@octopusdeploy/mcp-server 2.1.0 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -9
- package/dist/helpers/pathAllowlist.d.ts.map +1 -1
- package/dist/helpers/pathAllowlist.js +9 -0
- package/dist/helpers/pathAllowlist.js.map +1 -1
- package/dist/helpers/validateExecutePath.d.ts +7 -0
- package/dist/helpers/validateExecutePath.d.ts.map +1 -1
- package/dist/helpers/validateExecutePath.js +20 -1
- package/dist/helpers/validateExecutePath.js.map +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/dist/resources/catalog/capabilities.d.ts.map +1 -1
- package/dist/resources/catalog/capabilities.js +7 -8
- package/dist/resources/catalog/capabilities.js.map +1 -1
- package/dist/tools/execute.d.ts.map +1 -1
- package/dist/tools/execute.js +33 -18
- package/dist/tools/execute.js.map +1 -1
- package/dist/tools/index.d.ts +2 -1
- package/dist/tools/index.d.ts.map +1 -1
- package/dist/tools/index.js +7 -3
- package/dist/tools/index.js.map +1 -1
- package/dist/types/toolConfig.d.ts +8 -0
- package/dist/types/toolConfig.d.ts.map +1 -1
- package/dist/types/toolConfig.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -223,11 +223,11 @@ The server uses a three-tier read/write/delete classification, enforced server-s
|
|
|
223
223
|
# Default - write tools enabled (POST/PUT/PATCH)
|
|
224
224
|
npx -y @octopusdeploy/mcp-server
|
|
225
225
|
|
|
226
|
-
# Read-only mode - write/delete tools disabled
|
|
227
|
-
npx -y @octopusdeploy/mcp-server --read-only
|
|
228
|
-
|
|
229
226
|
# Additionally permit DELETE requests through the execute tool
|
|
230
227
|
npx -y @octopusdeploy/mcp-server --allow-deletes
|
|
228
|
+
|
|
229
|
+
# Read-only mode - write/delete tools disabled
|
|
230
|
+
npx -y @octopusdeploy/mcp-server --read-only
|
|
231
231
|
```
|
|
232
232
|
|
|
233
233
|
**Security Note:** Use an API key with appropriate, least-privilege permissions — write operations can create releases and trigger deployments in your Octopus instance. For production, consider passing `--read-only` unless you have a specific, controlled use case for writes. `--allow-deletes` is off by default; only enable it when the agent must issue DELETE requests through `execute`. If you pass `--allow-deletes` together with `--read-only`, the server prints a startup warning to stderr — DELETE requests remain blocked by the read-only gate.
|
|
@@ -250,7 +250,7 @@ npx -y @octopusdeploy/mcp-server --server-url https://your-octopus.com
|
|
|
250
250
|
#### Other command line arguments
|
|
251
251
|
|
|
252
252
|
* `--read-only` - Enable read-only mode: disable all curated write tools and block POST/PUT/PATCH/DELETE through `execute`. Writes are enabled by default; this flag turns them off. See [Read-Only Mode](#read-only-mode).
|
|
253
|
-
* `--allow-deletes` - Permit DELETE requests through the `execute` tool.
|
|
253
|
+
* `--allow-deletes` - Permit DELETE requests through the `execute` tool. Ignored (with a startup warning) when `--read-only` is set. Default `false`.
|
|
254
254
|
* `--log-level <level>` - Minimum log level (info, error)
|
|
255
255
|
* `--log-file <path>` - Log file path or filename. If not specified, logs are written to console only
|
|
256
256
|
* `-q, --quiet` - Disable file logging, only log errors to console
|
|
@@ -305,12 +305,13 @@ See [Working with URLs](docs/working-with-urls.md) for detailed workflows, examp
|
|
|
305
305
|
These tools and resources let the agent reach Octopus REST endpoints that don't have a dedicated curated tool, with hard server-side gating between read, write, and delete operations.
|
|
306
306
|
|
|
307
307
|
- `grep_llms_txt`: Search the Octopus API catalog (`octopus://api/llms.txt`) with grep-style semantics (minimum supported Octopus version: `2026.2.3916`). The catalog body is large (typically 300+ KB) — call this rather than reading the resource body directly. Parameters mirror GNU grep (`pattern`, `caseInsensitive`, `invertMatch`, `fixedString`, `beforeContext`, `afterContext`, `maxCount`). Useful for discovering endpoints (`POST /releases`), enumerating delete endpoints (`DELETE `), or finding the body type for a write operation (`Body: Create.*Command`).
|
|
308
|
-
- `execute`: Structured REST backstop. Reaches any Octopus endpoint
|
|
309
|
-
- `GET` is always allowed (subject to the path
|
|
308
|
+
- `execute`: Structured REST backstop. Reaches any Octopus REST endpoint under `/api`. The HTTP method is the authoritative read/write/delete classifier — never an `isWrite` flag the LLM can set. Method gating is hard-coded server-side:
|
|
309
|
+
- `GET` is always allowed (subject to the path shape check + sensitive denylist).
|
|
310
310
|
- `POST`/`PUT`/`PATCH` are blocked when `--read-only` is set; otherwise they require user confirmation via elicitation.
|
|
311
311
|
- `DELETE` requires `--allow-deletes` (and is blocked when `--read-only` is set) plus a stronger "IRREVERSIBLE" elicitation message.
|
|
312
312
|
- The sensitive denylist (API-key endpoints, `DELETE /api/spaces/{id}`, `DELETE /api/users/{id}`) is enforced even with both flags on.
|
|
313
|
-
- The path
|
|
313
|
+
- The path is required to be `/api` or start with `/api/` — absolute URLs, SDK-relative `~/api/...` paths, and host-relative paths outside `/api` (e.g. `/octopus/portal/...`) are rejected up front, so `execute` stays bounded to the Octopus REST API surface.
|
|
314
|
+
- **Per-toolset path allowlist applies only when `--toolsets` has been narrowed.** With every toolset enabled (the default, or explicit `--toolsets all`) the allowlist is bypassed and any path under `/api` is reachable subject to the gates above. When `--toolsets` is narrowed the allowlist becomes the kill-switch: paths only resolve if their owning toolset is enabled, so disabling a toolset (e.g. `certificates`) makes its paths unreachable through `execute` even on `GET`.
|
|
314
315
|
|
|
315
316
|
Catalog data is also exposed as MCP Resources:
|
|
316
317
|
|
|
@@ -397,7 +398,7 @@ By default, the following write operations are available:
|
|
|
397
398
|
- **Deploying releases**: Can trigger deployments to environments (including production)
|
|
398
399
|
- **Running runbooks**: Can execute runbooks against environments and tenants
|
|
399
400
|
- **Updating feature toggles**: Can flip per-environment state and change rollout percentages on existing toggles
|
|
400
|
-
- **Arbitrary POST/PUT/PATCH via the `execute` backstop**:
|
|
401
|
+
- **Arbitrary POST/PUT/PATCH via the `execute` backstop**: Bounded to paths under `/api`, with an always-on sensitive denylist. The per-toolset path allowlist applies only when `--toolsets` has been narrowed; with all toolsets enabled (the default) the only path gates are the `/api` boundary and the sensitive denylist.
|
|
401
402
|
|
|
402
403
|
Pass `--read-only` to disable all of the above. DELETE requests through `execute` require an additional `--allow-deletes` flag — a deliberate opt-in for irreversible operations — and remain blocked when `--read-only` is set.
|
|
403
404
|
|
|
@@ -405,7 +406,7 @@ Pass `--read-only` to disable all of the above. DELETE requests through `execute
|
|
|
405
406
|
1. **Least Privilege**: Use API keys with the minimum permissions needed for your use case
|
|
406
407
|
2. **Opt In to Read-Only Mode**: Writes are enabled by default. For production, pass `--read-only` unless you have a specific, controlled use case for write operations. DELETE always requires the additional `--allow-deletes` opt-in.
|
|
407
408
|
3. **Method gating is server-side and hard-coded**: The HTTP method passed to `execute` is the authoritative classifier. The agent cannot bypass the gate by misrepresenting what the call does — POST/PUT/PATCH/DELETE requests get tier-specific gating regardless of the prose in the request body.
|
|
408
|
-
4. **Toolset filtering doubles as a kill switch**:
|
|
409
|
+
4. **Toolset filtering doubles as a kill switch**: Narrowing `--toolsets` removes both the disabled toolsets' curated tools and their paths from the `execute` allowlist. (The allowlist is only consulted when toolsets are narrowed; with all toolsets enabled `execute` is bounded by the `/api` shape check and the sensitive denylist instead.)
|
|
409
410
|
5. **Prompt Injection Risk**: Running agents in fully automated fashion could make you vulnerable to prompt-injection attacks
|
|
410
411
|
|
|
411
412
|
**Recommendation**: For production environments, pass `--read-only` unless you have a specific, controlled use case for write operations. Leave `--allow-deletes` off unless you specifically need DELETE semantics through `execute`.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pathAllowlist.d.ts","sourceRoot":"","sources":["../../src/helpers/pathAllowlist.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pathAllowlist.d.ts","sourceRoot":"","sources":["../../src/helpers/pathAllowlist.ts"],"names":[],"mappings":"AAwCA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,wBAAwB,CAAC;AA4GtD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAYnE;AAED;;;;;;;;;GASG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,eAAe,EAAE,SAAS,OAAO,EAAE,GAClC,cAAc,CAQhB"}
|
|
@@ -5,6 +5,15 @@
|
|
|
5
5
|
// disappear — turning off `releases` makes the release endpoints unreachable
|
|
6
6
|
// regardless of HTTP method or read-only mode. This is the kill-switch model.
|
|
7
7
|
//
|
|
8
|
+
// **The allowlist is only consulted when toolsets have been narrowed.** When
|
|
9
|
+
// every toolset is enabled (the default, or explicit `--toolsets all`), the
|
|
10
|
+
// `execute` tool skips this gate entirely — there is no scope to enforce, and
|
|
11
|
+
// applying the allowlist would otherwise act as a stale hand-rolled
|
|
12
|
+
// enumeration that blocks legitimate Octopus endpoints (`/feeds`,
|
|
13
|
+
// `/scopedusersroles`, etc.) that `grep_llms_txt` would have surfaced. So
|
|
14
|
+
// **do not** treat the patterns below as the canonical "set of endpoints the
|
|
15
|
+
// MCP server supports" — they are only the kill-switch policy.
|
|
16
|
+
//
|
|
8
17
|
// **`core` is intentionally narrow.** It only covers space discovery,
|
|
9
18
|
// server-level metadata, and the API catalog. It does NOT contain a wildcard
|
|
10
19
|
// over space sub-paths — every per-resource path under a space must be
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pathAllowlist.js","sourceRoot":"","sources":["../../src/helpers/pathAllowlist.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,EAAE;AACF,sEAAsE;AACtE,8EAA8E;AAC9E,6EAA6E;AAC7E,8EAA8E;AAC9E,EAAE;AACF,sEAAsE;AACtE,6EAA6E;AAC7E,uEAAuE;AACvE,wEAAwE;AACxE,6EAA6E;AAC7E,mCAAmC;AACnC,EAAE;AACF,sEAAsE;AACtE,+EAA+E;AAC/E,mEAAmE;AACnE,qEAAqE;AACrE,6EAA6E;AAC7E,wCAAwC;AACxC,EAAE;AACF,0EAA0E;AAC1E,2EAA2E;AAC3E,uEAAuE;AACvE,qCAAqC;AACrC,EAAE;AACF,6EAA6E;AAC7E,wEAAwE;AACxE,2EAA2E;AAC3E,qBAAqB;AAErB,OAAO,EAAgB,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD;;;;GAIG;AACH,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO;QACL,UAAU,MAAM,EAAE;QAClB,UAAU,MAAM,KAAK;QACrB,iBAAiB,MAAM,EAAE;QACzB,iBAAiB,MAAM,KAAK;KAC7B,CAAC;AACJ,CAAC;AAED,MAAM,qBAAqB,GAAuC;IAChE,IAAI,EAAE;QACJ,MAAM;QACN,eAAe;QACf,8BAA8B;QAC9B,aAAa;QACb,sEAAsE;QACtE,yEAAyE;QACzE,yDAAyD;QACzD,eAAe;QACf,sBAAsB;QACtB,sBAAsB;KACvB;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,eAAe,CAAC;QAC/B,GAAG,WAAW,CAAC,YAAY,CAAC;KAC7B;IACD,WAAW,EAAE;QACX,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7B,GAAG,WAAW,CAAC,qBAAqB,CAAC;QACrC,GAAG,WAAW,CAAC,WAAW,CAAC;KAC5B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,UAAU,CAAC;KAC3B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7B,GAAG,WAAW,CAAC,kBAAkB,CAAC;QAClC,GAAG,WAAW,CAAC,kBAAkB,CAAC;KACnC;IACD,KAAK,EAAE,CAAC,YAAY,EAAE,eAAe,CAAC;IACtC,OAAO,EAAE;QACP,GAAG,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,WAAW,CAAC,iBAAiB,CAAC;KAClC;IACD,UAAU,EAAE;QACV,iCAAiC;QACjC,iCAAiC;QACjC,wCAAwC;QACxC,wCAAwC;KACzC;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,WAAW,CAAC,aAAa,CAAC;KAC9B;IACD,OAAO,EAAE;QACP,GAAG,WAAW,CAAC,cAAc,CAAC;QAC9B,GAAG,WAAW,CAAC,WAAW,CAAC;KAC5B;IACD,YAAY,EAAE;QACZ,GAAG,WAAW,CAAC,cAAc,CAAC;KAC/B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;KAC3B;IACD,aAAa,EAAE;QACb,GAAG,WAAW,CAAC,eAAe,CAAC;KAChC;IACD,cAAc,EAAE;QACd,uEAAuE;QACvE,uEAAuE;QACvE,yEAAyE;QACzE,wEAAwE;QACxE,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,oCAAoC;QACpC,kCAAkC;QAClC,qCAAqC;QACrC,yCAAyC;QACzC,4CAA4C;KAC7C;CACF,CAAC;AAEF,yEAAyE;AACzE,qEAAqE;AACrE,wEAAwE;AACxE,uEAAuE;AACvE,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,OAAO;SACX,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;AAC3E,CAAC;AAOD;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,IAAI,IAAI,GAAqD,IAAI,CAAC;IAClE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAc,EAAE,CAAC;QACtE,KAAK,MAAM,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC;gBAAE,SAAS;YAC9C,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5C,IAAI,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,EAAE,OAAO,CAAC;AACvB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,eAAmC;IAEnC,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAEtC,MAAM,SAAS,GAAG,KAAK,KAAK,MAAM,IAAI,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtE,OAAO,SAAS;QACd,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE;QACnC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC"}
|
|
1
|
+
{"version":3,"file":"pathAllowlist.js","sourceRoot":"","sources":["../../src/helpers/pathAllowlist.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,EAAE;AACF,sEAAsE;AACtE,8EAA8E;AAC9E,6EAA6E;AAC7E,8EAA8E;AAC9E,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,8EAA8E;AAC9E,oEAAoE;AACpE,kEAAkE;AAClE,0EAA0E;AAC1E,6EAA6E;AAC7E,+DAA+D;AAC/D,EAAE;AACF,sEAAsE;AACtE,6EAA6E;AAC7E,uEAAuE;AACvE,wEAAwE;AACxE,6EAA6E;AAC7E,mCAAmC;AACnC,EAAE;AACF,sEAAsE;AACtE,+EAA+E;AAC/E,mEAAmE;AACnE,qEAAqE;AACrE,6EAA6E;AAC7E,wCAAwC;AACxC,EAAE;AACF,0EAA0E;AAC1E,2EAA2E;AAC3E,uEAAuE;AACvE,qCAAqC;AACrC,EAAE;AACF,6EAA6E;AAC7E,wEAAwE;AACxE,2EAA2E;AAC3E,qBAAqB;AAErB,OAAO,EAAgB,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD;;;;GAIG;AACH,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO;QACL,UAAU,MAAM,EAAE;QAClB,UAAU,MAAM,KAAK;QACrB,iBAAiB,MAAM,EAAE;QACzB,iBAAiB,MAAM,KAAK;KAC7B,CAAC;AACJ,CAAC;AAED,MAAM,qBAAqB,GAAuC;IAChE,IAAI,EAAE;QACJ,MAAM;QACN,eAAe;QACf,8BAA8B;QAC9B,aAAa;QACb,sEAAsE;QACtE,yEAAyE;QACzE,yDAAyD;QACzD,eAAe;QACf,sBAAsB;QACtB,sBAAsB;KACvB;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,eAAe,CAAC;QAC/B,GAAG,WAAW,CAAC,YAAY,CAAC;KAC7B;IACD,WAAW,EAAE;QACX,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7B,GAAG,WAAW,CAAC,qBAAqB,CAAC;QACrC,GAAG,WAAW,CAAC,WAAW,CAAC;KAC5B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,UAAU,CAAC;KAC3B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7B,GAAG,WAAW,CAAC,kBAAkB,CAAC;QAClC,GAAG,WAAW,CAAC,kBAAkB,CAAC;KACnC;IACD,KAAK,EAAE,CAAC,YAAY,EAAE,eAAe,CAAC;IACtC,OAAO,EAAE;QACP,GAAG,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,WAAW,CAAC,iBAAiB,CAAC;KAClC;IACD,UAAU,EAAE;QACV,iCAAiC;QACjC,iCAAiC;QACjC,wCAAwC;QACxC,wCAAwC;KACzC;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,WAAW,CAAC,aAAa,CAAC;KAC9B;IACD,OAAO,EAAE;QACP,GAAG,WAAW,CAAC,cAAc,CAAC;QAC9B,GAAG,WAAW,CAAC,WAAW,CAAC;KAC5B;IACD,YAAY,EAAE;