opa-mcp-server

Overview Schema Related Servers Score Discussions

Suggest fix for Rego diagnostics

rego_suggest_fix

Suggests mechanical fixes for Rego compile errors and lint findings by mapping diagnostics to automated corrections, with confidence ratings for known patterns.

Instructions

Map common Rego compile errors and Regal lint findings to mechanical fix suggestions. Pass diagnostics from rego_check or rego_lint. Returns one suggestion per input diagnostic; confidence is high for well-known patterns, medium for partial matches, low for everything else.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`diagnostics`	Yes	Diagnostics from rego_check or rego_lint.

Implementation Reference

src/tools/helpers/suggest-fix.ts:119-153 (handler)

The tool handler (registerRegoSuggestFix) that registers 'rego_suggest_fix' on the MCP server. Maps diagnostics from rego_check/rego_lint to mechanical fix suggestions using a rule-based approach (no LLM). Returns one suggestion per input diagnostic with high/medium/low confidence.

export function registerRegoSuggestFix(server: McpServer, config: Config): void {
  server.registerTool(
    'rego_suggest_fix',
    {
      title: 'Suggest fix for Rego diagnostics',
      description:
        'Map common Rego compile errors and Regal lint findings to mechanical fix suggestions. Pass diagnostics from `rego_check` or `rego_lint`. Returns one suggestion per input diagnostic; confidence is `high` for well-known patterns, `medium` for partial matches, `low` for everything else.',
      inputSchema: RegoSuggestFixInput,
    },
    ({ diagnostics }) => {
      return withToolEnvelope<RegoSuggestFixOutput>(config, () => {
        const suggestions: FixSuggestion[] = diagnostics.map((diag) => {
          const code = diag.code || diag.title || '';
          const matched = KNOWN_FIXES.find((f) => f.match(code, diag.message));
          if (matched) {
            const partial = matched.suggest(diag.message);
            return {
              code,
              message: diag.message,
              ...partial,
            };
          }
          return {
            code,
            message: diag.message,
            suggestion:
              'No automated suggestion available for this diagnostic. Read the message text and the location for context — most Rego errors have an obvious mechanical fix once the trigger is identified.',
            confidence: 'low' as const,
          };
        });
        return Promise.resolve(ok<RegoSuggestFixOutput>({ suggestions }));
      });
    },
  );
}

src/tools/helpers/suggest-fix.ts:19-38 (schema)

Input schema (RegoSuggestFixInput) defined as Zod object accepting an array of diagnostics with fields: code, message, location (file, row, col), title, category. Requires at least 1 diagnostic.

const RegoSuggestFixInput = {
  diagnostics: z
    .array(
      z.object({
        code: z.string().describe('Diagnostic code (e.g. "rego_unsafe_var_error").'),
        message: z.string().describe('Diagnostic message.'),
        location: z
          .object({
            file: z.string().optional(),
            row: z.number().optional(),
            col: z.number().optional(),
          })
          .optional(),
        title: z.string().optional().describe('Title (Regal violations).'),
        category: z.string().optional().describe('Category (Regal violations).'),
      }),
    )
    .min(1)
    .describe('Diagnostics from rego_check or rego_lint.'),
};

src/tools/helpers/suggest-fix.ts:115-117 (schema)
Output interface (RegoSuggestFixOutput) containing a suggestions array of FixSuggestion objects, each with code, message, suggestion, confidence (high|medium|low), and optional patch.
```
export interface RegoSuggestFixOutput {
  suggestions: FixSuggestion[];
}
```

src/tools/helpers/index.ts:15-22 (registration)

Registration: registerRegoSuggestFix imported from './suggest-fix.js' and called in registerHelperTools(), which is invoked by the main registerTools() in src/tools/index.ts.

import { registerRegoSuggestFix } from './suggest-fix.js';

export function registerHelperTools(server: McpServer, config: Config): void {
  registerRegoExplainDecision(server, config);
  registerRegoGenerateTestSkeleton(server, config);
  registerRegoDescribePolicy(server, config);
  registerRegoSuggestFix(server, config);
}

src/tools/helpers/suggest-fix.ts:48-113 (helper)

KNOWN_FIXES array: rule-based fix suggestions for common Rego errors (rego_unsafe_var_error, rego_parse_error, rego_type_error, rego_recursion_error, rego_compile_error) and Regal lint findings (print-or-trace-call, directory-package-mismatch). Each entry has a match predicate and suggest function producing a suggestion with confidence level.

const KNOWN_FIXES: Array<{
  match: (code: string, message: string) => boolean;
  suggest: (message: string) => Omit<FixSuggestion, 'code' | 'message'>;
}> = [
  {
    match: (code) => code === 'rego_unsafe_var_error',
    suggest: (message) => {
      const varMatch = /var (\S+) is unsafe/.exec(message);
      const varName = varMatch?.[1];
      return {
        suggestion: varName
          ? `The variable \`${varName}\` is referenced but never bound. Add a clause that defines it (assignment, comprehension, or pattern match) before it is used.`
          : 'A variable is referenced before being bound. Add a binding clause earlier in the rule body.',
        confidence: 'high',
      };
    },
  },
  {
    match: (code) => code === 'rego_parse_error',
    suggest: () => ({
      suggestion:
        'The source did not parse. Run `rego_format` to confirm the syntax is well-formed, then `rego_check` for the precise location.',
      confidence: 'medium',
    }),
  },
  {
    match: (code) => code === 'rego_type_error',
    suggest: (message) => ({
      suggestion: `Type mismatch: ${message.replace(/^rego_type_error:\s*/, '')}. Reconcile the operand types — most often this is comparing a string with a number, or indexing a value with the wrong key shape.`,
      confidence: 'medium',
    }),
  },
  {
    match: (code) => code === 'rego_recursion_error',
    suggest: () => ({
      suggestion:
        'A rule references itself directly or indirectly. Restructure so each rule depends only on documents lower in the DAG, or introduce an intermediate rule that breaks the cycle.',
      confidence: 'high',
    }),
  },
  {
    match: (code) => code === 'rego_compile_error',
    suggest: () => ({
      suggestion:
        'A compile error occurred. Run `rego_check` for the structured diagnostic — the message text usually points at the precise issue (often an unresolved import or capabilities mismatch).',
      confidence: 'low',
    }),
  },
  // Regal style/idiom suggestions
  {
    match: (code) => code === 'print-or-trace-call',
    suggest: () => ({
      suggestion:
        'Remove the `print(...)` or `trace(...)` call before shipping — it slows evaluation and is rarely intended in production policy.',
      confidence: 'high',
    }),
  },
  {
    match: (code) => code === 'directory-package-mismatch',
    suggest: () => ({
      suggestion:
        'The Rego file lives in a directory that does not match its `package` declaration. Move the file or rename the package so they agree (e.g., `package foo.bar` belongs in `foo/bar/`).',
      confidence: 'high',
    }),
  },
];

Tool Definition Quality

A4.4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It discloses that one suggestion is returned per input diagnostic and explains confidence levels (high/medium/low) based on pattern matching. This is good transparency for a suggestion tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences: first states purpose and input, second explains output and confidence. Information is front-loaded and every sentence earns its place with no redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Despite no output schema, the description covers what the tool returns (one suggestion per diagnostic with confidence levels). The single parameter is well-documented. A minor gap is the exact format of suggestions, but overall it is contextually complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with property descriptions, but the description adds value by specifying the source of diagnostics (rego_check/rego_lint) and explaining the return behavior (one suggestion per diagnostic, confidence levels). This goes beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The title 'Suggest fix for Rego diagnostics' and the description explicitly state the tool maps compile errors and lint findings to mechanical fix suggestions. It distinguishes itself from sibling tools like rego_check and rego_lint by being the fix suggestion step.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description instructs to pass diagnostics from rego_check or rego_lint, giving clear usage context. It does not explicitly state when not to use or mention alternatives, but the guidance is sufficient for typical use.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/OrygnsCode/opa-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server