Skip to content

feat(formal-spec): add PRECOND_BlockedUsersRequireMinIntegrity to access-control formal model#45103

Draft
pelikhan with Copilot wants to merge 2 commits into
mainfrom
copilot/github-mcp-access-control-compliance
Draft

feat(formal-spec): add PRECOND_BlockedUsersRequireMinIntegrity to access-control formal model#45103
pelikhan with Copilot wants to merge 2 commits into
mainfrom
copilot/github-mcp-access-control-compliance

Conversation

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

The behavioral coverage map in specs/github-mcp-access-control-compliance/README.md was missing the PRECOND_BlockedUsersRequireMinIntegrity predicate — the validation rule that blocked-users requires min-integrity to be set — leaving the 15-predicate table from the issue incomplete and the precondition untested in the formal suite.

Changes

  • pkg/workflow/github_mcp_access_control_formal_test.go

    • Added formalValidateConfig — in-test mini-validator mirroring the compile-time precondition for formalToolConfig, consistent with the existing formalEvaluateAccess pattern
    • Added TestFormal_BlockedUsersRequireMinIntegrity covering three cases: missing min-integrity errors, valid config with both fields set, and empty blocked-users (guard inactive, no error)
  • specs/github-mcp-access-control-compliance/README.md

    • Added PRECOND_BlockedUsersRequireMinIntegrity row to the behavioral coverage map, completing the full 15-predicate table
func formalValidateConfig(cfg formalToolConfig) error {
    if len(cfg.BlockedUsers) > 0 && cfg.MinIntegrity == "" {
        return errors.New("invalid guard policy: blocked-users requires min-integrity to be set")
    }
    return nil
}

…rage

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add formal model and test suite for access control compliance feat(formal-spec): add PRECOND_BlockedUsersRequireMinIntegrity to access-control formal model Jul 12, 2026
Copilot AI requested a review from pelikhan July 12, 2026 16:02
@github-actions

Copy link
Copy Markdown
Contributor

🤖 PR Triage

Field Value
Category test
Risk low
Priority Score 45/100
Score Breakdown impact: 20, urgency: 10, quality: 15
Action batch_review

Adds PRECOND_BlockedUsersRequireMinIntegrity formal test + spec README. 2 files, +37/-0. Draft, CI unknown. Additive test/docs. Candidate for batch review with other formal-spec test PRs.

Generated by 🔧 PR Triage Agent · 142.9 AIC · ⌖ 7.2 AIC · ⊞ 5.6K ·

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[formal-spec] github-mcp-access-control-compliance/README.md — Formal model & test suite — 2026-07-12

2 participants