Skip to content

Add MCP unavailability disclosure and fallback remediation guidance (AST-145752)#1493

Merged
cx-anurag-dalke merged 6 commits into
mainfrom
feature/devassist-remediation-fallback
Apr 13, 2026
Merged

Add MCP unavailability disclosure and fallback remediation guidance (AST-145752)#1493
cx-anurag-dalke merged 6 commits into
mainfrom
feature/devassist-remediation-fallback

Conversation

@cx-atish-jadhav
Copy link
Copy Markdown
Contributor

@cx-atish-jadhav cx-atish-jadhav commented Apr 9, 2026

By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

This PR adds graceful fallback handling for remediation prompts when Checkmarx MCP services (packageRemediation, codeRemediation, imageRemediation) are unavailable. Previously, users would see hard error messages and the LLM would stop providing remediation guidance. Now the system clearly discloses the unavailability and proceeds with manual remediation guidance.

Changes

Core Improvements

  • Disclosure Messages: Added clear user-facing notifications when MCP tools are unavailable
  • Conditional Output Formatting: Distinguished between automated (product name prefix) and manual guidance (generic "Security Assistant" prefix)
  • Manual Fallback Guidance: For ASCA, SECRET, IAC, and CONTAINERS scanners, LLM now proceeds with manual remediation when tools unavailable
  • Consistent Messaging: Unified disclosure format across all scanner types

Updated Prompts

  1. SCA: Added disclosure message + conditional output formatting
  2. SECRET: Enhanced tool unavailability handling + conditional output formatting
  3. ASCA (SAST): Enhanced tool unavailability handling + conditional output formatting
  4. IAC: Enhanced tool unavailability handling + conditional output formatting
  5. CONTAINERS: Enhanced tool unavailability handling + conditional output formatting

Files Modified

  • packages/core/src/realtimeScanners/scanners/prompts.ts (VS Code Extension)

Disclosure Message Format

⚠️ Automated Remediation Unavailable: [Service Name] service (MCP) is not accessible at the moment. Providing manual remediation guidance based on security best practices.

Output Formatting

  • When MCP Tool IS Available: Checkmarx One Assist - Remediation Summary (or Checkmarx Developer Assist)
  • When MCP Tool is NOT Available: Security Assistant - Remediation Summary

Benefits

✅ Users receive remediation guidance even when MCP tools are unavailable (parity with Container/OSS functionality)
✅ Clear, transparent communication about automation status
✅ Better user experience during service outages
✅ Consistent behavior across all scanner types (SCA, SECRET, ASCA, IAC, CONTAINERS)
✅ Applied to both VS Code and JetBrains plugins for consistency

Fixes

  • Resolves: AST-145752 - Case 00271508 | Bofa | Allow LLM to proceed when Checkmarx MCP service is not accessible.

References

AST-145752

Testing

  • Tested all 5 scanner types with MCP tool unavailability scenarios
  • Verified disclosure messages display correctly
  • Confirmed conditional output formatting works as expected
  • Tested on both Checkmarx and Checkmarx Developer Assist plugins

Checklist

  • I have added documentation for new/changed functionality in this PR (if applicable).
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 9, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details1e7e31f1-14fd-4155-b848-8238b8203d6a

Fixed Issues (2) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
CRITICAL CVE-2025-62718 Npm-axios-1.13.5
CRITICAL CVE-2026-40175 Npm-axios-1.13.5

cx-anurag-dalke
cx-anurag-dalke approved these changes Apr 10, 2026
View reviewed changes
Comment thread packages/core/src/realtimeScanners/scanners/prompts.ts Outdated
cx-anurag-dalke
cx-anurag-dalke requested changes Apr 10, 2026
View reviewed changes
Comment thread packages/core/src/realtimeScanners/scanners/prompts.ts Outdated
cx-anurag-dalke
cx-anurag-dalke previously approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cx-anurag-dalke cx-anurag-dalke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

cx-anurag-dalke
cx-anurag-dalke approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cx-anurag-dalke cx-anurag-dalke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@cx-anurag-dalke cx-anurag-dalke merged commit 2cfa8fe into main Apr 13, 2026
9 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cx-anurag-dalke cx-anurag-dalke cx-anurag-dalke approved these changes

Assignees

No one assigned

Labels

feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cx-atish-jadhav @cx-anurag-dalke @cx-bot-ghpublic