@ossdeveloper/github-compliance 1.0.2 → 1.3.0

package/ARCHITECTURE.md

@@ -10,14 +10,34 @@ Deep dive into the GitHub Compliance Plugin design.
 4. **Audit Trail**: Complete history of all operations for debugging
 5. **Centralized Schema**: Single source of truth for all database definitions
 
+## MCP Tool Handling
+
+The plugin must handle two types of GitHub tools differently:
+
+### Non-MCP Tools (e.g., custom tools you create)
+- `tool.execute.before` has access to `output.args`
+- Can validate AND block before execution
+- `tool.execute.after` logs success
+
+### MCP Tools (GitHub MCP - prefixed with `github_`)
+- `tool.execute.before` does NOT have access to `output.args` (OpenCode limitation)
+- Cannot validate before execution
+- Must defer validation to `tool.execute.after` where `input.args` IS available
+- Validation happens post-execution (for audit purposes)
+
+**Important**: For MCP tools, if compliance is invalid, the tool has already executed.
+The plugin logs the violation for audit but cannot block the operation.
+
 ## Component Flow
 
+### Non-MCP Tools (Standard Flow)
+
 ```
 ┌──────────────────────────────────────────────────────────────────────────┐
 │                           tool.execute.before                            │
 │                                                                          │
 │  ┌──────────────┐     ┌──────────────┐     ┌──────────────────────────┐ │
-│  │ isWriteTool? │────▶│ extractInfo  │────▶│ getComplianceRecord     │ │
+│  │ isWriteTool? │────▶│ extractInfo │────▶│ getComplianceRecord     │ │
 │  └──────────────┘     └──────────────┘     └──────────────────────────┘ │
 │                                                        │                 │
 │                                                        ▼                 │
@@ -30,13 +50,109 @@ Deep dive into the GitHub Compliance Plugin design.
 │                              ▼                          ▼               │ │
 │                    ┌──────────────────┐    ┌──────────────────────┐    │ │
 │                    │ valid: false     │    │ valid: true          │    │ │
-│                    │ logFailedAttempt │    │ markRecordUsed       │    │ │
-│                    │ throw BlockedErr │    │ attach metadata      │    │ │
+│                    │ logFailedAttempt│    │ markRecordUsed       │    │ │
+│                    │ throw BlockedErr│    │ attach metadata      │    │ │
 │                    └──────────────────┘    └──────────────────────┘    │ │
 │                                                                          │
 └──────────────────────────────────────────────────────────────────────────┘
 ```
 
+### MCP Tools (Deferred Validation Flow)
+
+```
+┌──────────────────────────────────────────────────────────────────────────┐
+│                          tool.execute.before                             │
+│                                                                          │
+│  ┌──────────────┐     ┌──────────────┐                                 │
+│  │ isWriteTool? │────▶│ isMcpTool?   │                                 │
+│  └──────────────┘     └──────────────┘                                 │
+│                              │                                           │
+│                              │ (yes)                                     │
+│                              ▼                                           │
+│                    ┌──────────────────┐                                 │
+│                    │ Skip validation   │                                 │
+│                    │ Set __needsMcpValidation │                         │
+│                    │ marker on output  │                                 │
+│                    └──────────────────┘                                 │
+│                                                                          │
+└──────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    │ Tool executes
+                                    ▼
+┌──────────────────────────────────────────────────────────────────────────┐
+│                          tool.execute.after                              │
+│                                                                          │
+│  ┌──────────────┐     ┌──────────────┐     ┌──────────────────────────┐ │
+│  │ needsMcpVal? │────▶│ extractInfo │────▶│ getComplianceRecord     │ │
+│  └──────────────┘     │ from input.args    └──────────────────────────┘ │
+│                       └──────────────┘                                   │
+│                                         │                                │
+│                                         ▼                                │
+│                              ┌────────────────────────┐                   │
+│                              │ validateCompliance    │                   │
+│                              └────────────────────────┘                   │
+│                                         │                                │
+│                    ┌─────────────────────┼─────────────────────┐          │
+│                    │                     │                     │          │
+│                    ▼                     ▼                     ▼          │
+│          ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐    │
+│          │ valid: false   │  │ valid: true    │  │ extraction err  │    │
+│          │ log violation  │  │ log success     │  │ log error       │    │
+│          │ (can't block) │  │                 │  │                 │    │
+│          └─────────────────┘  └─────────────────┘  └─────────────────┘    │
+│                                                                          │
+└──────────────────────────────────────────────────────────────────────────┘
+```
+
+## OpenCode Plugin API Notes
+
+The OpenCode SDK defines hooks as:
+
+```typescript
+"tool.execute.before"?: (input: {
+    tool: string;
+    sessionID: string;
+    callID: string;
+}, output: {
+    args: any;  // NOTE: NOT populated for MCP tools!
+}) => Promise<void>;
+
+"tool.execute.after"?: (input: {
+    tool: string;
+    sessionID: string;
+    callID: string;
+    args: any;  // IS populated for MCP tools
+}, output: {
+    title: string;
+    output: string;
+    metadata: any;
+}) => Promise<void>;
+```
+
+This is why MCP tools require deferred validation.
+
+## Centralized Contracts (contracts.ts)
+
+All content hashing and tool name normalization is centralized in `contracts.ts`:
+
+```typescript
+// Tool name normalization - handles github_ prefix
+export function normalizeToolName(toolName: string): string {
+  return TOOL_PREFIX_NORMALIZE[toolName] || toolName;
+}
+
+// Content hash - used by both tools.ts and plugin.ts
+export function computeContentHash(title: string | null, body: string | null): string {
+  const content = JSON.stringify({ title: title || "", body: body || "" });
+  return "sha256:" + createHash("sha256").update(content).digest("hex");
+}
+
+// Field extraction - unified interface for compliance lookups
+export function extractRecordFields(toolName: string, args: Record<string, unknown> | null): ComplianceRecordFields;
+```
+
+**Key invariant**: `computeContentHash` is called with DECODED (not base64) values, both when creating records and looking them up.
+
 ## Schema Design (schema.ts)
 
