github-agent 1.1.0__tar.gz → 1.2.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. {github_agent-1.1.0 → github_agent-1.2.0}/PKG-INFO +14 -5
  2. {github_agent-1.1.0 → github_agent-1.2.0}/README.md +13 -4
  3. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/agent_server.py +1 -1
  4. github_agent-1.2.0/github_agent/api/api_client_dependabot.py +98 -0
  5. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api_client.py +2 -0
  6. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/__init__.py +2 -0
  7. github_agent-1.2.0/github_agent/mcp/mcp_dependabot.py +172 -0
  8. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp_server.py +160 -0
  9. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/skills/github-actions-ci-review/SKILL.md +1 -0
  10. github_agent-1.2.0/github_agent/skills/github-dependabot-review/SKILL.md +103 -0
  11. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/skills/github-issue-tracking/SKILL.md +1 -0
  12. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/skills/github-pull-request-create/SKILL.md +1 -0
  13. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/skills/github-pull-request-review/SKILL.md +1 -0
  14. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/skills/github-repository-management/SKILL.md +1 -0
  15. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent.egg-info/PKG-INFO +14 -5
  16. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent.egg-info/SOURCES.txt +3 -0
  17. {github_agent-1.1.0 → github_agent-1.2.0}/pyproject.toml +1 -1
  18. {github_agent-1.1.0 → github_agent-1.2.0}/LICENSE +0 -0
  19. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/__init__.py +0 -0
  20. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/__main__.py +0 -0
  21. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/__init__.py +0 -0
  22. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_base.py +0 -0
  23. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_branches.py +0 -0
  24. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_commits.py +0 -0
  25. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_contents.py +0 -0
  26. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_issues.py +0 -0
  27. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_orgs.py +0 -0
  28. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_pages.py +0 -0
  29. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_pulls.py +0 -0
  30. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_releases.py +0 -0
  31. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_repos.py +0 -0
  32. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_search.py +0 -0
  33. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/api/api_client_workflows.py +0 -0
  34. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/auth.py +0 -0
  35. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/connectors/__init__.py +0 -0
  36. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/connectors/mcp_source_presets.json +0 -0
  37. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/github_gql.py +0 -0
  38. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/github_input_models.py +0 -0
  39. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/github_response_models.py +0 -0
  40. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/kg_ingest.py +0 -0
  41. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_action.py +0 -0
  42. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_branch.py +0 -0
  43. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_collaborator.py +0 -0
  44. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_commit.py +0 -0
  45. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_content.py +0 -0
  46. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_issue.py +0 -0
  47. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_org.py +0 -0
  48. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_pull.py +0 -0
  49. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_release.py +0 -0
  50. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_repo.py +0 -0
  51. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp/mcp_search.py +0 -0
  52. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/mcp_config.json +0 -0
  53. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/ontology/__init__.py +0 -0
  54. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/ontology/github.ttl +0 -0
  55. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/prompts/__init__.py +0 -0
  56. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/prompts/code_collaboration_specialist.json +0 -0
  57. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/prompts/main_agent.json +0 -0
  58. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent/skills/__init__.py +0 -0
  59. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent.egg-info/dependency_links.txt +0 -0
  60. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent.egg-info/entry_points.txt +0 -0
  61. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent.egg-info/requires.txt +0 -0
  62. {github_agent-1.1.0 → github_agent-1.2.0}/github_agent.egg-info/top_level.txt +0 -0
  63. {github_agent-1.1.0 → github_agent-1.2.0}/scripts/security_sanitizer.py +0 -0
  64. {github_agent-1.1.0 → github_agent-1.2.0}/scripts/validate_a2a_agent.py +0 -0
  65. {github_agent-1.1.0 → github_agent-1.2.0}/scripts/verify_api_integration.py +0 -0
  66. {github_agent-1.1.0 → github_agent-1.2.0}/setup.cfg +0 -0
  67. {github_agent-1.1.0 → github_agent-1.2.0}/tests/conftest.py +0 -0
  68. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_action_discovery.py +0 -0
  69. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_api_client_endpoints.py +0 -0
  70. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_api_validation.py +0 -0
  71. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_auth_client_edge_cases.py +0 -0
  72. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_concept_parity.py +0 -0
  73. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_github_agent_api_brute_force_coverage.py +0 -0
  74. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_github_agent_brute_force_coverage.py +0 -0
  75. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_github_gql.py +0 -0
  76. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_hardening.py +0 -0
  77. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_init_dynamics.py +0 -0
  78. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_kg_ingest.py +0 -0
  79. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_mcp_coverage.py +0 -0
  80. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_model_fields.py +0 -0
  81. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_org_crud.py +0 -0
  82. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_pages.py +0 -0
  83. {github_agent-1.1.0 → github_agent-1.2.0}/tests/test_startup.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: github-agent
3
- Version: 1.1.0
3
+ Version: 1.2.0
4
4
  Summary: GitHub Agent for MCP
5
5
  Author-email: Audel Rouhi <knucklessg1@gmail.com>
6
6
  License: MIT
@@ -48,7 +48,7 @@ Dynamic: license-file
48
48
  ![PyPI - Wheel](https://img.shields.io/pypi/wheel/github-agent)
49
49
  ![PyPI - Implementation](https://img.shields.io/pypi/implementation/github-agent)
50
50
 
51
- *Version: 1.1.0*
51
+ *Version: 1.2.0*
52
52
 
53
53
  > **Documentation** — Installation, deployment, and usage across the MCP, API, and
54
54
  > CLI interfaces, including the integrated A2A agent server, are maintained in the
@@ -98,6 +98,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
98
98
  | `github_collaborators` | `COLLABORATORTOOL` | Manage repository collaborators. |
99
99
  | `github_commits` | `COMMITTOOL` | Manage GitHub commits. |
100
100
  | `github_contents` | `CONTENTTOOL` | Manage GitHub contents. |
101
+ | `github_dependabot` | `DEPENDABOTTOOL` | Review and manage GitHub Dependabot vulnerability alerts. |
101
102
  | `github_discover_graphql_schema` | `GRAPHQLTOOL` | Discover the live GitHub GraphQL schema (types, fields, and attributes) in real-time. |
102
103
  | `github_graphql` | `GRAPHQLTOOL` | Execute raw GraphQL queries and mutations natively on GitHub. |
103
104
  | `github_ingest_repos` | `INGESTTOOL` | Natively ingest GitHub repositories into epistemic-graph as typed :Repository nodes. |
@@ -111,7 +112,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
111
112
  #### Verbose 1:1 API-mapped tools (`MCP_TOOL_MODE=verbose` or `both`)
112
113
 
113
114
  <details>
114
- <summary>72 per-operation tools — one per public API method (click to expand)</summary>
115
+ <summary>76 per-operation tools — one per public API method (click to expand)</summary>
115
116
 
116
117
  | MCP Tool | Toggle Env Var | Description |
117
118
  |----------|----------------|-------------|
@@ -144,8 +145,11 @@ _Auto-generated from the live MCP server — do not edit by hand._
144
145
  | `github_get_commit` | `APITOOL` | Get a single commit in a repository. |
145
146
  | `github_get_commits` | `APITOOL` | List commits for a repository. |
146
147
  | `github_get_contents` | `APITOOL` | Get contents of a file or directory in a repository. |
148
+ | `github_get_dependabot_alert` | `APITOOL` | Get a single Dependabot alert. |
149
+ | `github_get_dependabot_alerts` | `APITOOL` | List Dependabot alerts for a repository. |
147
150
  | `github_get_issue` | `APITOOL` | Get a single issue in a repository. |
148
151
  | `github_get_issues` | `APITOOL` | List issues for a repository. |
152
+ | `github_get_org_dependabot_alerts` | `APITOOL` | List Dependabot alerts for an entire organization. |
149
153
  | `github_get_org_members` | `APITOOL` | List members for an organization. |
150
154
  | `github_get_org_repos` | `APITOOL` | List repositories for an organization. |
151
155
  | `github_get_org_teams` | `APITOOL` | List teams for an organization. |
@@ -181,6 +185,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
181
185
  | `github_trigger_workflow_dispatch` | `APITOOL` | Trigger a workflow dispatch event. |
182
186
  | `github_update_branch_protection` | `APITOOL` | Update branch protection configuration. |
183
187
  | `github_update_content` | `APITOOL` | Update a file in a repository. |
188
+ | `github_update_dependabot_alert` | `APITOOL` | Update the state of a Dependabot alert. |
184
189
  | `github_update_issue` | `APITOOL` | Update an issue in a repository. |
185
190
  | `github_update_organization` | `APITOOL` | Update an organization's profile and member settings. |
186
191
  | `github_update_pages` | `APITOOL` | Update the GitHub Pages configuration for a repository. |
@@ -190,7 +195,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
190
195
 
191
196
  </details>
192
197
 
193
- _14 action-routed tool(s) (default) · 72 verbose 1:1 tool(s). Each is enabled unless its `<DOMAIN>TOOL` toggle is set false; `MCP_TOOL_MODE` selects the surface (`condensed` default · `verbose` 1:1 · `both`). Auto-generated — do not edit._
198
+ _15 action-routed tool(s) (default) · 76 verbose 1:1 tool(s). Each is enabled unless its `<DOMAIN>TOOL` toggle is set false; `MCP_TOOL_MODE` selects the surface (`condensed` default · `verbose` 1:1 · `both`). Auto-generated — do not edit._
194
199
  <!-- MCP-TOOLS-TABLE:END -->
195
200
 
196
201
  Detailed tool schemas, parameter shapes, and validation constraints are preserved in [docs/mcp.md](docs/mcp.md).
@@ -245,6 +250,7 @@ When query strings or parameters are supplied, an LLM-free **Knowledge Graph res
245
250
  "COLLABORATORTOOL": "True",
246
251
  "COMMITTOOL": "True",
247
252
  "CONTENTTOOL": "True",
253
+ "DEPENDABOTTOOL": "True",
248
254
  "GITHUB_ALLOW_DESTRUCTIVE": "False",
249
255
  "GITHUB_HTTP_CONNECT_TIMEOUT": "10",
250
256
  "GITHUB_HTTP_READ_TIMEOUT": "30",
@@ -291,6 +297,7 @@ When query strings or parameters are supplied, an LLM-free **Knowledge Graph res
291
297
  "COLLABORATORTOOL": "True",
292
298
  "COMMITTOOL": "True",
293
299
  "CONTENTTOOL": "True",
300
+ "DEPENDABOTTOOL": "True",
294
301
  "GITHUB_ALLOW_DESTRUCTIVE": "False",
295
302
  "GITHUB_HTTP_CONNECT_TIMEOUT": "10",
296
303
  "GITHUB_HTTP_READ_TIMEOUT": "30",
@@ -338,6 +345,7 @@ docker run -d \
338
345
  -e COLLABORATORTOOL=True \
339
346
  -e COMMITTOOL=True \
340
347
  -e CONTENTTOOL=True \
348
+ -e DEPENDABOTTOOL=True \
341
349
  -e GITHUB_ALLOW_DESTRUCTIVE=False \
342
350
  -e GITHUB_HTTP_CONNECT_TIMEOUT=10 \
343
351
  -e GITHUB_HTTP_READ_TIMEOUT=30 \
@@ -408,6 +416,7 @@ consumed from a **remote deployment**. The
408
416
  | `COLLABORATORTOOL` | `True` | |
409
417
  | `COMMITTOOL` | `True` | |
410
418
  | `CONTENTTOOL` | `True` | |
419
+ | `DEPENDABOTTOOL` | `True` | |
411
420
  | `GRAPHQLTOOL` | `True` | |
412
421
  | `INGESTTOOL` | `True` | |
413
422
  | `ISSUETOOL` | `True` | |
@@ -434,7 +443,7 @@ consumed from a **remote deployment**. The
434
443
  | `MODEL_ID` | `gpt-4o` | Model id for the agent |
435
444
  | `ENABLE_WEB_UI` | `True` | Serve the AG-UI web interface |
436
445
 
437
- _33 package + 12 inherited variable(s). Auto-generated from `.env.example` + the shared agent-utilities set — do not edit._
446
+ _34 package + 12 inherited variable(s). Auto-generated from `.env.example` + the shared agent-utilities set — do not edit._
438
447
  <!-- ENV-VARS-TABLE:END -->
439
448
 
440
449
 
@@ -20,7 +20,7 @@
20
20
  ![PyPI - Wheel](https://img.shields.io/pypi/wheel/github-agent)
21
21
  ![PyPI - Implementation](https://img.shields.io/pypi/implementation/github-agent)
22
22
 
23
- *Version: 1.1.0*
23
+ *Version: 1.2.0*
24
24
 
25
25
  > **Documentation** — Installation, deployment, and usage across the MCP, API, and
26
26
  > CLI interfaces, including the integrated A2A agent server, are maintained in the
@@ -70,6 +70,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
70
70
  | `github_collaborators` | `COLLABORATORTOOL` | Manage repository collaborators. |
71
71
  | `github_commits` | `COMMITTOOL` | Manage GitHub commits. |
72
72
  | `github_contents` | `CONTENTTOOL` | Manage GitHub contents. |
73
+ | `github_dependabot` | `DEPENDABOTTOOL` | Review and manage GitHub Dependabot vulnerability alerts. |
73
74
  | `github_discover_graphql_schema` | `GRAPHQLTOOL` | Discover the live GitHub GraphQL schema (types, fields, and attributes) in real-time. |
74
75
  | `github_graphql` | `GRAPHQLTOOL` | Execute raw GraphQL queries and mutations natively on GitHub. |
75
76
  | `github_ingest_repos` | `INGESTTOOL` | Natively ingest GitHub repositories into epistemic-graph as typed :Repository nodes. |
@@ -83,7 +84,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
83
84
  #### Verbose 1:1 API-mapped tools (`MCP_TOOL_MODE=verbose` or `both`)
84
85
 
85
86
  <details>
86
- <summary>72 per-operation tools — one per public API method (click to expand)</summary>
87
+ <summary>76 per-operation tools — one per public API method (click to expand)</summary>
87
88
 
88
89
  | MCP Tool | Toggle Env Var | Description |
89
90
  |----------|----------------|-------------|
@@ -116,8 +117,11 @@ _Auto-generated from the live MCP server — do not edit by hand._
116
117
  | `github_get_commit` | `APITOOL` | Get a single commit in a repository. |
117
118
  | `github_get_commits` | `APITOOL` | List commits for a repository. |
118
119
  | `github_get_contents` | `APITOOL` | Get contents of a file or directory in a repository. |
120
+ | `github_get_dependabot_alert` | `APITOOL` | Get a single Dependabot alert. |
121
+ | `github_get_dependabot_alerts` | `APITOOL` | List Dependabot alerts for a repository. |
119
122
  | `github_get_issue` | `APITOOL` | Get a single issue in a repository. |
120
123
  | `github_get_issues` | `APITOOL` | List issues for a repository. |
124
+ | `github_get_org_dependabot_alerts` | `APITOOL` | List Dependabot alerts for an entire organization. |
121
125
  | `github_get_org_members` | `APITOOL` | List members for an organization. |
122
126
  | `github_get_org_repos` | `APITOOL` | List repositories for an organization. |
123
127
  | `github_get_org_teams` | `APITOOL` | List teams for an organization. |
@@ -153,6 +157,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
153
157
  | `github_trigger_workflow_dispatch` | `APITOOL` | Trigger a workflow dispatch event. |
154
158
  | `github_update_branch_protection` | `APITOOL` | Update branch protection configuration. |
155
159
  | `github_update_content` | `APITOOL` | Update a file in a repository. |
160
+ | `github_update_dependabot_alert` | `APITOOL` | Update the state of a Dependabot alert. |
156
161
  | `github_update_issue` | `APITOOL` | Update an issue in a repository. |
157
162
  | `github_update_organization` | `APITOOL` | Update an organization's profile and member settings. |
158
163
  | `github_update_pages` | `APITOOL` | Update the GitHub Pages configuration for a repository. |
@@ -162,7 +167,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
162
167
 
163
168
  </details>
164
169
 
165
- _14 action-routed tool(s) (default) · 72 verbose 1:1 tool(s). Each is enabled unless its `<DOMAIN>TOOL` toggle is set false; `MCP_TOOL_MODE` selects the surface (`condensed` default · `verbose` 1:1 · `both`). Auto-generated — do not edit._
170
+ _15 action-routed tool(s) (default) · 76 verbose 1:1 tool(s). Each is enabled unless its `<DOMAIN>TOOL` toggle is set false; `MCP_TOOL_MODE` selects the surface (`condensed` default · `verbose` 1:1 · `both`). Auto-generated — do not edit._
166
171
  <!-- MCP-TOOLS-TABLE:END -->
167
172
 
168
173
  Detailed tool schemas, parameter shapes, and validation constraints are preserved in [docs/mcp.md](docs/mcp.md).
@@ -217,6 +222,7 @@ When query strings or parameters are supplied, an LLM-free **Knowledge Graph res
217
222
  "COLLABORATORTOOL": "True",
218
223
  "COMMITTOOL": "True",
219
224
  "CONTENTTOOL": "True",
225
+ "DEPENDABOTTOOL": "True",
220
226
  "GITHUB_ALLOW_DESTRUCTIVE": "False",
221
227
  "GITHUB_HTTP_CONNECT_TIMEOUT": "10",
222
228
  "GITHUB_HTTP_READ_TIMEOUT": "30",
@@ -263,6 +269,7 @@ When query strings or parameters are supplied, an LLM-free **Knowledge Graph res
263
269
  "COLLABORATORTOOL": "True",
264
270
  "COMMITTOOL": "True",
265
271
  "CONTENTTOOL": "True",
272
+ "DEPENDABOTTOOL": "True",
266
273
  "GITHUB_ALLOW_DESTRUCTIVE": "False",
267
274
  "GITHUB_HTTP_CONNECT_TIMEOUT": "10",
268
275
  "GITHUB_HTTP_READ_TIMEOUT": "30",
@@ -310,6 +317,7 @@ docker run -d \
310
317
  -e COLLABORATORTOOL=True \
311
318
  -e COMMITTOOL=True \
312
319
  -e CONTENTTOOL=True \
320
+ -e DEPENDABOTTOOL=True \
313
321
  -e GITHUB_ALLOW_DESTRUCTIVE=False \
314
322
  -e GITHUB_HTTP_CONNECT_TIMEOUT=10 \
315
323
  -e GITHUB_HTTP_READ_TIMEOUT=30 \
@@ -380,6 +388,7 @@ consumed from a **remote deployment**. The
380
388
  | `COLLABORATORTOOL` | `True` | |
381
389
  | `COMMITTOOL` | `True` | |
382
390
  | `CONTENTTOOL` | `True` | |
391
+ | `DEPENDABOTTOOL` | `True` | |
383
392
  | `GRAPHQLTOOL` | `True` | |
384
393
  | `INGESTTOOL` | `True` | |
385
394
  | `ISSUETOOL` | `True` | |
@@ -406,7 +415,7 @@ consumed from a **remote deployment**. The
406
415
  | `MODEL_ID` | `gpt-4o` | Model id for the agent |
407
416
  | `ENABLE_WEB_UI` | `True` | Serve the AG-UI web interface |
408
417
 
409
- _33 package + 12 inherited variable(s). Auto-generated from `.env.example` + the shared agent-utilities set — do not edit._
418
+ _34 package + 12 inherited variable(s). Auto-generated from `.env.example` + the shared agent-utilities set — do not edit._
410
419
  <!-- ENV-VARS-TABLE:END -->
411
420
 
412
421
 
@@ -4,7 +4,7 @@ import os
4
4
  import sys
5
5
  import warnings
6
6
 
7
- __version__ = "1.1.0"
7
+ __version__ = "1.2.0"
8
8
 
9
9
  logging.basicConfig(
10
10
  level=logging.INFO,
@@ -0,0 +1,98 @@
1
+ #!/usr/bin/env python
2
+ from typing import Any
3
+
4
+ from agent_utilities.decorators import require_auth
5
+
6
+ from github_agent.api.api_client_base import BaseApiClient
7
+ from github_agent.github_response_models import Response
8
+
9
+
10
+ class Api(BaseApiClient):
11
+ @require_auth
12
+ def get_dependabot_alerts(self, owner: str, repo: str, **filters) -> Response:
13
+ """List Dependabot alerts for a repository.
14
+
15
+ GET /repos/{owner}/{repo}/dependabot/alerts. Optional filters passed
16
+ straight through as query parameters (state, severity, ecosystem,
17
+ package, scope, sort, direction, per_page, page). Returns the raw JSON
18
+ list of alerts in ``Response.data``.
19
+ """
20
+ params = {k: v for k, v in filters.items() if v is not None}
21
+ response = self._session.get(
22
+ url=f"{self.url}/repos/{owner}/{repo}/dependabot/alerts",
23
+ params=params or None,
24
+ headers=self.headers,
25
+ verify=self.verify,
26
+ proxies=self.proxies,
27
+ )
28
+ response.raise_for_status()
29
+ return Response(response=response, data=response.json())
30
+
31
+ @require_auth
32
+ def get_dependabot_alert(
33
+ self, owner: str, repo: str, alert_number: int
34
+ ) -> Response:
35
+ """Get a single Dependabot alert.
36
+
37
+ GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number}.
38
+ """
39
+ response = self._session.get(
40
+ url=(f"{self.url}/repos/{owner}/{repo}/dependabot/alerts/{alert_number}"),
41
+ headers=self.headers,
42
+ verify=self.verify,
43
+ proxies=self.proxies,
44
+ )
45
+ response.raise_for_status()
46
+ return Response(response=response, data=response.json())
47
+
48
+ @require_auth
49
+ def get_org_dependabot_alerts(self, org: str, **filters) -> Response:
50
+ """List Dependabot alerts for an entire organization.
51
+
52
+ GET /orgs/{org}/dependabot/alerts. Optional filters passed straight
53
+ through as query parameters (state, severity, ecosystem, package,
54
+ scope, sort, direction, per_page, page). Returns the raw JSON list of
55
+ alerts in ``Response.data``.
56
+ """
57
+ params = {k: v for k, v in filters.items() if v is not None}
58
+ response = self._session.get(
59
+ url=f"{self.url}/orgs/{org}/dependabot/alerts",
60
+ params=params or None,
61
+ headers=self.headers,
62
+ verify=self.verify,
63
+ proxies=self.proxies,
64
+ )
65
+ response.raise_for_status()
66
+ return Response(response=response, data=response.json())
67
+
68
+ @require_auth
69
+ def update_dependabot_alert(
70
+ self,
71
+ owner: str,
72
+ repo: str,
73
+ alert_number: int,
74
+ state: str,
75
+ dismissed_reason: str | None = None,
76
+ dismissed_comment: str | None = None,
77
+ ) -> Response:
78
+ """Update the state of a Dependabot alert.
79
+
80
+ PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number}. ``state``
81
+ is ``dismissed`` or ``open``. ``dismissed_reason`` is required when
82
+ dismissing (one of ``fix_started``, ``inaccurate``, ``no_bandwidth``,
83
+ ``not_used``, ``tolerable_risk``); ``dismissed_comment`` is optional.
84
+ """
85
+ payload: dict[str, Any] = {"state": state}
86
+ if dismissed_reason is not None:
87
+ payload["dismissed_reason"] = dismissed_reason
88
+ if dismissed_comment is not None:
89
+ payload["dismissed_comment"] = dismissed_comment
90
+ response = self._session.patch(
91
+ url=(f"{self.url}/repos/{owner}/{repo}/dependabot/alerts/{alert_number}"),
92
+ json=payload,
93
+ headers=self.headers,
94
+ verify=self.verify,
95
+ proxies=self.proxies,
96
+ )
97
+ response.raise_for_status()
98
+ return Response(response=response, data=response.json())
@@ -3,6 +3,7 @@ from github_agent.api.api_client_base import logger # noqa: F401
3
3
  from github_agent.api.api_client_branches import Api as BranchesApi
4
4
  from github_agent.api.api_client_commits import Api as CommitsApi
5
5
  from github_agent.api.api_client_contents import Api as ContentsApi
6
+ from github_agent.api.api_client_dependabot import Api as DependabotApi
6
7
  from github_agent.api.api_client_issues import Api as IssuesApi
7
8
  from github_agent.api.api_client_orgs import Api as OrgsApi
8
9
  from github_agent.api.api_client_pages import Api as PagesApi
@@ -39,6 +40,7 @@ class Api(
39
40
  BranchesApi,
40
41
  CommitsApi,
41
42
  ContentsApi,
43
+ DependabotApi,
42
44
  IssuesApi,
43
45
  OrgsApi,
44
46
  PagesApi,
@@ -9,6 +9,7 @@ from github_agent.mcp.mcp_branch import register_branch_tools
9
9
  from github_agent.mcp.mcp_collaborator import register_collaborator_tools
10
10
  from github_agent.mcp.mcp_commit import register_commit_tools
11
11
  from github_agent.mcp.mcp_content import register_content_tools
12
+ from github_agent.mcp.mcp_dependabot import register_dependabot_tools
12
13
  from github_agent.mcp.mcp_issue import register_issue_tools
13
14
  from github_agent.mcp.mcp_org import register_org_tools
14
15
  from github_agent.mcp.mcp_pull import register_pull_tools
@@ -22,6 +23,7 @@ __all__ = [
22
23
  "register_collaborator_tools",
23
24
  "register_commit_tools",
24
25
  "register_content_tools",
26
+ "register_dependabot_tools",
25
27
  "register_issue_tools",
26
28
  "register_org_tools",
27
29
  "register_pull_tools",
@@ -0,0 +1,172 @@
1
+ """MCP tools for Dependabot alert operations.
2
+
3
+ Auto-generated from mcp_server.py during ecosystem standardization.
4
+ """
5
+
6
+ from agent_utilities.mcp_utilities import resolve_action, run_blocking
7
+ from fastmcp import Context, FastMCP
8
+ from fastmcp.dependencies import Depends
9
+ from pydantic import Field
10
+
11
+ from github_agent.auth import allow_destructive_default, get_client
12
+
13
+ #: Dependabot actions gated behind allow_destructive / GITHUB_ALLOW_DESTRUCTIVE.
14
+ DESTRUCTIVE_DEPENDABOT_ACTIONS = {"update"}
15
+
16
+ #: Valid Dependabot actions for the shared ``resolve_action`` discovery helper.
17
+ DEPENDABOT_ACTIONS = ("list", "get", "list_org", "update")
18
+
19
+
20
+ def register_dependabot_tools(mcp: FastMCP):
21
+ @mcp.tool(tags={"dependabot"})
22
+ async def github_dependabot(
23
+ action: str = Field(
24
+ description="Action to perform. Must be one of: 'list', 'get', 'list_org', 'update'"
25
+ ),
26
+ params_json: str = Field(
27
+ default="{}", description="JSON string of parameters to pass to the action."
28
+ ),
29
+ allow_destructive: bool = Field(
30
+ default=False,
31
+ description="Confirm a guarded write ('update' — dismiss/reopen an alert). Also honoured via GITHUB_ALLOW_DESTRUCTIVE.",
32
+ ),
33
+ client=Depends(get_client),
34
+ ctx: Context | None = Field(
35
+ default=None, description="MCP context for progress reporting"
36
+ ),
37
+ ) -> dict:
38
+ """Review and manage GitHub Dependabot vulnerability alerts.
39
+
40
+ Actions (parameters via params_json):
41
+ - 'list': {"owner", "repo", plus optional filters: state
42
+ (open/dismissed/fixed/auto_dismissed), severity
43
+ (low/medium/high/critical), ecosystem, package, scope
44
+ (development/runtime), sort, direction, per_page} — list a repo's
45
+ Dependabot alerts (GET /repos/{owner}/{repo}/dependabot/alerts).
46
+ - 'get': {"owner", "repo", "alert_number"} — a single alert.
47
+ - 'list_org': {"org", plus the same optional filters} — every
48
+ Dependabot alert across an organization
49
+ (GET /orgs/{org}/dependabot/alerts).
50
+ - 'update': {"owner", "repo", "alert_number", "state":
51
+ "dismissed"|"open", plus "dismissed_reason" (required to dismiss:
52
+ fix_started/inaccurate/no_bandwidth/not_used/tolerable_risk) and
53
+ optional "dismissed_comment"} — dismiss or reopen an alert. Guarded
54
+ by allow_destructive / GITHUB_ALLOW_DESTRUCTIVE.
55
+ """
56
+ if ctx:
57
+ await ctx.info("Executing github_dependabot action...")
58
+ import json
59
+
60
+ try:
61
+ kwargs = json.loads(params_json)
62
+ except Exception as e:
63
+ return {"status": 400, "error": f"Invalid params_json: {e}", "data": None}
64
+
65
+ kwargs = {k: v for k, v in kwargs.items() if v is not None}
66
+
67
+ resolved = resolve_action(action, DEPENDABOT_ACTIONS, service="github-agent")
68
+ if isinstance(resolved, dict):
69
+ return resolved
70
+ action = resolved
71
+
72
+ if action in DESTRUCTIVE_DEPENDABOT_ACTIONS and not (
73
+ allow_destructive is True or allow_destructive_default()
74
+ ):
75
+ return {
76
+ "status": 403,
77
+ "error": (
78
+ f"Action '{action}' is a guarded write and blocked by default. "
79
+ "Re-run with allow_destructive=true (or set "
80
+ "GITHUB_ALLOW_DESTRUCTIVE=True) to confirm."
81
+ ),
82
+ "data": None,
83
+ }
84
+
85
+ try:
86
+ if action == "list":
87
+ owner = kwargs.pop("owner", None)
88
+ repo = kwargs.pop("repo", None)
89
+ if not owner or not repo:
90
+ return {
91
+ "status": 400,
92
+ "error": "Missing 'owner' or 'repo' parameter",
93
+ "data": None,
94
+ }
95
+ response = await run_blocking(
96
+ client.get_dependabot_alerts, owner=owner, repo=repo, **kwargs
97
+ )
98
+ return {
99
+ "status": 200,
100
+ "message": "Dependabot alerts retrieved successfully",
101
+ "data": response.data,
102
+ }
103
+ elif action == "get":
104
+ owner = kwargs.get("owner")
105
+ repo = kwargs.get("repo")
106
+ alert_number = kwargs.get("alert_number")
107
+ if not owner or not repo or not alert_number:
108
+ return {
109
+ "status": 400,
110
+ "error": "Missing 'owner', 'repo', or 'alert_number' parameter",
111
+ "data": None,
112
+ }
113
+ response = await run_blocking(
114
+ client.get_dependabot_alert,
115
+ owner=owner,
116
+ repo=repo,
117
+ alert_number=int(alert_number),
118
+ )
119
+ return {
120
+ "status": 200,
121
+ "message": "Dependabot alert retrieved successfully",
122
+ "data": response.data,
123
+ }
124
+ elif action == "list_org":
125
+ org = kwargs.pop("org", None)
126
+ if not org:
127
+ return {
128
+ "status": 400,
129
+ "error": "Missing required 'org' parameter",
130
+ "data": None,
131
+ }
132
+ response = await run_blocking(
133
+ client.get_org_dependabot_alerts, org=org, **kwargs
134
+ )
135
+ return {
136
+ "status": 200,
137
+ "message": "Organization Dependabot alerts retrieved successfully",
138
+ "data": response.data,
139
+ }
140
+ elif action == "update":
141
+ owner = kwargs.get("owner")
142
+ repo = kwargs.get("repo")
143
+ alert_number = kwargs.get("alert_number")
144
+ state = kwargs.get("state")
145
+ if not owner or not repo or not alert_number or not state:
146
+ return {
147
+ "status": 400,
148
+ "error": "Missing 'owner', 'repo', 'alert_number', or 'state' parameter",
149
+ "data": None,
150
+ }
151
+ response = await run_blocking(
152
+ client.update_dependabot_alert,
153
+ owner=owner,
154
+ repo=repo,
155
+ alert_number=int(alert_number),
156
+ state=state,
157
+ dismissed_reason=kwargs.get("dismissed_reason"),
158
+ dismissed_comment=kwargs.get("dismissed_comment"),
159
+ )
160
+ return {
161
+ "status": 200,
162
+ "message": "Dependabot alert updated successfully",
163
+ "data": response.data,
164
+ }
165
+ else:
166
+ return {
167
+ "status": 400,
168
+ "error": f"Unknown action: {action}",
169
+ "data": None,
170
+ }
171
+ except Exception as e:
172
+ return {"status": 500, "error": str(e), "data": None}
@@ -54,6 +54,9 @@ DESTRUCTIVE_REPO_ACTIONS = {"pages_delete", "secrets_delete"}
54
54
  #: Pull actions gated behind allow_destructive / GITHUB_ALLOW_DESTRUCTIVE.
55
55
  DESTRUCTIVE_PULL_ACTIONS = {"merge", "enable_auto_merge"}
56
56
 
57
+ #: Dependabot actions gated behind allow_destructive / GITHUB_ALLOW_DESTRUCTIVE.
58
+ DESTRUCTIVE_DEPENDABOT_ACTIONS = {"update"}
59
+
57
60
  #: Exact keys dropped by _slim (pure hypermedia/noise, never semantic data).
58
61
  _SLIM_DROP_EXACT = {"_links", "url", "node_id"}
59
62
 
@@ -127,6 +130,7 @@ WORKFLOW_ACTIONS = (
127
130
  "delete_run",
128
131
  )
129
132
  RELEASE_ACTIONS = ("list", "get", "create", "update", "delete")
133
+ DEPENDABOT_ACTIONS = ("list", "get", "list_org", "update")
130
134
 
131
135
 
132
136
  def _slim(obj: Any) -> Any:
@@ -2118,6 +2122,161 @@ def register_release_tools(mcp: FastMCP):
2118
2122
  return {"status": 500, "error": str(e), "data": None}
2119
2123
 
2120
2124
 
2125
+ def register_dependabot_tools(mcp: FastMCP):
2126
+ @mcp.tool(tags={"dependabot"})
2127
+ async def github_dependabot(
2128
+ action: str = Field(
2129
+ description="Action to perform. Must be one of: 'list', 'get', 'list_org', 'update'"
2130
+ ),
2131
+ params_json: str = Field(
2132
+ default="{}", description="JSON string of parameters to pass to the action."
2133
+ ),
2134
+ allow_destructive: bool = Field(
2135
+ default=False,
2136
+ description="Confirm a guarded write ('update' — dismiss/reopen an alert). Also honoured via GITHUB_ALLOW_DESTRUCTIVE.",
2137
+ ),
2138
+ client=Depends(get_client),
2139
+ ctx: Context | None = Field(
2140
+ default=None, description="MCP context for progress reporting"
2141
+ ),
2142
+ ) -> dict:
2143
+ """Review and manage GitHub Dependabot vulnerability alerts.
2144
+
2145
+ Actions (parameters via params_json):
2146
+ - 'list': {"owner", "repo", plus optional filters: state
2147
+ (open/dismissed/fixed/auto_dismissed), severity
2148
+ (low/medium/high/critical), ecosystem, package, scope
2149
+ (development/runtime), sort, direction, per_page} — list a repo's
2150
+ Dependabot alerts (GET /repos/{owner}/{repo}/dependabot/alerts).
2151
+ - 'get': {"owner", "repo", "alert_number"} — a single alert.
2152
+ - 'list_org': {"org", plus the same optional filters} — every
2153
+ Dependabot alert across an organization
2154
+ (GET /orgs/{org}/dependabot/alerts).
2155
+ - 'update': {"owner", "repo", "alert_number", "state":
2156
+ "dismissed"|"open", plus "dismissed_reason" (required to dismiss:
2157
+ fix_started/inaccurate/no_bandwidth/not_used/tolerable_risk) and
2158
+ optional "dismissed_comment"} — dismiss or reopen an alert. Guarded
2159
+ by allow_destructive / GITHUB_ALLOW_DESTRUCTIVE.
2160
+ """
2161
+ if ctx:
2162
+ await ctx.info("Executing github_dependabot action...")
2163
+ import json
2164
+
2165
+ try:
2166
+ kwargs = json.loads(params_json)
2167
+ except Exception as e:
2168
+ return {"status": 400, "error": f"Invalid params_json: {e}", "data": None}
2169
+
2170
+ kwargs = {k: v for k, v in kwargs.items() if v is not None}
2171
+
2172
+ resolved = resolve_action(action, DEPENDABOT_ACTIONS, service="github-agent")
2173
+ if isinstance(resolved, dict):
2174
+ return resolved
2175
+ action = resolved
2176
+
2177
+ if action in DESTRUCTIVE_DEPENDABOT_ACTIONS and not (
2178
+ allow_destructive is True or allow_destructive_default()
2179
+ ):
2180
+ return {
2181
+ "status": 403,
2182
+ "error": (
2183
+ f"Action '{action}' is a guarded write and blocked by default. "
2184
+ "Re-run with allow_destructive=true (or set "
2185
+ "GITHUB_ALLOW_DESTRUCTIVE=True) to confirm."
2186
+ ),
2187
+ "data": None,
2188
+ }
2189
+
2190
+ try:
2191
+ if action == "list":
2192
+ owner = kwargs.pop("owner", None)
2193
+ repo = kwargs.pop("repo", None)
2194
+ if not owner or not repo:
2195
+ return {
2196
+ "status": 400,
2197
+ "error": "Missing 'owner' or 'repo' parameter",
2198
+ "data": None,
2199
+ }
2200
+ response = await run_blocking(
2201
+ client.get_dependabot_alerts, owner=owner, repo=repo, **kwargs
2202
+ )
2203
+ return {
2204
+ "status": 200,
2205
+ "message": "Dependabot alerts retrieved successfully",
2206
+ "data": response.data,
2207
+ }
2208
+ elif action == "get":
2209
+ owner = kwargs.get("owner")
2210
+ repo = kwargs.get("repo")
2211
+ alert_number = kwargs.get("alert_number")
2212
+ if not owner or not repo or not alert_number:
2213
+ return {
2214
+ "status": 400,
2215
+ "error": "Missing 'owner', 'repo', or 'alert_number' parameter",
2216
+ "data": None,
2217
+ }
2218
+ response = await run_blocking(
2219
+ client.get_dependabot_alert,
2220
+ owner=owner,
2221
+ repo=repo,
2222
+ alert_number=int(alert_number),
2223
+ )
2224
+ return {
2225
+ "status": 200,
2226
+ "message": "Dependabot alert retrieved successfully",
2227
+ "data": response.data,
2228
+ }
2229
+ elif action == "list_org":
2230
+ org = kwargs.pop("org", None)
2231
+ if not org:
2232
+ return {
2233
+ "status": 400,
2234
+ "error": "Missing required 'org' parameter",
2235
+ "data": None,
2236
+ }
2237
+ response = await run_blocking(
2238
+ client.get_org_dependabot_alerts, org=org, **kwargs
2239
+ )
2240
+ return {
2241
+ "status": 200,
2242
+ "message": "Organization Dependabot alerts retrieved successfully",
2243
+ "data": response.data,
2244
+ }
2245
+ elif action == "update":
2246
+ owner = kwargs.get("owner")
2247
+ repo = kwargs.get("repo")
2248
+ alert_number = kwargs.get("alert_number")
2249
+ state = kwargs.get("state")
2250
+ if not owner or not repo or not alert_number or not state:
2251
+ return {
2252
+ "status": 400,
2253
+ "error": "Missing 'owner', 'repo', 'alert_number', or 'state' parameter",
2254
+ "data": None,
2255
+ }
2256
+ response = await run_blocking(
2257
+ client.update_dependabot_alert,
2258
+ owner=owner,
2259
+ repo=repo,
2260
+ alert_number=int(alert_number),
2261
+ state=state,
2262
+ dismissed_reason=kwargs.get("dismissed_reason"),
2263
+ dismissed_comment=kwargs.get("dismissed_comment"),
2264
+ )
2265
+ return {
2266
+ "status": 200,
2267
+ "message": "Dependabot alert updated successfully",
2268
+ "data": response.data,
2269
+ }
2270
+ else:
2271
+ return {
2272
+ "status": 400,
2273
+ "error": f"Unknown action: {action}",
2274
+ "data": None,
2275
+ }
2276
+ except Exception as e:
2277
+ return {"status": 500, "error": str(e), "data": None}
2278
+
2279
+
2121
2280
  def register_ingest_tools(mcp: FastMCP):
2122
2281
  @mcp.tool(tags={"kg"})
2123
2282
  async def github_ingest_repos(
@@ -2253,6 +2412,7 @@ TOOL_REGISTRY = [
2253
2412
  ("collaborators", "COLLABORATORTOOL", register_collaborator_tools),
2254
2413
  ("actions", "ACTIONTOOL", register_action_tools),
2255
2414
  ("releases", "RELEASETOOL", register_release_tools),
2415
+ ("dependabot", "DEPENDABOTTOOL", register_dependabot_tools),
2256
2416
  ("ingest", "INGESTTOOL", register_ingest_tools),
2257
2417
  ("graphql", "GRAPHQLTOOL", register_graphql_tools),
2258
2418
  ]
@@ -1,5 +1,6 @@
1
1
  ---
2
2
  name: github-actions-ci-review
3
+ skill_type: skill
3
4
  description: >-
4
5
  Review GitHub Actions CI results across an organization, a user, or a single repository via
5
6
  the github-agent MCP server — enumerate repos, list workflow runs (filterable to failures),
@@ -0,0 +1,103 @@
1
+ ---
2
+ name: github-dependabot-review
3
+ skill_type: skill
4
+ description: >-
5
+ Review GitHub Dependabot vulnerability alerts for a single repository or an entire
6
+ organization via the github-agent MCP server — list alerts (filter by severity, state,
7
+ ecosystem, package, scope), drill into a single alert, and dismiss or reopen an alert with
8
+ explicit confirmation. Use when the agent must audit dependency vulnerabilities, triage
9
+ security alerts across an org/repo, or dismiss a known-acceptable alert. Do NOT use for code
10
+ scanning / secret scanning alerts (not covered here), to gate a PR's merge on CI
11
+ (github-actions-ci-review), or to open remediation issues (github-issue-tracking).
12
+ license: MIT
13
+ tags: [github, dependabot, security, vulnerabilities, alerts, dependencies, mcp]
14
+ metadata:
15
+ author: Genius
16
+ version: '0.1.0'
17
+ ---
18
+ # GitHub Dependabot Review
19
+
20
+ Domain-typed review of **GitHub Dependabot** vulnerability alerts via the github-agent MCP
21
+ server, scoped to a single **repository** or an entire **organization**. Surfaces open (and
22
+ dismissed/fixed) dependency alerts, drills into a single alert, and dismisses or reopens an
23
+ alert. Prefer this condensed tool over raw REST.
24
+
25
+ ## When to use
26
+ - Audit a **repo's** Dependabot alerts, optionally filtered to `severity=critical` or
27
+ `state=open`.
28
+ - Sweep every alert across an **org** in one endpoint (`list_org`).
29
+ - Read the full detail of one alert (advisory, affected package, fixed version).
30
+ - Dismiss an alert that is a known-acceptable risk, or reopen a previously dismissed one.
31
+
32
+ ## When NOT to use
33
+ - Reviewing **CI / workflow** health → `github-actions-ci-review`.
34
+ - Gating one PR's merge → `github-pull-request-review`.
35
+ - Filing a remediation ticket from an alert → `github-issue-tracking`.
36
+ - Code-scanning or secret-scanning alerts — those are separate GitHub surfaces not covered by
37
+ this tool.
38
+
39
+ ## Prerequisites & environment
40
+ Connect via the `mcp-client` skill against the **`github-agent`** MCP server.
41
+
42
+ | Variable | Required | Notes |
43
+ |----------|----------|-------|
44
+ | `GITHUB_TOKEN` | ✅ | Token with `security_events` (or `repo`) scope; org read for `list_org` |
45
+ | `GITHUB_URL` | optional | API base (default `https://api.github.com`; set for GHES) |
46
+ | `GITHUB_VERIFY` | optional | TLS verification toggle |
47
+ | `GITHUB_ALLOW_DESTRUCTIVE` | optional | Set `True` to allow `update` (dismiss/reopen) without per-call `allow_destructive` |
48
+
49
+ `MCP_TOOL_MODE` (`condensed`|`verbose`|`both`) selects the condensed surface (below).
50
+
51
+ ## Tools & actions
52
+ Prefer the **condensed** tool; it takes `action` + a `params_json` **JSON string**.
53
+
54
+ | Condensed tool | Actions |
55
+ |----------------|---------|
56
+ | `github_dependabot` | `list`, `get`, `list_org`, `update` |
57
+
58
+ ### Key parameters
59
+ - `list`: `owner` + `repo`, plus optional `state` (`open`/`dismissed`/`fixed`/`auto_dismissed`),
60
+ `severity` (`low`/`medium`/`high`/`critical`), `ecosystem`, `package`, `scope`
61
+ (`development`/`runtime`), `sort`, `direction`, `per_page`.
62
+ - `get`: `owner` + `repo` + `alert_number`.
63
+ - `list_org`: `org`, plus the same optional filters — one org-wide endpoint.
64
+ - `update`: `owner` + `repo` + `alert_number` + `state` (`dismissed`|`open`). To dismiss you
65
+ MUST supply `dismissed_reason` (`fix_started`/`inaccurate`/`no_bandwidth`/`not_used`/
66
+ `tolerable_risk`); `dismissed_comment` is optional. Guarded — pass `allow_destructive=true`
67
+ (or set `GITHUB_ALLOW_DESTRUCTIVE=True`).
68
+
69
+ ## Recipes (`params_json`)
70
+ Open critical alerts for a repo:
71
+ ```json
72
+ {"owner":"acme","repo":"api","state":"open","severity":"critical","per_page":50}
73
+ ```
74
+ Every open alert across an org:
75
+ ```json
76
+ {"org":"acme","state":"open","per_page":100}
77
+ ```
78
+ One alert's full detail:
79
+ ```json
80
+ {"owner":"acme","repo":"api","alert_number":42}
81
+ ```
82
+ Dismiss an alert as a tolerable risk (needs `allow_destructive=true`):
83
+ ```json
84
+ {"owner":"acme","repo":"api","alert_number":42,"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"Not reachable from a public entrypoint."}
85
+ ```
86
+ Reopen a previously dismissed alert:
87
+ ```json
88
+ {"owner":"acme","repo":"api","alert_number":42,"state":"open"}
89
+ ```
90
+
91
+ ## Gotchas
92
+ - `params_json` is a **string** of JSON, not an object — serialize it.
93
+ - `update` is a **guarded write**: it returns `403` unless `allow_destructive=true` or
94
+ `GITHUB_ALLOW_DESTRUCTIVE=True`. Confirm with the user before dismissing.
95
+ - Dismissing **requires** a `dismissed_reason` from GitHub's fixed set; a missing/invalid
96
+ reason is rejected by the API.
97
+ - `alert_number` is the per-repo alert number (from the alert URL / list item), not a global id.
98
+ - `list` / `list_org` default to a single page — pass `per_page` (max 100) for wider sweeps.
99
+
100
+ ## Related
101
+ - **CI health:** `github-actions-ci-review`.
102
+ - **Filing remediation issues:** `github-issue-tracking`.
103
+ - **KG mapping:** alerts relate to `:Repository` nodes via `github_agent.kg_ingest`.
@@ -1,5 +1,6 @@
1
1
  ---
2
2
  name: github-issue-tracking
3
+ skill_type: skill
3
4
  description: >-
4
5
  Issue triage and search on GitHub via the github-agent MCP server — list, read, open,
5
6
  and update issues (repo-scoped or org-wide in one search call), and run repository /
@@ -1,5 +1,6 @@
1
1
  ---
2
2
  name: github-pull-request-create
3
+ skill_type: skill
3
4
  description: >-
4
5
  Open a new GitHub pull request against a repository via the github-agent MCP server —
5
6
  from a head branch into a base branch, with title, body, draft flag, and requested
@@ -1,5 +1,6 @@
1
1
  ---
2
2
  name: github-pull-request-review
3
+ skill_type: skill
3
4
  description: >-
4
5
  Review and merge GitHub pull requests via the github-agent MCP server — by default the
5
6
  PRs assigned to you or where your review is requested, optionally scoped to an org, user,
@@ -1,5 +1,6 @@
1
1
  ---
2
2
  name: github-repository-management
3
+ skill_type: skill
3
4
  description: >-
4
5
  Repository lifecycle and structure operations on GitHub via the github-agent MCP
5
6
  server — list/read/create/update/delete repositories, manage branches and branch
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: github-agent
3
- Version: 1.1.0
3
+ Version: 1.2.0
4
4
  Summary: GitHub Agent for MCP
5
5
  Author-email: Audel Rouhi <knucklessg1@gmail.com>
6
6
  License: MIT
@@ -48,7 +48,7 @@ Dynamic: license-file
48
48
  ![PyPI - Wheel](https://img.shields.io/pypi/wheel/github-agent)
49
49
  ![PyPI - Implementation](https://img.shields.io/pypi/implementation/github-agent)
50
50
 
51
- *Version: 1.1.0*
51
+ *Version: 1.2.0*
52
52
 
53
53
  > **Documentation** — Installation, deployment, and usage across the MCP, API, and
54
54
  > CLI interfaces, including the integrated A2A agent server, are maintained in the
@@ -98,6 +98,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
98
98
  | `github_collaborators` | `COLLABORATORTOOL` | Manage repository collaborators. |
99
99
  | `github_commits` | `COMMITTOOL` | Manage GitHub commits. |
100
100
  | `github_contents` | `CONTENTTOOL` | Manage GitHub contents. |
101
+ | `github_dependabot` | `DEPENDABOTTOOL` | Review and manage GitHub Dependabot vulnerability alerts. |
101
102
  | `github_discover_graphql_schema` | `GRAPHQLTOOL` | Discover the live GitHub GraphQL schema (types, fields, and attributes) in real-time. |
102
103
  | `github_graphql` | `GRAPHQLTOOL` | Execute raw GraphQL queries and mutations natively on GitHub. |
103
104
  | `github_ingest_repos` | `INGESTTOOL` | Natively ingest GitHub repositories into epistemic-graph as typed :Repository nodes. |
@@ -111,7 +112,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
111
112
  #### Verbose 1:1 API-mapped tools (`MCP_TOOL_MODE=verbose` or `both`)
112
113
 
113
114
  <details>
114
- <summary>72 per-operation tools — one per public API method (click to expand)</summary>
115
+ <summary>76 per-operation tools — one per public API method (click to expand)</summary>
115
116
 
