Add support for creating and updating repository security advisories#2631
Open
advancedresearcharray wants to merge 10 commits into
Open
Conversation
advancedresearcharray
force-pushed
the
feat/repository-security-advisory-write-2506
branch
2 times, most recently
from
709eff1 to
2a1584f
Compare
Author
|
Cleaned commit history and PR description (removed third-party attribution trailers). PR adds three CI workflows are awaiting maintainer approval for this fork PR. |
advancedresearcharray
force-pushed
the
feat/repository-security-advisory-write-2506
branch
8 times, most recently
from
b1a3997 to
d011eee
Compare
…t tools Add MCP tools for the repository security advisory lifecycle: create_repository_security_advisory, update_repository_security_advisory, and request_cve_for_repository_security_advisory. Create requires exactly one of severity or cvssVectorString. Update uses presence detection so optional string fields can be cleared, validates GHSA IDs before path interpolation, and enforces MCP safety annotations.
advancedresearcharray
force-pushed
the
feat/repository-security-advisory-write-2506
branch
from
d011eee to
55952fd
Compare
…eration Regenerate-docs sync removed unrelated update_issue_type confidence and request_pull_request_review reviewers descriptions; restore them.
Reject update requests that pass an empty vulnerabilities array to avoid silently wiping advisory data. Add handler tests for credits/cweIds JSON marshaling on create and update.
advancedresearcharray
force-pushed
the
feat/repository-security-advisory-write-2506
branch
from
27edc33 to
2b17e28
Compare
Reject vulnerabilities: null on update/create with a clear error instead of silently omitting the field. Unify empty-array error messaging, add DestructiveHint to request_cve_for_repository_security_advisory, and expand test coverage for null/empty vulnerability inputs.
advancedresearcharray
force-pushed
the
feat/repository-security-advisory-write-2506
branch
from
ae3a7d5 to
25bdb97
Compare
advancedresearcharray
force-pushed
the
feat/repository-security-advisory-write-2506
branch
2 times, most recently
from
570cc2a to
31c7510
Compare
Accept case-insensitive GHSA prefixes from MCP callers while preserving the advisory identifier segment GitHub expects in REST paths.
advancedresearcharray
force-pushed
the
feat/repository-security-advisory-write-2506
branch
3 times, most recently
from
097bb9b to
c9f5bc0
Compare
Cover request_cve_for_repository_security_advisory alongside the existing update advisory normalization test.
advancedresearcharray
force-pushed
the
feat/repository-security-advisory-write-2506
branch
from
c9f5bc0 to
c4bd55a
Compare
Peer review follow-up: null optional fields no longer bypass the update guard or produce silent no-op PATCH bodies. Adds handler and parser tests for null vulnerabilities on create and null credits/cweIds on update. Co-authored-by: Cursor <cursoragent@cursor.com>
Mirror the existing null credits guard test on the create path so null optional array fields are validated consistently at handler level. Co-authored-by: Cursor <cursoragent@cursor.com>
Empty slices are omitted from PATCH JSON due to omitempty, so update
calls with only cweIds: [] or credits: [] silently sent {} and appeared
to succeed validation. Reject explicitly with a clear error message.
Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
create_repository_security_advisory,update_repository_security_advisory, andrequest_cve_for_repository_security_advisorytools to thesecurity_advisoriestoolsetCloses #2506
Test plan
go test ./pkg/github -run 'Test_(Create|Update|RequestCVE|ParseAdvisory)'go test ./pkg/githubgo run ./cmd/github-mcp-server generate-docs