add header support in http entry point

tommaso-moro · tommaso-moro · commit cf8c56c6df6f · 2026-02-18T15:09:03.000Z
diff --git a/pkg/context/request.go b/pkg/context/request.go
@@ -82,6 +82,22 @@ func IsInsidersMode(ctx context.Context) bool {
 	return false
 }
 
+// disallowedToolsCtxKey is a context key for disallowed tools
+type disallowedToolsCtxKey struct{}
+
+// WithDisallowedTools adds the disallowed tools to the context
+func WithDisallowedTools(ctx context.Context, tools []string) context.Context {
+	return context.WithValue(ctx, disallowedToolsCtxKey{}, tools)
+}
+
+// GetDisallowedTools retrieves the disallowed tools from the context
+func GetDisallowedTools(ctx context.Context) []string {
+	if tools, ok := ctx.Value(disallowedToolsCtxKey{}).([]string); ok {
+		return tools
+	}
+	return nil
+}
+
 // headerFeaturesCtxKey is a context key for raw header feature flags
 type headerFeaturesCtxKey struct{}
 
diff --git a/pkg/http/handler.go b/pkg/http/handler.go
@@ -272,6 +272,10 @@ func InventoryFiltersForRequest(r *http.Request, builder *inventory.Builder) *in
 		builder = builder.WithTools(github.CleanTools(tools))
 	}
 
+	if disallowed := ghcontext.GetDisallowedTools(ctx); len(disallowed) > 0 {
+		builder = builder.WithDisallowedTools(disallowed)
+	}
+
 	return builder
 }
 
diff --git a/pkg/http/handler_test.go b/pkg/http/handler_test.go
@@ -104,6 +104,31 @@ func TestInventoryFiltersForRequest(t *testing.T) {
 			},
 			expectedTools: []string{"get_file_contents", "create_repository", "list_issues"},
 		},
+		{
+			name: "disallowed tools removes specific tools",
+			contextSetup: func(ctx context.Context) context.Context {
+				return ghcontext.WithDisallowedTools(ctx, []string{"create_repository", "issue_write"})
+			},
+			expectedTools: []string{"get_file_contents", "list_issues"},
+		},
+		{
+			name: "disallowed tools overrides explicit tools",
+			contextSetup: func(ctx context.Context) context.Context {
+				ctx = ghcontext.WithTools(ctx, []string{"list_issues", "create_repository"})
+				ctx = ghcontext.WithDisallowedTools(ctx, []string{"create_repository"})
+				return ctx
+			},
+			expectedTools: []string{"list_issues"},
+		},
+		{
+			name: "disallowed tools combines with readonly",
+			contextSetup: func(ctx context.Context) context.Context {
+				ctx = ghcontext.WithReadonly(ctx, true)
+				ctx = ghcontext.WithDisallowedTools(ctx, []string{"list_issues"})
+				return ctx
+			},
+			expectedTools: []string{"get_file_contents"},
+		},
 	}
 
 	for _, tt := range tests {
@@ -267,6 +292,40 @@ func TestHTTPHandlerRoutes(t *testing.T) {
 			},
 			expectedTools: []string{"get_file_contents", "create_repository", "list_issues", "create_issue", "list_pull_requests", "create_pull_request", "hidden_by_holdback"},
 		},
+		{
+			name: "X-MCP-Disallowed-Tools header removes specific tools",
+			path: "/",
+			headers: map[string]string{
+				headers.MCPDisallowedToolsHeader: "create_issue,create_pull_request",
+			},
+			expectedTools: []string{"get_file_contents", "create_repository", "list_issues", "list_pull_requests", "hidden_by_holdback"},
+		},
+		{
+			name: "X-MCP-Disallowed-Tools with toolset header",
+			path: "/",
+			headers: map[string]string{
+				headers.MCPToolsetsHeader:        "issues",
+				headers.MCPDisallowedToolsHeader: "create_issue",
+			},
+			expectedTools: []string{"list_issues"},
+		},
+		{
+			name: "X-MCP-Disallowed-Tools overrides X-MCP-Tools",
+			path: "/",
+			headers: map[string]string{
+				headers.MCPToolsHeader:           "list_issues,create_issue",
+				headers.MCPDisallowedToolsHeader: "create_issue",
+			},
+			expectedTools: []string{"list_issues"},
+		},
+		{
+			name: "X-MCP-Disallowed-Tools with readonly path",
+			path: "/readonly",
+			headers: map[string]string{
+				headers.MCPDisallowedToolsHeader: "list_issues",
+			},
+			expectedTools: []string{"get_file_contents", "list_pull_requests", "hidden_by_holdback"},
+		},
 	}
 
 	for _, tt := range tests {
diff --git a/pkg/http/headers/headers.go b/pkg/http/headers/headers.go
@@ -41,6 +41,9 @@ const (
 	MCPLockdownHeader = "X-MCP-Lockdown"
 	// MCPInsidersHeader indicates whether insiders mode is enabled for early access features.
 	MCPInsidersHeader = "X-MCP-Insiders"
+	// MCPDisallowedToolsHeader is a comma-separated list of MCP tools that should be
+	// disabled regardless of other settings or header values.
+	MCPDisallowedToolsHeader = "X-MCP-Disallowed-Tools"
 	// MCPFeaturesHeader is a comma-separated list of feature flags to enable.
 	MCPFeaturesHeader = "X-MCP-Features"
 
diff --git a/pkg/http/middleware/request_config.go b/pkg/http/middleware/request_config.go
@@ -35,6 +35,11 @@ func WithRequestConfig(next http.Handler) http.Handler {
 			ctx = ghcontext.WithLockdownMode(ctx, true)
 		}
 
+		// Disallowed tools
+		if disallowedTools := headers.ParseCommaSeparated(r.Header.Get(headers.MCPDisallowedToolsHeader)); len(disallowedTools) > 0 {
+			ctx = ghcontext.WithDisallowedTools(ctx, disallowedTools)
+		}
+
 		// Insiders mode
 		if relaxedParseBool(r.Header.Get(headers.MCPInsidersHeader)) {
 			ctx = ghcontext.WithInsidersMode(ctx, true)

Original file line number	Diff line number	Diff line change
`@@ -272,6 +272,10 @@ func InventoryFiltersForRequest(r http.Request, builder inventory.Builder) *in`
`272`	`272`	`builder = builder.WithTools(github.CleanTools(tools))`
`273`	`273`	`}`
`274`	`274`
	`275`	`+ if disallowed := ghcontext.GetDisallowedTools(ctx); len(disallowed) > 0 {`
	`276`	`+ builder = builder.WithDisallowedTools(disallowed)`
	`277`	`+ }`
	`278`	`+`
`275`	`279`	`return builder`
`276`	`280`	`}`
`277`	`281`