Linter fixes and renamed scope challenge to PAT scope filter

Author: omgitsads

pkg/context/mcp_info.go

@@ -25,8 +25,8 @@ type MCPMethodInfo struct {
 	Arguments map[string]any
 }
 
-// ContextWithMCPMethodInfo stores the MCPMethodInfo in the context.
-func ContextWithMCPMethodInfo(ctx context.Context, info *MCPMethodInfo) context.Context {
+// WithMCPMethodInfo stores the MCPMethodInfo in the context.
+func WithMCPMethodInfo(ctx context.Context, info *MCPMethodInfo) context.Context {
 	return context.WithValue(ctx, mcpMethodInfoCtxKey, info)
 }
 

pkg/context/token.go

@@ -12,22 +12,22 @@ type tokenCtx string
 var tokenCtxKey tokenCtx = "tokenctx"
 
 type TokenInfo struct {
-	Token     string
-	TokenType utils.TokenType
-	Scopes    []string
+	Token         string
+	TokenType     utils.TokenType
+	ScopesFetched bool
+	Scopes        []string
 }
 
 // WithTokenInfo adds TokenInfo to the context
 func WithTokenInfo(ctx context.Context, tokenInfo *TokenInfo) context.Context {
 	return context.WithValue(ctx, tokenCtxKey, tokenInfo)
 }
 
-func SetTokenScopes(ctx context.Context, scopes []string) context.Context {
+func SetTokenScopes(ctx context.Context, scopes []string) {
 	if tokenInfo, ok := GetTokenInfo(ctx); ok {
 		tokenInfo.Scopes = scopes
-		return WithTokenInfo(ctx, tokenInfo)
+		tokenInfo.ScopesFetched = true
 	}
-	return ctx
 }
 
 // GetTokenInfo retrieves the authentication token from the context

pkg/http/handler.go

@@ -209,10 +209,7 @@ func DefaultInventoryFactory(cfg *ServerConfig, t translations.TranslationHelper
 			WithFeatureChecker(featureChecker)
 
 		b = InventoryFiltersForRequest(r, b)
-
-		if cfg.ScopeChallenge {
-			b = ScopeChallengeFilter(b, r, scopeFetcher)
-		}
+		b = PATScopeFilter(b, r, scopeFetcher)
 
 		b.WithServerInstructions()
 
@@ -243,7 +240,7 @@ func InventoryFiltersForRequest(r *http.Request, builder *inventory.Builder) *in
 	return builder
 }
 
-func ScopeChallengeFilter(b *inventory.Builder, r *http.Request, fetcher scopes.FetcherInterface) *inventory.Builder {
+func PATScopeFilter(b *inventory.Builder, r *http.Request, fetcher scopes.FetcherInterface) *inventory.Builder {
 	ctx := r.Context()
 
 	tokenInfo, ok := ghcontext.GetTokenInfo(ctx)
@@ -260,6 +257,9 @@ func ScopeChallengeFilter(b *inventory.Builder, r *http.Request, fetcher scopes.
 			return b
 		}
 
+		// Store fetched scopes in context for downstream use
+		ghcontext.SetTokenScopes(ctx, scopesList)
+
 		return b.WithFilter(github.CreateToolScopeFilter(scopesList))
 	}
 

pkg/http/middleware/mcp_parse.go

@@ -117,7 +117,7 @@ func WithMCPParse() func(http.Handler) http.Handler {
 			}
 
 			// Store the parsed info in context
-			ctx = ghcontext.ContextWithMCPMethodInfo(ctx, methodInfo)
+			ctx = ghcontext.WithMCPMethodInfo(ctx, methodInfo)
 
 			next.ServeHTTP(w, r.WithContext(ctx))
 		}

pkg/http/middleware/scope_challenge.go

@@ -20,12 +20,12 @@ import (
 // a HEAD request and reading the X-OAuth-Scopes header. This is used as a fallback
 // when scopes are not provided in the token info header.
 func FetchScopesFromGitHubAPI(ctx context.Context, token string, apiHost utils.APIHostResolver) ([]string, error) {
-	baseUrl, err := apiHost.BaseRESTURL(ctx)
+	baseURL, err := apiHost.BaseRESTURL(ctx)
 	if err != nil {
 		return nil, err
 	}
 
-	req, err := http.NewRequestWithContext(ctx, http.MethodHead, strings.TrimSuffix(baseUrl.String(), "/")+"/user", http.NoBody)
+	req, err := http.NewRequestWithContext(ctx, http.MethodHead, strings.TrimSuffix(baseURL.String(), "/")+"/user", http.NoBody)
 	if err != nil {
 		return nil, err
 	}

pkg/http/oauth/oauth.go

@@ -8,7 +8,6 @@ import (
 	"strings"
 
 	"github.com/github/github-mcp-server/pkg/http/headers"
-	"github.com/github/github-mcp-server/pkg/utils"
 	"github.com/go-chi/chi/v5"
 	"github.com/modelcontextprotocol/go-sdk/auth"
 	"github.com/modelcontextprotocol/go-sdk/oauthex"
@@ -40,8 +39,6 @@ var SupportedScopes = []string{
 
 // Config holds the OAuth configuration for the MCP server.
 type Config struct {
-	ApiHosts utils.APIHostResolver
-
 	// BaseURL is the publicly accessible URL where this server is hosted.
 	// This is used to construct the OAuth resource URL.
 	BaseURL string

pkg/http/server.go

@@ -128,7 +128,6 @@ func RunHTTPServer(cfg ServerConfig) error {
 	// Register OAuth protected resource metadata endpoints
 	oauthCfg := &oauth.Config{
 		BaseURL:      cfg.BaseURL,
-		ApiHosts:     apiHost,
 		ResourcePath: cfg.ResourcePath,
 	}
 

pkg/scopes/fetcher.go

@@ -67,13 +67,13 @@ func NewFetcher(opts FetcherOptions) *Fetcher {
 // Note: Fine-grained PATs don't return the X-OAuth-Scopes header, so an empty
 // slice is returned for those tokens.
 func (f *Fetcher) FetchTokenScopes(ctx context.Context, token string) ([]string, error) {
-	apiHostUrl, err := f.apiHost.BaseRESTURL(ctx)
+	apiHostURL, err := f.apiHost.BaseRESTURL(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get API host URL: %w", err)
 	}
 
 	// Use a lightweight endpoint that requires authentication
-	endpoint, err := url.JoinPath(apiHostUrl.String(), "/")
+	endpoint, err := url.JoinPath(apiHostURL.String(), "/")
 	if err != nil {
 		return nil, fmt.Errorf("failed to construct API URL: %w", err)
 	}

pkg/scopes/fetcher_test.go

@@ -16,16 +16,16 @@ type testApiHostResolver struct {
 	baseURL string
 }
 
-func (t testApiHostResolver) BaseRESTURL(ctx context.Context) (*url.URL, error) {
+func (t testApiHostResolver) BaseRESTURL(_ context.Context) (*url.URL, error) {
 	return url.Parse(t.baseURL)
 }
-func (t testApiHostResolver) GraphqlURL(ctx context.Context) (*url.URL, error) {
+func (t testApiHostResolver) GraphqlURL(_ context.Context) (*url.URL, error) {
 	return nil, nil
 }
-func (t testApiHostResolver) UploadURL(ctx context.Context) (*url.URL, error) {
+func (t testApiHostResolver) UploadURL(_ context.Context) (*url.URL, error) {
 	return nil, nil
 }
-func (t testApiHostResolver) RawURL(ctx context.Context) (*url.URL, error) {
+func (t testApiHostResolver) RawURL(_ context.Context) (*url.URL, error) {
 	return nil, nil
 }