Skip to content

fix(strix): use target token for cross-repo dispatch PR scoping #573

Description

@seonghobae

Problem

A default-branch repository_dispatch Strix retry for ContextualWisdomLab/codec-carver#250 now installs Strix successfully after #570, but the scan exits before execution:

ERROR: STRIX_TARGET_PATH=__PR_SCOPE__ requires PR scoping.

Evidence: https://github.com/ContextualWisdomLab/.github/actions/runs/29517123708

The workflow validates and fetches the external PR with steps.target_app_token.outputs.token, but the Run Strix (quick) environment sets GH_TOKEN to github.token. On a dispatch in ContextualWisdomLab/.github, that token cannot scope ContextualWisdomLab/codec-carver#250. The follow-up commit-status publication also receives HTTP 403 (Resource not accessible by integration).

Required change

  • Use the exchanged target-app token (with safe fallbacks) for PR-scoping reads during cross-repository repository_dispatch.
  • Preserve the same-repository required-workflow behavior.
  • Cover the dispatch token selection and status-publication contract with tests.
  • Re-run the exact codec-carver PR [codex] Record autofix guard rollout #250 base/head tuple and prove the scanner enters actual analysis.

Completion evidence

  • Shell/Python workflow tests pass.
  • actionlint passes.
  • A fresh default-branch dispatch for codec-carver#250 no longer emits requires PR scoping.
  • Current-head status publication succeeds or reports an explicitly separated permissions blocker.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions