OSS granular PRs and issues toolsets

[mattdholloway]

Summary

Add two new opt-in, non-default toolsets — issues_granular and pull_requests_granular — that provide single-purpose write tools decomposing the existing multi-method tools (issue_write, sub_issue_write, update_pull_request, pull_request_review_write).

This gives users fine-grained control over which write operations are available, which is especially useful for AI agents where limiting the tool surface area improves reliability and safety.

Closes https://github.com/github/sweagentd/issues/11219

Why

The existing consolidated tools use a method parameter to control behavior (e.g. issue_write with method: "create" or method: "update"). This makes it impossible to selectively enable individual operations — you either get all of issue_write or none of it.

Granular toolsets solve this by exposing each operation as its own tool, allowing users to enable exactly the capabilities they need.

What changed

New toolsets

issues_granular (11 tools):

Tool	Decomposed from
create_issue	issue_write method:create
update_issue_title	issue_write method:update
update_issue_body	issue_write method:update
update_issue_state	issue_write method:update
update_issue_labels	issue_write method:update
update_issue_assignees	issue_write method:update
update_issue_milestone	issue_write method:update
update_issue_type	issue_write method:update
add_sub_issue	sub_issue_write method:add
remove_sub_issue	sub_issue_write method:remove
reprioritize_sub_issue	sub_issue_write method:reprioritize

pull_requests_granular (9 tools):

Tool	Decomposed from
update_pull_request_title	update_pull_request
update_pull_request_body	update_pull_request
update_pull_request_state	update_pull_request
update_pull_request_draft_state	New (GraphQL-based draft toggle)
request_pull_request_reviewers	update_pull_request (reviewers field)
create_pull_request_review	pull_request_review_write method:create
submit_pending_pull_request_review	pull_request_review_write method:submit_pending
delete_pending_pull_request_review	pull_request_review_write method:delete_pending
add_pull_request_review_comment	pull_request_review_write (comment to pending review)

MCP impact

• No tool or API changes
• Tool schema or behavior changed
• New tool added

Prompts tested (tool changes only)

• --toolsets=default,issues_granular,pull_requests_granular enables both granular toolsets alongside defaults
• --toolsets=issues_granular enables only granular issue tools

Security / limits

• No security or limits impact
• Auth / permissions considered
• Data exposure, filtering, or token/size limits considered

All granular tools require the same repo scope as their parent tools.

Tool renaming

• I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
  • I have added the new tool aliases in deprecated_tool_aliases.go
• I am not renaming tools as part of this PR

Lint & tests

• Linted locally with ./script/lint
• Tested locally with ./script/test

Docs

• Not needed
• Updated (README / docs / examples)

[Copilot]

Pull request overview

Adds new opt-in “granular” toolsets for issues and pull requests, providing single-operation tools intended to give callers finer control than the existing multi-method tools.

Changes:

• Introduces issues_granular and pull_requests_granular toolset metadata and registers new tools in AllTools.
• Adds new granular tool implementations for issue updates/sub-issues and PR updates/reviews.
• Adds initial unit tests for toolset membership plus a small subset of granular tool behaviors.

Show a summary per file

File	Description
pkg/github/tools.go	Adds new toolset metadata and registers granular tools in the server tool list.
pkg/github/issues_granular.go	Implements granular issue create/update tools and GraphQL-based sub-issue tools.
pkg/github/pullrequests_granular.go	Implements granular PR update tools plus GraphQL-based draft/review/comment tools.
pkg/github/granular_tools_test.go	Adds basic tests for granular toolset membership and a few REST-backed tools.

Copilot's findings

Comments suppressed due to low confidence (1)

pkg/github/pullrequests_granular.go:587

• GranularDeletePendingPullRequestReview uses the same reviews(first: 1, states: PENDING) pattern, which can pick an arbitrary pending review rather than the caller’s pending review. This should target the current user's pending review deterministically (viewer-specific field / author filter) before deleting.

			// Find pending review
			var reviewQuery struct {
				Repository struct {
					PullRequest struct {
						Reviews struct {
							Nodes []struct{ ID string }
						} `graphql:"reviews(first: 1, states: PENDING)"`
					} `graphql:"pullRequest(number: $number)"`
				} `graphql:"repository(owner: $owner, name: $name)"`
			}

			vars := map[string]any{
				"owner":  githubv4.String(owner),
				"name":   githubv4.String(repo),
				"number": githubv4.Int(pullNumber), // #nosec G115 - PR numbers are always small positive integers
			}
			if err := gqlClient.Query(ctx, &reviewQuery, vars); err != nil {
				return utils.NewToolResultErrorFromErr("failed to find pending review", err), nil, nil
			}

			if len(reviewQuery.Repository.PullRequest.Reviews.Nodes) == 0 {
				return utils.NewToolResultError("no pending review found for the current user"), nil, nil
			}

			reviewID := reviewQuery.Repository.PullRequest.Reviews.Nodes[0].ID

• Files reviewed: 16/16 changed files
• Comments generated: 6

[Copilot]

update_issue_milestone uses RequiredParam[float64] and then casts to int. This rejects milestone=0 (even though the schema allows 0) and will silently truncate non-integer values. Use the existing numeric helpers (e.g., RequiredInt/OptionalIntParam) and handle 0 explicitly if you want to support clearing the milestone.

Suggested change

	Type: "number",
	Description: "The milestone number to set on the issue",
	Minimum: jsonschema.Ptr(0.0),
	},
	},
	[]string{"milestone"},
	func(args map[string]any) (*github.IssueRequest, error) {
	milestone, err := RequiredParam[float64](args, "milestone")
	if err != nil {
	return nil, err
	}
	m := int(milestone)
	return &github.IssueRequest{Milestone: &m}, nil
	Type: "integer",
	Description: "The milestone number to set on the issue",
	Minimum: jsonschema.Ptr(0),
	},
	},
	[]string{"milestone"},
	func(args map[string]any) (*github.IssueRequest, error) {
	milestone, err := RequiredInt(args, "milestone")
	if err != nil {
	return nil, err
	}
	return &github.IssueRequest{Milestone: &milestone}, nil

[Copilot]

GranularSubmitPendingPullRequestReview finds a pending review by querying reviews(first: 1, states: PENDING) and then uses the first node. This can select another user's pending review (or an arbitrary one), causing incorrect behavior or authorization failures. Prefer querying the viewer’s pending review explicitly (e.g., a viewer-specific field) or filtering by the current user so the mutation targets the correct review.

This issue also appears on line 562 of the same file.

[Copilot]

line/startLine are parsed as float64 and converted with int(...) without validating they are integers. This will truncate values like 10.5 and send incorrect line numbers to the GraphQL API. Consider using OptionalIntParam (or an equivalent integer-validation helper) for these fields so non-integer inputs are rejected with a clear error.