Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions .github/workflows/contributor-trust.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Contributor Trust Report

on:
pull_request_target:
types: [opened, reopened, synchronize, ready_for_review]
issues:
types: [opened]
issue_comment:
types: [created]
Comment on lines +4 to +9

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
pull_request_target:
types: [opened, reopened, synchronize, ready_for_review]
issues:
types: [opened]
issue_comment:
types: [created]
issues:
types: [opened]
issue_comment:
types: [created]
pull_request_target:
types: [opened]
  1. 代码行文语义由简单到复杂
  2. PR 创建时检测作者即可,后续无需重复判定


permissions:
contents: read
issues: write
pull-requests: write
models: read

concurrency:
group: contributor-trust-${{ github.event.pull_request.number || github.event.issue.number || github.run_id }}-${{ github.actor }}
cancel-in-progress: true

jobs:
report:

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

整个业务逻辑应该叫 detection

name: Inspect public contributor signals
if: github.actor != 'github-actions[bot]'
runs-on: ubuntu-latest
steps:
- name: Build contributor trust report
id: trust
uses: Neroxsh/contributor-trust-action@v1
with:
github-token: ${{ github.token }}

- name: Record result
env:
AUTHOR: ${{ steps.trust.outputs.author }}
RISK_LEVEL: ${{ steps.trust.outputs['risk-level'] }}
RISK_SCORE: ${{ steps.trust.outputs['risk-score'] }}
Comment on lines +36 to +37

@TechQuery TechQuery Jul 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

级别和分数有什么依据?能否再显示一下判定的理由?

而且我们首要的需求是把人类贡献者和 AI agent 区分开来,然后再把 agent 账号 block 掉。当前代码没有实现上述需求,请用你用的 CodeX 再次理解我写的需求文本:#89 (comment)

run: echo "@${AUTHOR} => ${RISK_LEVEL} (${RISK_SCORE}/100)"