Commit 8f964e0
authored
Guard DIFC: add explicit label rules for notification writes and repository create/fork operations (#4300)
The guard’s write classification was complete, but several mutating
GitHub MCP tools could still inherit caller-provided DIFC labels via
fallback behavior. This change removes that ambiguity for high-impact
write paths by defining explicit secrecy/integrity outcomes.
- **Notification write operations now have explicit DIFC semantics**
- Added dedicated `apply_tool_labels` handling for:
- `dismiss_notification`
- `mark_all_notifications_read`
- `manage_notification_subscription`
- `manage_repository_notification_subscription`
- These now resolve to:
- `S = public` (`[]`)
- `I = project:github`
- baseline scope `github`
- **Repository creation/fork operations split from repo-content writes**
- Moved `create_repository` and `fork_repository` out of repo-content
mutation grouping.
- Added explicit account-scoped rule:
- `S = public` (`[]`)
- `I = writer(github)`
- baseline scope `github`
- **Coverage updates in label-rule tests**
- Replaced single-tool notification assertion with grouped assertions
for all notification management write tools.
- Updated `fork_repository` expectations to github-scoped writer
integrity/public secrecy.
- Added `create_repository` test to lock intended DIFC behavior.
```rust
// Notification management (explicit write semantics)
"dismiss_notification"
| "mark_all_notifications_read"
| "manage_notification_subscription"
| "manage_repository_notification_subscription" => {
secrecy = vec![];
baseline_scope = "github".to_string();
integrity = project_github_label(ctx);
}
// Repo creation/fork (account-scoped writes)
"create_repository" | "fork_repository" => {
secrecy = vec![];
baseline_scope = "github".to_string();
integrity = writer_integrity("github", ctx);
}
```
> [!WARNING]
>
> <details>
> <summary>Firewall rules blocked me from connecting to one or more
addresses (expand for details)</summary>
>
> #### I tried to connect to the following addresses, but was blocked by
firewall rules:
>
> - `example.com`
> - Triggering command: `/tmp/go-build1964592199/b509/launcher.test
/tmp/go-build1964592199/b509/launcher.test
-test.testlogfile=/tmp/go-build1964592199/b509/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true ache/go/1.25.9/x-p
go x_amd64/vet` (dns block)
> - Triggering command: `/tmp/go-build2556502756/b513/launcher.test
/tmp/go-build2556502756/b513/launcher.test
-test.testlogfile=/tmp/go-build2556502756/b513/testlog.txt
-test.paniconexit0 -test.timeout=10m0s know�� .rlib 6b2b26a06.rlib
327.rlib 653.rlib z8tylr32cgwnziux/tmp/go-build197148868/b453/vet.cfg
ruczucboywd9kbz6.0ufrg49.rcgu.o aiea5rg1toc6oekg.0ufrg49.rcgu.o fnr5��
p1agk9if6se1ud54.0ufrg49.rcgu.o fc88gtczrpthgg1u.0ufrg49.rcgu.o
x_amd64/vet
5vmlrtxer9j2lnp9/opt/hostedtoolcache/go/1.25.9/x64/pkg/tool/linux_amd64/link
zucrirrh7hnf4z1l-o
o4qlefxtp7qruodt/tmp/go-build2556502756/b507/guard.test x_amd64/vet`
(dns block)
> - `invalid-host-that-does-not-exist-12345.com`
> - Triggering command: `/tmp/go-build1964592199/b491/config.test
/tmp/go-build1964592199/b491/config.test
-test.testlogfile=/tmp/go-build1964592199/b491/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true 64/src/runtime/c-p
go x_amd64/compile` (dns block)
> - Triggering command: `/tmp/go-build2556502756/b495/config.test
/tmp/go-build2556502756/b495/config.test
-test.testlogfile=/tmp/go-build2556502756/b495/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -o
ithub-guard/rust-guard/target/debug/build/serde-0c0d3ac83fe3437f/rustcMFMlVN/symbols.o
ithub-guard/rust-guard/target/debug/build/serde-0c0d3ac83fe3437f/build_script_build-0c0d3ac83fe3/tmp/go-build197148868/b384/vet.cfg
ithub-guard/rust-guard/target/debug/build/serde-0c0d3ac83fe3437f/build_script_build-0c0d3ac83fe3437f.build_scrip/tmp/go-build1020409741/b001/exe/a.out
ithub-guard/rust/opt/hostedtoolcache/go/1.25.9/x64/pkg/tool/linux_amd64/vet
ild-e2b702800175/tmp/go-build197148868/b292/vet.cfg
ild-e2b702800175437e.f3itfh70g07-m
known-linux-gnu/lib/rustlib/x86_fix(guard): enforce explicit DIFC labels
for notification management and repo
cr-buildid=dcc-Xk-BVFiljIesDi3n/H9wQikqwjRQnx90KP6dH/hKNTvz9caF-1eL6QKuz0/dcc-Xk-B-unsafeptr=false
know��
known-linux-gnu/lib/rustlib/x86_64-REDACTED-linux-gnu/lib/libobject-926daa94a00ee327.rlib
known-linux-gnu/lib/rustlib/x86_64-REDACTED-linux-gnu/lib/libmemchr-48d5b0db80402653.rlib
known-linux-gnu/lib/rustlib/x86_64-REDACTED-linux-gnu/lib/libaddr2line-3367f26bd486b29d.rlib
known-linux-gnu//opt/hostedtoolcache/go/1.25.9/x64/pkg/tool/linux_amd64/vet
known-linux-gnu//tmp/go-build197148868/b425/vet.cfg
known-linux-gnu/lib/rustlib/x86_/tmp/go-build197148868/b039/vet.cfg
known-linux-gnu/lib/rustlib/x86_64-REDACTED-linux-gnu/lib/libstd_detect-b16e5cb5eba3e0fd.rlib`
(dns block)
> - `nonexistent.local`
> - Triggering command: `/tmp/go-build1964592199/b509/launcher.test
/tmp/go-build1964592199/b509/launcher.test
-test.testlogfile=/tmp/go-build1964592199/b509/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true ache/go/1.25.9/x-p
go x_amd64/vet` (dns block)
> - Triggering command: `/tmp/go-build2556502756/b513/launcher.test
/tmp/go-build2556502756/b513/launcher.test
-test.testlogfile=/tmp/go-build2556502756/b513/testlog.txt
-test.paniconexit0 -test.timeout=10m0s know�� .rlib 6b2b26a06.rlib
327.rlib 653.rlib z8tylr32cgwnziux/tmp/go-build197148868/b453/vet.cfg
ruczucboywd9kbz6.0ufrg49.rcgu.o aiea5rg1toc6oekg.0ufrg49.rcgu.o fnr5��
p1agk9if6se1ud54.0ufrg49.rcgu.o fc88gtczrpthgg1u.0ufrg49.rcgu.o
x_amd64/vet
5vmlrtxer9j2lnp9/opt/hostedtoolcache/go/1.25.9/x64/pkg/tool/linux_amd64/link
zucrirrh7hnf4z1l-o
o4qlefxtp7qruodt/tmp/go-build2556502756/b507/guard.test x_amd64/vet`
(dns block)
> - `slow.example.com`
> - Triggering command: `/tmp/go-build1964592199/b509/launcher.test
/tmp/go-build1964592199/b509/launcher.test
-test.testlogfile=/tmp/go-build1964592199/b509/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true ache/go/1.25.9/x-p
go x_amd64/vet` (dns block)
> - Triggering command: `/tmp/go-build2556502756/b513/launcher.test
/tmp/go-build2556502756/b513/launcher.test
-test.testlogfile=/tmp/go-build2556502756/b513/testlog.txt
-test.paniconexit0 -test.timeout=10m0s know�� .rlib 6b2b26a06.rlib
327.rlib 653.rlib z8tylr32cgwnziux/tmp/go-build197148868/b453/vet.cfg
ruczucboywd9kbz6.0ufrg49.rcgu.o aiea5rg1toc6oekg.0ufrg49.rcgu.o fnr5��
p1agk9if6se1ud54.0ufrg49.rcgu.o fc88gtczrpthgg1u.0ufrg49.rcgu.o
x_amd64/vet
5vmlrtxer9j2lnp9/opt/hostedtoolcache/go/1.25.9/x64/pkg/tool/linux_amd64/link
zucrirrh7hnf4z1l-o
o4qlefxtp7qruodt/tmp/go-build2556502756/b507/guard.test x_amd64/vet`
(dns block)
> - `this-host-does-not-exist-12345.com`
> - Triggering command: `/tmp/go-build1964592199/b518/mcp.test
/tmp/go-build1964592199/b518/mcp.test
-test.testlogfile=/tmp/go-build1964592199/b518/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true proto/proto.go
s/alert.go x_amd64/compile -o lts /tmp/cc9cHcxs.s x_amd64/compile -I
g_.a 4592199/b165/ x_amd64/vet --gdwarf-5 ternal/sys -o x_amd64/vet`
(dns block)
> - Triggering command: `/tmp/go-build2556502756/b522/mcp.test
/tmp/go-build2556502756/b522/mcp.test
-test.testlogfile=/tmp/go-build2556502756/b522/testlog.txt
-test.paniconexit0 -test.timeout=10m0s ithu��
ithub-guard/rust-guard/target/debug/deps/github_guard-57d41235e07a5585.3r7b32ab9hw1mmy6a1aekmmsh/usr/libexec/docker/docker-init
ithub-guard/rust-guard/target/debug/deps/github_guard-57d41235e07a5585.485oswk5h4p2kq4dabhq5b2ke--version
x_amd64/vet 6e1dc71b.rlib m/github/gh-aw-m--version -nilfunc x_amd64/vet
n-me��
aw-mcpg/guards/github-guard/rust-guard/target/debug/deps/rustcq8hDXS/symbols.o
aw-mcpg/guards/github-guard/rust-guard/target/debug/deps/github_guard-57d41235e07a5585.0r6f2y9pm/usr/bin/runc
x_amd64/vet aw-mcpg/guards/gbash aw-mcpg/guards/g/usr/bin/runc
aw-mcpg/guards/g--version x_amd64/vet` (dns block)
>
> If you need me to access, download, or install something from one of
these locations, you can either:
>
> - Configure [Actions setup
steps](https://gh.io/copilot/actions-setup-steps) to set up my
environment, which run before the firewall is enabled
> - Add the appropriate URLs or hosts to the custom allowlist in this
repository's [Copilot coding agent
settings](https://github.com/github/gh-aw-mcpg/settings/copilot/coding_agent)
(admins only)
>
> </details>4 files changed
Lines changed: 197 additions & 45 deletions
File tree
- guards/github-guard/rust-guard/src
- labels
- test/integration
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4614 | 4614 | | |
4615 | 4615 | | |
4616 | 4616 | | |
4617 | | - | |
| 4617 | + | |
4618 | 4618 | | |
4619 | 4619 | | |
4620 | 4620 | | |
4621 | | - | |
| 4621 | + | |
4622 | 4622 | | |
4623 | | - | |
4624 | | - | |
4625 | | - | |
4626 | | - | |
4627 | | - | |
4628 | | - | |
4629 | | - | |
| 4623 | + | |
| 4624 | + | |
| 4625 | + | |
| 4626 | + | |
| 4627 | + | |
| 4628 | + | |
4630 | 4629 | | |
4631 | | - | |
4632 | | - | |
| 4630 | + | |
| 4631 | + | |
| 4632 | + | |
| 4633 | + | |
| 4634 | + | |
| 4635 | + | |
| 4636 | + | |
| 4637 | + | |
| 4638 | + | |
| 4639 | + | |
| 4640 | + | |
| 4641 | + | |
4633 | 4642 | | |
4634 | 4643 | | |
4635 | 4644 | | |
| |||
4919 | 4928 | | |
4920 | 4929 | | |
4921 | 4930 | | |
4922 | | - | |
| 4931 | + | |
4923 | 4932 | | |
4924 | 4933 | | |
4925 | 4934 | | |
| |||
4929 | 4938 | | |
4930 | 4939 | | |
4931 | 4940 | | |
4932 | | - | |
| 4941 | + | |
| 4942 | + | |
| 4943 | + | |
| 4944 | + | |
| 4945 | + | |
| 4946 | + | |
| 4947 | + | |
| 4948 | + | |
| 4949 | + | |
| 4950 | + | |
| 4951 | + | |
| 4952 | + | |
| 4953 | + | |
| 4954 | + | |
| 4955 | + | |
| 4956 | + | |
| 4957 | + | |
| 4958 | + | |
| 4959 | + | |
| 4960 | + | |
| 4961 | + | |
| 4962 | + | |
| 4963 | + | |
| 4964 | + | |
| 4965 | + | |
| 4966 | + | |
| 4967 | + | |
| 4968 | + | |
| 4969 | + | |
| 4970 | + | |
| 4971 | + | |
| 4972 | + | |
4933 | 4973 | | |
4934 | 4974 | | |
4935 | 4975 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
466 | 466 | | |
467 | 467 | | |
468 | 468 | | |
469 | | - | |
470 | | - | |
471 | | - | |
472 | | - | |
| 469 | + | |
473 | 470 | | |
474 | 471 | | |
475 | 472 | | |
476 | 473 | | |
477 | 474 | | |
478 | 475 | | |
479 | 476 | | |
| 477 | + | |
| 478 | + | |
| 479 | + | |
| 480 | + | |
| 481 | + | |
| 482 | + | |
| 483 | + | |
| 484 | + | |
| 485 | + | |
| 486 | + | |
| 487 | + | |
| 488 | + | |
480 | 489 | | |
481 | 490 | | |
482 | 491 | | |
| |||
562 | 571 | | |
563 | 572 | | |
564 | 573 | | |
565 | | - | |
| 574 | + | |
566 | 575 | | |
567 | 576 | | |
568 | 577 | | |
569 | 578 | | |
570 | 579 | | |
571 | 580 | | |
572 | 581 | | |
| 582 | + | |
| 583 | + | |
| 584 | + | |
| 585 | + | |
| 586 | + | |
| 587 | + | |
| 588 | + | |
| 589 | + | |
| 590 | + | |
573 | 591 | | |
574 | 592 | | |
575 | 593 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
262 | 262 | | |
263 | 263 | | |
264 | 264 | | |
| 265 | + | |
| 266 | + | |
| 267 | + | |
| 268 | + | |
| 269 | + | |
| 270 | + | |
265 | 271 | | |
266 | 272 | | |
267 | 273 | | |
| |||
1159 | 1165 | | |
1160 | 1166 | | |
1161 | 1167 | | |
| 1168 | + | |
| 1169 | + | |
| 1170 | + | |
| 1171 | + | |
| 1172 | + | |
| 1173 | + | |
| 1174 | + | |
| 1175 | + | |
| 1176 | + | |
| 1177 | + | |
| 1178 | + | |
| 1179 | + | |
| 1180 | + | |
| 1181 | + | |
| 1182 | + | |
| 1183 | + | |
| 1184 | + | |
| 1185 | + | |
| 1186 | + | |
| 1187 | + | |
| 1188 | + | |
| 1189 | + | |
| 1190 | + | |
| 1191 | + | |
| 1192 | + | |
| 1193 | + | |
| 1194 | + | |
| 1195 | + | |
| 1196 | + | |
| 1197 | + | |
| 1198 | + | |
| 1199 | + | |
| 1200 | + | |
| 1201 | + | |
| 1202 | + | |
| 1203 | + | |
| 1204 | + | |
| 1205 | + | |
| 1206 | + | |
| 1207 | + | |
| 1208 | + | |
| 1209 | + | |
| 1210 | + | |
| 1211 | + | |
| 1212 | + | |
| 1213 | + | |
| 1214 | + | |
| 1215 | + | |
| 1216 | + | |
| 1217 | + | |
| 1218 | + | |
| 1219 | + | |
| 1220 | + | |
| 1221 | + | |
| 1222 | + | |
| 1223 | + | |
| 1224 | + | |
| 1225 | + | |
| 1226 | + | |
| 1227 | + | |
| 1228 | + | |
| 1229 | + | |
| 1230 | + | |
| 1231 | + | |
| 1232 | + | |
| 1233 | + | |
| 1234 | + | |
| 1235 | + | |
1162 | 1236 | | |
1163 | 1237 | | |
1164 | 1238 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
28 | | - | |
29 | 28 | | |
30 | 29 | | |
31 | 30 | | |
32 | | - | |
33 | | - | |
34 | | - | |
35 | | - | |
36 | | - | |
37 | | - | |
38 | | - | |
39 | | - | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
40 | 34 | | |
41 | | - | |
42 | 35 | | |
43 | 36 | | |
44 | 37 | | |
45 | | - | |
| 38 | + | |
46 | 39 | | |
47 | | - | |
| 40 | + | |
48 | 41 | | |
49 | 42 | | |
50 | 43 | | |
51 | 44 | | |
52 | | - | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
53 | 60 | | |
| 61 | + | |
54 | 62 | | |
55 | 63 | | |
56 | 64 | | |
57 | 65 | | |
58 | 66 | | |
59 | 67 | | |
60 | 68 | | |
61 | | - | |
62 | 69 | | |
63 | 70 | | |
64 | 71 | | |
65 | 72 | | |
66 | 73 | | |
67 | 74 | | |
68 | | - | |
69 | 75 | | |
70 | 76 | | |
71 | 77 | | |
| |||
130 | 136 | | |
131 | 137 | | |
132 | 138 | | |
133 | | - | |
134 | | - | |
135 | | - | |
136 | | - | |
137 | | - | |
138 | | - | |
139 | | - | |
140 | | - | |
141 | | - | |
142 | | - | |
143 | | - | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
144 | 144 | | |
145 | 145 | | |
146 | 146 | | |
147 | 147 | | |
148 | 148 | | |
149 | 149 | | |
150 | | - | |
| 150 | + | |
151 | 151 | | |
152 | 152 | | |
153 | 153 | | |
154 | 154 | | |
| 155 | + | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
| 161 | + | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
155 | 174 | | |
| 175 | + | |
156 | 176 | | |
157 | 177 | | |
158 | 178 | | |
| |||
0 commit comments