Context
Sub-issue of #208 — Area 5: No SARIF-to-git-diff correlation tool
Problem
There is no MCP tool for determining whether a given SARIF alert is associated with code locations changed in a set of git commits. To triage SARIF results by branch, the user must:
- Run
git diff --name-only ..HEAD to get changed files
- Parse each SARIF file's
results[].locations[].physicalLocation.artifactLocation.uri
- Cross-reference manually to classify findings as "new on this branch" vs "pre-existing"
Related: #207 (the planned gh-ql-mcp-client Go rewrite addresses some of the SARIF workflow gaps)
Requirements
Context
Sub-issue of #208 — Area 5: No SARIF-to-git-diff correlation tool
Problem
There is no MCP tool for determining whether a given SARIF alert is associated with code locations changed in a set of git commits. To triage SARIF results by branch, the user must:
git diff --name-only ..HEADto get changed filesresults[].locations[].physicalLocation.artifactLocation.uriRelated: #207 (the planned
gh-ql-mcp-clientGo rewrite addresses some of the SARIF workflow gaps)Requirements
sarif_diff_by_commits) that accepts a SARIF file path and a git ref range