Add open world hints for tools. #1700
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tools that return user generated content should have open world hints, to allow clients to inform users that the content may be untrusted and prompt them to approve the request before executing it.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds openWorldHint annotations to read-only tools that return user-generated content, allowing MCP clients to inform users that the content may be untrusted and prompt them for approval before executing the tool.
Key Changes
- Added
OpenWorldHint: jsonschema.Ptr(true)to tool annotations for approximately 60+ read-only tools across the codebase - Updated tool snapshots to reflect the new annotation in the JSON schema
- Reformatted annotations for consistent alignment (Title, ReadOnlyHint, OpenWorldHint fields)
Reviewed changes
Copilot reviewed 112 out of 112 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/github/actions.go | Added openWorldHint to workflow, run, job, and artifact listing/retrieval tools (11 tools) |
| pkg/github/code_scanning.go | Added openWorldHint to code scanning alert retrieval tools (2 tools) |
| pkg/github/context_tools.go | Added openWorldHint to user profile and team retrieval tools (3 tools) |
| pkg/github/dependabot.go | Added openWorldHint to dependabot alert retrieval tools (2 tools) |
| pkg/github/discussions.go | Added openWorldHint to discussion and comment retrieval tools (4 tools) |
| pkg/github/gists.go | Added openWorldHint to gist listing and retrieval tools (2 tools) |
| pkg/github/git.go | Added openWorldHint to repository tree retrieval tool (1 tool) |
| pkg/github/issues.go | Added openWorldHint to issue retrieval and listing tools (4 tools) |
| pkg/github/labels.go | Added openWorldHint to label retrieval tools (2 tools) |
| pkg/github/notifications.go | Added openWorldHint to notification listing and retrieval tools (2 tools) |
| pkg/github/projects.go | Added openWorldHint to project, field, and item retrieval tools (6 tools) |
| pkg/github/pullrequests.go | Added openWorldHint to pull request retrieval and search tools (3 tools) |
| pkg/github/repositories.go | Added openWorldHint to commit, branch, tag, release, and file retrieval tools (10 tools) |
| pkg/github/search.go | Added openWorldHint to repository, code, user, and organization search tools (4 tools) |
| pkg/github/secret_scanning.go | Added openWorldHint to secret scanning alert retrieval tools (2 tools) |
| pkg/github/security_advisories.go | Added openWorldHint to security advisory listing and retrieval tools (4 tools) |
| pkg/github/toolsnaps/*.snap | Updated 80+ snapshot files to reflect the new openWorldHint annotation in JSON schemas and reordered required fields for consistency |
IrynaKulakova
approved these changes
Dec 30, 2025
SamMorrowDrums
approved these changes
Dec 30, 2025
Collaborator
SamMorrowDrums
left a comment
SamMorrowDrums
left a comment
There was a problem hiding this comment.
Awesome, shame about the churn. I think maybe that's from json schema lib update possibly.
Had a couple of questions but I think good to merge and follow up after if needed. Pretty important to get this out, so don't want to delay it.
| ReadOnlyHint: true, | ||
| Title: t("TOOL_LIST_PROJECTS_USER_TITLE", "List projects"), | ||
| ReadOnlyHint: true, | ||
| OpenWorldHint: jsonschema.Ptr(true), |
Collaborator
There was a problem hiding this comment.
Can projects be open world? I think they might only be available inside paying orgs or enterprises although I could be wrong there.
| ReadOnlyHint: true, | ||
| Title: t("TOOL_GET_PROJECT_USER_TITLE", "Get project"), | ||
| ReadOnlyHint: true, | ||
| OpenWorldHint: jsonschema.Ptr(true), |
Collaborator
There was a problem hiding this comment.
Same question as list projects
| Annotations: &mcp.ToolAnnotations{ | ||
| Title: t("TOOL_LIST_PROJECT_FIELDS_USER_TITLE", "List project fields"), | ||
| ReadOnlyHint: true, | ||
| Title: t("TOOL_LIST_PROJECT_FIELDS_USER_TITLE", "List project fields"), |
Collaborator
There was a problem hiding this comment.
Similar question I think fields also only created by project admins and not sure public projects exist
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Tools that return user generated content should have open world hints, to allow clients to inform users that the content may be untrusted and prompt them to approve the request before executing it.
Why
Addresses https://github.com/github/copilot-agent-services/issues/1103
What changed
openWorldHintannotations for tools with user generated content in the response.MCP impact
Adds annotations to pretty much all Read Only tools, since in some form they will have user generated content in the API result.
Security / limits
Tool renaming
deprecated_tool_aliases.goNote: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.
Lint & tests
./script/lint./script/testDocs