From 714aa469c37f76ae5934393a65a938da8072e89b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6khan=20Arkan?= Date: Wed, 13 May 2026 16:21:21 +0300 Subject: [PATCH 1/3] Annotate create_pull_request as destructive Sets destructiveHint: true on create_pull_request so the IFC client engine can apply egress policies before invocation. Refs github/copilot-mcp-core#1623. --- pkg/github/__toolsnaps__/create_pull_request.snap | 1 + pkg/github/pullrequests.go | 5 +++-- pkg/github/pullrequests_test.go | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg/github/__toolsnaps__/create_pull_request.snap b/pkg/github/__toolsnaps__/create_pull_request.snap index a8a94ce690..ecf37b91ca 100644 --- a/pkg/github/__toolsnaps__/create_pull_request.snap +++ b/pkg/github/__toolsnaps__/create_pull_request.snap @@ -9,6 +9,7 @@ } }, "annotations": { + "destructiveHint": true, "title": "Open new pull request" }, "description": "Create a new pull request in a GitHub repository.", diff --git a/pkg/github/pullrequests.go b/pkg/github/pullrequests.go index 0065b25a92..53ef3073ad 100644 --- a/pkg/github/pullrequests.go +++ b/pkg/github/pullrequests.go @@ -545,8 +545,9 @@ func CreatePullRequest(t translations.TranslationHelperFunc) inventory.ServerToo Name: "create_pull_request", Description: t("TOOL_CREATE_PULL_REQUEST_DESCRIPTION", "Create a new pull request in a GitHub repository."), Annotations: &mcp.ToolAnnotations{ - Title: t("TOOL_CREATE_PULL_REQUEST_USER_TITLE", "Open new pull request"), - ReadOnlyHint: false, + Title: t("TOOL_CREATE_PULL_REQUEST_USER_TITLE", "Open new pull request"), + ReadOnlyHint: false, + DestructiveHint: jsonschema.Ptr(true), }, Meta: mcp.Meta{ "ui": map[string]any{ diff --git a/pkg/github/pullrequests_test.go b/pkg/github/pullrequests_test.go index 36a0207cc0..699010aae0 100644 --- a/pkg/github/pullrequests_test.go +++ b/pkg/github/pullrequests_test.go @@ -2198,6 +2198,8 @@ func Test_CreatePullRequest(t *testing.T) { assert.Equal(t, "create_pull_request", tool.Name) assert.NotEmpty(t, tool.Description) + require.NotNil(t, tool.Annotations.DestructiveHint) + assert.True(t, *tool.Annotations.DestructiveHint) schema := tool.InputSchema.(*jsonschema.Schema) assert.Contains(t, schema.Properties, "owner") assert.Contains(t, schema.Properties, "repo") From 7140333efcdd2cdc0d26aa8ec84f1ad2e54f0861 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6khan=20Arkan?= Date: Wed, 13 May 2026 16:30:40 +0300 Subject: [PATCH 2/3] Add nil check for tool.Annotations in Test_CreatePullRequest --- pkg/github/pullrequests_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/github/pullrequests_test.go b/pkg/github/pullrequests_test.go index 699010aae0..be0888097d 100644 --- a/pkg/github/pullrequests_test.go +++ b/pkg/github/pullrequests_test.go @@ -2198,6 +2198,7 @@ func Test_CreatePullRequest(t *testing.T) { assert.Equal(t, "create_pull_request", tool.Name) assert.NotEmpty(t, tool.Description) + require.NotNil(t, tool.Annotations) require.NotNil(t, tool.Annotations.DestructiveHint) assert.True(t, *tool.Annotations.DestructiveHint) schema := tool.InputSchema.(*jsonschema.Schema) From 3f5828fe7756168f345a5be2b4124e41c6786ea9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6khan=20Arkan?= Date: Thu, 14 May 2026 08:44:47 +0300 Subject: [PATCH 3/3] format fix --- pkg/github/pullrequests_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/github/pullrequests_test.go b/pkg/github/pullrequests_test.go index be0888097d..0553824547 100644 --- a/pkg/github/pullrequests_test.go +++ b/pkg/github/pullrequests_test.go @@ -1082,7 +1082,6 @@ func Test_SearchPullRequests(t *testing.T) { } }) } - } func Test_GetPullRequestFiles(t *testing.T) {