Don't filter read-only repo tools (work on public repos without scope)

SamMorrowDrums · SamMorrowDrums · commit c428f72863fb · 2026-01-05T16:05:24.000Z
diff --git a/pkg/github/scope_filter.go b/pkg/github/scope_filter.go
@@ -7,6 +7,29 @@ import (
 	"github.com/github/github-mcp-server/pkg/scopes"
 )
 
+// repoScopesSet contains scopes that grant access to repository content.
+// Tools requiring only these scopes work on public repos without any token scope,
+// so we don't filter them out even if the token lacks repo/public_repo.
+var repoScopesSet = map[string]bool{
+	string(scopes.Repo):       true,
+	string(scopes.PublicRepo): true,
+}
+
+// onlyRequiresRepoScopes returns true if all of the tool's accepted scopes
+// are repo-related scopes (repo, public_repo). Such tools work on public
+// repositories without needing any scope.
+func onlyRequiresRepoScopes(acceptedScopes []string) bool {
+	if len(acceptedScopes) == 0 {
+		return false
+	}
+	for _, scope := range acceptedScopes {
+		if !repoScopesSet[scope] {
+			return false
+		}
+	}
+	return true
+}
+
 // CreateToolScopeFilter creates an inventory.ToolFilter that filters tools
 // based on the token's OAuth scopes.
 //
@@ -19,6 +42,7 @@ import (
 //
 // The filter returns true (include tool) if:
 //   - The tool has no scope requirements (AcceptedScopes is empty)
+//   - The tool is read-only and only requires repo/public_repo scopes (works on public repos)
 //   - The token has at least one of the tool's accepted scopes
 //
 // Example usage:
@@ -31,6 +55,10 @@ import (
 //	inventory := github.NewInventory(t).WithFilter(filter).Build()
 func CreateToolScopeFilter(tokenScopes []string) inventory.ToolFilter {
 	return func(_ context.Context, tool *inventory.ServerTool) (bool, error) {
+		// Read-only tools requiring only repo/public_repo work on public repos without any scope
+		if tool.Tool.Annotations != nil && tool.Tool.Annotations.ReadOnlyHint && onlyRequiresRepoScopes(tool.AcceptedScopes) {
+			return true, nil
+		}
 		return scopes.HasRequiredScopes(tokenScopes, tool.AcceptedScopes), nil
 	}
 }
diff --git a/pkg/github/scope_filter_test.go b/pkg/github/scope_filter_test.go
@@ -27,11 +27,27 @@ func TestCreateToolScopeFilter(t *testing.T) {
 		AcceptedScopes: []string{"repo"},
 	}
 
+	toolRepoScopeReadOnly := &inventory.ServerTool{
+		Tool: mcp.Tool{
+			Name:        "repo_tool_readonly",
+			Annotations: &mcp.ToolAnnotations{ReadOnlyHint: true},
+		},
+		AcceptedScopes: []string{"repo"},
+	}
+
 	toolPublicRepoScope := &inventory.ServerTool{
 		Tool:           mcp.Tool{Name: "public_repo_tool"},
 		AcceptedScopes: []string{"public_repo", "repo"}, // repo is parent, also accepted
 	}
 
+	toolPublicRepoScopeReadOnly := &inventory.ServerTool{
+		Tool: mcp.Tool{
+			Name:        "public_repo_tool_readonly",
+			Annotations: &mcp.ToolAnnotations{ReadOnlyHint: true},
+		},
+		AcceptedScopes: []string{"public_repo", "repo"},
+	}
+
 	toolGistScope := &inventory.ServerTool{
 		Tool:           mcp.Tool{Name: "gist_tool"},
 		AcceptedScopes: []string{"gist"},
@@ -96,6 +112,18 @@ func TestCreateToolScopeFilter(t *testing.T) {
 			tool:        toolRepoScope,
 			expected:    false,
 		},
+		{
+			name:        "empty token scopes CAN see read-only repo tools (public repos)",
+			tokenScopes: []string{},
+			tool:        toolRepoScopeReadOnly,
+			expected:    true,
+		},
+		{
+			name:        "empty token scopes CAN see read-only public_repo tools",
+			tokenScopes: []string{},
+			tool:        toolPublicRepoScopeReadOnly,
+			expected:    true,
+		},
 		{
 			name:        "token with multiple scopes where one matches",
 			tokenScopes: []string{"gist", "repo"},
