Skip to content

MCP server filtering improvements #5654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
padenot wants to merge 19 commits into
base: master
Choose a base branch
from
Open

MCP server filtering improvements #5654

padenot wants to merge 19 commits into from
+1,406 −562

Conversation

@padenot
Copy link
Contributor

@padenot padenot commented Feb 6, 2026

This implements the policy as discussed on the 2026-02-05.

suhaibmujahid and others added 9 commits February 6, 2026 17:32
@suhaibmujahid @padenot
Refactor PhabricatorPatch to use async HTTP requests
2d8bd79 
Converted file retrieval methods in PhabricatorPatch and related interfaces to async, replacing synchronous HTTP calls with httpx.AsyncClient.
@padenot
Extend Bugzilla trusted user policy
76b4fec 
Trusted users are now:
- Mozilla Corporation employees, OR
- Users with editbugs privilege who have been active within last year

This prevents dormant accounts with editbugs from being considered trusted.
@padenot
Redact untrusted Bugzilla metadata
1b1edbf 
Refactor metadata filtering into a SanitizedBug class that inherits from
Bug and overrides properties to return sanitized values when no trusted
user has commented.

When there's no trusted comment, the following are redacted:
- Bug title/summary
- Reporter name and email
- Assignee name and email

The trust check uses cached_property to avoid redundant API calls.
Bug.get() now returns SanitizedBug by default for security.
@padenot
Redact untrusted Phabricator metadata
99cb867 
Refactor metadata filtering into a SanitizedPhabricatorPatch class that
inherits from PhabricatorPatch and overrides properties to return
sanitized values when no trusted user has commented.

When there's no trusted comment, the following are redacted:
- Revision title
- Author name and email
- Summary and test plan
- Diff author (if different from revision author)
- Stack graph titles

The trust check uses cached_property to avoid redundant API calls.
PhabricatorReviewData.get_patch_by_id() now returns SanitizedPhabricatorPatch.
@padenot
Disregard comments containing more tags
5242dfc 
This is now the full list from BMO
@padenot
Trust all comments before 2022-01-01
bc0a107 
Automatically trust comments created before 2022 as prompt injection
was not a concern at that time. This applies to both comment content
validation and metadata redaction policies.
@padenot
Completely disregard collapsed comments in trust logic
e26df73 
Ensure collapsed/admin tagged comments are excluded from all trust
validation logic, not just the timeline output:
- Skip when finding last trusted comment
- Skip when building trusted user cache
- Skip when checking for any trusted comment
@padenot
Add tests for new security policies
43d79d5 
Add comprehensive test coverage for:
- Admin-tagged comments being completely disregarded
- Pre-2022 comments being automatically trusted
- All collapsed tags (spam, abuse, nsfw, etc.) filtering

These tests validate the security policy changes implemented in
previous commits.
@padenot
Use BUGBUG_PHABRICATOR_TOKEN in tests to match master
41b641a
suhaibmujahid
suhaibmujahid requested changes Feb 6, 2026
View reviewed changes
Copy link
Member

@suhaibmujahid suhaibmujahid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! It looks good to me, with a few comments.

padenot added 10 commits February 9, 2026 18:39
@padenot
Remove activity data check from trusted user logic
2eb8217 
We agreed not to use the last_seen_date activity data since it's not
useful for determining trust.
@padenot
Simplify trust check to only use editbugs group
5317ea7 
All Mozilla Corporation members are inherently in the editbugs group,
so checking both is redundant.
@padenot
Use classmethod for Bug.get and SanitizedBug in MCP server
59766c6 
Changed Bug.get from @staticmethod to @classmethod to use cls instead
of hardcoding the return type. Modified MCP server to use SanitizedBug
directly so sanitization only happens at the API boundary.
@padenot
Remove duplicate user agent setup code
4e3484a
@padenot
Remove redundant title from Basic Information section
3ae5709 
The title is already displayed in the page header and is automatically
sanitized via the patch_title property.
@padenot
Extract stack_graph to local variable to minimize diff
b8e1d54
@padenot
Use SanitizedPhabricatorPatch in MCP server
aaf953e 
Modified MCP server to use SanitizedPhabricatorPatch instead of
PhabricatorPatch so sanitization only happens at the API boundary.
@padenot
Revert get_patch_by_id to use PhabricatorPatch
797a7dd 
This method is not used by the MCP server, so sanitization should not
be applied here. Sanitization is handled at the MCP server boundary.
@padenot
Remove _display suffix from property names
e554d7b 
The _display suffix is a new pattern not in master. Removing it to keep
the changes minimal and avoid introducing new naming conventions.
@padenot
Update tests to match simplified trust logic
6e3fc17 
- Remove mozilla-corporation group check (only editbugs matters)
- Remove activity date checks (not useful for trust determination)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@suhaibmujahid suhaibmujahid suhaibmujahid requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@padenot @suhaibmujahid