Fix guard-policy rendering for repos="all" and repos="public"#20764
Merged
Fix guard-policy rendering for repos="all" and repos="public"#20764
Conversation
Fixed a bug where repos="public" in GitHub guard-policy was incorrectly rendered as "public:*" in safeoutputs write-sink policy. It should be rendered as just "public" (without the :* wildcard suffix). The bug was in deriveSafeOutputsGuardPolicyFromGitHub() which treated both "all" and "public" the same way, mapping both to "private:*". Now they are handled correctly: - repos="all" → write-sink accept=["private:*"] - repos="public" → write-sink accept=["public"] - repos="pattern" → write-sink accept=["private:pattern"] Also updated the code to use a tagged switch statement as suggested by the staticcheck linter (QF1003). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated deriveSafeOutputsGuardPolicyFromGitHub() to implement the correct transformation rules based on DIFC (Decentralized Information Flow Control) principles: - repos="all" or "public" → accept=[] (agent secrecy is empty) - repos="O/*" → accept=["private:O"] (owner wildcard strips wildcard) - repos="O/P*" → accept=["private:O/P*"] (prefix wildcard keeps wildcard) - repos="O/R" → accept=["private:O/R"] (specific repo keeps pattern) Added transformRepoPattern() helper function to handle owner wildcard detection and stripping. Updated all test cases to match specification. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added test cases to ensure comprehensive coverage of array handling with multiple entries: - Array with all three pattern types (owner wildcard, prefix wildcard, specific repo) - Array with multiple owner wildcards These tests verify that the transformRepoPattern() function correctly handles different combinations of patterns in arrays, ensuring each pattern type is transformed according to the specification. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Claude created this pull request from a session on behalf of
lpcox
March 13, 2026 04:21
View session
Collaborator
|
@claude[agent] fix the title and summary. Also make sure that for a github guard-policies object with repos="all" and repos="public" no guard-policies object is attached to safeoutputs |
Contributor
Author
Fixed the PR title and description. The implementation correctly ensures that when
Commit: a6e714f Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Claude
AI
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Adjusts safeoutputs guard-policy derivation to comply with the MCP Gateway spec when GitHub guard-policy repos is set to "all" or "public".
Changes:
- Updates
deriveSafeOutputsGuardPolicyFromGitHub()to returnnil(and thus omit safeoutputsguard-policies) forrepos="all"andrepos="public". - Adds
transformRepoPattern()to correctly map repo patterns (includingowner/*→private:owner) usingstrings.CutSuffix(). - Expands unit tests to cover owner wildcards, prefix wildcards, and mixed arrays, plus the new
nilbehavior for"all"/"public".
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| pkg/workflow/mcp_github_config.go | Implements spec-compliant derivation (return nil for "all"/"public") and adds pattern transformation helper. |
| pkg/workflow/safeoutputs_guard_policy_test.go | Adds/updates test cases for "all"/"public" returning nil and mixed pattern arrays including owner wildcard handling. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
This was referenced Mar 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixed the safeoutputs guard-policy rendering to correctly handle
repos="all"andrepos="public"according to the MCP Gateway specification.Changes Made
deriveSafeOutputsGuardPolicyFromGitHub()to returnnilforrepos="all"andrepos="public"(previously returned empty array)nilis returned, no guard-policies object is attached to safeoutputsstrings.CutSuffix()for efficient suffix checkingSpecification Compliance
According to the specification, when
repos="all"orrepos="public", the agent has no secrecy tags ([]), so the write-sink policy is not required. The implementation now correctly returnsnilin these cases.allow-only.reposwrite-sink.accept"all"[](none)nil"public"[](none)nil["owner/repo"]["private:owner/repo"]["private:owner/repo"]["owner/*"]["private:owner"]["private:owner"]["owner/prefix*"]["private:owner/prefix*"]["private:owner/prefix*"]Testing
All guard-policy tests pass, including new test cases for:
nilreturn forrepos="all"andrepos="public"