fix(mcp): reject Gmail-only list search operators#425
Merged
Conversation
MCP search previously accepted Gmail-only list syntax as plain text because the parser had no way to mark unsupported operators. That made agent-side validation look successful even when List-ID was never evaluated locally. Record known unsupported Gmail list operators during parsing and make MCP search/deletion staging fail clearly before querying, while preserving the parser's previous text-token behavior for callers that do not opt into strict validation. Generated with Codex
roborev: Combined Review (
|
mariusvniekerk
approved these changes
Jun 30, 2026
The Windows CI lane timed out in cmd/msgvault/cmd at Go's default 10 minute per-package limit. The log showed a timeout panic, not a failing assertion, with the suite still running when Go terminated the package. The repository token available here cannot update workflow files because it lacks the workflow scope, so keep the fix in test code: on Windows only, raise the command package timeout before m.Run starts the testing alarm. Non-Windows tests keep the normal go test behavior. Generated with Codex
roborev: Combined Review (
|
The Windows command-package timeout shim needs to inspect the value passed by go test, not the testing package's unparsed default. With a custom TestMain, Go leaves test flags unparsed until m.Run unless TestMain parses them itself, so the previous helper could silently keep the default package timeout. Generated with Codex Co-authored-by: Codex <codex@openai.com>
roborev: Combined Review (
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
MCP search previously accepted Gmail-only list syntax as plain text because the local parser had no way to mark unsupported operators. That made agent-side validation look successful even when
List-IDwas never evaluated by msgvault.This rejects known Gmail-only list operators in MCP search and query-based deletion staging before any engine query runs. The parser still preserves the old text-token behavior for callers that do not opt into strict validation, so the change is scoped to MCP surfaces where a false positive is risky.
The docs and MCP tool descriptions now call this a local subset of Gmail-like syntax and point List-ID validation back to Gmail-side evaluation.