Hide enable-difc flag from public documentation#864
Conversation
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Hides the internal-only --enable-difc CLI flag from public-facing help/documentation while keeping it functional for internal use.
Changes:
- Hide
--enable-difcfrom Cobra help output viaMarkHidden(). - Remove
--enable-difcfrom the README CLI flags listing.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| internal/cmd/flags_difc.go | Marks the enable-difc flag as hidden in Cobra help output. |
| README.md | Removes --enable-difc from the documented CLI flags list. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| func init() { | ||
| RegisterFlag(func(cmd *cobra.Command) { | ||
| cmd.Flags().BoolVar(&enableDIFC, "enable-difc", getDefaultEnableDIFC(), "Enable DIFC enforcement for information flow control") | ||
| cmd.Flags().MarkHidden("enable-difc") |
There was a problem hiding this comment.
cmd.Flags().MarkHidden("enable-difc") returns an error (e.g., if the flag name changes or registration order changes). Since the purpose of this change is to ensure the flag is hidden, consider handling the returned error (fail fast or surface it) so a silent failure doesn’t re-expose the flag in help output.
| cmd.Flags().MarkHidden("enable-difc") | |
| if err := cmd.Flags().MarkHidden("enable-difc"); err != nil { | |
| cobra.CheckErr(err) | |
| } |
|
Smoke test results:
|
The
--enable-difcflag needs to remain available for internal use but should not be visible in public-facing documentation until ready for general availability.Changes
internal/cmd/flags_difc.go: Mark flag as hidden using Cobra'sMarkHidden()APIREADME.md: Remove flag from CLI usage documentationThe flag remains fully functional via
--enable-difcCLI argument orMCP_GATEWAY_ENABLE_DIFCenvironment variable.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
example.com/tmp/go-build2499327018/b275/launcher.test /tmp/go-build2499327018/b275/launcher.test -test.testlogfile=/tmp/go-build2499327018/b275/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true go --local x_amd64/compile user.email(dns block)invalid-host-that-does-not-exist-12345.com/tmp/go-build2499327018/b260/config.test /tmp/go-build2499327018/b260/config.test -test.testlogfile=/tmp/go-build2499327018/b260/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true 64/src/runtime/cgo ttp/httpguts/guts.go x_amd64/compile credential.usern/opt/hostedtoolcache/go/1.25.6/x64/pkg/tool/linux_amd64/vet 1499997/b023/(dns block)nonexistent.local/tmp/go-build2499327018/b275/launcher.test /tmp/go-build2499327018/b275/launcher.test -test.testlogfile=/tmp/go-build2499327018/b275/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true go --local x_amd64/compile user.email(dns block)slow.example.com/tmp/go-build2499327018/b275/launcher.test /tmp/go-build2499327018/b275/launcher.test -test.testlogfile=/tmp/go-build2499327018/b275/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true go --local x_amd64/compile user.email(dns block)this-host-does-not-exist-12345.com/tmp/go-build2499327018/b284/mcp.test /tmp/go-build2499327018/b284/mcp.test -test.testlogfile=/tmp/go-build2499327018/b284/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true ache/go/1.25.6/x64/src/runtime/c-p LaWt/B5k2ltHia24kziPLLaWt x_amd64/vet(dns block)If you need me to access, download, or install something from one of these locations, you can either:
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.