feat(pr-review-toolkit): add read-only gopls tools to allowed-tools#69
Conversation
Add all 7 read-only gopls MCP tools to the review-pr skill's allowed-tools frontmatter so they are auto-approved when analysis agents call them during Go PR reviews. Assisted-by: Claude:claude-opus-4-6
📝 WalkthroughWalkthroughThis PR bumps the pr-review-toolkit plugin version from 1.8.0 to 1.8.1 and extends the review-pr skill's allowed-tools list with additional Go-related gopls MCP tools including diagnostics, file context, package API, search, symbol references, vulnerability checking, and workspace tools. ChangesPlugin Update
Estimated code review effort: 1 (Trivial) | ~3 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR adds the seven read-only gopls MCP tools to the review-pr skill's allowed-tools frontmatter so that gopls calls made by analysis agents during Go PR reviews are auto-approved instead of triggering per-call permission prompts. The write-capable go_rename_symbol tool is intentionally omitted.
Changes:
- Added 7 read-only gopls MCP tools (
go_diagnostics,go_file_context,go_package_api,go_search,go_symbol_references,go_vulncheck,go_workspace) toallowed-tools. - Bumped the
pr-review-toolkitplugin version from1.8.0to1.8.1.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| pr-review-toolkit/skills/review-pr/SKILL.md | Adds the 7 read-only gopls MCP tools to the skill's allowed-tools, following the existing mcp__plugin_<plugin>_<server>__<tool> naming used for github tools. |
| pr-review-toolkit/.claude-plugin/plugin.json | Bumps the plugin version to 1.8.1 to reflect the added tools. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pr-review-toolkit/.claude-plugin/plugin.json`:
- Line 3: The plugin manifest version in plugin.json is set to a patch release,
but this change should be treated as a backward-compatible minor release. Update
the version field to the next minor version instead of 1.8.1, keeping the change
in the plugin manifest aligned with the release semantics used elsewhere.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 982a6ad3-d78b-4771-aa3d-eac83adfa081
📒 Files selected for processing (2)
pr-review-toolkit/.claude-plugin/plugin.jsonpr-review-toolkit/skills/review-pr/SKILL.md
| { | ||
| "name": "pr-review-toolkit", | ||
| "version": "1.8.0", | ||
| "version": "1.8.1", |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Bump this as a minor release, not a patch.
This adds backward-compatible behavior, so 1.8.1 understates the change. Please move the manifest to the next minor version instead.
As per coding guidelines, backward-compatible changes should use a minor version bump.
Suggested edit
- "version": "1.8.1",
+ "version": "1.9.0",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "version": "1.8.1", | |
| "version": "1.9.0", |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pr-review-toolkit/.claude-plugin/plugin.json` at line 3, The plugin manifest
version in plugin.json is set to a patch release, but this change should be
treated as a backward-compatible minor release. Update the version field to the
next minor version instead of 1.8.1, keeping the change in the plugin manifest
aligned with the release semantics used elsewhere.
Source: Coding guidelines
Summary
review-prskill'sallowed-toolsfrontmatterThe skill's
allowed-toolscontrols auto-approval for the entire skill execution tree. Analysis agents were already able to call gopls tools (not blocked by agent frontmatter deny list), but each call triggered a permission prompt because the tools weren't inallowed-tools. This adds them so gopls calls are auto-approved during Go PR reviews.The only gopls tool excluded is
go_rename_symbol(write operation).Test plan
claude plugin validate ./pr-review-toolkit/pr-review-toolkit:review-pron a Go PR and confirm gopls tool calls no longer prompt for permissionSummary by CodeRabbit