1 files changed, 32 insertions, 0 deletions
diff --git a/src/git/sync.rs b/src/git/sync.rs
index b05e2d0..e8e9655 100644
--- a/src/git/sync.rs
+++ b/src/git/sync.rs
@@ -951,6 +951,38 @@ async fn process_purgatory_state_events(
            }
        };
+        // CRITICAL: Check authorization before processing
+        // State events MUST be rejected if author is not in maintainer set
+        let authorized_owners = crate::git::authorization::pubkey_authorised_for_repo_owners(
+            &entry.event.pubkey,
+            &db_repo_data,
+        );
+        if authorized_owners.is_empty() {
+            warn!(
+                identifier = %identifier,
+                event_id = %entry.event.id,
+                author = %entry.event.pubkey.to_hex(),
+                "Rejecting state event from purgatory: author not in maintainer set"
+            );
+            // Remove from purgatory - this event will never be authorized
+            purgatory.remove_state_event(identifier, &entry.event.id);
+            result.errors.push(format!(
+                "State event {} rejected: author {} not in maintainer set",
+                entry.event.id,
+                entry.event.pubkey.to_hex()
+            ));
+            continue;
+        }
+        debug!(
+            identifier = %identifier,
+            event_id = %entry.event.id,
+            author = %entry.event.pubkey.to_hex(),
+            authorized_for_owners = ?authorized_owners,
+            "State event author authorized via maintainer set"
+        );
        // Use unified processing function
        let process_result = crate::git::process::process_state_with_git_data(
            &state,

diff --git a/src/git/sync.rs b/src/git/sync.rs index b05e2d0..e8e9655 100644 --- a/src/git/sync.rs +++ b/src/git/sync.rs
@@ -951,6 +951,38 @@ async fn process_purgatory_state_events(
951	}	951	}
952	};	952	};
953		953
		954	// CRITICAL: Check authorization before processing
		955	// State events MUST be rejected if author is not in maintainer set
		956	let authorized_owners = crate::git::authorization::pubkey_authorised_for_repo_owners(
		957	&entry.event.pubkey,
		958	&db_repo_data,
		959	);
		960
		961	if authorized_owners.is_empty() {
		962	warn!(
		963	identifier = %identifier,
		964	event_id = %entry.event.id,
		965	author = %entry.event.pubkey.to_hex(),
		966	"Rejecting state event from purgatory: author not in maintainer set"
		967	);
		968	// Remove from purgatory - this event will never be authorized
		969	purgatory.remove_state_event(identifier, &entry.event.id);
		970	result.errors.push(format!(
		971	"State event {} rejected: author {} not in maintainer set",
		972	entry.event.id,
		973	entry.event.pubkey.to_hex()
		974	));
		975	continue;
		976	}
		977
		978	debug!(
		979	identifier = %identifier,
		980	event_id = %entry.event.id,
		981	author = %entry.event.pubkey.to_hex(),
		982	authorized_for_owners = ?authorized_owners,
		983	"State event author authorized via maintainer set"
		984	);
		985
954	// Use unified processing function	986	// Use unified processing function
955	let process_result = crate::git::process::process_state_with_git_data(	987	let process_result = crate::git::process::process_state_with_git_data(
956	&state,	988	&state,