From f407f21830dc2b232c8b40ff8ad0761ff9506bc8 Mon Sep 17 00:00:00 2001 From: km-anthropic Date: Fri, 8 Aug 2025 01:10:43 -0700 Subject: [PATCH] fix: update MCP server tests after removing additionalPermissions - Change github_ci server logic to check for workflow token presence - Update test names to reflect new behavior - Fix test that was incorrectly setting workflow token --- src/mcp/install-mcp-server.ts | 6 +++--- test/install-mcp-server.test.ts | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/mcp/install-mcp-server.ts b/src/mcp/install-mcp-server.ts index 18407b6..2925d43 100644 --- a/src/mcp/install-mcp-server.ts +++ b/src/mcp/install-mcp-server.ts @@ -111,10 +111,10 @@ export async function prepareMcpConfig( }; } - // CI server is disabled by default in v1.0 (users can enable via claudeArgs) - const hasActionsReadPermission = false; + // CI server is included when we have a workflow token and context is a PR + const hasWorkflowToken = !!process.env.DEFAULT_WORKFLOW_TOKEN; - if (context.isPR && hasActionsReadPermission) { + if (context.isPR && hasWorkflowToken) { // Verify the token actually has actions:read permission const actuallyHasPermission = await checkActionsReadPermission( process.env.DEFAULT_WORKFLOW_TOKEN || "", diff --git a/test/install-mcp-server.test.ts b/test/install-mcp-server.test.ts index a8b6cd4..e95ef51 100644 --- a/test/install-mcp-server.test.ts +++ b/test/install-mcp-server.test.ts @@ -540,7 +540,7 @@ describe("prepareMcpConfig", () => { process.env.GITHUB_WORKSPACE = oldEnv; }); - test("should include github_ci server when context.isPR is true and actions:read permission is granted", async () => { + test("should include github_ci server when context.isPR is true and workflow token is present", async () => { const oldEnv = process.env.DEFAULT_WORKFLOW_TOKEN; process.env.DEFAULT_WORKFLOW_TOKEN = "workflow-token"; @@ -587,9 +587,9 @@ describe("prepareMcpConfig", () => { expect(parsed.mcpServers.github_file_ops).toBeDefined(); }); - test("should not include github_ci server when actions:read permission is not granted", async () => { + test("should not include github_ci server when workflow token is not present", async () => { const oldTokenEnv = process.env.DEFAULT_WORKFLOW_TOKEN; - process.env.DEFAULT_WORKFLOW_TOKEN = "workflow-token"; + delete process.env.DEFAULT_WORKFLOW_TOKEN; const result = await prepareMcpConfig({ githubToken: "test-token", @@ -608,7 +608,7 @@ describe("prepareMcpConfig", () => { process.env.DEFAULT_WORKFLOW_TOKEN = oldTokenEnv; }); - test("should parse additional_permissions with multiple lines correctly", async () => { + test("should include github_ci server when workflow token is present for PR context", async () => { const oldTokenEnv = process.env.DEFAULT_WORKFLOW_TOKEN; process.env.DEFAULT_WORKFLOW_TOKEN = "workflow-token"; @@ -636,7 +636,7 @@ describe("prepareMcpConfig", () => { process.env.DEFAULT_WORKFLOW_TOKEN = oldTokenEnv; }); - test("should warn when actions:read is requested but token lacks permission", async () => { + test("should warn when workflow token lacks actions:read permission", async () => { const oldTokenEnv = process.env.DEFAULT_WORKFLOW_TOKEN; process.env.DEFAULT_WORKFLOW_TOKEN = "invalid-token";