feat: implement cursor pagination for dependabot alerts (#2651)

Author: MayorFaj

README.md

@@ -717,8 +717,8 @@ The following sets of tools are available:
 - **list_dependabot_alerts** - List dependabot alerts
   - **Required OAuth Scopes**: `security_events`
   - **Accepted OAuth Scopes**: `repo`, `security_events`
+  - `after`: Cursor for pagination. Use the cursor from the previous response. (string, optional)
   - `owner`: The owner of the repository. (string, required)
-  - `page`: Page number for pagination (min 1) (number, optional)
   - `perPage`: Results per page for pagination (min 1, max 100) (number, optional)
   - `repo`: The name of the repository. (string, required)
   - `severity`: Filter dependabot alerts by severity (string, optional)
@@ -755,7 +755,7 @@ The following sets of tools are available:
 
 - **get_discussion_comments** - Get discussion comments
   - **Required OAuth Scopes**: `repo`
-  - `after`: Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs. (string, optional)
+  - `after`: Cursor for pagination. Use the cursor from the previous response. (string, optional)
   - `discussionNumber`: Discussion Number (number, required)
   - `includeReplies`: When true, each top-level comment will include its replies nested within it (up to 100 replies per comment, which is the GitHub API maximum). Defaults to false. (boolean, optional)
   - `owner`: Repository owner (string, required)
@@ -769,7 +769,7 @@ The following sets of tools are available:
 
 - **list_discussions** - List discussions
   - **Required OAuth Scopes**: `repo`
-  - `after`: Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs. (string, optional)
+  - `after`: Cursor for pagination. Use the cursor from the previous response. (string, optional)
   - `category`: Optional filter by discussion category ID. If provided, only discussions with this category are listed. (string, optional)
   - `direction`: Order direction. (string, optional)
   - `orderBy`: Order discussions by field. If provided, the 'direction' also needs to be provided. (string, optional)
@@ -881,7 +881,7 @@ The following sets of tools are available:
 
 - **list_issues** - List issues
   - **Required OAuth Scopes**: `repo`
-  - `after`: Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs. (string, optional)
+  - `after`: Cursor for pagination. Use the cursor from the previous response. (string, optional)
   - `direction`: Order direction. If provided, the 'orderBy' also needs to be provided. (string, optional)
   - `labels`: Filter by labels (string[], optional)
   - `orderBy`: Order issues by field. If provided, the 'direction' also needs to be provided. (string, optional)

docs/feature-flags.md

@@ -102,7 +102,7 @@ runtime behavior (such as output formatting) won't appear here.
 
 - **list_issues** - List issues
   - **Required OAuth Scopes**: `repo`
-  - `after`: Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs. (string, optional)
+  - `after`: Cursor for pagination. Use the cursor from the previous response. (string, optional)
   - `direction`: Order direction. If provided, the 'orderBy' also needs to be provided. (string, optional)
   - `field_filters`: Filter by custom issue field values. Each entry takes a field_name and a value; the server looks up the field and coerces the value to its type (single-select option name, text, number, or YYYY-MM-DD date). (object[], optional)
   - `labels`: Filter by labels (string[], optional)

docs/insiders-features.md

@@ -96,7 +96,7 @@ The list below is generated from the Go source. It covers tool **inventory and s
 
 - **list_issues** - List issues
   - **Required OAuth Scopes**: `repo`
-  - `after`: Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs. (string, optional)
+  - `after`: Cursor for pagination. Use the cursor from the previous response. (string, optional)
   - `direction`: Order direction. If provided, the 'orderBy' also needs to be provided. (string, optional)
   - `field_filters`: Filter by custom issue field values. Each entry takes a field_name and a value; the server looks up the field and coerces the value to its type (single-select option name, text, number, or YYYY-MM-DD date). (object[], optional)
   - `labels`: Filter by labels (string[], optional)

pkg/github/__toolsnaps__/get_discussion_comments.snap

@@ -7,7 +7,7 @@
   "inputSchema": {
     "properties": {
       "after": {
-        "description": "Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs.",
+        "description": "Cursor for pagination. Use the cursor from the previous response.",
         "type": "string"
       },
       "discussionNumber": {

pkg/github/__toolsnaps__/list_dependabot_alerts.snap

@@ -6,15 +6,14 @@
   "description": "List dependabot alerts in a GitHub repository.",
   "inputSchema": {
     "properties": {
+      "after": {
+        "description": "Cursor for pagination. Use the cursor from the previous response.",
+        "type": "string"
+      },
       "owner": {
         "description": "The owner of the repository.",
         "type": "string"
       },
-      "page": {
-        "description": "Page number for pagination (min 1)",
-        "minimum": 1,
-        "type": "number"
-      },
       "perPage": {
         "description": "Results per page for pagination (min 1, max 100)",
         "maximum": 100,

pkg/github/__toolsnaps__/list_discussions.snap

@@ -7,7 +7,7 @@
   "inputSchema": {
     "properties": {
       "after": {
-        "description": "Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs.",
+        "description": "Cursor for pagination. Use the cursor from the previous response.",
         "type": "string"
       },
       "category": {

pkg/github/__toolsnaps__/list_issues.snap

@@ -7,7 +7,7 @@
   "inputSchema": {
     "properties": {
       "after": {
-        "description": "Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs.",
+        "description": "Cursor for pagination. Use the cursor from the previous response.",
         "type": "string"
       },
       "direction": {

pkg/github/__toolsnaps__/list_issues_ff_remote_mcp_issue_fields.snap

@@ -7,7 +7,7 @@
   "inputSchema": {
     "properties": {
       "after": {
-        "description": "Cursor for pagination. Use the endCursor from the previous page's PageInfo for GraphQL APIs.",
+        "description": "Cursor for pagination. Use the cursor from the previous response.",
         "type": "string"
       },
       "direction": {

pkg/github/dependabot.go

@@ -120,7 +120,7 @@ func ListDependabotAlerts(t translations.TranslationHelperFunc) inventory.Server
 		},
 		Required: []string{"owner", "repo"},
 	}
-	WithPagination(schema)
+	WithCursorPagination(schema)
 
 	return NewTool(
 		ToolsetMetadataDependabot,
@@ -152,7 +152,7 @@ func ListDependabotAlerts(t translations.TranslationHelperFunc) inventory.Server
 				return utils.NewToolResultError(err.Error()), nil, nil
 			}
 
-			pagination, err := OptionalPaginationParams(args)
+			pagination, err := OptionalCursorPaginationParams(args)
 			if err != nil {
 				return utils.NewToolResultError(err.Error()), nil, nil
 			}
@@ -165,9 +165,9 @@ func ListDependabotAlerts(t translations.TranslationHelperFunc) inventory.Server
 			alerts, resp, err := client.Dependabot.ListRepoAlerts(ctx, owner, repo, &github.ListAlertsOptions{
 				State:    ToStringPtr(state),
 				Severity: ToStringPtr(severity),
-				ListOptions: github.ListOptions{
-					Page:    pagination.Page,
+				ListCursorOptions: github.ListCursorOptions{
 					PerPage: pagination.PerPage,
+					After:   pagination.After,
 				},
 			})
 			if err != nil {
@@ -187,7 +187,12 @@ func ListDependabotAlerts(t translations.TranslationHelperFunc) inventory.Server
 				return ghErrors.NewGitHubAPIStatusErrorResponse(ctx, "failed to list alerts", resp, body), nil, nil
 			}
 
-			r, err := json.Marshal(alerts)
+			response := map[string]any{
+				"alerts":   alerts,
+				"pageInfo": buildPageInfo(resp),
+			}
+
+			r, err := json.Marshal(response)
 			if err != nil {
 				return utils.NewToolResultErrorFromErr("failed to marshal alerts", err), nil, err
 			}

pkg/github/dependabot_test.go

@@ -154,19 +154,19 @@ func Test_ListDependabotAlerts(t *testing.T) {
 	}
 
 	tests := []struct {
-		name           string
-		mockedClient   *http.Client
-		requestArgs    map[string]any
-		expectError    bool
-		expectedAlerts []*github.DependabotAlert
-		expectedErrMsg string
+		name               string
+		mockedClient       *http.Client
+		requestArgs        map[string]any
+		expectError        bool
+		expectedAlerts     []*github.DependabotAlert
+		expectedNextCursor string
+		expectedErrMsg     string
 	}{
 		{
 			name: "successful open alerts listing",
 			mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
 				GetReposDependabotAlertsByOwnerByRepo: expectQueryParams(t, map[string]string{
 					"state":    "open",
-					"page":     "1",
 					"per_page": "30",
 				}).andThen(
 					mockResponse(t, http.StatusOK, []*github.DependabotAlert{&criticalAlert}),
@@ -185,7 +185,6 @@ func Test_ListDependabotAlerts(t *testing.T) {
 			mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
 				GetReposDependabotAlertsByOwnerByRepo: expectQueryParams(t, map[string]string{
 					"severity": "high",
-					"page":     "1",
 					"per_page": "30",
 				}).andThen(
 					mockResponse(t, http.StatusOK, []*github.DependabotAlert{&highSeverityAlert}),
@@ -203,7 +202,6 @@ func Test_ListDependabotAlerts(t *testing.T) {
 			name: "successful all alerts listing",
 			mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
 				GetReposDependabotAlertsByOwnerByRepo: expectQueryParams(t, map[string]string{
-					"page":     "1",
 					"per_page": "30",
 				}).andThen(
 					mockResponse(t, http.StatusOK, []*github.DependabotAlert{&criticalAlert, &highSeverityAlert}),
@@ -217,10 +215,10 @@ func Test_ListDependabotAlerts(t *testing.T) {
 			expectedAlerts: []*github.DependabotAlert{&criticalAlert, &highSeverityAlert},
 		},
 		{
-			name: "successful alerts listing with custom pagination",
+			name: "successful alerts listing with cursor pagination",
 			mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
 				GetReposDependabotAlertsByOwnerByRepo: expectQueryParams(t, map[string]string{
-					"page":     "3",
+					"after":    "Y3Vyc29yOnYyOpK5",
 					"per_page": "100",
 				}).andThen(
 					mockResponse(t, http.StatusOK, []*github.DependabotAlert{&criticalAlert}),
@@ -229,12 +227,35 @@ func Test_ListDependabotAlerts(t *testing.T) {
 			requestArgs: map[string]any{
 				"owner":   "owner",
 				"repo":    "repo",
-				"page":    float64(3),
+				"after":   "Y3Vyc29yOnYyOpK5",
 				"perPage": float64(100),
 			},
 			expectError:    false,
 			expectedAlerts: []*github.DependabotAlert{&criticalAlert},
 		},
+		{
+			name: "successful alerts listing surfaces next page cursor",
+			mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
+				GetReposDependabotAlertsByOwnerByRepo: expectQueryParams(t, map[string]string{
+					"per_page": "30",
+				}).andThen(
+					func(w http.ResponseWriter, _ *http.Request) {
+						w.Header().Set("Link", `<https://api.github.com/repos/owner/repo/dependabot/alerts?after=nextcursor123&per_page=30>; rel="next"`)
+						w.WriteHeader(http.StatusOK)
+						b, err := json.Marshal([]*github.DependabotAlert{&criticalAlert})
+						require.NoError(t, err)
+						_, _ = w.Write(b)
+					},
+				),
+			}),
+			requestArgs: map[string]any{
+				"owner": "owner",
+				"repo":  "repo",
+			},
+			expectError:        false,
+			expectedAlerts:     []*github.DependabotAlert{&criticalAlert},
+			expectedNextCursor: "nextcursor123",
+		},
 		{
 			name: "alerts listing fails",
 			mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
@@ -291,11 +312,17 @@ func Test_ListDependabotAlerts(t *testing.T) {
 			textContent := getTextResult(t, result)
 
 			// Unmarshal and verify the result
-			var returnedAlerts []*github.DependabotAlert
-			err = json.Unmarshal([]byte(textContent.Text), &returnedAlerts)
+			var returnedResult struct {
+				Alerts   []*github.DependabotAlert `json:"alerts"`
+				PageInfo struct {
+					HasNextPage bool   `json:"hasNextPage"`
+					NextCursor  string `json:"nextCursor"`
+				} `json:"pageInfo"`
+			}
+			err = json.Unmarshal([]byte(textContent.Text), &returnedResult)
 			assert.NoError(t, err)
-			assert.Len(t, returnedAlerts, len(tc.expectedAlerts))
-			for i, alert := range returnedAlerts {
+			assert.Len(t, returnedResult.Alerts, len(tc.expectedAlerts))
+			for i, alert := range returnedResult.Alerts {
 				assert.Equal(t, *tc.expectedAlerts[i].Number, *alert.Number)
 				assert.Equal(t, *tc.expectedAlerts[i].HTMLURL, *alert.HTMLURL)
 				assert.Equal(t, *tc.expectedAlerts[i].State, *alert.State)
@@ -304,6 +331,8 @@ func Test_ListDependabotAlerts(t *testing.T) {
 					assert.Equal(t, *tc.expectedAlerts[i].SecurityAdvisory.Severity, *alert.SecurityAdvisory.Severity)
 				}
 			}
+			assert.Equal(t, tc.expectedNextCursor, returnedResult.PageInfo.NextCursor)
+			assert.Equal(t, tc.expectedNextCursor != "", returnedResult.PageInfo.HasNextPage)
 		})
 	}
 }