What happened
PR #33 on fullsend-ai/experiments was opened by raks-tt from a fork (raks-tt/experiments). The PR added 3,266 lines across 15 files implementing a SQLite-backed review cache with filter pipeline, publication policy engine, and end-to-end tests. All pull_request_target/synchronize events resulted in 'No stage matched' because the dispatch routing's is_event_actor_authorized function checks has_write_permission against the target repo, and fork contributors typically lack write access. The fullsend review agent never ran. Only qodo-code-review[bot] provided automated review, catching 4 bugs (command injection in save.py, cross-PR cache collisions in store.py, semantic key mismatches, non-env shebangs). Human reviewer ralphbean provided feedback on experiment methodology framing. PR was approved and merged on 2026-07-02.
What could go better
The fullsend review agent could have provided deeper, context-aware review of this substantial code contribution. The current permission gate is binary — if you don't have write access to the repo, you get zero fullsend review coverage. This is a reasonable security default (prevents token waste on spam PRs, as tracked in issue #2552), but it creates a coverage gap for legitimate contributions from known contributors. In this case, raks-tt is a regular contributor to fullsend-ai repos and co-authored the PR with Claude Sonnet 4.5 — exactly the kind of PR that would benefit from automated review. Confidence: medium — the security trade-off here is real, and the right mechanism (org membership check vs. label-based opt-in vs. contributor allowlist) needs careful design.
Proposed change
Add a secondary authorization path in the dispatch routing for fork PRs from contributors who are members of the target org. The is_event_actor_authorized function currently only checks repo-level write permission. It should also check org membership via gh api orgs/{org}/members/{user} as a fallback. For non-org-member contributors, support a label-based opt-in (e.g., ok-to-review) that org members can apply, similar to the existing ok-to-test pattern used in CI. This complements issue #2552 (which focuses on deferring review for untrusted PRs) by providing the positive path — enabling review for trusted fork contributors. The change belongs in the dispatch routing script's is_event_actor_authorized function.
Validation criteria
After implementation: (1) a fork PR from an org member should trigger the review stage without requiring write permission on the target repo, (2) a fork PR from a non-org-member should remain skipped by default but triggerable via ok-to-review label, (3) fork PRs from unknown contributors with no label should continue to be skipped. Verify by opening a test fork PR from an org member account and confirming the review dispatch log shows 'STAGE=review'.
Generated by retro agent from fullsend-ai/experiments#33
What happened
PR #33 on fullsend-ai/experiments was opened by
raks-ttfrom a fork (raks-tt/experiments). The PR added 3,266 lines across 15 files implementing a SQLite-backed review cache with filter pipeline, publication policy engine, and end-to-end tests. Allpull_request_target/synchronizeevents resulted in 'No stage matched' because the dispatch routing'sis_event_actor_authorizedfunction checkshas_write_permissionagainst the target repo, and fork contributors typically lack write access. The fullsend review agent never ran. Onlyqodo-code-review[bot]provided automated review, catching 4 bugs (command injection in save.py, cross-PR cache collisions in store.py, semantic key mismatches, non-env shebangs). Human reviewerralphbeanprovided feedback on experiment methodology framing. PR was approved and merged on 2026-07-02.What could go better
The fullsend review agent could have provided deeper, context-aware review of this substantial code contribution. The current permission gate is binary — if you don't have write access to the repo, you get zero fullsend review coverage. This is a reasonable security default (prevents token waste on spam PRs, as tracked in issue #2552), but it creates a coverage gap for legitimate contributions from known contributors. In this case,
raks-ttis a regular contributor to fullsend-ai repos and co-authored the PR with Claude Sonnet 4.5 — exactly the kind of PR that would benefit from automated review. Confidence: medium — the security trade-off here is real, and the right mechanism (org membership check vs. label-based opt-in vs. contributor allowlist) needs careful design.Proposed change
Add a secondary authorization path in the dispatch routing for fork PRs from contributors who are members of the target org. The
is_event_actor_authorizedfunction currently only checks repo-level write permission. It should also check org membership viagh api orgs/{org}/members/{user}as a fallback. For non-org-member contributors, support a label-based opt-in (e.g.,ok-to-review) that org members can apply, similar to the existingok-to-testpattern used in CI. This complements issue #2552 (which focuses on deferring review for untrusted PRs) by providing the positive path — enabling review for trusted fork contributors. The change belongs in the dispatch routing script'sis_event_actor_authorizedfunction.Validation criteria
After implementation: (1) a fork PR from an org member should trigger the review stage without requiring write permission on the target repo, (2) a fork PR from a non-org-member should remain skipped by default but triggerable via
ok-to-reviewlabel, (3) fork PRs from unknown contributors with no label should continue to be skipped. Verify by opening a test fork PR from an org member account and confirming the review dispatch log shows 'STAGE=review'.Generated by retro agent from fullsend-ai/experiments#33