Skip to content

fix(mcp): reject Gmail-only list search operators#425

Merged
wesm merged 3 commits into
mainfrom
honey-waitress
Jun 30, 2026
Merged

fix(mcp): reject Gmail-only list search operators#425
wesm merged 3 commits into
mainfrom
honey-waitress

Conversation

@wesm

@wesm wesm commented Jun 30, 2026

Copy link
Copy Markdown
Member

MCP search previously accepted Gmail-only list syntax as plain text because the local parser had no way to mark unsupported operators. That made agent-side validation look successful even when List-ID was never evaluated by msgvault.

This rejects known Gmail-only list operators in MCP search and query-based deletion staging before any engine query runs. The parser still preserves the old text-token behavior for callers that do not opt into strict validation, so the change is scoped to MCP surfaces where a false positive is risky.

The docs and MCP tool descriptions now call this a local subset of Gmail-like syntax and point List-ID validation back to Gmail-side evaluation.

MCP search previously accepted Gmail-only list syntax as plain text because the parser had no way to mark unsupported operators. That made agent-side validation look successful even when List-ID was never evaluated locally.

Record known unsupported Gmail list operators during parsing and make MCP search/deletion staging fail clearly before querying, while preserving the parser's previous text-token behavior for callers that do not opt into strict validation.

Generated with Codex
@roborev-ci

roborev-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown

roborev: Combined Review (b24dd74)

No issues found.


Panel: ci_default_security | Synthesis: codex | Members: codex_default (codex/default, done, 1m53s), codex_security (codex/security, done, 26s) | Total: 2m19s

The Windows CI lane timed out in cmd/msgvault/cmd at Go's default 10 minute per-package limit. The log showed a timeout panic, not a failing assertion, with the suite still running when Go terminated the package.

The repository token available here cannot update workflow files because it lacks the workflow scope, so keep the fix in test code: on Windows only, raise the command package timeout before m.Run starts the testing alarm. Non-Windows tests keep the normal go test behavior.

Generated with Codex
@roborev-ci

roborev-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown

roborev: Combined Review (7a7ab73)

Medium confidence: one Medium issue needs attention; no High or Critical findings.

Medium

  • cmd/msgvault/cmd/testmain_windows_test.go:15TestMain calls raiseWindowsCommandPackageTimeout before test flags are parsed. At that point test.timeout is still the registered default (0s), so the helper returns at current <= 0 and never raises the timeout that go test later parses from -test.timeout.
    • Fix: Parse flags before inspecting test.timeout, or rewrite the relevant os.Args value before m.Run; preserve explicit -timeout=0 behavior if intended.

Panel: ci_default_security | Synthesis: codex, 6s | Members: codex_default (codex/default, done, 1m41s), codex_security (codex/security, done, 14s) | Total: 2m1s

The Windows command-package timeout shim needs to inspect the value passed by go test, not the testing package's unparsed default. With a custom TestMain, Go leaves test flags unparsed until m.Run unless TestMain parses them itself, so the previous helper could silently keep the default package timeout.

Generated with Codex
Co-authored-by: Codex <codex@openai.com>
@roborev-ci

roborev-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown

roborev: Combined Review (991d232)

No Medium, High, or Critical findings were reported.

All actionable findings were below the requested severity threshold and omitted.


Panel: ci_default_security | Synthesis: codex, 5s | Members: codex_default (codex/default, done, 4m7s), codex_security (codex/security, done, 33s) | Total: 4m45s

@wesm wesm merged commit 460721a into main Jun 30, 2026
13 checks passed
@wesm wesm deleted the honey-waitress branch June 30, 2026 23:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants