Skip to content

Guard coverage: classify create_agent_task as read-write and blocked #3139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lpcox merged 2 commits into from
Apr 4, 2026
+35 −1
Merged

Guard coverage: classify create_agent_task as read-write and blocked #3139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b75c75f
Initial plan
Copilot Apr 4, 2026
44a4fc3
Guard coverage: add create_agent_task as read/write and blocked (unsu…
Copilot Apr 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions guards/github-guard/rust-guard/src/labels/tool_rules.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -627,6 +627,15 @@ pub fn apply_tool_labels(
integrity = writer_integrity(repo_id, ctx);
}

// === Copilot coding-agent task (blocked: unsupported agent operation) ===
"create_agent_task" => {
// Creates a Copilot coding-agent job that modifies repo branches and opens a PR.
// Blocked via is_blocked_tool(); secrecy applied so the resource is correctly
// classified before the integrity override in label_resource.
// S = S(repo); I = blocked (override applied in label_resource)
secrecy = apply_repo_visibility_secrecy(&owner, &repo, repo_id, secrecy, ctx);
}
Comment on lines +630 to +637
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apply_tool_labels now has a dedicated create_agent_task arm to apply repo-visibility secrecy, but there’s no unit test exercising this new labeling behavior. Please add a test (similar to test_apply_tool_labels_transfer_repository_secrecy_inherits_repo_visibility in labels/mod.rs) to ensure the create_agent_task arm is hit and continues to apply repo-visibility secrecy as intended.

Copilot uses AI. Check for mistakes.

// === Copilot agent operations (repo-scoped) ===
"assign_copilot_to_issue" | "request_copilot_review" => {
// Copilot assignment/review requests return repo-scoped content.
Expand Down
27 changes: 26 additions & 1 deletion guards/github-guard/rust-guard/src/tools.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ pub const READ_WRITE_OPERATIONS: &[&str] = &[
"issue_write",
"sub_issue_write",
"update_gist",
// Pre-emptive entries for anticipated future MCP tools (no equivalent tool today)
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment says these are “pre-emptive entries … (no equivalent tool today)”, but create_agent_task is an actual supported tool name being classified/blocked in this PR. Please reword this header comment so it doesn’t imply the tool doesn’t exist (it’s misleading for future readers reviewing guard coverage).

Suggested change
// Pre-emptive entries for anticipated future MCP tools (no equivalent tool today)
// Additional guarded read-write operations, including supported tool mappings that remain blocked

Copilot uses AI. Check for mistakes.
// gh agent-task create — creates a Copilot coding-agent job (branch + PR); blocked as unsupported
"create_agent_task",
];

/// Check if a tool is a write operation
Expand Down Expand Up @@ -121,10 +124,16 @@ pub fn is_unlock_operation(tool_name: &str) -> bool {
/// symmetric to `archive_repository` and equally unsupported.
/// - `rename_repository`: renames a repository, breaking all clone URLs, webhooks, and external
/// references; unsupported as an agent operation.
/// - `create_agent_task`: creates a Copilot coding-agent job that opens a branch and PR;
/// unsupported as a directly invocable agent operation.
pub fn is_blocked_tool(tool_name: &str) -> bool {
matches!(
tool_name,
"transfer_repository" | "archive_repository" | "unarchive_repository" | "rename_repository"
"transfer_repository"
| "archive_repository"
| "unarchive_repository"
| "rename_repository"
| "create_agent_task"
)
}

Expand Down Expand Up @@ -210,4 +219,20 @@ mod tests {
);
}
}

#[test]
fn test_create_agent_task_is_read_write_and_blocked() {
assert!(
is_read_write_operation("create_agent_task"),
"create_agent_task must be classified as a read-write operation"
);
assert!(
is_blocked_tool("create_agent_task"),
"create_agent_task must be unconditionally blocked (unsupported agent operation)"
);
assert!(
!is_write_operation("create_agent_task"),
"create_agent_task should not be in WRITE_OPERATIONS (it is in READ_WRITE_OPERATIONS)"
Comment on lines +234 to +235
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test asserts !is_write_operation("create_agent_task"), which bakes in the current implementation detail that read-write ops are excluded from is_write_operation. Since is_write_operation is only used as part of operation classification (and could reasonably be broadened to include read-write ops in the future), consider removing this assertion or instead asserting that the labeled operation is "read-write" / that it’s not explicitly listed in WRITE_OPERATIONS.

Suggested change
!is_write_operation("create_agent_task"),
"create_agent_task should not be in WRITE_OPERATIONS (it is in READ_WRITE_OPERATIONS)"
!WRITE_OPERATIONS.contains(&"create_agent_task"),
"create_agent_task should not be explicitly listed in WRITE_OPERATIONS (it is in READ_WRITE_OPERATIONS)"

Copilot uses AI. Check for mistakes.
);
}
}
Loading