Merge branch 'main' into shopify-setup-oxygen-workflow-sc4a

distressedmykah · web-flow · commit 3b052a81f4cb · 2025-10-31T23:18:12.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -17,4 +17,6 @@ bin/
 .DS_Store
 
 # binary
-github-mcp-server
+github-mcp-server
+
+.history
diff --git a/README.md b/README.md
@@ -611,6 +611,9 @@ The following sets of tools are available:
   - `filename`: Filename for simple single-file gist creation (string, required)
   - `public`: Whether the gist is public (boolean, optional)
 
+- **get_gist** - Get Gist Content
+  - `gist_id`: The ID of the gist (string, required)
+
 - **list_gists** - List Gists
   - `page`: Page number for pagination (min 1) (number, optional)
   - `perPage`: Results per page for pagination (min 1, max 100) (number, optional)
diff --git a/pkg/github/gists.go b/pkg/github/gists.go
@@ -89,6 +89,53 @@ func ListGists(getClient GetClientFn, t translations.TranslationHelperFunc) (too
 		}
 }
 
+// GetGist creates a tool to get the content of a gist
+func GetGist(getClient GetClientFn, t translations.TranslationHelperFunc) (tool mcp.Tool, handler server.ToolHandlerFunc) {
+	return mcp.NewTool("get_gist",
+			mcp.WithDescription(t("TOOL_GET_GIST_DESCRIPTION", "Get gist content of a particular gist, by gist ID")),
+			mcp.WithToolAnnotation(mcp.ToolAnnotation{
+				Title:        t("TOOL_GET_GIST", "Get Gist Content"),
+				ReadOnlyHint: ToBoolPtr(true),
+			}),
+			mcp.WithString("gist_id",
+				mcp.Required(),
+				mcp.Description("The ID of the gist"),
+			),
+		),
+		func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			gistID, err := RequiredParam[string](request, "gist_id")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
+			client, err := getClient(ctx)
+			if err != nil {
+				return nil, fmt.Errorf("failed to get GitHub client: %w", err)
+			}
+
+			gist, resp, err := client.Gists.Get(ctx, gistID)
+			if err != nil {
+				return nil, fmt.Errorf("failed to get gist: %w", err)
+			}
+			defer func() { _ = resp.Body.Close() }()
+
+			if resp.StatusCode != http.StatusOK {
+				body, err := io.ReadAll(resp.Body)
+				if err != nil {
+					return nil, fmt.Errorf("failed to read response body: %w", err)
+				}
+				return mcp.NewToolResultError(fmt.Sprintf("failed to get gist: %s", string(body))), nil
+			}
+
+			r, err := json.Marshal(gist)
+			if err != nil {
+				return nil, fmt.Errorf("failed to marshal response: %w", err)
+			}
+
+			return mcp.NewToolResultText(string(r)), nil
+		}
+}
+
 // CreateGist creates a tool to create a new gist
 func CreateGist(getClient GetClientFn, t translations.TranslationHelperFunc) (tool mcp.Tool, handler server.ToolHandlerFunc) {
 	return mcp.NewTool("create_gist",
diff --git a/pkg/github/gists_test.go b/pkg/github/gists_test.go
@@ -192,6 +192,115 @@ func Test_ListGists(t *testing.T) {
 	}
 }
 
+func Test_GetGist(t *testing.T) {
+	// Verify tool definition
+	mockClient := github.NewClient(nil)
+	tool, _ := GetGist(stubGetClientFn(mockClient), translations.NullTranslationHelper)
+
+	assert.Equal(t, "get_gist", tool.Name)
+	assert.NotEmpty(t, tool.Description)
+	assert.Contains(t, tool.InputSchema.Properties, "gist_id")
+
+	assert.Contains(t, tool.InputSchema.Required, "gist_id")
+
+	// Setup mock gist for success case
+	mockGist := github.Gist{
+		ID:          github.Ptr("gist1"),
+		Description: github.Ptr("First Gist"),
+		HTMLURL:     github.Ptr("https://gist.github.com/user/gist1"),
+		Public:      github.Ptr(true),
+		CreatedAt:   &github.Timestamp{Time: time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC)},
+		Owner:       &github.User{Login: github.Ptr("user")},
+		Files: map[github.GistFilename]github.GistFile{
+			github.GistFilename("file1.txt"): {
+				Filename: github.Ptr("file1.txt"),
+				Content:  github.Ptr("content of file 1"),
+			},
+		},
+	}
+
+	tests := []struct {
+		name           string
+		mockedClient   *http.Client
+		requestArgs    map[string]interface{}
+		expectError    bool
+		expectedGists  github.Gist
+		expectedErrMsg string
+	}{
+		{
+			name: "Successful fetching different gist",
+			mockedClient: mock.NewMockedHTTPClient(
+				mock.WithRequestMatchHandler(
+					mock.GetGistsByGistId,
+					mockResponse(t, http.StatusOK, mockGist),
+				),
+			),
+			requestArgs: map[string]interface{}{
+				"gist_id": "gist1",
+			},
+			expectError:   false,
+			expectedGists: mockGist,
+		},
+		{
+			name: "gist_id parameter missing",
+			mockedClient: mock.NewMockedHTTPClient(
+				mock.WithRequestMatchHandler(
+					mock.GetGistsByGistId,
+					http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+						w.WriteHeader(http.StatusUnprocessableEntity)
+						_, _ = w.Write([]byte(`{"message": "Invalid Request"}`))
+					}),
+				),
+			),
+			requestArgs:    map[string]interface{}{},
+			expectError:    true,
+			expectedErrMsg: "missing required parameter: gist_id",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			// Setup client with mock
+			client := github.NewClient(tc.mockedClient)
+			_, handler := GetGist(stubGetClientFn(client), translations.NullTranslationHelper)
+
+			// Create call request
+			request := createMCPRequest(tc.requestArgs)
+
+			// Call handler
+			result, err := handler(context.Background(), request)
+
+			// Verify results
+			if tc.expectError {
+				if err != nil {
+					assert.Contains(t, err.Error(), tc.expectedErrMsg)
+				} else {
+					// For errors returned as part of the result, not as an error
+					assert.NotNil(t, result)
+					textContent := getTextResult(t, result)
+					assert.Contains(t, textContent.Text, tc.expectedErrMsg)
+				}
+				return
+			}
+
+			require.NoError(t, err)
+
+			// Parse the result and get the text content if no error
+			textContent := getTextResult(t, result)
+
+			// Unmarshal and verify the result
+			var returnedGists github.Gist
+			err = json.Unmarshal([]byte(textContent.Text), &returnedGists)
+			require.NoError(t, err)
+
+			assert.Equal(t, *tc.expectedGists.ID, *returnedGists.ID)
+			assert.Equal(t, *tc.expectedGists.Description, *returnedGists.Description)
+			assert.Equal(t, *tc.expectedGists.HTMLURL, *returnedGists.HTMLURL)
+			assert.Equal(t, *tc.expectedGists.Public, *returnedGists.Public)
+		})
+	}
+}
+
 func Test_CreateGist(t *testing.T) {
 	// Verify tool definition
 	mockClient := github.NewClient(nil)
diff --git a/pkg/github/issues.go b/pkg/github/issues.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	ghErrors "github.com/github/github-mcp-server/pkg/errors"
+	"github.com/github/github-mcp-server/pkg/sanitize"
 	"github.com/github/github-mcp-server/pkg/translations"
 	"github.com/go-viper/mapstructure/v2"
 	"github.com/google/go-github/v76/github"
@@ -211,15 +212,15 @@ func fragmentToIssue(fragment IssueFragment) *github.Issue {
 
 	return &github.Issue{
 		Number:    github.Ptr(int(fragment.Number)),
-		Title:     github.Ptr(string(fragment.Title)),
+		Title:     github.Ptr(sanitize.FilterInvisibleCharacters(string(fragment.Title))),
 		CreatedAt: &github.Timestamp{Time: fragment.CreatedAt.Time},
 		UpdatedAt: &github.Timestamp{Time: fragment.UpdatedAt.Time},
 		User: &github.User{
 			Login: github.Ptr(string(fragment.Author.Login)),
 		},
 		State:    github.Ptr(string(fragment.State)),
 		ID:       github.Ptr(fragment.DatabaseID),
-		Body:     github.Ptr(string(fragment.Body)),
+		Body:     github.Ptr(sanitize.FilterInvisibleCharacters(string(fragment.Body))),
 		Labels:   foundLabels,
 		Comments: github.Ptr(int(fragment.Comments.TotalCount)),
 	}
@@ -323,6 +324,16 @@ func GetIssue(ctx context.Context, client *github.Client, owner string, repo str
 		return mcp.NewToolResultError(fmt.Sprintf("failed to get issue: %s", string(body))), nil
 	}
 
+	// Sanitize title/body on response
+	if issue != nil {
+		if issue.Title != nil {
+			issue.Title = github.Ptr(sanitize.FilterInvisibleCharacters(*issue.Title))
+		}
+		if issue.Body != nil {
+			issue.Body = github.Ptr(sanitize.FilterInvisibleCharacters(*issue.Body))
+		}
+	}
+
 	r, err := json.Marshal(issue)
 	if err != nil {
 		return nil, fmt.Errorf("failed to marshal issue: %w", err)
diff --git a/pkg/github/pullrequests.go b/pkg/github/pullrequests.go
@@ -14,6 +14,7 @@ import (
 	"github.com/shurcooL/githubv4"
 
 	ghErrors "github.com/github/github-mcp-server/pkg/errors"
+	"github.com/github/github-mcp-server/pkg/sanitize"
 	"github.com/github/github-mcp-server/pkg/translations"
 )
 
