Generalize early wildcard-target validation across safe-outputs MCP tools#39300
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
@copilot apply to other safeoutputs like add_comment, close_pull_request... define the relation between target * and parameters in the specification/JSON to be more generic - less hardcoding |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
@copilot do not require json file, read file parse json (there is problably a helper for this) |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Addressed in 689f1f2. The wildcard-target requirement is now driven from tool-definition JSON instead of handler-specific checks, and I extended it to other safe-outputs including close_pull_request while keeping add_comment and the PR review/update flows covered. |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
🧠 Matt Pocock Skills Reviewer failed during the skills-based review. |
|
❌ Design Decision Gate 🏗️ failed during design decision gate check. |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
|
|
💫 TO BE CONTINUED... Smoke Claude failed to deliver outputs! Our hero faces unexpected challenges... |
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
|
📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Agent Container Tool Check
Result: 12/12 tools available — PASS ✅
|
|
Commit pushed:
|
💥 Smoke Test: Claude — Run 27624403916Overall: PASS Core #1-12: ✅✅✅✅✅✅✅✅✅✅✅✅ All systems nominal! Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · 65 AIC · ⌖ 31 AIC · ⊞ 8.1K
| const { globPatternToRegex } = require("./glob_pattern_helpers.cjs"); | ||
| /** | ||
| * Read and parse a JSON file. | ||
| * @param {string} filePath |
There was a problem hiding this comment.
Nice helper — consider validating the file exists before parsing to give a clearer error on missing config.
| */ | ||
| function readJSONFile(filePath) { | ||
| return JSON.parse(fs.readFileSync(filePath, "utf8")); | ||
| } |
There was a problem hiding this comment.
Building the Map once at module load is efficient; a brief comment on its purpose would aid readability.
|
PR: Generalize early wildcard-target validation across safe-outputs MCP tools Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Wildcard-target safe-outputs MCP calls were still reaching apply-time for some tools, where they failed with less actionable errors when the required target identifier was omitted. This change moves that validation into the MCP layer and defines the wildcard-target parameter requirements in the tool JSON so agents get immediate, tool-specific feedback before any intent is recorded.
What changed
target: "*"is configured.close_pull_requestcreate_pull_request_review_commentsubmit_pull_request_reviewupdate_pull_requestpush_to_pull_request_branchcreate_check_runupdate_discussionValidation behavior
Review comment buffering
create_pull_request_review_commentcalls do not increment the inline review comment counter.submit_pull_request_reviewcalls.Tests
pr-sous-chef: refreshed branch for run https://github.com/github/gh-aw/actions/runs/27604242308
Generalize early wildcard-target validation across safe-outputs MCP tools
Wildcard-target safe-outputs MCP calls were still reaching apply-time for some tools, where they failed with less actionable errors when the required target identifier was omitted. This change moves that validation into the MCP layer and defines the wildcard-target parameter requirements in the tool JSON so agents get immediate, tool-specific feedback before any intent is recorded.
What changed
target: "*"is configured.close_pull_requestcreate_pull_request_review_commentsubmit_pull_request_reviewupdate_pull_requestpush_to_pull_request_branchcreate_check_runupdate_discussionValidation behavior
Review comment buffering
create_pull_request_review_commentcalls do not increment the inline review comment counter.submit_pull_request_reviewcalls.Tests
pr-sous-chef: refreshed branch for run https://github.com/github/gh-aw/actions/runs/27604242308
Changeset
✨ PR Review Safe Output Test - Run 27624403916
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.