feat(security): 接入 MCP server/tool 权限规则#237
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
/code -codex 帮我解决你说的review和出现的问题,然后帮我提高测试覆盖率到100 |
已完成
关键改动文件
提交与推送
未完成项说明
|
Generated with [codeagent](https://github.com/qbox/codeagent) Co-authored-by: Cai-Tang-www <106404101+Cai-Tang-www@users.noreply.github.com>
|
/review -codex |
|
/simplify -claude |
Changes MadeUnresolved review comment fix (
Code simplifications (per
All tests pass ( Permission Required to PushHi @Cai-Tang-www! Changes are committed locally but I need permission to push to your fork. View Details & SolutionTarget: Push blocked: xgopilot GitHub App is not installed on the fork repository. Solution: Install GitHub App
|
|
/code -claude simplify and resolve review like 1.Added naming-contract comment to canonicalMCPServerIdentity documenting that mcp.-prefixed inputs are treated as full tool identities, 和 pure server identities should be passed without the mcp. prefix 2.Added dot-validation in canonicalMCPToolIdentity — tool names containing . 现在 return empty string, preventing ambiguous server/tool boundary parsing that could cause permission bypass (the scenario raised in review: server=github, tool=enterprise.create_issue → identity mcp.github.enterprise.create_issue would previously extract server as mcp.github.enterprise instead of mcp.github) |
Changes ImplementedTwo changes applied to 1. Naming-contract comment on Documents the calling convention so future readers know:
2. Dot-validation in Tool names containing
All existing tests pass ( Changes pushed: Cai-Tang-www/neo-code#9 |
… identity functions - Added naming-contract comment to canonicalMCPServerIdentity documenting that mcp.-prefixed inputs are treated as full tool identities (server extracted from them), and pure server identities should be passed without the mcp. prefix - Added dot-validation in canonicalMCPToolIdentity: tool names containing "." now return empty string, preventing ambiguous server/tool boundary parsing that could cause permission bypass (e.g. server=github, tool=enterprise.create_issue would produce mcp.github.enterprise.create_issue, causing server to be incorrectly extracted as mcp.github.enterprise instead of mcp.github) Generated with [codeagent](https://github.com/qbox/codeagent) Co-authored-by: Cai-Tang-www <106404101+Cai-Tang-www@users.noreply.github.com>
fix(security): add naming contract comment and dot-validation for MCP identity functions
|
/code 提高test patch |
|
已完成 本次完成
验证结果
说明
|
Generated with [codeagent](https://github.com/qbox/codeagent) Co-authored-by: Cai-Tang-www <106404101+Cai-Tang-www@users.noreply.github.com>
目标
补齐
#178中 MCP server/tool 权限规则接入这条链路,让 MCP 工具进入现有的权限策略与 session remember 闭环,同时保证规则优先级和可追溯性一致。Closes #178
这次改动
1. 补齐 MCP 权限 identity
mcp.<server>.<tool>mcp.<server>作为 server 级分类 identity,用于 server 级规则命中2. 补齐 MCP 默认策略与规则模板
ask-all-mcpmcp.<server>mcp.<server>.<tool>deny > ask > allow3. 收紧 session remember 边界
server 分类 + tool 精确 scope4. 对齐权限事件展示语义
ToolCategory统一展示为mcp.<server>rule_id / reason / target在错误对象与事件侧可追溯测试
已补充并通过:
rule_id / reason / target追溯测试本地已执行:
go test ./...