Tweak tool name and description

mtodor · mtodor · commit 4c1ee42ea29b · 2026-01-14T10:32:43.000+01:00
diff --git a/internal/toolsets/vulnerability/clusters.go b/internal/toolsets/vulnerability/clusters.go
@@ -47,10 +47,10 @@ type getClustersForCVETool struct {
 	client *client.Client
 }
 
-// NewGetClustersForCVETool creates a new get_clusters_for_cve tool.
+// NewGetClustersForCVETool creates a new get_clusters_with_orchestrator_cve tool.
 func NewGetClustersForCVETool(c *client.Client) toolsets.Tool {
 	return &getClustersForCVETool{
-		name:   "get_clusters_for_cve",
+		name:   "get_clusters_with_orchestrator_cve",
 		client: c,
 	}
 }
@@ -68,8 +68,12 @@ func (t *getClustersForCVETool) GetName() string {
 // GetTool returns the MCP Tool definition.
 func (t *getClustersForCVETool) GetTool() *mcp.Tool {
 	return &mcp.Tool{
-		Name:        t.name,
-		Description: "Get list of clusters affected by a specific CVE",
+		Name: t.name,
+		Description: "Get list of clusters where a specified CVE is detected in Kubernetes orchestrator components" +
+			" (kube-apiserver, kubelet, etcd, etc.)." +
+			" Returns clusters where the Kubernetes infrastructure itself has the vulnerability." +
+			" For comprehensive CVE analysis, also check get_deployments_for_cve (application workloads)" +
+			" and get_nodes_for_cve (node OS packages).",
 		InputSchema: getClustersForCVEInputSchema(),
 	}
 }
@@ -87,7 +91,8 @@ func getClustersForCVEInputSchema() *jsonschema.Schema {
 	schema.Required = []string{"cveName"}
 
 	schema.Properties["cveName"].Description = "CVE name to filter clusters (e.g., CVE-2021-44228)"
-	schema.Properties["filterClusterId"].Description = "Optional cluster ID to verify if a specific cluster is affected"
+	schema.Properties["filterClusterId"].Description = "Optional cluster ID to verify if a specified CVE" +
+		" is detected on that cluster"
 
 	return schema
 }
diff --git a/internal/toolsets/vulnerability/clusters_test.go b/internal/toolsets/vulnerability/clusters_test.go
@@ -17,14 +17,14 @@ import (
 func TestNewGetClustersForCVETool(t *testing.T) {
 	tool := NewGetClustersForCVETool(&client.Client{})
 	require.NotNil(t, tool)
-	assert.Equal(t, "get_clusters_for_cve", tool.GetName())
+	assert.Equal(t, "get_clusters_with_orchestrator_cve", tool.GetName())
 }
 
 func TestGetClustersForCVETool_IsReadOnly(t *testing.T) {
 	c := &client.Client{}
 	tool := NewGetClustersForCVETool(c)
 
-	assert.True(t, tool.IsReadOnly(), "get_clusters_for_cve should be read-only")
+	assert.True(t, tool.IsReadOnly(), "get_clusters_with_orchestrator_cve should be read-only")
 }
 
 func TestGetClustersForCVETool_GetTool(t *testing.T) {
@@ -34,8 +34,8 @@ func TestGetClustersForCVETool_GetTool(t *testing.T) {
 	mcpTool := tool.GetTool()
 
 	require.NotNil(t, mcpTool)
-	assert.Equal(t, "get_clusters_for_cve", mcpTool.Name)
-	assert.Contains(t, mcpTool.Description, "clusters affected")
+	assert.Equal(t, "get_clusters_with_orchestrator_cve", mcpTool.Name)
+	assert.Contains(t, mcpTool.Description, "clusters where a specified CVE is detected")
 	assert.NotNil(t, mcpTool.InputSchema)
 }
 
diff --git a/internal/toolsets/vulnerability/deployments.go b/internal/toolsets/vulnerability/deployments.go
@@ -92,8 +92,11 @@ func (t *getDeploymentsForCVETool) GetName() string {
 // GetTool returns the MCP Tool definition.
 func (t *getDeploymentsForCVETool) GetTool() *mcp.Tool {
 	return &mcp.Tool{
-		Name:        t.name,
-		Description: "Get list of deployments affected by a specific CVE",
+		Name: t.name,
+		Description: "Get list of deployments where a specified CVE is detected in application" +
+			" or platform container images. Checks user workloads for vulnerabilities." +
+			" For complete CVE analysis, also check get_clusters_with_orchestrator_cve (Kubernetes components)" +
+			" and get_nodes_for_cve (node OS).",
 		InputSchema: getDeploymentsForCVEInputSchema(),
 	}
 }
diff --git a/internal/toolsets/vulnerability/nodes.go b/internal/toolsets/vulnerability/nodes.go
@@ -72,8 +72,11 @@ func (t *getNodesForCVETool) GetName() string {
 // GetTool returns the MCP Tool definition.
 func (t *getNodesForCVETool) GetTool() *mcp.Tool {
 	return &mcp.Tool{
-		Name:        t.name,
-		Description: "Get aggregated node groups affected by a specific CVE, grouped by cluster and operating system image",
+		Name: t.name,
+		Description: "Get aggregated node groups where a specified CVE is detected in node operating system packages" +
+			", grouped by cluster and OS image. Checks OS-level vulnerabilities on cluster nodes." +
+			" For comprehensive CVE coverage, also use get_clusters_with_orchestrator_cve (K8s components)" +
+			" and get_deployments_for_cve (workloads).",
 		InputSchema: getNodesForCVEInputSchema(),
 	}
 }
diff --git a/internal/toolsets/vulnerability/toolset_test.go b/internal/toolsets/vulnerability/toolset_test.go
@@ -41,7 +41,7 @@ func TestToolset_IsEnabled_True(t *testing.T) {
 	require.Len(t, tools, 3, "Should have all vulnerability tools")
 	assert.Equal(t, "get_deployments_for_cve", tools[0].GetName())
 	assert.Equal(t, "get_nodes_for_cve", tools[1].GetName())
-	assert.Equal(t, "get_clusters_for_cve", tools[2].GetName())
+	assert.Equal(t, "get_clusters_with_orchestrator_cve", tools[2].GetName())
 }
 
 func TestToolset_IsEnabled_False(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -47,10 +47,10 @@ type getClustersForCVETool struct {`
`47`	`47`	`client *client.Client`
`48`	`48`	`}`
`49`	`49`
`50`		`-// NewGetClustersForCVETool creates a new get_clusters_for_cve tool.`
	`50`	`+// NewGetClustersForCVETool creates a new get_clusters_with_orchestrator_cve tool.`
`51`	`51`	`func NewGetClustersForCVETool(c *client.Client) toolsets.Tool {`
`52`	`52`	`return &getClustersForCVETool{`
`53`		`- name: "get_clusters_for_cve",`
	`53`	`+ name: "get_clusters_with_orchestrator_cve",`
`54`	`54`	`client: c,`
`55`	`55`	`}`
`56`	`56`	`}`
`@@ -68,8 +68,12 @@ func (t *getClustersForCVETool) GetName() string {`
`68`	`68`	`// GetTool returns the MCP Tool definition.`
`69`	`69`	`func (t getClustersForCVETool) GetTool() mcp.Tool {`
`70`	`70`	`return &mcp.Tool{`
`71`		`- Name: t.name,`
`72`		`- Description: "Get list of clusters affected by a specific CVE",`
	`71`	`+ Name: t.name,`
	`72`	`+ Description: "Get list of clusters where a specified CVE is detected in Kubernetes orchestrator components" +`
	`73`	`+ " (kube-apiserver, kubelet, etcd, etc.)." +`
	`74`	`+ " Returns clusters where the Kubernetes infrastructure itself has the vulnerability." +`
	`75`	`+ " For comprehensive CVE analysis, also check get_deployments_for_cve (application workloads)" +`
	`76`	`+ " and get_nodes_for_cve (node OS packages).",`
`73`	`77`	`InputSchema: getClustersForCVEInputSchema(),`
`74`	`78`	`}`
`75`	`79`	`}`
`@@ -87,7 +91,8 @@ func getClustersForCVEInputSchema() *jsonschema.Schema {`
`87`	`91`	`schema.Required = []string{"cveName"}`
`88`	`92`
`89`	`93`	`schema.Properties["cveName"].Description = "CVE name to filter clusters (e.g., CVE-2021-44228)"`
`90`		`- schema.Properties["filterClusterId"].Description = "Optional cluster ID to verify if a specific cluster is affected"`
	`94`	`+ schema.Properties["filterClusterId"].Description = "Optional cluster ID to verify if a specified CVE" +`
	`95`	`+ " is detected on that cluster"`
`91`	`96`
`92`	`97`	`return schema`
`93`	`98`	`}`
Original file line number	Diff line number	Diff line change
`@@ -92,8 +92,11 @@ func (t *getDeploymentsForCVETool) GetName() string {`
`92`	`92`	`// GetTool returns the MCP Tool definition.`
`93`	`93`	`func (t getDeploymentsForCVETool) GetTool() mcp.Tool {`
`94`	`94`	`return &mcp.Tool{`
`95`		`- Name: t.name,`
`96`		`- Description: "Get list of deployments affected by a specific CVE",`
	`95`	`+ Name: t.name,`
	`96`	`+ Description: "Get list of deployments where a specified CVE is detected in application" +`
	`97`	`+ " or platform container images. Checks user workloads for vulnerabilities." +`
	`98`	`+ " For complete CVE analysis, also check get_clusters_with_orchestrator_cve (Kubernetes components)" +`
	`99`	`+ " and get_nodes_for_cve (node OS).",`
`97`	`100`	`InputSchema: getDeploymentsForCVEInputSchema(),`
`98`	`101`	`}`
`99`	`102`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,8 +72,11 @@ func (t *getNodesForCVETool) GetName() string {`
`72`	`72`	`// GetTool returns the MCP Tool definition.`
`73`	`73`	`func (t getNodesForCVETool) GetTool() mcp.Tool {`
`74`	`74`	`return &mcp.Tool{`
`75`		`- Name: t.name,`
`76`		`- Description: "Get aggregated node groups affected by a specific CVE, grouped by cluster and operating system image",`
	`75`	`+ Name: t.name,`
	`76`	`+ Description: "Get aggregated node groups where a specified CVE is detected in node operating system packages" +`
	`77`	`+ ", grouped by cluster and OS image. Checks OS-level vulnerabilities on cluster nodes." +`
	`78`	`+ " For comprehensive CVE coverage, also use get_clusters_with_orchestrator_cve (K8s components)" +`
	`79`	`+ " and get_deployments_for_cve (workloads).",`
`77`	`80`	`InputSchema: getNodesForCVEInputSchema(),`
`78`	`81`	`}`
`79`	`82`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func TestToolset_IsEnabled_True(t *testing.T) {`
`41`	`41`	`require.Len(t, tools, 3, "Should have all vulnerability tools")`
`42`	`42`	`assert.Equal(t, "get_deployments_for_cve", tools[0].GetName())`
`43`	`43`	`assert.Equal(t, "get_nodes_for_cve", tools[1].GetName())`
`44`		`- assert.Equal(t, "get_clusters_for_cve", tools[2].GetName())`
	`44`	`+ assert.Equal(t, "get_clusters_with_orchestrator_cve", tools[2].GetName())`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`func TestToolset_IsEnabled_False(t *testing.T) {`