Skip to content

feat: implement private-to-public-flows: allow as a tools.github frontmatter field #45112

Description

@lpcox

Summary

The MCP Gateway spec (v1.15.0, Section 10.9 — added in #44305) documents private-to-public-flows as a workflow frontmatter option that opts out of the Write-Sink Guard Policy's cross-visibility protections. The gateway already supports forcePublicRepos and sinkVisibilityExemptServers config fields. However, the compiler does not yet parse or emit this frontmatter field — it exists only in spec and schema descriptions.

This issue tracks implementing the field as a sub-key under tools.github so that workflows in public repos can access private repositories when the token permits it.

Proposed Frontmatter Syntax

tools:
  github:
    private-to-public-flows: allow

Or the list form for per-server exemptions:

tools:
  github:
    private-to-public-flows:
      - github-mcp-server
      - custom-server-id

Work Required

1. Workflow Schema (pkg/workflow/schemas/)

  • Add private-to-public-flows to the workflow frontmatter JSON schema under tools.github
  • Accept either the string "allow" (blanket opt-out) or an array of server ID strings (selective exemption)
  • Add validation: field is only meaningful when tools.github is configured

2. Workflow Parser (pkg/workflow/)

  • Parse the new field from frontmatter into the workflow struct
  • Add a PrivateToPublicFlows field (or similar) to the GitHub tools config struct

3. Compiler Emission (pkg/workflow/)

  • When private-to-public-flows: allow → emit "forcePublicRepos": false in the MCP gateway JSON config
  • When private-to-public-flows: [server-ids...] → emit "sinkVisibilityExemptServers": [...] in the gateway config
  • Record the opt-out in the compiled lock file audit trail

4. Docs Update (docs/src/content/docs/reference/github-tools.md)

  • Add a section under "GitHub Cross-Repository Reading" documenting the new field
  • Explain the security implications and when to use it
  • Cross-reference the MCP Gateway spec Section 10.9

5. Tests

  • Unit tests for parsing both forms (string and list)
  • Compiler tests verifying correct gateway config emission
  • Validation tests (e.g., invalid values rejected)

Context

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions