Skip to content

fix(github): Handle GraphQL egress permissions#558

Merged
dcramer merged 4 commits into
mainfrom
fix/github-graphql-read-egress
Jun 8, 2026
Merged

fix(github): Handle GraphQL egress permissions#558
dcramer merged 4 commits into
mainfrom
fix/github-graphql-read-egress

Conversation

@dcramer

@dcramer dcramer commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Member

GitHub GraphQL egress now treats read-only query POSTs as installation-read and annotates GraphQL HTTP 200 access errors as permission_denied without rewriting provider responses. This keeps read commands on app installation credentials while preserving provider CLI output and giving Junior structured permission context when GitHub reports access failures in the response body.

Provider Response Hooks

Plugins can inspect response metadata and lazily read a bounded cloned body. Normal hook return preserves the original upstream response; EgressAuthRequired is the only response-hook path that rewrites to Junior's auth-required sentinel.

defineJuniorPlugin({
  hooks: {
    async onEgressResponse(ctx) {
      if (ctx.response.status !== 200) {
        return;
      }

      const body = await ctx.response.readText(64 * 1024);
      if (body?.includes("Resource not accessible by integration")) {
        ctx.permissionDenied("Provider denied access to this resource.");
      }

      // Throw only when the provider response means user auth must be refreshed.
      // throw new EgressAuthRequired("Provider needs reauthorization.");
    },
  },
});

GitHub GraphQL

The GitHub plugin owns all GraphQL response interpretation for POST /graphql, classifying known access-shaped JSON errors such as repository NOT_FOUND and Resource not accessible by integration as side-channel permission signals.

Coverage

Integration coverage now exercises read-query installation tokens, mutation user-write auth, auth-required response-hook interruption, GraphQL access-error pass-through with permission_denied, and successful GraphQL pass-through without a permission signal.

@dcramer @codex
fix(github): Classify GraphQL read queries as app egress
199489c 
Use the visible GitHub GraphQL request body to keep read-only POST queries on the installation-read grant while mutations, subscriptions, and unknown bodies continue to require user-write attribution.

This prevents read-only gh issue list traffic from unnecessarily depending on requester OAuth credentials.

Co-Authored-By: GPT-5 Codex <codex@openai.com>
@vercel

vercel Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
junior-docs Ready Ready Preview, Comment Jun 8, 2026 12:15pm

Request Review

@dcramer dcramer marked this pull request as ready for review June 8, 2026 05:24
@dcramer dcramer changed the title fix(github): Classify GraphQL read queries as app egress fix(github): Handle GraphQL egress permissions Jun 8, 2026
@dcramer dcramer force-pushed the fix/github-graphql-read-egress branch from 83f25ec to eab0e57 Compare June 8, 2026 07:03
cursor[bot]
cursor Bot reviewed Jun 8, 2026
View reviewed changes
Comment thread packages/junior-github/index.js
@dcramer @codex
fix(github): Surface GraphQL access denials from egress
dcd8317 
Add a provider-owned egress response hook that preserves upstream responses by default and only rewrites when a plugin throws EgressAuthRequired.

Use the hook in the GitHub plugin to annotate known GraphQL access errors returned in HTTP 200 response bodies, so failed commands receive a structured permission_denied signal without core GitHub special cases.

Co-Authored-By: GPT-5 Codex <codex@openai.com>
@dcramer dcramer force-pushed the fix/github-graphql-read-egress branch from eab0e57 to dcd8317 Compare June 8, 2026 07:07
@dcramer @codex
fix(github): Ignore GraphQL operation words in strings
6e61b5c 
Mask GraphQL string literals before classifying request operations so read queries with search text like mutation or subscription stay on installation-read credentials.

Co-Authored-By: GPT-5 Codex <codex@openai.com>
cursor[bot]
cursor Bot reviewed Jun 8, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 6e61b5c. Configure here.

Comment thread packages/junior-github/index.js
@dcramer @codex
fix(github): Respect GraphQL operationName for egress
216d930 
Classify the named GraphQL operation when operationName is provided so multi-operation documents cannot route a selected mutation through installation-read credentials.

Co-Authored-By: GPT-5 Codex <codex@openai.com>
@dcramer dcramer merged commit 09ea08b into main Jun 8, 2026
16 checks passed
@dcramer dcramer deleted the fix/github-graphql-read-egress branch June 8, 2026 16:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dcramer