Add daily GitHub guard coverage checker workflow (MCP + CLI)

[Copilot]

The GitHub guard's tool classification (tools.rs) and DIFC labeling rules (tool_rules.rs) can drift from the upstream github/github-mcp-server as new tools are added, leaving write operations unclassified or sensitive read responses without secrecy/integrity labels. Additionally, the GitHub CLI (cli/cli) exposes write operations that may have no equivalent MCP tool and no guard coverage.

New workflow: github-mcp-guard-coverage-checker

• Trigger: daily schedule + workflow_dispatch
• Upstream discovery:
  • Reads github/github-mcp-server README and source files via GitHub MCP to build a canonical MCP tool list
  • Scans cli/cli pkg/cmd/ write-command directories (pr, issue, repo, release, gist, workflow, label, project, secret, variable, org) to extract REST endpoints and map them to MCP tool equivalents
• Gap detection across four categories:
  • MCP classification gaps — write/mutating MCP tools absent from WRITE_OPERATIONS / READ_WRITE_OPERATIONS and not caught by prefix patterns (merge_*, delete_*, update_*, create_*)
  • DIFC labeling gaps — MCP tools with no explicit match arm in apply_tool_labels that return repo-scoped data
  • CLI-only gaps — GitHub CLI write commands with no equivalent MCP tool and no guard entry; reported with a suggested WRITE_OPERATIONS entry and a note to request the corresponding tool from the MCP server team
  • Stale entries — guard list entries no longer present in the MCP tool list or CLI write-operations list
• Cache-memory deduplication: tracks known_gaps across runs; only reports newly discovered gaps to avoid issue spam
• Output: creates a [guard-coverage]-labeled issue with concrete Rust fix snippets, or calls noop if coverage is complete

The workflow name is "GitHub Guard Coverage Checker (MCP + CLI)" to clearly reflect the dual-source audit scope.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[lpcox]

@copilot it is also important to look at github cli operations and identify any gaps in the github guard implemenation https://github.com/cli/cli

[Copilot]

@copilot it is also important to look at github cli operations and identify any gaps in the github guard implemenation https://github.com/cli/cli

Added in 8a6e2c6. The workflow now also scans cli/cli (pkg/cmd/) for write/mutating commands. For each CLI command group (pr/, issue/, repo/, release/, gist/, workflow/, label/, project/, secret/, variable/, org/), the agent reads the Go source files to extract REST endpoints and builds a mapping of {cli_command} → {rest_endpoint} → {mcp_tool_or_none}. CLI operations with no equivalent MCP tool and no guard entry are surfaced as CLI-only gaps in the created issue, with a suggested MCP-style name to add to WRITE_OPERATIONS.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.62.5
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.62.5 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[lpcox]

@copilot update the title and summary

[Copilot]

@copilot update the title and summary

Updated in 262ff2f. The workflow name is now "GitHub Guard Coverage Checker (MCP + CLI)" and the description now reads: "Daily check that audits the GitHub guard implementation against both the official GitHub MCP server tool list and the GitHub CLI write-command surface, creating issues for any unclassified or unguarded operations." The PR description has also been updated to reflect the dual-source audit scope.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh pr list --head copilot/create-daily-agentic-workflow --json number,title (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.62.5
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.62.5 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Adds a new scheduled gh-aw workflow to continuously check that the Rust GitHub guard’s tool classification and DIFC labeling rules stay in sync with upstream github/github-mcp-server (and relevant GitHub CLI write operations), filing an issue when new coverage gaps appear.

Changes:

• Introduces a new agentic workflow prompt (github-mcp-guard-coverage-checker.md) that defines how to discover upstream tools/CLI writes and detect classification/labeling/staleness gaps with cache-based deduping.
• Adds the compiled gh-aw lock workflow (github-mcp-guard-coverage-checker.lock.yml) to run the prompt daily and on-demand with safe-outputs issue creation.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/github-mcp-guard-coverage-checker.md	New workflow manifest/prompt describing discovery + gap detection + issue/noop behavior.
.github/workflows/github-mcp-guard-coverage-checker.lock.yml	Generated compiled workflow implementing the manifest in GitHub Actions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Step 5.2 defines a "labeling gap" as any upstream tool that lacks an explicit apply_tool_labels match arm. That criterion is so broad it conflicts with the later guidance to avoid false positives and will likely flag many tools where default labeling is intentionally sufficient. Consider narrowing this to tools that are expected to be repo-scoped (per the secrecy spec list of repo-scoped read tools) or tools where the default labels are known to be incomplete, and explicitly document that scope here.

Suggested change

	A tool has a **labeling gap** if it is in the upstream MCP tool list AND has no explicit match arm in `apply_tool_labels`. This is lower severity than a classification gap, but still important for DIFC correctness — read tools that return repo-scoped data (issues, PRs, code, files) should have explicit secrecy/integrity rules.
	A tool has a **labeling gap** if **both** of the following are true:
	- It is in the upstream MCP tool list **and** is in a category where explicit labeling is expected (for example, repo-scoped read tools that return issues, PRs, code, files, or other repository data, per the secrecy spec list of repo-scoped read tools, or tools whose default labels are known to be incomplete).
	- It has **no explicit match arm** in `apply_tool_labels`.
	This is lower severity than a classification gap, but still important for DIFC correctness — read tools that return repo-scoped data (issues, PRs, code, files) should have explicit secrecy/integrity rules. Tools outside these categories (for example, clearly non-repo-scoped tools where the default labeling is intentionally sufficient) **must not** be treated as labeling gaps solely because they lack an explicit `apply_tool_labels` match arm.

[Copilot]

The PR description says the workflow will create a "[guard-coverage]-labeled" issue, but the workflow config only applies guard, automation, and security labels (the [guard-coverage] string is only in the title prefix). Either add a guard-coverage label here or update the PR description/wording to reflect that it's a title prefix rather than a label.

[Copilot]

The prompt suggests using get_file_contents with path=. to "search the repository structure". The GitHub get_file_contents tool maps to the contents API which expects a real path (or an empty path for repo root); . is not a valid repo path and will typically 404, causing this fallback discovery step to fail. Prefer using search_code to locate tool registration patterns (e.g., AddTool(), or direct reads of known directories/files rather than relying on path=..

[lpcox]

@copilot apply changes based on this feedback

[Copilot]

Fixed in a830bcb. The get_file_contents path=. fallback is replaced with search_code query=AddTool repo:github/github-mcp-server, which locates tool registration files directly without relying on an invalid repo-root path. The matched files are then read to extract all AddTool( call sites and registered tool names.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.62.5
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.62.5 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)