Have "santize" mode where GitHub MCP tools box and sanitize text content according to contributor status

[dsyme]

As a part of defense in depth, and as a variation on GitHub MCP lockdown mode, we should have an option to "box" or "soft label" or "spotlight" textual results returned from the GitHub MCP depending on contributor status

For example if a result is the title of an issue in a public OSS repo contributed by a non-write-contributor, it could be boxed or prefixed with text describing this, saying clearly the status of the contributor and that the content should be treated with caution.

My understanding is this will strongly encourage modern models tp treat this kind of boxed material with the protective gloves it deserves.

We should also strip all markdown comments etc from content in this mode

[dsyme]

Obvs this should be default mode in public repos

Likely should be implemented in MCP firewall for now, then migrated to github mcp server

[dsyme]

Cc @lpcox

[lpcox]

@dsyme will be rolling out a feature that allows authors to filter agent inputs based on repo scope (public, all, owner/*, owner/repo, owner/repo-prefix*) and object integrity within that scope (merged > approved > unapproved > none). Object integrity is based on a combination of authorship and process (e.g., a merged object is reachable from the main branch regardless of author).

Policy will look like this

{"github":{"repos":["lpcox/git-*","lpcox/github-guard"],"min-integrity":"approved"}}

Will give authors much more control over what their agents are exposed to.

[dsyme]

@lpcox Fabulous, let's discuss on Monday. I'd like to see this augmented by boxing/sanitization of lower integrity content

[lpcox]

@dsyme have been testing and talking about it with @pelikhan for a few weeks and think it's ready for the gateway. nice thing about the implementation is that it's extensible, i.e., each mcp server can have its own filtering framework.