 All database definitions are centralized in `schema.ts`:
@@ -63,7 +179,7 @@ export const SCHEMA = {
 export const RECORD_STATUS = {
   PENDING: "pending",
   APPROVED: "approved",
-  EXP IRED: "expired",
+  EXPIRED: "expired",
   USED: "used"
 }
 ```
@@ -88,7 +204,7 @@ pending ────▶ approved ────▶ used
 ### Content Hash Calculation
 
 ```typescript
-// In compliance.ts
+// In contracts.ts
 const content = JSON.stringify({
   title: title || "",
   body: body || ""
@@ -112,15 +228,15 @@ CREATE INDEX idx_compliance_expires ON compliance_records(expires_at);
 
 1. **tool.execute.before**
    - Runs BEFORE tool execution
-   - Can modify output (attach metadata)
-   - Can throw to block execution
+   - For non-MCP: Can validate and block
+   - For MCP: Cannot validate (no args), marks for post-validation
 
 2. **Tool executes** (if before hook allowed)
 
 3. **tool.execute.after**
    - Runs AFTER tool execution
-   - Cannot block, only for logging
-   - Can access output.result
+   - For MCP: Performs validation, logs success or violation
+   - Cannot block execution (already happened)
 
 ## Custom Tool Execution
 
@@ -138,59 +254,19 @@ Custom tools (from `tools.ts`) do NOT go through the `tool.execute.before` hook.
 
 All error reasons are defined in `ERROR_REASONS` enum in `schema.ts`.
 
-## Extensibility Points
-
-### 1. New Check Types
-
-Add to `CHECK_TYPES` in `schema.ts`:
-
-```typescript
-export const CHECK_TYPES = {
-  // ... existing ...
-  VOUCH_VERIFIED: "vouch_verified"
-}
-```
-
-LLM will automatically include them when calling `create_compliance_record`.
-
-### 2. New Validation Rules
-
-Add to `validateCompliance()` in `database.ts`:
-
-```typescript
-if (record.status === RECORD_STATUS.PENDING) {
-  return { valid: false, reason: ERROR_REASONS.NOT_APPROVED, ... };
-}
-// Add new validation here
-```
-
-### 3. New Columns
-
-To add a new column:
-
-1. Add to `SCHEMA.columns` in `schema.ts`
-2. Add to `CREATE TABLE` in `initDatabase()` in `database.ts`
-3. Add to `ComplianceRecord` interface in `database.ts`
-
-### 4. New Table
-
-To add a new table:
-
-1. Add table name to `SCHEMA.tables` in `schema.ts`
-2. Add column constants to `SCHEMA.columns` in `schema.ts`
-3. Add `CREATE TABLE` in `initDatabase()` in `database.ts`
-4. Create CRUD functions in `database.ts`
-
 ## Security Considerations
 
 1. **No Fabrication**: LLM cannot fake compliance records - they must actually call `create_compliance_record`
 2. **No Bypass**: Plugin hook cannot be circumvented by LLM
 3. **Content Integrity**: Hash prevents silent content changes
 4. **Expiration**: 30-minute window limits abuse window
+5. **Audit Trail**: All violations are logged for review
+
+**Limitation for MCP Tools**: Since MCP tools execute before compliance can be validated, a determined LLM could potentially execute a write operation before the plugin detects the violation. The violation IS logged and auditable, but the operation completes. Consider this when designing high-security workflows.
 
 ## Testing Considerations
 
-### Happy Path
+### Happy Path (Non-MCP)
 1. Load skill
 2. Read CONTRIBUTING.md
 3. Search duplicates
@@ -201,16 +277,30 @@ To add a new table:
 8. Call issue_write
 9. Success logged
 
+### Happy Path (MCP)
+1. Load skill
+2. Read CONTRIBUTING.md
+3. Search duplicates
+4. Draft content
+5. Present to user
+6. Get approval
+7. Call create_compliance_record
+8. Call github_issue_write
+9. Tool executes (before hook can't validate)
+10. After hook validates, finds valid record
+11. Success logged
+
 ### Rejection Paths
-- No record → Blocked with NO_RECORD
-- Expired record → Blocked with EXPIRED
+- No record → Blocked with NO_RECORD (or logged if MCP)
+- Expired record → Blocked with EXPIRED (or logged if MCP)
 - Content changed → Blocked (hash mismatch)
 - Record already used → Blocked with ALREADY_USED
 
 ## Future Improvements
 
-1. **Cleanup Job**: Cron-like cleanup of old records
-2. **Metrics**: Track compliance pass/fail rates
-3. **Policy Fetching**: Pull compliance policy from repo
-4. **Multi-Client Support**: Share compliance records across clients
-5. **Signature Verification**: Cryptographic signing of records
+1. **Pre-validation for MCP**: Work with OpenCode to enable args in before hook for MCP tools
+2. **Cleanup Job**: Cron-like cleanup of old records
+3. **Metrics**: Track compliance pass/fail rates
+4. **Policy Fetching**: Pull compliance policy from repo
+5. **Multi-Client Support**: Share compliance records across clients
+6. **Signature Verification**: Cryptographic signing of records

package/CHANGELOG.md

@@ -2,6 +2,33 @@
 
 All notable changes to the GitHub Compliance Plugin.
 
+## [1.3.0] - 2026-03-21
+
+### Fixed
+
+- **MCP Tool Argument Extraction Bug**: Fixed critical bug where MCP tools (prefixed with `github_`) could not be validated because `output.args` is not populated in `tool.execute.before` hook
+- MCP tools now use deferred validation: `tool.execute.before` skips validation and marks tool for post-execution validation
+- `tool.execute.after` performs validation when `input.args` IS available
+
+### Changed
+
+- Rewrote `plugin.ts` to use centralized `extractRecordFields` from `contracts.ts`
+- Added helper functions `isMcpTool()`, `extractArgs()`, `validateAndProcess()`, `logSuccess()`
+- Separated validation logic for non-MCP (pre-execution blocking) and MCP (post-execution audit) flows
+- Refactored error handling to be more robust
+
+### Architecture Updates
+
+- Updated ARCHITECTURE.md with new MCP tool handling flow
+- Added OpenCode Plugin API notes explaining the args availability difference between hooks
+- Added security consideration for MCP tool limitation
+
+### Benefits
+
+- MCP tools can now be properly audited for compliance
+- Non-MCP tools continue to work with pre-execution blocking
+- Centralized contracts ensure consistent field extraction everywhere
+
 ## [1.2.0] - 2026-03-21
 
