Create Generic get_viewer_permission Tool #7624

Author: tobiu

ai/mcp/server/github-workflow/openapi.yaml

@@ -27,6 +27,8 @@ tags:
     description: Operations related to repository labels
   - name: Issues
     description: Operations related to repository issues and pull requests
+  - name: Repository
+    description: Operations related to the repository itself
 
 paths:
   /docs:
@@ -533,6 +535,39 @@ paths:
               schema:
                 $ref: '#/components/schemas/ErrorResponse'
 
+  /repository/viewer-permission:
+    get:
+      summary: Get Viewer Permission
+      operationId: get_viewer_permission
+      x-annotations:
+        readOnlyHint: true
+      description: |
+        Retrieves the permission level of the currently authenticated user (viewer) for the repository.
+
+        **When to Use:**
+        Call this tool to determine your capabilities before attempting a restricted action (e.g., assigning an issue, merging a PR). The agent is responsible for interpreting the returned permission level.
+
+        **Permission Levels:**
+        - `ADMIN`: Can read, write, and manage the repository.
+        - `MAINTAIN`: Can read, write, and manage issues and pull requests.
+        - `WRITE`: Can read and write to the repository.
+        - `TRIAGE`: Can manage issues and pull requests.
+        - `READ`: Can read the repository.
+      tags: [Repository]
+      responses:
+        '200':
+          description: The viewer's permission level for the repository.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ViewerPermissionResponse'
+        '500':
+          description: Internal server error.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+
 components:
   schemas:
     HealthCheckResponse:
@@ -816,3 +851,12 @@ components:
         content:
           type: string
           description: The full markdown content of the issue file.
+
+    ViewerPermissionResponse:
+      type: object
+      properties:
+        permission:
+          type: string
+          description: The permission level of the viewer.
+          enum: [ADMIN, MAINTAIN, WRITE, TRIAGE, READ]
+          example: WRITE

ai/mcp/server/github-workflow/services/RepositoryService.mjs

@@ -0,0 +1,45 @@
+import Base from '../../../../../src/core/Base.mjs';
+import GraphqlService from './GraphqlService.mjs';
+import aiConfig from '../config.mjs';
+import logger from '../logger.mjs';
+import { GET_VIEWER_PERMISSION } from './queries/repositoryQueries.mjs';
+
+/**
+ * Service for interacting with the GitHub repository itself.
+ * @class Neo.ai.mcp.server.github-workflow.RepositoryService
+ * @extends Neo.core.Base
+ * @singleton
+ */
+class RepositoryService extends Base {
+    static config = {
+        className: 'Neo.ai.mcp.server.github-workflow.RepositoryService',
+        singleton: true
+    }
+
+    /**
+     * Fetches the current user's permission level for the repository.
+     * @returns {Promise<object>} A promise that resolves to an object containing the permission level or a structured error.
+     */
+    async getViewerPermission() {
+        const variables = {
+            owner: aiConfig.owner,
+            repo: aiConfig.repo
+        };
+
+        try {
+            const data = await GraphqlService.query(GET_VIEWER_PERMISSION, variables);
+            const permission = data.repository.viewerPermission;
+            logger.info(`Viewer permission for ${aiConfig.owner}/${aiConfig.repo}: ${permission}`);
+            return { permission };
+        } catch (error) {
+            logger.error('Error fetching viewer permission via GraphQL:', error);
+            return {
+                error: 'GraphQL API request failed',
+                message: error.message,
+                code: 'GRAPHQL_API_ERROR'
+            };
+        }
+    }
+}
+
+export default Neo.setupClass(RepositoryService);

ai/mcp/server/github-workflow/services/queries/repositoryQueries.mjs

@@ -0,0 +1,25 @@
+/**
+ * GraphQL query definitions for GitHub repository data.
+ *
+ * @module Neo.ai.mcp.server.github-workflow.queries.repositoryQueries
+ */
+
+/**
+ * Query to fetch the viewer's permission level for the repository.
+ *
+ * This is used to determine the capabilities of the currently authenticated user.
+ *
+ * Variables required:
+ * - $owner: String!
+ * - $repo: String!
+ */
+export const GET_VIEWER_PERMISSION = `
+  query GetViewerPermission(
+    $owner: String!
+    $repo: String!
+  ) {
+    repository(owner: $owner, name: $repo) {
+      viewerPermission
+    }
+  }
+`;

ai/mcp/server/github-workflow/services/toolService.mjs

@@ -3,8 +3,9 @@ import {fileURLToPath}                   from 'url';
 import HealthService                     from './HealthService.mjs';
 import IssueService                      from './IssueService.mjs';
 import LabelService                      from './LabelService.mjs';
-import LocalFileService                from './LocalFileService.mjs';
+import LocalFileService                  from './LocalFileService.mjs';
 import PullRequestService                from './PullRequestService.mjs';
+import RepositoryService                 from './RepositoryService.mjs';
 import SyncService                       from './SyncService.mjs';
 import {initialize, listTools, callTool} from '../../toolService.mjs';
 
@@ -20,6 +21,7 @@ const serviceMapping = {
     get_conversation     : PullRequestService.getConversation.bind(PullRequestService),
     get_local_issue_by_id: LocalFileService.getIssueById.bind(LocalFileService),
     get_pull_request_diff: PullRequestService.getPullRequestDiff.bind(PullRequestService),
+    get_viewer_permission: RepositoryService.getViewerPermission.bind(RepositoryService),
     healthcheck          : HealthService.healthcheck.bind(HealthService),
     list_labels          : LabelService.listLabels.bind(LabelService),
     list_pull_requests   : PullRequestService.listPullRequests.bind(PullRequestService),