If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: github.com/hcengineering/platform/pull/10895 - Mention-grants: Collaborator-b.

site address: github.com/hcengineering/platform/pull/10895

site title: Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform · GitHub

Our opinion (on Thursday 09 July 2026 4:31:40 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=Huly — All-in-One Project Management Platform (alternative to Linear, Jira, Slack, Notion, Motion) - Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform;

Headings (most frequently used words):

uh, oh, mention, huly, grants, collaborator, based, cross, space, access, for, mentions, to, saved, searches, navigation, platform, michaeluray, feat, what, this, footer, commented, may, 30, 2026, loading, search, code, repositories, users, issues, pull, requests, provide, feedback, 10895, menu, use, filter, your, results, more, quickly, 10895michaeluray, wants, merge, 33, commits, intohcengineering, develophcengineering, developfrom, grantsmichaeluray, grantscopy, head, branch, name, clipboard, conversation, builds, architecture, sketch, is, opt, in, tests, live, deployment, evidence, sign, off, edited, there, was, an, error, while, please, reload, page, github, staging, bot, reviewers, assignees, labels, projects, milestone, development, participant,

Text of the page (most frequently used words):
the (256), github (70), michaeluray (70), signed (62), users (62), off (60), space (59), #michael (58), uray (58), noreply (58), com (58), collaborator (58), and (56), for (52), only (42), from (41), class (37), mention (36), this (35), collab (35), commit (31), that (30), not (30), issue (28), with (28), guest (27), grants (26), grant (26), cherry (25), picked (25), new (25), user (25), via (23), tracker (23), access (23), member (23), true (22), feat (22), middleware (21), projects (20), mentions (18), hcengineering (18), are (18), they (18), issues (17), doc (17), postgres (17), branch (17), all (17), when (17), chunter (17), providesecurity (17), can (16), docs (16), code (16), filter (16), spaces (16), trigger (16), server (16), security (15), comment (15), fix (15), members (15), project (15), add (14), false (14), read (14), core (14), into (14), huly (14), opt (14), disclosure (14), non (14), resources (14), message (14), any (14), existing (13), query (13), test (13), src (13), now (12), has (12), adapter (12), null (12), self (12), visibility (12), cannot (11), applied (11), may (11), undefined (11), svelte (11), dialog (11), but (11), was (10), already (10), cross (10), foundations (10), packages (10), classcollaborators (10), mentionsgrantaccess (10), grantsaccess (10), send (10), edit (10), your (10), caller (10), you (9), pull (9), text (9), veto (9), findall (9), reference (9), added (9), components (9), guests (9), sub (9), against (9), navigator (9), before (9), records (9), model (9), target (9), step (9), field (9), platform (9), 2026 (8), while (8), change (8), per (8), reload (8), open (8), commits (8), mentioned (8), ref (8), pre (8), side (8), nav (8), who (8), its (8), classes (8), suggestion (7), check (7), suggestions (7), merge (7), die (7), guard (7), explicit (7), level (7), v3b (7), which (7), workbench (7), still (7), client (7), them (7), tree (7), see (7), same (7), spacesecurity (7), view (7), composer (7), please (6), request (6), single (6), because (6), there (6), loading (6), page (6), sign (6), tests (6), storage (6), backend (6), mongo (6), bypass (6), develop (6), copy (6), sees (6), node (6), without (6), game (6), helper (6), popup (6), path (6), use (6), actually (6), both (6), system (6), update (6), set (6), every (6), unchanged (6), plugins (6), where (6), list (6), their (6), other (6), behavior (6), editors (6), returns (6), enterprise (6), status (5), one (5), changes (5), were (5), error (5), hidden (5), review (5), nicht (5), txupdatedoc (5), domain (5), nodes (5), today (5), milestones (5), templates (5), those (5), person (5), auto (5), iscollabonlyproject (5), reactive (5), important (5), through (5), v3c (5), flow (5), author (5), dedup (5), adds (5), shared (5), whose (5), surface (5), record (5), follow (5), tooltip (5), does (5), empty (5), then (5), readonlyguest (5), effect (5), would (5), warning (5), 10783 (5), search (5), time (4), community (4), navigation (4), closed (4), show (4), what (4), editor (4), fail (4), return (4), das (4), und (4), addsecurity (4), flag (4), package (4), carries (4), future (4), silently (4), hide (4), dependency (4), attribute (4), default (4), explicitly (4), also (4), session (4), used (4), types (4), v3d (4), correctly (4), grantee (4), never (4), skips (4), preserves (4), across (4), membership (4), inside (4), three (4), filtered (4), florian (4), listed (4), reads (4), admin (4), accounts (4), tab (4), own (4), callers (4), parent (4), thread (4), granttarget (4), bit (4), refs (4), 9741 (4), chatmessage (4), rush (4), effectivereadonly (4), caneditissuefields (4), cancel (4), based (4), support (4), back (3), line (3), comments (3), resolved (3), must (3), create (3), supported (3), batch (3), none (3), account (3), conversation (3), characters (3), contains (3), unicode (3), appears (3), isforbiddencollabonlyguestfieldupdate (3), bei (3), guestpermissions (3), opted (3), txremovedoc (3), write (3), spacesecuritymiddleware (3), spacecollabbypass (3), einem (3), apply (3), after (3), wrong (3), link (3), will (3), scope (3), did (3), found (3), workspace (3), blocker (3), instead (3), public (3), type (3), removed (3), pass (3), unit (3), v3a (3), activeclasses (3), cast (3), walks (3), getancestors (3), draft (3), input (3), unsent (3), actor (3), denied (3), uses (3), stays (3), second (3), work (3), isprojectjoined (3), render (3), end (3), entries (3), down (3), keep (3), chain (3), opts (3), provideattachedsecurity (3), out (3), verified (3), subscribed (3), containing (3), layers (3), exists (3), _id (3), becomes (3), rule (3), alongside (3), semantics (3), build (3), until (3), two (3), rows (3), clause (3), sql (3), resolvementiongranttarget (3), gate (3), todays (3), driven (3), targetdoc (3), qms (3), love (3), editissue (3), title (3), dates (3), split (3), cancomment (3), gets (3), caneditissue (3), fields (3), too (3), name (3), 10895 (3), insights (3), actions (3), requests (3), settings (3), another (3), window (3), refresh (3), saved (3), documentation (3), feedback (3), grade (3), features (3), copilot (3), solutions (3), explore (3), action (2), manage (2), footer (2), reviews (2), marked (2), lines (2), made (2), development (2), milestone (2), yet (2), labels (2), have (2), free (2), file (2), bidirectional (2), than (2), below (2), more (2), ohne (2), jetzt (2), regression (2), ein (2), deckt (2), drei (2), bypaesse (2), selfcollabbypass (2), auf (2), leak (2), eine (2), der (2), adaptermanager (2), fuer (2), bleibt (2), kein (2), fixes (2), tracking (2), sorry (2), something (2), went (2), reactions (2), markdown (2), commented (2), updatespecials (2), extends (2), views (2), next (2), note (2), array (2), includes (2), threw (2), leaving (2), badge (2), design (2), address (2), findings (2), tiptap (2), emits (2), data (2), dimmed (2), opacity (2), sanity (2), fire (2), specials (2), tracks (2), dep (2), require (2), include (2), import (2), applymentiongrantchoices (2), attrs (2), derived (2), typeof (2), drop (2), 64105d1 (2), covered (2), hierarchy (2), uncovered (2), ancestors (2), production (2), style (2), stub (2), matches (2), intent (2), 8e825a5 (2), onmessage (2), handlecreate (2), cancelling (2), lost (2), boolean (2), submit (2), onchatmessageupdated (2), kept (2), original (2), modifiedby (2), applymentiongrants (2), chuntertrigger (2), nothing (2), runs (2), edited (2), state (2), provenance (2), revoke (2), creation (2), enforcement (2), decision (2), grantees (2), shows (2), markup (2), wins (2), extractreferences (2), keeps (2), attr (2), done (2), dim (2), icon (2), intlstring (2), resolves (2), queries (2), visibleif (2), remains (2), scoped (2), fetched (2), result (2), declaration (2), track (2), index (2), his (2), remain (2), directly (2), acc (2), domain_space (2), hosting (2), naming (2), readable (2), opens (2), subscription (2), appends (2), always (2), first (2), applies (2), even (2), calls (2), additionally (2), maintainer (2), docguest (2), take (2), names (2), api (2), gain (2), channels (2), chatmessageinput (2), attachedto (2), targets (2), case (2), notification (2), direct (2), entry (2), description (2), panels (2), need (2), cancommentonissue (2), creator (2), previously (2), tier (2), additional (2), visible (2), post (2), createaccesslevel (2), unaffected (2), find (2), ancestor (2), isomorphic (2), threadmessage (2), chat (2), subsequent (2), should (2), plan (2), infrastructure (2), surfaces (2), picker (2), 982 (2), architecture (2), skip (2), wants (2), head (2), clipboard (2), quality (2), wiki (2), discussions (2), appearance (2), available (2), searches (2), repositories (2), business (2), advanced (2), developer (2), topics (2), source (2), customer (2), services (2), devops (2), app (2), perform, share, personal, information, cookies, contact, privacy, terms, inc, right, later, queued, multi, pending, been, outdated, order, valid, applying, deleted, viewing, subset, invalid, participant, successfully, merging, close, these, assigned, assignees, reviewers, join, interpreted, compiled, differently, reveals, learn, about, gab, aufloesbarem, zurueck, mutation, erlaubt, aufgeloesten, laesst, sich, mitgliedschaft, beweisen, verboten, decken, 6515433, fehlendem, griff, nur, gast, konnte, loeschen, 7a67e3f, auch, collabreadbypass, entfernten, den, ueberliessen, einschraenkung, einer, klausel, ausschliesslich, existiert, aequivalent, hat, keine, seitige, fuehrte, weglassen, des, filters, lieferte, dokumente, aller, option, neues, capability, dbadapter, supportscollaboratorsecurity, setzt, ermittelt, ueber, getadapterbyname, getadaptername, zustaendige, gated, alle, hinter, zentralen, iscollabbackendsupported, unbekanntes, unterstuetztes, greift, normale, erhalten, feature, ist, dann, inaktiv, akzeptabel, deprecated, tdd, collabspacesecurity, fuehrt, gegen, gemockte, pipeline, prueft, ausgehende, beide, backends, faellt, weg, unsupported, ausgeschlossen, gesamtes, gruen, a8bcff9, 9e09351, chore, repo, formatting, lint, conflicts, a075582, remote, upstream, mentio, july, ready, task, sharing, connected, uberf, 16493, bot, staging, hard, coded, assumes, holds, flip, implicit, behavioral, fff3873, limit, sample, templated, store, cockroach, expression, uuid, typeerror, block, swallowed, throw, broke, mentiontestws, welcome, example, 8299469, 4fc65bd, independent, parsed, violating, parsehtml, normalises, plus, renderhtml, belt, suspenders, emoji, iconned, iconwithemoji, addmentions, hung, confirms, selected, timeout, legacy, miss, stale, got, mid, collabonly, parameter, fails, strict, tsc, jest, replaced, esm, guarded, lets, throws, stay, green, 33fb480, 3f617d0, blockers, introduced, since, double, wrapped, flagged, incompatible, callsites, expect, extra, wrapper, intended, 08db50f, correct, getclasscollaborators, scaffold, patched, classhierarchymixin, isderived, uncoveredclass, reaching, early, returning, inherit, 74d2b01, permission, async, cleared, await, therefore, handleedit, awaits, drops, clears, dispatches, successful, 34bc13a, 3f3902e, preserve, cancelled, rebuilt, current, checked, txprocessor, updatedoc2doc, reflects, authored, 7cb590f, a3a7efb, logic, ones, ops, removes, diff, safely, remove, sourced, removal, deferred, rendered, stream, 650ed5e, 206d6f2, authoritative, asserts, produces, 1c8cd3e, 4b26a76, honour, move, context, knows, checkbox, unchecking, rewrites, pure, left, untouched, 49c5117, 5405d2b, choices, string, referencemarkupnode, referencenode, round, trips, e219510, e8878ac, references, backs, moved, built, object, helpers, mirroring, spec, assertion, perspective, walk, documented, needs, auth, 27d2c58, 765b2eb, persists, moves, reuse, expose, rather, internally, promise, 2227bed, 6a3ab49, lands, fallback, anything, come, silent, dead, projectspacepresenter, derive, four, else, narrowing, control, navigate, elsewhere, collection, etc, here, relaxed, touching, underlying, c76073c, 186c11e, merged, each, spacesnav, ran, resource, returned, hashed, passed, component, immediately, refactor, top, downstream, diagnostic, console, log, helped, extend, attached, reuses, lookup, works, dk3, special, 97b58bd, 7028bbe, could, url, appeared, fires, collects, unique, ids, fetches, narrowed, merges, displayed, skipped, admins, primary, everyone, surfaced, clicking, thanks, earlier, ae40806, attachedtoclass, became, saw, introduces, consistent, whenever, queried, domain_collaborator, requested, receives, row, included, visibly, affected, typically, collaborate, 51fa7ba, 592e78b, allow, collaborat, allowed, strips, foreign, database, ever, defeated, collabres, getsecurityclause, receive, though, role, joins, giving, individual, activitymessage, docupdatemessage, roles, owner, adapters, currently, implement, takes, deployments, fall, 5db9184, 51008bd, let, secured, submitting, whether, messagebox, confirmation, framing, standard, enforced, creates, scripted, replies, root, shown, ab212db, 2fd8e7f, warn, replaces, prior, branches, reply, otherwise, land, routing, dms, ad78e4e, 96a3b58, gra, imports, indirect, webpack, module, resolution, requires, json, pnpm, lock, regenerated, 7c58a56, ce41644, dependencies, able, unlocking, separate, variables, withoutinput, readonly, props, using, 7449ad0, 74ed380, separately, commentonissue, conflated, ended, enabled, permissive, blocked, restrictive, backwards, compat, alias, migrated, migrates, pairs, rejects, layer, route, around, raw, b49c7c5, 05a23bf, utils, guestpermissionsmiddleware, agnostic, triggered, targeted, models, flags, inherits, identical, zero, rules, reach, get, forbidden, try, scenario, modify, editing, oskos, ostrowo, b2ddad6, permissions, updates, lper, depth, capped, nearest, injection, actual, writes, f7b9a99, b195cb3, collaborators, sets, opting, cards, together, bbf25b6, d9f7fca, odel, mirrors, runtime, schema, follows, bare, annotation, pattern, decorators, internal, facing, locale, needed, 9135923, prop, ede2852, wire, tclasscollaborators, indicate, activity, messages, granting, disclosed, unless, itself, preserved, superpowers, plans, accompanying, wiring, fcc426f, ed889ed, dco, compliant, intentionally, squashed, traceability, squash, fine, preferred, unprivileged, intact, table, expected, lists, deployed, hosted, 423, instance, cockroachdb, specifically, exercised, live, deployment, evidence, exit, errors, validate, install, mentiongrantstrigger, mentiongrants, suite, txcreatedoc, sketch, ignores, strictly, retract, anyone, granted, removedoc, passes, values, employee, asks, confirm, dedups, union, comes, batched, marks, hides, projection, filtering, hold, edge, reachable, deep, gymnastics, cooperate, builds, generic, provider, rolling, complete, screenshots, companion, someone, supports, wires, authoring, addcollaborator, contributor, files, changed, checks, options, 785, star, fork, notifications, dismiss, alert, switched, resetting, focus, qualifiers, our, results, quickly, email, contacted, piece, very, seriously, provide, syntax, tips, clear, jump, pricing, premium, ons, powered, collections, trending, archive, program, stars, accelerator, lab, programs, fund, developers, sponsors, partners, trust, center, forum, skills, ebooks, reports, events, webinars, stories, software, topic, industries, government, manufacturing, financial, healthcare, industry, cases, devsecops, modernization, nonprofits, startups, small, medium, teams, enterprises, company, size, marketplace, changelog, blog, why, stop, leaks, start, secret, protection, secure, vulnerabilities, application, instant, dev, environments, codespaces, automate, workflow, workflows, integrate, external, tools, mcp, registry, agents, better, toggle, menu, content,


