You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
from .list_repo_incidentsimportlist_repo_incidents
7
8
8
9
logger=logging.getLogger(__name__)
9
10
10
11
11
-
12
-
13
12
asyncdefremediate_secret_incidents(
14
13
repository_name: str=Field(
15
14
description="The full repository name. For example, for https://github.com/GitGuardian/gg-mcp.git the full name is GitGuardian/gg-mcp. Pass the current repository name if not provided."
Find and remediate secret incidents in the current repository.
29
+
Find and remediate secret incidents in the current repository using EXACT match locations.
31
30
32
31
By default, this tool only shows incidents assigned to the current user. Pass mine=False to get all incidents related to this repo.
33
32
34
-
This tool follows a workflow to:
35
-
1. Use the provided repository name to search for incidents
36
-
2. List secret occurrences for the repository
37
-
3. Analyze and provide recommendations to remove secrets from the codebase
38
-
4. IMPORTANT:Make the changes to the codebase to remove the secrets from the code using best practices for the language. All occurrences must not appear in the codebase anymore.
39
-
IMPORTANT: If the repository is using a package manager like npm, cargo, uv or others, use it to install the required packages.
40
-
5. Only optional: propose to rewrite git history
33
+
This tool now uses the occurrences API to get precise file locations, line numbers, and character indices,
34
+
eliminating the need to search for secrets in files. The workflow is:
35
+
36
+
1. Fetch secret occurrences with exact match locations (file path, line_start, line_end, index_start, index_end)
37
+
2. Group occurrences by file for efficient remediation
38
+
3. Sort matches from bottom to top to prevent line number shifts during editing
39
+
4. Provide detailed remediation steps with exact locations for each secret
40
+
5. IMPORTANT: Make the changes to the codebase using the provided indices:
41
+
- Use index_start and index_end to locate the exact secret in the file
42
+
- Replace hardcoded secrets with environment variable references
43
+
- Ensure all occurrences are removed from the codebase
44
+
- IMPORTANT: If the repository uses a package manager (npm, cargo, uv, etc.), use it to install required packages
45
+
6. Optional: Generate git commands to rewrite history and remove secrets from git
41
46
47
+
The tool provides:
48
+
- Exact file paths and line numbers for each secret
49
+
- Character-level indices (index_start, index_end) to locate secrets precisely
50
+
- Context lines (pre/post) to understand the surrounding code
51
+
- Sorted matches to enable safe sequential removal (bottom-to-top)
42
52
43
53
Args:
44
-
repository_name: The full repository name. For example, for https://github.com/GitGuardian/gg-mcp.git the full name is GitGuardian/gg-mcp
54
+
repository_name: The full repository name (e.g., 'GitGuardian/gg-mcp')
45
55
include_git_commands: Whether to include git commands to fix incidents in git history
46
56
create_env_example: Whether to create a .env.example file with placeholders for detected secrets
47
-
get_all: Whether to get all incidents or just the first page
48
-
mine: If True, fetch only incidents assigned to the current user. Set to False to get all incidents.
57
+
get_all: Whether to get all occurrences or just the first page
58
+
mine: If True, fetch only occurrences for incidents assigned to the current user. Set to False to get all.
49
59
50
60
Returns:
51
61
A dictionary containing:
52
-
- repository_info: Information about the detected repository
53
-
- incidents: List of detected incidents
54
-
- remediation_steps: Steps to remediate the incidents
62
+
- repository_info: Information about the repository
63
+
- summary: Overview of occurrences, files affected, and secret types
64
+
- remediation_steps: Detailed steps with exact locations for each file
0 commit comments