Add field_values to search_issues results#2509
Closed
kelsey-myers wants to merge 31 commits into
Closed
Conversation
…b#2458) * Add optional rationale parameter to update_issue_type tool Add an optional `rationale` string parameter (max 280 chars) to the `update_issue_type` MCP tool. When provided, the type is sent as an object `{"name": "...", "rationale": "..."}` to the REST API, enabling agents to explain their classification decisions. When omitted, existing behavior is preserved (type sent as a plain string). This supports the agent rationale experiment for type mutations. The parameter is always visible in the schema — the API gracefully ignores the rationale when the server-side feature flag is disabled. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Validate issue type rationale input * Format issue type rationale tests --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Adam Holt <omgitsads@github.com>
* Add ifc label for search_issues tool Emits an IFC SecurityLabel on the search_issues tool result when the InsidersMode flag is enabled, mirroring the pattern landed for get_me in github#2432, list_issues in github#2453, and get_file_contents in github#2454. Search results may span multiple repositories, so the label is the IFC join of the per-repository labels: - Integrity is always untrusted (issues are user-authored). - If any matched repository is public, the joined readers are ["public"] (the public side dominates the lub). - Otherwise the joined readers are the intersection of the collaborator sets across all matched private repositories. - Empty result sets are labelled public-untrusted (no data leaked). The shared searchHandler in search_utils.go gains an additive variadic 'searchOption' hook so SearchIssues can attach _meta.ifc without duplicating the search call. SearchPullRequests is unaffected; it does not pass any options. If any per-repository visibility or collaborators lookup fails the label is omitted entirely, consistent with get_file_contents, to avoid misclassifying the result. Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389. Note: this PR is chained on github#2454 (gokhanarkan/fides-get-file-contents) because it depends on the FetchRepoIsPrivate and FetchRepoCollaborators helpers introduced there. GitHub will retarget the base to main once github#2454 merges. * search_issues: address Copilot review findings - LabelSearchIssues now returns (SecurityLabel, bool); the bool is false when len(repoVisibilities) != len(readerSets), so callers can omit the label rather than emit one computed from inconsistent inputs. - searchIssuesIFCPostProcess no longer substitutes [owner] when the collaborators API returns an empty list. The substitution was inconsistent with the cross-repo intersection semantics: the owner could appear in another matched private repo's collaborator list and thereby widen the joined reader set incorrectly. Empty collaborator sets are now passed through unchanged. - Add a subtest exercising the collaborators-failure branch (500 on /repos/{owner}/{repo}/collaborators), asserting the tool still succeeds and result.Meta["ifc"] is absent. - Extend the LabelSearchIssues table tests with the slice-length mismatch case. Addresses the three Copilot findings on github#2456. * search_issues: flip IFC join to intersection (private wins) Address Joanna's review feedback on github#2456: a reader of a multi-repo result must be authorised to read every matched private repository, so the IFC join is the meet (intersection over private repos) rather than the join. Public matches contribute the universe set and drop out of the intersection without shrinking it. - LabelSearchIssues: collect only the private reader sets, then intersect. Empty result and all-public remain public-untrusted. - TestLabelSearchIssues: flip the mixed public+private expectation and add a 'two private + one public' case to lock in the new semantics. - Test_SearchIssues_IFC_InsidersMode: mixed subtest now expects the private repo's reader set instead of public.
* Add ifc label for search_issues tool Emits an IFC SecurityLabel on the search_issues tool result when the InsidersMode flag is enabled, mirroring the pattern landed for get_me in github#2432, list_issues in github#2453, and get_file_contents in github#2454. Search results may span multiple repositories, so the label is the IFC join of the per-repository labels: - Integrity is always untrusted (issues are user-authored). - If any matched repository is public, the joined readers are ["public"] (the public side dominates the lub). - Otherwise the joined readers are the intersection of the collaborator sets across all matched private repositories. - Empty result sets are labelled public-untrusted (no data leaked). The shared searchHandler in search_utils.go gains an additive variadic 'searchOption' hook so SearchIssues can attach _meta.ifc without duplicating the search call. SearchPullRequests is unaffected; it does not pass any options. If any per-repository visibility or collaborators lookup fails the label is omitted entirely, consistent with get_file_contents, to avoid misclassifying the result. Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389. Note: this PR is chained on github#2454 (gokhanarkan/fides-get-file-contents) because it depends on the FetchRepoIsPrivate and FetchRepoCollaborators helpers introduced there. GitHub will retarget the base to main once github#2454 merges. * search_issues: address Copilot review findings - LabelSearchIssues now returns (SecurityLabel, bool); the bool is false when len(repoVisibilities) != len(readerSets), so callers can omit the label rather than emit one computed from inconsistent inputs. - searchIssuesIFCPostProcess no longer substitutes [owner] when the collaborators API returns an empty list. The substitution was inconsistent with the cross-repo intersection semantics: the owner could appear in another matched private repo's collaborator list and thereby widen the joined reader set incorrectly. Empty collaborator sets are now passed through unchanged. - Add a subtest exercising the collaborators-failure branch (500 on /repos/{owner}/{repo}/collaborators), asserting the tool still succeeds and result.Meta["ifc"] is absent. - Extend the LabelSearchIssues table tests with the slice-length mismatch case. Addresses the three Copilot findings on github#2456. * search_issues: flip IFC join to intersection (private wins) Address Joanna's review feedback on github#2456: a reader of a multi-repo result must be authorised to read every matched private repository, so the IFC join is the meet (intersection over private repos) rather than the join. Public matches contribute the universe set and drop out of the intersection without shrinking it. - LabelSearchIssues: collect only the private reader sets, then intersect. Empty result and all-public remain public-untrusted. - TestLabelSearchIssues: flip the mixed public+private expectation and add a 'two private + one public' case to lock in the new semantics. - Test_SearchIssues_IFC_InsidersMode: mixed subtest now expects the private repo's reader set instead of public. * Add ifc label for issue_read tool Emits an IFC SecurityLabel on the issue_read tool result when the InsidersMode flag is enabled, mirroring the pattern landed for get_me in github#2432, list_issues in github#2453, get_file_contents in github#2454, and search_issues in github#2456. issue_read operates on a single issue in a single repository so the label has the same per-repo semantics as list_issues; the helper ifc.LabelListIssues is reused directly. Integrity is always untrusted (issue contents, comments, and label descriptions are user-authored). Public repos are labelled PublicUntrusted; private repos are labelled PrivateUntrusted with the repository's collaborator logins, falling back to [owner] when the collaborators lookup fails. The IssueRead handler dispatches to four sub-functions (GetIssue, GetIssueComments, GetSubIssues, GetIssueLabels). The IFC label is attached at the dispatch site via a single attachIFC closure, so all four method branches emit the label without changes to the underlying helpers. Visibility-lookup failures cause the label to be omitted entirely (consistent with get_file_contents and search_issues). A future cleanup PR can extract attachIFC into a shared helper now that get_file_contents, search_issues, and issue_read use near-identical closures; intentionally not bundled here to keep the diff minimal. Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389. Note: chained on github#2456 (gokhanarkan/fides-search-issues), which is in turn chained on github#2454. GitHub will retarget the base to main once those merge. * issue_read: simplify attachIFC by dropping unused lazy-cache Address Joanna's review feedback on github#2457: the dispatch switch returns on exactly one branch, so attachIFC runs at most once per request. The ifcLabelKnown / ifcIsPrivate / ifcReaders cache variables were never reused across calls and only added complexity. Inline the visibility and collaborators lookups directly into the closure and drop the cache. Behaviour is identical; a follow-up can add real per-request caching across handlers if needed.
Emits an IFC SecurityLabel on the search_repositories tool result when the InsidersMode flag is enabled, mirroring the pattern landed for get_me (github#2432), list_issues (github#2453), get_file_contents (github#2454), search_issues (github#2456), and issue_read (github#2457). Search results may span multiple repositories, so the join math (integrity always untrusted; private wins by intersecting collaborator sets across the matched private repos only) is shared with search_issues via ifc.LabelSearchIssues. Visibility is read directly off the search response's repo.Private field — no extra API call. Collaborators are fetched only for private hits, and any failure causes the label to be omitted entirely (consistent with search_issues / issue_read / get_file_contents). Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389.
…thub#2476) * feat: return minimal code search results with text match snippets Return a MinimalCodeSearchResult type from search_code instead of the raw GitHub API CodeSearchResult. This reduces token usage by ~4x by: - Projecting the repository object to just the full_name string instead of the full ~3KB repository payload repeated per result - Enabling the text-match Accept header so code snippets (fragments) are included in results, which were previously missing Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * refactor: drop html_url from MinimalCodeResult The URL is derivable from repository + path + sha, so it's redundant token cost per result. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: add minimal_output opt-out and Accept header test for code search Address PR review feedback: 1. Add minimal_output parameter (default: true) to search_code, matching the pattern from search_repositories. When false, returns the full GitHub API CodeSearchResult for backward compatibility. 2. Add Accept header assertion to tests via a new withHeaders() helper on partialMock, verifying the text-match Accept header is actually requested (not just mocked in the response). 3. Add test case for minimal_output=false path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * refactor: remove minimal_output opt-out from search_code The full CodeResult only adds a bloated Repository object (~3KB of template URLs) and a derivable HTMLURL. Nothing in the full output is useful beyond what the minimal type already provides, so always return the compact form. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Replace ingress IFC reader list with private marker Switches the ingress IFC labels from emitting a per-repo collaborator list to a single 'private' marker. The CLI engine now fetches readers from the GitHub endpoint on demand at egress decision time (P-F check), with pagination + caching, which removes a wire-bloat ceiling for repos with thousands of collaborators. Drops the per-call FetchRepoCollaborators from list_issues, issue_read, get_file_contents, search_issues, and search_repositories. The shared LabelSearchIssues helper collapses to a single []bool argument; the intersection logic and length-mismatch failure mode go away. This is a breaking wire-format change for _meta.ifc consumers — coordinate with the CLI cut-over. Refs github/copilot-mcp-core#1389. * format * Update FetchRepoCollaborators doc comment for marker-only ingress Addresses Copilot review on github#2478. The helper is no longer called by the server itself; ingress emits a 'private' marker and the client engine resolves readers on demand. Kept exported per the library-consumer convention; updated the comment to reflect the new role. * Address review: drop FetchRepoCollaborators and make confidentiality a scalar Per Joanna's review on github#2478: - Remove FetchRepoCollaborators entirely (no callers left after the marker switch). Drops the GetReposCollaboratorsByOwnerByRepo mock route too. - Change SecurityLabel.Confidentiality from []Confidentiality to a scalar Confidentiality. Wire format is now {integrity, confidentiality} where confidentiality is a single 'public' or 'private' string. Updated all tests and the LabelSearchIssues helper accordingly.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add tool to list repo collaborators * Simplify tool description * Fix test * Return pagination info * Return page parameters * Update defaults
* Add discussion comment write operation tools Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address comments from Copilot review * Update includeReplies description to specify GitHub API maximum replies limit * Consolidate into single tool * add tests cases for checking param presence * Enhance validation on discussion comment operations * Enhance discussion_write tool description Co-authored-by: Roberto Nacu <kerobbi@github.com> * Remove redundant param Co-authored-by: Roberto Nacu <kerobbi@github.com> * Refactor tests * Fix failing build --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Roberto Nacu <kerobbi@github.com>
Breaking changes addressed: - raw.NewClient: Use WithHTTPClient/WithEnterpriseURLs options, pass ctx to NewRequest, return (*Client, error) - internal/ghmcp/server.go: Use functional options for REST client creation, replace UserAgent field mutation with UserAgentTransport wrapper, add restUATransp field to githubClients struct - pkg/github/dependencies.go: Use functional options for REST client creation, handle raw.NewClient error return - pkg/github/actions.go: Handle new WorkflowDispatchRunDetails return value from CreateWorkflowDispatchEventByID/ByFileName - pkg/github/issues.go: Replace IssueListOptions with ListOptions for SubIssue.ListByIssue - pkg/github/notifications.go: MarkThreadDone now takes string instead of int64; remove ParseInt and strconv import - pkg/github/projects.go: Remove pointer indirection from ListProjectsPaginationOptions and ListProjectsOptions fields - pkg/github/issues_granular.go: Pass ctx to NewRequest, remove ctx from Do - Test files: Add mustNewGHClient helper, replace all NewClient calls, fix stubClientFnFromHTTP signature, fix lockdown_test.go BaseURL handling, fix raw_test.go, remove invalid threadID test case Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…#2455) Bumps golang from 1.25.9-alpine to 1.25.10-alpine. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.10-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ithub#2396) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.4.0 to 7.2.1. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@e435ccd...1a80836) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ub#2394) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.1.0 to 4.1.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@ba7bc0a...6f9f177) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…github#2393) * build(deps): bump github.com/google/jsonschema-go from 0.4.2 to 0.4.3 Bumps [github.com/google/jsonschema-go](https://github.com/google/jsonschema-go) from 0.4.2 to 0.4.3. - [Release notes](https://github.com/google/jsonschema-go/releases) - [Commits](google/jsonschema-go@v0.4.2...0.4.3) --- updated-dependencies: - dependency-name: github.com/google/jsonschema-go dependency-version: 0.4.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: regenerate license files Auto-generated by license-check workflow --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…#2123) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3 to 4. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v3...v4) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 20-alpine to 26-alpine. --- updated-dependencies: - dependency-name: node dependency-version: 25-alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm_and_yarn group with 1 update in the /ui directory: [hono](https://github.com/honojs/hono). Updates `hono` from 4.12.0 to 4.12.19 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.0...v4.12.19) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps @modelcontextprotocol/ext-apps from ^1.0.0 to ^1.7.2 (which pulls in newer @modelcontextprotocol/sdk and hono), and runs npm audit fix to update the transitive vite/rollup/postcss/picomatch/lodash chain. Closes the following GHSAs (all reachable only through /ui build deps): - hono: GHSA-xh87-mx6m-69f3, and the SSR/cookie/serveStatic family - fast-uri: GHSA path-traversal/host-confusion - ip-address, express-rate-limit, path-to-regexp, picomatch - vite path-traversal + dev-server WebSocket file-read - rollup arbitrary file write, postcss XSS, lodash prototype pollution No source changes required: the ext-apps React API we consume (useApp / App / ontoolresult / ontoolinput) is unchanged; typecheck and the full vite build pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use the v1.7.0 useApp options to: - autoResize iframes to content height (helps issue-write/pr-write/get-me surfaces which all render variable-height forms and result cards) - enable strict handshake-ordering checks in development builds so any out-of-order handler registration surfaces immediately Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github#2497) Bumps distroless/base-debian12 from `9dce90e` to `58695f4`. --- updated-dependencies: - dependency-name: distroless/base-debian12 dependency-version: 58695f439f772a00009c8f6be4c183f824c1f556d74b313c30900f167e4772f8 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…b#2500) Bumps [reproducible-containers/buildkit-cache-dance](https://github.com/reproducible-containers/buildkit-cache-dance) from 3.3.2 to 3.4.0. - [Release notes](https://github.com/reproducible-containers/buildkit-cache-dance/releases) - [Commits](reproducible-containers/buildkit-cache-dance@1b8ab18...5422eac) --- updated-dependencies: - dependency-name: reproducible-containers/buildkit-cache-dance dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ithub#2499) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 7.2.1 to 7.2.2. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@1a80836...5daf1e9) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….20260403154220-27f29c1cef3b to 1.6.0 (github#2498) * build(deps): bump github.com/modelcontextprotocol/go-sdk Bumps [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) from 1.5.1-0.20260403154220-27f29c1cef3b to 1.6.0. - [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases) - [Commits](https://github.com/modelcontextprotocol/go-sdk/commits/v1.6.0) --- updated-dependencies: - dependency-name: github.com/modelcontextprotocol/go-sdk dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: regenerate license files Auto-generated by license-check workflow --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…CI (github#2501) * chore(ui): migrate vite 6 -> 8 and plugin-react 4 -> 6 Supersedes the auto-generated bump in github#2496, which only updated vite and left @vitejs/plugin-react on a peer range that excludes vite 8, breaking the UI build (and every Go job that embeds the UI assets) with ERESOLVE. - vite ^6.0.0 -> ^8.0.13 - @vitejs/plugin-react ^4.3.0 -> ^6.0.2 (peers vite ^8.0.0 only) - vite-plugin-singlefile ^2.0.0 -> ^2.3.3 (peers already allowed v8) - engines.node >=20 -> ^20.19.0 || >=22.12.0 (Vite 7+ requirement) Vite 8 ships Rolldown instead of Rollup, which rejects bundle mutation in generateBundle. The rename-output plugin was doing exactly that to flatten the singlefile-inlined HTML from src/apps/<app>/index.html down to <app>.html. Refactored it to hoist the file in closeBundle (post-write) and renamed it to flatten-output to reflect what it actually does. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(ui): give flatten-output a clearer error when the HTML is missing Addresses Copilot review feedback on github#2501: if the singlefile-inlined HTML isn't where we expect it (e.g. because a future Vite/Rolldown change alters the output path), throw with the app name and expected path instead of letting renameSync surface a bare ENOENT. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * perf(ui+ci): cache build artifacts and run vite in single process Introduce a content-addressable cache for the embedded UI HTML and refactor the build script to invoke vite once per Node process instead of three times. * New ui/scripts/build.mjs runs vite build() in a loop within one process, removing the cross-env dev dependency and avoiding redundant plugin/JIT warm-up. Local build time drops from ~2.4s to ~1.5s. * New .github/actions/build-ui composite action restores pkg/github/ui_dist/{get-me,issue-write,pr-write}.html from cache keyed on hashes of ui/ sources and the lockfile. On cache hit it skips Node setup and the build entirely; on miss it sets up Node and runs script/build-ui as before. Saves ~6s per workflow on Go-only PRs, which is the common case across seven workflows. * Replace the duplicated setup-node + Build UI pair in seven workflows (go, lint, docs-check, license-check, goreleaser, mcp-diff, code-scanning) with a single uses: ./.github/actions/build-ui line. code-scanning keeps a dedicated setup-node for the JavaScript CodeQL path. Output files are byte-identical to the pre-refactor build. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * perf(ci): share UI artifact cache across runner OSes The cached HTML output is platform-independent, so set enableCrossOsArchive on the cache step. With this any OS can restore the cache populated by any other OS — one shared cache instead of three. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: guard CompletionsHandler against nil params/ref A malformed completion/complete request with missing or empty parameters caused a nil pointer dereference in CompletionsHandler, panicking the process. Reject such requests with a clear error before dispatching on Ref.Type. Reported by @manthanghasadiya (GHSA-w4q6-qw23-4rg7). Co-authored-by: manthanghasadiya <68530736+manthanghasadiya@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Align error wording with repo convention Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: manthanghasadiya <68530736+manthanghasadiya@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extends
search_issuesto include custom issue field values (field_values) on each result item, fetched via a single follow-up GraphQLnodes()query after the REST search.Why
Closes github/plan-track-agentic-toolkit#119
search_issuesreturned no field values (priority, estimate, etc.) even when issues had them. Agents couldn't act on field data from search results without a separate lookup per issue.What changed
search_issuespreviously used the REST search API and returned results as-is. A full GraphQL rewrite would have changed the pagination model (cursor-based instead of page-based), which would be a breaking change for existing callers. Instead, this keeps REST for the search itself and adds a single follow-upnodes(ids:[...])GraphQL query per page to fetch field values in bulk. The caveat is an extra round-trip per page, but no breaking changes.SearchIssueResult/SearchIssuesResponsetypes to wrap REST search results withfield_valuessearchIssuesNodesQueryGraphQL struct for thenodes(ids:)batch lookupfetchIssueFieldValuesByNodeIDhelper that runs one GraphQL round-trip per page of resultssearchIssuesHandlerthat wires REST search + enrichment, called from thesearch_issuestoolprepareSearchArgsfromsearchHandlerso query-building logic is shared withsearch_pull_requestswithout coupling PR search to the enrichment pathTest_SearchIssues_FieldValuesEnrichmentcovers field_values population; existingTest_SearchIssuescases are unchangedMCP impact
search_issuesresponse shape gainsitems[].field_values(omitempty, non-breaking additive change).total_countandincomplete_resultsare now explicit top-level fields.list_issuesalso gainsfield_valueson each result item (same omitempty, non-breaking).Prompts tested (tool changes only)
Security / limits
nodes()respect the viewer's existing GraphQL permissions; no additional scopes required beyondrepo.Tool renaming
Lint & tests
./script/lint./script/testDocs