Omit unverified parent under lockdown instead of redacting title

Align issue_read get parent enrichment with the codebase's existing
lockdown patterns: rather than introducing a third, redaction-with-sentinel
behavior, omit the whole parent reference when its (possibly cross-repo)
content cannot be verified safe. This mirrors how unsafe comments, sub-issues,
and PR reviews are filtered out. has_parent stays true so an agent can still
route to get_parent.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: zwick

pkg/github/issues.go

@@ -777,14 +777,10 @@ func GetIssue(ctx context.Context, client *github.Client, deps ToolDependencies,
 	return MarshalledTextResult(minimalIssue), nil
 }
 
-// lockdownRedactedTitle replaces a related issue's title when lockdown mode is enabled and the
-// related content cannot be verified as safe. Numeric/structural fields stay intact.
-const lockdownRedactedTitle = "[redacted - not from a trusted source]"
-
 // applyIssueReadEnrichment populates the hierarchy relationship signals (has_parent/has_children,
 // parent, sub_issues_summary) and field_values onto the minimal issue. In lockdown mode the parent
-// title is redacted unless the parent content can be verified as safe; counts and booleans are pure
-// numbers and are always safe to surface.
+// reference is omitted unless the parent content can be verified as safe; has_parent and the numeric
+// counts are structural routing signals and are always safe to surface.
 func applyIssueReadEnrichment(ctx context.Context, minimalIssue *MinimalIssue, enrichment *issueReadEnrichment, cache *lockdown.RepoAccessCache, lockdownMode bool) {
 	if enrichment == nil {
 		return
@@ -793,12 +789,15 @@ func applyIssueReadEnrichment(ctx context.Context, minimalIssue *MinimalIssue, e
 	minimalIssue.FieldValues = enrichment.FieldValues
 
 	if parent := enrichment.Parent; parent != nil {
-		ref := parent.Ref
-		if lockdownMode && !isSafeParentContent(ctx, cache, parent) {
-			ref.Title = lockdownRedactedTitle
-		}
-		minimalIssue.Parent = &ref
 		minimalIssue.HasParent = true
+		// Surface the parent reference only when it is safe to expose. Under lockdown an
+		// unverified (possibly cross-repo) parent is omitted entirely, mirroring how unsafe
+		// comments and sub-issues are filtered out. has_parent still routes an agent to
+		// get_parent if it needs to follow up.
+		if !lockdownMode || isSafeParentContent(ctx, cache, parent) {
+			ref := parent.Ref
+			minimalIssue.Parent = &ref
+		}
 	}
 
 	if enrichment.SubIssuesSummary.Total > 0 {
@@ -808,9 +807,9 @@ func applyIssueReadEnrichment(ctx context.Context, minimalIssue *MinimalIssue, e
 	}
 }
 
-// isSafeParentContent reports whether the parent issue's title can be exposed under lockdown mode.
+// isSafeParentContent reports whether the parent issue reference can be exposed under lockdown mode.
 // It fails closed: any inability to positively verify safe content (missing cache, missing author,
-// unparseable repository, or a lookup error) results in redaction.
+// unparseable repository, or a lookup error) results in the parent reference being omitted.
 func isSafeParentContent(ctx context.Context, cache *lockdown.RepoAccessCache, parent *issueReadParent) bool {
 	if cache == nil || parent.AuthorLogin == "" {
 		return false

pkg/github/issues_test.go

@@ -714,8 +714,9 @@ func Test_GetIssue_HierarchyEnrichment_Lockdown(t *testing.T) {
 	// In lockdown mode the issue's own author must be verified as safe (mirrors the existing
 	// REST lockdown gate). The repo-access cache performs push-access checks against its own
 	// REST client: the issue author ("author") has write access, while the parent author
-	// ("parentauthor") only has read access and so cannot be verified as safe. The parent title
-	// is therefore redacted while the numeric/structural fields remain intact.
+	// ("parentauthor") only has read access and so cannot be verified as safe. The parent
+	// reference is therefore omitted entirely, while has_parent stays true so an agent can
+	// still route to get_parent.
 	restClient := MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
 		GetReposIssuesByOwnerByRepoByIssueNumber: mockResponse(t, http.StatusOK, mockIssue),
 	})
@@ -757,14 +758,8 @@ func Test_GetIssue_HierarchyEnrichment_Lockdown(t *testing.T) {
 	var returnedIssue MinimalIssue
 	require.NoError(t, json.Unmarshal([]byte(getTextResult(t, result).Text), &returnedIssue))
 
-	require.NotNil(t, returnedIssue.Parent)
-	assert.True(t, returnedIssue.HasParent)
-	assert.Equal(t, lockdownRedactedTitle, returnedIssue.Parent.Title, "parent title should be redacted under lockdown")
-	// Numeric/structural fields remain intact even when redacted.
-	assert.Equal(t, 2820, returnedIssue.Parent.Number)
-	assert.Equal(t, "OPEN", returnedIssue.Parent.State)
-	assert.Equal(t, "owner/repo", returnedIssue.Parent.Repository)
-	assert.Equal(t, "https://github.com/owner/repo/issues/2820", returnedIssue.Parent.URL)
+	require.Nil(t, returnedIssue.Parent, "parent reference should be omitted under lockdown when it cannot be verified safe")
+	assert.True(t, returnedIssue.HasParent, "has_parent should still be true so agents can route to get_parent")
 }
 
 func Test_GetIssue_HierarchyEnrichment_QueryFailureReturnsBaseIssue(t *testing.T) {

pkg/github/minimal_types.go

@@ -344,8 +344,9 @@ type MinimalIssue struct {
 	FieldValues       []MinimalFieldValue      `json:"field_values,omitempty"`
 
 	// Hierarchy relationship signals. HasParent and HasChildren are always emitted
-	// (an explicit false is itself a useful routing signal); Parent and SubIssuesSummary
-	// are only populated when the relationship exists.
+	// (an explicit false is itself a useful routing signal); SubIssuesSummary is populated
+	// when children exist, and Parent when a parent exists and may be surfaced (under lockdown
+	// an unverified parent reference is omitted while HasParent stays true).
 	HasParent        bool                     `json:"has_parent"`
 	HasChildren      bool                     `json:"has_children"`
 	Parent           *MinimalIssueRef         `json:"parent,omitempty"`