Skip to content

feat(pr-review-toolkit): add read-only gopls tools to allowed-tools#69

Merged
cblecker merged 1 commit into
mainfrom
feat/pr-review-gopls-permissions
Jul 3, 2026
Merged

feat(pr-review-toolkit): add read-only gopls tools to allowed-tools#69
cblecker merged 1 commit into
mainfrom
feat/pr-review-gopls-permissions

Conversation

@cblecker

@cblecker cblecker commented Jul 3, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add all 7 read-only gopls MCP tools to the review-pr skill's allowed-tools frontmatter
  • Bump pr-review-toolkit version to 1.8.1

The skill's allowed-tools controls auto-approval for the entire skill execution tree. Analysis agents were already able to call gopls tools (not blocked by agent frontmatter deny list), but each call triggered a permission prompt because the tools weren't in allowed-tools. This adds them so gopls calls are auto-approved during Go PR reviews.

The only gopls tool excluded is go_rename_symbol (write operation).

Test plan

  • Run claude plugin validate ./pr-review-toolkit
  • Run /pr-review-toolkit:review-pr on a Go PR and confirm gopls tool calls no longer prompt for permission

Summary by CodeRabbit

  • Chores
    • Updated the plugin to version 1.8.1.
    • Expanded supported review tooling, improving compatibility and availability of additional analysis features.

Add all 7 read-only gopls MCP tools to the review-pr skill's
allowed-tools frontmatter so they are auto-approved when analysis
agents call them during Go PR reviews.

Assisted-by: Claude:claude-opus-4-6
Copilot AI review requested due to automatic review settings July 3, 2026 22:08
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR bumps the pr-review-toolkit plugin version from 1.8.0 to 1.8.1 and extends the review-pr skill's allowed-tools list with additional Go-related gopls MCP tools including diagnostics, file context, package API, search, symbol references, vulnerability checking, and workspace tools.

Changes

Plugin Update

Layer / File(s) Summary
Version bump and tool allowlist expansion
pr-review-toolkit/.claude-plugin/plugin.json, pr-review-toolkit/skills/review-pr/SKILL.md
Plugin version incremented to 1.8.1 and SKILL.md's allowed-tools list extended with seven new mcp__plugin_golang_gopls__* entries.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding read-only gopls tools to the review-pr allowed-tools list.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/pr-review-gopls-permissions

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds the seven read-only gopls MCP tools to the review-pr skill's allowed-tools frontmatter so that gopls calls made by analysis agents during Go PR reviews are auto-approved instead of triggering per-call permission prompts. The write-capable go_rename_symbol tool is intentionally omitted.

Changes:

  • Added 7 read-only gopls MCP tools (go_diagnostics, go_file_context, go_package_api, go_search, go_symbol_references, go_vulncheck, go_workspace) to allowed-tools.
  • Bumped the pr-review-toolkit plugin version from 1.8.0 to 1.8.1.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
pr-review-toolkit/skills/review-pr/SKILL.md Adds the 7 read-only gopls MCP tools to the skill's allowed-tools, following the existing mcp__plugin_<plugin>_<server>__<tool> naming used for github tools.
pr-review-toolkit/.claude-plugin/plugin.json Bumps the plugin version to 1.8.1 to reflect the added tools.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pr-review-toolkit/.claude-plugin/plugin.json`:
- Line 3: The plugin manifest version in plugin.json is set to a patch release,
but this change should be treated as a backward-compatible minor release. Update
the version field to the next minor version instead of 1.8.1, keeping the change
in the plugin manifest aligned with the release semantics used elsewhere.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 982a6ad3-d78b-4771-aa3d-eac83adfa081

📥 Commits

Reviewing files that changed from the base of the PR and between 64d9a33 and 2824748.

📒 Files selected for processing (2)
  • pr-review-toolkit/.claude-plugin/plugin.json
  • pr-review-toolkit/skills/review-pr/SKILL.md

{
"name": "pr-review-toolkit",
"version": "1.8.0",
"version": "1.8.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Bump this as a minor release, not a patch.

This adds backward-compatible behavior, so 1.8.1 understates the change. Please move the manifest to the next minor version instead.

As per coding guidelines, backward-compatible changes should use a minor version bump.

Suggested edit
-  "version": "1.8.1",
+  "version": "1.9.0",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"version": "1.8.1",
"version": "1.9.0",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pr-review-toolkit/.claude-plugin/plugin.json` at line 3, The plugin manifest
version in plugin.json is set to a patch release, but this change should be
treated as a backward-compatible minor release. Update the version field to the
next minor version instead of 1.8.1, keeping the change in the plugin manifest
aligned with the release semantics used elsewhere.

Source: Coding guidelines

@cblecker cblecker merged commit ff1f0ee into main Jul 3, 2026
14 checks passed
@cblecker cblecker deleted the feat/pr-review-gopls-permissions branch July 3, 2026 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants