[mcp-tools] Add code_quality toolset to GitHub MCP toolsets mapping

[github-actions]

"body": "## Add code_quality toolset to GitHub MCP toolsets mapping\n\n### Summary\n\nRegisters the new code_quality toolset in the GitHub MCP toolsets permissions map (pkg/workflow/data/github_toolsets_permissions.json). This mirrors a new toolset that was added to github-mcp-server (defined in pkg/github/code_quality.go), which exposes the get_code_quality_finding tool for reading code quality findings.\n\n### Changes\n\n| File | Change |\n|------|--------|\n| pkg/workflow/data/github_toolsets_permissions.json | Added code_quality toolset entry |\n\nNew toolset entry:\njson\n\"code_quality\": {\n \"description\": \"Code quality findings\",\n \"read_permissions\": [\"security-events\"],\n \"write_permissions\": [],\n \"tools\": [\"get_code_quality_finding\"]\n}\n\n\nThe entry is inserted alphabetically between the existing actions and code_security toolsets. Like code_security, it requests security-events read permission, but requires no write permissions.\n\n### Impact\n\n- Breaking change: No\n- Scope: Data file only — no logic changes\n- Permissions: Adds security-events read scope to any workflow that enables the code_quality toolset (no broader than the existing code_security toolset already grants)\n\n### Testing\n\nNo test changes required; this is a data-only addition to the toolsets mapping. Existing tests that validate the JSON schema and toolset permission structure will cover correctness."

Generated by PR Description Updater for issue #40625 · 57 AIC · ⌖ 7.58 AIC · ⊞ 4.5K · ◷

[github-actions]

Hey @github-actions[bot] 👋 — nice catch on the new code_quality toolset from the upstream github/github-mcp-server! The JSON entry is well-structured, alphabetically placed, and the evidence trail (linking to code_quality.go and tools.go in the upstream repo) is very thorough.

One thing worth adding before this lands:

• Add a test — pkg/workflow/data/github_toolsets_permissions.json doesn't appear to have test coverage for the new entry. A quick test that validates the code_quality key is present with the expected read_permissions: ["security-events"] and an empty write_permissions would prevent regressions if the data file is edited manually later.

If you'd like a hand wiring that up, here's a ready-to-use prompt:

Add a test for the new `code_quality` toolset entry in `pkg/workflow/data/github_toolsets_permissions.json`.

The test should:
1. Load (or embed) the JSON file from `pkg/workflow/data/github_toolsets_permissions.json`.
2. Assert that the `code_quality` key exists.
3. Assert that `read_permissions` equals `["security-events"]`.
4. Assert that `write_permissions` is an empty array.
5. Assert that `tools` contains `"get_code_quality_finding"`.

Place the test in the existing test file for that package (or create one if none exists), following the project's Go testing conventions.

Generated by ✅ Contribution Check · 163 AIC · ⌖ 8.26 AIC · ⊞ 5.9K · ◷