Skip to content

[review] feat: implement private-to-public-flows: allow as a tools.github frontmatter field#45129

Closed
github-actions[bot] wants to merge 8 commits into
mainfrom
copilot/implement-private-to-public-flows-review-1783884427946
Closed

[review] feat: implement private-to-public-flows: allow as a tools.github frontmatter field#45129
github-actions[bot] wants to merge 8 commits into
mainfrom
copilot/implement-private-to-public-flows-review-1783884427946

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Reason: agent_failure

Review the workflow run logs for details.

This PR contains changes that were originally intended for PR #45113 (copilot/implement-private-to-public-flows).
Please review the changes carefully before merging.


Generated by 👨‍🍳 PR Sous Chef · 8.27 AIC · ⌖ 6.32 AIC · ⊞ 7.5K ·
Comment /souschef to run again

Copilot AI and others added 6 commits July 12, 2026 17:01
…ield

- Add `private-to-public-flows` to the workflow frontmatter JSON schema
  under `tools.github`, accepting either `"allow"` (blanket opt-out) or
  an array of server ID strings (selective exemption)
- Add `PrivateToPublicFlows any` field to `GitHubToolConfig` struct
- Parse `private-to-public-flows` in `parseGitHubTool` (string and
  []string/[]any forms)
- Add `ForcePublicRepos *bool` and `SinkVisibilityExemptServers []string`
  to `MCPGatewayRuntimeConfig`
- In `buildMCPGatewayConfig`, translate `PrivateToPublicFlows` to the
  gateway config fields
- Emit `"forcePublicRepos": false` and `"sinkVisibilityExemptServers"`
  in the gateway JSON section of the renderer
- Reject `private-to-public-flows: allow` in strict mode (list form
  allowed per MCP Gateway Spec Section 10.9.4)
- Add documentation section to github-tools.md
- Add tests: parsing, gateway config building, emission, strict mode

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
…date server IDs, fix shell safety, update docs

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Base automatically changed from copilot/implement-private-to-public-flows to main July 12, 2026 20:01
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, review the PR state, and complete any remaining branch refresh or checks so maintainers can evaluate this follow-up PR quickly.

Generated by 👨‍🍳 PR Sous Chef · 18.8 AIC · ⌖ 7.66 AIC · ⊞ 4.2K ·
Comment /souschef to run again

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

@copilot please run the pr-finisher skill, review the PR state, and complete any remaining branch refresh or checks so maintainers can evaluate this follow-up PR quickly.

...

Done. I ran PR finisher actions: refreshed the branch from main and resolved the merge conflict, then ran local validation (make fmt, make lint, make test-unit, make test, make recompile, and make agent-report-progress). The update is in commit 9dfcaa3; PR mergeability is now clean. CI on this new HEAD is still unverified until a maintainer re-triggers workflows.

Copilot AI requested a review from gh-aw-bot July 12, 2026 20:23
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, review the PR state, and rerun checks once the branch is ready for maintainer review.

Generated by PR Sous Chef run https://github.com/github/gh-aw/actions/runs/29207618338

Generated by 👨‍🍳 PR Sous Chef · 11.8 AIC · ⌖ 6.23 AIC · ⊞ 4.2K ·
Comment /souschef to run again

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

@copilot please run the pr-finisher skill, review the PR state, and rerun checks once the branch is ready for maintainer review.

Generated by PR Sous Chef run https://github.com/github/gh-aw/acti...

Completed a second PR-finisher pass on current HEAD 9dfcaa3: PR is open/non-draft, mergeable clean, no unresolved review threads, and local checks rerun successfully (make fmt, make lint, make test-unit, make test, make recompile, make agent-report-progress). CI checks on this HEAD still need a maintainer-triggered rerun (workflow_dispatch, close/reopen, or maintainer push).

@github-actions

This comment has been minimized.

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address unresolved review feedback, refresh the branch if needed, and rerun checks once updates are ready.

Generated by 👨‍🍳 PR Sous Chef · 4.05 AIC · ⌖ 7.38 AIC · ⊞ 7.5K ·
Comment /souschef to run again

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

@copilot please run the pr-finisher skill, address unresolved review feedback, refresh the branch if needed, and rerun checks once updates are ready.

...

Completed a PR-finisher pass on HEAD 9dfcaa3: there are no unresolved review threads, PR state is open/non-draft and mergeable clean, and local checks all passed (make fmt, make lint, make test-unit, make test, make recompile, make agent-report-progress). I also reviewed recent workflow runs/logs; the referenced run 29205138163 is currently successful, while CI on the current head remains maintainer-triggered for fresh verification.

@github-actions

Copy link
Copy Markdown
Contributor Author

Hey team 👋 — this auto-generated review PR for the private-to-public-flows: allow frontmatter feature adds a changeset entry (+5 lines) that was originally scoped to PR #45113. The change itself is well-targeted and focused.

A couple of things worth noting before merging:

  • Agentic threat flag — the PR body includes a gh-aw-threat-detected caution block with reason agent_failure. Manual review of the linked workflow run is required before any follow-up automation is triggered, per the inline notice.
  • No tests — the diff only adds .changeset/minor-private-to-public-flows.md. If the underlying implementation (in PR feat: implement private-to-public-flows: allow as a tools.github frontmatter field #45113 or its successor) doesn't yet have test coverage for the private-to-public-flows: allow flow, that should be addressed before this changeset is merged so the release entry accurately reflects a fully tested feature.

If you'd like an agent to help close the gap:

Add tests for the `private-to-public-flows: allow` field in the `tools.github` frontmatter.
Cover the following cases:
1. Workflow with `private-to-public-flows: allow` set — should permit the flow without error.
2. Workflow without the field — should use the default (deny) behaviour.
3. Invalid value (e.g. `private-to-public-flows: maybe`) — should return a validation error.
Place tests alongside the existing `tools.github` frontmatter tests.

Generated by ✅ Contribution Check · 115.3 AIC · ⌖ 9.07 AIC · ⊞ 6.2K ·

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

pr-sous-chef
@copilot please run the pr-finisher skill, review the current PR state, address any remaining feedback, and rerun checks once the branch is ready for maintainer review.

Run: https://github.com/github/gh-aw/actions/runs/29220275355

Generated by 👨‍🍳 PR Sous Chef · 8.27 AIC · ⌖ 6.32 AIC · ⊞ 7.5K ·
Comment /souschef to run again

Copilot AI commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

pr-sous-chef
@copilot please run the pr-finisher skill, review the current PR state, address any remaining feedback, and rerun checks once the branch is ready for maintainer review.
...

Completed another PR-finisher pass on HEAD 331153f: PR is open/non-draft and mergeable clean, with no unresolved review threads. I reran local checks successfully (make fmt, make lint, make test-unit, make test, make recompile, make agent-report-progress) and reviewed workflow run 29220275355 plus branch run logs; no failed jobs were reported there. CI on this HEAD remains maintainer-triggered for fresh verification before merge.

@lpcox lpcox closed this Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants