diff --git a/modules/fundamental/src/ai/endpoints/expected_tools_result.json b/modules/fundamental/src/ai/endpoints/expected_tools_result.json index 561564c9a..502184262 100644 --- a/modules/fundamental/src/ai/endpoints/expected_tools_result.json +++ b/modules/fundamental/src/ai/endpoints/expected_tools_result.json @@ -1,13 +1,13 @@ [ { "name": "cve-info", - "description": "This tool can be used to get information about a Vulnerability.\nA Vulnerability is known as a CVE.\n\nVulnerabilities are security issues that may affect software packages.\nVulnerabilities may affect multiple packages.\n\nVulnerability are identified by their CVE Identifier. Examples:\n* CVE-2014-0160\n\nThe input should be the partial name of the Vulnerability to search for.\nWhen the input is a full CVE ID, the tool will provide information about the vulnerability.\nWhen the input is a partial name, the tool will provide a list of possible matches.", + "description": "This tool can be used to get information about a Vulnerability.\nA Vulnerability is also known as a CVE.\n\nVulnerabilities are security issues that may affect software packages.\nVulnerabilities may affect multiple packages.\n\nVulnerability are identified by their CVE Identifier.", "parameters": { "type": "object", "properties": { "input": { "type": "string", - "description": "This tool can be used to get information about a Vulnerability.\nA Vulnerability is known as a CVE.\n\nVulnerabilities are security issues that may affect software packages.\nVulnerabilities may affect multiple packages.\n\nVulnerability are identified by their CVE Identifier. Examples:\n* CVE-2014-0160\n\nThe input should be the partial name of the Vulnerability to search for.\nWhen the input is a full CVE ID, the tool will provide information about the vulnerability.\nWhen the input is a partial name, the tool will provide a list of possible matches." + "description": "\nThe input should be the partial or full name of the Vulnerability to search for. Example:\n* CVE-2014-0160\n\n " } }, "required": [ @@ -17,13 +17,13 @@ }, { "name": "advisory-info", - "description": "This tool can be used to get information about an Advisory.\n\nAdvisories are notifications that a vulnerability affects a product or SBOM.\nAdvisories are issued by a vendor or security organization.\nUnless there is a specific advisory for a CVE, the CVE may or may not affect the product.\n\nAdvisories have a UUID that uniquely identifies the advisory. Example:\n* 2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe input should be the UUID of the Advisory.", + "description": "This tool can be used to get information about an Advisory.\n\nAdvisories are notifications that a vulnerability affects a product or SBOM.\nAdvisories are issued by a vendor or security organization.\nUnless there is a specific advisory for a CVE, the CVE may or may not affect the product.\n\nAdvisories have a UUID that uniquely identifies the advisory.", "parameters": { "type": "object", "properties": { "input": { "type": "string", - "description": "This tool can be used to get information about an Advisory.\n\nAdvisories are notifications that a vulnerability affects a product or SBOM.\nAdvisories are issued by a vendor or security organization.\nUnless there is a specific advisory for a CVE, the CVE may or may not affect the product.\n\nAdvisories have a UUID that uniquely identifies the advisory. Example:\n* 2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe input should be the UUID of the Advisory." + "description": "UUID of the Advisory. Example: 2fd0d1b7-a908-4d63-9310-d57a7f77c6df" } }, "required": [ @@ -49,13 +49,13 @@ }, { "name": "sbom-info", - "description": "This tool retrieves information about a Software Bill of Materials (SBOM). SBOMs are identified by SHA-256, SHA-384, SHA-512 hashes, or UUID URIs. Examples:\n\nsha256:315f7c672f6e4948ffcc6d5a2b30f269c767d6d7d6f41d82ae716b5a46e5a68e\nurn:uuid:2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe tool provides a list of advisories/CVEs affecting the SBOM.\n\nInput: An SBOM identifier or a product name. A full SBOM name typically combines the product name and version (e.g., \"product-version\"). If a user specifies both, use the product name to find the best matching SBOM. For example, \"quarkus 3.2.11\" might correspond to \"quarkus-bom-3.2.11.Final-redhat-00001\".\n\nThe link field contains a URL for more information about the item.", + "description": "This tool retrieves information about a Software Bill of Materials (SBOM). SBOMs are identified by SHA-256, SHA-384, SHA-512 hashes, or UUID URIs. Examples:\n\nsha256:315f7c672f6e4948ffcc6d5a2b30f269c767d6d7d6f41d82ae716b5a46e5a68e\nurn:uuid:2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe tool provides a list of advisories/CVEs affecting the SBOM.", "parameters": { "type": "object", "properties": { "input": { "type": "string", - "description": "This tool retrieves information about a Software Bill of Materials (SBOM). SBOMs are identified by SHA-256, SHA-384, SHA-512 hashes, or UUID URIs. Examples:\n\nsha256:315f7c672f6e4948ffcc6d5a2b30f269c767d6d7d6f41d82ae716b5a46e5a68e\nurn:uuid:2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe tool provides a list of advisories/CVEs affecting the SBOM.\n\nInput: An SBOM identifier or a product name. A full SBOM name typically combines the product name and version (e.g., \"product-version\"). If a user specifies both, use the product name to find the best matching SBOM. For example, \"quarkus 3.2.11\" might correspond to \"quarkus-bom-3.2.11.Final-redhat-00001\".\n\nThe link field contains a URL for more information about the item." + "description": "\nAn SBOM identifier or a product name.\nA full SBOM name typically combines the product name and version (e.g., \"product-version\").\nIf a user specifies both, use the product name get a list of best matching SBOMs.\nFor example, input \"quarkus\" instead of \"quarkus 3.2.11\".\n" } }, "required": [ diff --git a/modules/fundamental/src/ai/service/tools/advisory_info.rs b/modules/fundamental/src/ai/service/tools/advisory_info.rs index 516ca2ba2..aeb6ab5a1 100644 --- a/modules/fundamental/src/ai/service/tools/advisory_info.rs +++ b/modules/fundamental/src/ai/service/tools/advisory_info.rs @@ -1,5 +1,6 @@ use crate::advisory::service::AdvisoryService; use crate::ai::service::tools; +use crate::ai::service::tools::input_description; use async_trait::async_trait; use langchain_rust::tools::Tool; use serde::Serialize; @@ -19,6 +20,10 @@ impl Tool for AdvisoryInfo { String::from("advisory-info") } + fn parameters(&self) -> Value { + input_description("UUID of the Advisory. Example: 2fd0d1b7-a908-4d63-9310-d57a7f77c6df") + } + fn description(&self) -> String { String::from( r##" @@ -28,10 +33,7 @@ Advisories are notifications that a vulnerability affects a product or SBOM. Advisories are issued by a vendor or security organization. Unless there is a specific advisory for a CVE, the CVE may or may not affect the product. -Advisories have a UUID that uniquely identifies the advisory. Example: -* 2fd0d1b7-a908-4d63-9310-d57a7f77c6df - -The input should be the UUID of the Advisory. +Advisories have a UUID that uniquely identifies the advisory. "## .trim(), ) diff --git a/modules/fundamental/src/ai/service/tools/cve_info.rs b/modules/fundamental/src/ai/service/tools/cve_info.rs index 155ce548c..201ea64e0 100644 --- a/modules/fundamental/src/ai/service/tools/cve_info.rs +++ b/modules/fundamental/src/ai/service/tools/cve_info.rs @@ -1,4 +1,5 @@ use crate::ai::service::tools; +use crate::ai::service::tools::input_description; use crate::vulnerability::service::VulnerabilityService; use async_trait::async_trait; use langchain_rust::tools::Tool; @@ -19,21 +20,26 @@ impl Tool for CVEInfo { String::from("cve-info") } + fn parameters(&self) -> Value { + input_description( + r#" +The input should be the partial or full name of the Vulnerability to search for. Example: +* CVE-2014-0160 + + "#, + ) + } + fn description(&self) -> String { String::from( r##" This tool can be used to get information about a Vulnerability. -A Vulnerability is known as a CVE. +A Vulnerability is also known as a CVE. Vulnerabilities are security issues that may affect software packages. Vulnerabilities may affect multiple packages. -Vulnerability are identified by their CVE Identifier. Examples: -* CVE-2014-0160 - -The input should be the partial name of the Vulnerability to search for. -When the input is a full CVE ID, the tool will provide information about the vulnerability. -When the input is a partial name, the tool will provide a list of possible matches. +Vulnerability are identified by their CVE Identifier. "## .trim(), ) diff --git a/modules/fundamental/src/ai/service/tools/mod.rs b/modules/fundamental/src/ai/service/tools/mod.rs index 7e5db8de1..e62b1143a 100644 --- a/modules/fundamental/src/ai/service/tools/mod.rs +++ b/modules/fundamental/src/ai/service/tools/mod.rs @@ -9,6 +9,7 @@ use crate::sbom::service::SbomService; use crate::vulnerability::service::VulnerabilityService; use langchain_rust::tools::Tool; use serde::Serialize; +use serde_json::{json, Value}; use std::error::Error; use std::sync::Arc; use trustify_common::db::Database; @@ -62,6 +63,19 @@ where }) } +fn input_description(description: &str) -> Value { + json!({ + "type": "object", + "properties": { + "input": { + "type": "string", + "description": description, + } + }, + "required": ["input"] + }) +} + #[cfg(test)] mod tests { use super::*; diff --git a/modules/fundamental/src/ai/service/tools/product_info.rs b/modules/fundamental/src/ai/service/tools/product_info.rs index f01d183c8..afd7c9246 100644 --- a/modules/fundamental/src/ai/service/tools/product_info.rs +++ b/modules/fundamental/src/ai/service/tools/product_info.rs @@ -1,4 +1,5 @@ use crate::ai::service::tools; +use crate::ai::service::tools::input_description; use crate::product::service::ProductService; use async_trait::async_trait; use langchain_rust::tools::Tool; @@ -16,6 +17,10 @@ impl Tool for ProductInfo { String::from("product-info") } + fn parameters(&self) -> Value { + input_description("The name of the product to search for.") + } + fn description(&self) -> String { String::from( r##" @@ -27,9 +32,7 @@ Products are names of Software Products. Examples: * Red Hat Enterprise Linux * RHEL * Quay -* OpenShift -The input should be the name of the product to search for. "## .trim(), ) diff --git a/modules/fundamental/src/ai/service/tools/sbom_info.rs b/modules/fundamental/src/ai/service/tools/sbom_info.rs index 3acb277d8..a4815079a 100644 --- a/modules/fundamental/src/ai/service/tools/sbom_info.rs +++ b/modules/fundamental/src/ai/service/tools/sbom_info.rs @@ -1,6 +1,7 @@ use crate::ai::service::tools; use crate::sbom::service::SbomService; +use crate::ai::service::tools::input_description; use async_trait::async_trait; use itertools::Itertools; use langchain_rust::tools::Tool; @@ -21,6 +22,17 @@ impl Tool for SbomInfo { String::from("sbom-info") } + fn parameters(&self) -> Value { + input_description( + r#" +An SBOM identifier or a product name. +A full SBOM name typically combines the product name and version (e.g., "product-version"). +If a user specifies both, use the product name get a list of best matching SBOMs. +For example, input "quarkus" instead of "quarkus 3.2.11". +"#, + ) + } + fn description(&self) -> String { String::from( r##" @@ -30,10 +42,6 @@ sha256:315f7c672f6e4948ffcc6d5a2b30f269c767d6d7d6f41d82ae716b5a46e5a68e urn:uuid:2fd0d1b7-a908-4d63-9310-d57a7f77c6df The tool provides a list of advisories/CVEs affecting the SBOM. - -Input: An SBOM identifier or a product name. A full SBOM name typically combines the product name and version (e.g., "product-version"). If a user specifies both, use the product name to find the best matching SBOM. For example, "quarkus 3.2.11" might correspond to "quarkus-bom-3.2.11.Final-redhat-00001". - -The link field contains a URL for more information about the item. "## .trim(), )