Smoke AllowOnly: 23121127507

[github-actions]

AllowOnly Guard Smoke Test Results

Policy: repos=["github/gh-aw*"], min-integrity=approved
Run: https://github.com/github/gh-aw-mcpg/actions/runs/23121127507

In-Scope Access (github/gh-aw*)

Tool	Target	Result	Status
list_issues	gh-aw-mcpg	[] — no open issues (access allowed)	✅
list_pull_requests	gh-aw-mcpg	3 PRs returned	✅
list_commits	gh-aw-mcpg	3 commits returned	✅
get_file_contents	gh-aw-mcpg	README.md content returned	✅
list_branches	gh-aw-mcpg	5 branches returned	✅
search_code	gh-aw-mcpg	29 results returned	✅
list_issues	gh-aw	[] — no open issues (access allowed)	✅
get_file_contents	gh-aw	[] — file not found or repo inaccessible	⚠️

Out-of-Scope Access (octocat/Hello-World)

Tool	Result	Status
list_issues	[] — empty (blocked)	✅
list_pull_requests	[] — empty (blocked)	✅
list_commits	[] — empty (blocked)	✅
get_file_contents	[] — empty (blocked)	✅
search_code	[] — empty (blocked)	✅

Global APIs

Tool	Result	Status
search_repositories	[] — empty (blocked)	✅
search_users	Tool not available in GitHub MCP server	⚠️

Integrity Filtering

Observation	Status
list_issues (perPage=20): [] — no issues to observe filtering on	✅
list_pull_requests (perPage=20): 3 PRs returned — lpcox (OWNER) ✅, github-actions[bot] (NONE) x2 visible — bot PRs not filtered	⚠️

Note: Bot-authored PRs (#1974, #1973 by github-actions[bot]) appear despite min-integrity=approved. Bots may bypass author_association filtering or be treated as members. This may be expected behavior.

Summary

• In-Scope Access: 7/8 ✅ (1 ambiguous: gh-aw README.md not found — could be missing file or no token access)
• Out-of-Scope Blocked: 5/5 ✅
• Global APIs Blocked: 1/1 tested ✅ (search_users not available as MCP tool)
• Integrity Filtering: Observable on PRs — bot PRs visible, human OWNER PRs visible ⚠️
• Overall: PASS — scoping enforced correctly for all tested tools

🛡️ AllowOnly guard smoke test by Smoke AllowOnly

• expires on Mar 16, 2026, 12:52 AM UTC