Constrain list_code_scanning_alerts prompt usage with explicit state/severity bounds#43744
list_code_scanning_alerts prompt usage with explicit state/severity bounds#43744Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
list_code_scanning_alerts prompt usage with explicit state/severity bounds
There was a problem hiding this comment.
Pull request overview
This PR tightens prompt/documentation guidance around using the GitHub MCP server’s list_code_scanning_alerts tool to reduce oversized responses by requiring bounded queries, and adds a Go regression test intended to prevent prompt drift.
Changes:
- Added explicit prompt guidance to always include
state: openandseverity: critical,highwhen invokinglist_code_scanning_alerts. - Added a regression test to ensure selected workflow/prompt surfaces keep these bounds near the tool reference.
- Updated MCP documentation in
.githuband the docs site to reflect the bounded-query requirement.
Show a summary per file
| File | Description |
|---|---|
| pkg/cli/code_scanning_prompt_bounds_test.go | Adds a regression test scanning key prompt/doc files for bounded list_code_scanning_alerts usage. |
| docs/src/content/docs/guides/mcps.md | Adds bounded-query guidance for list_code_scanning_alerts in the docs site guide. |
| .github/skills/github-mcp-server/SKILL.md | Adds bounded-query guidance for list_code_scanning_alerts in the GitHub MCP server skill. |
| .github/aw/github-mcp-server.md | Adds bounded-query guidance for list_code_scanning_alerts in the .github/aw MCP server guidance doc. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 4/4 changed files
- Comments generated: 3
- Review effort level: Low
| paths := []string{ | ||
| filepath.Join("..", "..", ".github", "workflows", "github-mcp-structural-analysis.md"), | ||
| filepath.Join("..", "..", ".github", "aw", "github-mcp-server.md"), | ||
| filepath.Join("..", "..", ".github", "skills", "github-mcp-server", "SKILL.md"), | ||
| } |
| hasBoundedReference := false | ||
| for i, line := range lines { | ||
| if !strings.Contains(line, "list_code_scanning_alerts") { | ||
| continue | ||
| } |
| - `get_code_scanning_alert` - Get details of a specific alert | ||
| - `create_code_scanning_alert` - Create a code scanning alert | ||
|
|
||
| When invoking `list_code_scanning_alerts` from workflow prompts/templates, always include `state: open` and `severity: critical,high`. |
| @@ -0,0 +1,51 @@ | |||
| //go:build !integration | |||
There was a problem hiding this comment.
Done — the file has been deleted in the latest commit.
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
🤖 PR Triage
Score breakdown: Impact 22 + Urgency 12 + Quality 10 Rationale: Constrains unbounded
|
Hippo flagged recurring oversized MCP responses from unbounded
list_code_scanning_alertsusage in workflow prompt surfaces. This PR tightens prompt guidance to require bounded queries and adds a regression check so the bounds remain present.Prompt/template guardrails
state: openseverity: critical,high.github/aw/github-mcp-server.md.github/skills/github-mcp-server/SKILL.mddocs/src/content/docs/guides/mcps.mdRegression coverage
pkg/cli/code_scanning_prompt_bounds_test.goto assert key workflow/prompt docs that referencelist_code_scanning_alertsalso include the required bounds near that reference.Illustrative guidance pattern