QACZ,GAAG,WAAW,CAAC,cAAc,CAAC;KAC/B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;KAC3B;IACD,aAAa,EAAE;QACb,GAAG,WAAW,CAAC,eAAe,CAAC;KAChC;IACD,cAAc,EAAE;QACd,uEAAuE;QACvE,uEAAuE;QACvE,yEAAyE;QACzE,wEAAwE;QACxE,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,oCAAoC;QACpC,kCAAkC;QAClC,qCAAqC;QACrC,yCAAyC;QACzC,4CAA4C;KAC7C;CACF,CAAC;AAEF,yEAAyE;AACzE,qEAAqE;AACrE,wEAAwE;AACxE,uEAAuE;AACvE,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,OAAO;SACX,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;AAC3E,CAAC;AAOD;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,IAAI,IAAI,GAAqD,IAAI,CAAC;IAClE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAc,EAAE,CAAC;QACtE,KAAK,MAAM,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC;gBAAE,SAAS;YAC9C,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5C,IAAI,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,EAAE,OAAO,CAAC;AACvB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,eAAmC;IAEnC,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAEtC,MAAM,SAAS,GAAG,KAAK,KAAK,MAAM,IAAI,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtE,OAAO,SAAS;QACd,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE;QACnC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC"}
|
|
@@ -17,6 +17,13 @@
|
|
|
17
17
|
* Query parameters belong in the `query` argument of the execute tool, not
|
|
18
18
|
* inside the `path` string — surfacing that as a reject prompts the agent to
|
|
19
19
|
* use the right field.
|
|
20
|
+
*
|
|
21
|
+
* The `/api` prefix is also a hard requirement. `execute` is a backstop for
|
|
22
|
+
* the Octopus REST API, not a general server-relative request tool — without
|
|
23
|
+
* this gate, a request like `/octopus/portal/auth` would be sent through to
|
|
24
|
+
* the configured Octopus host once the per-toolset allowlist is bypassed
|
|
25
|
+
* (which it is whenever all toolsets are enabled). Reject paths that don't
|
|
26
|
+
* sit under `/api` so the scope stays bounded regardless of allowlist state.
|
|
20
27
|
*/
|
|
21
28
|
export type PathValidation = {
|
|
22
29
|
ok: true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateExecutePath.d.ts","sourceRoot":"","sources":["../../src/helpers/validateExecutePath.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"validateExecutePath.d.ts","sourceRoot":"","sources":["../../src/helpers/validateExecutePath.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,MAAM,MAAM,cAAc,GACtB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAC1B;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAyD/D"}
|
|
@@ -17,13 +17,32 @@
|
|
|
17
17
|
* Query parameters belong in the `query` argument of the execute tool, not
|
|
18
18
|
* inside the `path` string — surfacing that as a reject prompts the agent to
|
|
19
19
|
* use the right field.
|
|
20
|
+
*
|
|
21
|
+
* The `/api` prefix is also a hard requirement. `execute` is a backstop for
|
|
22
|
+
* the Octopus REST API, not a general server-relative request tool — without
|
|
23
|
+
* this gate, a request like `/octopus/portal/auth` would be sent through to
|
|
24
|
+
* the configured Octopus host once the per-toolset allowlist is bypassed
|
|
25
|
+
* (which it is whenever all toolsets are enabled). Reject paths that don't
|
|
26
|
+
* sit under `/api` so the scope stays bounded regardless of allowlist state.
|
|
20
27
|
*/
|
|
21
28
|
export function validateExecutePath(raw) {
|
|
22
29
|
if (typeof raw !== "string" || raw.length === 0) {
|
|
23
30
|
return { ok: false, reason: "Path must be a non-empty string." };
|
|
24
31
|
}
|
|
25
32
|
if (!raw.startsWith("/")) {
|
|
26
|
-
return {
|
|
33
|
+
return {
|
|
34
|
+
ok: false,
|
|
35
|
+
reason: "Path must start with '/api' (server-relative path under the Octopus REST API). Absolute URLs and SDK-relative paths like '~/api/...' are not accepted.",
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
// Bound execute to the /api surface. `/api` exactly is the API root and
|
|
39
|
+
// is valid; otherwise the path must continue with `/api/`. `/api2` and
|
|
40
|
+
// `/apifoo` are not under /api, so they are rejected.
|
|
41
|
+
if (raw !== "/api" && !raw.startsWith("/api/")) {
|
|
42
|
+
return {
|
|
43
|
+
ok: false,
|
|
44
|
+
reason: "Path must be '/api' or start with '/api/' — execute only reaches the Octopus REST API surface.",
|
|
45
|
+
};
|
|
27
46
|
}
|
|
28
47
|
if (raw.includes("\\")) {
|
|
29
48
|
return { ok: false, reason: "Path must not contain backslashes." };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateExecutePath.js","sourceRoot":"","sources":["../../src/helpers/validateExecutePath.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"validateExecutePath.js","sourceRoot":"","sources":["../../src/helpers/validateExecutePath.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAMH,MAAM,UAAU,mBAAmB,CAAC,GAAW;IAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,wJAAwJ;SAC3J,CAAC;IACJ,CAAC;IACD,wEAAwE;IACxE,uEAAuE;IACvE,sDAAsD;IACtD,IAAI,GAAG,KAAK,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,gGAAgG;SACnG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IACrE,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,+FAA+F;SAClG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yCAAyC,EAAE,CAAC;IAC1E,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IAC9D,CAAC;IACD,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,+EAA+E;SAClF,CAAC;IACJ,CAAC;IACD,uEAAuE;IACvE,8CAA8C;IAC9C,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EACJ,6EAA6E;aAChF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AACjC,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -27,7 +27,7 @@ program
|
|
|
27
27
|
.option("-s, --server-url <url>", "Octopus server URL")
|
|
28
28
|
.option("--toolsets <toolsets>", `Comma-separated list of toolsets to enable, or "all" (default: all). Available toolsets: ${DEFAULT_TOOLSETS.join(", ")}`)
|
|
29
29
|
.option("--read-only", "Enable read-only mode: disable all write tools and block POST/PUT/PATCH/DELETE through the execute tool (default: write tools enabled)")
|
|
30
|
-
.option("--allow-deletes", "Permit DELETE-method requests through the execute tool.
|
|
30
|
+
.option("--allow-deletes", "Permit DELETE-method requests through the execute tool. Ignored (with a startup warning) when --read-only is set. Default false.")
|
|
31
31
|
.option("--log-level <level>", "Minimum log level (info, error)", "info")
|
|
32
32
|
.option("--log-file <path>", "Log file path or filename. If not specified, logs are written to console only.")
|
|
33
33
|
.option("-q, --quiet", "Disable file logging, only log errors to console", false)
|
|
@@ -47,7 +47,7 @@ const configuredServerUrl = process.env.CLI_SERVER_URL ||
|
|
|
47
47
|
const SERVER_INSTRUCTIONS = `
|
|
48
48
|
The official Octopus Deploy MCP server, currently connected to: ${configuredServerUrl}
|
|
49
49
|
|
|
50
|
-
Tools are grouped into toolsets (
|
|
50
|
+
Tools are grouped into toolsets (${DEFAULT_TOOLSETS.join(", ")}) and you can filter them via --toolsets. Writes are on by default; pass --read-only to gate them off.
|
|
51
51
|
|
|
52
52
|
Resource URIs and how to dereference them:
|
|
53
53
|
- Many tools return slim summaries plus an 'octopus://...' URI in fields like 'resourceUri' or 'taskResourceUri' instead of inlining heavy payloads (release notes, packaged versions, structured task activity trees, etc.). To fetch the full body, dereference the URI.
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EACL,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,qCAAqC,EAAE,MAAM,oDAAoD,CAAC;AAC3G,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,WAAW,MAAM,iBAAiB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAErC,MAAM,CAAC,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC;AAElD,+DAA+D;AAC/D,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAE/B,+BAA+B;AAC/B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAC9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CAAC,2BAA2B,CAAC;KACxC,OAAO,CAAC,cAAc,CAAC;KACvB,MAAM,CAAC,wBAAwB,EAAE,oBAAoB,CAAC;KACtD,MAAM,CACL,uBAAuB,EACvB,4FAA4F,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1H;KACA,MAAM,CACL,aAAa,EACb,wIAAwI,CACzI;KACA,MAAM,CACL,iBAAiB,EACjB
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EACL,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,qCAAqC,EAAE,MAAM,oDAAoD,CAAC;AAC3G,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,WAAW,MAAM,iBAAiB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAErC,MAAM,CAAC,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC;AAElD,+DAA+D;AAC/D,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAE/B,+BAA+B;AAC/B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAC9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CAAC,2BAA2B,CAAC;KACxC,OAAO,CAAC,cAAc,CAAC;KACvB,MAAM,CAAC,wBAAwB,EAAE,oBAAoB,CAAC;KACtD,MAAM,CACL,uBAAuB,EACvB,4FAA4F,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1H;KACA,MAAM,CACL,aAAa,EACb,wIAAwI,CACzI;KACA,MAAM,CACL,iBAAiB,EACjB,kIAAkI,CACnI;KACA,MAAM,CAAC,qBAAqB,EAAE,iCAAiC,EAAE,MAAM,CAAC;KACxE,MAAM,CACL,mBAAmB,EACnB,gFAAgF,CACjF;KACA,MAAM,CACL,aAAa,EACb,kDAAkD,EAClD,KAAK,CACN;KACA,MAAM,CACL,yBAAyB,EACzB,8EAA8E,CAC/E;KACA,KAAK,EAAE,CAAC;AAEX,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;AAE/B,2EAA2E;AAC3E,uEAAuE;AACvE,0EAA0E;AAC1E,oCAAoC;AACpC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;IACtB,OAAO,CAAC,GAAG,CAAC,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC;AACjD,CAAC;AACD,MAAM,mBAAmB,GACvB,OAAO,CAAC,GAAG,CAAC,cAAc;IAC1B,OAAO,CAAC,GAAG,CAAC,kBAAkB;IAC9B,gEAAgE,CAAC;AAEnE,MAAM,mBAAmB,GAAG;kEACsC,mBAAmB;;mCAElD,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4B7D,CAAC,IAAI,EAAE,CAAC;AAET,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B;IACE,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,qCAAqC;IAClD,OAAO,EAAE,cAAc;CACxB,EACD;IACE,YAAY,EAAE,mBAAmB;CAClC,CACF,CAAC;AAEF,MAAM,aAAa,GAAG,mBAAmB,CACvC,OAAO,CAAC,QAAQ,EAChB,OAAO,CAAC,QAAQ,EAChB,OAAO,CAAC,YAAY,CACrB,CAAC;AAEF,4EAA4E;AAC5E,mEAAmE;AACnE,wEAAwE;AACxE,IAAI,aAAa,CAAC,YAAY,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sEAAsE;QACpE,kEAAkE;QAClE,iCAAiC,CACpC,CAAC;AACJ,CAAC;AAED,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;AACrC,iBAAiB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;AAEzC,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAC/B,wBAAwB,EAAE,CAAC;IAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IACpB,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC;QACrC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC3D,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAEnC,iFAAiF;AAEjF,wDAAwD;AACxD,MAAM,CAAC,MAAM,CAAC,aAAa,GAAG,GAAG,EAAE;IACjC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;IACpD,IAAI,UAAU,EAAE,CAAC;QACf,aAAa,CAAC,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,CAAC,IAAI,CACT,uBAAuB,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,OAAO,EAAE,CAChE,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;IACjE,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,IAAI,CAAC,gDAAgD,cAAc,GAAG,CAAC,CAAC;AAE/E,eAAe;AACf,KAAK,UAAU,SAAS;IACtB,qBAAqB;IACrB,qCAAqC,EAAE,CAAC;IAExC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IAC1B,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../../../src/resources/catalog/capabilities.ts"],"names":[],"mappings":"AAGA,OAAO,EAGL,KAAK,OAAO,EACb,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../../../src/resources/catalog/capabilities.ts"],"names":[],"mappings":"AAGA,OAAO,EAGL,KAAK,OAAO,EACb,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAG9D,UAAU,mBAAmB;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B;;;;OAIG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;OAIG;IACH,cAAc,CAAC,EAAE,UAAU,EAAE,CAAC;CAC/B;AAED,UAAU,YAAY;IACpB,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,OAAO,EAAE;QACP,eAAe,EAAE,OAAO,EAAE,CAAC;QAC3B,YAAY,EAAE,OAAO,CAAC;QACtB,YAAY,EAAE,OAAO,CAAC;KACvB,CAAC;IACF,KAAK,EAAE,mBAAmB,EAAE,CAAC;IAC7B,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAUD,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,YAAY,CAAC,CA+D/D"}
|
|
@@ -4,6 +4,7 @@ import { getClientConfigurationFromEnvironment } from "../../helpers/getClientCo
|
|
|
4
4
|
import { TOOL_REGISTRY, DEFAULT_TOOLSETS, } from "../../types/toolConfig.js";
|
|
5
5
|
import { getActiveToolsetConfig } from "../../helpers/activeToolsetConfig.js";
|
|
6
6
|
import {} from "../../helpers/methodTier.js";
|
|
7
|
+
import { isToolEnabled } from "../../tools/index.js";
|
|
7
8
|
function resolveEnabledToolsets() {
|
|
8
9
|
const config = getActiveToolsetConfig();
|
|
9
10
|
if (config.enabledToolsets === "all" || config.enabledToolsets == null) {
|
|
@@ -22,9 +23,11 @@ export async function buildCapabilities() {
|
|
|
22
23
|
enabledSet.add("core");
|
|
23
24
|
const tools = [];
|
|
24
25
|
for (const [name, registration] of TOOL_REGISTRY) {
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
26
|
+
// Single source of truth: the catalog lists exactly the tools that
|
|
27
|
+
// `registerTools` would register for this session. Any future filter
|
|
28
|
+
// rule (new tier flag, dynamic toolset gate, etc.) reaches the catalog
|
|
29
|
+
// automatically — which is the class of bug this file just fixed.
|
|
30
|
+
if (!isToolEnabled(registration, activeConfig))
|
|
28
31
|
continue;
|
|
29
32
|
const entry = {
|
|
30
33
|
name,
|
|
@@ -32,11 +35,7 @@ export async function buildCapabilities() {
|
|
|
32
35
|
readOnly: registration.config.readOnly,
|
|
33
36
|
minimumOctopusVersion: registration.minimumOctopusVersion,
|
|
34
37
|
};
|
|
35
|
-
|
|
36
|
-
// registration filter in read-only mode for its GET branch) but its
|
|
37
|
-
// actual behaviour is method-gated. Surface that explicitly so callers
|
|
38
|
-
// don't conclude execute is fully read-only.
|
|
39
|
-
if (name === "execute") {
|
|
38
|
+
if (registration.config.methodGated) {
|
|
40
39
|
entry.methodGated = true;
|
|
41
40
|
const tiers = ["read"];
|
|
42
41
|
if (!readOnlyMode)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../../../src/resources/catalog/capabilities.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,EAAE,qCAAqC,EAAE,MAAM,wDAAwD,CAAC;AAC/G,OAAO,EACL,aAAa,EACb,gBAAgB,GAEjB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAmB,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../../../src/resources/catalog/capabilities.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,EAAE,qCAAqC,EAAE,MAAM,wDAAwD,CAAC;AAC/G,OAAO,EACL,aAAa,EACb,gBAAgB,GAEjB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAmB,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAmCrD,SAAS,sBAAsB;IAC7B,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;IACxC,IAAI,MAAM,CAAC,eAAe,KAAK,KAAK,IAAI,MAAM,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QACvE,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,qCAAqC,EAAE,CAAC,CAAC;IAE5E,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,oBAAoB,EAAE,CAAC;IAEvD,MAAM,YAAY,GAAG,sBAAsB,EAAE,CAAC;IAC9C,MAAM,eAAe,GAAG,sBAAsB,EAAE,CAAC;IACjD,MAAM,YAAY,GAAG,YAAY,CAAC,YAAY,IAAI,KAAK,CAAC;IACxD,MAAM,YAAY,GAAG,YAAY,CAAC,YAAY,IAAI,KAAK,CAAC;IAExD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAU,eAAe,CAAC,CAAC;IACrD,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAEvB,MAAM,KAAK,GAA0B,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,aAAa,EAAE,CAAC;QACjD,mEAAmE;QACnE,qEAAqE;QACrE,uEAAuE;QACvE,kEAAkE;QAClE,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC;YAAE,SAAS;QACzD,MAAM,KAAK,GAAwB;YACjC,IAAI;YACJ,OAAO,EAAE,YAAY,CAAC,MAAM,CAAC,OAAO;YACpC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,QAAQ;YACtC,qBAAqB,EAAE,YAAY,CAAC,qBAAqB;SAC1D,CAAC;QACF,IAAI,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACpC,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC;YACzB,MAAM,KAAK,GAAiB,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,CAAC,YAAY;gBAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,CAAC,YAAY,IAAI,YAAY;gBAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxD,KAAK,CAAC,cAAc,GAAG,KAAK,CAAC;QAC/B,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEnD,IAAI,YAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,MAAM,CAAC,GAAG,CAAU,+BAA+B,CAAC,CAAC;IAC5E,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;QAC1E,2EAA2E;QAC3E,8DAA8D;QAC9D,YAAY,GAAG,SAAS,CAAC;IAC3B,CAAC;IAED,MAAM,YAAY,GAAiB;QACjC,MAAM,EAAE;YACN,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,cAAc,EAAE,UAAU,CAAC,cAAc;SAC1C;QACD,OAAO,EAAE;YACP,eAAe,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,EAAe;YAC3D,YAAY;YACZ,YAAY;SACb;QACD,KAAK;KACN,CAAC;IACF,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,YAAY,CAAC,YAAY,GAAG,YAAY,CAAC;IAC3C,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,0BAA0B,CAAC;IACzB,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EAAE,4BAA4B;IACzC,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,0BAA0B;IACjC,WAAW,EACT,sKAAsK;IACxK,QAAQ,EAAE,kBAAkB;IAC5B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QACjB,QAAQ,EAAE,kBAAkB;QAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,iBAAiB,EAAE,CAAC;KAChD,CAAC;CACH,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../src/tools/execute.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAsKzE,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,SAAS,
|
|
1
|
+
{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../src/tools/execute.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAsKzE,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,SAAS,QAiMpD"}
|
package/dist/tools/execute.js
CHANGED
|
@@ -76,7 +76,7 @@ const inputSchema = {
|
|
|
76
76
|
path: z
|
|
77
77
|
.string()
|
|
78
78
|
.min(1)
|
|
79
|
-
.describe("
|
|
79
|
+
.describe("Server-relative path under the Octopus REST API. MUST be exactly '/api' or start with '/api/' — e.g. '/api/spaces/Spaces-1/feeds' or '/api/Spaces-1/projects'. Do NOT pass an absolute URL ('https://octopus.example/api/...'), an SDK-relative path ('~/api/...'), or a host-relative path outside /api ('/octopus/portal/...'); they are all rejected. Query parameters go in `query`, not in this string. Discover valid paths via grep_llms_txt."),
|
|
80
80
|
query: z
|
|
81
81
|
.record(z.string())
|
|
82
82
|
.optional()
|
|
@@ -108,8 +108,9 @@ export function registerExecuteTool(server) {
|
|
|
108
108
|
The HTTP method enum is the gate. The tool will not honour any 'isRead' flag the agent invents — the runtime classifies based on the actual method.
|
|
109
109
|
|
|
110
110
|
**Other gates** (in order):
|
|
111
|
+
0. Path shape: must be '/api' or start with '/api/'. Absolute URLs, '~/api/...', '/octopus/portal/...', query strings, fragments, '..' segments, and percent-encoded slashes are all rejected up front.
|
|
111
112
|
1. Sensitive denylist: API key endpoints and catastrophic deletes (DELETE /api/users/{id}, DELETE /api/spaces/{id}) are always blocked.
|
|
112
|
-
2. Path allowlist
|
|
113
|
+
2. Path allowlist — only applied when --toolsets has narrowed the active set. With every toolset enabled (the default, or explicit --toolsets all) any path under /api is reachable subject to the other gates; when toolsets are narrowed, paths only resolve if their owning toolset is enabled so disabling a toolset (e.g. 'certificates') makes its endpoints unreachable even on GET.
|
|
113
114
|
3. Elicitation on every non-GET, with a stronger message for DELETE.
|
|
114
115
|
|
|
115
116
|
Discover endpoints with grep_llms_txt. Use octopus://api/capabilities to see which toolsets are enabled and whether write/delete modes are on.`,
|
|
@@ -175,18 +176,31 @@ Discover endpoints with grep_llms_txt. Use octopus://api/capabilities to see whi
|
|
|
175
176
|
}
|
|
176
177
|
}
|
|
177
178
|
// Gate 3: path allowlist by enabled toolset.
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
179
|
+
//
|
|
180
|
+
// The allowlist exists only as the kill-switch for narrowed toolsets:
|
|
181
|
+
// when the operator says `--toolsets releases`, paths under projects /
|
|
182
|
+
// certificates / etc. must be unreachable through execute as well as
|
|
183
|
+
// through the curated tools. When *all* toolsets are enabled (the
|
|
184
|
+
// default, and the explicit `--toolsets all`), there is no scope to
|
|
185
|
+
// enforce — applying the allowlist there would turn it into a stale
|
|
186
|
+
// hand-rolled enumeration that blocks legitimate endpoints (e.g.
|
|
187
|
+
// /feeds, /scopedusersroles) that grep_llms_txt would have surfaced.
|
|
188
|
+
// So we skip it. The other gates (canonicalization, sensitive denylist,
|
|
189
|
+
// method tier, confirmation) still apply.
|
|
190
|
+
if (config.enabledToolsets !== "all" && config.enabledToolsets != null) {
|
|
191
|
+
const enabledToolsets = resolveEnabledToolsets();
|
|
192
|
+
const allowed = matchPath(path, enabledToolsets);
|
|
193
|
+
if (!allowed.matched) {
|
|
194
|
+
const owner = findOwningToolset(path);
|
|
195
|
+
audit("blocked", "pathNotAllowed");
|
|
196
|
+
return errorResponse({
|
|
197
|
+
success: false,
|
|
198
|
+
reason: "pathNotAllowed",
|
|
199
|
+
message: owner
|
|
200
|
+
? `Path '${path}' belongs to the '${owner}' toolset which is not enabled in this session. Enable it via --toolsets to reach this endpoint.`
|
|
201
|
+
: `Path '${path}' is not on the execute allowlist for any toolset. If this is a legitimate Octopus endpoint not yet covered, file an issue against the MCP server.`,
|
|
202
|
+
});
|
|
203
|
+
}
|
|
190
204
|
}
|
|
191
205
|
// Gate 4: elicitation on every non-GET.
|
|
192
206
|
if (tier !== "read") {
|
|
@@ -252,10 +266,11 @@ Discover endpoints with grep_llms_txt. Use octopus://api/capabilities to see whi
|
|
|
252
266
|
}
|
|
253
267
|
registerToolDefinition({
|
|
254
268
|
toolName: "execute",
|
|
255
|
-
//
|
|
256
|
-
//
|
|
257
|
-
//
|
|
258
|
-
|
|
269
|
+
// execute is not statically read-only — its tier depends on the HTTP method
|
|
270
|
+
// passed in. methodGated: true keeps it registered even in --read-only mode
|
|
271
|
+
// (where only its GET branch is reachable), and the catalog surfaces the
|
|
272
|
+
// honest `readOnly: false` so clients don't auto-classify it as a reader.
|
|
273
|
+
config: { toolset: "core", readOnly: false, methodGated: true },
|
|
259
274
|
registerFn: registerExecuteTool,
|
|
260
275
|
});
|
|
261
276
|
//# sourceMappingURL=execute.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execute.js","sourceRoot":"","sources":["../../src/tools/execute.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAkB,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,kCAAkC,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,EAAE,qCAAqC,EAAE,MAAM,qDAAqD,CAAC;AAC5G,OAAO,EACL,YAAY,EACZ,cAAc,GAGf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EACL,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,EACL,gBAAgB,GAEjB,MAAM,wBAAwB,CAAC;AAuBhC,SAAS,aAAa,CAAC,OAA6B;IAClD,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;aACvC;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAa;IAClC,IAAI,IAAI,IAAI,IAAI;QAAE,OAAO,WAAW,CAAC;IACrC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,eAAe,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,uBAAuB,CAAC;IACjC,CAAC;AACH,CAAC;AAUD;;;;;GAKG;AACH,SAAS,UAAU,CAAC,IAAe;IAIjC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC;YACb,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,GAAG,IAAI;YACP,OAAO;YACP,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACnC,CAAC,GAAG,IAAI,CACV,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;IACxC,IAAI,MAAM,CAAC,eAAe,KAAK,KAAK,IAAI,MAAM,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QACvE,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC;AAChC,CAAC;AAWD,KAAK,UAAU,eAAe,CAC5B,MAAc,EACd,MAAkB,EAClB,IAAY,EACZ,KAAyC,EACzC,IAAa;IAEb,MAAM,YAAY,GAAG,MAAuC,CAAC;IAC7D,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACjD,OAAO,YAAY,CAAC,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,WAAW,GAAG;IAClB,MAAM,EAAE,CAAC;SACN,IAAI,CAAC,YAAwD,CAAC;SAC9D,QAAQ,CACP,8OAA8O,CAC/O;IACH,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CACP,
|
|
1
|
+
{"version":3,"file":"execute.js","sourceRoot":"","sources":["../../src/tools/execute.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAkB,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,kCAAkC,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,EAAE,qCAAqC,EAAE,MAAM,qDAAqD,CAAC;AAC5G,OAAO,EACL,YAAY,EACZ,cAAc,GAGf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EACL,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,EACL,gBAAgB,GAEjB,MAAM,wBAAwB,CAAC;AAuBhC,SAAS,aAAa,CAAC,OAA6B;IAClD,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;aACvC;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAa;IAClC,IAAI,IAAI,IAAI,IAAI;QAAE,OAAO,WAAW,CAAC;IACrC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,eAAe,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,uBAAuB,CAAC;IACjC,CAAC;AACH,CAAC;AAUD;;;;;GAKG;AACH,SAAS,UAAU,CAAC,IAAe;IAIjC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC;YACb,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,GAAG,IAAI;YACP,OAAO;YACP,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACnC,CAAC,GAAG,IAAI,CACV,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;IACxC,IAAI,MAAM,CAAC,eAAe,KAAK,KAAK,IAAI,MAAM,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QACvE,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC;AAChC,CAAC;AAWD,KAAK,UAAU,eAAe,CAC5B,MAAc,EACd,MAAkB,EAClB,IAAY,EACZ,KAAyC,EACzC,IAAa;IAEb,MAAM,YAAY,GAAG,MAAuC,CAAC;IAC7D,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACjD,OAAO,YAAY,CAAC,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,WAAW,GAAG;IAClB,MAAM,EAAE,CAAC;SACN,IAAI,CAAC,YAAwD,CAAC;SAC9D,QAAQ,CACP,8OAA8O,CAC/O;IACH,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CACP,sbAAsb,CACvb;IACH,KAAK,EAAE,CAAC;SACL,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SAClB,QAAQ,EAAE;SACV,QAAQ,CAAC,oDAAoD,CAAC;IACjE,IAAI,EAAE,CAAC;SACJ,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CAAC,iDAAiD,CAAC;IAC9D,KAAK,EAAE,CAAC;SACL,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CACP,4HAA4H,CAC7H;IACH,OAAO,EAAE,CAAC;SACP,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CACP,mIAAmI,CACpI;CACJ,CAAC;AAEF,MAAM,UAAU,mBAAmB,CAAC,MAAiB;IACnD,MAAM,CAAC,YAAY,CACjB,SAAS,EACT;QACE,KAAK,EAAE,4CAA4C;QACnD,WAAW,EAAE;;;;;;;;;;;;;;;;+IAgB4H;QACzI,WAAW;QACX,WAAW,EAAE,kCAAkC;KAChD,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,MAAM,GAAG,IAAqB,CAAC;QACrC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;QAC7D,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;QAClD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;QAElD,sEAAsE;QACtE,uEAAuE;QACvE,sEAAsE;QACtE,qDAAqD;QACrD,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,KAAK,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YAChC,OAAO,aAAa,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,aAAa;gBACrB,OAAO,EAAE,iBAAiB,UAAU,CAAC,MAAM,EAAE;aAC9C,CAAC,CAAC;QACL,CAAC;QACD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;QAE7B,sEAAsE;QACtE,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;YACtB,KAAK,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;YAClC,OAAO,aAAa,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,eAAe;gBACvB,OAAO,EAAE,SAAS,IAAI,qEAAqE,SAAS,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE;aAC3H,CAAC,CAAC;QACL,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,KAAK,OAAO,IAAI,YAAY,EAAE,CAAC;YACrC,KAAK,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACjC,OAAO,aAAa,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,cAAc;gBACtB,OAAO,EACL,kHAAkH;aACrH,CAAC,CAAC;QACL,CAAC;QACD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,IAAI,YAAY,EAAE,CAAC;gBACjB,KAAK,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;gBACjC,OAAO,aAAa,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,cAAc;oBACtB,OAAO,EACL,4IAA4I;iBAC/I,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,KAAK,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;gBACtC,OAAO,aAAa,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,OAAO,EACL,0IAA0I;iBAC7I,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,EAAE;QACF,sEAAsE;QACtE,uEAAuE;QACvE,qEAAqE;QACrE,kEAAkE;QAClE,oEAAoE;QACpE,oEAAoE;QACpE,iEAAiE;QACjE,qEAAqE;QACrE,wEAAwE;QACxE,0CAA0C;QAC1C,IAAI,MAAM,CAAC,eAAe,KAAK,KAAK,IAAI,MAAM,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;YACvE,MAAM,eAAe,GAAG,sBAAsB,EAAE,CAAC;YACjD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;YACjD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACtC,KAAK,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;gBACnC,OAAO,aAAa,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,gBAAgB;oBACxB,OAAO,EAAE,KAAK;wBACZ,CAAC,CAAC,SAAS,IAAI,qBAAqB,KAAK,kGAAkG;wBAC3I,CAAC,CAAC,SAAS,IAAI,oJAAoJ;iBACtK,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,MAAM,QAAQ,GAAG,IAAI,KAAK,QAAQ,CAAC;YACnC,MAAM,OAAO,GAAG,QAAQ;gBACtB,CAAC,CAAC,wDAAwD,MAAM,IAAI,IAAI,YAAY,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC,WAAW,aAAa,CAAC,IAAI,CAAC,EAAE;gBAC/I,CAAC,CAAC,GAAG,MAAM,IAAI,IAAI,YAAY,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC,WAAW,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7F,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,MAAM,EAAE;gBACrD,OAAO;gBACP,eAAe,EAAE,MAAM,CAAC,OAAO;aAChC,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;gBAC5B,KAAK,CAAC,WAAW,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;gBACxC,OAAO,mBAAmB,CAAC,YAAY,EAAE;oBACvC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU;iBAC3C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAChC,qCAAqC,EAAE,CACxC,CAAC;YACF,MAAM,YAAY,GAAG,KAAK;gBACxB,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE;gBACrC,CAAC,CAAC,KAAK,CAAC;YACV,MAAM,MAAM,GAAG,MAAM,eAAe,CAClC,MAAM,EACN,MAAM,EACN,IAAI,EACJ,YAAY,EACZ,IAAI,CACL,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,CAAC;YACZ,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,OAAO,EAAE,IAAI;4BACb,MAAM;4BACN,IAAI;4BACJ,IAAI;4BACJ,QAAQ,EAAE,MAAM;yBACjB,CAAC;qBACH;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,OAAO,EAAE,KAAK;4BACd,MAAM,EAAE,cAAc;4BACtB,MAAM;4BACN,IAAI;4BACJ,IAAI;4BACJ,OAAO;yBACR,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,sBAAsB,CAAC;IACrB,QAAQ,EAAE,SAAS;IACnB,4EAA4E;IAC5E,4EAA4E;IAC5E,yEAAyE;IACzE,0EAA0E;IAC1E,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE;IAC/D,UAAU,EAAE,mBAAmB;CAChC,CAAC,CAAC"}
|
package/dist/tools/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { type McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
2
|
-
import { type ToolsetConfig } from "../types/toolConfig.js";
|
|
2
|
+
import { type ToolsetConfig, type ToolRegistration } from "../types/toolConfig.js";
|
|
3
3
|
import "./listSpaces.js";
|
|
4
4
|
import "./listProjects.js";
|
|
5
5
|
import "./listEnvironments.js";
|
|
@@ -29,5 +29,6 @@ import "./grepTaskLog.js";
|
|
|
29
29
|
import "./grepLlmsTxt.js";
|
|
30
30
|
import "./execute.js";
|
|
31
31
|
import "./readResource.js";
|
|
32
|
+
export declare function isToolEnabled(toolRegistration: ToolRegistration, config: ToolsetConfig): boolean;
|
|
32
33
|
export declare function registerTools(server: McpServer, config?: ToolsetConfig): void;
|
|
33
34
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EACL,KAAK,aAAa,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EACL,KAAK,aAAa,EAGlB,KAAK,gBAAgB,EACtB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,iBAAiB,CAAC;AACzB,OAAO,mBAAmB,CAAC;AAC3B,OAAO,uBAAuB,CAAC;AAC/B,OAAO,sBAAsB,CAAC;AAC9B,OAAO,yBAAyB,CAAC;AACjC,OAAO,gCAAgC,CAAC;AACxC,OAAO,8BAA8B,CAAC;AACtC,OAAO,2BAA2B,CAAC;AACnC,OAAO,kBAAkB,CAAC;AAC1B,OAAO,qBAAqB,CAAC;AAC7B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,qBAAqB,CAAC;AAC7B,OAAO,2BAA2B,CAAC;AAGnC,OAAO,mBAAmB,CAAC;AAC3B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,kBAAkB,CAAC;AAC1B,OAAO,4BAA4B,CAAC;AACpC,OAAO,uBAAuB,CAAC;AAC/B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,wBAAwB,CAAC;AAGhC,OAAO,yBAAyB,CAAC;AACjC,OAAO,0BAA0B,CAAC;AAGlC,OAAO,oBAAoB,CAAC;AAC5B,OAAO,oBAAoB,CAAC;AAC5B,OAAO,iBAAiB,CAAC;AAGzB,OAAO,kBAAkB,CAAC;AAG1B,OAAO,kBAAkB,CAAC;AAG1B,OAAO,cAAc,CAAC;AAGtB,OAAO,mBAAmB,CAAC;AAC3B,wBAAgB,aAAa,CAC3B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,EAAE,aAAa,GACpB,OAAO,CA8BT;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,GAAE,aAAkB,QAO1E"}
|
package/dist/tools/index.js
CHANGED
|
@@ -37,7 +37,7 @@ import "./grepLlmsTxt.js";
|
|
|
37
37
|
import "./execute.js";
|
|
38
38
|
// Resource backstop for clients without native MCP resource support
|
|
39
39
|
import "./readResource.js";
|
|
40
|
-
function isToolEnabled(toolRegistration, config) {
|
|
40
|
+
export function isToolEnabled(toolRegistration, config) {
|
|
41
41
|
if (!toolRegistration) {
|
|
42
42
|
return false;
|
|
43
43
|
}
|
|
@@ -49,8 +49,12 @@ function isToolEnabled(toolRegistration, config) {
|
|
|
49
49
|
!enabledToolsets.includes(toolRegistration.config.toolset)) {
|
|
50
50
|
return false;
|
|
51
51
|
}
|
|
52
|
-
// Check read-only mode
|
|
53
|
-
|
|
52
|
+
// Check read-only mode. Method-gated tools (e.g. `execute`) bypass this
|
|
53
|
+
// filter because they classify themselves at runtime — they stay registered
|
|
54
|
+
// even in read-only mode, where the handler will refuse non-read calls.
|
|
55
|
+
if (config.readOnlyMode &&
|
|
56
|
+
!toolRegistration.config.readOnly &&
|
|
57
|
+
!toolRegistration.config.methodGated) {
|
|
54
58
|
return false;
|
|
55
59
|
}
|
|
56
60
|
return true;
|
package/dist/tools/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkB,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAEL,aAAa,EACb,gBAAgB,GAEjB,MAAM,wBAAwB,CAAC;AAEhC,2DAA2D;AAC3D,OAAO,iBAAiB,CAAC;AACzB,OAAO,mBAAmB,CAAC;AAC3B,OAAO,uBAAuB,CAAC;AAC/B,OAAO,sBAAsB,CAAC;AAC9B,OAAO,yBAAyB,CAAC;AACjC,OAAO,gCAAgC,CAAC;AACxC,OAAO,8BAA8B,CAAC;AACtC,OAAO,2BAA2B,CAAC;AACnC,OAAO,kBAAkB,CAAC;AAC1B,OAAO,qBAAqB,CAAC;AAC7B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,qBAAqB,CAAC;AAC7B,OAAO,2BAA2B,CAAC;AAEnC,6DAA6D;AAC7D,OAAO,mBAAmB,CAAC;AAC3B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,kBAAkB,CAAC;AAC1B,OAAO,4BAA4B,CAAC;AACpC,OAAO,uBAAuB,CAAC;AAC/B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,wBAAwB,CAAC;AAEhC,kBAAkB;AAClB,OAAO,yBAAyB,CAAC;AACjC,OAAO,0BAA0B,CAAC;AAElC,mBAAmB;AACnB,OAAO,oBAAoB,CAAC;AAC5B,OAAO,oBAAoB,CAAC;AAC5B,OAAO,iBAAiB,CAAC;AAEzB,kBAAkB;AAClB,OAAO,kBAAkB,CAAC;AAE1B,gCAAgC;AAChC,OAAO,kBAAkB,CAAC;AAE1B,mDAAmD;AACnD,OAAO,cAAc,CAAC;AAEtB,oEAAoE;AACpE,OAAO,mBAAmB,CAAC;AAC3B,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkB,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAEL,aAAa,EACb,gBAAgB,GAEjB,MAAM,wBAAwB,CAAC;AAEhC,2DAA2D;AAC3D,OAAO,iBAAiB,CAAC;AACzB,OAAO,mBAAmB,CAAC;AAC3B,OAAO,uBAAuB,CAAC;AAC/B,OAAO,sBAAsB,CAAC;AAC9B,OAAO,yBAAyB,CAAC;AACjC,OAAO,gCAAgC,CAAC;AACxC,OAAO,8BAA8B,CAAC;AACtC,OAAO,2BAA2B,CAAC;AACnC,OAAO,kBAAkB,CAAC;AAC1B,OAAO,qBAAqB,CAAC;AAC7B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,qBAAqB,CAAC;AAC7B,OAAO,2BAA2B,CAAC;AAEnC,6DAA6D;AAC7D,OAAO,mBAAmB,CAAC;AAC3B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,kBAAkB,CAAC;AAC1B,OAAO,4BAA4B,CAAC;AACpC,OAAO,uBAAuB,CAAC;AAC/B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,wBAAwB,CAAC;AAEhC,kBAAkB;AAClB,OAAO,yBAAyB,CAAC;AACjC,OAAO,0BAA0B,CAAC;AAElC,mBAAmB;AACnB,OAAO,oBAAoB,CAAC;AAC5B,OAAO,oBAAoB,CAAC;AAC5B,OAAO,iBAAiB,CAAC;AAEzB,kBAAkB;AAClB,OAAO,kBAAkB,CAAC;AAE1B,gCAAgC;AAChC,OAAO,kBAAkB,CAAC;AAE1B,mDAAmD;AACnD,OAAO,cAAc,CAAC;AAEtB,oEAAoE;AACpE,OAAO,mBAAmB,CAAC;AAC3B,MAAM,UAAU,aAAa,CAC3B,gBAAkC,EAClC,MAAqB;IAErB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8BAA8B;IAC9B,MAAM,eAAe,GACnB,MAAM,CAAC,eAAe,KAAK,KAAK;QAC9B,CAAC,CAAC,gBAAgB;QAClB,CAAC,CAAC,MAAM,CAAC,eAAe,IAAI,gBAAgB,CAAC;IAEjD,IACE,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,MAAM;QAC1C,CAAC,eAAe,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,EAC1D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,wEAAwE;IACxE,4EAA4E;IAC5E,wEAAwE;IACxE,IACE,MAAM,CAAC,YAAY;QACnB,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ;QACjC,CAAC,gBAAgB,CAAC,MAAM,CAAC,WAAW,EACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAiB,EAAE,SAAwB,EAAE;IACzE,2EAA2E;IAC3E,KAAK,MAAM,CAAC,EAAE,gBAAgB,CAAC,IAAI,aAAa,EAAE,CAAC;QACjD,IAAI,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,EAAE,CAAC;YAC5C,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;AACH,CAAC"}
|
|
@@ -3,6 +3,14 @@ export type Toolset = "core" | "projects" | "deployments" | "releases" | "runboo
|
|
|
3
3
|
export interface ToolConfig {
|
|
4
4
|
toolset: Toolset;
|
|
5
5
|
readOnly: boolean;
|
|
6
|
+
/**
|
|
7
|
+
* Tools whose actual read/write/delete tier is determined at runtime by
|
|
8
|
+
* tool arguments (typically the HTTP method passed in) rather than the
|
|
9
|
+
* static `readOnly` flag. Setting this to `true` bypasses the read-only
|
|
10
|
+
* registration filter — the tool must do its own tier gating in the
|
|
11
|
+
* handler. Currently set only on `execute`.
|
|
12
|
+
*/
|
|
13
|
+
methodGated?: boolean;
|
|
6
14
|
}
|
|
7
15
|
export interface ToolsetConfig {
|
|
8
16
|
enabledToolsets?: Toolset[] | "all";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"toolConfig.d.ts","sourceRoot":"","sources":["../../src/types/toolConfig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,MAAM,MAAM,OAAO,GACf,MAAM,GACN,UAAU,GACV,aAAa,GACb,UAAU,GACV,UAAU,GACV,OAAO,GACP,SAAS,GACT,YAAY,GACZ,UAAU,GACV,SAAS,GACT,cAAc,GACd,UAAU,GACV,eAAe,GACf,gBAAgB,CAAC;AAErB,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"toolConfig.d.ts","sourceRoot":"","sources":["../../src/types/toolConfig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,MAAM,MAAM,OAAO,GACf,MAAM,GACN,UAAU,GACV,aAAa,GACb,UAAU,GACV,UAAU,GACV,OAAO,GACP,SAAS,GACT,YAAY,GACZ,UAAU,GACV,SAAS,GACT,cAAc,GACd,UAAU,GACV,eAAe,GACf,gBAAgB,CAAC;AAErB,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,eAAe,CAAC,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IACpC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;IACnB,UAAU,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,IAAI,CAAC;IACxC,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,eAAO,MAAM,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAa,CAAC;AAEtE,wBAAgB,sBAAsB,CAAC,YAAY,EAAE,gBAAgB,QAEpE;AAED,eAAO,MAAM,gBAAgB,EAAE,OAAO,EAerC,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,qBAAqB,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IAC/C,uBAAuB,EAAE,MAAM,CAAC;IAChC,0BAA0B,EAAE,MAAM,CAAC;IACnC,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAiBD,wBAAgB,mBAAmB,IAAI,eAAe,CA6BrD;AAED,wBAAgB,wBAAwB,IAAI,IAAI,CAmB/C"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"toolConfig.js","sourceRoot":"","sources":["../../src/types/toolConfig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkB,MAAM,yCAAyC,CAAC;
|
|
1
|
+
{"version":3,"file":"toolConfig.js","sourceRoot":"","sources":["../../src/types/toolConfig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkB,MAAM,yCAAyC,CAAC;AAiDzE,MAAM,CAAC,MAAM,aAAa,GAAkC,IAAI,GAAG,EAAE,CAAC;AAEtE,MAAM,UAAU,sBAAsB,CAAC,YAA8B;IACnE,aAAa,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;AACzD,CAAC;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAc;IACzC,MAAM;IACN,UAAU;IACV,aAAa;IACb,UAAU;IACV,UAAU;IACV,OAAO;IACP,SAAS;IACT,YAAY;IACZ,UAAU;IACV,SAAS;IACT,cAAc;IACd,UAAU;IACV,eAAe;IACf,gBAAgB;CACjB,CAAC;AAeF,SAAS,eAAe,CAAC,EAAU,EAAE,EAAU;IAC7C,MAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAEzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAE7B,IAAI,KAAK,GAAG,KAAK;YAAE,OAAO,CAAC,CAAC;QAC5B,IAAI,KAAK,GAAG,KAAK;YAAE,OAAO,CAAC,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,MAAM,cAAc,GAAG,IAAI,GAAG,EAA6B,CAAC;IAC5D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEtC,KAAK,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,aAAa,EAAE,CAAC;QACrD,MAAM,OAAO,GAAG,YAAY,CAAC,qBAAqB,IAAI,QAAQ,CAAC;QAC/D,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClC,CAAC;QAED,cAAc,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC;YAChC,QAAQ;YACR,OAAO,EAAE,YAAY,CAAC,MAAM,CAAC,OAAO;YACpC,qBAAqB,EAAE,OAAO;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACrE,MAAM,uBAAuB,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;IAC9D,MAAM,0BAA0B,GAAG,cAAc,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,QAAQ,CAAC;IAEzF,OAAO;QACL,cAAc;QACd,uBAAuB;QACvB,0BAA0B;QAC1B,WAAW,EAAE,cAAc;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB;IACtC,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;IAE3E,OAAO,CAAC,GAAG,CAAC,8BAA8B,QAAQ,CAAC,uBAAuB,EAAE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,mCAAmC,QAAQ,CAAC,0BAA0B,IAAI,CAAC,CAAC;IAExF,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IACzC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,GAAG,CAAC,CAAC;QAC7B,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACnB,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,kBAAkB,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,uBAAuB,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACxE,CAAC"}
|
package/package.json
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
"bugs": {
|
|
5
5
|
"url": "https://github.com/OctopusDeploy/mcp-server/issues"
|
|
6
6
|
},
|
|
7
|
-
"version": "2.1.
|
|
7
|
+
"version": "2.1.2",
|
|
8
8
|
"type": "module",
|
|
9
9
|
"description": "The Octopus MCP Server provides your AI assistant with powerful tools that allow it to inspect, query, and diagnose problems within your Octopus instance.",
|
|
10
10
|
"main": "dist/index.js",
|