proxy

package

v0.1.20 Latest Latest Go to latest Published: Mar 20, 2026 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/github/gh-aw-mcpg

Links

Open Source Insights

Documentation ¶

Overview ¶

Package proxy implements a filtering HTTP proxy for the GitHub API. It intercepts gh CLI requests (via GH_HOST redirect) and applies the same DIFC enforcement pipeline as the MCP gateway, reusing the guard WASM module, evaluator, and agent registry.

Index ¶

Constants
func IsGraphQLPath(path string) bool
func StripGHHostPrefix(path string) string
type Config
type GraphQLRequest
type GraphQLRouteMatch
- func MatchGraphQL(body []byte) *GraphQLRouteMatch
type RouteMatch
- func MatchRoute(path string) *RouteMatch
type Server
- func New(ctx context.Context, cfg Config) (*Server, error)
- func (s *Server) Handler() http.Handler

Constants ¶

View Source

const (
	// DefaultGitHubAPIBase is the upstream GitHub API URL.
	DefaultGitHubAPIBase = "https://api.github.com"
)

Variables ¶

This section is empty.

Functions ¶

func IsGraphQLPath ¶

func IsGraphQLPath(path string) bool

IsGraphQLPath returns true if the request path is the GraphQL endpoint.

func StripGHHostPrefix ¶

func StripGHHostPrefix(path string) string

StripGHHostPrefix removes the /api/v3 prefix that gh adds when using GH_HOST.

Types ¶

type Config ¶

type Config struct {
	// WasmPath is the file path to the guard WASM module.
	WasmPath string

	// Policy is the guard policy JSON (e.g. {"allow-only":{...}}).
	Policy string

	// GitHubToken is the token forwarded to the upstream GitHub API.
	GitHubToken string

	// GitHubAPIURL overrides the upstream API base URL (default: https://api.github.com).
	GitHubAPIURL string

	// DIFCMode is the enforcement mode (strict, filter, propagate).
	DIFCMode string
}

Config holds the configuration for creating a proxy Server.

type GraphQLRequest ¶

type GraphQLRequest struct {
	Query     string                 `json:"query"`
	Variables map[string]interface{} `json:"variables,omitempty"`
}

GraphQLRequest represents a parsed GraphQL request body.

type GraphQLRouteMatch ¶

type GraphQLRouteMatch struct {
	ToolName string
	Owner    string
	Repo     string
	Args     map[string]interface{}
}

GraphQLRouteMatch contains the result of matching a GraphQL query to a guard tool name.

func MatchGraphQL ¶

func MatchGraphQL(body []byte) *GraphQLRouteMatch

MatchGraphQL matches a GraphQL request body to a guard tool name.

type RouteMatch ¶

type RouteMatch struct {
	ToolName string
	Owner    string
	Repo     string
	Args     map[string]interface{} // Arguments to pass to LabelResource
}

RouteMatch contains the result of matching a REST API path to a guard tool name.

func MatchRoute ¶

func MatchRoute(path string) *RouteMatch

MatchRoute matches a REST API path to a guard tool name. The path should NOT include the /api/v3 prefix.

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server is a filtering HTTP forward proxy for the GitHub REST/GraphQL API. It loads the same WASM guard used by the MCP gateway and runs the 6-phase DIFC pipeline on every proxied response.

func New ¶

func New(ctx context.Context, cfg Config) (*Server, error)

New creates a new proxy Server from the given Config.

func (*Server) Handler ¶

func (s *Server) Handler() http.Handler

Handler returns an http.Handler for the proxy server.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL