-
Notifications
You must be signed in to change notification settings - Fork 4.4k
Expand file tree
/
Copy pathtools_static_validation_test.go
More file actions
36 lines (32 loc) · 1.37 KB
/
tools_static_validation_test.go
File metadata and controls
36 lines (32 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package github
import (
"os"
"testing"
"github.com/github/github-mcp-server/pkg/toolvalidation"
"github.com/stretchr/testify/require"
)
// TestAllToolRegistrationsExplicitlySetReadOnlyHint statically scans every
// non-test Go source file in this package and asserts that every mcp.Tool
// composite literal explicitly sets Annotations.ReadOnlyHint.
//
// The AST scan itself lives in pkg/toolvalidation so downstream packages
// (e.g. github/github-mcp-server-remote) can apply the same guardrail to
// their own tool registrations without duplicating the parser logic.
//
// This complements TestAllToolsHaveRequiredMetadata, which can only check
// that Annotations is non-nil at runtime: Go cannot distinguish an unset
// bool field from one explicitly set to false. Source-level validation
// closes that gap and prevents future tool registrations from silently
// defaulting ReadOnlyHint to false (which has caused downstream agents to
// prompt for human approval on read-intent tools).
//
// Related issue: github/github-mcp-server#2483
func TestAllToolRegistrationsExplicitlySetReadOnlyHint(t *testing.T) {
pkgDir, err := os.Getwd()
require.NoError(t, err, "must be able to resolve package directory")
violations, err := toolvalidation.ScanReadOnlyHint(pkgDir)
require.NoError(t, err)
if len(violations) > 0 {
t.Fatal(toolvalidation.FormatReadOnlyHintViolations(violations))
}
}