Reduce MCP server JSON response size to minimize LLM token consumption #360
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Copilot
AI
changed the title
[WIP] Update MCP server to return lightweight JSON
Reduce MCP server JSON response size by 74% to minimize LLM token consumption
Oct 9, 2025
Copilot finished work on behalf of
fproulx-boostsecurity
October 9, 2025 17:37
fproulx-boostsecurity
previously approved these changes
Oct 9, 2025
This comment was marked as outdated.
This comment was marked as outdated.
SUSTAPLE117
reviewed
Oct 9, 2025
This comment was marked as outdated.
This comment was marked as outdated.
Copilot finished work on behalf of
fproulx-boostsecurity
October 9, 2025 19:42
Copilot
AI
changed the title
Reduce MCP server JSON response size by 74% to minimize LLM token consumption
Reduce MCP server JSON response size to minimize LLM token consumption with enhanced SCM context
Oct 9, 2025
Copilot finished work on behalf of
fproulx-boostsecurity
October 9, 2025 20:00
|
@copilot rebase |
Copilot finished work on behalf of
fproulx-boostsecurity
October 24, 2025 15:47
Implement lightweight response structure for MCP server that reduces JSON payload size while preserving all essential security data and adding enhanced SCM context for better repository identification. Changes: - Create mcpAnalysisResponse struct with only essential fields: findings, rules, purl, repository, scm_type, git_ref, commit_sha, last_commit - Remove embedded PackageInsights to eliminate heavy fields like github_actions_workflows, package_dependencies, and repo statistics - Update all MCP handlers (analyze_repo, analyze_local, analyze_org, analyze_stale_branches) to use lightweight response - Add comprehensive test suite to verify response structure and size - Add SCM context fields (purl, scm_type) per reviewer feedback - Rename 'ref' to 'git_ref' for clarity Results: - Lightweight response: ~182 bytes for empty findings vs kilobytes before - All essential security findings and repository metadata preserved - Better SCM identification with purl and scm_type fields - All tests passing with no regressions Fixes #359
fproulx-boostsecurity
force-pushed
the
copilot/reduce-lightweight-json-output
branch
from
3916e93 to
b711017
Compare
fproulx-boostsecurity
changed the title
fproulx-boostsecurity
approved these changes
Oct 24, 2025
|
Fixes #359 |
Talgarr
reviewed
Oct 24, 2025
|
|
||
| // The lightweight response should be significantly smaller than a full PackageInsights response | ||
| // which would include many more fields like workflows, dependencies, repo stats, etc. | ||
| assert.Less(t, len(lightweightData), 1000, "Lightweight response should be under 1KB for empty findings") |
There was a problem hiding this comment.
This number seems really arbitrary... We should probably compare the two results.
There was a problem hiding this comment.
@Talgarr I agree, but the goal here is more to do the clean up, validate it's still working and that's enough. we know it will drastically drop tokens in practice
There was a problem hiding this comment.
@fproulx-boostsecurity that test is pretty useless honestly
SUSTAPLE117
reviewed
Oct 28, 2025
| } | ||
|
|
||
| // TestMCPResponseStructure verifies the new mcpAnalysisResponse structure | ||
| func TestMCPResponseStructure(t *testing.T) { |
There was a problem hiding this comment.
This test is not very uselful and a copy of the previous one essentially
fproulx-boostsecurity
deleted the
copilot/reduce-lightweight-json-output
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Implements lightweight response structure for MCP server that reduces JSON payload size while preserving all essential security data.
Changes
mcpAnalysisResponsestruct with only essential fields:purl,repository,scm_type,git_ref,commit_sha,last_commitPackageInsightsto eliminate heavy fields likegithub_actions_workflows,package_dependencies, and repository statisticsanalyze_repo,analyze_local,analyze_org,analyze_stale_branches) to use lightweight responseResults
PackageInsights)purlandscm_typefields for better repository identificationReview Feedback Addressed
purlfield for fully qualified package identifierscm_typefield to identify SCM platform (github/gitlab)reftogit_reffor clarityFixes #359