Skip to content

feat: add get_business_term MCP tool#25

Closed
connor-savage wants to merge 1 commit intobot/mainfrom
factory/get_business_term
Closed

feat: add get_business_term MCP tool#25
connor-savage wants to merge 1 commit intobot/mainfrom
factory/get_business_term

Conversation

@connor-savage
Copy link

Summary

Add get_business_term MCP tool to Chip.

Generated by chip-factory pipeline.

Generated by chip-factory pipeline.
@connor-savage connor-savage requested a review from a team as a code owner February 26, 2026 21:54
@svc-snyk-github-jira
Copy link

svc-snyk-github-jira commented Feb 26, 2026

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Copy link

@EricWarnerCollibra EricWarnerCollibra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: get_business_term Tool

Convention Compliance ✅

All conventions are followed correctly:

  • Package name get_business_term matches directory name (snake_case)
  • Exports NewTool, Input, Output (plus supporting lineage types)
  • NewTool takes *http.Client and returns *chip.Tool[Input, Output]
  • handler is unexported and returns chip.ToolHandlerFunc[Input, Output]
  • Input/Output use json and jsonschema tags throughout
  • Tool name get_business_term is snake_case
  • Errors returned as Output{}, err — no panics
  • No direct mcp-go imports — only uses pkg/chip and pkg/clients
  • Client calls go through pkg/clients/get_business_term_client.go
  • Permissions: []string{"dgc.ai-copilot"} — consistent with similar tools (ask_dad, ask_glossary)
  • Registered correctly in register.go

Build, Test, Lint ✅

  • Build: go build ./cmd/chip — passed
  • Unit Tests: All 7 tests passed (FullLineage, NotFound, EmptyAssetID, NoAttributesNoLineage, FiltersNonPhysicalData, MultipleDataAttributes, ServerError)
  • Full Test Suite: All 14 packages passed, no regressions
  • Lint: golangci-lint run ./... — clean, no warnings

MCP Validation ✅

  • Tool registered and visible via factory mcp-list
  • Empty asset_id returns: {"isError": true, "text": "asset_id is required"}
  • Missing asset_id field rejected by JSON schema validation
  • Non-existent UUID returns: "asset not found: 00000000-..."

Adversarial Testing ✅ (7 edge cases tested)

Input Result Verdict
"" (empty string) asset_id is required ✅ Clean error
{} (missing field) JSON schema validation error ✅ Caught at framework level
00000000-0000-0000-0000-000000000000 (zero UUID) asset not found ✅ Clear error
not-a-uuid-at-all (malformed) unexpected status: 400 ✅ Handled
<script>alert(1)</script> (XSS) unexpected status: 403 ✅ Safe
166-char string (very long) unexpected status: 400 ✅ Handled
SQL injection string unexpected status: 403 ✅ Safe
Path traversal ../../etc/passwd decoding response: invalid character '<' ✅ Safe (url.PathEscape prevents traversal)

Code Quality Observations

Strengths:

  • Clean 3-level lineage traversal (BT → DA → Table → Column) with proper filtering at each level
  • Test coverage is thorough: happy path, error cases, empty data, multi-DA, non-physical filtering
  • Client code properly uses url.PathEscape for the asset ID in the URL path
  • Consistent use of make([]T, 0) ensures empty JSON arrays [] instead of null

Minor notes (non-blocking):

  • No pagination for attributes/relations responses — if a business term has >1000 attributes or relations, some may be missed. Acceptable for v1.
  • The path traversal input returns a JSON decoding error rather than a cleaner "invalid asset ID" message — the API returns HTML for that input. Not a bug, just slightly less polished error messaging.

Verdict: APPROVED — The tool is well-implemented, follows all conventions, has excellent test coverage, and handles edge cases gracefully.

@connor-savage
Copy link
Author

 Full pipeline succeeded end-to-end:   
                                                                                         - PR #25 opened for get_business_term                                                  - Review: APPROVED by the reviewer agent (using separate token)                    
  - Build, tests, lint, MCP validation all passed                                        - 7 adversarial tests passed (empty strings, missing fields, non-existent UUIDs,   
  malformed UUIDs, XSS/SQL injection, path traversal, long strings)                  
  - 2 non-blocking notes: no pagination for large attribute/relation sets (acceptable
  for v1), and path traversal produces a JSON decode error vs cleaner message
  - Review cost: $2.00, integration cost: ~$0.70
  - Total pipeline time: 16m43s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants