feat: implement private-to-public-flows: allow as a tools.github frontmatter field#45113
Conversation
|
Hey A couple of things to address before this can move forward:
Once the checklist items are ticked off and the diff lands, this looks like it will be on a solid path to merge.
|
…ield - Add `private-to-public-flows` to the workflow frontmatter JSON schema under `tools.github`, accepting either `"allow"` (blanket opt-out) or an array of server ID strings (selective exemption) - Add `PrivateToPublicFlows any` field to `GitHubToolConfig` struct - Parse `private-to-public-flows` in `parseGitHubTool` (string and []string/[]any forms) - Add `ForcePublicRepos *bool` and `SinkVisibilityExemptServers []string` to `MCPGatewayRuntimeConfig` - In `buildMCPGatewayConfig`, translate `PrivateToPublicFlows` to the gateway config fields - Emit `"forcePublicRepos": false` and `"sinkVisibilityExemptServers"` in the gateway JSON section of the renderer - Reject `private-to-public-flows: allow` in strict mode (list form allowed per MCP Gateway Spec Section 10.9.4) - Add documentation section to github-tools.md - Add tests: parsing, gateway config building, emission, strict mode Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
private-to-public-flows: allow as a tools.github frontmatter field
There was a problem hiding this comment.
Pull request overview
Adds frontmatter support for configuring private-to-public MCP data flows.
Changes:
- Parses and validates blanket or selective exemptions.
- Emits corresponding MCP Gateway configuration.
- Documents and tests the new behavior.
Show a summary per file
| File | Description |
|---|---|
pkg/workflow/tools_types.go |
Adds configuration fields. |
pkg/workflow/tools_parser.go |
Parses the new field. |
pkg/workflow/strict_mode_network_validation.go |
Rejects blanket exemptions in strict mode. |
pkg/workflow/private_to_public_flows_test.go |
Tests parsing, emission, and strict mode. |
pkg/workflow/mcp_renderer.go |
Renders gateway JSON fields. |
pkg/workflow/mcp_gateway_config.go |
Derives gateway runtime settings. |
pkg/parser/schemas/main_workflow_schema.json |
Defines frontmatter schema. |
docs/src/content/docs/reference/github-tools.md |
Documents both exemption forms. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 8/8 changed files
- Comments generated: 6
- Review effort level: Medium
| case string: | ||
| if v == "allow" { | ||
| // Blanket opt-out: disable the runtime public-repos override. | ||
| falseVal := false | ||
| forcePublicRepos = &falseVal |
| case []any: | ||
| // Array of server ID strings | ||
| servers := make([]string, 0, len(v)) | ||
| for _, item := range v { | ||
| if s, ok := item.(string); ok { | ||
| servers = append(servers, s) | ||
| } | ||
| } | ||
| config.PrivateToPublicFlows = servers |
| for i, serverID := range options.GatewayConfig.SinkVisibilityExemptServers { | ||
| if i > 0 { | ||
| configBuilder.WriteString(", ") | ||
| } | ||
| fmt.Fprintf(&configBuilder, "%q", serverID) |
| When you intentionally need private-to-public data flows, declare `private-to-public-flows` under `tools.github`. | ||
|
|
||
| ### Blanket opt-out (`allow`) | ||
|
|
||
| ```yaml | ||
| tools: | ||
| github: | ||
| private-to-public-flows: allow |
| github: | ||
| private-to-public-flows: | ||
| - github-mcp-server | ||
| - my-custom-server | ||
| ``` |
|
\n@copilot please run the skill, address any unresolved review feedback, and rerun checks once the branch is up to date.
|
|
@copilot run pr-finisher skill |
…date server IDs, fix shell safety, update docs Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
All six review issues have been addressed in commit
|
|
@copilot please run the
|
All prior review threads have been addressed in commit Review threads addressed:
Local validation:
CI: All runs on |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
❌ Smoke Copilot Small failed. Please review the logs for details. |
|
📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing... |
Smoke test
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "proxy.golang.org"See Network Configuration for more information.
|
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Gemini Results
Overall Status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment.
|
|
Caution agentic threat detected DetailsThe threat detection engine failed to produce results. Review the workflow run logs for details. Pull request created: #45129
|
💥 Smoke Test: Claude — Run 29205138142Core Tests #1-12: ✅ All passed Overall: PARTIAL (all runnable tests passed; 2 skipped) Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · 64.5 AIC · ⌖ 31.4 AIC · ⊞ 8.4K
Comment /smoke-claude to run again
| // and MCPG >= v0.2.18. | ||
| // Valid values: "approved", "unapproved", "merged" | ||
| EndorserMinIntegrity string `yaml:"endorser-min-integrity,omitempty"` | ||
| // PrivateToPublicFlows opts out of cross-visibility protections for private→public data flows. |
There was a problem hiding this comment.
Nice clear doc comment explaining the dual string/[]string semantics of PrivateToPublicFlows. 👍
| ToolTimeout string `yaml:"tool-timeout,omitempty"` // Timeout for individual MCP tool calls as a Go duration string (e.g. "2m", "30s"); empty = gateway built-in default (60s) | ||
| OTLPEndpoint string `yaml:"-"` // OTLP collector endpoint (derived from observability.otlp, not user-settable) | ||
| OTLPHeaders string `yaml:"-"` // Raw OTLP HTTP headers string (derived from observability.otlp, not user-settable) | ||
| // ForcePublicRepos controls the gateway's runtime public-repo override. |
There was a problem hiding this comment.
Good use of *bool pointer for ForcePublicRepos to distinguish unset vs false. Consider a brief note on the default nil behavior.
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Fixed in the latest commit. The CI failure was caused by |
Smoke CopilotPR: feat: implement Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
Smoke review done.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · 100.1 AIC · ⌖ 4.8 AIC · ⊞ 19.1K
Comment /smoke-copilot to run again
Add label smoke to run again
The compiler didn't parse or emit
private-to-public-flowsdespite the MCP Gateway spec (v1.15.0 §10.9) and gateway schema already definingforcePublicReposandsinkVisibilityExemptServers. This wires the full frontmatter → struct → gateway JSON pipeline.Frontmatter syntax
Blanket opt-out (disables
forcePublicReposandsink-visibilityenforcement for all servers):Selective exemption (exempts listed server IDs from default
sink-visibilityenforcement only):Changes
Schema (
pkg/parser/schemas/main_workflow_schema.json): addedprivate-to-public-flowstotools.githubobject; accepts"allow"string or array of server ID strings;additionalProperties: falsealready enforced.Struct (
pkg/workflow/tools_types.go):PrivateToPublicFlows anyonGitHubToolConfig;ForcePublicRepos *boolandSinkVisibilityExemptServers []stringonMCPGatewayRuntimeConfig.Parser (
pkg/workflow/tools_parser.go):parseGitHubToolhandlesstring,[]any, and[]stringforms.Compiler emission (
pkg/workflow/mcp_gateway_config.go,mcp_renderer.go):buildMCPGatewayConfigreadsPrivateToPublicFlowsand sets gateway fields; renderer emits"forcePublicRepos": falseor"sinkVisibilityExemptServers": [...]in the gateway JSON block.Strict mode (
pkg/workflow/strict_mode_network_validation.go):private-to-public-flows: allowis rejected in strict mode per spec §10.9.4 (interaction matrix:allow+strict= compile error); list form remains valid.Docs (
docs/src/content/docs/reference/github-tools.md): added "Cross-Visibility Opt-Out" section covering both forms, security implications, and:::cautionblock for the strict mode incompatibility.Tests (
pkg/workflow/private_to_public_flows_test.go): parsing (all input variants),buildMCPGatewayConfigfield propagation, end-to-end YAML emission assertions, strict mode acceptance/rejection.✨ PR Review Safe Output Test - Run 29205138142
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.