* Optional allowlist of exposed tools, parsed from the CODEGRAPH_MCP_TOOLS * env var (comma-separated short names, e.g. "trace,search,node,context"). * Unset/empty → every tool is exposed. Lets an operator (or an A/B harness) * trim the tool surface without rebuilding the client config; the
()
| 898 | * Matching is on the short form, so "node" and "codegraph_node" both work. |
| 899 | */ |
| 900 | private toolAllowlist(): Set<string> | null { |
| 901 | const raw = process.env.CODEGRAPH_MCP_TOOLS; |
| 902 | if (!raw || !raw.trim()) return null; |
| 903 | const short = (s: string) => s.trim().replace(/^codegraph_/, ''); |
| 904 | const set = new Set(raw.split(',').map(short).filter(Boolean)); |
| 905 | return set.size ? set : null; |
| 906 | } |
| 907 | |
| 908 | /** Whether a tool name passes the CODEGRAPH_MCP_TOOLS allowlist (if any). */ |
| 909 | private isToolAllowed(name: string): boolean { |
no outgoing calls
no test coverage detected