Support wildcard ["*"] in allowed-tools filtering#3445
Merged
Conversation
5 tasks
Add wildcard detection in buildAllowedToolSets() so that if the Tools list contains "*", the server is treated as having no restriction (same as when Tools is empty/nil). This fixes the issue where the compiler passes tools: ["*"] and the gateway filters out all tools. - Add hasWildcard() helper to detect "*" anywhere in the tools list - Log when wildcard is detected for a server - Add unit tests for wildcard in buildAllowedToolSets, isToolAllowed - Add integration test for registerToolsFromBackend with wildcard Agent-Logs-Url: https://github.com/github/gh-aw-mcpg/sessions/3811320c-55c9-44e8-bdf0-2af76abb5fc2 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix wildcard '*' handling in allowed-tools filtering
Support wildcard Apr 9, 2026
["*"] in allowed-tools filtering
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support for wildcard "*" in per-server allowed-tools filtering so configs emitted as tools: ["*"] correctly allow all tools instead of filtering everything out.
Changes:
- Update
buildAllowedToolSets()to detect"*"(anywhere in the list) and treat it as “allow all” by skipping filter-set creation (with an info log). - Add unit/integration test coverage for wildcard-only and mixed wildcard configurations.
Show a summary per file
| File | Description |
|---|---|
| internal/server/unified.go | Implements wildcard detection for allowed-tools set building and logs when wildcard enables allow-all. |
| internal/server/call_backend_tool_test.go | Extends TestIsToolAllowed table with wildcard cases. |
| internal/server/allowed_tools_integration_test.go | Adds targeted tests ensuring wildcard configs allow all tools and don’t filter tool registration. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 3/3 changed files
- Comments generated: 1
Comment on lines
379
to
+392
| // buildAllowedToolSets converts the per-server Tools lists from the config into pre-computed | ||
| // map[string]bool sets for O(1) lookup. Servers with no Tools list are not added to the map, | ||
| // which signals that all tools are permitted. | ||
| // which signals that all tools are permitted. A wildcard entry ["*"] is treated the same as | ||
| // an empty list (all tools allowed). | ||
| func buildAllowedToolSets(cfg *config.Config) map[string]map[string]bool { | ||
| sets := make(map[string]map[string]bool) | ||
| if cfg == nil { | ||
| return sets | ||
| } | ||
| for serverID, serverCfg := range cfg.Servers { | ||
| if len(serverCfg.Tools) > 0 { | ||
| // Treat ["*"] as "allow all" — skip adding to the filter map | ||
| if hasWildcard(serverCfg.Tools) { | ||
| logger.LogInfo("backend", "[allowed-tools] Wildcard \"*\" configured for %s: allowing all tools", serverID) |
There was a problem hiding this comment.
The doc/comment text says only a wildcard entry ["*"] is treated as allow-all, but the implementation treats "*" anywhere in the Tools list as allow-all (see hasWildcard(serverCfg.Tools) and the mixed-list tests). Please update the docstring and inline comment to reflect the actual semantics (e.g., "if the Tools list contains '*' anywhere").
Update docstring and inline comment to reflect that "*" anywhere in the Tools list (not just as the sole entry) triggers allow-all behavior. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
buildAllowedToolSets()treats every entry in theToolslist as a literal tool name. When the gh-aw compiler emitstools: ["*"], no tool matches the literal string"*", so all tools get filtered out.Changes
internal/server/unified.go:buildAllowedToolSetsnow detects"*"anywhere in the tools list via ahasWildcard()helper. Wildcard servers are skipped (not added to the filter map), same as servers with noToolsconfig. Logs[allowed-tools] Wildcard "*" configured for <serverID>: allowing all toolswhen triggered.Tests: Wildcard cases added to
TestIsToolAllowedtable, plus newTestBuildAllowedToolSets_WildcardStar,TestBuildAllowedToolSets_WildcardMixed,TestIsToolAllowed_Wildcard, andTestRegisterToolsFromBackend_WildcardAllowsAll.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
example.com/tmp/go-build1981761529/b514/launcher.test /tmp/go-build1981761529/b514/launcher.test -test.testlogfile=/tmp/go-build1981761529/b514/testlog.txt -test.paniconexit0 -test.timeout=10m0s 9420�� 9420830/b336/_pkg_.a pkg/mod/github.com/tetratelabs/wazero@v1.11.0/in-ifaceassert x_amd64/vet --gdwarf-5 .io/otel/sdk/res-V=full -o x_amd64/vet(dns block)invalid-host-that-does-not-exist-12345.com/tmp/go-build1981761529/b496/config.test /tmp/go-build1981761529/b496/config.test -test.testlogfile=/tmp/go-build1981761529/b496/testlog.txt -test.paniconexit0 -test.timeout=10m0s -w PXs3z5Xin .cfg 64/pkg/tool/linux_amd64/vet -c .io/otel/attribu/tmp/go-build2334098856/b305/vet.cfg /tmp/go-build3709420830/b148/ 64/pkg/tool/linux_amd64/vet ache�� olang.org/grpc@v1.80.0/channelz/channelz.go .cfg 64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o 64/pkg/tool/linux_amd64/vet(dns block)nonexistent.local/tmp/go-build1981761529/b514/launcher.test /tmp/go-build1981761529/b514/launcher.test -test.testlogfile=/tmp/go-build1981761529/b514/testlog.txt -test.paniconexit0 -test.timeout=10m0s 9420�� 9420830/b336/_pkg_.a pkg/mod/github.com/tetratelabs/wazero@v1.11.0/in-ifaceassert x_amd64/vet --gdwarf-5 .io/otel/sdk/res-V=full -o x_amd64/vet(dns block)slow.example.com/tmp/go-build1981761529/b514/launcher.test /tmp/go-build1981761529/b514/launcher.test -test.testlogfile=/tmp/go-build1981761529/b514/testlog.txt -test.paniconexit0 -test.timeout=10m0s 9420�� 9420830/b336/_pkg_.a pkg/mod/github.com/tetratelabs/wazero@v1.11.0/in-ifaceassert x_amd64/vet --gdwarf-5 .io/otel/sdk/res-V=full -o x_amd64/vet(dns block)this-host-does-not-exist-12345.com/tmp/go-build1981761529/b523/mcp.test /tmp/go-build1981761529/b523/mcp.test -test.testlogfile=/tmp/go-build1981761529/b523/testlog.txt -test.paniconexit0 -test.timeout=10m0s(dns block)If you need me to access, download, or install something from one of these locations, you can either: