fix(guard): classify discussion_comment_write; add list_repository_collaborators DIFC rules#5818
Merged
Merged
Conversation
…_collaborators DIFC rules - Add `discussion_comment_write` to WRITE_OPERATIONS in tools.rs so agents cannot create/edit Discussion comments without triggering DIFC write-path checks (fixes the guard coverage gap reported in the issue). - Add a dedicated match arm for `discussion_comment_write` in tool_rules.rs: S=S(repo), I=writer — mirrors issue_write / add_issue_comment. - Add a match arm for `list_repository_collaborators` in tool_rules.rs: S=S(repo), I=reader — conservatively lower integrity because the response reveals who holds write/admin access to the repository. - Add unit tests for both new rules in tools.rs and tool_rules.rs.
Copilot
AI
changed the title
[WIP] Add missing discussion_comment_write operation to guard coverage
fix(guard): classify discussion_comment_write; add list_repository_collaborators DIFC rules
May 16, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR closes DIFC guard coverage gaps for new/previously-unlabeled GitHub MCP tools by (1) classifying a new discussion comment mutation tool as write-capable and (2) adding explicit DIFC label rules for collaborator listing and discussion comment writes.
Changes:
- Add
discussion_comment_writetoWRITE_OPERATIONSand test that it’s treated as a write (not read-write). - Add
apply_tool_labelsmatch arms fordiscussion_comment_writeandlist_repository_collaborators. - Add unit tests for both new
apply_tool_labelsrules.
Show a summary per file
| File | Description |
|---|---|
guards/github-guard/rust-guard/src/tools.rs |
Classifies discussion_comment_write as a write operation and adds a classification test. |
guards/github-guard/rust-guard/src/labels/tool_rules.rs |
Adds explicit DIFC secrecy/integrity rules and tests for discussion_comment_write and list_repository_collaborators. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 3
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Collaborator
Contributor
Author
Fixed in |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The upstream
github-mcp-serveraddeddiscussion_comment_writewithout a corresponding entry in the guard, allowing agents to create/edit Discussion comments without triggering DIFC write-path checks.list_repository_collaboratorsalso lacked an explicit label rule despite returning access-sensitive data.tools.rsdiscussion_comment_writetoWRITE_OPERATIONS— closes the guard coverage gaptool_rules.rs— two new match armsdiscussion_comment_write:S=S(repo), I=writer— mirrorsissue_write/add_issue_commentsince it produces repo-scoped, agent-authored contentlist_repository_collaborators:S=S(repo), I=reader— uses reader-level integrity (one level below writer) because the response reveals who holds write/admin access, making it access-sensitive relative to other repo metadata reads