github-mcp-server icon indicating copy to clipboard operation
github-mcp-server copied to clipboard
Published 2 weeks ago verified publisher icon github

feat: Add OAuth scopes to tool metadata (Phase 1)

Open SamMorrowDrums opened this issue 1 month ago • 0 comments

Summary

This PR adds OAuth scope metadata to all MCP tools, enabling clients to know which scopes are required for each tool before calling them.

Changes

New Package: pkg/scopes

  • scopes.go: OAuth scope constants based on GitHub's OAuth app scopes documentation

    • Scope type with constants for all GitHub OAuth scopes (Repo, PublicRepo, Notifications, Gist, SecurityEvents, Project, ReadProject, ReadOrg, etc.)
    • ScopeHierarchy map defining parent-child relationships (e.g., repo includes public_repo, security_events, etc.)
    • WithScopes() helper to create mcp.Tool.Meta maps
    • GetScopesFromMeta() to extract scopes from tool metadata
    • ScopeIncludes(), HasRequiredScopes() for scope checking

  • scopes_test.go: Comprehensive test coverage for all utilities

Tool Updates (~90 tools)

Added Meta: scopes.WithScopes(...) to all tool definitions:

Scope Tools
repo Most repository, issue, PR, actions, discussions, search tools
public_repo star_repository, unstar_repository
notifications All notification tools
gist create_gist, update_gist
security_events Code scanning, dependabot, secret scanning, security advisories
project Project write operations
read:project Project read operations
read:org get_teams, get_team_members, list_issue_types
No scope get_me, list_gists, get_gist (public reads)

Documentation Updates

  • generate_docs.go: Updated to include scope information in README output
  • README.md: Now shows (scopes: \repo`)` after each tool description
  • Toolsnaps: All updated with _meta.requiredOAuthScopes array

Testing

  • All existing tests pass
  • New test file pkg/scopes/scopes_test.go with tests for:
    • TestScopeString - Scope string conversion
    • TestScopeIncludes - Hierarchy checking
    • TestHasRequiredScopes - Multiple scope validation
    • TestWithScopes - Meta map creation
    • TestGetScopesFromMeta - Meta extraction
    • TestGetAcceptedScopes - Parent scope lookup
    • TestScopeStringsAndParseScopes - Round-trip conversion

Part of OAuth Scopes Work (Phase 1 of 4)

  • Phase 1 (this PR): Add OAuth scopes to tool metadata ✅
  • Phase 2: Add fine-grained permissions to metadata
  • Phase 3: Create script to list required scopes for enabled tools
  • Phase 4: Export Go map for library usage

SamMorrowDrums avatar Nov 25 '25 13:11 SamMorrowDrums