Skip to content

Feat/additional metrics remy#49

Open
MaVictor wants to merge 4 commits into
feat/memcache-supportfrom
feat/additional-metrics-remy
Open

Feat/additional metrics remy#49
MaVictor wants to merge 4 commits into
feat/memcache-supportfrom
feat/additional-metrics-remy

Conversation

@MaVictor

@MaVictor MaVictor commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Description

Add optional severity/scan-type breakdowns, outcome, breakabilityRisk(+source), strategy, and testsPassed fields to snyk_send_feedback, populated by remediation callers (snyk-fix.md, snyk-batch-fix.md, skills/snyk-fix/SKILL.md) and the secure-at-inception Stop Hook. All fields are optional and additive: counts remain the authoritative metric.

Checklist

  • Tests added and all succeed
  • Regenerated mocks, etc. (make generate)
  • Linted (make lint-fix)
  • README.md updated, if user-facing
  • License file updated, if new 3rd-party dependency is introduced

Note

Low Risk
Changes are additive telemetry and tool-schema wiring; existing required counts and feedback behavior are unchanged, with no auth or scan-path modifications.

Overview
snyk_send_feedback gains optional, additive arguments so remediation flows and the secure-at-inception Stop Hook can report richer telemetry without changing how counts work (counts stay authoritative).

New optional inputs include fixedIssueIds, severity breakdowns (fixedIssuesBySeverity / preventedIssuesBySeverity), fixedIssuesByScanType, remediation outcome, breakabilityRisk (+ breakabilityRiskSource), strategy, and testsPassed. The handler coerces these from MCP args and only adds corresponding mcp::* keys on the analytics event when values are present.

Tool registration now supports object params (with properties) and string enums in snyk_tools.json, via updates to createToolFromDefinition and SnykMcpToolParameter. Tests cover coercion, extension building, and the literal preventedIssuesBySeverity key end-to-end through the handler.

The Makefile bumps golangci-lint from v2.6.1 to v2.10.1.

Reviewed by Cursor Bugbot for commit 5692897. Bugbot is set up for automated code reviews on this repo. Configure here.

MaVictor added 4 commits July 14, 2026 15:44
Mint one correlation ID per studio-mcp process (each IDE connection gets
a fresh process) and stamp it on every snyk_send_feedback analytics
event via NewAnalyticsEventParam, so events emitted by the same session
can be joined downstream instead of each call minting its own random ID.
…an-result cache

Cache the freshest scan findings per file path from successful
snyk_code_scan/snyk_sca_scan calls, then check snyk_send_feedback's
claimed IDs against that cache and stamp the result
(verified/unverifiable/mismatch) on the analytics event. Verification
never blocks or delays the feedback call - it's a best-effort,
observational check only.
Dedupes the required/not-required branching in createToolFromDefinition
and adds enum/object property support, so tool definitions can declare
constrained string values and nested object parameters. Unused until a
later commit adds schema entries that need it.
Add optional severity/scan-type breakdowns, outcome, breakabilityRisk(+source),
strategy, and testsPassed fields to snyk_send_feedback, populated by
remediation callers (snyk-fix.md, snyk-batch-fix.md,
skills/snyk-fix/SKILL.md) and the secure-at-inception Stop Hook. All
fields are optional and additive: counts remain the authoritative
metric.
@MaVictor MaVictor requested review from a team as code owners July 14, 2026 20:01
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@snyk-io

snyk-io Bot commented Jul 14, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@MaVictor MaVictor force-pushed the feat/memcache-support branch from 21ef5e7 to 4357d22 Compare July 15, 2026 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants