@octopusdeploy/mcp-server 2.1.1 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -5
- package/dist/helpers/pathAllowlist.d.ts.map +1 -1
- package/dist/helpers/pathAllowlist.js +9 -0
- package/dist/helpers/pathAllowlist.js.map +1 -1
- package/dist/helpers/validateExecutePath.d.ts +7 -0
- package/dist/helpers/validateExecutePath.d.ts.map +1 -1
- package/dist/helpers/validateExecutePath.js +20 -1
- package/dist/helpers/validateExecutePath.js.map +1 -1
- package/dist/tools/execute.d.ts.map +1 -1
- package/dist/tools/execute.js +28 -14
- package/dist/tools/execute.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -305,12 +305,13 @@ See [Working with URLs](docs/working-with-urls.md) for detailed workflows, examp
|
|
|
305
305
|
These tools and resources let the agent reach Octopus REST endpoints that don't have a dedicated curated tool, with hard server-side gating between read, write, and delete operations.
|
|
306
306
|
|
|
307
307
|
- `grep_llms_txt`: Search the Octopus API catalog (`octopus://api/llms.txt`) with grep-style semantics (minimum supported Octopus version: `2026.2.3916`). The catalog body is large (typically 300+ KB) — call this rather than reading the resource body directly. Parameters mirror GNU grep (`pattern`, `caseInsensitive`, `invertMatch`, `fixedString`, `beforeContext`, `afterContext`, `maxCount`). Useful for discovering endpoints (`POST /releases`), enumerating delete endpoints (`DELETE `), or finding the body type for a write operation (`Body: Create.*Command`).
|
|
308
|
-
- `execute`: Structured REST backstop. Reaches any Octopus endpoint
|
|
309
|
-
- `GET` is always allowed (subject to the path
|
|
308
|
+
- `execute`: Structured REST backstop. Reaches any Octopus REST endpoint under `/api`. The HTTP method is the authoritative read/write/delete classifier — never an `isWrite` flag the LLM can set. Method gating is hard-coded server-side:
|
|
309
|
+
- `GET` is always allowed (subject to the path shape check + sensitive denylist).
|
|
310
310
|
- `POST`/`PUT`/`PATCH` are blocked when `--read-only` is set; otherwise they require user confirmation via elicitation.
|
|
311
311
|
- `DELETE` requires `--allow-deletes` (and is blocked when `--read-only` is set) plus a stronger "IRREVERSIBLE" elicitation message.
|
|
312
312
|
- The sensitive denylist (API-key endpoints, `DELETE /api/spaces/{id}`, `DELETE /api/users/{id}`) is enforced even with both flags on.
|
|
313
|
-
- The path
|
|
313
|
+
- The path is required to be `/api` or start with `/api/` — absolute URLs, SDK-relative `~/api/...` paths, and host-relative paths outside `/api` (e.g. `/octopus/portal/...`) are rejected up front, so `execute` stays bounded to the Octopus REST API surface.
|
|
314
|
+
- **Per-toolset path allowlist applies only when `--toolsets` has been narrowed.** With every toolset enabled (the default, or explicit `--toolsets all`) the allowlist is bypassed and any path under `/api` is reachable subject to the gates above. When `--toolsets` is narrowed the allowlist becomes the kill-switch: paths only resolve if their owning toolset is enabled, so disabling a toolset (e.g. `certificates`) makes its paths unreachable through `execute` even on `GET`.
|
|
314
315
|
|
|
315
316
|
Catalog data is also exposed as MCP Resources:
|
|
316
317
|
|
|
@@ -397,7 +398,7 @@ By default, the following write operations are available:
|
|
|
397
398
|
- **Deploying releases**: Can trigger deployments to environments (including production)
|
|
398
399
|
- **Running runbooks**: Can execute runbooks against environments and tenants
|
|
399
400
|
- **Updating feature toggles**: Can flip per-environment state and change rollout percentages on existing toggles
|
|
400
|
-
- **Arbitrary POST/PUT/PATCH via the `execute` backstop**:
|
|
401
|
+
- **Arbitrary POST/PUT/PATCH via the `execute` backstop**: Bounded to paths under `/api`, with an always-on sensitive denylist. The per-toolset path allowlist applies only when `--toolsets` has been narrowed; with all toolsets enabled (the default) the only path gates are the `/api` boundary and the sensitive denylist.
|
|
401
402
|
|
|
402
403
|
Pass `--read-only` to disable all of the above. DELETE requests through `execute` require an additional `--allow-deletes` flag — a deliberate opt-in for irreversible operations — and remain blocked when `--read-only` is set.
|
|
403
404
|
|
|
@@ -405,7 +406,7 @@ Pass `--read-only` to disable all of the above. DELETE requests through `execute
|
|
|
405
406
|
1. **Least Privilege**: Use API keys with the minimum permissions needed for your use case
|
|
406
407
|
2. **Opt In to Read-Only Mode**: Writes are enabled by default. For production, pass `--read-only` unless you have a specific, controlled use case for write operations. DELETE always requires the additional `--allow-deletes` opt-in.
|
|
407
408
|
3. **Method gating is server-side and hard-coded**: The HTTP method passed to `execute` is the authoritative classifier. The agent cannot bypass the gate by misrepresenting what the call does — POST/PUT/PATCH/DELETE requests get tier-specific gating regardless of the prose in the request body.
|
|
408
|
-
4. **Toolset filtering doubles as a kill switch**:
|
|
409
|
+
4. **Toolset filtering doubles as a kill switch**: Narrowing `--toolsets` removes both the disabled toolsets' curated tools and their paths from the `execute` allowlist. (The allowlist is only consulted when toolsets are narrowed; with all toolsets enabled `execute` is bounded by the `/api` shape check and the sensitive denylist instead.)
|
|
409
410
|
5. **Prompt Injection Risk**: Running agents in fully automated fashion could make you vulnerable to prompt-injection attacks
|
|
410
411
|
|
|
411
412
|
**Recommendation**: For production environments, pass `--read-only` unless you have a specific, controlled use case for write operations. Leave `--allow-deletes` off unless you specifically need DELETE semantics through `execute`.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pathAllowlist.d.ts","sourceRoot":"","sources":["../../src/helpers/pathAllowlist.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pathAllowlist.d.ts","sourceRoot":"","sources":["../../src/helpers/pathAllowlist.ts"],"names":[],"mappings":"AAwCA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,wBAAwB,CAAC;AA4GtD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAYnE;AAED;;;;;;;;;GASG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,eAAe,EAAE,SAAS,OAAO,EAAE,GAClC,cAAc,CAQhB"}
|
|
@@ -5,6 +5,15 @@
|
|
|
5
5
|
// disappear — turning off `releases` makes the release endpoints unreachable
|
|
6
6
|
// regardless of HTTP method or read-only mode. This is the kill-switch model.
|
|
7
7
|
//
|
|
8
|
+
// **The allowlist is only consulted when toolsets have been narrowed.** When
|
|
9
|
+
// every toolset is enabled (the default, or explicit `--toolsets all`), the
|
|
10
|
+
// `execute` tool skips this gate entirely — there is no scope to enforce, and
|
|
11
|
+
// applying the allowlist would otherwise act as a stale hand-rolled
|
|
12
|
+
// enumeration that blocks legitimate Octopus endpoints (`/feeds`,
|
|
13
|
+
// `/scopedusersroles`, etc.) that `grep_llms_txt` would have surfaced. So
|
|
14
|
+
// **do not** treat the patterns below as the canonical "set of endpoints the
|
|
15
|
+
// MCP server supports" — they are only the kill-switch policy.
