feat: critical-first sort and improved MCP pagination#21
Open
algorni wants to merge 5 commits into
Open
Conversation
For CVE, hardening, password-hash and capabilities analyses the default sort order is now "desc" so the most critical findings appear first. Other analysis types keep "asc" (alphabetical by name/type). Adds --sort-order asc|desc flag to `analyzer scan results` and a sort_order param to the MCP get_analysis_results tool for overriding the default. Introduces ResultsOptions struct to keep run_results within clippy's argument-count limit. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
The JSON response now wraps findings in an envelope with: current_page (1-based), total_pages, total_findings, findings. This gives the LLM all the information needed to iterate pages without guessing. Also updates the tool description and server instructions to explicitly document the fetch-all pattern. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
krsh
requested changes
Jun 3, 2026
| pub struct ResultsOptions { | ||
| pub page: Option<u32>, | ||
| pub per_page: Option<u32>, | ||
| pub sort_order: Option<String>, |
Member
There was a problem hiding this comment.
Consider replacing Option<String> with a enum SortOrder { Asc, Desc }
| Ok(results) => match self.mcp_format { | ||
| McpFormat::Json => ok_json(&results), | ||
| McpFormat::Json => { | ||
| let total_pages = results.total_findings.div_ceil(per_page as u64).max(1); |
| Ok(results) => match self.mcp_format { | ||
| McpFormat::Json => ok_json(&results), | ||
| McpFormat::Json => { | ||
| let total_pages = results.total_findings.div_ceil(per_page as u64).max(1); |
Member
There was a problem hiding this comment.
Inconsistent .max(1) on total_pages. The MCP JSON envelope clamps to 1, so empty results read total_pages: 1. The CLI human path and MCP text path don't , they print "Page 1/0" on empty results.
- Add SortOrder { Asc, Desc } enum with clap::ValueEnum, serde and
JsonSchema derives — CLI validates at parse time, MCP schema gets
"enum": ["asc","desc"] so the LLM cannot pass invalid values.
- Fix per_page=0 panic: clamp to max(1) before div_ceil.
- Fix inconsistent .max(1) on total_pages: apply it uniformly in
CLI human output, MCP JSON envelope, and MCP text formatter.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
- page=0 is silently treated as page=1 (both CLI and MCP). - per_page is clamped to [1, 100] to prevent oversized responses that could exhaust memory or consume LLM context budget. - Update help text and MCP param descriptions to document the bounds. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
krsh
approved these changes
Jun 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
descso the most critical findings appear first. All other types keepasc(alphabetical by name/type).--sort-orderflag onanalyzer scan results(CLI) andsort_orderparam on the MCPget_analysis_resultstool to override the default.get_analysis_resultsJSON response: the response now wraps findings in{ current_page, total_pages, total_findings, findings }so the LLM always knows exactly how many pages remain without guessing.ResultsOptionsstruct to keeprun_resultswithin clippy's 7-argument limit.Test plan
analyzer scan results --object <uuid> --analysis cveshows CRITICAL findings firstanalyzer scan results --object <uuid> --analysis cve --sort-order ascshows LOW findings firstanalyzer scan results --object <uuid> --analysis capabilitiesshows HIGH findings firstget_analysis_resultsJSON response includescurrent_page,total_pages,total_findingstotal_pagesis correct:ceil(total_findings / per_page)🤖 Generated with Claude Code