@@ -123,6 +124,16 @@ func GetPullRequest(ctx context.Context, client *github.Client, owner, repo stri
 		return mcp.NewToolResultError(fmt.Sprintf("failed to get pull request: %s", string(body))), nil
 	}
 
+	// sanitize title/body on response
+	if pr != nil {
+		if pr.Title != nil {
+			pr.Title = github.Ptr(sanitize.FilterInvisibleCharacters(*pr.Title))
+		}
+		if pr.Body != nil {
+			pr.Body = github.Ptr(sanitize.FilterInvisibleCharacters(*pr.Body))
+		}
+	}
+
 	r, err := json.Marshal(pr)
 	if err != nil {
 		return nil, fmt.Errorf("failed to marshal response: %w", err)
@@ -804,6 +815,19 @@ func ListPullRequests(getClient GetClientFn, t translations.TranslationHelperFun
 				return mcp.NewToolResultError(fmt.Sprintf("failed to list pull requests: %s", string(body))), nil
 			}
 
+			// sanitize title/body on each PR
+			for _, pr := range prs {
+				if pr == nil {
+					continue
+				}
+				if pr.Title != nil {
+					pr.Title = github.Ptr(sanitize.FilterInvisibleCharacters(*pr.Title))
+				}
+				if pr.Body != nil {
+					pr.Body = github.Ptr(sanitize.FilterInvisibleCharacters(*pr.Body))
+				}
+			}
+
 			r, err := json.Marshal(prs)
 			if err != nil {
 				return nil, fmt.Errorf("failed to marshal response: %w", err)
diff --git a/pkg/github/tools.go b/pkg/github/tools.go
@@ -308,6 +308,7 @@ func DefaultToolsetGroup(readOnly bool, getClient GetClientFn, getGQLClient GetG
 	gists := toolsets.NewToolset(ToolsetMetadataGists.ID, ToolsetMetadataGists.Description).
 		AddReadTools(
 			toolsets.NewServerTool(ListGists(getClient, t)),
+			toolsets.NewServerTool(GetGist(getClient, t)),
 		).
 		AddWriteTools(
 			toolsets.NewServerTool(CreateGist(getClient, t)),
diff --git a/pkg/sanitize/sanitize.go b/pkg/sanitize/sanitize.go
@@ -0,0 +1,56 @@
+package sanitize
+
+// FilterInvisibleCharacters removes invisible or control characters that should not appear
+// in user-facing titles or bodies. This includes:
+// - Unicode tag characters: U+E0001, U+E0020–U+E007F
+// - BiDi control characters: U+202A–U+202E, U+2066–U+2069
+// - Hidden modifier characters: U+200B, U+200C, U+200E, U+200F, U+00AD, U+FEFF, U+180E, U+2060–U+2064
+func FilterInvisibleCharacters(input string) string {
+	if input == "" {
+		return input
+	}
+
+	// Filter runes
+	out := make([]rune, 0, len(input))
+	for _, r := range input {
+		if !shouldRemoveRune(r) {
+			out = append(out, r)
+		}
+	}
+	return string(out)
+}
+
+func shouldRemoveRune(r rune) bool {
+	switch r {
+	case 0x200B, // ZERO WIDTH SPACE
+		0x200C, // ZERO WIDTH NON-JOINER
+		0x200E, // LEFT-TO-RIGHT MARK
+		0x200F, // RIGHT-TO-LEFT MARK
+		0x00AD, // SOFT HYPHEN
+		0xFEFF, // ZERO WIDTH NO-BREAK SPACE
+		0x180E: // MONGOLIAN VOWEL SEPARATOR
+		return true
+	case 0xE0001: // TAG
+		return true
+	}
+
+	// Ranges
+	// Unicode tags: U+E0020–U+E007F
+	if r >= 0xE0020 && r <= 0xE007F {
+		return true
+	}
+	// BiDi controls: U+202A–U+202E
+	if r >= 0x202A && r <= 0x202E {
+		return true
+	}
+	// BiDi isolates: U+2066–U+2069
+	if r >= 0x2066 && r <= 0x2069 {
+		return true
+	}
+	// Hidden modifiers: U+2060–U+2064
+	if r >= 0x2060 && r <= 0x2064 {
+		return true
+	}
+
+	return false
+}
diff --git a/pkg/sanitize/sanitize_test.go b/pkg/sanitize/sanitize_test.go
