feat(ignore): adding event logger for ignored comments

[billxinli]

• Emits events to POST /v0/orgs/{slug}/telemetry when users suppress alerts via @SocketSecurity ignore PR/MR comments
• Uses eyes emoji reaction as a dedup marker — only unprocessed comments (without eyes) trigger events; after sending, the eyes reaction is added
• Per-comment iteration ensures the correct comment author is recorded as sender_name/sender_id
• RBAC: only authorized users (write/admin on GitHub, Developer+ on GitLab) can suppress alerts and trigger events. Unauthorized users get a -1 reaction.
• Supports both GitHub (inline reactions.eyes from API response) and GitLab (lazy has_eyes_reaction() API call per comment, best-effort post_eyes_reaction() via Award Emoji API)
• Events are sent one at a time (fire-and-forget per event, continues on failure)
• Comment flow uses artifact_input (raw user text) since the ignore command is user input and may not be a valid PURL
• Push flow uses artifact_purl from actual alert objects with alert_action derived from the alert's resolved policy action
• Fixes pre-existing case-sensitivity bug in get_ignore_options — @socketSecurity ignore (lowercase s) now works

Changes

socketsecurity/core/cli_client.py

• Added post_telemetry_events() — sends events individually to POST /v0/orgs/{slug}/telemetry

socketsecurity/core/scm/github.py

• Added is_commenter_authorized() — checks collaborator permission level (admin/write)
• Added post_eyes_reaction() — posts eyes reaction to mark comments as processed
• Added post_negative_reaction() — posts -1 reaction for unauthorized users
• Updated handle_ignore_reactions() — only adds +1 for authorized users, -1 for unauthorized

socketsecurity/core/scm/gitlab.py

• Added is_commenter_authorized() — checks project member access level (Developer+)
• Added has_eyes_reaction() — best-effort check for eyes award emoji on MR notes
• Added post_eyes_reaction() — best-effort add eyes award emoji with Content-Type: application/json

socketsecurity/core/scm_comments.py

• Made get_ignore_options() case-insensitive (fixes @socketSecurity vs @SocketSecurity)

socketsecurity/socketcli.py

• Added _is_commenter_authorized() — checks user permissions with caching per user
• Added _is_unprocessed() — checks inline reactions.eyes, falls back to scm.has_eyes_reaction(), then checks authorization
• Added _filter_authorized_ignore_comments() — filters ignore comments to authorized users only, applied before suppression and telemetry in both flows
• Comment flow: emits events per unprocessed ignore comment with author attribution
• Push flow: matches ignored alerts back to individual comments, derives alert_action from alert's resolved policy flags

Tests

• tests/unit/test_client.py — 2 tests: individual event sending, continues on failure
• tests/unit/test_ignore_telemetry_filtering.py — 17 tests: eyes filtering, SCM fallback, commenter authorization (RBAC), authorized comment filtering, event payload shape

Event attributes

{
  "event_kind": "user-action",
  "client_action": "ignore",
  "alert_action": "error",
  "event_id": "<uuid>",
  "event_sender_created_at": "<iso8601>",
  "vcs_provider": "github|gitlab",
  "owner": "<repo_owner>",
  "repo": "<owner/repo>",
  "pr_number": 123,
  "ignore_all": true|false,
  "sender_name": "<comment_author_login>",
  "sender_id": "<comment_author_id>",
  "artifact_input": "<raw_user_text>" (comment flow),
  "artifact_purl": "<valid_purl>" (push flow)
}

Public Changelog

N/A

[github-actions]

🚀 Preview package published!

Install with:

pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==2.2.81.dev1

Docker image: socketdev/cli:pr-178

[billxinli]

bugbot run

[bmeck]

seems ok, would slightly pref v1 events but this is fine since v1 would be a slightly bigger change

[bmeck]

action fields should match ResolvedIssueAction, and this is missing the current action from policy (alert_action)

enum ResolvedIssueActionEnum {
  error = 'error',
  warn = 'warn',
  monitor = 'monitor',
  ignore = 'ignore',
}