Skip to content

feat: add dashboard-aware presentation tools to cve-impact and fleet-inventory skills#131

Draft
TomerFi wants to merge 1 commit into
RHEcosystemAppEng:mainfrom
TomerFi:feat/dashboard-aware-skills
Draft

feat: add dashboard-aware presentation tools to cve-impact and fleet-inventory skills#131
TomerFi wants to merge 1 commit into
RHEcosystemAppEng:mainfrom
TomerFi:feat/dashboard-aware-skills

Conversation

@TomerFi

@TomerFi TomerFi commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary

  • Add load_cve_dashboard to the cve-impact skill workflow, prerequisites, and dependencies
  • Add load_inventory_dashboard to the fleet-inventory skill workflow, prerequisites, and dependencies
  • Both skills instruct the client to call the respective dashboard presentation tool with collected data after fetching results

These presentation tools are implemented in insights-mcp #389. They detect UI support at runtime — rendering a dashboard on UI-capable clients or falling back to text on others.

For full context on the approach investigation and decision, see APPENG-5287 and the MCP UI Integration Strategy ADR.

Validation

validate_skills_tier1.py (cve-impact)          ✅ passed, 0 warnings
validate_skills_tier1.py (fleet-inventory)     ✅ passed, 0 warnings
validate_skills_tier2.py (cve-impact)          ⚠️ passed with 4 warnings (pre-existing, same on main)
validate_skills_tier2.py (fleet-inventory)     ⚠️ passed with 5 warnings (pre-existing, same on main)
validate_skill_doc_links.py (cve-impact)       ✅ 14 links checked, 0 errors
validate_skill_doc_links.py (fleet-inventory)  ✅ 6 links checked, 0 errors
validate_docs_tree_links.py (cve-impact)       ✅ 104 files scanned, 0 errors
validate_docs_tree_links.py (fleet-inventory)  ✅ 104 files scanned, 0 errors

Recordings

CVE Dashboard (cve-impact):

Fleet Inventory Dashboard (fleet-inventory):

Related tickets

…inventory skills

Signed-off-by: Tomer Figenblat <tfigenbl@redhat.com>
@dmartinol

Copy link
Copy Markdown
Collaborator

[Critical] Text fallback path removed from 01-account-cves.md

The old Step 4 contained the complete text-based result handling:

  • Parse response using references/01-cve-response-parser.py (not jq or inline Python)
  • Sort by CVSS score (highest first) or by affected system count
  • Provide summary table: CVE ID, severity, affected systems count, remediation availability

These instructions are removed entirely by this PR. The new Step 4 instructs the agent to call load_cve_dashboard before parsing or printing anything, and the tool description says "falls back to text if unavailable" — but there is now no guidance on what that text fallback looks like. If load_cve_dashboard fails or the client does not support UI, the agent has nothing to follow.

The removed instructions should be preserved as a fallback branch (e.g. "If dashboard unavailable / falls back to text: …").

@dmartinol

Copy link
Copy Markdown
Collaborator

[Moderate] Asymmetric dashboard coverage across CVE flows

The load_cve_dashboard call is added only to flow 01-account-cves.md (account-level). Flows 02-system-all-cves.md and 03-system-remediatable-cves.md collect the same kind of CVE data but receive no dashboard rendering. The user experience varies depending on which flow the agent enters, with no clear justification for the asymmetry.

@dmartinol

Copy link
Copy Markdown
Collaborator

[Architectural] Consider a dedicated presentation skill

Both skills now call dashboard MCP tools directly. This goes against the repo's core principle: "Skills encapsulate tools — never call MCP tools directly; always invoke skills."

A dedicated render-cve-dashboard / render-inventory-dashboard skill (or a single render-dashboard skill parameterized by type) would:

  • Restore the encapsulation invariant
  • Resolve the asymmetric flow coverage naturally — any flow that collects CVE or host data invokes the skill, coverage is automatic
  • Keep the fallback text logic (parse, sort, summary table) in one place rather than per-flow
  • Allow the remediation skill and any future skill collecting CVE/host data to reuse the same presentation layer

The trade-off is one additional skill file per dashboard type.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants