github-manage-security-alerts-skill 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/CONTRIBUTING.md +50 -0
  3. package/LICENSE +24 -0
  4. package/LICENSE.txt +24 -0
  5. package/README.md +209 -0
  6. package/SECURITY.md +41 -0
  7. package/SKILL.md +254 -0
  8. package/agents/openai.yaml +7 -0
  9. package/assets/github-manage-security-alerts-small.svg +10 -0
  10. package/assets/github-manage-security-alerts.png +0 -0
  11. package/package.json +51 -0
  12. package/scripts/github_security_api.py +358 -0
  13. package/scripts/github_security_cli.py +835 -0
  14. package/scripts/github_security_common.py +103 -0
  15. package/scripts/github_security_operations.py +1162 -0
  16. package/scripts/github_security_render.py +318 -0
  17. package/scripts/manage_github_security_alerts.py +58 -0
package/scripts/github_security_common.py ADDED
@@ -0,0 +1,103 @@
1
+ from __future__ import annotations
2
+
3
+ from typing import Any
4
+
5
+ DEFAULT_PAGE_SIZE = 30
6
+ DEFAULT_SUMMARY_PAGE_SIZE = 100
7
+ DEFAULT_SUMMARY_SAMPLE_SIZE = 3
8
+
9
+ CODE_SCANNING_DISMISS_REASONS = (
10
+ "false positive",
11
+ "won't fix",
12
+ "used in tests",
13
+ )
14
+ DEPENDABOT_DISMISS_REASONS = (
15
+ "fix_started",
16
+ "inaccurate",
17
+ "no_bandwidth",
18
+ "not_used",
19
+ "tolerable_risk",
20
+ )
21
+ SECRET_SCANNING_RESOLUTIONS = (
22
+ "false_positive",
23
+ "wont_fix",
24
+ "revoked",
25
+ "pattern_edited",
26
+ "pattern_deleted",
27
+ "used_in_tests",
28
+ )
29
+
30
+
31
+ class GitHubSecurityCliError(RuntimeError):
32
+ """Raised when the helper cannot complete the requested operation."""
33
+
34
+
35
+ def parse_name_value_pairs(pairs: list[str] | None) -> dict[str, str]:
36
+ """Parse repeated key=value CLI inputs into a mapping."""
37
+
38
+ result: dict[str, str] = {}
39
+
40
+ for pair in pairs or []:
41
+ if "=" not in pair:
42
+ raise GitHubSecurityCliError(
43
+ f"Expected key=value input but received '{pair}'."
44
+ )
45
+ key, value = pair.split("=", 1)
46
+ key = key.strip()
47
+ value = value.strip()
48
+ if not key:
49
+ raise GitHubSecurityCliError(
50
+ f"Expected non-empty key in '{pair}'."
51
+ )
52
+ result[key] = value
53
+
54
+ return result
55
+
56
+
57
+ def filter_non_null_values(values: dict[str, Any]) -> dict[str, Any]:
58
+ """Remove null values from a mapping."""
59
+
60
+ return {key: value for key, value in values.items() if value is not None}
61
+
62
+
63
+ def normalize_repeated_values(values: list[str] | None) -> list[str]:
64
+ """Deduplicate repeated CLI values while preserving order."""
65
+
66
+ deduped_values: list[str] = []
67
+ seen_values: set[str] = set()
68
+
69
+ for value in values or []:
70
+ for candidate in [
71
+ item.strip() for item in value.split(",") if item.strip()
72
+ ]:
73
+ if candidate in seen_values:
74
+ continue
75
+ seen_values.add(candidate)
76
+ deduped_values.append(candidate)
77
+
78
+ return deduped_values
79
+
80
+
81
+ def expect_dict(value: Any, label: str) -> dict[str, Any]:
82
+ """Require a dictionary-shaped API payload."""
83
+
84
+ if not isinstance(value, dict):
85
+ raise GitHubSecurityCliError(
86
+ f"Expected {label} payload to be an object but received {type(value).__name__}."
87
+ )
88
+
89
+ return value
90
+
91
+
92
+ def expect_list(value: Any, label: str) -> list[dict[str, Any]]:
93
+ """Require a list-of-dicts API payload."""
94
+
95
+ if not isinstance(value, list):
96
+ raise GitHubSecurityCliError(
97
+ f"Expected {label} payload to be a list but received {type(value).__name__}."
98
+ )
99
+
100
+ result: list[dict[str, Any]] = []
101
+ for item in value:
102
+ result.append(expect_dict(item, label))
103
+ return result