Skip to content

Fail closed on unknown toolsets in strict mode#2118

Open
davidahmann wants to merge 1 commit into
github:mainfrom
davidahmann:codex/issue-2117-strict-unknown-toolsets
Open

Fail closed on unknown toolsets in strict mode#2118
davidahmann wants to merge 1 commit into
github:mainfrom
davidahmann:codex/issue-2117-strict-unknown-toolsets

Conversation

@davidahmann

Copy link
Copy Markdown

Problem

Unknown toolset names are currently ignored with warnings, which can silently broaden/alter effective exposure when configs contain typos.

Why now

Strict environments need deterministic fail-closed startup on unknown toolset inputs.

What changed

  • Added new CLI flag/config: --strict-toolsets (GITHUB_STRICT_TOOLSETS).
  • Wired strict setting from CLI/viper to stdio server config and GitHub server config.
  • Updated server behavior:
    • non-strict mode: keep current warning behavior for unrecognized toolsets
    • strict mode: fail startup when any configured toolset is unrecognized.
  • Added regression tests in pkg/github/server_test.go for strict fail and non-strict allow paths.
  • Updated docs/toolsets-and-icons.md with strict-mode behavior and migration path.

Validation

  • go test ./pkg/github -run "StrictToolsets|ResolveEnabledToolsets|NewMCPServer_CreatesSuccessfully"
  • go test ./cmd/github-mcp-server

Refs #2117

@davidahmann davidahmann requested a review from a team as a code owner March 1, 2026 16:49
@davidahmann

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant