Skip to content

Add Safe Outputs formal specification with comprehensive permission documentation#15698

Merged
pelikhan merged 4 commits intomainfrom
copilot/create-mcp-gateway-specification
Feb 14, 2026
Merged

Add Safe Outputs formal specification with comprehensive permission documentation#15698
pelikhan merged 4 commits intomainfrom
copilot/create-mcp-gateway-specification

Conversation

Copy link
Contributor

Copilot AI commented Feb 14, 2026
edited
Loading

Adds W3C-style specification defining the Safe Outputs MCP Gateway's security model, operational semantics, and conformance requirements. The specification establishes normative behavior for all 30+ safe output types based on existing JavaScript handlers and Go compiler implementation.

Specification Structure

  • Security Architecture: Privilege separation model, threat scenarios, permission boundaries
  • Common Features:
    • max limits (defaults, inheritance, special value semantics for staged mode)
    • staged mode (preview execution, per-type vs global configuration)
    • footer attribution (composition, template variables, conditional installation instructions)
    • Content sanitization (7-stage pipeline for XSS prevention, mention filtering)
  • Safe Output Types: Complete MCP tool schemas, operational guarantees, validation rules for all types (create_issue, add_comment, push_to_pull_request_branch, etc.)
  • GitHub Permissions: Required GitHub Actions Token and GitHub App permissions for each safe output type, including conditional permissions based on features
  • Protocol Patterns: HTTP transport, NDJSON persistence, tool invocation lifecycle
  • Execution Guarantees: Atomicity, ordering, idempotency, error handling

Key Semantics Documented

Max Limit Interpretation:

safe-outputs:
  create-issue:
    max: 5  # Allow up to 5 operations
  
  push-to-pull-request-branch:
    staged: true  # Per-type staged mode
    max: 1        # Compiled to max: 0 in MCP config (hide from AI, handler active)

Staged Mode Behavior:

  • Global staged: true affects all types
  • Per-type staged: true sets max: 0 in MCP configuration (tool hidden from AI but handler processes previews)
  • Handlers check GH_AW_SAFE_OUTPUTS_STAGED environment variable and generate step summaries instead of GitHub API calls

Permission Documentation

Each safe output type now includes comprehensive permission requirements:

  • GitHub Actions Token Permissions: Standard workflow token requirements with detailed scope descriptions
  • GitHub App Permissions: Requirements when using safe-outputs.app configuration
  • Conditional Permissions: Features that require additional permissions (e.g., fallback-as-issue for create_pull_request, create-issue for missing_tool/missing_data)
  • Permission Scopes: contents, issues, pull-requests, discussions, security-events, actions, organization-projects
  • Special Cases: GitHub App-only permissions (organization-projects), cross-repository requirements, system types with no permission requirements

Conformance

Follows RFC 2119 conventions with normative keywords (MUST, SHALL, SHOULD, MAY). Defines full and partial conformance classes with testable requirements.

File: docs/src/content/docs/reference/safe-outputs-specification.md (2,800+ lines)

Custom agent used: w3c-specification-writer
AI technical specification writer following W3C conventions and best practices for formal specifications

Original prompt

Create a specification that defines the foundational security features of safe outout , how to interpret common features like "max" or "staged" and document each safe outout type as well.

Focus on guarantees and operational requirements based on tbe exiting JavaScript implementation, the docs, the go compiler.

create file name the MCP-gateway specification.

Custom agent used: w3c-specification-writer
AI technical specification writer following W3C conventions and best practices for formal specifications

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan
Copy link
Contributor

pelikhan commented Feb 14, 2026

@copilot name file as safe-outputs-specification.md next to mcp-gateway specification

@pelikhan
Add W3C-style Safe Outputs MCP Gateway specification
3572f33 
Create comprehensive formal specification defining:
- Security architecture and threat model
- Common features: max, staged, footers
- All 30+ safe output types with guarantees
- MCP integration patterns
- Content integrity mechanisms
- Execution guarantees

Specification follows W3C conventions with RFC 2119 conformance.
File: docs/src/content/docs/reference/safe-outputs-mcp-gateway-specification.md

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Create MCP gateway specification for security features Add Safe Outputs MCP Gateway formal specification Feb 14, 2026
Copilot AI requested a review from pelikhan February 14, 2026 16:16
@github-actions github-actions bot mentioned this pull request Feb 14, 2026
Merged
@pelikhan
Copy link
Contributor

pelikhan commented Feb 14, 2026

@copilot for each safe output type specify the required GitHub action permissions or GitHub app permissions . Handle the case where some permissions are tied to features like fallback-as-issue

@pelikhan
Rename specification file to safe-outputs-specification.md
0392d15 
Per feedback, rename from safe-outputs-mcp-gateway-specification.md to
safe-outputs-specification.md to position it next to mcp-gateway.md.

Also update internal URL reference to match new filename.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Feb 14, 2026

@copilot name file as safe-outputs-specification.md next to mcp-gateway specification

Done! Renamed to safe-outputs-specification.md and updated internal URL reference. (commit 0392d15)

Copilot AI changed the title Add Safe Outputs MCP Gateway formal specification Add Safe Outputs formal specification Feb 14, 2026
pelikhan
pelikhan approved these changes Feb 14, 2026
View reviewed changes
docs/src/content/docs/reference/safe-outputs-specification.md

# Safe Outputs MCP Gateway Specification

**Version**: 1.8.0
Copy link
Contributor

@pelikhan pelikhan Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot start at 1.0

@pelikhan
Add comprehensive GitHub permissions for all safe output types
347f6df 
Add "Required Permissions" sections for all 30+ safe output types with:
- Separate GitHub Actions Token and GitHub App permission requirements
- Detailed permission scopes (contents, issues, pull-requests, discussions,
  security-events, actions, organization-projects)
- Notes on conditional permissions (e.g., fallback-as-issue feature)
- Permission level explanations (read vs write)
- Cross-repository behavior notes
- Special cases like organization-projects only for GitHub Apps

Expanded section 7.3 with full definitions for all safe output types
including update_issue, close_issue, link_sub_issue, all discussion types,
PR management, labels, assignments, projects, security, and system types.

Each type now documents:
- Required permissions for both token types
- Permission scope descriptions
- Conditional permission requirements based on features
- Notes on permission-related limitations

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Feb 14, 2026

@copilot for each safe output type specify the required GitHub action permissions or GitHub app permissions . Handle the case where some permissions are tied to features like fallback-as-issue

Done! Added comprehensive "Required Permissions" sections for all 30+ safe output types with:

  • Separate GitHub Actions Token vs GitHub App permission requirements
  • Detailed permission scopes (contents, issues, pull-requests, discussions, security-events, actions, organization-projects)
  • Conditional permissions tied to features (e.g., fallback-as-issue for create_pull_request, create-issue for missing_tool/missing_data)
  • Special notes on GitHub App-only permissions (organization-projects) and cross-repository requirements

Each type now documents exactly which permissions are needed and explains conditional requirements. (commit 347f6df)

Copilot AI changed the title Add Safe Outputs formal specification Add Safe Outputs formal specification with comprehensive permission documentation Feb 14, 2026
Copilot AI requested a review from pelikhan February 14, 2026 16:32
@pelikhan pelikhan marked this pull request as ready for review February 14, 2026 16:34
Copilot AI review requested due to automatic review settings February 14, 2026 16:34
@pelikhan pelikhan merged commit a5b6606 into main Feb 14, 2026
1 check failed
@pelikhan pelikhan deleted the copilot/create-mcp-gateway-specification branch February 14, 2026 16:34
Copilot stopped work on behalf of pelikhan due to an error February 14, 2026 16:34
The session was cancelled by the user.
@github-actions github-actions bot mentioned this pull request Feb 14, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Copilot code review Copilot Awaiting requested review from Copilot

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan