Summary
The GitHub guard does not fully cover 2 write operation(s) reachable via the GitHub CLI that have no MCP tool counterpart and no guard entry. This means the guard has no pre-emptive classification for these operations if a corresponding MCP tool is added to the GitHub MCP server in the future.
- MCP tools scanned: 80 (from github-mcp-server toolsnaps)
- CLI write command categories scanned: ~12 (pr, issue, repo, release, gist, workflow, run, label, project, secret, variable, run)
- Guard-covered write tools (tools.rs): 42 in
WRITE_OPERATIONS + 10 in READ_WRITE_OPERATIONS
- Tools with explicit DIFC rules (tool_rules.rs): all read tools covered; write tools use default handling
- MCP tool classification gaps: 0 — all 80 upstream MCP tools are properly classified
- MCP tool labeling gaps: 0 — all read tools have explicit match arms in
apply_tool_labels
- New CLI-only gaps found this run: 2
GitHub CLI-Only Gaps
These write operations are reachable via the GitHub CLI but have no corresponding MCP tool and no guard entry. The guard has archive_repository as a pre-emptive entry (consistent with the pattern of pre-emptive entries for anticipated future MCP tools), but the symmetric unarchive_repository and the related rename_repository are absent.
| CLI Command |
REST Endpoint |
GitHub API Action |
Matches Pattern? |
Risk |
gh repo rename |
POST /repos/{owner}/{repo}/rename |
Renames the repository; breaks clone URLs, webhooks, and all references |
❌ rename_* unmatched |
Medium |
gh repo unarchive |
PATCH /repos/{owner}/{repo} (archived=false) |
Re-enables a previously archived repo for contributions |
❌ unarchive_* unmatched |
Low–Medium |
Why these matter
rename_repository — does not match any prefix pattern (create_*, delete_*, merge_*, update_*, lock_*, unlock_*). Without an explicit entry, if the MCP server adds a rename_repository tool, it would bypass write-classification and be treated as a read operation.unarchive_repository — symmetric to archive_repository, which IS already in WRITE_OPERATIONS as a pre-emptive entry. The lack of the inverse creates an asymmetry: archiving is guarded but un-archiving is not. The unarchive_* prefix is also not matched by any pattern.
Suggested fix for tools.rs
pub const WRITE_OPERATIONS: &[&str] = &[
// ... existing entries ...
// Pre-emptive entries for anticipated future MCP tools (no equivalent tool today)
"archive_repository", // gh repo archive
"unarchive_repository", // gh repo unarchive — symmetric to archive_repository
"rename_repository", // gh repo rename — breaks integrations; not matched by update_*
// ... other pre-emptive entries ...
];
Stale Guard Entries (bonus)
The following tools are in WRITE_OPERATIONS or READ_WRITE_OPERATIONS but no longer appear in the upstream github-mcp-server toolsnaps. They do have GitHub CLI equivalents (so they are not stale by strict definition), but they may represent tools that were consolidated or renamed in the MCP server:
| Tool Name |
List |
CLI Equivalent |
Notes |
run_workflow |
WRITE_OPERATIONS |
gh workflow run |
Likely superseded by actions_run_trigger (which IS in snaps) |
rerun_workflow_run |
WRITE_OPERATIONS |
gh run rerun |
Not in current MCP snaps |
rerun_failed_jobs |
WRITE_OPERATIONS |
gh run rerun --failed |
Not in current MCP snaps |
cancel_workflow_run |
WRITE_OPERATIONS |
gh run cancel |
Not in current MCP snaps |
delete_workflow_run_logs |
WRITE_OPERATIONS |
gh run delete |
Not in current MCP snaps |
add_project_item |
WRITE_OPERATIONS |
gh project item-add |
Likely superseded by projects_write |
delete_project_item |
WRITE_OPERATIONS |
gh project item-delete |
Likely superseded by projects_write |
update_project_item |
READ_WRITE_OPERATIONS |
gh project item-edit |
Likely superseded by projects_write |
update_issue |
READ_WRITE_OPERATIONS |
gh issue edit |
Likely superseded by issue_write |
create_pull_request_with_copilot |
READ_WRITE_OPERATIONS |
(no direct CLI equivalent) |
Not in MCP snaps; may be removed or renamed |
These entries are harmless (they won't match real tool calls if the tool no longer exists), but cleaning them up would improve maintainability.
References
Generated by GitHub Guard Coverage Checker (MCP + CLI) · ◷
Summary
The GitHub guard does not fully cover 2 write operation(s) reachable via the GitHub CLI that have no MCP tool counterpart and no guard entry. This means the guard has no pre-emptive classification for these operations if a corresponding MCP tool is added to the GitHub MCP server in the future.
WRITE_OPERATIONS+ 10 inREAD_WRITE_OPERATIONSapply_tool_labelsGitHub CLI-Only Gaps
These write operations are reachable via the GitHub CLI but have no corresponding MCP tool and no guard entry. The guard has
archive_repositoryas a pre-emptive entry (consistent with the pattern of pre-emptive entries for anticipated future MCP tools), but the symmetricunarchive_repositoryand the relatedrename_repositoryare absent.gh repo renamePOST /repos/{owner}/{repo}/renamerename_*unmatchedgh repo unarchivePATCH /repos/{owner}/{repo}(archived=false)unarchive_*unmatchedWhy these matter
rename_repository— does not match any prefix pattern (create_*,delete_*,merge_*,update_*,lock_*,unlock_*). Without an explicit entry, if the MCP server adds arename_repositorytool, it would bypass write-classification and be treated as a read operation.unarchive_repository— symmetric toarchive_repository, which IS already inWRITE_OPERATIONSas a pre-emptive entry. The lack of the inverse creates an asymmetry: archiving is guarded but un-archiving is not. Theunarchive_*prefix is also not matched by any pattern.Suggested fix for
tools.rsStale Guard Entries (bonus)
The following tools are in
WRITE_OPERATIONSorREAD_WRITE_OPERATIONSbut no longer appear in the upstream github-mcp-server toolsnaps. They do have GitHub CLI equivalents (so they are not stale by strict definition), but they may represent tools that were consolidated or renamed in the MCP server:run_workflowWRITE_OPERATIONSgh workflow runactions_run_trigger(which IS in snaps)rerun_workflow_runWRITE_OPERATIONSgh run rerunrerun_failed_jobsWRITE_OPERATIONSgh run rerun --failedcancel_workflow_runWRITE_OPERATIONSgh run canceldelete_workflow_run_logsWRITE_OPERATIONSgh run deleteadd_project_itemWRITE_OPERATIONSgh project item-addprojects_writedelete_project_itemWRITE_OPERATIONSgh project item-deleteprojects_writeupdate_project_itemREAD_WRITE_OPERATIONSgh project item-editprojects_writeupdate_issueREAD_WRITE_OPERATIONSgh issue editissue_writecreate_pull_request_with_copilotREAD_WRITE_OPERATIONSThese entries are harmless (they won't match real tool calls if the tool no longer exists), but cleaning them up would improve maintainability.
References