After #75 was fixed, I tested the MCP functionality with these prompts:
- "Show me the top 10 most recent incidents in table format, ordered by severity and triggered_at" → ✅ Works
- "Dive into the first one on the list. Fetch all the details for that ID" → ❌ Fails (pagination takes too long)
Goals
As a security admin, I would like to be able to:
- Query incidents by source, tags, and other filters
- Drill down into specific incidents without pagination
- Ignore/resolve incidents directly via MCP (especially for bulk handling
TEST_FILE secrets)
Feature Requests
The GitGuardian API supports single-incident operations that would enable the workflows above:
-
get_incident(incident_id) - Retrieve a single incident with occurrences
GET /v1/incidents/secrets/{incident_id}- Would allow drilling down into specific incidents without paginating through all occurrences
-
ignore_incident(incident_id, reason) - Ignore an incident
POST /v1/incidents/secrets/{incident_id}/ignore- Would enable bulk ignoring of
TEST_FILE tagged secrets
-
resolve_incident(incident_id) - Resolve an incident
POST /v1/incidents/secrets/{incident_id}/resolve
Would it be possible to implement these endpoints ? Would api-tokens need to have specific scopes ?
After #75 was fixed, I tested the MCP functionality with these prompts:
Goals
As a security admin, I would like to be able to:
TEST_FILEsecrets)Feature Requests
The GitGuardian API supports single-incident operations that would enable the workflows above:
get_incident(incident_id)- Retrieve a single incident with occurrencesGET /v1/incidents/secrets/{incident_id}ignore_incident(incident_id, reason)- Ignore an incidentPOST /v1/incidents/secrets/{incident_id}/ignoreTEST_FILEtagged secretsresolve_incident(incident_id)- Resolve an incidentPOST /v1/incidents/secrets/{incident_id}/resolveWould it be possible to implement these endpoints ? Would api-tokens need to have specific scopes ?