 ### Added
@@ -97,4 +124,4 @@ All notable changes to the GitHub Compliance Plugin.
 
 ### Database Location
 
-`~/.opencode/github-compliance.db`
+`~/.opencode/github-compliance.db`

package/README.md

@@ -13,28 +13,53 @@ This plugin intercepts GitHub write operations and blocks them unless a valid co
 │                         OpenCode                                 │
 │  ┌───────────┐    ┌──────────────────────────────────────────┐ │
 │  │   LLM    │───▶│ Plugin (tool.execute.before)              │ │
-│  └───────────┘    │ - Checks SQLite for compliance record      │ │
-│                   │ - Validates status, expiration           │ │
-│                   │ - Blocks if invalid, allows if valid     │ │
+│  └───────────┘    │ - MCP tools: Skip (no args), mark for after│ │
+│                   │ - Other tools: Check SQLite, block/allow  │ │
+│                   └──────────────────────────────────────────┘ │
+│                                    │                            │
+│                                    ▼ (if allowed)               │
+│                   ┌──────────────────────────────────────────┐ │
+│                   │         GitHub MCP executes              │ │
+│                   └──────────────────────────────────────────┘ │
+│                                    │                            │
+│                                    ▼                            │
+│  ┌───────────┐    ┌──────────────────────────────────────────┐ │
+│  │   LLM    │◀───│ Plugin (tool.execute.after)               │ │
+│  └───────────┘    │ - MCP tools: Validate now, log result     │ │
+│                   │ - Other tools: Log success                 │ │
 │                   └──────────────────────────────────────────┘ │
 │                                    │                            │
 │                                    ▼                            │
 │                   ┌──────────────────────────────────────────┐ │
-│                   │ Custom Tools (LLM calls these)             │ │
+│                   │ Custom Tools (LLM calls these)           │ │
 │                   │ - create_compliance_record                 │ │
 │                   │ - get_compliance_status                    │ │
 │                   └──────────────────────────────────────────┘ │
 │                                    │                            │
 └────────────────────────────────────┼────────────────────────────┘
-                                     │
-                                     ▼
-                         ┌─────────────────────┐
-                         │  SQLite Database     │
-                         │  ~/.opencode/       │
-                         │  github-compliance.db│
-                         └─────────────────────┘
+                                      │
+                                      ▼
+                          ┌─────────────────────┐
+                          │  SQLite Database     │
+                          │  ~/.opencode/       │
+                          │  github-compliance.db│
+                          └─────────────────────┘
 ```
 
+## MCP Tool Handling
+
+**Important**: MCP tools (prefixed with `github_`) behave differently than other tools:
+
+| Aspect | Non-MCP Tools | MCP Tools (github_*) |
+|--------|---------------|----------------------|
+| Args in `before` hook | Available in `output.args` | NOT available |
+| Can block before execution | Yes | No (no args) |
+| Args in `after` hook | Available in `input.args` | Available |
+| Validation timing | Pre-execution | Post-execution |
+| Can prevent execution | Yes | No (already executed) |
+
+For MCP tools, the plugin validates after execution and logs violations for audit, but cannot block the operation.
+
 ## Components
 
 | File | Purpose |
@@ -42,6 +67,7 @@ This plugin intercepts GitHub write operations and blocks them unless a valid co
 | `schema.ts` | Centralized constants for table/column names, enums |
 | `database.ts` | SQLite operations, schema, CRUD |
 | `compliance.ts` | Tool identification, content hashing, validation logic |
+| `contracts.ts` | Centralized field extraction, hash computation, tool name normalization |
 | `errors.ts` | Error message generation |
 | `tools.ts` | Custom tools exposed to LLM |
 | `plugin.ts` | Main entry, hooks into tool.execute.before/after |
@@ -112,8 +138,10 @@ Log of rejected operations with reasons.
 
 ## Workflow
 
+### For Non-MCP Tools
+
 ```
-1. LLM attempts github_issue_write
+1. LLM attempts issue_write
