Skip to content

feat(ignore): adding event logger for ignored comments#178

Open
billxinli wants to merge 1 commit intomainfrom
feat/ignore-events
Open

feat(ignore): adding event logger for ignored comments#178
billxinli wants to merge 1 commit intomainfrom
feat/ignore-events

Conversation

@billxinli
Copy link
Copy Markdown

@billxinli billxinli commented Apr 2, 2026
edited
Loading

  • Emits events to POST /v0/orgs/{slug}/telemetry when users suppress alerts via @SocketSecurity ignore PR/MR comments
  • Uses eyes emoji reaction as a dedup marker — only unprocessed comments (without eyes) trigger events; after sending, the eyes reaction is added
  • Per-comment iteration ensures the correct comment author is recorded as sender_name/sender_id (not the webhook sender or first commenter)
  • Supports both GitHub (inline reactions.eyes from API response) and GitLab (lazy has_eyes_reaction() API call per comment, best-effort post_eyes_reaction() via Award Emoji API)
  • Events are sent one at a time (fire-and-forget per event, continues on failure)
  • Comment flow uses artifact_input (raw user text) since the ignore command is user input and may not be a valid PURL
  • Push flow uses artifact_purl from actual alert objects (always valid PURLs)
  • Fixes pre-existing case-sensitivity bug in get_ignore_options@socketSecurity ignore (lowercase s) now works

Changes

socketsecurity/core/cli_client.py

  • Added post_telemetry_events() — sends events individually to POST /v0/orgs/{slug}/telemetry

socketsecurity/core/scm/github.py

  • Added post_eyes_reaction() — posts eyes reaction to mark comments as processed

socketsecurity/core/scm/gitlab.py

  • Added has_eyes_reaction() — best-effort check for eyes award emoji on MR notes
  • Added post_eyes_reaction() — best-effort add eyes award emoji with Content-Type: application/json

socketsecurity/core/scm_comments.py

  • Made get_ignore_options() case-insensitive (fixes @socketSecurity vs @SocketSecurity)

socketsecurity/socketcli.py

  • Added _is_unprocessed() helper — checks inline reactions.eyes then falls back to scm.has_eyes_reaction()
  • Comment flow: emits events per unprocessed ignore comment with author attribution
  • Push flow: matches ignored alerts back to individual comments for per-comment author attribution

Event attributes

{
  "event_kind": "user-action",
  "client_action": "ignore_alerts",
  "event_id": "<uuid>",
  "event_sender_created_at": "<iso8601>",
  "vcs_provider": "github|gitlab",
  "owner": "<repo_owner>",
  "repo": "<owner/repo>",
  "pr_number": 123,
  "ignore_all": true|false,
  "sender_name": "<comment_author_login>",
  "sender_id": "<comment_author_id>",
  "artifact_input": "<raw_user_text>" (comment flow),
  "artifact_purl": "<valid_purl>" (push flow)
}

Public Changelog

N/A

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 2, 2026
edited
Loading

🚀 Preview package published!

Install with:

pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==2.2.80.dev3

Docker image: socketdev/cli:pr-178

@billxinli billxinli force-pushed the feat/ignore-events branch from 0e20dd0 to 09e3172 Compare April 2, 2026 20:37
@billxinli billxinli marked this pull request as ready for review April 3, 2026 16:15
@billxinli billxinli requested a review from a team as a code owner April 3, 2026 16:15
@billxinli
Copy link
Copy Markdown
Author

billxinli commented Apr 3, 2026

bugbot run

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@billxinli