Add ifc label for search_repositories tool

gokhanarkan · gokhanarkan · commit 86d20ebd0b40 · 2026-05-12T17:56:14.000+03:00
Emits an IFC SecurityLabel on the search_repositories tool result when the InsidersMode flag is enabled, mirroring the pattern landed for get_me, list_issues, get_file_contents, search_issues, and issue_read. Per the spec in github/copilot-mcp-core#1623, the label is PublicUntrusted() regardless of whether matched repositories are private. Repository search is treated as a discovery surface: matched repositories are by definition already accessible to the caller, so the joined readers are universal. Integrity is untrusted because repository names, descriptions, and topics are user-authored. Implementation note: SearchRepositories has its own handler distinct from the shared searchHandler used by SearchIssues, so the IFC attach is wired inline at the success return rather than via the postProcess hook added in #2456. Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389. Note: chained on #2457 (gokhanarkan/fides-issue-read), which is in turn chained on #2456. GitHub will retarget the base to main once those merge.
diff --git a/pkg/github/search.go b/pkg/github/search.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 
 	ghErrors "github.com/github/github-mcp-server/pkg/errors"
+	"github.com/github/github-mcp-server/pkg/ifc"
 	"github.com/github/github-mcp-server/pkg/inventory"
 	"github.com/github/github-mcp-server/pkg/scopes"
 	"github.com/github/github-mcp-server/pkg/translations"
@@ -161,7 +162,14 @@ func SearchRepositories(t translations.TranslationHelperFunc) inventory.ServerTo
 				}
 			}
 
-			return utils.NewToolResultText(string(r)), nil, nil
+			callResult := utils.NewToolResultText(string(r))
+			if deps.GetFlags(ctx).InsidersMode {
+				if callResult.Meta == nil {
+					callResult.Meta = mcp.Meta{}
+				}
+				callResult.Meta["ifc"] = ifc.LabelSearchRepositories()
+			}
+			return callResult, nil, nil
 		},
 	)
 }
diff --git a/pkg/github/search_test.go b/pkg/github/search_test.go
@@ -228,6 +228,67 @@ func Test_SearchRepositories_FullOutput(t *testing.T) {
 	assert.Equal(t, *mockSearchResult.Repositories[0].Name, *returnedResult.Repositories[0].Name)
 }
 
+func Test_SearchRepositories_IFC_InsidersMode(t *testing.T) {
+	t.Parallel()
+
+	serverTool := SearchRepositories(translations.NullTranslationHelper)
+
+	mockSearchResult := &github.RepositoriesSearchResult{
+		Total:             github.Ptr(1),
+		IncompleteResults: github.Ptr(false),
+		Repositories: []*github.Repository{{
+			ID:       github.Ptr(int64(1)),
+			Name:     github.Ptr("repo"),
+			FullName: github.Ptr("octocat/repo"),
+		}},
+	}
+
+	mockedClient := MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
+		GetSearchRepositories: mockResponse(t, http.StatusOK, mockSearchResult),
+	})
+	reqParams := map[string]any{"query": "octocat"}
+
+	t.Run("insiders mode disabled omits ifc label", func(t *testing.T) {
+		deps := BaseDeps{
+			Client: github.NewClient(mockedClient),
+			Flags:  FeatureFlags{InsidersMode: false},
+		}
+		handler := serverTool.Handler(deps)
+
+		request := createMCPRequest(reqParams)
+		result, err := handler(ContextWithDeps(context.Background(), deps), &request)
+		require.NoError(t, err)
+		require.False(t, result.IsError)
+
+		assert.Nil(t, result.Meta)
+	})
+
+	t.Run("insiders mode enabled emits public untrusted label", func(t *testing.T) {
+		deps := BaseDeps{
+			Client: github.NewClient(mockedClient),
+			Flags:  FeatureFlags{InsidersMode: true},
+		}
+		handler := serverTool.Handler(deps)
+
+		request := createMCPRequest(reqParams)
+		result, err := handler(ContextWithDeps(context.Background(), deps), &request)
+		require.NoError(t, err)
+		require.False(t, result.IsError)
+
+		require.NotNil(t, result.Meta)
+		ifcLabel, ok := result.Meta["ifc"]
+		require.True(t, ok, "result meta should contain ifc key")
+
+		ifcJSON, err := json.Marshal(ifcLabel)
+		require.NoError(t, err)
+		var ifcMap map[string]any
+		require.NoError(t, json.Unmarshal(ifcJSON, &ifcMap))
+
+		assert.Equal(t, "untrusted", ifcMap["integrity"])
+		assert.Equal(t, []any{"public"}, ifcMap["confidentiality"])
+	})
+}
+
 func Test_SearchCode(t *testing.T) {
 	// Verify tool definition once
 	serverTool := SearchCode(translations.NullTranslationHelper)
diff --git a/pkg/ifc/ifc.go b/pkg/ifc/ifc.go
@@ -87,6 +87,15 @@ func LabelGetFileContents(isPrivate bool, readers []string) SecurityLabel {
 	return PublicUntrusted()
 }
 
+// LabelSearchRepositories returns the IFC label for a search_repositories
+// result. Repository search is treated as a discovery surface: matched
+// repositories are by definition already accessible to the caller through
+// other means, so the joined readers are universal. Integrity is untrusted
+// because repository names, descriptions, and topics are user-authored.
+func LabelSearchRepositories() SecurityLabel {
+	return PublicUntrusted()
+}
+
 // LabelSearchIssues returns the IFC label for a search_issues result, joining
 // per-repository labels across all matched repositories.
 //

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ import (`
`8`	`8`	`"net/http"`
`9`	`9`
`10`	`10`	`ghErrors "github.com/github/github-mcp-server/pkg/errors"`
	`11`	`+ "github.com/github/github-mcp-server/pkg/ifc"`
`11`	`12`	`"github.com/github/github-mcp-server/pkg/inventory"`
`12`	`13`	`"github.com/github/github-mcp-server/pkg/scopes"`
`13`	`14`	`"github.com/github/github-mcp-server/pkg/translations"`
`@@ -161,7 +162,14 @@ func SearchRepositories(t translations.TranslationHelperFunc) inventory.ServerTo`
`161`	`162`	`}`
`162`	`163`	`}`
`163`	`164`
`164`		`- return utils.NewToolResultText(string(r)), nil, nil`
	`165`	`+ callResult := utils.NewToolResultText(string(r))`
	`166`	`+ if deps.GetFlags(ctx).InsidersMode {`
	`167`	`+ if callResult.Meta == nil {`
	`168`	`+ callResult.Meta = mcp.Meta{}`
	`169`	`+ }`
	`170`	`+ callResult.Meta["ifc"] = ifc.LabelSearchRepositories()`
	`171`	`+ }`
	`172`	`+ return callResult, nil, nil`
`165`	`173`	`},`
`166`	`174`	`)`
`167`	`175`	`}`