-
Notifications
You must be signed in to change notification settings - Fork 354
Expand file tree
/
Copy pathfeature_constants.go
More file actions
62 lines (60 loc) · 2.82 KB
/
feature_constants.go
File metadata and controls
62 lines (60 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package constants
// FeatureFlag represents a feature flag identifier.
// This semantic type distinguishes feature flag names from arbitrary strings,
// making feature flag operations explicit and type-safe.
//
// Example usage:
//
// const MCPGatewayFeatureFlag FeatureFlag = "mcp-gateway"
// func IsFeatureEnabled(flag FeatureFlag) bool { ... }
type FeatureFlag string
// Feature flag identifiers
const (
// MCPScriptsFeatureFlag is the name of the feature flag for mcp-scripts
MCPScriptsFeatureFlag FeatureFlag = "mcp-scripts"
// MCPGatewayFeatureFlag is the feature flag name for enabling MCP gateway
MCPGatewayFeatureFlag FeatureFlag = "mcp-gateway"
// DisableXPIAPromptFeatureFlag is the feature flag name for disabling XPIA prompt
DisableXPIAPromptFeatureFlag FeatureFlag = "disable-xpia-prompt"
// CopilotRequestsFeatureFlag is the feature flag name for enabling copilot-requests mode.
// When enabled: no secret validation step is generated, copilot-requests: write permission is added,
// and the GitHub Actions token is used as the agentic engine secret.
CopilotRequestsFeatureFlag FeatureFlag = "copilot-requests"
// DIFCProxyFeatureFlag is the deprecated feature flag name for the DIFC proxy.
// Deprecated: Use tools.github.integrity-proxy instead. The proxy is now enabled
// by default when guard policies are configured. Set tools.github.integrity-proxy: false
// to disable it. The codemod "features-difc-proxy-to-tools-github" migrates this flag.
DIFCProxyFeatureFlag FeatureFlag = "difc-proxy"
// CliProxyFeatureFlag enables the AWF CLI proxy sidecar.
// When enabled, the compiler starts a difc-proxy on the host before AWF and
// injects --difc-proxy-host and --difc-proxy-ca-cert into the AWF command,
// giving the agent secure gh CLI access without exposing GITHUB_TOKEN.
// The token is held in an mcpg DIFC proxy on the host, enforcing
// guard policies and audit logging.
//
// Workflow frontmatter usage:
//
// features:
// cli-proxy: true
CliProxyFeatureFlag FeatureFlag = "cli-proxy"
// CopilotIntegrationIDFeatureFlag gates injection of the
// GITHUB_COPILOT_INTEGRATION_ID environment variable into the agent step.
// Default off — the env var may cause Copilot CLI failures.
// See https://github.com/github/gh-aw/issues/25516
//
// Workflow frontmatter usage:
//
// features:
// copilot-integration-id: true
CopilotIntegrationIDFeatureFlag FeatureFlag = "copilot-integration-id"
// IntegrityReactionsFeatureFlag enables reaction-based integrity promotion/demotion
// in the MCPG allow-only policy. When enabled, the compiler injects
// endorsement-reactions and disapproval-reactions fields into the allow-only policy.
// Requires MCPG >= v0.2.18.
//
// Workflow frontmatter usage:
//
// features:
// integrity-reactions: true
IntegrityReactionsFeatureFlag FeatureFlag = "integrity-reactions"
)