Skip to content

Align list_repository_collaborators DIFC integrity to reader-level#5843

Merged
lpcox merged 2 commits into
mainfrom
copilot/compliance-fix-difc-integrity-level
May 16, 2026
Merged

Align list_repository_collaborators DIFC integrity to reader-level#5843
lpcox merged 2 commits into
mainfrom
copilot/compliance-fix-difc-integrity-level

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 16, 2026
edited
Loading

Compliance review found a mismatch between stated policy intent and implementation for list_repository_collaborators: the PR rationale specified reader integrity, but the guard assigned writer integrity. This change resolves that discrepancy in code and tests so the tool’s label semantics match the documented access-sensitive intent.

  • Policy alignment

    • Updated list_repository_collaborators in tool_rules.rs to assign reader_integrity(repo_id, ctx) instead of writer_integrity(repo_id, ctx).
    • Kept secrecy handling as private policy scope for collaborator/permission metadata.

  • Documentation-in-code clarification

    • Updated the inline integrity comment from writer-level to reader-level to reflect the intended trust boundary for access-sensitive collaborator data.

  • Unit expectation update

    • Adjusted the dedicated test assertion to expect reader-level integrity and updated the assertion message accordingly.
"list_repository_collaborators" => {
    // S = private policy scope
    // I = reader (access-sensitive metadata should not directly authorize writes)
    secrecy = policy_private_scope_label(&owner, &repo, repo_id, ctx);
    integrity = reader_integrity(repo_id, ctx);
}

Copilot AI linked an issue May 16, 2026 that may be closed by this pull request
[compliance] DIFC integrity level discrepancy: list_repository_collaborators uses writer vs stated reader intent #5842
Closed
Copilot AI changed the title [WIP] Fix integrity level discrepancy for list_repository_collaborators Align list_repository_collaborators DIFC integrity to reader-level May 16, 2026
Copilot finished work on behalf of lpcox May 16, 2026 21:56
Copilot AI requested a review from lpcox May 16, 2026 21:56
@lpcox lpcox marked this pull request as ready for review May 16, 2026 22:05
Copilot AI review requested due to automatic review settings May 16, 2026 22:05
Copilot AI reviewed May 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Aligns the DIFC integrity label for list_repository_collaborators in the Rust guard with the documented reader-level intent (access-sensitive metadata that shouldn't authorize writes), updating the implementation, inline comment, and corresponding test assertion.

Changes:

  • Switch integrity from writer_integrity to reader_integrity for list_repository_collaborators.
  • Update inline comment to describe reader-level rationale.
  • Update unit test to expect reader-level integrity with corresponding message.
Show a summary per file
File Description
guards/github-guard/rust-guard/src/labels/tool_rules.rs Switch integrity to reader-level for collaborator listing and update the matching unit test assertion/message

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 0

@lpcox lpcox merged commit 87c2812 into main May 16, 2026
27 checks passed
@lpcox lpcox deleted the copilot/compliance-fix-difc-integrity-level branch May 16, 2026 22:08
This was referenced May 16, 2026
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[compliance] DIFC integrity level discrepancy: list_repository_collaborators uses writer vs stated reader intent

3 participants

@lpcox