feat: add get_business_term MCP tool

[connor-savage]

Summary

Add get_business_term MCP tool to Chip.

Generated by chip-factory pipeline.

[svc-snyk-github-jira]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[EricWarnerCollibra]

Review: get_business_term MCP Tool

Convention Compliance ✅

All conventions are met:

• Package name matches directory name (get_business_term)
• Exports exactly NewTool, Input, Output (plus sub-types for Output: Attribute, ColumnAsset, TableAsset, DataAttributeAsset)
• NewTool takes *http.Client and returns *chip.Tool[Input, Output]
• handler is unexported and returns chip.ToolHandlerFunc[Input, Output]
• Input/Output use json and jsonschema tags
• Tool name in NewTool is snake_case: "get_business_term"
• Errors returned as Output{}, err — no panics
• No direct mcp-go imports — uses pkg/chip abstractions only
• Client calls go through pkg/clients/get_business_term_client.go
• Permissions includes "dgc.ai-copilot" (consistent with ask_glossary and ask_dad)
• Registered in register.go

Build / Test / Lint ✅

Check	Result
go build ./cmd/chip	✅ Pass
go test ./pkg/tools/get_business_term/...	✅ 8/8 tests pass
go test ./...	✅ All packages pass
golangci-lint run ./...	✅ Clean — no issues

MCP Validation ✅

Tool registers correctly as get_business_term in factory mcp-list.

Adversarial Testing ✅

Input	Result
{"asset_id": ""}	"asset_id is required" (isError: true) ✅
{} (missing field)	JSON schema validation: missing properties: ["asset_id"] ✅
{"asset_id": "00000000-0000-0000-0000-000000000000"}	"asset not found: 00000000-..." (isError: true) ✅
{"asset_id": "not-a-uuid<script>alert(1)</script>"}	"unexpected status: 403" (isError: true) ✅
{"asset_id": "aaaa...(10000 chars)"}	"unexpected status: 400" (isError: true) ✅

All adversarial inputs return clear errors with isError: true. No panics, no unhelpful errors.

Code Quality Notes (non-blocking, informational only)

1. Client pattern: get_business_term_client.go uses direct HTTP handling rather than the shared executeRequest helper from dgc_client.go. This is consistent with other newer clients (e.g., dgc_classification_client.go) and works correctly.
2. Attributes endpoint: Uses /rest/2.0/attributes?assetId=... instead of the spec's /rest/2.0/assets/{assetId}/attributes. Both are valid Collibra REST API endpoints returning the same data.
3. Lineage direction: Only follows outgoing relations (sourceId), correctly implementing the directed chain: Business Term → Data Attribute → Table → Column.
4. Test coverage: 8 test cases covering success path, 404, empty input, no attributes, no lineage, multiple data attributes, non-string attribute values, and server errors. Good breadth.

Verdict

Approved. Clean implementation that follows all conventions, has solid test coverage, handles edge cases gracefully, and passes all build/test/lint checks.

[EricWarnerCollibra]

Review: get_business_term MCP Tool

Convention Compliance ✅

All conventions are met:

• Package name matches directory name (get_business_term)
• Exports exactly NewTool, Input, Output (plus sub-types for Output: Attribute, ColumnAsset, TableAsset, DataAttributeAsset)
• NewTool takes *http.Client and returns *chip.Tool[Input, Output]
• handler is unexported and returns chip.ToolHandlerFunc[Input, Output]
• Input/Output use json and jsonschema tags
• Tool name in NewTool is snake_case: get_business_term
• Errors returned as Output{}, err — no panics
• No direct mcp-go imports — uses pkg/chip abstractions only
• Client calls go through pkg/clients/get_business_term_client.go
• Permissions includes dgc.ai-copilot (consistent with ask_glossary and ask_dad)
• Registered in register.go

Build / Test / Lint ✅

Check	Result
go build ./cmd/chip	Pass
go test ./pkg/tools/get_business_term/...	8/8 tests pass
go test ./...	All packages pass
golangci-lint run ./...	Clean — no issues

MCP Validation ✅

Tool registers correctly as get_business_term in factory mcp-list.

Adversarial Testing ✅

Input	Result
Empty asset_id	asset_id is required (isError: true)
Missing field entirely	JSON schema validation: missing properties: asset_id
Non-existent UUID	asset not found (isError: true)
Special chars/XSS in asset_id	unexpected status: 403 (isError: true)
Very long string (10000 chars)	unexpected status: 400 (isError: true)

All adversarial inputs return clear errors with isError: true. No panics, no unhelpful errors.

