get_rule_detections calls SDK positionally → AttributeError: 'str' object has no attribute 'strftime'
secops_mcp 0.1.3. The MCP wrapper passes args to ChronicleClient.list_detections by position, but the SDK signature has start_time / end_time before alert_state, so alert_state lands in the start_time slot. The SDK then calls .strftime() on the string and crashes. Any invocation with alert_state or page_size fails.
Repro:
get_rule_detections(rule_id="ru_<uuid>", alert_state="ALERTING")
# {"error": "Unexpected error: 'str' object has no attribute 'strftime'", "detections": []}SDK signature (secops/chronicle/client.py::ChronicleClient.list_detections):
def list_detections(self, rule_id, start_time=None, end_time=None, list_basis=None,
alert_state=None, page_size=None, page_token=None, as_list=False):MCP wrapper (secops_mcp/tools/security_rules.py:311):
detections_response = chronicle.list_detections(
rule_id, alert_state, page_size, page_token
)Fix — use keyword args:
-detections_response = chronicle.list_detections(
- rule_id, alert_state, page_size, page_token
-)
+detections_response = chronicle.list_detections(
+ rule_id,
+ alert_state=alert_state,
+ page_size=page_size,
+ page_token=page_token,
+)
While in here, expose start_time / end_time / list_basis on the MCP tool — without them the tool can only list the SDK-default time window.
get_rule_detectionscalls SDK positionally →AttributeError: 'str' object has no attribute 'strftime'secops_mcp0.1.3. The MCP wrapper passes args toChronicleClient.list_detectionsby position, but the SDK signature hasstart_time/end_timebeforealert_state, soalert_statelands in thestart_timeslot. The SDK then calls.strftime()on the string and crashes. Any invocation withalert_stateorpage_sizefails.Repro:
SDK signature (
secops/chronicle/client.py::ChronicleClient.list_detections):MCP wrapper (
secops_mcp/tools/security_rules.py:311):Fix — use keyword args:
While in here, expose
start_time/end_time/list_basison the MCP tool — without them the tool can only list the SDK-default time window.