attachRepoVisibilityIFCLabel attaches an IFC label derived from a single repository's visibility to a successful tool result when IFC labels are enabled. The concrete label is produced by labelFn, which receives whether the repository is private. The repository visibility is resolved via FetchRepoI
( ctx context.Context, deps ToolDependencies, client *github.Client, owner, repo string, r *mcp.CallToolResult, labelFn func(isPrivate bool) ifc.SecurityLabel, )
| 46 | // is omitted rather than risking a misclassification. Error results and the |
| 47 | // disabled-feature case are left untouched. |
| 48 | func attachRepoVisibilityIFCLabel( |
| 49 | ctx context.Context, |
| 50 | deps ToolDependencies, |
| 51 | client *github.Client, |
| 52 | owner, repo string, |
| 53 | r *mcp.CallToolResult, |
| 54 | labelFn func(isPrivate bool) ifc.SecurityLabel, |
| 55 | ) *mcp.CallToolResult { |
| 56 | if !shouldAttachIFCLabel(ctx, deps, r) { |
| 57 | return r |
| 58 | } |
| 59 | isPrivate, err := FetchRepoIsPrivate(ctx, client, owner, repo) |
| 60 | if err != nil { |
| 61 | return r |
| 62 | } |
| 63 | setIFCLabel(r, labelFn(isPrivate)) |
| 64 | return r |
| 65 | } |
| 66 | |
| 67 | // ifcSearchPostProcessOption returns a searchOption that attaches IFC labels to |
| 68 | // a multi-repository search result. The feature-flag check is centralized here |
no test coverage detected