fix(guard): preserve github baseline scope for notification and repo-creation writes

Copilot · lpcox · web-flow · commit c2b28dd8507f · 2026-04-22T00:11:27.000Z
Agent-Logs-Url: https://github.com/github/gh-aw-mcpg/sessions/0114d8b5-ccf7-4dee-b9d7-630f4545b568 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
diff --git a/guards/github-guard/rust-guard/src/lib.rs b/guards/github-guard/rust-guard/src/lib.rs
@@ -262,6 +262,12 @@ fn infer_scope_for_baseline(tool_name: &str, tool_args: &Value, repo_id: &str) -
     }
 
     match tool_name {
+        "dismiss_notification"
+        | "mark_all_notifications_read"
+        | "manage_notification_subscription"
+        | "manage_repository_notification_subscription"
+        | "create_repository"
+        | "fork_repository" => "github".to_string(),
         "search_code" | "search_issues" | "search_pull_requests" => {
             let query = tool_args
                 .get("query")
@@ -1159,6 +1165,74 @@ mod tests {
         assert_eq!(inferred, "github/gh-aw-mcpg");
     }
 
+    #[test]
+    fn infer_scope_for_baseline_uses_github_scope_for_notification_management_tools() {
+        let tool_args = json!({ "threadId": "123" });
+        for tool in &[
+            "dismiss_notification",
+            "mark_all_notifications_read",
+            "manage_notification_subscription",
+            "manage_repository_notification_subscription",
+        ] {
+            let inferred = infer_scope_for_baseline(tool, &tool_args, "");
+            assert_eq!(inferred, "github", "{} should infer github baseline scope", tool);
+        }
+    }
+
+    #[test]
+    fn infer_scope_for_baseline_uses_github_scope_for_repo_creation_tools() {
+        let tool_args = json!({ "name": "new-repo" });
+        for tool in &["create_repository", "fork_repository"] {
+            let inferred = infer_scope_for_baseline(tool, &tool_args, "");
+            assert_eq!(inferred, "github", "{} should infer github baseline scope", tool);
+        }
+    }
+
+    #[test]
+    fn notification_management_integrity_preserved_after_baseline() {
+        let ctx = PolicyContext::default();
+        let tool_args = json!({ "threadId": "123" });
+        for tool in &[
+            "dismiss_notification",
+            "mark_all_notifications_read",
+            "manage_notification_subscription",
+            "manage_repository_notification_subscription",
+        ] {
+            let (_, integrity, _) =
+                labels::apply_tool_labels(tool, &tool_args, "", vec![], vec![], String::new(), &ctx);
+            let baseline_scope = infer_scope_for_baseline(tool, &tool_args, "");
+            let after_baseline =
+                labels::ensure_integrity_baseline(&baseline_scope, integrity, &ctx);
+
+            assert_eq!(
+                after_baseline,
+                labels::project_github_label(&ctx),
+                "{} integrity should remain github-scoped after baseline enforcement",
+                tool
+            );
+        }
+    }
+
+    #[test]
+    fn repo_creation_integrity_preserved_after_baseline() {
+        let ctx = PolicyContext::default();
+        let tool_args = json!({ "name": "new-repo" });
+        for tool in &["create_repository", "fork_repository"] {
+            let (_, integrity, _) =
+                labels::apply_tool_labels(tool, &tool_args, "", vec![], vec![], String::new(), &ctx);
+            let baseline_scope = infer_scope_for_baseline(tool, &tool_args, "");
+            let after_baseline =
+                labels::ensure_integrity_baseline(&baseline_scope, integrity, &ctx);
+
+            assert_eq!(
+                after_baseline,
+                labels::writer_integrity("github", &ctx),
+                "{} integrity should remain github writer-scoped after baseline enforcement",
+                tool
+            );
+        }
+    }
+
     #[test]
     fn transfer_repository_integrity_is_blocked_after_ensure_baseline() {
         // Verify that the is_blocked_tool + blocked_integrity override logic produces
