refactor: Rename SysQL tool and remove deprecated tools

README.md

@@ -1,8 +1,8 @@
 # MCP Server
 
-| App Test | Helm Test |
-|------|---------|
-| [![App Test](https://github.com/sysdiglabs/sysdig-mcp-server/actions/workflows/publish.yaml/badge.svg?branch=main)](https://github.com/sysdiglabs/sysdig-mcp-server/actions/workflows/publish.yaml) | [![Helm Test](https://github.com/sysdiglabs/sysdig-mcp-server/actions/workflows/helm_test.yaml/badge.svg?branch=main)](https://github.com/sysdiglabs/sysdig-mcp-server/actions/workflows/helm_test.yaml) |
+| App Test |
+|------|
+| [![App Test](https://github.com/sysdiglabs/sysdig-mcp-server/actions/workflows/publish.yaml/badge.svg?branch=main)](https://github.com/sysdiglabs/sysdig-mcp-server/actions/workflows/publish.yaml) |
 
 ---
 
@@ -96,37 +96,11 @@ Get up and running with the Sysdig MCP Server quickly using our pre-built Docker
 </details>
 
 <details>
-<summary><strong>Inventory</strong></summary>
+<summary><strong>Sysdig SysQL</strong></summary>
 
 | Tool Name | Description | Sample Prompt |
 |-----------|-------------|----------------|
-| `list_resources` | List inventory resources using filters (e.g., platform or category) | "List all exposed IAM resources in AWS" |
-| `get_resource` | Get detailed information about an inventory resource by its hash | "Get inventory details for hash abc123" |
-
-</details>
-
-<details>
-<summary><strong>Vulnerability Management</strong></summary>
-
-| Tool Name | Description | Sample Prompt |
-|-----------|-------------|----------------|
-| `list_runtime_vulnerabilities` | List runtime vulnerability scan results with filtering | "List running vulnerabilities in cluster1 sorted by severity" |
-| `list_accepted_risks` | List all accepted vulnerability risks | "Show me all accepted risks related to nginx containers" |
-| `get_accepted_risk` | Retrieve a specific accepted risk by ID | "Get details for accepted risk id abc123" |
-| `list_registry_scan_results` | List scan results for container registries | "List failed scans from harbor registry" |
-| `get_vulnerability_policy_by_id` | Get a specific vulnerability policy by ID | "Show policy ID 42" |
-| `list_vulnerability_policies` | List all vulnerability policies | "List all vulnerability policies for pipeline stage" |
-| `list_pipeline_scan_results` | List CI pipeline scan results | "Show me pipeline scans that failed for ubuntu images" |
-| `get_scan_result` | Retrieve detailed scan results by scan ID | "Get results for scan ID 456def" |
-
-</details>
-
-<details>
-<summary><strong>Sysdig Sage</strong></summary>
-
-| Tool Name | Description | Sample Prompt |
-|-----------|-------------|----------------|
-| `sysdig_sysql_sage_query` | Generate and run a SysQL query using natural language | "List top 10 pods by memory usage in the last hour" |
+| `generate_and_run_sysql` | Generate and run a SysQL query using natural language | "List top 10 pods by memory usage in the last hour" |
 
 </details>
 
@@ -141,8 +115,6 @@ Get up and running with the Sysdig MCP Server quickly using our pre-built Docker
 
 ### Available Resources
 
-- Sysdig Secure Vulnerability Management Overview:
-  - VM documentation based on the following [url](https://docs.sysdig.com/en/sysdig-secure/vulnerability-management/)
 - Sysdig Filter Query Language Instructions:
   - Sysdig Filter Query Language for different API endpoint filters
 

tests/conftest.py

@@ -8,7 +8,7 @@
 from utils.app_config import AppConfig
 from unittest.mock import MagicMock, create_autospec, patch
 from fastmcp.server.context import Context
-from sysdig_client import SecureEventsApi, ApiClient, InventoryApi, VulnerabilityManagementApi
+from sysdig_client import SecureEventsApi, ApiClient
 from utils.sysdig.legacy_sysdig_api import LegacySysdigApi
 from fastmcp.server import FastMCP
 
@@ -79,8 +79,6 @@ def mock_context() -> Context:
 
     api_instances = {
         "secure_events": SecureEventsApi(ApiClient()),
-        "vulnerability_management": VulnerabilityManagementApi(ApiClient()),
-        "inventory": InventoryApi(ApiClient()),
         "legacy_sysdig_api": LegacySysdigApi(ApiClient()),
     }
     ctx.set_state("api_instances", api_instances)

tools/events_feed/tool.py

@@ -213,7 +213,7 @@ def tool_get_event_process_tree(self, ctx: Context, event_id: str) -> dict:
                 self.log.error(f"Exception when calling process tree API: {e}")
                 raise ToolError(f"Failed to get process tree: {e}")
         except ToolError as e:
-            self.log.error(f"Exception when calling Sysdig Sage API to get process tree: {e}")
+            self.log.error(f"Exception when calling Sysdig API to get process tree: {e}")
             raise e
 
     # Prompts
@@ -224,7 +224,7 @@ def investigate_event_prompt(self, severity: str, relative_time: str) -> PromptM
             severity (str): The severity level of the security event (e.g., "high", "medium", "low").
             relative_time (str): The time range for the events to investigate (e.g., "last 24 hours").
         Returns:
-            PromptMessage: A message object containing the prompt for investigation.
+            PromptMessage: An object containing the prompt for investigation.
         """
         content = (
             f"Please investigate security events with severity '{severity}' of the last {relative_time}. "

tools/sysdig_sage/tool.py → tools/sysql/tool.py

@@ -1,6 +1,6 @@
 """
-Sysdig Sage Tool
-This tool provides functionality to interact with Sysdig Sage, allowing users to
+Sysdig SysQL Tool
+This tool provides functionality to interact with Sysdig, allowing users to
 generate SysQL queries based on natural language questions and execute them against the Sysdig API.
 """
 
@@ -14,9 +14,9 @@
 from utils.query_helpers import create_standard_response
 
 
-class SageTools:
+class SysQLTools:
     """
-    A class to encapsulate the tools for interacting with Sysdig Sage.
+    A class to encapsulate the tools for interacting with Sysdig SysQL.
     This class provides methods to generate SysQL queries based on natural
     language questions and execute them against the Sysdig API.
     """
@@ -25,14 +25,14 @@ def __init__(self, app_config: AppConfig):
         self.app_config = app_config
         self.log = logging.getLogger(__name__)
 
-    async def tool_sage_to_sysql(self, ctx: Context, question: str) -> dict:
+    async def tool_generate_and_run_sysql(self, ctx: Context, question: str) -> dict:
         """
-        Queries Sysdig Sage with a natural language question, retrieves a SysQL query,
+        Queries Sysdig with a natural language question, retrieves a SysQL query,
         executes it against the Sysdig API, and returns the results.
 
         Args:
             ctx (Context): A context object containing configuration information.
-            question (str): A natural language question to send to Sage.
+            question (str): A natural language question to send to Sysdig.
 
         Returns:
             dict: A dictionary containing the results of the SysQL query execution and the query text.
@@ -41,9 +41,11 @@ async def tool_sage_to_sysql(self, ctx: Context, question: str) -> dict:
             ToolError: If the SysQL query generation or execution fails.
 
         Examples:
-            # tool_sage_to_sysql(question="Match Cloud Resource affected by Critical Vulnerability")
-            # tool_sage_to_sysql(question="Match Kubernetes Workload affected by Critical Vulnerability")
-            # tool_sage_to_sysql(question="Match AWS EC2 Instance that violates control 'EC2 - Instances should use IMDSv2'")
+            # tool_generate_and_run_sysql(question="Match Cloud Resource affected by Critical Vulnerability")
+            # tool_generate_and_run_sysql(question="Match Kubernetes Workload affected by Critical Vulnerability")
+            # tool_generate_and_run_sysql(
+            #     question="Match AWS EC2 Instance that violates control 'EC2 - Instances should use IMDSv2'"
+            # )
         """
         # 1) Generate SysQL query
         try:
@@ -56,14 +58,14 @@ async def tool_sage_to_sysql(self, ctx: Context, question: str) -> dict:
 
             sysql_response = await legacy_api_client.generate_sysql_query(question)
             if sysql_response.status > 299:
-                raise ToolError(f"Sysdig Sage returned an error: {sysql_response.status} - {sysql_response.data}")
+                raise ToolError(f"Sysdig returned an error: {sysql_response.status} - {sysql_response.data}")
         except ToolError as e:
             self.log.error(f"Failed to generate SysQL query: {e}")
             raise e
         json_resp = sysql_response.json() if sysql_response.data else {}
         sysql_query: str = json_resp.get("text", "")
         if not sysql_query:
-            return {"error": "Sysdig Sage did not return a query"}
+            return {"error": "Sysdig did not return a query"}
 
         # 2) Execute generated SysQL query
         try: