Conversation
Ribbit agents now get restricted Bash access for the configured VCS CLI (gh for GitHub, glab for GitLab) and can connect to the issue tracker via MCP when both issue_tracker and mcp are enabled in config. - RunOpts gains AllowedBashCommands and MCPServers fields - buildArgs extends --allowedTools with Bash(cmd:*) patterns for each allowed command prefix; writes a temp MCP config file when MCPServers is set (cleaned up after the agent exits) - ribbit.Engine stores VCS, IssueTracker, and MCP config; Respond() populates both new RunOpts fields based on configured platform - ribbitPrompt updated to instruct the agent on read-only-only use of VCS CLI and issue tracker MCP tools
Acknowledge os.Remove return values with blank identifier to satisfy the errcheck linter. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
HergenD
requested changes
Mar 20, 2026
Member
HergenD
left a comment
HergenD
left a comment
There was a problem hiding this comment.
The VCS bash permissions part (AllowedBashCommands for gh/glab) looks good — that's a useful addition for ribbits.
However, the issue tracker integration via MCP is based on a misunderstanding of the architecture:
- Toad already has its own Linear integration via
internal/issuetracker/— it connects directly to Linear's API (linear.go) to fetch issue details, comments, statuses, and handle assignee gating. This is not exposed through MCP. - Toad's MCP package (
internal/mcp/) is an MCP server that exposes tools (ask,logs,watches,query) for external clients to talk to Toad. It's not a proxy to Linear. - The condition
e.issueTracker.Enabled && e.mcp.Enabledconflates two unrelated systems — the issue tracker config and the MCP server config have nothing to do with each other.
If the goal is to give ribbits access to Linear issue data, the ribbit engine should use the existing issuetracker.Tracker interface directly (like investigations already do) to fetch and inject relevant issue context into the prompt — no MCP client wiring needed.
Suggestion: split this into two pieces:
- Ship the VCS bash permissions as-is — the
AllowedBashCommandsplumbing andgh/glabaccess for read-only ribbit mode is solid. - Rework the issue tracker part to use the existing
issuetracker.Trackerinterface, injecting fetched issue details into the ribbit prompt context rather than adding MCP client infrastructure.
The path passed to os.Remove comes from os.CreateTemp, not user input. Add nolint annotation to match the project's existing pattern for suppressing gosec false positives. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Member
|
I dont see your changes |
The issue tracker integration via MCP was based on a misunderstanding: Toad's internal/mcp/ is an MCP server exposing tools to external clients, not a proxy to Linear. The issueTracker + mcp config conflation is wrong. Strip MCPServerConfig, MCPServers, writeMCPConfig, and all MCP client plumbing. Keep the AllowedBashCommands addition for gh/glab read-only access which is the useful part of this PR.
Instead of MCP client wiring, use the existing issuetracker.Tracker to extract ticket refs from the message, fetch details + comments, and inject them into the ribbit prompt context. Works for both triggered and passive ribbit paths. Caps at 3 lookups, truncates long descriptions/comments, gracefully handles nil tracker.
HergenD
changed the title
Replace broad Bash(gh:*) / Bash(glab:*) tool specs with specific read-only subcommands (pr view, pr list, pr diff, pr checks, issue view, issue list, search) so the agent cannot invoke write operations like gh pr merge or gh issue close at the tool permission level.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
gh/glab) for ribbit read-only mode, so ribbits can look up PRs, issues, and other VCS dataissuetracker.TrackerinterfaceLinear: PLF-3249
Changes
VCS CLI access:
AllowedBashCommandsfield onRunOpts— bash command prefixes allowed in read-only modebuildArgsgeneratesBash(gh:*)/Bash(glab:*)tool specs based on VCS platform configIssue tracker enrichment:
ribbit.Engineaccepts anissuetracker.Trackerand extracts ticket refs from messages🐸 Created by toad tadpole, fixed by human