116
117
  | MCP Tool | Toggle Env Var | Description |
117
118
  |----------|----------------|-------------|
@@ -144,8 +145,11 @@ _Auto-generated from the live MCP server — do not edit by hand._
144
145
  | `github_get_commit` | `APITOOL` | Get a single commit in a repository. |
145
146
  | `github_get_commits` | `APITOOL` | List commits for a repository. |
146
147
  | `github_get_contents` | `APITOOL` | Get contents of a file or directory in a repository. |
148
+ | `github_get_dependabot_alert` | `APITOOL` | Get a single Dependabot alert. |
149
+ | `github_get_dependabot_alerts` | `APITOOL` | List Dependabot alerts for a repository. |
147
150
  | `github_get_issue` | `APITOOL` | Get a single issue in a repository. |
148
151
  | `github_get_issues` | `APITOOL` | List issues for a repository. |
152
+ | `github_get_org_dependabot_alerts` | `APITOOL` | List Dependabot alerts for an entire organization. |
149
153
  | `github_get_org_members` | `APITOOL` | List members for an organization. |
150
154
  | `github_get_org_repos` | `APITOOL` | List repositories for an organization. |
151
155
  | `github_get_org_teams` | `APITOOL` | List teams for an organization. |
@@ -181,6 +185,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
181
185
  | `github_trigger_workflow_dispatch` | `APITOOL` | Trigger a workflow dispatch event. |
182
186
  | `github_update_branch_protection` | `APITOOL` | Update branch protection configuration. |
183
187
  | `github_update_content` | `APITOOL` | Update a file in a repository. |
188
+ | `github_update_dependabot_alert` | `APITOOL` | Update the state of a Dependabot alert. |
184
189
  | `github_update_issue` | `APITOOL` | Update an issue in a repository. |
185
190
  | `github_update_organization` | `APITOOL` | Update an organization's profile and member settings. |
186
191
  | `github_update_pages` | `APITOOL` | Update the GitHub Pages configuration for a repository. |
@@ -190,7 +195,7 @@ _Auto-generated from the live MCP server — do not edit by hand._
190
195
 
191
196
  </details>
192
197
 
193
- _14 action-routed tool(s) (default) · 72 verbose 1:1 tool(s). Each is enabled unless its `<DOMAIN>TOOL` toggle is set false; `MCP_TOOL_MODE` selects the surface (`condensed` default · `verbose` 1:1 · `both`). Auto-generated — do not edit._
198
+ _15 action-routed tool(s) (default) · 76 verbose 1:1 tool(s). Each is enabled unless its `<DOMAIN>TOOL` toggle is set false; `MCP_TOOL_MODE` selects the surface (`condensed` default · `verbose` 1:1 · `both`). Auto-generated — do not edit._
194
199
  <!-- MCP-TOOLS-TABLE:END -->
195
200
 
196
201
  Detailed tool schemas, parameter shapes, and validation constraints are preserved in [docs/mcp.md](docs/mcp.md).
@@ -245,6 +250,7 @@ When query strings or parameters are supplied, an LLM-free **Knowledge Graph res
245
250
  "COLLABORATORTOOL": "True",
246
251
  "COMMITTOOL": "True",
247
252
  "CONTENTTOOL": "True",
253
+ "DEPENDABOTTOOL": "True",
248
254
  "GITHUB_ALLOW_DESTRUCTIVE": "False",
249
255
  "GITHUB_HTTP_CONNECT_TIMEOUT": "10",
250
256
  "GITHUB_HTTP_READ_TIMEOUT": "30",
@@ -291,6 +297,7 @@ When query strings or parameters are supplied, an LLM-free **Knowledge Graph res
291
297
  "COLLABORATORTOOL": "True",
292
298
  "COMMITTOOL": "True",
293
299
  "CONTENTTOOL": "True",
300
+ "DEPENDABOTTOOL": "True",
294
301
  "GITHUB_ALLOW_DESTRUCTIVE": "False",
295
302
  "GITHUB_HTTP_CONNECT_TIMEOUT": "10",
296
303
  "GITHUB_HTTP_READ_TIMEOUT": "30",
@@ -338,6 +345,7 @@ docker run -d \
338
345
  -e COLLABORATORTOOL=True \
339
346
  -e COMMITTOOL=True \
340
347
  -e CONTENTTOOL=True \
348
+ -e DEPENDABOTTOOL=True \
341
349
  -e GITHUB_ALLOW_DESTRUCTIVE=False \
342
350
  -e GITHUB_HTTP_CONNECT_TIMEOUT=10 \
343
351
  -e GITHUB_HTTP_READ_TIMEOUT=30 \
@@ -408,6 +416,7 @@ consumed from a **remote deployment**. The
408
416
  | `COLLABORATORTOOL` | `True` | |
409
417
  | `COMMITTOOL` | `True` | |
410
418
  | `CONTENTTOOL` | `True` | |
419
+ | `DEPENDABOTTOOL` | `True` | |
411
420
  | `GRAPHQLTOOL` | `True` | |
412
421
  | `INGESTTOOL` | `True` | |
413
422
  | `ISSUETOOL` | `True` | |
@@ -434,7 +443,7 @@ consumed from a **remote deployment**. The
434
443
  | `MODEL_ID` | `gpt-4o` | Model id for the agent |
435
444
  | `ENABLE_WEB_UI` | `True` | Serve the AG-UI web interface |
436
445
 
437
- _33 package + 12 inherited variable(s). Auto-generated from `.env.example` + the shared agent-utilities set — do not edit._
446
+ _34 package + 12 inherited variable(s). Auto-generated from `.env.example` + the shared agent-utilities set — do not edit._
438
447
  <!-- ENV-VARS-TABLE:END -->
439
448
 
440
449
 
@@ -23,6 +23,7 @@ github_agent/api/api_client_base.py
23
23
  github_agent/api/api_client_branches.py
24
24
  github_agent/api/api_client_commits.py
25
25
  github_agent/api/api_client_contents.py
26
+ github_agent/api/api_client_dependabot.py
26
27
  github_agent/api/api_client_issues.py
27
28
  github_agent/api/api_client_orgs.py
28
29
  github_agent/api/api_client_pages.py
@@ -39,6 +40,7 @@ github_agent/mcp/mcp_branch.py
39
40
  github_agent/mcp/mcp_collaborator.py
40
41
  github_agent/mcp/mcp_commit.py
41
42
  github_agent/mcp/mcp_content.py
43
+ github_agent/mcp/mcp_dependabot.py
42
44
  github_agent/mcp/mcp_issue.py
43
45
  github_agent/mcp/mcp_org.py
44
46
  github_agent/mcp/mcp_pull.py
@@ -52,6 +54,7 @@ github_agent/prompts/code_collaboration_specialist.json
52
54
  github_agent/prompts/main_agent.json
53
55
  github_agent/skills/__init__.py
54
56
  github_agent/skills/github-actions-ci-review/SKILL.md
57
+ github_agent/skills/github-dependabot-review/SKILL.md
55
58
  github_agent/skills/github-issue-tracking/SKILL.md
56
59
  github_agent/skills/github-pull-request-create/SKILL.md
57
60
  github_agent/skills/github-pull-request-review/SKILL.md
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
4
4
 
5
5
  [project]
6
6
  name = "github-agent"
7
- version = "1.1.0"
7
+ version = "1.2.0"
8
8
  readme = "README.md"
9
9
  description = "GitHub Agent for MCP"
10
10
  requires-python = ">=3.11, <3.15"
File without changes
File without changes