[guard-coverage] Guard coverage gap: 21 granular MCP tools from github-mcp-server not classified as write operations

[github-actions]

Summary

The GitHub guard does not classify 21 granular mutation tools recently added to github-mcp-server as write or read-write operations. These tools will fall through to operation = "read" in the guard, bypassing DIFC integrity enforcement entirely — allowing agents with low integrity to invoke mutating operations without classification.

• MCP tools scanned: 101 (up from 80 last run — 21 net new tools)
• CLI write commands scanned: 63
• Guard-covered write tools (tools.rs): 57 in WRITE_OPERATIONS + 9 in READ_WRITE_OPERATIONS = 66
• New gaps found this run: 21

---

MCP Tool Classification Gaps (tools.rs)

These MCP tools perform write or mutating operations but are missing from WRITE_OPERATIONS or READ_WRITE_OPERATIONS in guards/github-guard/rust-guard/src/tools.rs. They are all recently added granular tools introduced alongside the existing composite tools (issue_write, sub_issue_write, update_pull_request, pull_request_review_write).

Granular Issue Update Tools (7)

Tool Name	HTTP Method	Operation	Suggested Classification
update_issue_assignees	PATCH	Update issue assignees	WRITE_OPERATIONS
update_issue_body	PATCH	Update issue body text	WRITE_OPERATIONS
update_issue_labels	PATCH	Update issue labels	WRITE_OPERATIONS
update_issue_milestone	PATCH	Update issue milestone	WRITE_OPERATIONS
update_issue_state	PATCH	Open or close an issue	WRITE_OPERATIONS
update_issue_title	PATCH	Update issue title	WRITE_OPERATIONS
update_issue_type	PATCH	Update issue type	WRITE_OPERATIONS

Granular PR Update Tools (4)

Tool Name	HTTP Method	Operation	Suggested Classification
update_pull_request_body	PATCH	Update PR body text	READ_WRITE_OPERATIONS
update_pull_request_draft_state	PATCH	Convert PR to/from draft	READ_WRITE_OPERATIONS
update_pull_request_state	PATCH	Open or close a PR	READ_WRITE_OPERATIONS
update_pull_request_title	PATCH	Update PR title	READ_WRITE_OPERATIONS

Sub-Issue Management Tools (3)

Tool Name	HTTP Method	Operation	Suggested Classification
add_sub_issue	POST	Add a sub-issue to an issue	WRITE_OPERATIONS
remove_sub_issue	DELETE/POST	Remove a sub-issue from an issue	WRITE_OPERATIONS
reprioritize_sub_issue	PATCH	Reorder sub-issues	WRITE_OPERATIONS

PR Review Tools (7)

Tool Name	HTTP Method	Operation	Suggested Classification
add_pull_request_review_comment	POST	Add inline comment to a PR review	WRITE_OPERATIONS
create_pull_request_review	POST	Create a new PR review	WRITE_OPERATIONS
delete_pending_pull_request_review	DELETE	Delete a pending (unsent) review	WRITE_OPERATIONS
request_pull_request_reviewers	POST	Request reviewers for a PR	WRITE_OPERATIONS
resolve_review_thread	PUT	Mark a review thread as resolved	WRITE_OPERATIONS
submit_pending_pull_request_review	POST	Submit a pending review (approve/request changes/comment)	WRITE_OPERATIONS
unresolve_review_thread	PUT	Re-open a resolved review thread	WRITE_OPERATIONS

Suggested fix for tools.rs

// Add to WRITE_OPERATIONS:
pub const WRITE_OPERATIONS: &[&str] = &[
    // ... existing entries ...

    // Granular issue update tools (alongside issue_write composite)
    "update_issue_assignees", // PATCH /repos/.../issues/{number} — assignees
    "update_issue_body",      // PATCH /repos/.../issues/{number} — body text
    "update_issue_labels",    // PATCH /repos/.../issues/{number} — labels
    "update_issue_milestone", // PATCH /repos/.../issues/{number} — milestone
    "update_issue_state",     // PATCH /repos/.../issues/{number} — open/closed
    "update_issue_title",     // PATCH /repos/.../issues/{number} — title
    "update_issue_type",      // PATCH /repos/.../issues/{number} — type

    // Sub-issue management tools (alongside sub_issue_write composite)
    "add_sub_issue",          // POST  /repos/.../issues/{number}/sub_issues
    "remove_sub_issue",       // DELETE/POST — remove sub-issue link
    "reprioritize_sub_issue", // PATCH — reorder sub-issues

    // PR review tools (alongside pull_request_review_write composite)
    "add_pull_request_review_comment",  // POST /repos/.../pulls/{number}/comments
    "create_pull_request_review",       // POST /repos/.../pulls/{number}/reviews
    "delete_pending_pull_request_review", // DELETE /repos/.../pulls/{number}/reviews/{id}
    "request_pull_request_reviewers",   // POST /repos/.../pulls/{number}/requested_reviewers
    "resolve_review_thread",            // PUT  /graphql — resolveReviewThread
    "submit_pending_pull_request_review", // POST /repos/.../pulls/{number}/reviews/{id}/events
    "unresolve_review_thread",          // PUT  /graphql — unresolveReviewThread
];

// Add to READ_WRITE_OPERATIONS:
pub const READ_WRITE_OPERATIONS: &[&str] = &[
    // ... existing entries ...

    // Granular PR update tools (alongside update_pull_request composite)
    "update_pull_request_body",         // PATCH — modifies PR body
    "update_pull_request_draft_state",  // PATCH — converts to/from draft
    "update_pull_request_state",        // PATCH — opens or closes a PR
    "update_pull_request_title",        // PATCH — modifies PR title
];

---

MCP Tool DIFC Labeling Gaps (tool_rules.rs)

All 21 missing write tools above also lack explicit match arms in apply_tool_labels in guards/github-guard/rust-guard/src/labels/tool_rules.rs. After the classification fix, each should get a match arm to apply correct repo-scoped secrecy and writer-level integrity.

Suggested pattern: follow the existing "create_issue" | "issue_write" | ... arm for issue tools and "update_pull_request" arm for PR tools.

---

GitHub CLI-Only Gaps

No new CLI-only gaps identified this run beyond already-tracked entries. The guard's pre-emptive entries cover all major CLI write categories.

---

Stale Guard Entries

No stale entries detected. All non-MCP entries in WRITE_OPERATIONS and READ_WRITE_OPERATIONS are correctly annotated as pre-emptive or deprecated-alias entries.

---

References

• github-mcp-server tools
• GitHub CLI commands
• guard tools.rs
• guard tool_rules.rs
• Run: §24420709166

Generated by GitHub Guard Coverage Checker (MCP + CLI) · ● 857.5K · ◷

• expires on Apr 28, 2026, 8:20 PM UTC