mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-07-03 11:12:36 +08:00
* Exempt the bump bot from the external-PR scope guard The External PR Scope Guard (#3353) and the auto-closer both look up the PR author's collaborator permission and, for anyone who is not write/admin, require the PR to ADD marketplace.json entries (additions-only). Internal bump PRs are authored by github-actions[bot], which is not reported as a member, so a SHA-bump — a legitimate MODIFY of an existing entry — fails the guard (e.g. #3391 "modifies existing entry: astronomer-data-agents"). Add a shared isExemptAuthor() helper that exempts both org members and the repo's own automation bot, and route both workflows through it. Safe under pull_request_target: a fork PR cannot author as github-actions[bot] (only the org's own GITHUB_TOKEN workflow can), and the member path is still a real permission lookup. The helper also wraps getCollaboratorPermissionLevel in try/catch — previously a non-collaborator/unknown-user lookup threw and errored the job instead of falling through to scope evaluation. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Correct stale "required status check" guidance in scope-guard comments The scope guard is advisory, not a required status check — the merge gate is validate + scan + a maintainer approval. The old header told operators to add it to branch protection, which is now contra-indicated (it would block the no-approval bump-merge path). Update both workflow comments to match. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>