Open
Conversation
… in repo (github#1682) * change list workflow runs to allow empty resource id to list all runs in repo * update docs
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v8) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
This guide was already added as part of github#1340. Update README.md to point to this
Add explicit Docker image URL (ghcr.io/github/github-mcp-server) to the Prerequisites section for better discoverability. Fixes github#1505 Signed-off-by: majiayu000 <1835304752@qq.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Change the parameter name in assign_copilot_to_issue tool from 'issueNumber' (camelCase) to 'issue_number' (snake_case) to match the naming convention used by all other tools in the issues toolset. This improves API consistency and makes the tool parameters more predictable for users and AI models. Fixes github#1239 Signed-off-by: majiayu000 <1835304752@qq.com>
Update auto-generated documentation to reflect the issueNumber -> issue_number parameter rename in assign_copilot_to_issue tool.
* Add API Error annotations to GitHub issue errors * Return an error back. --------- Co-authored-by: Matt Holloway <mattdholloway@github.com>
…ltering When multiple tools share the same name but have different feature flags (like GetJobLogs and ActionsGetJobLogs both named "get_job_logs"), filterToolsByName was only returning the first match. This caused the remote server to fail with "unknown tool" error when the first matching tool was disabled by feature flags, even though another variant was enabled. The fix modifies filterToolsByName to return ALL tools with matching names, allowing the feature flag filtering in AvailableTools to select the correct variant based on the enabled flags. Fixes github#1714 Signed-off-by: majiayu000 <1835304752@qq.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fallback to default branch in get_file_contents when main doesn't exist * Addressing review comments * Improvements to push_files tool * Fixed copilot comments * Addressing review comments * Remove debug statement
- Created pkg/scopes package with OAuth scope constants - Added RequiredScopes and AcceptedScopes fields to ServerTool - Added NewToolWithScopes helpers in dependencies.go - Updated context tools (get_me, get_teams, get_team_members) with scopes Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
- Updated 60+ tools with required and accepted OAuth scopes - Added scopes to: gists, git, notifications, projects, code scanning, dependabot, secret scanning, security advisories, actions, discussions, issues (partial), labels, pull requests (partial), repositories (partial), search (partial) - Remaining: ~20 tools in issues, pullrequests, repositories, and search files Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
- Updated all remaining tools with OAuth scope information - Added scope documentation generation to generate-docs command - Documentation now shows Required and Accepted OAuth scopes for each tool - All 100+ tools now have scope information defined - Tests pass, linter passes, documentation generated successfully Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
- Replace NewToolWithScopes with updated NewTool that includes scope parameters - All tools now use the same constructor with explicit scope requirements - Documentation only shows accepted scopes when they differ from required - Removed NewToolWithScopes and NewToolFromHandlerWithScopes helper functions Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
- Add ScopeHierarchy map defining parent-child scope relationships - Add ExpandScopes() function to derive accepted scopes from required scopes - Update NewTool/NewToolFromHandler to take []scopes.Scope and auto-derive AcceptedScopes - Add new scope constants: NoScope, User, ReadUser, UserEmail, ReadPackages, WritePackages - Update all tool files to use new signature with typed scopes - Add comprehensive tests for ExpandScopes The scope hierarchy allows automatic derivation of accepted scopes: - repo → public_repo, security_events - admin:org → write:org → read:org - project → read:project - write:packages → read:packages - user → read:user, user:email This enables the remote server to consume scope info directly from OSS tools.
public_repo is implicit - the GitHub API handles the distinction between public and private repos. Using repo as the required scope is more consistent with our enforcement model: - PATs: tools visible if token has repo scope - OAuth: scope challenge requests repo scope
Map iteration in Go is non-deterministic, which causes doc generation to produce different output on each run. Sort the scope slices in: - ScopeSet.ToSlice() - ScopeSet.ToStringSlice() - ExpandScopes()
Add the ability to filter tools based on token scopes for PAT users. This uses an HTTP HEAD request to GitHub's API to discover token scopes. New components: - pkg/scopes/filter.go: HasRequiredScopes checks if scopes satisfy tool requirements - pkg/scopes/fetcher.go: FetchTokenScopes gets scopes via HTTP HEAD to GitHub API - pkg/github/scope_filter.go: CreateScopeFilter creates inventory.ToolFilter Integration: - Add --filter-by-scope flag to stdio command (disabled by default) - When enabled, fetches token scopes on startup - Tools requiring unavailable scopes are hidden from tool list - Gracefully continues without filtering if scope fetch fails (logs warning) This allows the OSS server to have similar scope-based tool visibility as the remote server, and the filter logic can be reused by remote server.
Scope filtering is now a built-in feature rather than a configurable option. The server automatically fetches token scopes at startup and filters tools accordingly. If scope detection fails, it logs a warning and continues with all tools available.
- Scope filtering only applies to classic PATs which return X-OAuth-Scopes - Fine-grained PATs and other token types skip filtering (all tools shown) - Updated docs to clarify PAT filtering vs OAuth scope challenges
Clarified instructions to run commands in the terminal instead of Claude Code CLI.
The CompleteParams.Context field is optional (marked omitempty) and can be nil when clients don't send it. The code was accessing Context.Arguments directly without checking if Context was nil first, causing a panic. This fix adds a nil check for Context before accessing Arguments.
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
….1.1+ Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
* Bringing back local mcp server registry config * Making auth header optional
The generate-docs command now outputs toolset IDs (e.g., `actions`, `code_security`) wrapped in backticks instead of display names (e.g., "Actions", "Code Security"). This ensures the manual changes from PR github#1756 persist when the docs are regenerated, fixing the issue where users need to configure the actual toolset ID, not the display name. Changes: - Modified generateRemoteToolsetsDoc() to use `idStr` instead of `formattedName()` - Modified generateRemoteOnlyToolsetsDoc() to use `idStr` instead of `formattedName()` - Both functions now wrap the toolset ID in backticks for clarity Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
The RepositoryResourceContentsHandler was using closure-captured deps instead of retrieving them from context at call time. This causes issues on the remote server which injects per-request deps via context. Changed to use MustDepsFromContext(ctx) pattern consistent with tool handlers in NewTool and NewToolFromHandler.
The ForMCPRequest optimization was incorrectly filtering resources by
doing an exact string match between the URI template pattern and the
concrete URI. This would never match because templates like
'repo://{owner}/{repo}/contents{/path*}' don't match concrete URIs
like 'repo://owner/repo/contents/file.py'.
Instead of implementing template matching in the inventory, we simply
keep all resources registered for resources/read requests and let the
SDK handle URI template matching internally (which it already does
correctly via uritemplate.Regexp().MatchString()).
This fixes resources/read returning 'Resource not found' for valid URIs.
- Add optional base_ref parameter to tool schema - Change from replaceActorsForAssignable to updateIssue mutation with agentAssignment - Add AgentAssignmentInput and UpdateIssueInput structs for new GraphQL mutation - Update all tests to use new mutation structure - Add test case for base_ref functionality - Update toolsnaps and documentation Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
- Add context-based GraphQL feature flag support - Modify bearerAuthTransport to read features from context and add GraphQL-Features header - Use issues_copilot_assignment_api_support feature flag for updateIssue mutation - Export GetGraphQLFeatures function for use in HTTP transport layer This allows the assign_copilot_to_issue tool to work with the non-GA agent assignment API by sending the required GraphQL-Features header. Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
نموذج أولي
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the
✨ Finishing touches🧪 Generate unit tests (beta)
Important Action Needed: IP Allowlist UpdateIf your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:
Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
Fixes #
What changed
MCP impact
Prompts tested (tool changes only)
Security / limits
Tool renaming
deprecated_tool_aliases.goNote: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.
Lint & tests
./script/lint./script/testDocs