|
|
16
|
+
//
|
|
8
17
|
// **`core` is intentionally narrow.** It only covers space discovery,
|
|
9
18
|
// server-level metadata, and the API catalog. It does NOT contain a wildcard
|
|
10
19
|
// over space sub-paths — every per-resource path under a space must be
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pathAllowlist.js","sourceRoot":"","sources":["../../src/helpers/pathAllowlist.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,EAAE;AACF,sEAAsE;AACtE,8EAA8E;AAC9E,6EAA6E;AAC7E,8EAA8E;AAC9E,EAAE;AACF,sEAAsE;AACtE,6EAA6E;AAC7E,uEAAuE;AACvE,wEAAwE;AACxE,6EAA6E;AAC7E,mCAAmC;AACnC,EAAE;AACF,sEAAsE;AACtE,+EAA+E;AAC/E,mEAAmE;AACnE,qEAAqE;AACrE,6EAA6E;AAC7E,wCAAwC;AACxC,EAAE;AACF,0EAA0E;AAC1E,2EAA2E;AAC3E,uEAAuE;AACvE,qCAAqC;AACrC,EAAE;AACF,6EAA6E;AAC7E,wEAAwE;AACxE,2EAA2E;AAC3E,qBAAqB;AAErB,OAAO,EAAgB,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD;;;;GAIG;AACH,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO;QACL,UAAU,MAAM,EAAE;QAClB,UAAU,MAAM,KAAK;QACrB,iBAAiB,MAAM,EAAE;QACzB,iBAAiB,MAAM,KAAK;KAC7B,CAAC;AACJ,CAAC;AAED,MAAM,qBAAqB,GAAuC;IAChE,IAAI,EAAE;QACJ,MAAM;QACN,eAAe;QACf,8BAA8B;QAC9B,aAAa;QACb,sEAAsE;QACtE,yEAAyE;QACzE,yDAAyD;QACzD,eAAe;QACf,sBAAsB;QACtB,sBAAsB;KACvB;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,eAAe,CAAC;QAC/B,GAAG,WAAW,CAAC,YAAY,CAAC;KAC7B;IACD,WAAW,EAAE;QACX,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7B,GAAG,WAAW,CAAC,qBAAqB,CAAC;QACrC,GAAG,WAAW,CAAC,WAAW,CAAC;KAC5B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,UAAU,CAAC;KAC3B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7B,GAAG,WAAW,CAAC,kBAAkB,CAAC;QAClC,GAAG,WAAW,CAAC,kBAAkB,CAAC;KACnC;IACD,KAAK,EAAE,CAAC,YAAY,EAAE,eAAe,CAAC;IACtC,OAAO,EAAE;QACP,GAAG,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,WAAW,CAAC,iBAAiB,CAAC;KAClC;IACD,UAAU,EAAE;QACV,iCAAiC;QACjC,iCAAiC;QACjC,wCAAwC;QACxC,wCAAwC;KACzC;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,WAAW,CAAC,aAAa,CAAC;KAC9B;IACD,OAAO,EAAE;QACP,GAAG,WAAW,CAAC,cAAc,CAAC;QAC9B,GAAG,WAAW,CAAC,WAAW,CAAC;KAC5B;IACD,YAAY,EAAE;QACZ,GAAG,WAAW,CAAC,cAAc,CAAC;KAC/B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;KAC3B;IACD,aAAa,EAAE;QACb,GAAG,WAAW,CAAC,eAAe,CAAC;KAChC;IACD,cAAc,EAAE;QACd,uEAAuE;QACvE,uEAAuE;QACvE,yEAAyE;QACzE,wEAAwE;QACxE,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,oCAAoC;QACpC,kCAAkC;QAClC,qCAAqC;QACrC,yCAAyC;QACzC,4CAA4C;KAC7C;CACF,CAAC;AAEF,yEAAyE;AACzE,qEAAqE;AACrE,wEAAwE;AACxE,uEAAuE;AACvE,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,OAAO;SACX,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;AAC3E,CAAC;AAOD;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,IAAI,IAAI,GAAqD,IAAI,CAAC;IAClE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAc,EAAE,CAAC;QACtE,KAAK,MAAM,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC;gBAAE,SAAS;YAC9C,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5C,IAAI,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,EAAE,OAAO,CAAC;AACvB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,eAAmC;IAEnC,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAEtC,MAAM,SAAS,GAAG,KAAK,KAAK,MAAM,IAAI,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtE,OAAO,SAAS;QACd,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE;QACnC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC"}
|
|
1
|
+
{"version":3,"file":"pathAllowlist.js","sourceRoot":"","sources":["../../src/helpers/pathAllowlist.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,EAAE;AACF,sEAAsE;AACtE,8EAA8E;AAC9E,6EAA6E;AAC7E,8EAA8E;AAC9E,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,8EAA8E;AAC9E,oEAAoE;AACpE,kEAAkE;AAClE,0EAA0E;AAC1E,6EAA6E;AAC7E,+DAA+D;AAC/D,EAAE;AACF,sEAAsE;AACtE,6EAA6E;AAC7E,uEAAuE;AACvE,wEAAwE;AACxE,6EAA6E;AAC7E,mCAAmC;AACnC,EAAE;AACF,sEAAsE;AACtE,+EAA+E;AAC/E,mEAAmE;AACnE,qEAAqE;AACrE,6EAA6E;AAC7E,wCAAwC;AACxC,EAAE;AACF,0EAA0E;AAC1E,2EAA2E;AAC3E,uEAAuE;AACvE,qCAAqC;AACrC,EAAE;AACF,6EAA6E;AAC7E,wEAAwE;AACxE,2EAA2E;AAC3E,qBAAqB;AAErB,OAAO,EAAgB,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD;;;;GAIG;AACH,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO;QACL,UAAU,MAAM,EAAE;QAClB,UAAU,MAAM,KAAK;QACrB,iBAAiB,MAAM,EAAE;QACzB,iBAAiB,MAAM,KAAK;KAC7B,CAAC;AACJ,CAAC;AAED,MAAM,qBAAqB,GAAuC;IAChE,IAAI,EAAE;QACJ,MAAM;QACN,eAAe;QACf,8BAA8B;QAC9B,aAAa;QACb,sEAAsE;QACtE,yEAAyE;QACzE,yDAAyD;QACzD,eAAe;QACf,sBAAsB;QACtB,sBAAsB;KACvB;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,eAAe,CAAC;QAC/B,GAAG,WAAW,CAAC,YAAY,CAAC;KAC7B;IACD,WAAW,EAAE;QACX,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7B,GAAG,WAAW,CAAC,qBAAqB,CAAC;QACrC,GAAG,WAAW,CAAC,WAAW,CAAC;KAC5B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,UAAU,CAAC;KAC3B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7B,GAAG,WAAW,CAAC,kBAAkB,CAAC;QAClC,GAAG,WAAW,CAAC,kBAAkB,CAAC;KACnC;IACD,KAAK,EAAE,CAAC,YAAY,EAAE,eAAe,CAAC;IACtC,OAAO,EAAE;QACP,GAAG,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,WAAW,CAAC,iBAAiB,CAAC;KAClC;IACD,UAAU,EAAE;QACV,iCAAiC;QACjC,iCAAiC;QACjC,wCAAwC;QACxC,wCAAwC;KACzC;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;QAC1B,GAAG,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,WAAW,CAAC,aAAa,CAAC;KAC9B;IACD,OAAO,EAAE;QACP,GAAG,WAAW,CAAC,cAAc,CAAC;QAC9B,GAAG,WAAW,CAAC,WAAW,CAAC;KAC5B;IACD,YAAY,EAAE;QACZ,GAAG,WAAW,CAAC,cAAc,CAAC;KAC/B;IACD,QAAQ,EAAE;QACR,GAAG,WAAW,CAAC,UAAU,CAAC;KAC3B;IACD,aAAa,EAAE;QACb,GAAG,WAAW,CAAC,eAAe,CAAC;KAChC;IACD,cAAc,EAAE;QACd,uEAAuE;QACvE,uEAAuE;QACvE,yEAAyE;QACzE,wEAAwE;QACxE,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,oCAAoC;QACpC,kCAAkC;QAClC,qCAAqC;QACrC,yCAAyC;QACzC,4CAA4C;KAC7C;CACF,CAAC;AAEF,yEAAyE;AACzE,qEAAqE;AACrE,wEAAwE;AACxE,uEAAuE;AACvE,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,OAAO;SACX,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;AAC3E,CAAC;AAOD;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,IAAI,IAAI,GAAqD,IAAI,CAAC;IAClE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAc,EAAE,CAAC;QACtE,KAAK,MAAM,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC;gBAAE,SAAS;YAC9C,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5C,IAAI,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,EAAE,OAAO,CAAC;AACvB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,eAAmC;IAEnC,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAEtC,MAAM,SAAS,GAAG,KAAK,KAAK,MAAM,IAAI,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtE,OAAO,SAAS;QACd,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE;QACnC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC"}
|
|
@@ -17,6 +17,13 @@
|
|
|
17
17
|
* Query parameters belong in the `query` argument of the execute tool, not
|
|
18
18
|
* inside the `path` string — surfacing that as a reject prompts the agent to
|
|
19
19
|
* use the right field.
|
|
20
|
+
*
|
|
21
|
+
* The `/api` prefix is also a hard requirement. `execute` is a backstop for
|
|
22
|
+
* the Octopus REST API, not a general server-relative request tool — without
|
|
23
|
+
* this gate, a request like `/octopus/portal/auth` would be sent through to
|
|
24
|
+
* the configured Octopus host once the per-toolset allowlist is bypassed
|
|
25
|
+
* (which it is whenever all toolsets are enabled). Reject paths that don't
|
|
26
|
+
* sit under `/api` so the scope stays bounded regardless of allowlist state.
|
|
20
27
|
*/
|
|
21
28
|
export type PathValidation = {
|
|
22
29
|
ok: true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateExecutePath.d.ts","sourceRoot":"","sources":["../../src/helpers/validateExecutePath.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"validateExecutePath.d.ts","sourceRoot":"","sources":["../../src/helpers/validateExecutePath.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,MAAM,MAAM,cAAc,GACtB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAC1B;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAyD/D"}
|
|
@@ -17,13 +17,32 @@
|
|
|
17
17
|
* Query parameters belong in the `query` argument of the execute tool, not
|
|
18
18
|
* inside the `path` string — surfacing that as a reject prompts the agent to
|
|
19
19
|
* use the right field.
|
|
20
|
+
*
|
|
21
|
+
* The `/api` prefix is also a hard requirement. `execute` is a backstop for
|
|
22
|
+
* the Octopus REST API, not a general server-relative request tool — without
|
|
23
|
+
* this gate, a request like `/octopus/portal/auth` would be sent through to
|
|
24
|
+
* the configured Octopus host once the per-toolset allowlist is bypassed
|
|
25
|
+
* (which it is whenever all toolsets are enabled). Reject paths that don't
|
|
26
|
+
* sit under `/api` so the scope stays bounded regardless of allowlist state.
|
|
20
27
|
*/
|
|
21
28
|
export function validateExecutePath(raw) {
|
|
22
29
|
if (typeof raw !== "string" || raw.length === 0) {
|
|
23
30
|
return { ok: false, reason: "Path must be a non-empty string." };
|
|
24
31
|
}
|
|
25
32
|
if (!raw.startsWith("/")) {
|
|
26
|
-
return {
|
|
33
|
+
return {
|
|
34
|
+
ok: false,
|
|
35
|
+
reason: "Path must start with '/api' (server-relative path under the Octopus REST API). Absolute URLs and SDK-relative paths like '~/api/...' are not accepted.",
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
// Bound execute to the /api surface. `/api` exactly is the API root and
|
|
39
|
+
// is valid; otherwise the path must continue with `/api/`. `/api2` and
|
|
40
|
+
// `/apifoo` are not under /api, so they are rejected.
|
|
41
|
+
if (raw !== "/api" && !raw.startsWith("/api/")) {
|
|
42
|
+
return {
|
|
43
|
+
ok: false,
|
|
44
|
+
reason: "Path must be '/api' or start with '/api/' — execute only reaches the Octopus REST API surface.",
|
|
45
|
+
};
|
|
27
46
|
}
|
|
28
47
|
if (raw.includes("\\")) {
|
|
29
48
|
return { ok: false, reason: "Path must not contain backslashes." };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateExecutePath.js","sourceRoot":"","sources":["../../src/helpers/validateExecutePath.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"validateExecutePath.js","sourceRoot":"","sources":["../../src/helpers/validateExecutePath.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAMH,MAAM,UAAU,mBAAmB,CAAC,GAAW;IAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,wJAAwJ;SAC3J,CAAC;IACJ,CAAC;IACD,wEAAwE;IACxE,uEAAuE;IACvE,sDAAsD;IACtD,IAAI,GAAG,KAAK,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,gGAAgG;SACnG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IACrE,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,+FAA+F;SAClG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yCAAyC,EAAE,CAAC;IAC1E,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IAC9D,CAAC;IACD,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,+EAA+E;SAClF,CAAC;IACJ,CAAC;IACD,uEAAuE;IACvE,8CAA8C;IAC9C,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EACJ,6EAA6E;aAChF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AACjC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../src/tools/execute.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAsKzE,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,SAAS,
|
|
1
|
+
{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../src/tools/execute.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAsKzE,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,SAAS,QAiMpD"}
|
package/dist/tools/execute.js
CHANGED
|
@@ -76,7 +76,7 @@ const inputSchema = {
|
|
|
76
76
|
path: z
|
|
77
77
|
.string()
|
|
78
78
|
.min(1)
|
|
79
|
-
.describe("
|
|
79
|
+
.describe("Server-relative path under the Octopus REST API. MUST be exactly '/api' or start with '/api/' — e.g. '/api/spaces/Spaces-1/feeds' or '/api/Spaces-1/projects'. Do NOT pass an absolute URL ('https://octopus.example/api/...'), an SDK-relative path ('~/api/...'), or a host-relative path outside /api ('/octopus/portal/...'); they are all rejected. Query parameters go in `query`, not in this string. Discover valid paths via grep_llms_txt."),
|
|
80
80
|
query: z
|
|
81
81
|
.record(z.string())
|
|
82
82
|
.optional()
|
|
@@ -108,8 +108,9 @@ export function registerExecuteTool(server) {
|
|
|
108
108
|
The HTTP method enum is the gate. The tool will not honour any 'isRead' flag the agent invents — the runtime classifies based on the actual method.
|
|
109
109
|
|
|
110
110
|
**Other gates** (in order):
|
|
111
|
+
0. Path shape: must be '/api' or start with '/api/'. Absolute URLs, '~/api/...', '/octopus/portal/...', query strings, fragments, '..' segments, and percent-encoded slashes are all rejected up front.
|
|
111
112
|
1. Sensitive denylist: API key endpoints and catastrophic deletes (DELETE /api/users/{id}, DELETE /api/spaces/{id}) are always blocked.
|
|
112
|
-
2. Path allowlist
|
|
113
|
+
2. Path allowlist — only applied when --toolsets has narrowed the active set. With every toolset enabled (the default, or explicit --toolsets all) any path under /api is reachable subject to the other gates; when toolsets are narrowed, paths only resolve if their owning toolset is enabled so disabling a toolset (e.g. 'certificates') makes its endpoints unreachable even on GET.
|
|
113
114
|
3. Elicitation on every non-GET, with a stronger message for DELETE.
|
|
114
115
|
|
|
115
116
|
Discover endpoints with grep_llms_txt. Use octopus://api/capabilities to see which toolsets are enabled and whether write/delete modes are on.`,
|
|
@@ -175,18 +176,31 @@ Discover endpoints with grep_llms_txt. Use octopus://api/capabilities to see whi
|
|
|
175
176
|
}
|
|
176
177
|
}
|
|
177
178
|
// Gate 3: path allowlist by enabled toolset.
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
179
|
+
//
|
|
180
|
+
// The allowlist exists only as the kill-switch for narrowed toolsets:
|
|
181
|
+
// when the operator says `--toolsets releases`, paths under projects /
|
|
182
|
+
// certificates / etc. must be unreachable through execute as well as
|
|
183
|
+
// through the curated tools. When *all* toolsets are enabled (the
|
|
184
|
+
// default, and the explicit `--toolsets all`), there is no scope to
|
|
185
|
+
// enforce — applying the allowlist there would turn it into a stale
|
|
186
|
+
// hand-rolled enumeration that blocks legitimate endpoints (e.g.
|
|
187
|
+
// /feeds, /scopedusersroles) that grep_llms_txt would have surfaced.
|
|
188
|
+
// So we skip it. The other gates (canonicalization, sensitive denylist,
|
|
189
|
+
// method tier, confirmation) still apply.
|
|
190
|
+
if (config.enabledToolsets !== "all" && config.enabledToolsets != null) {
|
|
191
|
+
const enabledToolsets = resolveEnabledToolsets();
|
|
192
|
+
const allowed = matchPath(path, enabledToolsets);
|
|
193
|
+
if (!allowed.matched) {
|
|
194
|
+
const owner = findOwningToolset(path);
|
|
195
|
+
audit("blocked", "pathNotAllowed");
|
|
196
|
+
return errorResponse({
|
|
197
|
+
success: false,
|
|
198
|
+
reason: "pathNotAllowed",
|
|
199
|
+
message: owner
|
|
200
|
+
? `Path '${path}' belongs to the '${owner}' toolset which is not enabled in this session. Enable it via --toolsets to reach this endpoint.`
|
|
201
|
+
: `Path '${path}' is not on the execute allowlist for any toolset. If this is a legitimate Octopus endpoint not yet covered, file an issue against the MCP server.`,
|
|
202
|
+
});
|
|
203
|
+
}
|
|
190
204
|
}
|
|
191
205
|
// Gate 4: elicitation on every non-GET.
|
|
192
206
|
if (tier !== "read") {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execute.js","sourceRoot":"","sources":["../../src/tools/execute.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAkB,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,kCAAkC,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,EAAE,qCAAqC,EAAE,MAAM,qDAAqD,CAAC;AAC5G,OAAO,EACL,YAAY,EACZ,cAAc,GAGf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EACL,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,EACL,gBAAgB,GAEjB,MAAM,wBAAwB,CAAC;AAuBhC,SAAS,aAAa,CAAC,OAA6B;IAClD,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;aACvC;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAa;IAClC,IAAI,IAAI,IAAI,IAAI;QAAE,OAAO,WAAW,CAAC;IACrC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,eAAe,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,uBAAuB,CAAC;IACjC,CAAC;AACH,CAAC;AAUD;;;;;GAKG;AACH,SAAS,UAAU,CAAC,IAAe;IAIjC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC;YACb,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,GAAG,IAAI;YACP,OAAO;YACP,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACnC,CAAC,GAAG,IAAI,CACV,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;IACxC,IAAI,MAAM,CAAC,eAAe,KAAK,KAAK,IAAI,MAAM,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QACvE,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC;AAChC,CAAC;AAWD,KAAK,UAAU,eAAe,CAC5B,MAAc,EACd,MAAkB,EAClB,IAAY,EACZ,KAAyC,EACzC,IAAa;IAEb,MAAM,YAAY,GAAG,MAAuC,CAAC;IAC7D,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACjD,OAAO,YAAY,CAAC,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,WAAW,GAAG;IAClB,MAAM,EAAE,CAAC;SACN,IAAI,CAAC,YAAwD,CAAC;SAC9D,QAAQ,CACP,8OAA8O,CAC/O;IACH,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CACP,
|
|
1
|
+
{"version":3,"file":"execute.js","sourceRoot":"","sources":["../../src/tools/execute.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAkB,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,kCAAkC,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,EAAE,qCAAqC,EAAE,MAAM,qDAAqD,CAAC;AAC5G,OAAO,EACL,YAAY,EACZ,cAAc,GAGf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EACL,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,EACL,gBAAgB,GAEjB,MAAM,wBAAwB,CAAC;AAuBhC,SAAS,aAAa,CAAC,OAA6B;IAClD,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;aACvC;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAa;IAClC,IAAI,IAAI,IAAI,IAAI;QAAE,OAAO,WAAW,CAAC;IACrC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,eAAe,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,uBAAuB,CAAC;IACjC,CAAC;AACH,CAAC;AAUD;;;;;GAKG;AACH,SAAS,UAAU,CAAC,IAAe;IAIjC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC;YACb,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,GAAG,IAAI;YACP,OAAO;YACP,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACnC,CAAC,GAAG,IAAI,CACV,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;IACxC,IAAI,MAAM,CAAC,eAAe,KAAK,KAAK,IAAI,MAAM,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QACvE,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC;AAChC,CAAC;AAWD,KAAK,UAAU,eAAe,CAC5B,MAAc,EACd,MAAkB,EAClB,IAAY,EACZ,KAAyC,EACzC,IAAa;IAEb,MAAM,YAAY,GAAG,MAAuC,CAAC;IAC7D,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACjD,OAAO,YAAY,CAAC,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,WAAW,GAAG;IAClB,MAAM,EAAE,CAAC;SACN,IAAI,CAAC,YAAwD,CAAC;SAC9D,QAAQ,CACP,8OAA8O,CAC/O;IACH,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CACP,sbAAsb,CACvb;IACH,KAAK,EAAE,CAAC;SACL,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SAClB,QAAQ,EAAE;SACV,QAAQ,CAAC,oDAAoD,CAAC;IACjE,IAAI,EAAE,CAAC;SACJ,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CAAC,iDAAiD,CAAC;IAC9D,KAAK,EAAE,CAAC;SACL,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CACP,4HAA4H,CAC7H;IACH,OAAO,EAAE,CAAC;SACP,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CACP,mIAAmI,CACpI;CACJ,CAAC;AAEF,MAAM,UAAU,mBAAmB,CAAC,MAAiB;IACnD,MAAM,CAAC,YAAY,CACjB,SAAS,EACT;QACE,KAAK,EAAE,4CAA4C;QACnD,WAAW,EAAE;;;;;;;;;;;;;;;;+IAgB4H;QACzI,WAAW;QACX,WAAW,EAAE,kCAAkC;KAChD,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,MAAM,GAAG,IAAqB,CAAC;QACrC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;QAC7D,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;QAClD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;QAElD,sEAAsE;QACtE,uEAAuE;QACvE,sEAAsE;QACtE,qDAAqD;QACrD,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,KAAK,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YAChC,OAAO,aAAa,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,aAAa;gBACrB,OAAO,EAAE,iBAAiB,UAAU,CAAC,MAAM,EAAE;aAC9C,CAAC,CAAC;QACL,CAAC;QACD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;QAE7B,sEAAsE;QACtE,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;YACtB,KAAK,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;YAClC,OAAO,aAAa,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,eAAe;gBACvB,OAAO,EAAE,SAAS,IAAI,qEAAqE,SAAS,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE;aAC3H,CAAC,CAAC;QACL,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,KAAK,OAAO,IAAI,YAAY,EAAE,CAAC;YACrC,KAAK,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACjC,OAAO,aAAa,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,cAAc;gBACtB,OAAO,EACL,kHAAkH;aACrH,CAAC,CAAC;QACL,CAAC;QACD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,IAAI,YAAY,EAAE,CAAC;gBACjB,KAAK,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;gBACjC,OAAO,aAAa,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,cAAc;oBACtB,OAAO,EACL,4IAA4I;iBAC/I,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,KAAK,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;gBACtC,OAAO,aAAa,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,OAAO,EACL,0IAA0I;iBAC7I,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,EAAE;QACF,sEAAsE;QACtE,uEAAuE;QACvE,qEAAqE;QACrE,kEAAkE;QAClE,oEAAoE;QACpE,oEAAoE;QACpE,iEAAiE;QACjE,qEAAqE;QACrE,wEAAwE;QACxE,0CAA0C;QAC1C,IAAI,MAAM,CAAC,eAAe,KAAK,KAAK,IAAI,MAAM,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;YACvE,MAAM,eAAe,GAAG,sBAAsB,EAAE,CAAC;YACjD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;YACjD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACtC,KAAK,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;gBACnC,OAAO,aAAa,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,gBAAgB;oBACxB,OAAO,EAAE,KAAK;wBACZ,CAAC,CAAC,SAAS,IAAI,qBAAqB,KAAK,kGAAkG;wBAC3I,CAAC,CAAC,SAAS,IAAI,oJAAoJ;iBACtK,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,MAAM,QAAQ,GAAG,IAAI,KAAK,QAAQ,CAAC;YACnC,MAAM,OAAO,GAAG,QAAQ;gBACtB,CAAC,CAAC,wDAAwD,MAAM,IAAI,IAAI,YAAY,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC,WAAW,aAAa,CAAC,IAAI,CAAC,EAAE;gBAC/I,CAAC,CAAC,GAAG,MAAM,IAAI,IAAI,YAAY,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC,WAAW,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7F,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,MAAM,EAAE;gBACrD,OAAO;gBACP,eAAe,EAAE,MAAM,CAAC,OAAO;aAChC,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;gBAC5B,KAAK,CAAC,WAAW,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;gBACxC,OAAO,mBAAmB,CAAC,YAAY,EAAE;oBACvC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU;iBAC3C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAChC,qCAAqC,EAAE,CACxC,CAAC;YACF,MAAM,YAAY,GAAG,KAAK;gBACxB,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE;gBACrC,CAAC,CAAC,KAAK,CAAC;YACV,MAAM,MAAM,GAAG,MAAM,eAAe,CAClC,MAAM,EACN,MAAM,EACN,IAAI,EACJ,YAAY,EACZ,IAAI,CACL,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,CAAC;YACZ,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,OAAO,EAAE,IAAI;4BACb,MAAM;4BACN,IAAI;4BACJ,IAAI;4BACJ,QAAQ,EAAE,MAAM;yBACjB,CAAC;qBACH;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,OAAO,EAAE,KAAK;4BACd,MAAM,EAAE,cAAc;4BACtB,MAAM;4BACN,IAAI;4BACJ,IAAI;4BACJ,OAAO;yBACR,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,sBAAsB,CAAC;IACrB,QAAQ,EAAE,SAAS;IACnB,4EAA4E;IAC5E,4EAA4E;IAC5E,yEAAyE;IACzE,0EAA0E;IAC1E,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE;IAC/D,UAAU,EAAE,mBAAmB;CAChC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
"bugs": {
|
|
5
5
|
"url": "https://github.com/OctopusDeploy/mcp-server/issues"
|
|
6
6
|
},
|
|
7
|
-
"version": "2.1.
|
|
7
|
+
"version": "2.1.2",
|
|
8
8
|
"type": "module",
|
|
9
9
|
"description": "The Octopus MCP Server provides your AI assistant with powerful tools that allow it to inspect, query, and diagnose problems within your Octopus instance.",
|
|
10
10
|
"main": "dist/index.js",
|