Open
Conversation
- Use Number.parseInt/Number.isNaN instead of global functions - Use optional chains for index access in loader - Use bracket notation for process.env (noPropertyAccessFromIndexSignature) - Replace forEach with for...of in pr-workflow - Add JSDoc for githubToken in auth-options
Co-Authored-By: GPT-5 Codex <noreply@anthropic.com>
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
dcramer
changed the title
Co-Authored-By: GPT-5 Codex <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Co-Authored-By: GPT-5 Codex <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Support private remote skill repositories on github.com in hosted runs.
Today remote skills work well for public repositories and for environments that already have SSH configured, but they are awkward in GitHub Actions when the remote skill repository is private. This threads the existing github-token input through remote resolution and uses one-shot git auth env injection for github.com fetches so the action can read private remote skills without embedding credentials in URLs or cache state.
The implementation keeps the current behavior for public remotes and for non-GitHub remotes. Follow-up fixes from the earlier review also narrow GitHub-specific auth error rewriting to the actual GitHub-auth path and remove stale WARDEN_GITHUB_TOKEN guidance from user-facing errors.
I considered leaving the SSH-only behavior in place for hosted runs, but that would keep private remotes dependent on out-of-band SSH setup and make the existing GitHub token effectively unusable for this path. This approach stays close to the current fetch model and limits the new auth behavior to github.com.
Additional context: