Skip to content

Add ifc label for search_repositories tool#2459

Merged
gokhanarkan merged 1 commit into
mainfrom
gokhanarkan/fides-search-repositories
May 13, 2026
Merged

Add ifc label for search_repositories tool#2459
gokhanarkan merged 1 commit into
mainfrom
gokhanarkan/fides-search-repositories

Conversation

@gokhanarkan
Copy link
Copy Markdown
Member

@gokhanarkan gokhanarkan commented May 12, 2026
edited
Loading

Emits an IFC SecurityLabel on the search_repositories tool result when the InsidersMode flag is enabled, mirroring the pattern landed for get_me (#2432), list_issues (#2453), get_file_contents (#2454), search_issues (#2456), and issue_read (#2457).

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389. The last ingress tool from #1623's table.

Chained on #2457 (which is itself chained on #2456). GitHub will auto-retarget the base to main as the upstream PRs merge.

What this PR does

Search results may span multiple repositories, so _meta.ifc for search_repositories is the IFC meet of the per-repository labels — same semantics as search_issues (#2456) after Joanna's review:

  • Integrity is always untrusted (repository names, descriptions, and topics are user-authored).
  • Confidentiality follows the IFC meet (greatest lower bound): private wins. A reader of the combined result must be authorised to read every matched private repository.
    • Empty result set → ["public"] (no data leaked).
    • All matched repos public → ["public"].
    • Otherwise → intersection of the collaborator sets across the private matches only (public repos contribute the universe set and drop out of the intersection without shrinking it).

If any per-repo collaborators lookup fails, the label is omitted entirely (consistent with get_file_contents, search_issues, and issue_read) to avoid misclassifying the result.

Helper consolidation

The math is identical to search_issues, so the helper has been renamed and is now shared:

  • ifc.LabelSearchIssuesifc.LabelSearchMultiRepo in pkg/ifc/ifc.go. Both search_issues and search_repositories call the same join function.
  • Removed the previous constant LabelSearchRepositories() (which returned PublicUntrusted()).
  • New attachSearchRepositoriesIFCLabel in pkg/github/search.go iterates result.Repositories, reads repo.GetPrivate() directly off the search response (no extra visibility API call), and fetches collaborators only for private hits.

Cost per request: 0 calls for an all-public result; N calls for N private matches (collaborators only). Cheaper than search_issues because visibility comes for free on the repository search payload.

Tests

Test_SearchRepositories_IFC_InsidersMode in pkg/github/search_test.go with 6 subtests mirroring the search_issues coverage:

  1. Insiders off → result.Meta == nil.
  2. Insiders on, all public → integrity=untrusted, confidentiality=["public"].
  3. Insiders on, mixed public + private → readers = the private repo's collaborator set (private wins).
  4. Insiders on, two private repos → intersection of collaborator sets.
  5. Insiders on, collaborators lookup fails (500) → no ifc meta.
  6. Insiders on, empty results → ["public"].

Validation

  • go test -race ./... — green.
  • gofmt -s clean; go vet ./... clean.
  • (./script/lint itself fails locally with a pre-existing golangci-lint Go-version mismatch unrelated to this change.)
  • No tool schema/annotation changes → no toolsnap or README regeneration needed.

Copilot AI review requested due to automatic review settings May 12, 2026 14:56
@gokhanarkan gokhanarkan requested a review from a team as a code owner May 12, 2026 14:56
Copilot AI reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds IFC (_meta.ifc) annotation to the search_repositories MCP tool output when InsidersMode is enabled, aligning search_repositories with the existing IFC-labeling pattern used across other ingress tools.

Changes:

  • Added ifc.LabelSearchRepositories() returning a constant PublicUntrusted() label for repository search results.
  • Updated SearchRepositories to attach _meta.ifc on successful responses when deps.GetFlags(ctx).InsidersMode is true.
  • Added unit test coverage verifying IFC metadata is omitted when insiders mode is off and present (public/untrusted) when on.
Show a summary per file
File Description
pkg/ifc/ifc.go Adds LabelSearchRepositories() helper documenting/encapsulating the label decision for search_repositories.
pkg/github/search.go Attaches _meta.ifc to search_repositories successful results behind InsidersMode.
pkg/github/search_test.go Adds Test_SearchRepositories_IFC_InsidersMode covering both insiders on/off behavior.

Copilot's findings

  • Files reviewed: 3/3 changed files
  • Comments generated: 0

@gokhanarkan gokhanarkan force-pushed the gokhanarkan/fides-issue-read branch from 6181edd to 5271c51 Compare May 12, 2026 15:04
@gokhanarkan gokhanarkan force-pushed the gokhanarkan/fides-search-repositories branch from 86d20eb to ea5755f Compare May 12, 2026 15:05
@gokhanarkan gokhanarkan force-pushed the gokhanarkan/fides-issue-read branch from 5271c51 to 513d12b Compare May 13, 2026 12:15
@gokhanarkan gokhanarkan force-pushed the gokhanarkan/fides-search-repositories branch 2 times, most recently from 9568f77 to ff861d2 Compare May 13, 2026 12:20
@gokhanarkan gokhanarkan requested a review from JoannaaKL May 13, 2026 12:23
JoannaaKL
JoannaaKL previously approved these changes May 13, 2026
View reviewed changes
Base automatically changed from gokhanarkan/fides-issue-read to main May 13, 2026 12:48
@gokhanarkan gokhanarkan dismissed JoannaaKL’s stale review May 13, 2026 12:48

The base branch was changed.

@gokhanarkan
Add ifc label for search_repositories tool
d99a34b 
Emits an IFC SecurityLabel on the search_repositories tool result when
the InsidersMode flag is enabled, mirroring the pattern landed for
get_me (#2432), list_issues (#2453), get_file_contents (#2454),
search_issues (#2456), and issue_read (#2457).

Search results may span multiple repositories, so the join math
(integrity always untrusted; private wins by intersecting collaborator
sets across the matched private repos only) is shared with search_issues
via ifc.LabelSearchIssues. Visibility is read directly off the search
response's repo.Private field — no extra API call. Collaborators are
fetched only for private hits, and any failure causes the label to be
omitted entirely (consistent with search_issues / issue_read /
get_file_contents).

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.
@gokhanarkan gokhanarkan force-pushed the gokhanarkan/fides-search-repositories branch from ff861d2 to d99a34b Compare May 13, 2026 12:54
@gokhanarkan gokhanarkan merged commit 3a4bc26 into main May 13, 2026
18 checks passed
@gokhanarkan gokhanarkan deleted the gokhanarkan/fides-search-repositories branch May 13, 2026 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JoannaaKL JoannaaKL JoannaaKL approved these changes

+1 more reviewer

@pachecocordovamoiseseduardo-byte pachecocordovamoiseseduardo-byte pachecocordovamoiseseduardo-byte approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gokhanarkan @JoannaaKL @pachecocordovamoiseseduardo-byte