Skip to content

feat(guard): add DIFC labeling for GitHub Projects tools#2095

Merged
lpcox merged 8 commits intomainfrom
copilot/add-difc-labeling-for-github-projects
Mar 18, 2026
Merged

feat(guard): add DIFC labeling for GitHub Projects tools#2095
lpcox merged 8 commits intomainfrom
copilot/add-difc-labeling-for-github-projects

Conversation

Copy link
Contributor

Copilot AI commented Mar 18, 2026
edited
Loading

The four GitHub Projects read tools (list_projects, get_project, list_project_fields, list_project_items) fell through to the default case in tool_rules.rs, causing two independent failures: (1) bare "none" integrity vs. scoped "none:github" on the agent — exact-match comparison always fails, blocking all project access even with min-integrity: none; (2) even with scope fixed, projects got none integrity rather than the approved level warranted by org-membership requirements.

Changes

tool_rules.rs

  • Add explicit match arm for all four project read tools
  • Extract owner from tool args; set baseline_scope = owner so ensure_integrity_baseline uses the correct scope token
  • Use writer_integrity(&baseline_scope, ctx)approved:<owner> (creating/managing projects requires org membership)

response_paths.rs

  • Add per-item path labeling for list_project_items (heterogeneous collection)
    • ISSUE / PULL_REQUEST: secrecy from repo visibility via repository_url; integrity from author_association
    • DRAFT_ISSUE / unknown: empty secrecy; org-scoped approved integrity

Reproduction matrix (from upstream)

repos min-integrity Before After
"all" none
["github/*"] none "none" ≠ "none:github" "none:github"
"all" approved ❌ resource only has "none" ✅ resource has "approved"

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • example.com
    • Triggering command: /tmp/go-build1091184930/b332/launcher.test /tmp/go-build1091184930/b332/launcher.test -test.testlogfile=/tmp/go-build1091184930/b332/testlog.txt -test.paniconexit0 -test.timeout=10m0s stup�� g_.a stup/toolchains/stable-x86_64-un/tmp/go-build3339158387/b269/ x_amd64/compile (dns block)
  • invalid-host-that-does-not-exist-12345.com
    • Triggering command: /tmp/go-build1091184930/b317/config.test /tmp/go-build1091184930/b317/config.test -test.testlogfile=/tmp/go-build1091184930/b317/testlog.txt -test.paniconexit0 -test.timeout=10m0s c4d6�� ternal/engine/wazevo/wazevoapi/debug_options.go ternal/engine/wazevo/wazevoapi/exitcode.go x_amd64/compile (dns block)
  • nonexistent.local
    • Triggering command: /tmp/go-build1091184930/b332/launcher.test /tmp/go-build1091184930/b332/launcher.test -test.testlogfile=/tmp/go-build1091184930/b332/testlog.txt -test.paniconexit0 -test.timeout=10m0s stup�� g_.a stup/toolchains/stable-x86_64-un/tmp/go-build3339158387/b269/ x_amd64/compile (dns block)
  • slow.example.com
    • Triggering command: /tmp/go-build1091184930/b332/launcher.test /tmp/go-build1091184930/b332/launcher.test -test.testlogfile=/tmp/go-build1091184930/b332/testlog.txt -test.paniconexit0 -test.timeout=10m0s stup�� g_.a stup/toolchains/stable-x86_64-un/tmp/go-build3339158387/b269/ x_amd64/compile (dns block)
  • this-host-does-not-exist-12345.com
    • Triggering command: /tmp/go-build1091184930/b341/mcp.test /tmp/go-build1091184930/b341/mcp.test -test.testlogfile=/tmp/go-build1091184930/b341/testlog.txt -test.paniconexit0 -test.timeout=10m0s /tmp/go-build1091184930/b268/vet.cfg ypass.go ommon.go x_amd64/compile erive-f8a9da973e/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet g/x/net/dns/dnsm-unsafeptr=false erive-f8a9da973e-unreachable=false x_amd64/compile 9158�� 9158387/b093/_pkgo1.25.8 J6jg/M1uOXhMTrsT-c=4 x_amd64/vet erive-f8a9da973e/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet erive-f8a9da973e-atomic -Wl,-Bstatic x_amd64/vet (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI linked an issue Mar 18, 2026 that may be closed by this pull request
feat(guard): add DIFC labeling for GitHub Projects tools #2094
Closed
@lpcox
feat(guard): add DIFC labeling for GitHub Projects tools
d50024a 
- Add explicit match arms in tool_rules.rs for list_projects, get_project,
  list_project_fields, and list_project_items using owner-scoped approved
  integrity. Fixes scope-mismatch bug (bare "none" vs "none:<owner>") and
  integrity-level bug (now approved instead of none).
- Add per-item path labeling in response_paths.rs for list_project_items:
  ISSUE/PULL_REQUEST items use repository_url secrecy + author_association
  integrity; DRAFT_ISSUE items use org-scoped approved integrity.
- Add unit tests covering all four tools and three item types.

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot AI changed the title [WIP] [feat(guard)] Add DIFC labeling for GitHub Projects tools feat(guard): add DIFC labeling for GitHub Projects tools Mar 18, 2026
Copilot AI requested a review from lpcox March 18, 2026 17:58
@lpcox lpcox marked this pull request as ready for review March 18, 2026 18:00
Copilot AI review requested due to automatic review settings March 18, 2026 18:00
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the GitHub guard’s DIFC labeling rules to properly scope and elevate integrity for GitHub Projects read tools, and adds fine-grained (per-item) response labeling for heterogeneous project items to avoid integrity-scope mismatches and incorrect integrity floors.

Changes:

  • Add explicit tool_rules match arm for GitHub Projects read tools to scope integrity to the org owner and set an approved-level baseline.
  • Add response_paths handler for list_project_items to label items differently based on whether they represent repo-backed issues/PRs vs draft/unknown item types.
  • Add unit tests covering scope alignment and integrity level expectations for Projects tools and list_project_items path labeling.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File Description
guards/github-guard/rust-guard/src/labels/tool_rules.rs Adds explicit Projects tool labeling to fix scope alignment and raise integrity to org-approved.
guards/github-guard/rust-guard/src/labels/response_paths.rs Introduces per-item path labeling for list_project_items to handle mixed item types.
guards/github-guard/rust-guard/src/labels/mod.rs Adds tests validating Projects tool integrity/scope behavior and list_project_items path labeling.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

lpcox and others added 5 commits March 18, 2026 11:27
@lpcox
Potential fix for pull request finding
4f33004 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@lpcox
Potential fix for pull request finding
a8898b1 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@lpcox
Potential fix for pull request finding
8f16ed8 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@lpcox
Potential fix for pull request finding
7c74306 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@lpcox
Potential fix for pull request finding
7656995 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@lpcox
Copy link
Collaborator

lpcox commented Mar 18, 2026

@copilot I'm worried that the remnants of the old integrity hierarchy are still around. Make sure that "writer" has been replaced with "approved" and "reader" with "unapproved" when referring to integrity levels

@lpcox
fix(guard): replace writer/reader terminology with approved/unapprove…
e415f2f 
…d in comments

Update all comment references to integrity levels to use the correct label
terminology: "approved" instead of "writer" and "unapproved" instead of
"reader". Fixes the incorrect policy_private_scope_label call in the
fail-secure fallback path for list_project_items.

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 18, 2026

@copilot I'm worried that the remnants of the old integrity hierarchy are still around. Make sure that "writer" has been replaced with "approved" and "reader" with "unapproved" when referring to integ...

Done in e415f2f. All uses of "writer" and "reader" when referring to integrity levels in comments have been updated to "approved" and "unapproved" respectively — including function docstrings in helpers.rs, inline comments in tool_rules.rs, module-level docs in mod.rs, and the new test comments. The function names (writer_integrity, reader_integrity) are unchanged since renaming them is out of scope for this PR.

@lpcox lpcox merged commit e1bab9d into main Mar 18, 2026
3 checks passed
@lpcox lpcox deleted the copilot/add-difc-labeling-for-github-projects branch March 18, 2026 18:37
This was referenced Mar 18, 2026
Closed
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(guard): add DIFC labeling for GitHub Projects tools

3 participants

@lpcox