Skip to content

Replace ingress IFC reader list with private marker#2478

Merged
JoannaaKL merged 4 commits into
mainfrom
gokhanarkan/fides-private-marker
May 14, 2026
Merged

Replace ingress IFC reader list with private marker#2478
JoannaaKL merged 4 commits into
mainfrom
gokhanarkan/fides-private-marker

Conversation

@gokhanarkan

Copy link
Copy Markdown
Member

Ingress IFC labels now emit a single private marker instead of the full collaborator list. The CLI engine fetches readers on demand at egress decision time (with pagination + caching), removing a wire-bloat ceiling for large private repos. Drops FetchRepoCollaborators from all five ingress hot paths. Breaking wire-format change for _meta.ifc — coordinate with the CLI cut-over. Refs github/copilot-mcp-core#1389.

Switches the ingress IFC labels from emitting a per-repo collaborator
list to a single 'private' marker. The CLI engine now fetches readers
from the GitHub endpoint on demand at egress decision time (P-F check),
with pagination + caching, which removes a wire-bloat ceiling for repos
with thousands of collaborators.

Drops the per-call FetchRepoCollaborators from list_issues, issue_read,
get_file_contents, search_issues, and search_repositories. The shared
LabelSearchIssues helper collapses to a single []bool argument; the
intersection logic and length-mismatch failure mode go away.

This is a breaking wire-format change for _meta.ifc consumers — coordinate
with the CLI cut-over.

Refs github/copilot-mcp-core#1389.
Copilot AI review requested due to automatic review settings May 14, 2026 10:29
@gokhanarkan gokhanarkan requested a review from a team as a code owner May 14, 2026 10:29
@gokhanarkan gokhanarkan self-assigned this May 14, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Replaces the per-result IFC collaborator (reader) list with a single opaque private marker, so private-repo labels no longer carry the full collaborator set on the wire. Callers (the CLI engine) are expected to resolve concrete readers on demand at egress decision time. This is a breaking wire-format change for _meta.ifc.

Changes:

  • pkg/ifc: add ConfidentialityPrivate; simplify PrivateTrusted/PrivateUntrusted to take no readers; replace LabelSearchIssues(visibilities, readerSets) (label, ok) with LabelSearchIssues(visibilities) label; drop toConfidentiality/intersectReaders helpers.
  • pkg/github ingress paths (issues.go, repositories.go, search.go): stop calling FetchRepoCollaborators and stop accepting/computing readerSets; rely solely on visibility.
  • Tests updated across ifc_test.go, issues_test.go, repositories_test.go, search_test.go to reflect the marker-only output and the new LabelSearchIssues signature.
Show a summary per file
File Description
pkg/ifc/ifc.go New private confidentiality marker; readers removed from constructors and LabelSearchIssues; helper functions deleted.
pkg/ifc/ifc_test.go Tests rewritten for marker semantics and the new single-return-value signature.
pkg/github/search.go attachSearchRepositoriesIFCLabel no longer fetches collaborators; signature simplified; passes only visibilities.
pkg/github/search_test.go Drops collaborator mocks/fixtures; asserts private marker instead of reader lists.
pkg/github/repositories.go GetFileContents IFC closure drops ifcReaders and collaborator fetching; comment updated.
pkg/github/repositories_test.go Removes collaborator mock; expects [private] confidentiality for private repos.
pkg/github/issues.go issue_read, search_issues post-process, and list_issues drop collaborator fetches and reader fallback to owner.
pkg/github/issues_test.go Removes collaborator mocks, fixtures, and the "collaborators lookup fails" subtests; updates expectations to the private marker.

Copilot's findings

  • Files reviewed: 8/8 changed files
  • Comments generated: 1
Comment thread pkg/github/repositories.go
Addresses Copilot review on #2478. The helper is no longer called by the
server itself; ingress emits a 'private' marker and the client engine
resolves readers on demand. Kept exported per the library-consumer
convention; updated the comment to reflect the new role.
Comment thread pkg/github/repositories.go Outdated
Comment thread pkg/github/search_test.go Outdated
…a scalar

Per Joanna's review on #2478:

- Remove FetchRepoCollaborators entirely (no callers left after the marker
  switch). Drops the GetReposCollaboratorsByOwnerByRepo mock route too.
- Change SecurityLabel.Confidentiality from []Confidentiality to a scalar
  Confidentiality. Wire format is now {integrity, confidentiality} where
  confidentiality is a single 'public' or 'private' string. Updated all
  tests and the LabelSearchIssues helper accordingly.
@gokhanarkan gokhanarkan requested a review from JoannaaKL May 14, 2026 10:49
@JoannaaKL JoannaaKL merged commit 39d86b8 into main May 14, 2026
18 checks passed
@JoannaaKL JoannaaKL deleted the gokhanarkan/fides-private-marker branch May 14, 2026 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants