From f00ef3c6ff6bc45b29cce98974862f1288504583 Mon Sep 17 00:00:00 2001
From: "Ralf W. Grosse-Kunstleve" <rgrossekunst@nvidia.com>
Date: Fri, 1 May 2026 18:06:58 -0700
Subject: [PATCH 1/4] Trust any collaborator in restricted-paths guard

Restricted-paths review is only meant for authors outside the collaborator
set, so read and triage access should count as trusted signals too.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .github/workflows/restricted-paths-guard.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/restricted-paths-guard.yml b/.github/workflows/restricted-paths-guard.yml
index 8d7e6eccd4f..51baf86eff0 100644
--- a/.github/workflows/restricted-paths-guard.yml
+++ b/.github/workflows/restricted-paths-guard.yml
@@ -149,13 +149,13 @@ jobs:
             fi
 
             case "$COLLABORATOR_PERMISSION" in
-              admin|maintain|write)
+              admin|maintain|write|triage|read)
                 HAS_TRUSTED_SIGNAL=true
                 LABEL_ACTION="not needed (collaborator permission is a trusted signal)"
                 TRUSTED_SIGNALS="collaborator_permission:$COLLABORATOR_PERMISSION"
                 ;;
               *)
-                # triage, read, or none: not a trusted signal
+                # none: not a trusted signal
                 ;;
             esac
           fi

From 779c18bd74e0c8e15193d6ed654086bde952655c Mon Sep 17 00:00:00 2001
From: "Ralf W. Grosse-Kunstleve" <rgrossekunst@nvidia.com>
Date: Fri, 1 May 2026 18:14:06 -0700
Subject: [PATCH 2/4] Post PR comment when restricted-paths review is required

Make it easier to discover why Needs-Restricted-Paths-Review was applied by
posting a short PR comment with a link to the workflow run summary whenever
the label is newly added.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .github/workflows/restricted-paths-guard.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/workflows/restricted-paths-guard.yml b/.github/workflows/restricted-paths-guard.yml
index 51baf86eff0..80e28dc050c 100644
--- a/.github/workflows/restricted-paths-guard.yml
+++ b/.github/workflows/restricted-paths-guard.yml
@@ -29,6 +29,7 @@ jobs:
           PR_AUTHOR: ${{ github.event.pull_request.user.login }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           PR_URL: ${{ github.event.pull_request.html_url }}
+          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
 
           # Workflow policy inputs
           REVIEW_LABEL: Needs-Restricted-Paths-Review
@@ -113,9 +114,25 @@ jobs:
             echo '```'
           }
 
+          post_review_label_comment() {
+            local comment_body
+            printf -v comment_body '%s\n\n%s\n' \
+              "\`$REVIEW_LABEL\` was assigned by \`CI: Restricted Paths Guard\`." \
+              "For details, open [this workflow run]($RUN_URL) and click **Summary**."
+
+            if gh api "repos/$REPO/issues/$PR_NUMBER/comments" \
+              -f body="$comment_body" >/dev/null; then
+              COMMENT_ACTION="posted"
+            else
+              COMMENT_ACTION="failed (non-fatal)"
+              echo "::warning::Failed to post PR comment about newly added $REVIEW_LABEL."
+            fi
+          }
+
           HAS_TRUSTED_SIGNAL=false
           LABEL_ACTION="not needed (no restricted paths)"
           TRUSTED_SIGNALS="(none)"
+          COMMENT_ACTION="not needed"
 
           if [ "$TOUCHES_RESTRICTED_PATHS" = "true" ]; then
             # Distinguish a legitimate 404 "not a collaborator" response from
@@ -189,6 +206,7 @@ jobs:
               exit 1
             else
               LABEL_ACTION="added"
+              post_review_label_comment
             fi
           elif [ "$LABEL_ALREADY_PRESENT" = "true" ]; then
             LABEL_ACTION="left in place (manual removal required)"
@@ -203,6 +221,7 @@ jobs:
             echo "- **Restricted paths**: \`cuda_bindings/\`, \`cuda_python/\`"
             echo "- **Trusted signals**: $TRUSTED_SIGNALS"
             echo "- **Label action**: $LABEL_ACTION"
+            echo "- **Comment action**: $COMMENT_ACTION"
             if [ "$TOUCHES_RESTRICTED_PATHS" = "true" ]; then
               echo ""
               write_matching_restricted_paths

From 9b2fcd8ed0f54a8876dfaf00abaf3f70b76685fd Mon Sep 17 00:00:00 2001
From: "Ralf W. Grosse-Kunstleve" <rgrossekunst@nvidia.com>
Date: Thu, 16 Apr 2026 12:35:26 -0700
Subject: [PATCH 3/4] TEMPORARY: Switch to pull_request trigger for testing

This commit is for testing the collaborator permission check and must be
reverted before merge:

1. Changes trigger from pull_request_target to pull_request so this
   branch's workflow definition runs instead of main's.

2. Adds a dummy change to cuda_bindings/pyproject.toml to trigger the
   restricted-paths detection.

REVERT THIS COMMIT BEFORE MERGE.

Made-with: Cursor
---
 .github/workflows/restricted-paths-guard.yml | 3 ++-
 cuda_bindings/pyproject.toml                 | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/restricted-paths-guard.yml b/.github/workflows/restricted-paths-guard.yml
index 80e28dc050c..77ec1083b78 100644
--- a/.github/workflows/restricted-paths-guard.yml
+++ b/.github/workflows/restricted-paths-guard.yml
@@ -6,7 +6,8 @@ name: "CI: Restricted Paths Guard"
 on:
   # Run on drafts too so maintainers get early awareness on WIP PRs.
   # Label updates on fork PRs require pull_request_target permissions.
-  pull_request_target:
+  # TEMPORARY: Using pull_request for testing; revert to pull_request_target before merge.
+  pull_request:
     types:
       - opened
       - synchronize
diff --git a/cuda_bindings/pyproject.toml b/cuda_bindings/pyproject.toml
index d72ab7f7750..38cec71ed21 100644
--- a/cuda_bindings/pyproject.toml
+++ b/cuda_bindings/pyproject.toml
@@ -1,5 +1,6 @@
 # SPDX-FileCopyrightText: Copyright (c) 2023-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 # SPDX-License-Identifier: LicenseRef-NVIDIA-SOFTWARE-LICENSE
+# XXX DUMMY CHANGE FOR TESTING restricted-paths-guard.yml - REMOVE BEFORE MERGE XXX
 [build-system]
 requires = [
     "setuptools>=80.0.0",

From 31ddac24cd64c5077af4860d7a497a8fbace0d96 Mon Sep 17 00:00:00 2001
From: "Ralf W. Grosse-Kunstleve" <rgrossekunst@nvidia.com>
Date: Fri, 1 May 2026 18:41:02 -0700
Subject: [PATCH 4/4] TEMPORARY: Exclude write permission from trusted
 collaborators

This commit is for testing the label-and-comment path and must be reverted
before merge. It temporarily treats write access as untrusted so the current
PR will exercise Needs-Restricted-Paths-Review assignment again.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .github/workflows/restricted-paths-guard.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/restricted-paths-guard.yml b/.github/workflows/restricted-paths-guard.yml
index 77ec1083b78..95f7f8f71cf 100644
--- a/.github/workflows/restricted-paths-guard.yml
+++ b/.github/workflows/restricted-paths-guard.yml
@@ -167,7 +167,7 @@ jobs:
             fi
 
             case "$COLLABORATOR_PERMISSION" in
-              admin|maintain|write|triage|read)
+              admin|maintain|triage|read)
                 HAS_TRUSTED_SIGNAL=true
                 LABEL_ACTION="not needed (collaborator permission is a trusted signal)"
                 TRUSTED_SIGNALS="collaborator_permission:$COLLABORATOR_PERMISSION"