Implement and update readme for new env var ALLOWED_METHODS #26
Conversation
…the methods the tool can use
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @nitzpo, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request enhances the configurability and security of the Lokka-Microsoft tool by introducing an environment variable to explicitly control which HTTP methods it can execute. This provides administrators with finer-grained control over the tool's capabilities, limiting potential actions to only those deemed necessary.
Highlights
- New Configuration Option: I've introduced a new environment variable,
ALLOWED_METHODS, which allows users to specify a comma-separated list of HTTP methods that theLokka-Microsofttool is permitted to use. If this variable is not set, the tool will default to allowing all standard methods (GET, POST, PUT, PATCH, DELETE). - Dynamic Method Enforcement: The
Lokka-Microsofttool's method parameter (z.enum) now dynamically enforces the list of allowed HTTP methods based on theALLOWED_METHODSenvironment variable. This ensures that only the configured methods can be used when interacting with Microsoft APIs. - Documentation Update: The
README.mdhas been updated to include comprehensive documentation for the newALLOWED_METHODSenvironment variable, explaining its purpose, format, and default behavior.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request introduces a new environment variable ALLOWED_METHODS to restrict the HTTP methods available in the Lokka-Microsoft tool. The implementation is straightforward, but I've identified a critical type-safety issue in the TypeScript source due to an incorrect type assertion, and a high-severity robustness issue in how the environment variable is parsed in both the TypeScript and JavaScript files. My review includes suggestions to fix these issues to ensure the feature is both safe and reliable.
nitzpo
force-pushed
the
add-allowed-methods-env-var
branch
from
f46e53f to
a838849
Compare
|
@nitzpo love this, thanks for the PR. This is something I've been thinking about and I want to think more about how we implement this. Should we list them as get, patch, delete or instead have config options that say Permissions: Read, Write, Delete
I feel read, write, delete might be easier to understand. Also I think we should default to Read and make Write and Delete as options to configure. |
|
What is the intent of this additional env var @nitzpo ? |
POST is very much a WRITE operation, although batch GET requests would be a POST. |
|
Hi all! Thanks for the comments. The idea is to be able to limit the permissions "on the fly", without creating new entities or changing your current permissions (sometimes you don't have permissions to change the permissions...) My original idea was to create another tool "Lokka-Readonly" that will have limited permissions; and the regular tool will have full permissions. Then limiting the usage can be done easily in the IDE :) That brought me to the decision to implement it by selection of the http methods; so anyone can configure the available methods to their agent according to their liking and situation. Another implementation decision I made was to make this limitation in the input enum to the tool. The other idea was to allow the agent to request any method, but assert inside the tool and respond with an error that the tool is blocked if its not in the allowlist. |
|
How about a different approach then to list the scopes allowed. |
|
I don't think there is a reasonable way to limit access by scope at the request time; and I don't want to require changing the actual permissions |
|
Agree blocking POST will block many read apis Eg Conditional access - what if api https://learn.microsoft.com/en-us/graph/api/conditionalaccessroot-evaluate?view=graph-rest-1.0 Etc.. I like @darrenjrobinson's idea of matching the API to the permission scope. The only catch is that it can be quite buggy to implement. There is no explicit mapping available for this. I parse the info in the doc markdown for graphpermissions.merill.net but there are many areas where docs are not accurate etc.. Maybe having a second mcp with read only permissions is the better way to go. |
|
I think its too complicated to implement and unreliable to do the matching here About having a second mcp - still, how do you limit it to read operations only? Using HTTP methods or some other way? |
|
Spitballing here but if there was a way to map those graph calls to PowerShell Graph SDK cmdlet, checking for the verb would be a good starting point? GET method still have the Get verb, POST splits into New, Test, etc which can better indicate what is allowed? It's getting convoluted but I think it would cover the edge cases decently. It would be fragile though. |
But leaving it as a READ ONLY is misleading, as you can create conditional access policies, compliance polices, groups, users, basically you can create almost anything and everything. |
|
Following all the comments here |
5 participants
Implement and update readme for new env var ALLOWED_METHODS that limits the methods the tool can use