From 7ce13bf96789f896a86f2ca36118fbe0007034b0 Mon Sep 17 00:00:00 2001 From: Man Yue Mo Date: Fri, 10 Oct 2025 08:13:02 +0000 Subject: [PATCH 1/4] Add optional headers to restrict GitHub mcp server toolsets --- mcp_utils.py | 21 +++++++++++++++++++ .../example_large_list_result_iter.yaml | 2 ++ toolboxes/github_official.yaml | 5 ++++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/mcp_utils.py b/mcp_utils.py index 3a7507c..aec688d 100644 --- a/mcp_utils.py +++ b/mcp_utils.py @@ -314,6 +314,17 @@ def mcp_client_params(available_toolboxes: dict, requested_toolboxes: list): if headers and isinstance(headers, dict): for k, v in headers.items(): headers[k] = swap_env(v) + optional_headers = available_toolboxes[tb]['server_params'].get('optional_headers') + # support {{ env SOMETHING }} for header values as well for e.g. tokens + remove_key = {} + if optional_headers and isinstance(optional_headers, dict): + for k, v in dict(optional_headers).items(): + try: + optional_headers[k] = swap_env(v) + except LookupError as e: + del optional_headers[k] + pass + headers.update(optional_headers) # if None will default to float(5) in client code timeout = available_toolboxes[tb]['server_params'].get('timeout') server_params['url'] = available_toolboxes[tb]['server_params'].get('url') @@ -329,6 +340,16 @@ def mcp_client_params(available_toolboxes: dict, requested_toolboxes: list): if headers and isinstance(headers, dict): for k, v in headers.items(): headers[k] = swap_env(v) + optional_headers = available_toolboxes[tb]['server_params'].get('optional_headers') + # support {{ env SOMETHING }} for header values as well for e.g. tokens + if optional_headers and isinstance(optional_headers, dict): + for k, v in dict(optional_headers).items(): + try: + optional_headers[k] = swap_env(v) + except LookupError as e: + del optional_headers[k] + pass + headers.update(optional_headers) # if None will default to float(5) in client code timeout = available_toolboxes[tb]['server_params'].get('timeout') server_params['url'] = available_toolboxes[tb]['server_params'].get('url') diff --git a/taskflows/examples/example_large_list_result_iter.yaml b/taskflows/examples/example_large_list_result_iter.yaml index bb0ae87..2733351 100644 --- a/taskflows/examples/example_large_list_result_iter.yaml +++ b/taskflows/examples/example_large_list_result_iter.yaml @@ -13,6 +13,8 @@ taskflow: You do not need to provide a summary of the results. toolboxes: - github_official + env: + GITHUB_MCP_TOOLSETS: pull_requests - task: must_complete: true repeat_prompt: true diff --git a/toolboxes/github_official.yaml b/toolboxes/github_official.yaml index e1cde32..0d565bf 100644 --- a/toolboxes/github_official.yaml +++ b/toolboxes/github_official.yaml @@ -6,4 +6,7 @@ server_params: kind: streamable url: https://api.githubcopilot.com/mcp/ headers: - Authorization: "{{ env GITHUB_AUTH_HEADER }}" \ No newline at end of file + Authorization: "{{ env GITHUB_AUTH_HEADER }}" + optional_headers: + X-MCP-Toolsets: "{{ env GITHUB_MCP_TOOLSETS }}" + X-MCP-Readonly: "{{ env GITHUB_MCP_READONLY }}" \ No newline at end of file From d3c8b0ef33f584611b47b78befc3738de656ad86 Mon Sep 17 00:00:00 2001 From: Man Yue Mo Date: Fri, 10 Oct 2025 08:14:56 +0000 Subject: [PATCH 2/4] remove unused variable --- mcp_utils.py | 1 - 1 file changed, 1 deletion(-) diff --git a/mcp_utils.py b/mcp_utils.py index aec688d..eb0272a 100644 --- a/mcp_utils.py +++ b/mcp_utils.py @@ -316,7 +316,6 @@ def mcp_client_params(available_toolboxes: dict, requested_toolboxes: list): headers[k] = swap_env(v) optional_headers = available_toolboxes[tb]['server_params'].get('optional_headers') # support {{ env SOMETHING }} for header values as well for e.g. tokens - remove_key = {} if optional_headers and isinstance(optional_headers, dict): for k, v in dict(optional_headers).items(): try: From 1f8f63e5f4074588483b27a9ae84ea5fd0893c57 Mon Sep 17 00:00:00 2001 From: Man Yue Mo Date: Fri, 10 Oct 2025 08:37:04 +0000 Subject: [PATCH 3/4] address copilot comment --- mcp_utils.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/mcp_utils.py b/mcp_utils.py index eb0272a..dd64909 100644 --- a/mcp_utils.py +++ b/mcp_utils.py @@ -322,8 +322,11 @@ def mcp_client_params(available_toolboxes: dict, requested_toolboxes: list): optional_headers[k] = swap_env(v) except LookupError as e: del optional_headers[k] - pass - headers.update(optional_headers) + if isinstance(headers, dict): + if isinstance(optional_headers, dict): + headers.update(optional_headers) + elif isinstance(optional_headers, dict): + headers = optional_headers # if None will default to float(5) in client code timeout = available_toolboxes[tb]['server_params'].get('timeout') server_params['url'] = available_toolboxes[tb]['server_params'].get('url') @@ -347,8 +350,11 @@ def mcp_client_params(available_toolboxes: dict, requested_toolboxes: list): optional_headers[k] = swap_env(v) except LookupError as e: del optional_headers[k] - pass - headers.update(optional_headers) + if isinstance(headers, dict): + if isinstance(optional_headers, dict): + headers.update(optional_headers) + elif isinstance(optional_headers, dict): + headers = optional_headers # if None will default to float(5) in client code timeout = available_toolboxes[tb]['server_params'].get('timeout') server_params['url'] = available_toolboxes[tb]['server_params'].get('url') From a0d83e6253d9cbf40741732a079e6629a5d5ab4b Mon Sep 17 00:00:00 2001 From: Man Yue Mo Date: Fri, 10 Oct 2025 08:41:40 +0000 Subject: [PATCH 4/4] add doc link --- toolboxes/github_official.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/toolboxes/github_official.yaml b/toolboxes/github_official.yaml index 0d565bf..0bfa367 100644 --- a/toolboxes/github_official.yaml +++ b/toolboxes/github_official.yaml @@ -5,6 +5,7 @@ seclab-taskflow-agent: server_params: kind: streamable url: https://api.githubcopilot.com/mcp/ + #See https://github.com/github/github-mcp-server/blob/main/docs/remote-server.md headers: Authorization: "{{ env GITHUB_AUTH_HEADER }}" optional_headers: