Support GitHub MCP Server v1.3.0: add PR commits routing, guard docs, and spec updates

Copilot · web-flow · commit 138dca7f3c7d · 2026-06-16T18:55:54.000Z
diff --git a/guards/github-guard/docs/INTEGRITY_TAG_SPEC.md b/guards/github-guard/docs/INTEGRITY_TAG_SPEC.md
@@ -127,7 +127,7 @@ Resource labels are coarse pre-check labels by tool call.
 | `search_pull_requests` | baseline `none` (cross-repo coarse) | baseline `none` |
 | `get_commit` | start at max(author_association floor, approved); if default-branch reachable => merged | start at author_association floor; if default-branch reachable => merged; otherwise remain floor unless other endorsement applies |
 | `list_commits` | if ref is default/no-ref: merged; else max(author_association floor, approved) | if ref is default/no-ref: merged; else author_association floor (response items refine per commit) |
-| `get_file_contents` | default/no-ref: merged; otherwise approved (author floor does not usually apply to blob metadata) | default/no-ref: merged; otherwise approved |
+| `get_file_contents`, `get_file_blame` | default/no-ref: merged; otherwise approved (author floor does not usually apply to blob metadata) | default/no-ref: merged; otherwise approved |
 | `list_branches`, `list_tags`, `get_tag`, `list_releases`, `get_latest_release`, `get_release_by_tag`, `get_label`, `list_label`, `actions_get`, `actions_list`, `search_code`, `get_repository`, `search_repositories`, `get_repository_tree`, `list_discussion_categories` | approved | approved |
 | `get_job_logs` | approved | approved |
 | `list_discussions`, `get_discussion`, `get_discussion_comments` | max(author_association floor, approved) | author_association floor (user content) |
@@ -156,7 +156,7 @@ Response labels are fine-grained per item and are authoritative when available.
 | Issue item (`list_issues`, `search_issues`, `get_issue`) | max(author_association floor, approved) | author_association floor (NONE => `unapproved`, FIRST_TIMER => `none`) |
 | Pull request item (`list_pull_requests`, `search_pull_requests`, `get_pull_request`) | max(author_association floor, approved); if merged/default-branch reachable => merged | start from author_association floor; apply lineage baseline (direct => approved, forked => unapproved); if merged/default-branch reachable => merged |
 | Commit item (`list_commits`, `get_commit`) | max(author_association floor, approved); if default-branch reachable => merged | author_association floor; if default-branch reachable => merged; otherwise stay at floor unless other endorsement evidence applies |
-| File content item (`get_file_contents`) | default/no-ref: merged; otherwise approved | default/no-ref: merged; otherwise approved |
+| File content item (`get_file_contents`, `get_file_blame`) | default/no-ref: merged; otherwise approved | default/no-ref: merged; otherwise approved |
 | Branch/tag/release metadata item (`list_branches`, `list_tags`, `get_tag`, `list_releases`, `get_latest_release`, `get_release_by_tag`) | merged if tied to default branch, otherwise approved | merged if tied to default branch, otherwise approved |
 | Label metadata (`get_label`, `list_label`) | approved | approved |
 | GitHub Actions workflow/artifact metadata (`actions_get`, `actions_list`) | approved | approved |
@@ -177,6 +177,7 @@ Notes:
 - For user-authored objects that include `author_association`, response labeling starts from the author-association floor and then elevates with endorsement evidence.
 - For issue/PR/commit-style response objects, helper functions enforce explicit baseline `none` when no stronger integrity is present.
 - Response labeling is authoritative and may be more precise than coarse resource labels.
+- `pull_request_read` sub-method responses (e.g., `get_commits`, `get_files`, `get_reviews`, `get_review_comments`, `get_check_runs`) use PR-level resource labels from the tool call rather than per-item response labeling; the PR facts lookup (merge status, author association, fork lineage) provides the correct integrity bound for all PR sub-resources.
 
 ---
 
diff --git a/guards/github-guard/rust-guard/src/labels/response_items.rs b/guards/github-guard/rust-guard/src/labels/response_items.rs
@@ -102,7 +102,7 @@ pub fn label_response_items(
         // === Pull Requests - label by merged state ===
         "list_pull_requests" | "search_pull_requests" | "pull_request_read" | "get_pull_request" => {
             // For pull_request_read sub-methods that return non-PR objects (e.g.
-            // get_check_runs, get_files, get_review_comments, get_reviews,
+            // get_check_runs, get_commits, get_files, get_review_comments, get_reviews,
             // get_comments, get_diff, get_status), skip per-item response labeling.
             // The resource-level labels from tool_rules (which call
             // get_pull_request_facts) provide correct PR-scoped integrity.
diff --git a/internal/proxy/proxy_coverage_test.go b/internal/proxy/proxy_coverage_test.go
@@ -78,6 +78,14 @@ func TestMatchRoute_AdditionalRoutes(t *testing.T) {
 			wantArgs: map[string]interface{}{"owner": "org", "repo": "repo", "pullNumber": "7", "method": "get_review_comments"},
 		},
 
+		// PR commits (get_commits method, added in GitHub MCP Server v1.3.0)
+		{
+			name:     "PR commits",
+			path:     "/repos/github/gh-aw/pulls/42/commits",
+			wantTool: "pull_request_read",
+			wantArgs: map[string]interface{}{"owner": "github", "repo": "gh-aw", "pullNumber": "42", "method": "get_commits"},
+		},
+
 		// Search repositories
 		{
 			name:     "search repositories",
diff --git a/internal/proxy/router.go b/internal/proxy/router.go
@@ -120,6 +120,13 @@ var routes = []route{
 			return prArgs(m[1], m[2], m[3], "get_review_comments")
 		},
 	},
+	{
+		pattern:  regexp.MustCompile(`^/repos/([^/]+)/([^/]+)/pulls/(\d+)/commits$`),
+		toolName: "pull_request_read",
+		extractArgs: func(m []string) map[string]interface{} {
+			return prArgs(m[1], m[2], m[3], "get_commits")
+		},
+	},
 	{
 		pattern:  regexp.MustCompile(`^/repos/([^/]+)/([^/]+)/pulls/(\d+)$`),
 		toolName: "pull_request_read",
