Add lockdown mode to filter issue #1371
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a lockdown mode feature for the GitHub MCP Server that restricts access to issue details based on repository visibility and user permissions. When enabled, the feature allows access only to users with push access on public repositories, while private repositories remain unrestricted.
Key Changes
- Added a new
lockdownpackage with functions to check repository privacy and user permissions via GitHub GraphQL API - Integrated lockdown checks into the
IssueReadtool'sGetIssuemethod - Added
FeatureFlagsstruct and CLI flag to enable/disable lockdown mode
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/lockdown/lockdown.go | New package implementing lockdown logic with GraphQL-based permission checks |
| pkg/github/feature_flags.go | New feature flags struct to control lockdown behavior |
| pkg/github/issues.go | Integration of lockdown checks in GetIssue function |
| pkg/github/issues_test.go | Test cases for lockdown mode scenarios (private repo and insufficient permissions) |
| pkg/github/tools.go | Updated DefaultToolsetGroup to accept and pass feature flags |
| internal/ghmcp/server.go | Wired lockdown configuration through server setup |
| cmd/github-mcp-server/main.go | Added CLI flag for lockdown mode |
| cmd/github-mcp-server/generate_docs.go | Updated docs generation to pass empty feature flags |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
pkg/lockdown/lockdown.go
Outdated
| // Check if the user has push access | ||
| hasPush := false | ||
| for _, edge := range query.Repository.Collaborators.Edges { | ||
| login := string(edge.Node.Login) | ||
| if strings.EqualFold(login, username) { | ||
| permission := string(edge.Permission) | ||
| // WRITE, ADMIN, and MAINTAIN permissions have push access | ||
| hasPush = permission == "WRITE" || permission == "ADMIN" || permission == "MAINTAIN" | ||
| break | ||
| } | ||
| } | ||
|
|
||
| return hasPush, nil | ||
| } |
There was a problem hiding this comment.
When the GraphQL query returns no collaborators (empty Edges array), the function returns false without distinguishing between "user not found" and "user has no push access". This could happen if the user is not a collaborator or if the repository query parameter doesn't match. Consider adding logging or a more specific error message to help diagnose why a user was denied access in lockdown mode.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This pull request introduces a special operating mode for the GitHub MCP server that if enabled will only return content from users with push access to the repository.
Lockdown mode is disabled by default and can be enabled through a console flag
lockdown-mode.This pr only adds lockdown mode to
GetIssuefunction, it will be applied to remaining tools in follow up pull requests.If lockdown is enabled and user requests an issue that was added by user without push access it will return an error:
To enable use a flag
run ./cmd/github-mcp-server stdio --lockdown-mode=trueBased on #428