Closed
feat(formal-spec): add PRECOND_BlockedUsersRequireMinIntegrity to access-control formal model#45103
Conversation
…rage Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add formal model and test suite for access control compliance
feat(formal-spec): add PRECOND_BlockedUsersRequireMinIntegrity to access-control formal model
Jul 12, 2026
Contributor
🤖 PR Triage
Adds
|
pelikhan
approved these changes
Jul 13, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Adds formal-model coverage for the blocked-users/min-integrity precondition.
Changes:
- Adds a formal validator and three validation scenarios.
- Adds the predicate to the compliance coverage map.
- Requires reconciliation with the linked normative specification.
Show a summary per file
| File | Description |
|---|---|
pkg/workflow/github_mcp_access_control_formal_test.go |
Adds precondition modeling and tests. |
specs/github-mcp-access-control-compliance/README.md |
Documents the new predicate coverage. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 1
- Review effort level: Medium
| | `INV2_ErrorCode` | `TestFormal_ErrorCodeFirstFailingGuard` | Deny error code matches first failing guard; table covers each guard as first failure | | ||
| | `SAFETY_BlockedUserAlwaysDenied` | `TestFormal_BlockedUserSafetyProperty` | Safety: blocked user always produces `-32005` when all earlier guards pass | | ||
| | `SAFETY_NoSpuriousAllow` | `TestFormal_NoSpuriousAllowInvariant` | Safety: no allow decision when any guard fails | | ||
| | `PRECOND_BlockedUsersRequireMinIntegrity` | `TestFormal_BlockedUsersRequireMinIntegrity` | Validation error when blocked-users set without min-integrity | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The behavioral coverage map in
specs/github-mcp-access-control-compliance/README.mdwas missing thePRECOND_BlockedUsersRequireMinIntegritypredicate — the validation rule thatblocked-usersrequiresmin-integrityto be set — leaving the 15-predicate table from the issue incomplete and the precondition untested in the formal suite.Changes
pkg/workflow/github_mcp_access_control_formal_test.goformalValidateConfig— in-test mini-validator mirroring the compile-time precondition forformalToolConfig, consistent with the existingformalEvaluateAccesspatternTestFormal_BlockedUsersRequireMinIntegritycovering three cases: missingmin-integrityerrors, valid config with both fields set, and emptyblocked-users(guard inactive, no error)specs/github-mcp-access-control-compliance/README.mdPRECOND_BlockedUsersRequireMinIntegrityrow to the behavioral coverage map, completing the full 15-predicate table