Code Quality Notes (non-blocking, informational only)

1. Client pattern: get_business_term_client.go uses direct HTTP handling rather than the shared executeRequest helper from dgc_client.go. This is consistent with other newer clients and works correctly.
2. Attributes endpoint: Uses /rest/2.0/attributes?assetId=... instead of the spec /rest/2.0/assets/{assetId}/attributes. Both are valid Collibra REST API endpoints returning the same data.
3. Lineage direction: Only follows outgoing relations (sourceId), correctly implementing the directed chain: Business Term -> Data Attribute -> Table -> Column.
4. Test coverage: 8 test cases covering success path, 404, empty input, no attributes, no lineage, multiple data attributes, non-string attribute values, and server errors.

Verdict

Approved. Clean implementation that follows all conventions, has solid test coverage, handles edge cases gracefully, and passes all build/test/lint checks.

[EricWarnerCollibra]

Review: get_business_term MCP Tool

Convention Compliance: All conventions met (package naming, exports, NewTool signature, handler unexported, json/jsonschema tags, snake_case tool name, error handling, no mcp-go imports, client via pkg/clients, Permissions includes dgc.ai-copilot, registered in register.go).

Build/Test/Lint: All pass. go build succeeds. 8/8 unit tests pass. All packages pass. golangci-lint clean.

MCP Validation: Tool registers correctly as get_business_term in factory mcp-list.

Adversarial Testing (5 cases, all pass):

• Empty asset_id -> asset_id is required (isError: true)
• Missing field -> JSON schema validation error
• Non-existent UUID -> asset not found (isError: true)
• Special chars/XSS in asset_id -> unexpected status: 403 (isError: true)
• Very long string (10000 chars) -> unexpected status: 400 (isError: true)

Non-blocking notes:

1. Client uses direct HTTP handling instead of shared executeRequest helper (consistent with other newer clients).
2. Uses /rest/2.0/attributes?assetId=... instead of spec /rest/2.0/assets/{assetId}/attributes (both valid Collibra endpoints).
3. Lineage only follows outgoing relations (sourceId) - correct for the specified directed chain.
4. Good test coverage: 8 tests covering success, 404, empty input, no attributes, no lineage, multiple data attributes, non-string attribute values, and server errors.

Verdict: Approved. Clean implementation following all conventions with solid test coverage and graceful edge case handling.

[EricWarnerCollibra]

Approved after independent review. All conventions met, build/tests/lint pass, MCP validation successful, 5 adversarial tests pass gracefully.

[EricWarnerCollibra]

Approved after independent review. All conventions met, build/tests/lint pass, MCP validation successful, 5 adversarial tests pass gracefully. See full details below.

Convention Compliance: All 11 checks pass.
Build: go build passes. Tests: 8/8 pass. Lint: clean.
MCP: Tool registered correctly.
Adversarial: Empty string, missing field, bad UUID, XSS, long string - all return clear errors.
Non-blocking notes: Client uses direct HTTP (fine), attributes endpoint variation (valid), outgoing-only relations (correct for spec).

[EricWarnerCollibra]

Approved

[EricWarnerCollibra]

Independent Review: get_business_term MCP Tool

Convention Compliance ✅ (11/11)

• Package name matches directory (get_business_term)
• Exports: NewTool, Input, Output (plus Output sub-types)
• NewTool signature: *http.Client -> *chip.Tool[Input, Output]
• handler unexported, returns chip.ToolHandlerFunc
• json and jsonschema tags on Input/Output
• Tool name is snake_case
• Errors returned as Output{}, err (no panics)
• No direct mcp-go imports
• Client calls via pkg/clients
• Permissions: dgc.ai-copilot
• Registered in register.go

Build / Test / Lint ✅

• go build ./cmd/chip — pass
• go test (get_business_term) — 8/8 pass
• go test ./... — all packages pass
• golangci-lint run ./... — clean

MCP Validation ✅

Tool registers as get_business_term in factory mcp-list.

Adversarial Testing ✅ (5 cases)

• Empty asset_id -> clear error
• Missing field -> JSON schema validation
• Non-existent UUID -> asset not found
• XSS/special chars -> 403 error
• 10000-char string -> 400 error

Non-blocking Notes

1. Client uses direct HTTP (consistent with newer clients)
2. Attributes via /rest/2.0/attributes?assetId=... (valid alternative to spec endpoint)
3. Outgoing-only relations (correct for directed lineage chain)