          ↓
 2. plugin.tool.execute.before intercepts
          ↓
@@ -122,7 +150,28 @@ Log of rejected operations with reasons.
 4. No record → BLOCK with error message
    Record valid → Mark as used, allow execution
          ↓
-5. If allowed, plugin.tool.execute.after logs success
+5. plugin.tool.execute.after logs success
+```
+
+### For MCP Tools (github_*)
+
+```
+1. LLM attempts github_issue_write
+         ↓
+2. plugin.tool.execute.before intercepts
+         ↓
+3. Detects MCP tool (no args available)
+         ↓
+4. Marks tool for post-execution validation
+         ↓
+5. GitHub MCP executes the operation
+         ↓
+6. plugin.tool.execute.after intercepts
+         ↓
+7. Now has args, validates compliance
+         ↓
+8. Valid record → Log success
+   Invalid/no record → Log violation (cannot block)
 ```
 
 ## Custom Tools
@@ -268,6 +317,6 @@ Hash is computed from `title` and `body` only. Do not include:
 
 ## Version
 
-Current: 1.2.0
+Current: 1.3.0
 
-See [CHANGELOG.md](./CHANGELOG.md) for version history.
+See [CHANGELOG.md](./CHANGELOG.md) for version history.

package/compliance.ts

@@ -1,11 +1,18 @@
 /**
- * Compliance validation logic for GitHub write tools
+ * Compliance validation logic for GitHub Compliance Plugin
  * 
  * Handles tool identification, content hashing, and result parsing.
+ * 
+ * IMPORTANT: All content hashing uses centralized functions from contracts.ts
  */
 
-import { createHash } from "crypto";
 import { SCHEMA, RECORD_STATUS } from "./schema";
+import { 
+  extractRecordFields, 
+  computeContentHash, 
+  normalizeToolName,
+  type ComplianceRecordFields 
+} from "./contracts";
 
 /**
  * List of GitHub write tools that require compliance validation
@@ -63,50 +70,28 @@ export function isGitHubWriteTool(toolName: string): boolean {
 }
 
 /**
- * Extract compliance-relevant information from a tool call
+ * Extract compliance-relevant information from a tool call.
  * 
- * Different GitHub tools have different arguments, but they all share
- * owner/repo and typically have title/body for content.
+ * This function delegates to the centralized extractRecordFields from contracts.ts
+ * to ensure consistent field extraction and content hashing.
  * 
  * @param toolName - Name of the tool being called
- * @param args - Arguments passed to the tool
+ * @param args - Arguments passed to the tool (can be null/undefined)
  * @returns Extracted ToolInfo with content hash
  */
-export function extractToolInfo(toolName: string, args: Record<string, unknown>): ToolInfo {
-  const owner = (args.owner as string) || "";
-  const repo = (args.repo as string) || "";
-  const title = (args.title as string) || null;
-  const body = (args.body as string) || null;
-  
+export function extractToolInfo(toolName: string, args: Record<string, unknown> | null | undefined): ToolInfo {
+  const fields: ComplianceRecordFields = extractRecordFields(toolName, args);
   return {
-    toolName,
-    owner,
-    repo,
-    title,
-    body,
-    contentHash: computeContentHash(title, body)
+    toolName: fields.toolName,
+    owner: fields.owner,
+    repo: fields.repo,
+    title: fields.title,
+    body: fields.body,
+    contentHash: fields.contentHash
   };
 }
 
-/**
- * Compute a SHA256 hash of the content for integrity verification
- * 
- * The hash is computed over a normalized JSON string containing
- * the content-determining fields. This ensures:
- * - Same content = same hash
- * - Different content = different hash
- * 
- * @param title - Issue/PR title (or null)
- * @param body - Issue/PR body (or null)
- * @returns Hash string in format "sha256:..."
- */
-export function computeContentHash(title: string | null, body: string | null): string {
-  const content = JSON.stringify({
-    title: title || "",
-    body: body || ""
-  });
-  return "sha256:" + createHash("sha256").update(content).digest("hex");
-}
+export { computeContentHash, normalizeToolName } from "./contracts";
 
 /**
  * Extract GitHub issue/PR ID from a tool execution result

package/contracts.ts

@@ -0,0 +1,137 @@
+/**
+ * GitHub Compliance Plugin - Centralized Contracts
+ * 
+ * This module defines the contract structures and normalization functions
+ * used across the plugin to ensure consistency between:
+ * - Skill documentation (what LLM uses)
+ * - create_compliance_record tool (what gets stored)
+ * - tool.execute.before hook (what gets looked up)
+ * 
+ * All content hashing, tool name normalization, and field extraction
+ * should go through functions in this module.
+ */
+
+import { createHash } from "crypto";
+import { SCHEMA } from "./schema";
+
+/**
+ * GitHub MCP tools use a `github_` prefix (e.g., github_issue_write).
+ * But the skill and compliance records use unprefixed names (e.g., issue_write).
+ * This map allows normalization between the two.
+ */
+const TOOL_PREFIX_NORMALIZE: Record<string, string> = {
+  github_issue_write: "issue_write",
+  github_issue_update: "issue_update",
+  github_pull_request_write: "pull_request_write",
+  github_pull_request_update: "pull_request_update",
+  github_add_issue_comment: "add_issue_comment",
+  github_add_pull_request_comment: "add_pull_request_comment",
+  github_pull_request_review: "pull_request_review",
+  github_pull_request_review_comment: "pull_request_review_comment",
+  github_create_pull_request: "create_pull_request",
+  github_update_issue: "update_issue",
+  github_update_pull_request: "update_pull_request",
+  github_push_files: "push_files",
+  github_create_branch: "create_branch",
+  github_create_or_update_file: "create_or_update_file",
+  github_delete_file: "delete_file",
+  github_create_repository: "create_repository",
+  github_create_pull_request_with_copilot: "create_pull_request_with_copilot",
+  github_update_pull_request_branch: "update_pull_request_branch",
+  github_reply_to_pull_request_comment: "reply_to_pull_request_comment",
+  github_add_reply_to_pull_request_comment: "add_reply_to_pull_request_comment"
+};
+
+/**
+ * Normalize a tool name to its unprefixed form.
+ * Both "issue_write" and "github_issue_write" return "issue_write".
+ * 
+ * @param toolName - The tool name to normalize
+ * @returns Normalized tool name (unprefixed)
+ */
+export function normalizeToolName(toolName: string): string {
+  return TOOL_PREFIX_NORMALIZE[toolName] || toolName;
+}
+
+/**
+ * Compute a SHA256 hash of the content for integrity verification.
+ * 
+ * This is the CENTRALIZED content hash computation.
+ * Used by BOTH:
+ * - tools.ts when creating compliance records
+ * - plugin.ts when looking up compliance records
+ * 
+ * IMPORTANT: The skill instructs LLM to base64 encode title/body when
+ * calling create_compliance_record. tools.ts decodes them before passing
+ * to createComplianceRecord(). So the values stored in DB are DECODED.
+ * 
+ * When the plugin looks up records, it receives the RAW (decoded) values
+ * from the tool arguments. So we compute hash from the same decoded values.
+ * 
+ * @param title - Issue/PR title (or null)
+ * @param body - Issue/PR body (or null)
+ * @returns Hash string in format "sha256:..."
+ */
+export function computeContentHash(title: string | null, body: string | null): string {
+  const content = JSON.stringify({
+    title: title || "",
+    body: body || ""
+  });
+  return "sha256:" + createHash("sha256").update(content).digest("hex");
+}
+
+/**
+ * Fields required for compliance record creation and lookup.
+ * This interface represents the minimal set of fields needed to:
+ * 1. Create a compliance record (tools.ts)
+ * 2. Look up a compliance record (plugin.ts)
+ */
+export interface ComplianceRecordFields {
+  toolName: string;
+  owner: string;
+  repo: string;
+  title: string | null;
+  body: string | null;
+  contentHash: string;
+}
+
+/**
+ * Extract compliance-relevant fields from tool arguments.
+ * 
+ * This function handles:
+ * - Null/undefined args
+ * - Tool name normalization (github_ prefix)
+ * - Content hash computation
+ * 
+ * @param toolName - Name of the tool being called (can be prefixed or unprefixed)
+ * @param args - Arguments passed to the tool (can be null/undefined)
+ * @returns Extracted fields with computed content hash
+ */
+export function extractRecordFields(toolName: string, args: Record<string, unknown> | null | undefined): ComplianceRecordFields {
+  const normalizedToolName = normalizeToolName(toolName);
+  
+  if (!args || typeof args !== 'object') {
+    return {
+      toolName: normalizedToolName,
+      owner: "",
+      repo: "",
+      title: null,
+      body: null,
+      contentHash: computeContentHash(null, null)
+    };
+  }
+  
+  const owner = (args.owner as string) || "";
+  const repo = (args.repo as string) || "";
+  const title = (args.title as string) || null;
+  const body = (args.body as string) || null;
+  
+  return {
+    toolName: normalizedToolName,
+    owner,
+    repo,
+    title,
+    body,
+    contentHash: computeContentHash(title, body)
+  };
+}