docs(mcp): add defense-in-depth paragraph and assertion test#150
Conversation
MCP tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint) are advisory metadata for well-behaved clients. They are NOT a security boundary. All write attempts, regardless of how a client sets its hints, pass through the AXIS safety blocker and execution layer, which are independent of MCP and authoritative. The new doc_test.go asserts the package doc contains the defense-in-depth contract, so the safety boundary cannot be silently reworded away. Refreshes docs/current-state.md (auto-regenerated by verify-repo-truth). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the current state documentation and adds a detailed 'Defense in depth' section to the axismcp package documentation, along with a test to ensure the documentation remains in sync. The review feedback suggests correcting a reference to internal/safety.Check in the documentation and removing a redundant dummy reference to NewServer in the test file.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Two review comments from gemini-code-assist on PR #150: 1. The package doc referenced 'internal/safety.Block', but the actual exported function is 'safety.Check' (internal/safety/blocker.go:20). Rename to 'safety.Check' to match the implementation. The test asserts the substring 'internal/safety' which still passes. 2. The test file referenced '_ = NewServer' as a defensive dummy to keep the test binary linked. In Go, 'go test' compiles all '_test.go' files in the package unconditionally; the dummy reference is redundant. Remove it. Both changes are non-functional doc/test cleanup. Quality gates pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
toasterbook88
left a comment
toasterbook88
left a comment
There was a problem hiding this comment.
Pushed fixes in 2be0138:
- Renamed
safety.Block→safety.Checkindoc.go. The exported function ininternal/safety/blocker.go:20isCheck, notBlock. The test assertionstrings.Contains(doc, "internal/safety")still passes. - Removed the redundant
_ = NewServerdummy reference indoc_test.go.go testcompiles all*_test.gofiles in the package unconditionally; the dummy was not needed.
Quality gates: make test ✓, make lint ✓. Ready for re-review.
1 participant
Adds a 'Defense in depth' section to the MCP package doc that makes the safety boundary explicit: client-supplied tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint) are advisory metadata and cannot weaken the safety blocker or execution layer. Adds a test that reads
doc.goand asserts the required phrases are present so the contract cannot be silently reworded away.Why now: The MCP-2025-06-18 spec defines
ToolAnnotationhints. AXIS MCP tools are already read-only by design and 10 of them are registered withWithReadOnlyHintAnnotation(true)(internal/mcp/server.go). The remaining gap was that nothing in the public docs stated the safety boundary in writing.Files:
internal/mcp/doc.go— adds the 'Defense in depth' paragraphinternal/mcp/doc_test.go— new test, readsdoc.goand asserts the contractdocs/current-state.md— auto-regenerated by./hack/refresh-current-state.sh(release-truth block now shows v0.10.9 published)Quality gates:
make build✓make test✓ (full suite passes, new test in mcp package)make lint✓./hack/verify-repo-truth.sh✓Public-repo discipline: No real hostnames, IPs, usernames, or per-host diagnostic output. Commit author reset to a public-safe identity.