Seems like there are multiple ways to address that within the GitHub ecosystem.
For example, you can set up a GitHub Action trigged by `push_request_target` that will call CodeRabbit's API to generate a patch and then push a new commit to the branch. This way CodeRabbit is being polled by a well-defined and minimal action (since this action will have write access to repo) rather than it itself having crazy power to do anything it wants on your repository.
Alternatively, why can't they just comment and propose a patch? GitHub's code review UI allows the human code reviewer to hit a button and incorporate that change into the PR.
There are pros and cons to these other techniques but the clear pro is that it would be more secure.
It just seems like they took the easiest way out rather than thinking it through in typical AI-bro ways.
For example, you can set up a GitHub Action trigged by `push_request_target` that will call CodeRabbit's API to generate a patch and then push a new commit to the branch. This way CodeRabbit is being polled by a well-defined and minimal action (since this action will have write access to repo) rather than it itself having crazy power to do anything it wants on your repository.
Alternatively, why can't they just comment and propose a patch? GitHub's code review UI allows the human code reviewer to hit a button and incorporate that change into the PR.
There are pros and cons to these other techniques but the clear pro is that it would be more secure.
It just seems like they took the easiest way out rather than thinking it through in typical AI-bro ways.