Text of the page (random words):
ntionsgrantaccess trigger ignores any reference whose grantsaccess is explicitly false v3d edit path re grants on a message edit are strictly add only a removed mention does not retract anyone s read access a previously granted user remains a collaborator until an explicit removedoc on the collaborator architecture sketch author types person reference node carries grantsaccess attr comment composer v3a server trigger applymentiongrants v3c d disclosure dialog v3b txcreatedoc collaborator add only send cancel guest postgres or branch navigator v1 doc space visible cross space what is opt in per class via classcollaborators mentionsgrantaccess true default false today only tracker class issue opts in tests suite result foundations core packages core 982 982 foundations core packages text core 19 19 new reference test ts plugins chunter resources 5 5 new mentiongrants test ts server plugins chunter resources 6 6 new mentiongrantstrigger test ts foundations server packages middleware 30 30 rush install rush build rush validate all exit 0 svelte check across tracker resources chunter resources workbench resources 0 errors live deployment evidence deployed and verified on a self hosted huly v0 7 423 instance with the cockroachdb backend specifically exercised guest user with collaborator records on issues across two projects one project where they are also a member one where they are collab only nav surfaces both with the collab only one dimmed and sub nodes hidden mention picker correctly lists their collab targets postgres or branch verified at sql level exists query against collaborator table returns the expected projects v3b dialog opens on send when the message contains an unprivileged mention cancel returns to the composer with the message intact sign off single author signed off by on every commit dco compliant 28 commits intentionally not squashed for traceability squash merge fine if preferred sorry something went wrong uh oh there was an error while loading please reload this page all reactions michaeluray added 28 commits may 30 2026 07 18 feat core add classcollaborators mentionsgrantaccess opt in flag ed889ed adds a model level boolean that classes can set alongside providesecurity to indicate that mentions in chat activity messages on docs of this class should auto create collaborator records granting the mentioned user explicit disclosed access the flag has no effect unless providesecurity is also true providesecurity itself is unchanged read visibility or branch through the spacesecurity middleware without mentionsgrantaccess todays mention is a no op silently behavior is preserved for qms and love classes step a1 of the plan in opt infrastructure docs superpowers plans 2026 05 25 huly mention grants collaborator access md the accompanying model wiring a2 tracker opt in a3 middleware veto a4 shared helper b 1 chunter trigger update b 2 and client surfaces b 1 b 2 c follow in subsequent commits refs hcengineering 10783 hcengineering 9741 signed off by michael uray michaeluray users noreply github com cherry picked from commit fcc426f signed off by michael uray michaeluray users noreply github com feat model core wire mentionsgrantaccess into tclasscollaborators m ede2852 odel class mirrors the new field in the runtime model schema follows the existing bare annotation pattern used for the other classcollaborators fields no prop decorators on this model class today field is model internal never appears in user facing labels so no intlstring or locale entries needed step a2 signed off by michael uray michaeluray users noreply github com cherry picked from commit 9135923 signed off by michael uray michaeluray users noreply github com feat tracker opt tracker class issue into collaborator grants read d9f7fca mentions grant access sets providesecurity true and mentionsgrantaccess true on the issue classcollaborators declaration this is the single class opting into the new behavior in this pr qms love cards and other classes are unaffected effect together with subsequent commits a user mentioned on an issue they are not a project member of is auto added as collaborator on the issue b 2 chunter trigger the collaborator record grants them read visibility providesecurity in spacesecurity middleware they can post comments chunter class chatmessage createaccesslevel is already guest they cannot edit issue fields a4 guestpermissions middleware veto step a3 signed off by michael uray michaeluray users noreply github com cherry picked from commit bbf25b6 signed off by michael uray michaeluray users noreply github com feat core collaborators add isomorphic resolvementiongranttarget he b195cb3 lper walks a docs attachedto chain depth capped at 8 to find the nearest ancestor whose classcollaborators has both providesecurity true and mentionsgrantaccess true returns that ancestor as the grant target or null if none isomorphic via the findall dependency injection same code used by both the server side chunter mention trigger b 2 and the client side mention warning popup c so the disclosure ux matches the actual server side grant for threadmessage mentions walks from threadmessage parent chatmessage parent issue and writes collaborator on the issue not on the thread or chat message step b 1 signed off by michael uray michaeluray users noreply github com cherry picked from commit f7b9a99 signed off by michael uray michaeluray users noreply github com feat middleware guest permissions veto field updates from collab on b2ddad6 ly guests on opt in classes adds isforbiddencollabonlyguestfieldupdate to guestpermissionsmiddleware as a class agnostic pre commit veto triggered only when the targeted class has both providesecurity true and mentionsgrantaccess true on its classcollaborators model entry tracker issue is the first opt in set in models tracker src index ts but any future class with the same flags inherits identical semantics with zero additional code semantics user accounts pass through unchanged space member guests pass through their existing rules apply guest tier accounts that are not space members but reach the doc via collaborator status providesecurity or branch in spacesecurity middleware get a forbidden when they try to txupdatedoc the doc effect for the user visible scenario in hcengineering 10783 florian mentioned on game 4 in a project he is not a member of becomes collaborator on game 4 auto via b 2 chunter trigger he gets read visibility providesecurity he can post comments chatmessage createaccesslevel guest he cannot modify game 4 status title dates this veto florian editing his own oskos 12 in ostrowo where he is a member is unaffected space members includes florian veto returns false step a4 refs hcengineering 10783 hcengineering 9741 signed off by michael uray michaeluray users noreply github com cherry picked from commit 8e825a5 signed off by michael uray michaeluray users noreply github com feat tracker utils split caneditissue into caneditissuefields can 05a23bf commentonissue previously caneditissue conflated may edit fields with may comment a guest who was collaborator on an issue ended up with all field editors enabled too permissive or when blocked lost the comment composer too too restrictive the split caneditissuefields issue field editors title status dates description returns false for any guest tier account cancommentonissue comment composer returns true for user false for readonlyguest and for guest docguest true when the user is the issues creator or listed as collaborator on the issue existing caneditissue is kept as a backwards compat alias for caneditissuefields until callers are migrated editissue svelte already migrates in the next commit b 2 pairs with the server side veto in a4 guestpermissions middleware that rejects txupdatedoc issue for collab only guests at the tx layer so a guest cannot route around this ui gate via raw api step b 1 signed off by michael uray michaeluray users noreply github com cherry picked from commit b49c7c5 signed off by michael uray michaeluray users noreply github com feat tracker editissue show comment composer separately from field 74ed380 editors editissue svelte used a single effectivereadonly flag to gate both the issue field editors title status dates description dependencies and the panels comment composer below them with the v6 split a collaborator guest must be able to comment without unlocking the editors so the two need separate variables adds cancomment alongside effectivereadonly effectivereadonly stays driven by caneditissuefields guest gets read only field editors cancomment is driven by cancommentonissue guest who is the issues creator or listed as collaborator gets the comment composer panels withoutinput now reads cancomment all field editor readonly props keep using effectivereadonly step b 2 signed off by michael uray michaeluray users noreply github com cherry picked from commit 7449ad0 signed off by michael uray michaeluray users noreply github com fix chunter resources add hcengineering text core dependency ce41644 chatmessageinput svelte imports extractreferences from text core for the mention warning popup the package was already an indirect dep via text editor resources but webpack module resolution requires it as a direct entry in package json added pnpm lock regenerated via rush update signed off by michael uray michaeluray users noreply github com cherry picked from commit 7c58a56 signed off by michael uray michaeluray users noreply github com feat chunter trigger mention grants access uses shared helper gra 96a3b58 nt target dedup replaces the prior providesecurity true guard with three explicit branches driven by resolvementiongranttarget 1 granttarget non null opt in class found via attachedto chain write collaborator records on the