Skip to content

Add ifc label for search_repositories tool#2459

Open
gokhanarkan wants to merge 1 commit into
gokhanarkan/fides-issue-readfrom
gokhanarkan/fides-search-repositories
Open

Add ifc label for search_repositories tool#2459
gokhanarkan wants to merge 1 commit into
gokhanarkan/fides-issue-readfrom
gokhanarkan/fides-search-repositories

Conversation

@gokhanarkan
Copy link
Copy Markdown
Member

@gokhanarkan gokhanarkan commented May 12, 2026

Emits an IFC SecurityLabel on the search_repositories tool result when the InsidersMode flag is enabled, mirroring the pattern landed for get_me (#2432), list_issues (#2453), get_file_contents (#2454), search_issues (#2456), and issue_read (#2457).

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389. The last ingress tool from #1623's table.

Chained on #2457 (which is itself chained on #2456). GitHub will auto-retarget the base to main as the upstream PRs merge.

What this PR does

Per #1623, search_repositories emits PublicUntrusted() regardless of whether matched repositories are private. Repository search is treated as a discovery surface: matched repositories are by definition already accessible to the caller, so the joined readers are universal. Integrity is untrusted because repository names, descriptions, and topics are user-authored.

Question for @JoannaaKL

This follows the spec literally. Strictly, surfacing a private repo's name/description into a ["public"]-labelled result lets the agent then exfiltrate the name to a public destination unhindered. If you'd rather mirror search_issues and join per-repo (visibility from the search payload's Repository.Private, collaborators via FetchRepoCollaborators for private matches), the upgrade path is a small follow-up — ifc.LabelSearchIssues already does the join math. Going with the spec literal here for iteration speed; happy to switch.

Implementation note

SearchRepositories has its own handler distinct from the shared searchHandler used by SearchIssues (different result type — *github.RepositoriesSearchResult vs *github.IssuesSearchResult). The IFC attach is wired inline at the success return rather than via the searchOption postProcess hook added in #2456. Six lines under InsidersMode, no infra refactor.

Tests

Test_SearchRepositories_IFC_InsidersMode in pkg/github/search_test.go with 2 subtests:

  1. Insiders off → result.Meta == nil.
  2. Insiders on → integrity=untrusted, confidentiality=["public"].

(No per-repo or visibility-failure branch to cover — the label is constant.)

Validation

  • go test -race ./... — green.
  • gofmt -s clean; go vet ./... clean.
  • (./script/lint itself fails locally with a pre-existing golangci-lint Go-version mismatch unrelated to this change.)
  • No tool schema/annotation changes → no toolsnap or README regeneration needed.

Copilot AI review requested due to automatic review settings May 12, 2026 14:56
@gokhanarkan gokhanarkan requested a review from a team as a code owner May 12, 2026 14:56
Copilot AI reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds IFC (_meta.ifc) annotation to the search_repositories MCP tool output when InsidersMode is enabled, aligning search_repositories with the existing IFC-labeling pattern used across other ingress tools.

Changes:

  • Added ifc.LabelSearchRepositories() returning a constant PublicUntrusted() label for repository search results.
  • Updated SearchRepositories to attach _meta.ifc on successful responses when deps.GetFlags(ctx).InsidersMode is true.
  • Added unit test coverage verifying IFC metadata is omitted when insiders mode is off and present (public/untrusted) when on.
Show a summary per file
File Description
pkg/ifc/ifc.go Adds LabelSearchRepositories() helper documenting/encapsulating the label decision for search_repositories.
pkg/github/search.go Attaches _meta.ifc to search_repositories successful results behind InsidersMode.
pkg/github/search_test.go Adds Test_SearchRepositories_IFC_InsidersMode covering both insiders on/off behavior.

Copilot's findings

  • Files reviewed: 3/3 changed files
  • Comments generated: 0

@gokhanarkan gokhanarkan force-pushed the gokhanarkan/fides-issue-read branch from 6181edd to 5271c51 Compare May 12, 2026 15:04
@gokhanarkan
Add ifc label for search_repositories tool
ea5755f 
Emits an IFC SecurityLabel on the search_repositories tool result when
the InsidersMode flag is enabled, mirroring the pattern landed for
get_me, list_issues, get_file_contents, search_issues, and issue_read.

Per the spec in github/copilot-mcp-core#1623, the label is
PublicUntrusted() regardless of whether matched repositories are
private. Repository search is treated as a discovery surface: matched
repositories are by definition already accessible to the caller, so
the joined readers are universal. Integrity is untrusted because
repository names, descriptions, and topics are user-authored.

Implementation note: SearchRepositories has its own handler distinct
from the shared searchHandler used by SearchIssues, so the IFC attach
is wired inline at the success return rather than via the postProcess
hook added in #2456.

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.

Note: chained on #2457 (gokhanarkan/fides-issue-read), which is in
turn chained on #2456. GitHub will retarget the base to main once
those merge.
@gokhanarkan gokhanarkan force-pushed the gokhanarkan/fides-search-repositories branch from 86d20eb to ea5755f Compare May 12, 2026 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gokhanarkan