a repository to `pr_creation_cap_bypass_list` under the repo's
`settings` block, for consistency with other repository settings. This
also allows the list to be defaulted org-wide via `repository_defaults`.
The reconciliation now reads the desired list from the computed settings.
@MarshallOfSound MarshallOfSound merged commit 476bfdb into main Jul 2, 2026
6 checks passed
@MarshallOfSound MarshallOfSound deleted the claude/pr-cap-bypass-list branch July 2, 2026 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants