Use collaborator permission check instead of org membership

2026-02-04 21:23:07 +00:00 · 2026-01-06 19:16:31 -08:00
2 changed files with 25 additions and 35 deletions
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -512,16 +512,6 @@
        "url": "https://github.com/pinecone-io/pinecone-claude-code-plugin.git"
      },
      "homepage": "https://github.com/pinecone-io/pinecone-claude-code-plugin"
-    },
-    {
-      "name": "superpowers",
-      "description": "Superpowers teaches Claude brainstorming, subagent driven development with built in code review, systematic debugging, and red/green TDD. Additionally, it teaches Claude how to author and test new skills.",
-      "category": "development",
-      "source": {
-        "source": "url",
-        "url": "https://github.com/obra/superpowers.git"
-      },
-      "homepage": "https://github.com/obra/superpowers"
    }
  ]
 }
--- a/.github/workflows/close-external-prs.yml
+++ b/.github/workflows/close-external-prs.yml
@@ -13,21 +13,25 @@ jobs:
    if: vars.DISABLE_EXTERNAL_PR_CHECK != 'true'
    runs-on: ubuntu-latest
    steps:
-      - name: Check if author is org member
+      - name: Check if author has write access
        uses: actions/github-script@v7
        with:
          script: |
-            const org = 'anthropics';
            const author = context.payload.pull_request.user.login;

-            try {
-              await github.rest.orgs.checkMembershipForUser({
-                org: org,
+            const { data } = await github.rest.repos.getCollaboratorPermissionLevel({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
              username: author
            });
-              console.log(`${author} is an org member, allowing PR`);
-            } catch (e) {
-              if (e.status === 404) {
+
+            if (['admin', 'write'].includes(data.permission)) {
+              console.log(`${author} has ${data.permission} access, allowing PR`);
+              return;
+            }
+
+            console.log(`${author} has ${data.permission} access, closing PR`);
+
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
@@ -41,7 +45,3 @@ jobs:
              pull_number: context.payload.pull_request.number,
              state: 'closed'
            });
-
-                console.log(`Closed PR from external contributor: ${author}`);
-              }
-            }