If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: github.com/hcengineering/platform/pull/10895 - Mention-grants: Collaborator-b.

site address: github.com/hcengineering/platform/pull/10895 redirected to: github.com/hcengineering/platform/pull/10895

site title: Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform · GitHub

Our opinion (on Wednesday 08 July 2026 16:30:39 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=Huly — All-in-One Project Management Platform (alternative to Linear, Jira, Slack, Notion, Motion) - Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform;

Headings (most frequently used words):

uh, oh, mention, huly, grants, collaborator, based, cross, space, access, for, mentions, to, saved, searches, navigation, platform, michaeluray, feat, what, this, footer, commented, may, 30, 2026, loading, search, code, repositories, users, issues, pull, requests, provide, feedback, 10895, menu, use, filter, your, results, more, quickly, 10895michaeluray, wants, merge, 33, commits, intohcengineering, develophcengineering, developfrom, grantsmichaeluray, grantscopy, head, branch, name, clipboard, conversation, builds, architecture, sketch, is, opt, in, tests, live, deployment, evidence, sign, off, edited, there, was, an, error, while, please, reload, page, github, staging, bot, reviewers, assignees, labels, projects, milestone, development, participant,

Text of the page (most frequently used words):
the (256), #github (70), michaeluray (70), signed (62), users (62), off (60), space (59), michael (58), uray (58), noreply (58), com (58), collaborator (58), and (56), for (52), only (42), from (41), class (37), mention (36), this (35), collab (35), commit (31), that (30), not (30), issue (28), with (28), guest (27), grants (26), grant (26), cherry (25), picked (25), new (25), user (25), via (23), tracker (23), access (23), member (23), true (22), feat (22), middleware (21), projects (20), mentions (18), hcengineering (18), are (18), they (18), issues (17), doc (17), postgres (17), branch (17), all (17), when (17), chunter (17), providesecurity (17), can (16), docs (16), code (16), filter (16), spaces (16), trigger (16), server (16), security (15), comment (15), fix (15), members (15), project (15), add (14), false (14), read (14), core (14), into (14), huly (14), opt (14), disclosure (14), non (14), resources (14), message (14), any (14), existing (13), query (13), test (13), src (13), now (12), has (12), adapter (12), null (12), self (12), visibility (12), cannot (11), applied (11), may (11), undefined (11), svelte (11), dialog (11), but (11), was (10), already (10), cross (10), foundations (10), packages (10), classcollaborators (10), mentionsgrantaccess (10), grantsaccess (10), send (10), edit (10), your (10), caller (10), you (9), pull (9), text (9), veto (9), findall (9), reference (9), added (9), components (9), guests (9), sub (9), against (9), navigator (9), before (9), records (9), model (9), target (9), step (9), field (9), platform (9), 2026 (8), while (8), change (8), per (8), reload (8), open (8), commits (8), mentioned (8), ref (8), pre (8), side (8), nav (8), who (8), its (8), classes (8), suggestion (7), check (7), suggestions (7), merge (7), die (7), guard (7), explicit (7), level (7), v3b (7), which (7), workbench (7), still (7), client (7), them (7), tree (7), see (7), same (7), spacesecurity (7), view (7), composer (7), please (6), request (6), single (6), because (6), there (6), loading (6), page (6), sign (6), tests (6), storage (6), backend (6), mongo (6), bypass (6), develop (6), copy (6), sees (6), node (6), without (6), game (6), helper (6), popup (6), path (6), use (6), actually (6), both (6), system (6), update (6), set (6), every (6), unchanged (6), plugins (6), where (6), list (6), their (6), other (6), behavior (6), editors (6), returns (6), enterprise (6), status (5), one (5), changes (5), were (5), error (5), hidden (5), review (5), nicht (5), txupdatedoc (5), domain (5), nodes (5), today (5), milestones (5), templates (5), those (5), person (5), auto (5), iscollabonlyproject (5), reactive (5), important (5), through (5), v3c (5), flow (5), author (5), dedup (5), adds (5), shared (5), whose (5), surface (5), record (5), follow (5), tooltip (5), does (5), empty (5), then (5), readonlyguest (5), effect (5), would (5), warning (5), 10783 (5), search (5), time (4), community (4), navigation (4), closed (4), show (4), what (4), editor (4), fail (4), return (4), das (4), und (4), addsecurity (4), flag (4), package (4), carries (4), future (4), silently (4), hide (4), dependency (4), attribute (4), default (4), explicitly (4), also (4), session (4), used (4), types (4), v3d (4), correctly (4), grantee (4), never (4), skips (4), preserves (4), across (4), membership (4), inside (4), three (4), filtered (4), florian (4), listed (4), reads (4), admin (4), accounts (4), tab (4), own (4), callers (4), parent (4), thread (4), granttarget (4), bit (4), refs (4), 9741 (4), chatmessage (4), rush (4), effectivereadonly (4), caneditissuefields (4), cancel (4), based (4), support (4), back (3), line (3), comments (3), resolved (3), must (3), create (3), supported (3), batch (3), none (3), account (3), conversation (3), characters (3), contains (3), unicode (3), appears (3), isforbiddencollabonlyguestfieldupdate (3), bei (3), guestpermissions (3), opted (3), txremovedoc (3), write (3), spacesecuritymiddleware (3), spacecollabbypass (3), einem (3), apply (3), after (3), wrong (3), link (3), will (3), scope (3), did (3), found (3), workspace (3), blocker (3), instead (3), public (3), type (3), removed (3), pass (3), unit (3), v3a (3), activeclasses (3), cast (3), walks (3), getancestors (3), draft (3), input (3), unsent (3), actor (3), denied (3), uses (3), stays (3), second (3), work (3), isprojectjoined (3), render (3), end (3), entries (3), down (3), keep (3), chain (3), opts (3), provideattachedsecurity (3), out (3), verified (3), subscribed (3), containing (3), layers (3), exists (3), _id (3), becomes (3), rule (3), alongside (3), semantics (3), build (3), until (3), two (3), rows (3), clause (3), sql (3), resolvementiongranttarget (3), gate (3), todays (3), driven (3), targetdoc (3), qms (3), love (3), editissue (3), title (3), dates (3), split (3), cancomment (3), gets (3), caneditissue (3), fields (3), too (3), name (3), 10895 (3), insights (3), actions (3), requests (3), settings (3), another (3), window (3), refresh (3), saved (3), documentation (3), feedback (3), grade (3), features (3), copilot (3), solutions (3), explore (3), action (2), manage (2), footer (2), reviews (2), marked (2), lines (2), made (2), development (2), milestone (2), yet (2), labels (2), have (2), free (2), file (2), bidirectional (2), than (2), below (2), more (2), ohne (2), jetzt (2), regression (2), ein (2), deckt (2), drei (2), bypaesse (2), selfcollabbypass (2), auf (2), leak (2), eine (2), der (2), adaptermanager (2), fuer (2), bleibt (2), kein (2), fixes (2), tracking (2), sorry (2), something (2), went (2), reactions (2), markdown (2), commented (2), updatespecials (2), extends (2), views (2), next (2), note (2), array (2), includes (2), threw (2), leaving (2), badge (2), design (2), address (2), findings (2), tiptap (2), emits (2), data (2), dimmed (2), opacity (2), sanity (2), fire (2), specials (2), tracks (2), dep (2), require (2), include (2), import (2), applymentiongrantchoices (2), attrs (2), derived (2), typeof (2), drop (2), 64105d1 (2), covered (2), hierarchy (2), uncovered (2), ancestors (2), production (2), style (2), stub (2), matches (2), intent (2), 8e825a5 (2), onmessage (2), handlecreate (2), cancelling (2), lost (2), boolean (2), submit (2), onchatmessageupdated (2), kept (2), original (2), modifiedby (2), applymentiongrants (2), chuntertrigger (2), nothing (2), runs (2), edited (2), state (2), provenance (2), revoke (2), creation (2), enforcement (2), decision (2), grantees (2), shows (2), markup (2), wins (2), extractreferences (2), keeps (2), attr (2), done (2), dim (2), icon (2), intlstring (2), resolves (2), queries (2), visibleif (2), remains (2), scoped (2), fetched (2), result (2), declaration (2), track (2), index (2), his (2), remain (2), directly (2), acc (2), domain_space (2), hosting (2), naming (2), readable (2), opens (2), subscription (2), appends (2), always (2), first (2), applies (2), even (2), calls (2), additionally (2), maintainer (2), docguest (2), take (2), names (2), api (2), gain (2), channels (2), chatmessageinput (2), attachedto (2), targets (2), case (2), notification (2), direct (2), entry (2), description (2), panels (2), need (2), cancommentonissue (2), creator (2), previously (2), tier (2), additional (2), visible (2), post (2), createaccesslevel (2), unaffected (2), find (2), ancestor (2), isomorphic (2), threadmessage (2), chat (2), subsequent (2), should (2), plan (2), infrastructure (2), surfaces (2), picker (2), 982 (2), architecture (2), skip (2), wants (2), head (2), clipboard (2), quality (2), wiki (2), discussions (2), appearance (2), available (2), searches (2), repositories (2), business (2), advanced (2), developer (2), topics (2), source (2), customer (2), services (2), devops (2), app (2), perform, share, personal, information, cookies, contact, privacy, terms, inc, right, later, queued, multi, pending, been, outdated, order, valid, applying, deleted, viewing, subset, invalid, participant, successfully, merging, close, these, assigned, assignees, reviewers, join, interpreted, compiled, differently, reveals, learn, about, gab, aufloesbarem, zurueck, mutation, erlaubt, aufgeloesten, laesst, sich, mitgliedschaft, beweisen, verboten, decken, 6515433, fehlendem, griff, nur, gast, konnte, loeschen, 7a67e3f, auch, collabreadbypass, entfernten, den, ueberliessen, einschraenkung, einer, klausel, ausschliesslich, existiert, aequivalent, hat, keine, seitige, fuehrte, weglassen, des, filters, lieferte, dokumente, aller, option, neues, capability, dbadapter, supportscollaboratorsecurity, setzt, ermittelt, ueber, getadapterbyname, getadaptername, zustaendige, gated, alle, hinter, zentralen, iscollabbackendsupported, unbekanntes, unterstuetztes, greift, normale, erhalten, feature, ist, dann, inaktiv, akzeptabel, deprecated, tdd, collabspacesecurity, fuehrt, gegen, gemockte, pipeline, prueft, ausgehende, beide, backends, faellt, weg, unsupported, ausgeschlossen, gesamtes, gruen, a8bcff9, 9e09351, chore, repo, formatting, lint, conflicts, a075582, remote, upstream, mentio, july, ready, task, sharing, connected, uberf, 16493, bot, staging, hard, coded, assumes, holds, flip, implicit, behavioral, fff3873, limit, sample, templated, store, cockroach, expression, uuid, typeerror, block, swallowed, throw, broke, mentiontestws, welcome, example, 8299469, 4fc65bd, independent, parsed, violating, parsehtml, normalises, plus, renderhtml, belt, suspenders, emoji, iconned, iconwithemoji, addmentions, hung, confirms, selected, timeout, legacy, miss, stale, got, mid, collabonly, parameter, fails, strict, tsc, jest, replaced, esm, guarded, lets, throws, stay, green, 33fb480, 3f617d0, blockers, introduced, since, double, wrapped, flagged, incompatible, callsites, expect, extra, wrapper, intended, 08db50f, correct, getclasscollaborators, scaffold, patched, classhierarchymixin, isderived, uncoveredclass, reaching, early, returning, inherit, 74d2b01, permission, async, cleared, await, therefore, handleedit, awaits, drops, clears, dispatches, successful, 34bc13a, 3f3902e, preserve, cancelled, rebuilt, current, checked, txprocessor, updatedoc2doc, reflects, authored, 7cb590f, a3a7efb, logic, ones, ops, removes, diff, safely, remove, sourced, removal, deferred, rendered, stream, 650ed5e, 206d6f2, authoritative, asserts, produces, 1c8cd3e, 4b26a76, honour, move, context, knows, checkbox, unchecking, rewrites, pure, left, untouched, 49c5117, 5405d2b, choices, string, referencemarkupnode, referencenode, round, trips, e219510, e8878ac, references, backs, moved, built, object, helpers, mirroring, spec, assertion, perspective, walk, documented, needs, auth, 27d2c58, 765b2eb, persists, moves, reuse, expose, rather, internally, promise, 2227bed, 6a3ab49, lands, fallback, anything, come, silent, dead, projectspacepresenter, derive, four, else, narrowing, control, navigate, elsewhere, collection, etc, here, relaxed, touching, underlying, c76073c, 186c11e, merged, each, spacesnav, ran, resource, returned, hashed, passed, component, immediately, refactor, top, downstream, diagnostic, console, log, helped, extend, attached, reuses, lookup, works, dk3, special, 97b58bd, 7028bbe, could, url, appeared, fires, collects, unique, ids, fetches, narrowed, merges, displayed, skipped, admins, primary, everyone, surfaced, clicking, thanks, earlier, ae40806, attachedtoclass, became, saw, introduces, consistent, whenever, queried, domain_collaborator, requested, receives, row, included, visibly, affected, typically, collaborate, 51fa7ba, 592e78b, allow, collaborat, allowed, strips, foreign, database, ever, defeated, collabres, getsecurityclause, receive, though, role, joins, giving, individual, activitymessage, docupdatemessage, roles, owner, adapters, currently, implement, takes, deployments, fall, 5db9184, 51008bd, let, secured, submitting, whether, messagebox, confirmation, framing, standard, enforced, creates, scripted, replies, root, shown, ab212db, 2fd8e7f, warn, replaces, prior, branches, reply, otherwise, land, routing, dms, ad78e4e, 96a3b58, gra, imports, indirect, webpack, module, resolution, requires, json, pnpm, lock, regenerated, 7c58a56, ce41644, dependencies, able, unlocking, separate, variables, withoutinput, readonly, props, using, 7449ad0, 74ed380, separately, commentonissue, conflated, ended, enabled, permissive, blocked, restrictive, backwards, compat, alias, migrated, migrates, pairs, rejects, layer, route, around, raw, b49c7c5, 05a23bf, utils, guestpermissionsmiddleware, agnostic, triggered, targeted, models, flags, inherits, identical, zero, rules, reach, get, forbidden, try, scenario, modify, editing, oskos, ostrowo, b2ddad6, permissions, updates, lper, depth, capped, nearest, injection, actual, writes, f7b9a99, b195cb3, collaborators, sets, opting, cards, together, bbf25b6, d9f7fca, odel, mirrors, runtime, schema, follows, bare, annotation, pattern, decorators, internal, facing, locale, needed, 9135923, prop, ede2852, wire, tclasscollaborators, indicate, activity, messages, granting, disclosed, unless, itself, preserved, superpowers, plans, accompanying, wiring, fcc426f, ed889ed, dco, compliant, intentionally, squashed, traceability, squash, fine, preferred, unprivileged, intact, table, expected, lists, deployed, hosted, 423, instance, cockroachdb, specifically, exercised, live, deployment, evidence, exit, errors, validate, install, mentiongrantstrigger, mentiongrants, suite, txcreatedoc, sketch, ignores, strictly, retract, anyone, granted, removedoc, passes, values, employee, asks, confirm, dedups, union, comes, batched, marks, hides, projection, filtering, hold, edge, reachable, deep, gymnastics, cooperate, builds, generic, provider, rolling, complete, screenshots, companion, someone, supports, wires, authoring, addcollaborator, files, changed, checks, options, 784, star, fork, notifications, dismiss, alert, switched, resetting, focus, qualifiers, our, results, quickly, email, contacted, piece, very, seriously, provide, syntax, tips, clear, jump, pricing, premium, ons, powered, collections, trending, archive, program, stars, accelerator, lab, programs, fund, developers, sponsors, partners, trust, center, forum, skills, ebooks, reports, events, webinars, stories, software, topic, industries, government, manufacturing, financial, healthcare, industry, cases, devsecops, modernization, nonprofits, startups, small, medium, teams, enterprises, company, size, marketplace, changelog, blog, why, stop, leaks, start, secret, protection, secure, vulnerabilities, application, instant, dev, environments, codespaces, automate, workflow, workflows, integrate, external, tools, mcp, registry, agents, better, toggle, menu, content,


Text of the page (random words):
on dismiss alert message uh oh there was an error while loading please reload this page hcengineering platform public notifications you must be signed in to change notification settings fork 2k star 26 8k code issues 784 pull requests 63 discussions actions projects wiki security and quality 0 insights additional navigation options code issues pull requests discussions actions projects wiki security and quality insights mention grants collaborator based cross space access for mentions 10895 open michaeluray wants to merge 33 commits into hcengineering develop hcengineering platform develop from michaeluray feat huly mention grants michaeluray huly platform feat huly mention grants copy head branch name to clipboard conversation commits 33 33 checks files changed open mention grants collaborator based cross space access for mentions 10895 michaeluray wants to merge 33 commits into hcengineering develop hcengineering platform develop from michaeluray feat huly mention grants michaeluray huly platform feat huly mention grants copy head branch name to clipboard conversation michaeluray commented may 30 2026 edited loading uh oh there was an error while loading please reload this page copy link copy markdown mention grants collaborator based cross space access for mentions when a user mentions someone on a doc whose class is opted into mentions grant access that mentioned account should gain read access to the doc even if they are not a member of the doc s containing space this is the cross space access path that today s collaborator infrastructure already supports for explicit addcollaborator calls this pr wires it up to the mention authoring flow with an opt in disclosure dialog companion docs hcengineering huly docs 72 draft text complete screenshots will be added in a follow up commit on the same branch scope tracker class issue is the only class that opts in today via mentionsgrantaccess true the architecture is generic any classcollaborators provider can opt in but rolling it out to other classes is an explicit follow up decision per class what this builds v1 cross space space visibility for guests guests who hold a collaborator edge to a doc inside a space they are not a member of need that space to surface in their navigator so the doc is reachable without deep link gymnastics three layers cooperate foundations server packages middleware src spacesecurity ts skip the middleware level space pre filter for guest readonlyguest reads of space derived classes spacecollabbypass the postgres adapter then does the filtering at sql level foundations server packages postgres src storage ts addsecurity appends an or exists collaborator where space domain _id and collaborator caller branch for guest reads on domain_space a space hosting any collaborator record naming the caller becomes readable self collaborator visibility for non admin non system callers is added in the same change plugins workbench resources src components navigator svelte client side union of member spaces collab spaces the collab spaces set comes from findall collaborator collaborator self with projection space 1 then a batched findall space _id in tracker s per project tree marks collab only projects with a dim icon tooltip shared with you and hides non issues sub views components milestones templates because they would render empty for a collab only guest v3 send time disclosure for mentions when the author types person the picker passes the user intent into a markup attribute on the reference node grantsaccess values true false undefined on send if the message contains any reference with grantsaccess false and the mentioned employee is not already a member of the doc s space a disclosure dialog asks the author to confirm per grantee the server trigger additionally dedups against existing collaborator records so the dialog may surface for a user who already has the grant the trigger then emits no new tx cancelling the dialog preserves the unsent comment v3c server filter mentionsgrantaccess trigger ignores any reference whose grantsaccess is explicitly false v3d edit path re grants on a message edit are strictly add only a removed mention does not retract anyone s read access a previously granted user remains a collaborator until an explicit removedoc on the collaborator architecture sketch author types person reference node carries grantsaccess attr comment composer v3a server trigger applymentiongrants v3c d disclosure dialog v3b txcreatedoc collaborator add only send cancel guest postgres or branch navigator v1 doc space visible cross space what is opt in per class via classcollaborators mentionsgrantaccess true default false today only tracker class issue opts in tests suite result foundations core packages core 982 982 foundations core packages text core 19 19 new reference test ts plugins chunter resources 5 5 new mentiongrants test ts server plugins chunter resources 6 6 new mentiongrantstrigger test ts foundations server packages middleware 30 30 rush install rush build rush validate all exit 0 svelte check across tracker resources chunter resources workbench resources 0 errors live deployment evidence deployed and verified on a self hosted huly v0 7 423 instance with the cockroachdb backend specifically exercised guest user with collaborator records on issues across two projects one project where they are also a member one where they are collab only nav surfaces both with the collab only one dimmed and sub nodes hidden mention picker correctly lists their collab targets postgres or branch verified at sql level exists query against collaborator table returns the expected projects v3b dialog opens on send when the message contains an unprivileged mention cancel returns to the composer with the message intact sign off single author signed off by on every commit dco compliant 28 commits intentionally not squashed for traceability squash merge fine if preferred sorry something went wrong uh oh there was an error while loading please reload this page all reactions michaeluray added 28 commits may 30 2026 07 18 feat core add classcollaborators mentionsgrantaccess opt in flag ed889ed adds a model level boolean that classes can set alongside providesecurity to indicate that mentions in chat activity messages on docs of this class should auto create collaborator records granting the mentioned user explicit disclosed access the flag has no effect unless providesecurity is also true providesecurity itself is unchanged read visibility or branch through the spacesecurity middleware without mentionsgrantaccess todays mention is a no op silently behavior is preserved for qms and love classes step a1 of the plan in opt infrastructure docs superpowers plans 2026 05 25 huly mention grants collaborator access md the accompanying model wiring a2 tracker opt in a3 middleware veto a4 shared helper b 1 chunter trigger update b 2 and client surfaces b 1 b 2 c follow in subsequent commits refs hcengineering 10783 hcengineering 9741 signed off by michael uray michaeluray users noreply github com cherry picked from commit fcc426f signed off by michael uray michaeluray users noreply github com feat model core wire mentionsgrantaccess into tclasscollaborators m ede2852 odel class mirrors the new field in the runtime model schema follows the existing bare annotation pattern used for the other classcollaborators fields no prop decorators on this model class today field is model internal never appears in user facing labels so no intlstring or locale entries needed step a2 signed off by michael uray michaeluray users noreply github com cherry picked from commit 9135923 signed off by michael uray michaeluray users noreply github com feat tracker opt tracker class issue into collaborator grants read d9f7fca mentions grant access sets providesecurity true and mentionsgrantaccess true on the issue classcollaborators declaration this is the single class opting into the new behavior in this pr qms love cards and other classes are unaffected effect together with subsequent commits a user mentioned on an issue they are not a project member of is auto added as collaborator on the issue b 2 chunter trigger the collaborator record grants them read visibility providesecurity in spacesecurity middleware they can post comments chunter class chatmessage createaccesslevel is already guest they cannot edit issue fields a4 guestpermissions middleware veto step a3 signed off by michael uray michaeluray users noreply github com cherry picked from commit bbf25b6 signed off by michael uray michaeluray users noreply github com feat core collaborators add isomorphic resolvementiongranttarget he b195cb3 lper walks a docs attachedto chain depth capped at 8 to find the nearest ancestor whose classcollaborators has both providesecurity true and mentionsgrantaccess true returns that ancestor as the grant target or null if none isomorphic via the findall dependency injection same code used by both the server side chunter mention trigger b 2 and the client side mention warning popup c so the disclosure ux matches the actual server side grant for threadmessage mentions walks from threadmessage parent chatmessage parent issue and writes collaborator on the issue not on the thread or chat message step b 1 signed off by michael uray michaeluray users noreply github com cherry picked from commit f7b9a99 signed off by michael uray michaeluray users noreply github com feat middleware guest permissions veto field updates from collab on b2ddad6 ly guests on opt in classes adds isforbiddencollabonlyguestfieldupdate to guestpermissionsmiddleware as a class agnostic pre commit veto triggered only when the targeted class has both providesecurity true and mentionsgrantaccess true on its classcollaborators model entry tracker issue is the first opt in set in models tracker src index ts but any future class with the same flags inherits identical semantics with zero additional code semantics user accounts pass through unchanged space member guests pass through their existing rules apply guest tier accounts that are not space members but reach the doc via collaborator status providesecurity or branch in spacesecurity middleware get a forbidden when they try to txupdatedoc the doc effect for the user visible scenario in hcengineering 10783 florian mentioned on game 4 in a project he is not a member of becomes collaborator on game 4 auto via b 2 chunter trigger he gets read visibility providesecurity he can post comments chatmessage createaccesslevel guest he cannot modify game 4 status title dates this veto florian editing his own oskos 12 in ostrowo where he is a member is unaffected space members includes florian veto returns false step a4 refs hcengineering 10783 hcengineering 9741 signed off by michael uray michaeluray users noreply github com cherry picked from commit 8e825a5 signed off by michael uray michaeluray users noreply github com feat tracker utils split caneditissue into caneditissuefields can 05a23bf commentonissue previously caneditissue conflated may edit fields with may comment a guest who was collaborator on an issue ended up with all field editors enabled too permissive or when blocked lost the comment composer too too restrictive the split caneditissuefields issue field editors title status dates description returns false for any guest tier account cancommentonissue comment composer returns true for user false for readonlyguest and for guest docguest true when the user is the issues creator or listed as collaborator on the issue existing caneditissue is kept as a backwards compat alias for caneditissuefields until callers are migrated editissue svelte already migrates in the next commit b 2 pairs with the server side veto in a4 guestpermissions middleware that rejects txupdatedoc issue for collab only guests at the tx layer so a guest cannot route around this ui gate via raw api step b 1 signed off by michael uray michaeluray users noreply github com cherry picked from commit b49c7c5 signed off by michael uray michaeluray users noreply github com feat tracker editissue show comment composer separately from field 74ed380 editors editissue svelte used a single effectivereadonly flag to gate both the issue field editors title status dates description dependencies and the panels comment composer below them with the v6 split a collaborator guest must be able to comment without unlocking the editors so the two need separate variables adds cancomment alongside effectivereadonly effectivereadonly stays driven by caneditissuefields guest gets read only field editors cancomment is driven by cancommentonissue guest who is the issues creator or listed as collaborator gets the comment composer panels withoutinput now reads cancomment all field editor readonly props keep using effectivereadonly step b 2 signed off by michael uray michaeluray users noreply github com cherry picked from commit 7449ad0 signed off by michael uray michaeluray users noreply github com fix chunter resources add hcengineering text core dependency ce41644 chatmessageinput svelte imports extractreferences from text core for the mention warning popup the package was already an indirect dep via text editor resources but webpack module resolution requires it as a direct entry in package json added pnpm lock regenerated via rush update signed off by michael uray michaeluray users noreply github com cherry picked from commit 7c58a56 signed off by michael uray michaeluray users noreply github com feat chunter trigger mention grants access uses shared helper gra 96a3b58 nt target dedup replaces the prior providesecurity true guard with three explicit branches driven by resolvementiongranttarget 1 granttarget non null opt in class found via attachedto chain write collaborator records on the grant target doc with dedup against the grant targets collaborator list not the original message docs list fixes the thread reply case where the mention would otherwise land on the parent chatmessage instead of the issue 2 granttarget null targetdoc not providesecurity keep todays notification routing behavior on targetdoc channels dms 3 granttarget null targetdoc providesecurity without opt in no op preserves qms love behavior bit for bit step b 2 refs hcengineering 10783 hcengineering 9741 signed off by michael uray michaeluray users noreply github com cherry picked from commit ad78e4e signed off by michael uray michaeluray users noreply github com feat chunter chatmessageinput warn before mention auto grants issue 2fd8e7f access disclosure ux for the mention grants access flow before submitting a message containing mentions check whether the resolved grant target doc via the shared resolvementiongranttarget helper has those mentioned users in its space members list if any mention would grant new access show a messagebox warning with the actor and the names of the new grantees and require explicit confirmation important framing this is disclosure ux for the s...
Thumbnail images (randomly selected): * Images may be subject to copyright.GREEN status (no comments)
  • @MichaelUray
  • @MichaelUray
  • @MichaelUray
  • @huly-github-staging
  • @MichaelUray
  • @MichaelUray

Verified site has: 135 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
51-55 56-60 61-65 66-70 71-75 76-80 81-85 86-90 91-95 96-100
101-105 106-110 111-115 116-120 121-125 126-130 131-135


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/1.1 301 Moved Permanently
Content-Length 0
Location htt????/github.com/hcengineering/platform/pull/10895
connection close
HTTP/2 200
date Wed, 08 Jul 2026 16:30:39 GMT
content-type text/html; charset=utf-8
cache-control no-cache
content-security-policy default-src none ; base-uri self ; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src self uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net productionresultssa1.blob.core.windows.net productionresultssa2.blob.core.windows.net productionresultssa3.blob.core.windows.net productionresultssa4.blob.core.windows.net productionresultssa5.blob.core.windows.net productionresultssa6.blob.core.windows.net productionresultssa7.blob.core.windows.net productionresultssa8.blob.core.windows.net productionresultssa9.blob.core.windows.net productionresultssa10.blob.core.windows.net productionresultssa11.blob.core.windows.net productionresultssa12.blob.core.windows.net productionresultssa13.blob.core.windows.net productionresultssa14.blob.core.windows.net productionresultssa15.blob.core.windows.net productionresultssa16.blob.core.windows.net productionresultssa17.blob.core.windows.net productionresultssa18.blob.core.windows.net productionresultssa19.blob.core.windows.net github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com wss://production-copilot-host.webpubsub.azure.com; font-src github.githubassets.com; form-action self github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors none ; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src self data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com user-images.githubusercontent.com private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com explore-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src self ; media-src github.com user-images.githubusercontent.com secured-user-images.githubusercontent.com private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src unsafe-inline github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy no-referrer-when-downgrade
server-timing pull_request_layout-fragment;desc= pull_request_layout fragment ;dur=396.786992,conversation_content-fragment;desc= conversation_content fragment ;dur=837.778069,conversation_sidebar-fragment;desc= conversation_sidebar fragment ;dur=346.924396,nginx;desc= NGINX ;dur=0.86584,glb;desc= GLB ;dur=46.922838
strict-transport-security max-age=31536000; includeSubdomains; preload
vary X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Sec-Fetch-Site,Accept-Encoding, Accept, X-Requested-With
x-content-type-options nosniff
x-frame-options deny
x-voltron-version 2f68303
x-xss-protection 0
server github.com
content-encoding gzip
accept-ranges bytes
set-cookie _gh_sess=9TBPqPKmWHvItU6vHI9c%2BID0yaGoaRhauYLXQFCT7RAA8F0ACv6Dd9Mj5YGBzHuukzjbguOYpQeuV9c9FpO2pry7CnbxgVvTChOpa%2Bw1AMBm4EoH8vtNk52mKKTY9Ks%2B5V6KkFaSWg9kl%2FSkqJGxb7WAC%2BR2QuYuVyu%2FYFYqbGsAdtBatsYRbsVdGIknihlfJD5k%2BefMwEs6n%2Fev%2FCNqQZnS2O4JFDu0BgybJ5cOaHIfyZwQYXQf3QwcI3xCbAIIA31J6E2KvmRab9he0AulDg%3D%3D--lgp3UUmGY2VWGRh3--FH6axIPn%2Fs8B6B9oW4GPtw%3D%3D; path=/; HttpOnly; secure; SameSite=Lax
set-cookie _octo=GH1.1.2118388096.1783528238; expires=Thu, 08 Jul 2027 16:30:38 GMT; domain=.github.com; path=/; secure; SameSite=Lax
set-cookie logged_in=no; expires=Thu, 08 Jul 2027 16:30:38 GMT; domain=.github.com; path=/; HttpOnly; secure; SameSite=Lax
x-github-request-id 86BE:AF0A4:16E1CEE:1221012:6A4E7B2E

Meta Tags

title="Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform · GitHub"
charset="utf-8"
name="route-pattern" content="/_view_fragments/voltron/pull_requests/show/:user_id/:repository/:id/pull_request_layout(.:format)" data-turbo-transient
name="route-controller" content="voltron_pull_requests_fragments" data-turbo-transient
name="route-action" content="pull_request_layout" data-turbo-transient
name="fetch-nonce" content="v2:de78d240-6d5b-5fb1-2bd1-290eb7b7dfaa"
name="current-catalog-service-hash" content="ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b"
name="request-id" content="86BE:AF0A4:16E1CEE:1221012:6A4E7B2E" data-pjax-transient="true"
name="html-safe-nonce" content="f349d32b958b4d1a0f247dca24734ddcc80b8634f84a2571f3a268a7e402a19e" data-pjax-transient="true"
name="visitor-payload" content="eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4NkJFOkFGMEE0OjE2RTFDRUU6MTIyMTAxMjo2QTRFN0IyRSIsInZpc2l0b3JfaWQiOiI5MDk4NDA3NTk0MzM5MjM2NjU0IiwicmVnaW9uX2VkZ2UiOiJmcmEiLCJyZWdpb25fcmVuZGVyIjoiZnJhIn0=" data-pjax-transient="true"
name="visitor-hmac" content="db011be3c390015e2ef7c096c45b2bc6611ee9d3f25e3dd2a8dbfde1ad03e989" data-pjax-transient="true"
name="hovercard-subject-tag" content="pull_request:3773514492" data-turbo-transient
name="github-keyboard-shortcuts" content="repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot" data-turbo-transient="true"
name="selected-link" value="repo_pulls" data-turbo-transient
name="google-site-verification" content="Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I"
name="octolytics-url" content="htt????/collector.github.com/github/collect"
name="analytics-location" content="/<user-name>/<repo-name>/voltron/pull_requests_fragments/pull_request_layout" data-turbo-transient="true"
name="user-login" content=""
name="viewport" content="width=device-width"
name="description" content="Huly — All-in-One Project Management Platform (alternative to Linear, Jira, Slack, Notion, Motion) - Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform"
property="fb:app_id" content="1401488693436528"
name="apple-itunes-app" content="app-id=1477376905, app-argument=htt????/github.com/_view_fragments/voltron/pull_requests/show/hcengineering/platform/10895/pull_request_layout"
name="twitter:image" content="htt????/opengraph.githubassets.com/639a8a270d7b08795349dc2b6af142ee8f3f83b5590b65bccec0acbabe1169c4/hcengineering/platform/pull/10895"
name="twitter:site" content="@github"
name="twitter:card" content="summary_large_image"
name="twitter:title" content="Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform"
name="twitter:description" content="Mention-grants: Collaborator-based cross-space access for @-mentions When a user @-mentions someone on a doc whose class is opted into mentions-grant-access, that mentioned account should gain read..."
property="og:image" content="htt????/opengraph.githubassets.com/639a8a270d7b08795349dc2b6af142ee8f3f83b5590b65bccec0acbabe1169c4/hcengineering/platform/pull/10895"
property="og:image:alt" content="Mention-grants: Collaborator-based cross-space access for @-mentions When a user @-mentions someone on a doc whose class is opted into mentions-grant-access, that mentioned account should gain read..."
property="og:image:width" content="1200"
property="og:image:height" content="600"
property="og:site_name" content="GitHub"
property="og:type" content="object"
property="og:title" content="Mention-grants: Collaborator-based cross-space access for @-mentions by MichaelUray · Pull Request #10895 · hcengineering/platform"
property="og:url" content="htt????/github.com/hcengineering/platform/pull/10895"
property="og:description" content="Mention-grants: Collaborator-based cross-space access for @-mentions When a user @-mentions someone on a doc whose class is opted into mentions-grant-access, that mentioned account should gain read..."
property="og:author:username" content="MichaelUray"
name="hostname" content="github.com"
name="expected-hostname" content="github.com"
http-equiv="x-pjax-version" content="9e4981641254d931427afffcf95d326002580ac69bbf8d9b0a3b8d2c9e1662a3" data-turbo-track="reload"
http-equiv="x-pjax-csp-version" content="cb4cffb7c023f774818cf728eb860debf1fc8ecf88a20487b238da276df1eb7d" data-turbo-track="reload"
http-equiv="x-pjax-css-version" content="4d9a16ea192005dcfb7768f5f88d061247a68408f3c0760a57b6c82c8791034d" data-turbo-track="reload"
http-equiv="x-pjax-js-version" content="41b6ab3ba6d20a71766ac245b5a4a94c6fc672a9cd4da7d44c1b33ab8bf6a21c" data-turbo-track="reload"
name="turbo-cache-control" content="no-preview" data-turbo-transient=""
name="turbo-cache-control" content="no-cache" data-turbo-transient
data-hydrostats="publish"
name="go-import" content="github.com/hcengineering/platform git htt????/github.com/hcengineering/platform.git"
name="octolytics-dimension-user_id" content="87086734"
name="octolytics-dimension-user_login" content="hcengineering"
name="octolytics-dimension-repository_id" content="392073243"
name="octolytics-dimension-repository_nwo" content="hcengineering/platform"
name="octolytics-dimension-repository_public" content="true"
name="octolytics-dimension-repository_is_fork" content="false"
name="octolytics-dimension-repository_network_root_id" content="392073243"
name="octolytics-dimension-repository_network_root_nwo" content="hcengineering/platform"
name="robots" content="noindex, nofollow"
name="turbo-body-classes" content="logged-out env-production page-responsive"
name="disable-turbo" content="false"
name="browser-stats-url" content="htt????/api.github.com/_private/browser/stats"
name="browser-errors-url" content="htt????/api.github.com/_private/browser/errors"
name="release" content="e6a744804e8e70f97b4d5a18a94dcc63db22f97a" data-turbo-track="reload"
name="ui-target" content="full"
name="theme-color" content="#1e2327"
name="color-scheme" content="light dark"

Load Info

page size88113
load time (s)1.049638
redirect count1
speed download83997
server IP 140.82.121.3
* all occurrences of the string "http://" have been changed to "htt???/"