fix: resolve #355 - PR Agent 无权限校验，存在密钥泄露与滥用风险

[awsl233777]

Closes #355

Summary by CodeRabbit

发行说明

• Chores
  • 优化了自动化工作流的执行条件，现在仅对存储库所有者、成员和协作者触发，同时继续阻止机器人账户，提高了工作流的精准性和安全性。

[coderabbitai]

Warning

Rate limit exceeded

@dreamhunter2333 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 26 minutes and 44 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5c6e5f63-cd2a-446a-a579-5b431edd3a5b

📥 Commits

Reviewing files that changed from the base of the PR and between 1eda5d1 and f30e9ea.

📒 Files selected for processing (2)

• .github/workflows/pr-agent.yml
• web/src/components/auth/admin-route.tsx

📝 Walkthrough

Walkthrough

此PR修改了GitHub工作流配置文件，在.github/workflows/pr-agent.yml中强化了访问控制。将简单的机器人检查扩展为复合条件，现仅允许仓库所有者、成员或协作者在拉取请求创建/更新及PR相关评论时触发PR Agent工作流执行。

Changes

Cohort / File(s)	Summary
工作流权限验证 .github/workflows/pr-agent.yml	扩展pr_agent_job条件判断逻辑，从单一机器人检查升级为复合条件：排除机器人且验证pull_request或issue_comment事件中的作者权限等级（仅OWNER、MEMBER、COLLABORATOR可触发），实现细粒度的访问控制。

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 工作流施加了新的门禁，
只有信任的伙伴能进入，
密钥不再向陌生人敞开，
协作者守护着安全之门，
权限检查筑起了堡垒。
✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR标题清晰地描述了主要变更：通过在GitHub工作流中添加权限校验来解决第355号问题，标题与代码变更直接相关。
Linked Issues check	✅ Passed	代码变更完全满足第355号问题的要求：通过限制PR Agent工作流仅在仓库成员或协作者操作时运行，防止密钥泄露和滥用。
Out of Scope Changes check	✅ Passed	所有变更均与第355号问题的权限校验需求直接相关，没有发现超出范围的改动。
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/issue-355

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

.github/workflows/pr-agent.yml (2)

8-28: 权限校验逻辑总体正确，但 pull_request 事件的检查对象需要注意

此条件表达式有效地限制了工作流的执行权限，语法正确。但有一个潜在的逻辑细节需要确认：

1. issue_comment 事件：检查 github.event.comment.author_association（评论者权限）是正确的。

2. pull_request 事件：当前检查的是 github.event.pull_request.author_association（PR 作者的权限），而非触发事件的用户。

   • 对于 opened 事件，触发者就是作者，没有问题。
   • 对于 reopened 和 ready_for_review 事件，如果一个协作者重新打开外部用户提交的 PR，工作流将不会运行（因为检查的是 PR 作者而非操作者）。

请确认这是否符合预期行为。如果希望允许授权用户操作任意 PR 时都能触发工作流，需要改用 GitHub API 验证 github.actor 的仓库权限。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-agent.yml around lines 8 - 28, The current if-condition
uses github.event.pull_request.author_association (checks PR author) which
misses actions where a different authorized user triggers the event; update the
pull_request branch to validate the actual actor instead—use github.actor (or
call the GitHub REST API to check the actor's repo permission/association)
rather than github.event.pull_request.author_association; keep the issue_comment
branch using github.event.comment.author_association or similarly validate
github.actor for consistency (ensure you adjust the contains(...) checks to use
the actor/permission result).

---

15-16: 建议：确认是否需要包含 CONTRIBUTOR 角色

当前仅允许 OWNER、MEMBER、COLLABORATOR 三种角色。CONTRIBUTOR（曾为仓库贡献过代码的用户）被排除在外。

如果项目希望允许历史贡献者触发 PR Agent，需要将 "CONTRIBUTOR" 添加到列表中。如果当前设置符合安全策略，可以忽略此建议。

Also applies to: 23-24

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-agent.yml around lines 15 - 16, The workflow currently
restricts allowed PR author roles in the condition using
fromJSON('["OWNER","MEMBER","COLLABORATOR"]') against
github.event.pull_request.author_association; decide whether historical
contributors should be permitted and, if so, add "CONTRIBUTOR" to that JSON
array (i.e. fromJSON('["OWNER","MEMBER","COLLABORATOR","CONTRIBUTOR"]')), and
make the same change for the other identical occurrence noted in the file so
both checks are updated.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/pr-agent.yml:
- Around line 8-28: The current if-condition uses
github.event.pull_request.author_association (checks PR author) which misses
actions where a different authorized user triggers the event; update the
pull_request branch to validate the actual actor instead—use github.actor (or
call the GitHub REST API to check the actor's repo permission/association)
rather than github.event.pull_request.author_association; keep the issue_comment
branch using github.event.comment.author_association or similarly validate
github.actor for consistency (ensure you adjust the contains(...) checks to use
the actor/permission result).
- Around line 15-16: The workflow currently restricts allowed PR author roles in
the condition using fromJSON('["OWNER","MEMBER","COLLABORATOR"]') against
github.event.pull_request.author_association; decide whether historical
contributors should be permitted and, if so, add "CONTRIBUTOR" to that JSON
array (i.e. fromJSON('["OWNER","MEMBER","COLLABORATOR","CONTRIBUTOR"]')), and
make the same change for the other identical occurrence noted in the file so
both checks are updated.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3405cb64-dac7-4911-b52f-76da081774f8

📥 Commits

Reviewing files that changed from the base of the PR and between 6cd6fd6 and 1eda5d1.

📒 Files selected for processing (1)

• .github/workflows/pr-agent.yml

📜 Review details

🔇 Additional comments (2)

.github/workflows/pr-agent.yml (2)

21-21: github.event.issue.pull_request 的存在性检查是正确的

这个检查确保只有在 PR 相关的 issue 评论（而非普通 issue 评论）时才会触发工作流，符合预期。

---

38-45: 密钥使用方式符合安全最佳实践

敏感信息通过 ${{ secrets.* }} 引用，不会在日志中暴露。结合上方新增的权限检查，有效降低了密钥滥用风险。

[awsl233777]

Automated Test Report

PR: #366 | Branch: fix/issue-355 | Issue: #355

Suite	Total	Passed	Failed	Skipped	Status
E2E	0	0	0	0	BLOCKED
Unit	0	0	0	0	BLOCKED

Overall: TESTS NOT RUN

Worktree setup was blocked before any Go tests could run.

Setup failure details

git fetch origin fix/issue-355 failed with error: cannot open '.git/FETCH_HEAD': Operation not permitted.

git fetch --no-write-fetch-head origin fix/issue-355 also failed with:

error: unable to create temporary file: Operation not permitted
fatal: failed to write object
fatal: unpack-objects failed

Because the branch could not be fetched into the local repository, the test worktree could not be created, so neither go test -v -count=1 -timeout 300s -race ./tests/e2e/... nor go test -v -count=1 -timeout 120s ./internal/... was executed.