lockdown

package

v1.1.2 Latest Latest Go to latest Published: May 29, 2026 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/github/github-mcp-server

Links

Documentation ¶

Index ¶

type CacheStats
type RepoAccessCache
- func NewRepoAccessCache(client *githubv4.Client, restClient *github.Client, opts ...RepoAccessOption) *RepoAccessCache
- func (c *RepoAccessCache) IsSafeContent(ctx context.Context, username, owner, repo string) (bool, error)
type RepoAccessInfo
type RepoAccessOption

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CacheStats ¶ added in v0.22.0

type CacheStats struct {
	Hits      int64
	Misses    int64
	Evictions int64
}

CacheStats summarizes cache activity counters.

type RepoAccessCache ¶ added in v0.22.0

type RepoAccessCache struct {
	// contains filtered or unexported fields
}

RepoAccessCache caches repository metadata related to lockdown checks so that multiple tools can reuse the same access information safely across goroutines. In HTTP mode each request must construct its own instance so viewer-scoped lookups run under the requesting user's credentials.

func NewRepoAccessCache ¶ added in v1.0.3

func NewRepoAccessCache(client *githubv4.Client, restClient *github.Client, opts ...RepoAccessOption) *RepoAccessCache

NewRepoAccessCache creates a RepoAccessCache bound to the supplied clients.

func (*RepoAccessCache) IsSafeContent ¶ added in v0.22.0

func (c *RepoAccessCache) IsSafeContent(ctx context.Context, username, owner, repo string) (bool, error)

IsSafeContent determines if the specified user can safely access the requested repository content. Safe access applies when any of the following is true: - the content was created by a trusted bot; - the author currently has push access to the repository; - the repository is private; - the content was created by the viewer.

type RepoAccessInfo ¶ added in v0.22.0

type RepoAccessInfo struct {
	IsPrivate     bool
	HasPushAccess bool
}

RepoAccessInfo captures repository metadata needed for lockdown decisions.

type RepoAccessOption ¶ added in v0.22.0

type RepoAccessOption func(*RepoAccessCache)

RepoAccessOption configures RepoAccessCache at construction time.

func WithCacheName ¶ added in v0.22.0

func WithCacheName(name string) RepoAccessOption

WithCacheName overrides the cache table name used for storing entries. Use this to isolate cache entries between tenants or in tests.

func WithLogger ¶ added in v0.22.0

func WithLogger(logger *slog.Logger) RepoAccessOption

WithLogger sets the logger used for cache diagnostics.

func WithTTL ¶ added in v0.22.0

func WithTTL(ttl time.Duration) RepoAccessOption

WithTTL overrides the default TTL applied to cache entries. A non-positive duration disables expiration.

Source Files ¶

View all Source files

lockdown.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL