Merge pull request #216 from cloudflare/jrutherford/MON-1208-warp-diag-analysis-tool

theruther4d · web-flow · commit 6e08a6e23c67 · 2025-08-12T17:34:32.000-05:00
Add tool for analyzing WARP-diags for common issues via bonobo
diff --git a/.changeset/purple-moments-greet.md b/.changeset/purple-moments-greet.md
@@ -0,0 +1,5 @@
+---
+'dex-analysis': minor
+---
+
+Add tool for analyzing WARP-diags for common issues via bonobo
diff --git a/apps/dex-analysis/README.md b/apps/dex-analysis/README.md
@@ -23,6 +23,7 @@ Currently available tools:
 |                                      | `dex_list_remote_captures`                 | Retrieve a list of previously created remote captures along with their details and status.                                                             |
 |                                      | `dex_list_remote_warp_diag_contents`       | List the filenames included in a remote WARP diag capture returned by `dex_list_remote_captures`.                                                      |
 |                                      | `dex_explore_remote_warp_diag_output`      | Retreive remote WARP diag file contents by filepath returned by `dex_list_remote_warp_diag_contents`.                                                  |
+|                                      | `dex_analyze_warp_diag`                    | Analyze successful WARP-diag remote captures for common issues.                                                                                        |
 | **Fleet Status**                     | `dex_fleet_status_live`                    | View live metrics for your fleet of zero trust devices for up to the past 1 hour.                                                                      |
 |                                      | `dex_fleet_status_over_time`               | View historical metrics for your fleet of zero trust devices over time.                                                                                |
 |                                      | `dex_fleet_status_logs`                    | View historical logs for your fleet of zero trust devices for up to the past 7 days.                                                                   |
diff --git a/apps/dex-analysis/src/tools/dex-analysis.tools.ts b/apps/dex-analysis/src/tools/dex-analysis.tools.ts
@@ -561,6 +561,33 @@ export function registerDEXTools(agent: CloudflareDEXMCP) {
 			return await reader.read(accessToken, download, filepath)
 		},
 	})
+
+	registerTool({
+		name: 'dex_analyze_warp_diag',
+		description:
+			'Analyze successful WARP-diag remote captures for common issues. This should be the first place you start when trying to narrow down device-level issues with WARP.',
+		schema: {
+			command_id: z
+				.string()
+				.describe('The command_id of the successful WARP-diag remote capture to analyze.'),
+		},
+		llmContext:
+			'Detections with 0 occurences can be ruled out. Focus on detections with the highest severity.',
+		agent,
+		callback: async ({ accessToken, accountId, command_id }) => {
+			return await fetchCloudflareApi({
+				endpoint: `/dex/commands/${command_id}/analysis`,
+				accountId,
+				apiToken: accessToken,
+				options: {
+					method: 'GET',
+					headers: {
+						'Content-Type': 'application/json',
+					},
+				},
+			})
+		},
+	})
 }
 
 // Helper to simplify tool registration by reducing boilerplate for accountId and accessToken

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'dex-analysis': minor
 +---
++
 +Add tool for analyzing WARP-diags for common issues via bonobo