Skip to content

mcp: add readonly guard to config add/remove handlers#3708

Open
Elvand-Lie wants to merge 3 commits into
knative:mainfrom
Elvand-Lie:fix/mcp-config-readonly-guard
Open

mcp: add readonly guard to config add/remove handlers#3708
Elvand-Lie wants to merge 3 commits into
knative:mainfrom
Elvand-Lie:fix/mcp-config-readonly-guard

Conversation

@Elvand-Lie

@Elvand-Lie Elvand-Lie commented May 12, 2026

Copy link
Copy Markdown
Contributor

The deploy and delete handlers check s.readonly and refuse to act in readonly mode. However, the six config mutation handlers (configEnvsAdd, configEnvsRemove, configLabelsAdd, configLabelsRemove, configVolumesAdd, configVolumesRemove) execute unconditionally, allowing an AI agent to modify func.yaml even when readonly mode is active.

Add the same readonly guard to all six config mutation handlers, consistent with deploy and delete.

Changes

  • Add s.readonly guard to configEnvsAddHandler and configEnvsRemoveHandler
  • Add s.readonly guard to configLabelsAddHandler and configLabelsRemoveHandler
  • Add s.readonly guard to configVolumesAddHandler and configVolumesRemoveHandler

Fixes #3704

Release Note

NONE

Docs

NONE

@knative-prow knative-prow Bot requested review from dsimansk and jrangelramos May 12, 2026 14:15
@knative-prow knative-prow Bot added size/S 🤖 PR changes 10-29 lines, ignoring generated files. needs-ok-to-test 🤖 Needs an org member to approve testing labels May 12, 2026
@knative-prow

knative-prow Bot commented May 12, 2026

Copy link
Copy Markdown

Hi @Elvand-Lie. Thanks for your PR.

I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@codecov

codecov Bot commented May 12, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 96.29630% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 54.05%. Comparing base (d7b93f6) to head (8bee273).

Files with missing lines Patch % Lines
pkg/mcp/tools_build.go 0.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3708      +/-   ##
==========================================
+ Coverage   54.00%   54.05%   +0.04%     
==========================================
  Files         200      200              
  Lines       23687    23711      +24     
==========================================
+ Hits        12792    12816      +24     
  Misses       9660     9660              
  Partials     1235     1235              
Flag Coverage Δ
e2e 34.02% <0.00%> (-0.04%) ⬇️
e2e go 29.36% <0.00%> (-0.04%) ⬇️
e2e node 25.69% <0.00%> (-0.03%) ⬇️
e2e python 29.69% <0.00%> (-0.04%) ⬇️
e2e quarkus 25.82% <0.00%> (-0.01%) ⬇️
e2e rust 25.29% <0.00%> (-0.03%) ⬇️
e2e springboot 23.98% <0.00%> (-0.03%) ⬇️
e2e typescript 25.81% <0.00%> (-0.03%) ⬇️
e2e-config-ci 26.86% <0.00%> (-0.05%) ⬇️
integration 15.67% <0.00%> (-0.01%) ⬇️
unit macos-14 43.11% <95.23%> (+0.05%) ⬆️
unit macos-latest 43.11% <95.23%> (+0.05%) ⬆️
unit ubuntu-24.04-arm 43.42% <96.29%> (+0.05%) ⬆️
unit ubuntu-latest 43.96% <95.23%> (+0.05%) ⬆️
unit windows-latest 43.18% <95.23%> (+0.06%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@knative-prow knative-prow Bot added size/L 🤖 PR changes 100-499 lines, ignoring generated files. and removed size/S 🤖 PR changes 10-29 lines, ignoring generated files. labels May 12, 2026
@gauron99

Copy link
Copy Markdown
Contributor

/ok-to-test
/lgtm
/approve

@knative-prow knative-prow Bot added ok-to-test 🤖 Non-member PR verified by an org member that is safe to test. lgtm 🤖 PR is ready to be merged. and removed needs-ok-to-test 🤖 Needs an org member to approve testing labels May 15, 2026
@knative-prow

knative-prow Bot commented May 15, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Elvand-Lie, gauron99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow Bot added the approved 🤖 PR has been approved by an approver from all required OWNERS files. label May 15, 2026
@gauron99

Copy link
Copy Markdown
Contributor

/hold for @lkingland input

@knative-prow knative-prow Bot added the do-not-merge/hold 🤖 PR should not merge because someone has issued a /hold command. label May 15, 2026
@gauron99

Copy link
Copy Markdown
Contributor

/retest

@lkingland

lkingland commented May 18, 2026

Copy link
Copy Markdown
Member

/unhold

Patch matches the existing deploy/delete inline-check convention, addresses a real readonly bypass, and shouldn't wait on hypothetical refactors. If #3771 reshapes this code later, the readonly logic will move with it. Let's land.

Please rebase and we can land it.

@knative-prow knative-prow Bot removed the do-not-merge/hold 🤖 PR should not merge because someone has issued a /hold command. label May 18, 2026
@knative-prow-robot knative-prow-robot added the needs-rebase Cannot be merged due to conflicts with HEAD. label May 18, 2026
@Elvand-Lie Elvand-Lie force-pushed the fix/mcp-config-readonly-guard branch from 762cc09 to c67cc97 Compare May 18, 2026 10:02
@knative-prow knative-prow Bot removed the lgtm 🤖 PR is ready to be merged. label May 18, 2026
@knative-prow

knative-prow Bot commented May 18, 2026

Copy link
Copy Markdown

New changes are detected. LGTM label has been removed.

@knative-prow-robot knative-prow-robot removed the needs-rebase Cannot be merged due to conflicts with HEAD. label May 18, 2026
@Elvand-Lie Elvand-Lie force-pushed the fix/mcp-config-readonly-guard branch from c67cc97 to 50ae1d6 Compare May 18, 2026 11:44
@Elvand-Lie

Copy link
Copy Markdown
Contributor Author

@gauron99 Just noticed this PR recently and I think I've rebased it if you have the time please take a look. Thanks.

The deploy and delete handlers check s.readonly and refuse to act in readonly mode. However, the six config mutation handlers (envs add/remove, labels add/remove, volumes add/remove) execute unconditionally, allowing an AI agent to modify func.yaml even in readonly mode.

Add the same readonly guard to all six config mutation handlers.

Signed-off-by: elvandlie@gmail.com <elvandlie@gmail.com>
Signed-off-by: elvandlie@gmail.com <elvandlie@gmail.com>
@Elvand-Lie Elvand-Lie force-pushed the fix/mcp-config-readonly-guard branch from 50ae1d6 to 8bee273 Compare June 26, 2026 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved 🤖 PR has been approved by an approver from all required OWNERS files. ok-to-test 🤖 Non-member PR verified by an org member that is safe to test. size/L 🤖 PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

mcp: config add/remove handlers bypass readonly guard

4 participants