Feat/additional metrics remy#49
Open
MaVictor wants to merge 4 commits into
Open
Conversation
Mint one correlation ID per studio-mcp process (each IDE connection gets a fresh process) and stamp it on every snyk_send_feedback analytics event via NewAnalyticsEventParam, so events emitted by the same session can be joined downstream instead of each call minting its own random ID.
…an-result cache Cache the freshest scan findings per file path from successful snyk_code_scan/snyk_sca_scan calls, then check snyk_send_feedback's claimed IDs against that cache and stamp the result (verified/unverifiable/mismatch) on the analytics event. Verification never blocks or delays the feedback call - it's a best-effort, observational check only.
Dedupes the required/not-required branching in createToolFromDefinition and adds enum/object property support, so tool definitions can declare constrained string values and nested object parameters. Unused until a later commit adds schema entries that need it.
Add optional severity/scan-type breakdowns, outcome, breakabilityRisk(+source), strategy, and testsPassed fields to snyk_send_feedback, populated by remediation callers (snyk-fix.md, snyk-batch-fix.md, skills/snyk-fix/SKILL.md) and the secure-at-inception Stop Hook. All fields are optional and additive: counts remain the authoritative metric.
|
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
21ef5e7 to
4357d22
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Add optional severity/scan-type breakdowns, outcome, breakabilityRisk(+source), strategy, and testsPassed fields to snyk_send_feedback, populated by remediation callers (snyk-fix.md, snyk-batch-fix.md, skills/snyk-fix/SKILL.md) and the secure-at-inception Stop Hook. All fields are optional and additive: counts remain the authoritative metric.
Checklist
make generate)make lint-fix)Note
Low Risk
Changes are additive telemetry and tool-schema wiring; existing required counts and feedback behavior are unchanged, with no auth or scan-path modifications.
Overview
snyk_send_feedbackgains optional, additive arguments so remediation flows and the secure-at-inception Stop Hook can report richer telemetry without changing how counts work (counts stay authoritative).New optional inputs include
fixedIssueIds, severity breakdowns (fixedIssuesBySeverity/preventedIssuesBySeverity),fixedIssuesByScanType, remediationoutcome,breakabilityRisk(+breakabilityRiskSource),strategy, andtestsPassed. The handler coerces these from MCP args and only adds correspondingmcp::*keys on the analytics event when values are present.Tool registration now supports object params (with
properties) and string enums insnyk_tools.json, via updates tocreateToolFromDefinitionandSnykMcpToolParameter. Tests cover coercion, extension building, and the literalpreventedIssuesBySeveritykey end-to-end through the handler.The Makefile bumps golangci-lint from v2.6.1 to v2.10.1.
Reviewed by Cursor Bugbot for commit 5692897. Bugbot is set up for automated code reviews on this repo. Configure here.