grant target doc with dedup against the grant targets collaborator list not the original message docs list fixes the thread reply case where the mention would otherwise land on the parent chatmessage instead of the issue 2 granttarget null targetdoc not providesecurity keep todays notification routing behavior on targetdoc channels dms 3 granttarget null targetdoc providesecurity without opt in no op preserves qms love behavior bit for bit step b 2 refs hcengineering 10783 hcengineering 9741 signed off by michael uray michaeluray users noreply github com cherry picked from commit ad78e4e signed off by michael uray michaeluray users noreply github com feat chunter chatmessageinput warn before mention auto grants issue 2fd8e7f access disclosure ux for the mention grants access flow before submitting a message containing mentions check whether the resolved grant target doc via the shared resolvementiongranttarget helper has those mentioned users in its space members list if any mention would grant new access show a messagebox warning with the actor and the names of the new grantees and require explicit confirmation important framing this is disclosure ux for the standard client not a security gate access is enforced server side by spacesecuritymiddleware the chunter trigger that creates collaborator records a scripted api client can still bypass the dialog for thread replies the grant target resolves to the root issue so the warning correctly names the project the user would gain access to not the thread for channels and other non opted in classes granttarget is null no warning shown preserves todays behavior bit for bit step c refs hcengineering 10783 hcengineering 9741 signed off by michael uray michaeluray users noreply github com cherry picked from commit ab212db signed off by michael uray michaeluray users noreply github com feat middleware spacesecurity let guests read collab secured docs a 51008bd cross spaces spacesecuritymiddleware findall pre filtered every query by the caller s allowed spaces set which always strips docs in foreign spaces before the database adapter ever sees the query that defeated the postgres adapter s collabres or branch see postgres src storage ts getsecurityclause a guest who is a collaborator on a single issue in a project they are not a member of would never receive that issue even though the adapter has the sql to surface it this change skips the middleware level space filter when the target class has classcollaborators providesecurity true or provideattachedsecurity true and the caller s role is guest or readonlyguest for those calls the postgres adapter still applies its space membership clause and additionally or joins collaborator records giving the user visibility on the individual docs they were added to directly via providesecurity or via their parent via provideattachedsecurity for activitymessage docupdatemessage all other roles user maintainer owner admin docguest system take the existing code path unchanged note for non postgres adapters the mongo adapter does not currently implement the collab or branch so this bypass only takes effect on postgres deployments the supported production target on mongo the visibility behavior is unchanged from before because there was no collab or clause to fall through to signed off by michael uray michaeluray users noreply github com cherry picked from commit 5db9184 signed off by michael uray michaeluray users noreply github com feat security allow non system callers to read their own collaborat 592e78b or records the tracker subscribed tab in the client queries findall collaborator collaborator self attachedtoclass issue to build the user s subscription list until now that query was silently filtered to spaces the user is a member of so a guest who became a collaborator on an issue in a project they are not a member of e g via the new mentions grant access flow saw an empty subscribed list this change introduces a self collaborator visibility rule consistent across the two enforcement layers foundations server packages postgres src storage ts addsecurity now appends or domain collaborator acc whenever the queried domain is domain_collaborator the user can always see their own collaborator rows foundations server packages middleware src spacesecurity ts findall skips its space pre filter when the requested class is core class collaborator selfcollabbypass so the postgres adapter actually receives the query and can apply its self row or branch other rows in the same workspace remain hidden by the space membership clause that still runs first scope applies to all non admin non system callers users included users were not visibly affected before because they are typically members of every space whose docs they collaborate on but the rule is the same you may read your own subscription rows signed off by michael uray michaeluray users noreply github com cherry picked from commit 51fa7ba signed off by michael uray michaeluray users noreply github com feat security nav list collab only spaces in workbench navigator fo ae40806 r guests a guest who is a collaborator on a doc inside a space they are not a member of e g via t...
Images from subpage: "github.com/trending" Verify
Images from subpage: "github.com/collections" Verify
Images from subpage: "github.com/features/copilot/copilot-business" Verify
Images from subpage: "github.com/enterprise/premium-support" Verify
Images from subpage: "github.com/pricing" Verify

Verified site has: 135 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
51-55 56-60 61-65 66-70 71-75 76-80 81-85 86-90 91-95 96-100
101-105 106-110 111-115 116-120 121-125 126-130 131-135


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/2 200
date Thu, 09 Jul 2026 04:31:40 GMT
content-type text/html; charset=utf-8
cache-control no-cache
content-security-policy default-src none ; base-uri self ; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src self uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net productionresultssa1.blob.core.windows.net productionresultssa2.blob.core.windows.net productionresultssa3.blob.core.windows.net productionresultssa4.blob.core.windows.net productionresultssa5.blob.core.windows.net productionresultssa6.blob.core.windows.net productionresultssa7.blob.core.windows.net productionresultssa8.blob.core.windows.net productionresultssa9.blob.core.windows.net productionresultssa10.blob.core.windows.net productionresultssa11.blob.core.windows.net productionresultssa12.blob.core.windows.net productionresultssa13.blob.core.windows.net productionresultssa14.blob.core.windows.net productionresultssa15.blob.core.windows.net productionresultssa16.blob.core.windows.net productionresultssa17.blob.core.windows.net productionresultssa18.blob.core.windows.net productionresultssa19.blob.core.windows.net github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com wss://production-copilot-host.webpubsub.azure.com; font-src github.githubassets.com; form-action self github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors none ; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src self data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com user-images.githubusercontent.com private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com explore-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src self ; media-src github.com user-images.githubusercontent.com secured-user-images.githubusercontent.com private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src unsafe-inline github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy no-referrer-when-downgrade
server-timing pull_request_layout-fragment;desc= pull_request_layout fragment ;dur=381.564669,conversation_content-fragment;desc= conversation_content fragment ;dur=998.584012,conversation_sidebar-fragment;desc= conversation_sidebar fragment ;dur=320.423013,nginx;desc= NGINX ;dur=0.523311,glb;desc= GLB ;dur=48.934345
strict-transport-security max-age=31536000; includeSubdomains; preload
vary X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Sec-Fetch-Site,Accept-Encoding, Accept, X-Requested-With
x-content-type-options nosniff
x-frame-options deny
x-voltron-version 2f68303
x-xss-protection 0
server github.com
content-encoding gzip
accept-ranges bytes
set-cookie _gh_sess=n6t6ZhO4hO0umM5s71Q0%2BxbbLyxXcL96Jy5vvuqQKjsRS6RxrX1p0Vzotcf5lPtBnC1r8SdO5XyvZG8JFvtt0txKsuNGuw%2BfTbAnu2EAJfC%2FofUTvEOVue1XMO9JcIu4%2BnrvpiPM7uYZlr7%2Fl7uL0ytmZfjC5ltniYt4ffVrlHUIHLsw9PZNlYCLnKUGi2b7556InsMwSwwQ7sgl6pg3lFAP1%2B%2F9iNhYNMTdcyvDHJ8akjCyCwMRbp73C7GXAjTm5kJ3FHWmcxthzh5R8WWIXg%3D%3D--QjRDMWwbw3keryE%2B--4juPDjsQHE8MW3jxoygjoQ%3D%3D; path=/; HttpOnly; secure; SameSite=Lax
set-cookie _octo=GH1.1.172338201.1783571499; expires=Fri, 09 Jul 2027 04:31:39 GMT; domain=.github.com; path=/; secure; SameSite=Lax
set-cookie logged_in=no; expires=Fri, 09 Jul 2027 04:31:39 GMT; domain=.github.com; path=/; HttpOnly; secure; SameSite=Lax
x-github-request-id A59C:1B261C:75840D4:5D50704:6A4F242B

Meta Tags

title="Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform · GitHub"
charset="utf-8"
name="route-pattern" content="/_view_fragments/voltron/pull_requests/show/:user_id/:repository/:id/pull_request_layout(.:format)" data-turbo-transient
name="route-controller" content="voltron_pull_requests_fragments" data-turbo-transient
name="route-action" content="pull_request_layout" data-turbo-transient
name="fetch-nonce" content="v2:8ddd99da-ab9f-96b9-31f1-36420b53e397"
name="current-catalog-service-hash" content="ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b"
name="request-id" content="A59C:1B261C:75840D4:5D50704:6A4F242B" data-pjax-transient="true"
name="html-safe-nonce" content="163b8872c27ab518a4f14ac98b2ad22fec979de98a53787f66ddb269f15b7242" data-pjax-transient="true"
name="visitor-payload" content="eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBNTlDOjFCMjYxQzo3NTg0MEQ0OjVENTA3MDQ6NkE0RjI0MkIiLCJ2aXNpdG9yX2lkIjoiNzQwMTg2OTM4OTMwMDQ1OTk1IiwicmVnaW9uX2VkZ2UiOiJmcmEiLCJyZWdpb25fcmVuZGVyIjoiZnJhIn0=" data-pjax-transient="true"
name="visitor-hmac" content="04f3bcdbc6662a7247fc1dadc5f32a12bb6cca8de5955f4b2f62725f43dcca14" data-pjax-transient="true"
name="hovercard-subject-tag" content="pull_request:3773514492" data-turbo-transient
name="github-keyboard-shortcuts" content="repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot" data-turbo-transient="true"
name="selected-link" value="repo_pulls" data-turbo-transient
name="google-site-verification" content="Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I"
name="octolytics-url" content="htt????/collector.github.com/github/collect"
name="analytics-location" content="/<user-name>/<repo-name>/voltron/pull_requests_fragments/pull_request_layout" data-turbo-transient="true"
name="user-login" content=""
name="viewport" content="width=device-width"
name="description" content="Huly — All-in-One Project Management Platform (alternative to Linear, Jira, Slack, Notion, Motion) - Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform"
property="fb:app_id" content="1401488693436528"
name="apple-itunes-app" content="app-id=1477376905, app-argument=htt????/github.com/_view_fragments/voltron/pull_requests/show/hcengineering/platform/10895/pull_request_layout"
name="twitter:image" content="htt????/opengraph.githubassets.com/639a8a270d7b08795349dc2b6af142ee8f3f83b5590b65bccec0acbabe1169c4/hcengineering/platform/pull/10895"
name="twitter:site" content="@github"
name="twitter:card" content="summary_large_image"
name="twitter:title" content="Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform"
name="twitter:description" content="Mention-grants: Collaborator-based cross-space access for @-mentions When a user @-mentions someone on a doc whose class is opted into mentions-grant-access, that mentioned account should gain read..."
property="og:image" content="htt????/opengraph.githubassets.com/639a8a270d7b08795349dc2b6af142ee8f3f83b5590b65bccec0acbabe1169c4/hcengineering/platform/pull/10895"
property="og:image:alt" content="Mention-grants: Collaborator-based cross-space access for @-mentions When a user @-mentions someone on a doc whose class is opted into mentions-grant-access, that mentioned account should gain read..."
property="og:image:width" content="1200"
property="og:image:height" content="600"
property="og:site_name" content="GitHub"
property="og:type" content="object"
property="og:title" content="Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform"
property="og:url" content="htt????/github.com/hcengineering/platform/pull/10895"
property="og:description" content="Mention-grants: Collaborator-based cross-space access for @-mentions When a user @-mentions someone on a doc whose class is opted into mentions-grant-access, that mentioned account should gain read..."
property="og:author:username" content="MichaelUray"
name="hostname" content="github.com"
name="expected-hostname" content="github.com"
http-equiv="x-pjax-version" content="6b4850b2bbb7f12030fa5ae77c125244b45c89152f51ead1ecb3fb7307e6d23a" data-turbo-track="reload"
http-equiv="x-pjax-csp-version" content="cb4cffb7c023f774818cf728eb860debf1fc8ecf88a20487b238da276df1eb7d" data-turbo-track="reload"
http-equiv="x-pjax-css-version" content="4d9a16ea192005dcfb7768f5f88d061247a68408f3c0760a57b6c82c8791034d" data-turbo-track="reload"
http-equiv="x-pjax-js-version" content="b92d11c0aa4a77d54ef4af1078b6a15fb5a70a215b30c4ecf28889d5a8e656d9" data-turbo-track="reload"
name="turbo-cache-control" content="no-preview" data-turbo-transient=""
name="turbo-cache-control" content="no-cache" data-turbo-transient
data-hydrostats="publish"
name="go-import" content="github.com/hcengineering/platform git htt????/github.com/hcengineering/platform.git"
name="octolytics-dimension-user_id" content="87086734"
name="octolytics-dimension-user_login" content="hcengineering"
name="octolytics-dimension-repository_id" content="392073243"
name="octolytics-dimension-repository_nwo" content="hcengineering/platform"
name="octolytics-dimension-repository_public" content="true"
name="octolytics-dimension-repository_is_fork" content="false"
name="octolytics-dimension-repository_network_root_id" content="392073243"
name="octolytics-dimension-repository_network_root_nwo" content="hcengineering/platform"
name="robots" content="noindex, nofollow"
name="turbo-body-classes" content="logged-out env-production page-responsive"
name="disable-turbo" content="false"
name="browser-stats-url" content="htt????/api.github.com/_private/browser/stats"
name="browser-errors-url" content="htt????/api.github.com/_private/browser/errors"
name="release" content="2b8f23afb982271f1b22258a94aede67a6b77760" data-turbo-track="reload"
name="ui-target" content="full"
name="theme-color" content="#1e2327"
name="color-scheme" content="light dark"

Load Info

page size88034
load time (s)1.193871
redirect count0
speed download73792
server IP 140.82.121.4
* all occurrences of the string "http://" have been changed to "htt???/"