* Add ifc label for list_issues tool

Emits an IFC SecurityLabel on the list_issues tool result when the
InsidersMode flag is enabled, mirroring the pattern landed for get_me
in #2432.

Public repositories are labelled PublicUntrusted; private repositories
are labelled PrivateUntrusted with the repository owner as a placeholder
reader (full collaborator enumeration is intentionally deferred to a
follow-up shared helper).

A new IsPrivate field is added to the ListIssues GraphQL query types so
visibility is available without a second round trip.

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.

* list_issues: populate readers with repo collaborators

Addresses Joanna's review feedback: for private repositories, populate
the IFC confidentiality reader set with the repository's collaborator
logins instead of the [owner] placeholder.

Adds an exported FetchRepoCollaborators helper in pkg/github/repositories.go
that paginates through Repositories.ListCollaborators. Mirrors the helper
in github-mcp-server-remote (without the cache for now; cache can land in
a follow-up).

The lookup is invoked only for private repos under InsidersMode; if it
fails we fall back to [owner] so the reader set is never empty for a
private repo.

* Add ifc label for get_file_contents tool

Emits an IFC SecurityLabel on the get_file_contents tool result when the
InsidersMode flag is enabled, mirroring the pattern landed for get_me in

Public repositories are labelled PublicUntrusted (anyone can author file
content via pull requests). Private repositories are labelled
PrivateTrusted with the repository owner as a placeholder reader, since
only collaborators can land changes there. Full collaborator enumeration
is intentionally deferred to a follow-up shared helper.

A new exported FetchRepoIsPrivate helper wraps Repositories.Get for
visibility lookups; it is invoked lazily and only when InsidersMode is
on, so non-insiders pay no extra round trip. Visibility lookup failures
skip the label rather than fail the user-facing call.

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.

* get_file_contents: address Copilot review findings

- FetchRepoIsPrivate: tighten doc to 'returns whether a repository is
  private' and close the underlying *github.Response body.
- attachIFC: skip emitting the ifc label when the repository visibility
  lookup fails, instead of falling through to PublicUntrusted (which
  would mislabel a private or unknown-visibility repo as public). The
  failure is no longer cached so a subsequent return path can retry.
- Add a test asserting the tool still succeeds and omits result.Meta  ["ifc"] when the visibility lookup returns 500.

* Add pagination support to pull request reviews and update descriptions

* Add pagination support to GetPullRequestReviews test case

* Remove unintentional whitespace

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Roberto Nacu <kerobbi@github.com>

* Add optional rationale parameter to update_issue_type tool

Add an optional `rationale` string parameter (max 280 chars) to the
`update_issue_type` MCP tool. When provided, the type is sent as an
object `{"name": "...", "rationale": "..."}` to the REST API,
enabling agents to explain their classification decisions. When omitted,
existing behavior is preserved (type sent as a plain string).

This supports the agent rationale experiment for type mutations. The
parameter is always visible in the schema — the API gracefully ignores
the rationale when the server-side feature flag is disabled.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Validate issue type rationale input

* Format issue type rationale tests

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Adam Holt <omgitsads@github.com>

* Add ifc label for search_issues tool

Emits an IFC SecurityLabel on the search_issues tool result when the
InsidersMode flag is enabled, mirroring the pattern landed for get_me
in #2432, list_issues in #2453, and get_file_contents in #2454.

Search results may span multiple repositories, so the label is the IFC
join of the per-repository labels:

  - Integrity is always untrusted (issues are user-authored).
  - If any matched repository is public, the joined readers are
    ["public"] (the public side dominates the lub).
  - Otherwise the joined readers are the intersection of the
    collaborator sets across all matched private repositories.
  - Empty result sets are labelled public-untrusted (no data leaked).

The shared searchHandler in search_utils.go gains an additive variadic
'searchOption' hook so SearchIssues can attach _meta.ifc without
duplicating the search call. SearchPullRequests is unaffected; it does
not pass any options.

If any per-repository visibility or collaborators lookup fails the label
is omitted entirely, consistent with get_file_contents, to avoid
misclassifying the result.

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.

Note: this PR is chained on #2454 (gokhanarkan/fides-get-file-contents)
because it depends on the FetchRepoIsPrivate and FetchRepoCollaborators
helpers introduced there. GitHub will retarget the base to main once
#2454 merges.

* search_issues: address Copilot review findings

- LabelSearchIssues now returns (SecurityLabel, bool); the bool is
  false when len(repoVisibilities) != len(readerSets), so callers can
  omit the label rather than emit one computed from inconsistent
  inputs.
- searchIssuesIFCPostProcess no longer substitutes [owner] when the
  collaborators API returns an empty list. The substitution was
  inconsistent with the cross-repo intersection semantics: the owner
  could appear in another matched private repo's collaborator list and
  thereby widen the joined reader set incorrectly. Empty collaborator
  sets are now passed through unchanged.
- Add a subtest exercising the collaborators-failure branch (500 on
  /repos/{owner}/{repo}/collaborators), asserting the tool still
  succeeds and result.Meta["ifc"] is absent.
- Extend the LabelSearchIssues table tests with the slice-length
  mismatch case.

Addresses the three Copilot findings on #2456.

* search_issues: flip IFC join to intersection (private wins)

Address Joanna's review feedback on #2456: a reader of a multi-repo result
must be authorised to read every matched private repository, so the IFC
join is the meet (intersection over private repos) rather than the join.
Public matches contribute the universe set and drop out of the
intersection without shrinking it.

- LabelSearchIssues: collect only the private reader sets, then intersect.
  Empty result and all-public remain public-untrusted.
- TestLabelSearchIssues: flip the mixed public+private expectation and add
  a 'two private + one public' case to lock in the new semantics.
- Test_SearchIssues_IFC_InsidersMode: mixed subtest now expects the
  private repo's reader set instead of public.

* Add ifc label for search_issues tool

Emits an IFC SecurityLabel on the search_issues tool result when the
InsidersMode flag is enabled, mirroring the pattern landed for get_me
in #2432, list_issues in #2453, and get_file_contents in #2454.

Search results may span multiple repositories, so the label is the IFC
join of the per-repository labels:

  - Integrity is always untrusted (issues are user-authored).
  - If any matched repository is public, the joined readers are
    ["public"] (the public side dominates the lub).
  - Otherwise the joined readers are the intersection of the
    collaborator sets across all matched private repositories.
  - Empty result sets are labelled public-untrusted (no data leaked).

The shared searchHandler in search_utils.go gains an additive variadic
'searchOption' hook so SearchIssues can attach _meta.ifc without
duplicating the search call. SearchPullRequests is unaffected; it does
not pass any options.

If any per-repository visibility or collaborators lookup fails the label
is omitted entirely, consistent with get_file_contents, to avoid
misclassifying the result.

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.

Note: this PR is chained on #2454 (gokhanarkan/fides-get-file-contents)
because it depends on the FetchRepoIsPrivate and FetchRepoCollaborators
helpers introduced there. GitHub will retarget the base to main once
#2454 merges.

* search_issues: address Copilot review findings

- LabelSearchIssues now returns (SecurityLabel, bool); the bool is
  false when len(repoVisibilities) != len(readerSets), so callers can
  omit the label rather than emit one computed from inconsistent
  inputs.
- searchIssuesIFCPostProcess no longer substitutes [owner] when the
  collaborators API returns an empty list. The substitution was
  inconsistent with the cross-repo intersection semantics: the owner
  could appear in another matched private repo's collaborator list and
  thereby widen the joined reader set incorrectly. Empty collaborator
  sets are now passed through unchanged.
- Add a subtest exercising the collaborators-failure branch (500 on
  /repos/{owner}/{repo}/collaborators), asserting the tool still
  succeeds and result.Meta["ifc"] is absent.
- Extend the LabelSearchIssues table tests with the slice-length
  mismatch case.

Addresses the three Copilot findings on #2456.

* search_issues: flip IFC join to intersection (private wins)

Address Joanna's review feedback on #2456: a reader of a multi-repo result
must be authorised to read every matched private repository, so the IFC
join is the meet (intersection over private repos) rather than the join.
Public matches contribute the universe set and drop out of the
intersection without shrinking it.

- LabelSearchIssues: collect only the private reader sets, then intersect.
  Empty result and all-public remain public-untrusted.
- TestLabelSearchIssues: flip the mixed public+private expectation and add
  a 'two private + one public' case to lock in the new semantics.
- Test_SearchIssues_IFC_InsidersMode: mixed subtest now expects the
  private repo's reader set instead of public.

* Add ifc label for issue_read tool

Emits an IFC SecurityLabel on the issue_read tool result when the
InsidersMode flag is enabled, mirroring the pattern landed for get_me
in #2432, list_issues in #2453, get_file_contents in #2454, and
search_issues in #2456.

issue_read operates on a single issue in a single repository so the
label has the same per-repo semantics as list_issues; the helper
ifc.LabelListIssues is reused directly. Integrity is always untrusted
(issue contents, comments, and label descriptions are user-authored).
Public repos are labelled PublicUntrusted; private repos are labelled
PrivateUntrusted with the repository's collaborator logins, falling
back to [owner] when the collaborators lookup fails.

The IssueRead handler dispatches to four sub-functions (GetIssue,
GetIssueComments, GetSubIssues, GetIssueLabels). The IFC label is
attached at the dispatch site via a single attachIFC closure, so all
four method branches emit the label without changes to the underlying
helpers. Visibility-lookup failures cause the label to be omitted
entirely (consistent with get_file_contents and search_issues).

A future cleanup PR can extract attachIFC into a shared helper now that
get_file_contents, search_issues, and issue_read use near-identical
closures; intentionally not bundled here to keep the diff minimal.

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.

Note: chained on #2456 (gokhanarkan/fides-search-issues), which is in
turn chained on #2454. GitHub will retarget the base to main once those
merge.

* issue_read: simplify attachIFC by dropping unused lazy-cache

Address Joanna's review feedback on #2457: the dispatch switch returns
on exactly one branch, so attachIFC runs at most once per request. The
ifcLabelKnown / ifcIsPrivate / ifcReaders cache variables were never
reused across calls and only added complexity.

Inline the visibility and collaborators lookups directly into the
closure and drop the cache. Behaviour is identical; a follow-up can
add real per-request caching across handlers if needed.

Emits an IFC SecurityLabel on the search_repositories tool result when
the InsidersMode flag is enabled, mirroring the pattern landed for
get_me (#2432), list_issues (#2453), get_file_contents (#2454),
search_issues (#2456), and issue_read (#2457).

Search results may span multiple repositories, so the join math
(integrity always untrusted; private wins by intersecting collaborator
sets across the matched private repos only) is shared with search_issues
via ifc.LabelSearchIssues. Visibility is read directly off the search
response's repo.Private field — no extra API call. Collaborators are
fetched only for private hits, and any failure causes the label to be
omitted entirely (consistent with search_issues / issue_read /
get_file_contents).

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.

)

* feat: return minimal code search results with text match snippets

Return a MinimalCodeSearchResult type from search_code instead of the
raw GitHub API CodeSearchResult. This reduces token usage by ~4x by:

- Projecting the repository object to just the full_name string instead
  of the full ~3KB repository payload repeated per result
- Enabling the text-match Accept header so code snippets (fragments)
  are included in results, which were previously missing

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* refactor: drop html_url from MinimalCodeResult

The URL is derivable from repository + path + sha, so it's redundant
token cost per result.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: add minimal_output opt-out and Accept header test for code search

Address PR review feedback:

1. Add minimal_output parameter (default: true) to search_code, matching
   the pattern from search_repositories. When false, returns the full
   GitHub API CodeSearchResult for backward compatibility.

2. Add Accept header assertion to tests via a new withHeaders() helper
   on partialMock, verifying the text-match Accept header is actually
   requested (not just mocked in the response).

3. Add test case for minimal_output=false path.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* refactor: remove minimal_output opt-out from search_code

The full CodeResult only adds a bloated Repository object (~3KB of
template URLs) and a derivable HTMLURL. Nothing in the full output is
useful beyond what the minimal type already provides, so always return
the compact form.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Replace ingress IFC reader list with private marker

Switches the ingress IFC labels from emitting a per-repo collaborator
list to a single 'private' marker. The CLI engine now fetches readers
from the GitHub endpoint on demand at egress decision time (P-F check),
with pagination + caching, which removes a wire-bloat ceiling for repos
with thousands of collaborators.

Drops the per-call FetchRepoCollaborators from list_issues, issue_read,
get_file_contents, search_issues, and search_repositories. The shared
LabelSearchIssues helper collapses to a single []bool argument; the
intersection logic and length-mismatch failure mode go away.

This is a breaking wire-format change for _meta.ifc consumers — coordinate
with the CLI cut-over.

Refs github/copilot-mcp-core#1389.

* format

* Update FetchRepoCollaborators doc comment for marker-only ingress

Addresses Copilot review on #2478. The helper is no longer called by the
server itself; ingress emits a 'private' marker and the client engine
resolves readers on demand. Kept exported per the library-consumer
convention; updated the comment to reflect the new role.

* Address review: drop FetchRepoCollaborators and make confidentiality a scalar

Per Joanna's review on #2478:

- Remove FetchRepoCollaborators entirely (no callers left after the marker
  switch). Drops the GetReposCollaboratorsByOwnerByRepo mock route too.
- Change SecurityLabel.Confidentiality from []Confidentiality to a scalar
  Confidentiality. Wire format is now {integrity, confidentiality} where
  confidentiality is a single 'public' or 'private' string. Updated all
  tests and the LabelSearchIssues helper accordingly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add tool to list repo collaborators

* Simplify tool description

* Fix test

* Return pagination info

* Return page parameters

* Update defaults

* Add discussion comment write operation tools

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address comments from Copilot review

* Update includeReplies description to specify GitHub API maximum replies limit

* Consolidate into single tool

* add tests cases for checking param presence

* Enhance validation on discussion comment operations

* Enhance discussion_write tool description

Co-authored-by: Roberto Nacu <kerobbi@github.com>

* Remove redundant param

Co-authored-by: Roberto Nacu <kerobbi@github.com>

* Refactor tests

* Fix failing build

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Roberto Nacu <kerobbi@github.com>

Breaking changes addressed:
- raw.NewClient: Use WithHTTPClient/WithEnterpriseURLs options, pass ctx to
  NewRequest, return (*Client, error)
- internal/ghmcp/server.go: Use functional options for REST client creation,
  replace UserAgent field mutation with UserAgentTransport wrapper, add
  restUATransp field to githubClients struct
- pkg/github/dependencies.go: Use functional options for REST client creation,
  handle raw.NewClient error return
- pkg/github/actions.go: Handle new WorkflowDispatchRunDetails return value
  from CreateWorkflowDispatchEventByID/ByFileName
- pkg/github/issues.go: Replace IssueListOptions with ListOptions for
  SubIssue.ListByIssue
- pkg/github/notifications.go: MarkThreadDone now takes string instead of
  int64; remove ParseInt and strconv import
- pkg/github/projects.go: Remove pointer indirection from
  ListProjectsPaginationOptions and ListProjectsOptions fields
- pkg/github/issues_granular.go: Pass ctx to NewRequest, remove ctx from Do
- Test files: Add mustNewGHClient helper, replace all NewClient calls,
  fix stubClientFnFromHTTP signature, fix lockdown_test.go BaseURL handling,
  fix raw_test.go, remove invalid threadID test case

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Bumps golang from 1.25.9-alpine to 1.25.10-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.10-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…2396)

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.4.0 to 7.2.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@e435ccd...1a80836)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@b45d80f...4907a6d)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.1.0 to 4.1.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@ba7bc0a...6f9f177)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>