Skip to content

Add MCP tool annotations and improve descriptions #345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SUSTAPLE117 merged 2 commits into from
Sep 30, 2025
Merged

Add MCP tool annotations and improve descriptions #345

SUSTAPLE117 merged 2 commits into from
Sep 30, 2025

Conversation

@fproulx-boostsecurity
Copy link
Contributor

@fproulx-boostsecurity fproulx-boostsecurity commented Sep 30, 2025

Summary

  • Added human-readable titles for all MCP tools to improve UX
  • Added MCP tool hint annotations (ReadOnly, Destructive, Idempotent, OpenWorld) to help AI assistants understand tool behavior
  • Improved tool descriptions to be more specific about CI/CD pipeline security scanning and supply chain vulnerability detection

Changes by Tool

analyze_org, analyze_repo, analyze_repo_stale_branches:

  • Title: "CI/CD Pipeline Security Scan - [Organization/Repository/Stale Branches]"
  • ReadOnlyHint: true
  • DestructiveHint: false
  • IdempotentHint: false (results may change as repos evolve)
  • OpenWorldHint: true (interacts with external SCM providers)

analyze_manifest:

  • Title: "CI/CD Pipeline Security Scan - Manifest"
  • ReadOnlyHint: true
  • DestructiveHint: false
  • IdempotentHint: true (same input produces same output)
  • OpenWorldHint: false (purely local static analysis)

Test plan

  • Code compiles successfully with go build .
  • Test MCP server with Claude Code or other MCP client to verify annotations are properly transmitted
  • Verify tool descriptions are clear and helpful in MCP client UIs

🤖 Generated with Claude Code

fproulx-boostsecurity and others added 2 commits September 30, 2025 12:46
@fproulx-boostsecurity
Updated tool description
881afb8
@fproulx-boostsecurity @claude
Add MCP tool annotations and improve descriptions
e082942 
- Added human-readable titles for all MCP tools
- Added tool hint annotations (ReadOnly, Destructive, Idempotent, OpenWorld)
- Improved tool descriptions to be more specific about CI/CD pipeline security scanning
- Updated descriptions to emphasize supply chain vulnerability detection
- analyze_org, analyze_repo, analyze_repo_stale_branches: OpenWorld tools that interact with external SCM providers
- analyze_manifest: Closed-world idempotent tool for static analysis

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@fproulx-boostsecurity fproulx-boostsecurity requested a review from a team as a code owner September 30, 2025 17:00
@SUSTAPLE117 SUSTAPLE117 merged commit cafb7fd into maint/mcp Sep 30, 2025
6 checks passed
@SUSTAPLE117 SUSTAPLE117 deleted the feat/mcp-tool-annotations branch September 30, 2025 18:25
SUSTAPLE117 pushed a commit that referenced this pull request Sep 30, 2025
@fproulx-boostsecurity @claude @SUSTAPLE117
Add MCP tool annotations and improve descriptions (#345)
5d81abd 
* Updated tool description

* Add MCP tool annotations and improve descriptions

- Added human-readable titles for all MCP tools
- Added tool hint annotations (ReadOnly, Destructive, Idempotent, OpenWorld)
- Improved tool descriptions to be more specific about CI/CD pipeline security scanning
- Updated descriptions to emphasize supply chain vulnerability detection
- analyze_org, analyze_repo, analyze_repo_stale_branches: OpenWorld tools that interact with external SCM providers
- analyze_manifest: Closed-world idempotent tool for static analysis

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

---------

Co-authored-by: Claude <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SUSTAPLE117 SUSTAPLE117 Awaiting requested review from SUSTAPLE117

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fproulx-boostsecurity @SUSTAPLE117