AIML-226: Fix tool names exceeding Claude API 64-char limit #27
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR addresses Claude API's 64-character tool name limit by shortening two MCP tool names, standardizes parameter usage from app_name to appID for consistency with other tools, and adds version logging on server startup for better production debugging.
Key Changes:
- Shortened tool names to comply with 64-character limit (including
mcp__contrast__prefix) - Standardized both tools to use
appIDparameter instead ofapp_name, removing app name lookup calls - Added version logging on application startup using Spring Boot BuildProperties
Reviewed Changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
AssessService.java |
Renamed two tool methods, updated parameter from app_name to appID, removed app lookup logic |
AssessServiceIntegrationTest.java |
Updated integration test to use appID parameter instead of app_name |
McpContrastApplication.java |
Added ApplicationRunner bean to log application version on startup |
pom.xml |
Added build-info goal to spring-boot-maven-plugin to generate build properties |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/main/java/com/contrast/labs/ai/mcp/contrast/AssessService.java
Outdated
Show resolved
Hide resolved
ChrisEdwards
force-pushed
the
AIML-189-remove-duplicate-tools
branch
from
28729a4 to
4d8aacd
Compare
src/main/java/com/contrast/labs/ai/mcp/contrast/AssessService.java
Outdated
Show resolved
Hide resolved
| logger.info("Listing vulnerabilities for application: {}", app_name); | ||
| @Tool(name = "list_vulns_by_app_latest_session", description = "Takes an application ID (appID) and returns a list of vulnerabilities for the latest session matching that application ID. This is useful for getting the most recent vulnerabilities without needing to specify session metadata. Use list_applications_with_name first to get the application ID from a name.") | ||
| public List<VulnLight> listVulnsByAppIdForLatestSession( | ||
| @ToolParam(description = "Application ID") String appID) throws IOException { |
There was a problem hiding this comment.
this doesn't need a more complete description?
There was a problem hiding this comment.
Looks like it does. I just consolidated methods, so this must be how this already was. All the tool descriptions and tool names are getting a full makeover. I am getting down to the the tools I want to keep before I invest in that. So yes, this will get a full description,.
src/main/java/com/contrast/labs/ai/mcp/contrast/SCAService.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
not a huge fan of tests that require hitting production infrastructure... there is probably a better way.
Also, this test can silently stop running if the env doesn't have CONTRAST_HOST_NAME defined, and no one would know that it could have been broken.
There was a problem hiding this comment.
This is a temporary scenario. I created the tests before making changes to get some form of end-to-end validation in place to ensure I didn't break existing functionality. I made sure the tests passed before making changes, then made the changes. The tests are temporary until we can address these tests properly. Since I am the only person maintaining this right now, I am making sure I run them myself before any push. They don't run in the CI to ensure they don't break releases. I understand the risks and we will remove them once these large changes are done.
src/test/java/com/contrast/labs/ai/mcp/contrast/ADRServiceTest.java
Outdated
Show resolved
Hide resolved
src/test/java/com/contrast/labs/ai/mcp/contrast/ADRServiceTest.java
Outdated
Show resolved
Hide resolved
src/test/java/com/contrast/labs/ai/mcp/contrast/SCAServiceTest.java
Outdated
Show resolved
Hide resolved
seschis
left a comment
seschis
left a comment
There was a problem hiding this comment.
left a lot of nit pick comments on things. Nothing major, just stuff to make the code read better or be less cognitive load.
ChrisEdwards
force-pushed
the
AIML-226-fix-tool-names-64-char-limit
branch
from
8be79d3 to
f7758ad
Compare
…licate-tools AIML-189: Remove duplicate app_name/app_id tool variants to optimize AI context usage
Rename two MCP tools to comply with Claude API's 64-character limit: - list_vulnerabilities_by_application_and_session_metadata (71 chars) → list_vulns_by_app_and_metadata (47 chars, including mcp__contrast__ prefix) - list_vulnerabilities_by_application_and_latest_session (69 chars) → list_vulns_by_app_latest_session (46 chars, including mcp__contrast__ prefix) Changes: - AssessService.java: Updated @tool name annotations (lines 203, 246) - All tests pass (mvn test successful) This is a tactical fix to meet the 64-char requirement. Future work to consolidate these tools into a single unified tool is tracked in mcp-dno. Bead: mcp-439 Jira: AIML-226
Changes two tools to accept appID instead of app_name for consistency with AIML-189 standardization: - list_vulns_by_app_and_metadata: Renamed method to listVulnsByAppIdAndSessionMetadata, removed SDKHelper lookup - list_vulns_by_app_latest_session: Renamed method to listVulnsByAppIdForLatestSession, removed SDKHelper lookup Both tools now: - Accept appID parameter directly - Have updated @tool descriptions mentioning list_applications_with_name - Skip application name lookup for better performance - Are consistent with all other application-level tools Tests updated to use appID. All tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Configured Spring Boot to log the application version on startup using the canonical BuildProperties approach. Changes: - pom.xml: Added build-info goal to spring-boot-maven-plugin to generate META-INF/build-info.properties with version info - McpContrastApplication.java: Added ApplicationRunner bean that logs version using BuildProperties on startup The version is now automatically extracted from pom.xml and logged when the server starts, making it easy to identify which version is running in production. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Fixed test plan documentation for list_vulns_by_app tools to use appID parameter instead of app_name, matching the code changes in mcp-6bs. This was causing Copilot to cache the old parameter name and fail when calling these tools. Changes: - test-plan-list_vulns_by_app_and_metadata.md: Updated all references from app_name to appID - test-plan-list_vulns_by_app_latest_session.md: Updated all references from app_name to appID 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
These test plan files are development/testing documentation that should not be committed to the repository. They are now ignored via .gitignore. The files are preserved locally for development use but won't be tracked in version control. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Make BuildProperties optional using ObjectProvider to prevent startup failures in development environments where META-INF/build-info.properties is not present (mvn spring-boot:run, IDE launches, test runs). The app now gracefully handles missing build info and logs an appropriate message. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Co-authored-by: Copilot <[email protected]>
ChrisEdwards
force-pushed
the
AIML-226-fix-tool-names-64-char-limit
branch
from
fd0b642 to
8c62632
Compare
DO NOT MERGE - PR IN PROGRESS - WAITING FOR AIML-189 PR
Summary
This PR shortens two MCP tool names that exceed Claude API's 64-character limit, fixes parameter inconsistency, and adds version logging to server startup.
Changes
1. Tool Renames (mcp-439):
list_vulnerabilities_by_application_and_session_metadata(71 chars)→
list_vulns_by_app_and_metadata(47 chars with mcp__contrast__ prefix)list_vulnerabilities_by_application_and_latest_session(69 chars)→
list_vulns_by_app_latest_session(46 chars with mcp__contrast__ prefix)2. Parameter Consistency Fix (mcp-6bs):
appIDparameter instead ofapp_namelistVulnsInAppByNameAndSessionMetadata→listVulnsByAppIdAndSessionMetadatalistVulnsInAppByNameForLatestSession→listVulnsByAppIdForLatestSessionSDKHelper.getApplicationByName()lookups for better performancelist_applications_with_namefirst3. Version Logging on Startup:
Files Modified:
src/main/java/com/contrast/labs/ai/mcp/contrast/AssessService.javasrc/test/java/com/contrast/labs/ai/mcp/contrast/AssessServiceIntegrationTest.javapom.xmlsrc/main/java/com/contrast/labs/ai/mcp/contrast/McpContrastApplication.javaTesting
mvn test(all tests passing)mvn verifyContext
This is a tactical fix to meet the 64-char Claude API requirement. Future work to consolidate these tools into a single unified tool is tracked in bead
mcp-dno.Research findings (documented in
mcp-dno):Manual Testing
✅ Manual JAR Build and Testing Passed
Built and tested the JAR locally:
Results:
target/mcp-contrast-0.0.16-SNAPSHOT.jar(27MB)The JAR was manually tested in Copilot in VSCode and confirmed the MCP server worked properly for the two modified tools.
Dependencies
This PR depends on:
AIML-189-remove-duplicate-toolsmainafter AIML-189 mergesRelated
mcp-439(tool rename)mcp-6bs(parameter consistency fix)mcp-15(AIML-189)mcp-dnoAcceptance Criteria
mvn test)mvn verify)Commits
dc55776- Rename tools to meet 64-char limit (mcp-439)6cb9a12- Add validation test for empty string sessionMetadataValue (MCP-3EG)3fb6af3- Fix mcp-6bs: Change list_vulns_by_app tools to use appID parameter63b786a- Add version logging on server startup