Skip to content

[plan] Propagate MCP request context into checkActorPermission #18278

New issue
New issue
Closed
#18281
Closed
[plan] Propagate MCP request context into checkActorPermission#18278
#18281
Assignees
pelikhancopilot-swe-agent
Labels
ai-generatedcookieIssue Monster Loves Cookies!plan
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 25, 2026

Objective

Propagate the caller-provided context.Context into checkActorPermission instead of creating an independent context.Background()-derived context, so that MCP client disconnection and server shutdown are respected.

Context

From Sergo analysis run §22372431560 (discussion #18227).

checkActorPermission in pkg/cli/mcp_server_helpers.go creates its own 5-second timeout context from context.Background(), ignoring the live MCP request context passed by its callers. If the MCP client disconnects or the server shuts down, the parent context will be cancelled — but the GitHub API call inside checkActorPermission will continue for up to 5 seconds.

Current Code

// pkg/cli/mcp_server_helpers.go:205
func checkActorPermission(actor, validateActor, toolName string) error {
    ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
    defer cancel()
    permission, err := queryActorRole(ctx, actor, repo)
    ...
}

Callers pass a live ctx but do not thread it through:

// pkg/cli/mcp_tools_privileged.go:72
}, func(ctx context.Context, req *mcp.CallToolRequest, args logsArgs) (*mcp.CallToolResult, any, error) {
    if err := checkActorPermission(actor, validateActor, "logs"); err != nil { // ctx not passed

Approach

  1. Add ctx context.Context as the first parameter to checkActorPermission
  2. Derive the timeout context from the incoming ctx rather than context.Background(): 
    func checkActorPermission(ctx context.Context, actor, validateActor, toolName string) error {
    ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
    defer cancel()
    ...
}
  3. Update all call sites in pkg/cli/mcp_tools_privileged.go to pass ctx
  4. Update any tests for checkActorPermission

Files to Modify

  • pkg/cli/mcp_server_helpers.go — update checkActorPermission signature
  • pkg/cli/mcp_tools_privileged.go — update call sites to pass ctx
  • Any test files covering these functions

Acceptance Criteria

  • checkActorPermission accepts context.Context as its first parameter
  • The 5-second timeout is derived from the incoming context (not context.Background())
  • All call sites pass the live request ctx
  • MCP client cancellation propagates into the permission check
  • Existing tests pass; add a test verifying context cancellation is respected if feasible

Generated by Plan Command for issue #discussion #18227

  • expires on Feb 27, 2026, 6:22 AM UTC

Metadata

Metadata

Assignees

Labels

ai-generatedcookieIssue Monster Loves Cookies!plan

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions