fix(ai): Reduce tooling description duplication. Move the input descr…

…iption into the the tooling parameters. Signed-off-by: Hiram Chirino <[email protected]>
trustification · Oct 16, 2024 · 4da42d3 · 4da42d3
1 parent c5a2f18
commit 4da42d3
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 23 deletions.
diff --git a/modules/fundamental/src/ai/endpoints/expected_tools_result.json b/modules/fundamental/src/ai/endpoints/expected_tools_result.json
@@ -1,13 +1,13 @@
 [
   {
     "name": "cve-info",
-    "description": "This tool can be used to get information about a Vulnerability.\nA Vulnerability is known as a CVE.\n\nVulnerabilities are security issues that may affect software packages.\nVulnerabilities may affect multiple packages.\n\nVulnerability are identified by their CVE Identifier.  Examples:\n* CVE-2014-0160\n\nThe input should be the partial name of the Vulnerability to search for.\nWhen the input is a full CVE ID, the tool will provide information about the vulnerability.\nWhen the input is a partial name, the tool will provide a list of possible matches.",
+    "description": "This tool can be used to get information about a Vulnerability.\nA Vulnerability is also known as a CVE.\n\nVulnerabilities are security issues that may affect software packages.\nVulnerabilities may affect multiple packages.\n\nVulnerability are identified by their CVE Identifier.",
     "parameters": {
       "type": "object",
       "properties": {
         "input": {
           "type": "string",
-          "description": "This tool can be used to get information about a Vulnerability.\nA Vulnerability is known as a CVE.\n\nVulnerabilities are security issues that may affect software packages.\nVulnerabilities may affect multiple packages.\n\nVulnerability are identified by their CVE Identifier.  Examples:\n* CVE-2014-0160\n\nThe input should be the partial name of the Vulnerability to search for.\nWhen the input is a full CVE ID, the tool will provide information about the vulnerability.\nWhen the input is a partial name, the tool will provide a list of possible matches."
+          "description": "\nThe input should be the partial or full name of the Vulnerability to search for.  Example:\n* CVE-2014-0160\n\n        "
         }
       },
       "required": [
@@ -17,13 +17,13 @@
   },
   {
     "name": "advisory-info",
-    "description": "This tool can be used to get information about an Advisory.\n\nAdvisories are notifications that a vulnerability affects a product or SBOM.\nAdvisories are issued by a vendor or security organization.\nUnless there is a specific advisory for a CVE, the CVE may or may not affect the product.\n\nAdvisories have a UUID that uniquely identifies the advisory.  Example:\n* 2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe input should be the UUID of the Advisory.",
+    "description": "This tool can be used to get information about an Advisory.\n\nAdvisories are notifications that a vulnerability affects a product or SBOM.\nAdvisories are issued by a vendor or security organization.\nUnless there is a specific advisory for a CVE, the CVE may or may not affect the product.\n\nAdvisories have a UUID that uniquely identifies the advisory.",
     "parameters": {
       "type": "object",
       "properties": {
         "input": {
           "type": "string",
-          "description": "This tool can be used to get information about an Advisory.\n\nAdvisories are notifications that a vulnerability affects a product or SBOM.\nAdvisories are issued by a vendor or security organization.\nUnless there is a specific advisory for a CVE, the CVE may or may not affect the product.\n\nAdvisories have a UUID that uniquely identifies the advisory.  Example:\n* 2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe input should be the UUID of the Advisory."
+          "description": "UUID of the Advisory. Example: 2fd0d1b7-a908-4d63-9310-d57a7f77c6df"
         }
       },
       "required": [
@@ -49,13 +49,13 @@
   },
   {
     "name": "sbom-info",
-    "description": "This tool retrieves information about a Software Bill of Materials (SBOM). SBOMs are identified by SHA-256, SHA-384, SHA-512 hashes, or UUID URIs. Examples:\n\nsha256:315f7c672f6e4948ffcc6d5a2b30f269c767d6d7d6f41d82ae716b5a46e5a68e\nurn:uuid:2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe tool provides a list of advisories/CVEs affecting the SBOM.\n\nInput: An SBOM identifier or a product name. A full SBOM name typically combines the product name and version (e.g., \"product-version\"). If a user specifies both, use the product name to find the best matching SBOM. For example, \"quarkus 3.2.11\" might correspond to \"quarkus-bom-3.2.11.Final-redhat-00001\".\n\nThe link field contains a URL for more information about the item.",
+    "description": "This tool retrieves information about a Software Bill of Materials (SBOM). SBOMs are identified by SHA-256, SHA-384, SHA-512 hashes, or UUID URIs. Examples:\n\nsha256:315f7c672f6e4948ffcc6d5a2b30f269c767d6d7d6f41d82ae716b5a46e5a68e\nurn:uuid:2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe tool provides a list of advisories/CVEs affecting the SBOM.",
     "parameters": {
       "type": "object",
       "properties": {
         "input": {
           "type": "string",
-          "description": "This tool retrieves information about a Software Bill of Materials (SBOM). SBOMs are identified by SHA-256, SHA-384, SHA-512 hashes, or UUID URIs. Examples:\n\nsha256:315f7c672f6e4948ffcc6d5a2b30f269c767d6d7d6f41d82ae716b5a46e5a68e\nurn:uuid:2fd0d1b7-a908-4d63-9310-d57a7f77c6df\n\nThe tool provides a list of advisories/CVEs affecting the SBOM.\n\nInput: An SBOM identifier or a product name. A full SBOM name typically combines the product name and version (e.g., \"product-version\"). If a user specifies both, use the product name to find the best matching SBOM. For example, \"quarkus 3.2.11\" might correspond to \"quarkus-bom-3.2.11.Final-redhat-00001\".\n\nThe link field contains a URL for more information about the item."
+          "description": "\nAn SBOM identifier or a product name.\nA full SBOM name typically combines the product name and version (e.g., \"product-version\").\nIf a user specifies both, use the product name get a list of best matching SBOMs.\nFor example, input \"quarkus\" instead of \"quarkus 3.2.11\".\n"
         }
       },
       "required": [

diff --git a/modules/fundamental/src/ai/service/tools/advisory_info.rs b/modules/fundamental/src/ai/service/tools/advisory_info.rs
@@ -1,5 +1,6 @@
 use crate::advisory::service::AdvisoryService;
 use crate::ai::service::tools;
+use crate::ai::service::tools::input_description;
 use async_trait::async_trait;
 use langchain_rust::tools::Tool;
 use serde::Serialize;
@@ -19,6 +20,10 @@ impl Tool for AdvisoryInfo {
         String::from("advisory-info")
     }
 
+    fn parameters(&self) -> Value {
+        input_description("UUID of the Advisory. Example: 2fd0d1b7-a908-4d63-9310-d57a7f77c6df")
+    }
+
     fn description(&self) -> String {
         String::from(
             r##"
@@ -28,10 +33,7 @@ Advisories are notifications that a vulnerability affects a product or SBOM.
 Advisories are issued by a vendor or security organization.
 Unless there is a specific advisory for a CVE, the CVE may or may not affect the product.
 
-Advisories have a UUID that uniquely identifies the advisory.  Example:
-* 2fd0d1b7-a908-4d63-9310-d57a7f77c6df
-
-The input should be the UUID of the Advisory.
+Advisories have a UUID that uniquely identifies the advisory.
 "##
             .trim(),
         )

diff --git a/modules/fundamental/src/ai/service/tools/cve_info.rs b/modules/fundamental/src/ai/service/tools/cve_info.rs
@@ -1,4 +1,5 @@
 use crate::ai::service::tools;
+use crate::ai::service::tools::input_description;
 use crate::vulnerability::service::VulnerabilityService;
 use async_trait::async_trait;
 use langchain_rust::tools::Tool;
@@ -19,21 +20,26 @@ impl Tool for CVEInfo {
         String::from("cve-info")
     }
 
+    fn parameters(&self) -> Value {
+        input_description(
+            r#"
+The input should be the partial or full name of the Vulnerability to search for.  Example:
+* CVE-2014-0160
+
+        "#,
+        )
+    }
+
     fn description(&self) -> String {
         String::from(
             r##"
 This tool can be used to get information about a Vulnerability.
-A Vulnerability is known as a CVE.
+A Vulnerability is also known as a CVE.
 
 Vulnerabilities are security issues that may affect software packages.
 Vulnerabilities may affect multiple packages.
 
-Vulnerability are identified by their CVE Identifier.  Examples:
-* CVE-2014-0160
-
-The input should be the partial name of the Vulnerability to search for.
-When the input is a full CVE ID, the tool will provide information about the vulnerability.
-When the input is a partial name, the tool will provide a list of possible matches.
+Vulnerability are identified by their CVE Identifier.
 "##
             .trim(),
         )

diff --git a/modules/fundamental/src/ai/service/tools/mod.rs b/modules/fundamental/src/ai/service/tools/mod.rs
@@ -9,6 +9,7 @@ use crate::sbom::service::SbomService;
 use crate::vulnerability::service::VulnerabilityService;
 use langchain_rust::tools::Tool;
 use serde::Serialize;
+use serde_json::{json, Value};
 use std::error::Error;
 use std::sync::Arc;
 use trustify_common::db::Database;
@@ -62,6 +63,19 @@ where
     })
 }
 
+fn input_description(description: &str) -> Value {
+    json!({
+        "type": "object",
+            "properties": {
+            "input": {
+                "type": "string",
+                "description": description,
+            }
+        },
+        "required": ["input"]
+    })
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

diff --git a/modules/fundamental/src/ai/service/tools/product_info.rs b/modules/fundamental/src/ai/service/tools/product_info.rs
@@ -1,4 +1,5 @@
 use crate::ai::service::tools;
+use crate::ai::service::tools::input_description;
 use crate::product::service::ProductService;
 use async_trait::async_trait;
 use langchain_rust::tools::Tool;
@@ -16,6 +17,10 @@ impl Tool for ProductInfo {
         String::from("product-info")
     }
 
+    fn parameters(&self) -> Value {
+        input_description("The name of the product to search for.")
+    }
+
     fn description(&self) -> String {
         String::from(
             r##"
@@ -27,9 +32,7 @@ Products are names of Software Products.  Examples:
 * Red Hat Enterprise Linux
 * RHEL
 * Quay
-* OpenShift
 
-The input should be the name of the product to search for.
 "##
             .trim(),
         )

diff --git a/modules/fundamental/src/ai/service/tools/sbom_info.rs b/modules/fundamental/src/ai/service/tools/sbom_info.rs
@@ -1,6 +1,7 @@
 use crate::ai::service::tools;
 use crate::sbom::service::SbomService;
 
+use crate::ai::service::tools::input_description;
 use async_trait::async_trait;
 use itertools::Itertools;
 use langchain_rust::tools::Tool;
@@ -21,6 +22,17 @@ impl Tool for SbomInfo {
         String::from("sbom-info")
     }
 
+    fn parameters(&self) -> Value {
+        input_description(
+            r#"
+An SBOM identifier or a product name.
+A full SBOM name typically combines the product name and version (e.g., "product-version").
+If a user specifies both, use the product name get a list of best matching SBOMs.
+For example, input "quarkus" instead of "quarkus 3.2.11".
+"#,
+        )
+    }
+
     fn description(&self) -> String {
         String::from(
             r##"
@@ -30,10 +42,6 @@ sha256:315f7c672f6e4948ffcc6d5a2b30f269c767d6d7d6f41d82ae716b5a46e5a68e
 urn:uuid:2fd0d1b7-a908-4d63-9310-d57a7f77c6df
 
 The tool provides a list of advisories/CVEs affecting the SBOM.
-
-Input: An SBOM identifier or a product name. A full SBOM name typically combines the product name and version (e.g., "product-version"). If a user specifies both, use the product name to find the best matching SBOM. For example, "quarkus 3.2.11" might correspond to "quarkus-bom-3.2.11.Final-redhat-00001".
-
-The link field contains a URL for more information about the item.
 "##
                 .trim(),
         )