Skip to content

Fix/tools params#167

Merged
julienc91 merged 2 commits into
mainfrom
fix/tools_params
Jul 7, 2026
Merged

Fix/tools params#167
julienc91 merged 2 commits into
mainfrom
fix/tools_params

Conversation

@julienc91

Copy link
Copy Markdown
Member

Fixing two tools:

  • fix the date_before/date_after parameters requiring a date format when listing internal incidents
  • fix the update_incident_status tool not working and replace it with update_incident_severity (to update an incident's status, one has to use the manage_private_incident tool

with HTTP 400. Drop any time/timezone component so both dates and
datetimes are accepted.
"""
return value.strip().replace(" ", "T").split("T", 1)[0]

@antoine-robillard-gg antoine-robillard-gg Jul 6, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I fear that this is brittle and will fail if the llm generates somehow another format. This is maybe overkill but we could use a BaseModel from pydantic (would need to add it to the dependencies, but it is a library we know well, and actually it's already bundled as a dependency of fastmcp) as it can parse any kind string into a date/datetime magically?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, turns out pydantic was already used as a direct dependency, even if it was not declared as such.


class UpdateIncidentStatusParams(BaseModel):
"""Parameters for updating incident status."""
class UpdateIncidentSeverityParams(BaseModel):

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the relation between the previous (broken) status tool and the new one related to severity? I don't really understand why we do this replacement (I understand why the previous one was broken)

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "PATCH incident" endpoint exists, and it allows to update an incident's severity: https://api.gitguardian.com/docs#tag/Internal-Secret-Incidents/operation/update-secret-incident
I considered it was more interesting to add this feature that was already 90% implemented rather than just delete the broken tool.

julienc91 added 2 commits July 7, 2026 12:16
The incidents-for-mcp (and /count) endpoint filters on a date-only field
and rejects ISO datetimes such as 2026-08-01T00:00:00Z with HTTP 400.
The client forwarded date_before/date_after verbatim, so any datetime a
caller supplied reached date__le/date__ge unchanged and 400'd.

Truncate the time/timezone component in the client before building the
query params, so both dates and datetimes are accepted for these
date-only endpoints.
…ith `update_incident_severity`

It's not possible to update the status of an incident with a PATCH request.
This action needs to be performed via one of resolve/ignore/assign/unassign actions
using the `manage_private_incident` tool.
@julienc91 julienc91 merged commit 9c694f1 into main Jul 7, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants