@skillsmith/mcp-server 0.4.7 → 0.4.8

package/dist/src/tools/rbac-tools.d.ts

@@ -0,0 +1,180 @@
+/**
+ * @fileoverview Enterprise RBAC MCP tools for role management
+ * @module @skillsmith/mcp-server/tools/rbac-tools
+ * @see SMI-3901: RBAC MCP Tools
+ *
+ * RBAC enforcement is at the Supabase API layer (server-side), NOT local MCP.
+ * These MCP tools are a management interface only — they configure roles,
+ * assignments, and policies that the server enforces.
+ *
+ * Default role hierarchy: admin > manager > member > viewer.
+ *
+ * Tier gate: Enterprise (rbac feature flag).
+ */
+import { z } from 'zod';
+import type { ToolContext } from '../context.js';
+import type { RBACService, RbacManageResult, RbacAssignRoleResult, RbacCreatePolicyResult } from './rbac-tools.types.js';
+export type { RBACRole, RBACAssignment, RBACPolicy, RBACService, RbacManageResult, RbacAssignRoleResult, RbacCreatePolicyResult, } from './rbac-tools.types.js';
+export { createStubRBACService } from './rbac-tools.types.js';
+export declare const rbacManageInputSchema: z.ZodObject<{
+    action: z.ZodEnum<["create_role", "list_roles", "delete_role", "get_role"]>;
+    name: z.ZodOptional<z.ZodString>;
+    roleId: z.ZodOptional<z.ZodString>;
+    permissions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    description: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    action: "create_role" | "list_roles" | "delete_role" | "get_role";
+    name?: string | undefined;
+    description?: string | undefined;
+    roleId?: string | undefined;
+    permissions?: string[] | undefined;
+}, {
+    action: "create_role" | "list_roles" | "delete_role" | "get_role";
+    name?: string | undefined;
+    description?: string | undefined;
+    roleId?: string | undefined;
+    permissions?: string[] | undefined;
+}>;
+export type RbacManageInput = z.infer<typeof rbacManageInputSchema>;
+export declare const rbacAssignRoleInputSchema: z.ZodObject<{
+    action: z.ZodEnum<["assign", "revoke", "list_assignments"]>;
+    userId: z.ZodOptional<z.ZodString>;
+    roleId: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    action: "assign" | "revoke" | "list_assignments";
+    roleId?: string | undefined;
+    userId?: string | undefined;
+}, {
+    action: "assign" | "revoke" | "list_assignments";
+    roleId?: string | undefined;
+    userId?: string | undefined;
+}>;
+export type RbacAssignRoleInput = z.infer<typeof rbacAssignRoleInputSchema>;
+export declare const rbacCreatePolicyInputSchema: z.ZodObject<{
+    action: z.ZodEnum<["create", "list", "delete", "get"]>;
+    name: z.ZodOptional<z.ZodString>;
+    policyId: z.ZodOptional<z.ZodString>;
+    effect: z.ZodOptional<z.ZodEnum<["allow", "deny"]>>;
+    resources: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    action: "get" | "create" | "list" | "delete";
+    name?: string | undefined;
+    resources?: string[] | undefined;
+    policyId?: string | undefined;
+    effect?: "allow" | "deny" | undefined;
+    actions?: string[] | undefined;
+}, {
+    action: "get" | "create" | "list" | "delete";
+    name?: string | undefined;
+    resources?: string[] | undefined;
+    policyId?: string | undefined;
+    effect?: "allow" | "deny" | undefined;
+    actions?: string[] | undefined;
+}>;
+export type RbacCreatePolicyInput = z.infer<typeof rbacCreatePolicyInputSchema>;
+export declare const rbacManageToolSchema: {
+    name: "rbac_manage";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            action: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            name: {
+                type: string;
+                description: string;
+            };
+            roleId: {
+                type: string;
+                description: string;
+            };
+            permissions: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                description: string;
+            };
+            description: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare const rbacAssignRoleToolSchema: {
+    name: "rbac_assign_role";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            action: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            userId: {
+                type: string;
+                description: string;
+            };
+            roleId: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare const rbacCreatePolicyToolSchema: {
+    name: "rbac_create_policy";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            action: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            name: {
+                type: string;
+                description: string;
+            };
+            policyId: {
+                type: string;
+                description: string;
+            };
+            effect: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            resources: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                description: string;
+            };
+            actions: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+/** Replace the RBAC service implementation (for testing or production swap) */
+export declare function setRBACService(svc: RBACService): void;
+export declare function executeRbacManage(input: RbacManageInput, _context: ToolContext): Promise<RbacManageResult>;
+export declare function executeRbacAssignRole(input: RbacAssignRoleInput, _context: ToolContext): Promise<RbacAssignRoleResult>;
+export declare function executeRbacCreatePolicy(input: RbacCreatePolicyInput, _context: ToolContext): Promise<RbacCreatePolicyResult>;
+//# sourceMappingURL=rbac-tools.d.ts.map

package/dist/src/tools/rbac-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-tools.d.ts","sourceRoot":"","sources":["../../../src/tools/rbac-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAEhD,OAAO,KAAK,EACV,WAAW,EACX,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,uBAAuB,CAAA;AAI9B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAM7D,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;EAShC,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAA;AAEnE,eAAO,MAAM,yBAAyB;;;;;;;;;;;;EAIpC,CAAA;AAEF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA;AAE3E,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;EAOtC,CAAA;AAEF,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAA;AAM/E,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4BhC,CAAA;AAED,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;CAkBpC,CAAA;AAED,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiCtC,CAAA;AAKD,+EAA+E;AAC/E,wBAAgB,cAAc,CAAC,GAAG,EAAE,WAAW,GAAG,IAAI,CAErD;AAMD,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,eAAe,EACtB,QAAQ,EAAE,WAAW,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAwD3B;AAED,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,mBAAmB,EAC1B,QAAQ,EAAE,WAAW,GACpB,OAAO,CAAC,oBAAoB,CAAC,CAyD/B;AAED,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,qBAAqB,EAC5B,QAAQ,EAAE,WAAW,GACpB,OAAO,CAAC,sBAAsB,CAAC,CAgEjC"}

package/dist/src/tools/rbac-tools.js

@@ -0,0 +1,300 @@
+/**
+ * @fileoverview Enterprise RBAC MCP tools for role management
+ * @module @skillsmith/mcp-server/tools/rbac-tools
+ * @see SMI-3901: RBAC MCP Tools
+ *
+ * RBAC enforcement is at the Supabase API layer (server-side), NOT local MCP.
+ * These MCP tools are a management interface only — they configure roles,
+ * assignments, and policies that the server enforces.
+ *
+ * Default role hierarchy: admin > manager > member > viewer.
+ *
+ * Tier gate: Enterprise (rbac feature flag).
+ */
+import { z } from 'zod';
+import { isSupabaseConfigured } from '../supabase-client.js';
+import { createStubRBACService } from './rbac-tools.types.js';
+export { createStubRBACService } from './rbac-tools.types.js';
+// ============================================================================
+// Input schemas
+// ============================================================================
+export const rbacManageInputSchema = z.object({
+    action: z.enum(['create_role', 'list_roles', 'delete_role', 'get_role']),
+    name: z.string().min(1).max(64).optional().describe('Role name (required for create_role)'),
+    roleId: z.string().optional().describe('Role identifier (required for get_role/delete_role)'),
+    permissions: z
+        .array(z.string())
+        .optional()
+        .describe('Permission strings (optional for create_role)'),
+    description: z.string().max(256).optional().describe('Role description'),
+});
+export const rbacAssignRoleInputSchema = z.object({
+    action: z.enum(['assign', 'revoke', 'list_assignments']),
+    userId: z.string().optional().describe('User identifier (required for assign/revoke)'),
+    roleId: z.string().optional().describe('Role identifier (required for assign/revoke)'),
+});
+export const rbacCreatePolicyInputSchema = z.object({
+    action: z.enum(['create', 'list', 'delete', 'get']),
+    name: z.string().min(1).max(128).optional().describe('Policy name (required for create)'),
+    policyId: z.string().optional().describe('Policy identifier (required for get/delete)'),
+    effect: z.enum(['allow', 'deny']).optional().describe('Policy effect (required for create)'),
+    resources: z.array(z.string()).optional().describe('Resource patterns (required for create)'),
+    actions: z.array(z.string()).optional().describe('Action patterns (required for create)'),
+});
+// ============================================================================
+// Tool schemas for MCP registration
+// ============================================================================
+export const rbacManageToolSchema = {
+    name: 'rbac_manage',
+    description: 'Manage RBAC roles: create_role, list_roles, get_role, delete_role. ' +
+        'Default hierarchy: admin > manager > member > viewer. ' +
+        'Requires Enterprise tier (rbac feature).',
+    inputSchema: {
+        type: 'object',
+        properties: {
+            action: {
+                type: 'string',
+                enum: ['create_role', 'list_roles', 'delete_role', 'get_role'],
+                description: 'RBAC role operation',
+            },
+            name: { type: 'string', description: 'Role name (required for create_role)' },
+            roleId: {
+                type: 'string',
+                description: 'Role ID (required for get_role/delete_role)',
+            },
+            permissions: {
+                type: 'array',
+                items: { type: 'string' },
+                description: 'Permission strings (optional for create_role)',
+            },
+            description: { type: 'string', description: 'Role description' },
+        },
+        required: ['action'],
+    },
+};
+export const rbacAssignRoleToolSchema = {
+    name: 'rbac_assign_role',
+    description: 'Assign or revoke roles for users, or list current assignments. ' +
+        'Requires Enterprise tier (rbac feature).',
+    inputSchema: {
+        type: 'object',
+        properties: {
+            action: {
+                type: 'string',
+                enum: ['assign', 'revoke', 'list_assignments'],
+                description: 'Assignment operation',
+            },
+            userId: { type: 'string', description: 'User ID (required for assign/revoke)' },
+            roleId: { type: 'string', description: 'Role ID (required for assign/revoke)' },
+        },
+        required: ['action'],
+    },
+};
+export const rbacCreatePolicyToolSchema = {
+    name: 'rbac_create_policy',
+    description: 'Create, list, get, or delete RBAC policies that define access rules. ' +
+        'Requires Enterprise tier (rbac feature).',
+    inputSchema: {
+        type: 'object',
+        properties: {
+            action: {
+                type: 'string',
+                enum: ['create', 'list', 'delete', 'get'],
+                description: 'Policy operation',
+            },
+            name: { type: 'string', description: 'Policy name (required for create)' },
+            policyId: { type: 'string', description: 'Policy ID (required for get/delete)' },
+            effect: {
+                type: 'string',
+                enum: ['allow', 'deny'],
+                description: 'Policy effect (required for create)',
+            },
+            resources: {
+                type: 'array',
+                items: { type: 'string' },
+                description: 'Resource patterns (required for create)',
+            },
+            actions: {
+                type: 'array',
+                items: { type: 'string' },
+                description: 'Action patterns (required for create)',
+            },
+        },
+        required: ['action'],
+    },
+};
+// Module-level singleton
+let service = createStubRBACService();
+/** Replace the RBAC service implementation (for testing or production swap) */
+export function setRBACService(svc) {
+    service = svc;
+}
+// ============================================================================
+// Handlers
+// ============================================================================
+export async function executeRbacManage(input, _context) {
+    const dataSource = isSupabaseConfigured() ? 'live' : 'stub';
+    switch (input.action) {
+        case 'create_role': {
+            if (!input.name)
+                return { success: false, dataSource, error: 'name is required for action "create_role".' };
+            const role = await service.createRole(input.name, input.permissions, input.description);
+            return {
+                success: true,
+                dataSource,
+                role,
+                message: `## Role Created\n\n` +
+                    `- **Name:** ${role.name}\n` +
+                    `- **ID:** ${role.id}\n` +
+                    `- **Permissions:** ${role.permissions.length ? role.permissions.join(', ') : 'none'}\n` +
+                    (role.description ? `- **Description:** ${role.description}\n` : ''),
+            };
+        }
+        case 'list_roles': {
+            const roles = await service.listRoles();
+            const lines = roles.map((r) => `| ${r.name} | ${r.id} | ${r.hierarchy} | ${r.permissions.join(', ')} |`);
+            return {
+                success: true,
+                dataSource,
+                roles,
+                message: `## RBAC Roles (${roles.length})\n\n` +
+                    `| Name | ID | Hierarchy | Permissions |\n` +
+                    `|------|-----|-----------|-------------|\n` +
+                    lines.join('\n'),
+            };
+        }
+        case 'get_role': {
+            if (!input.roleId)
+                return { success: false, dataSource, error: 'roleId is required for action "get_role".' };
+            const role = await service.getRole(input.roleId);
+            if (!role)
+                return { success: false, dataSource, error: `Role "${input.roleId}" not found.` };
+            return { success: true, dataSource, role };
+        }
+        case 'delete_role': {
+            if (!input.roleId)
+                return { success: false, dataSource, error: 'roleId is required for action "delete_role".' };
+            const deleted = await service.deleteRole(input.roleId);
+            if (!deleted)
+                return {
+                    success: false,
+                    dataSource,
+                    error: `Role "${input.roleId}" not found or is a built-in role.`,
+                };
+            return { success: true, dataSource, message: `Role "${input.roleId}" deleted.` };
+        }
+    }
+}
+export async function executeRbacAssignRole(input, _context) {
+    const dataSource = isSupabaseConfigured() ? 'live' : 'stub';
+    switch (input.action) {
+        case 'assign': {
+            if (!input.userId || !input.roleId)
+                return {
+                    success: false,
+                    dataSource,
+                    error: 'userId and roleId are required for action "assign".',
+                };
+            const assignment = await service.assignRole(input.userId, input.roleId);
+            return {
+                success: true,
+                dataSource,
+                assignment,
+                message: `## Role Assigned\n\n` +
+                    `- **User:** ${assignment.userId}\n` +
+                    `- **Role:** ${assignment.roleName} (${assignment.roleId})\n` +
+                    `- **Assigned by:** ${assignment.assignedBy}`,
+            };
+        }
+        case 'revoke': {
+            if (!input.userId || !input.roleId)
+                return {
+                    success: false,
+                    dataSource,
+                    error: 'userId and roleId are required for action "revoke".',
+                };
+            const revoked = await service.revokeRole(input.userId, input.roleId);
+            if (!revoked)
+                return {
+                    success: false,
+                    dataSource,
+                    error: `No assignment found for user "${input.userId}" with role "${input.roleId}".`,
+                };
+            return {
+                success: true,
+                dataSource,
+                message: `Role "${input.roleId}" revoked from user "${input.userId}".`,
+            };
+        }
+        case 'list_assignments': {
+            const assignments = await service.listAssignments();
+            return {
+                success: true,
+                dataSource,
+                assignments,
+                message: `## Role Assignments (${assignments.length})\n\n` +
+                    (assignments.length === 0
+                        ? 'No role assignments found.'
+                        : assignments.map((a) => `- ${a.userId}: ${a.roleName} (${a.roleId})`).join('\n')),
+            };
+        }
+    }
+}
+export async function executeRbacCreatePolicy(input, _context) {
+    const dataSource = isSupabaseConfigured() ? 'live' : 'stub';
+    switch (input.action) {
+        case 'create': {
+            if (!input.name)
+                return { success: false, dataSource, error: 'name is required for action "create".' };
+            if (!input.effect)
+                return { success: false, dataSource, error: 'effect is required for action "create".' };
+            if (!input.resources?.length)
+                return { success: false, dataSource, error: 'resources is required for action "create".' };
+            if (!input.actions?.length)
+                return { success: false, dataSource, error: 'actions is required for action "create".' };
+            const policy = await service.createPolicy(input.name, input.effect, input.resources, input.actions);
+            return {
+                success: true,
+                dataSource,
+                policy,
+                message: `## Policy Created\n\n` +
+                    `- **Name:** ${policy.name}\n` +
+                    `- **ID:** ${policy.id}\n` +
+                    `- **Effect:** ${policy.effect}\n` +
+                    `- **Resources:** ${policy.resources.join(', ')}\n` +
+                    `- **Actions:** ${policy.actions.join(', ')}`,
+            };
+        }
+        case 'list': {
+            const policies = await service.listPolicies();
+            return {
+                success: true,
+                dataSource,
+                policies,
+                message: `## RBAC Policies (${policies.length})\n\n` +
+                    (policies.length === 0
+                        ? 'No policies defined.'
+                        : policies
+                            .map((p) => `- **${p.name}** (${p.id}): ${p.effect} ${p.resources.join(', ')}`)
+                            .join('\n')),
+            };
+        }
+        case 'get': {
+            if (!input.policyId)
+                return { success: false, dataSource, error: 'policyId is required for action "get".' };
+            const policy = await service.getPolicy(input.policyId);
+            if (!policy)
+                return { success: false, dataSource, error: `Policy "${input.policyId}" not found.` };
+            return { success: true, dataSource, policy };
+        }
+        case 'delete': {
+            if (!input.policyId)
+                return { success: false, dataSource, error: 'policyId is required for action "delete".' };
+            const deleted = await service.deletePolicy(input.policyId);
+            if (!deleted)
+                return { success: false, dataSource, error: `Policy "${input.policyId}" not found.` };
+            return { success: true, dataSource, message: `Policy "${input.policyId}" deleted.` };
+        }
+    }
+}
+//# sourceMappingURL=rbac-tools.js.map

package/dist/src/tools/rbac-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-tools.js","sourceRoot":"","sources":["../../../src/tools/rbac-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAO5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAY7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAE7D,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IACxE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IAC3F,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;IAC7F,WAAW,EAAE,CAAC;SACX,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;SACV,QAAQ,CAAC,+CAA+C,CAAC;IAC5D,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;CACzE,CAAC,CAAA;AAIF,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;IACxD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;IACtF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;CACvF,CAAC,CAAA;AAIF,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IACnD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IACzF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACvF,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;IAC5F,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;IAC7F,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;CAC1F,CAAC,CAAA;AAIF,+EAA+E;AAC/E,oCAAoC;AACpC,+EAA+E;AAE/E,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,IAAI,EAAE,aAAsB;IAC5B,WAAW,EACT,qEAAqE;QACrE,wDAAwD;QACxD,0CAA0C;IAC5C,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,CAAC;gBAC9D,WAAW,EAAE,qBAAqB;aACnC;YACD,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;YAC7E,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,6CAA6C;aAC3D;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,WAAW,EAAE,+CAA+C;aAC7D;YACD,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;SACjE;QACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;KACrB;CACF,CAAA;AAED,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,IAAI,EAAE,kBAA2B;IACjC,WAAW,EACT,iEAAiE;QACjE,0CAA0C;IAC5C,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,kBAAkB,CAAC;gBAC9C,WAAW,EAAE,sBAAsB;aACpC;YACD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;YAC/E,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;SAChF;QACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;KACrB;CACF,CAAA;AAED,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI,EAAE,oBAA6B;IACnC,WAAW,EACT,uEAAuE;QACvE,0CAA0C;IAC5C,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC;gBACzC,WAAW,EAAE,kBAAkB;aAChC;YACD,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mCAAmC,EAAE;YAC1E,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qCAAqC,EAAE;YAChF,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;gBACvB,WAAW,EAAE,qCAAqC;aACnD;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,WAAW,EAAE,yCAAyC;aACvD;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,WAAW,EAAE,uCAAuC;aACrD;SACF;QACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;KACrB;CACF,CAAA;AAED,yBAAyB;AACzB,IAAI,OAAO,GAAgB,qBAAqB,EAAE,CAAA;AAElD,+EAA+E;AAC/E,MAAM,UAAU,cAAc,CAAC,GAAgB;IAC7C,OAAO,GAAG,GAAG,CAAA;AACf,CAAC;AAED,+EAA+E;AAC/E,WAAW;AACX,+EAA+E;AAE/E,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAsB,EACtB,QAAqB;IAErB,MAAM,UAAU,GAAoB,oBAAoB,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAA;IAE5E,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC;QACrB,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,IAAI;gBACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAA;YAC5F,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,WAAW,CAAC,CAAA;YACvF,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU;gBACV,IAAI;gBACJ,OAAO,EACL,qBAAqB;oBACrB,eAAe,IAAI,CAAC,IAAI,IAAI;oBAC5B,aAAa,IAAI,CAAC,EAAE,IAAI;oBACxB,sBAAsB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI;oBACxF,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,sBAAsB,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;aACvE,CAAA;QACH,CAAC;QACD,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,CAAA;YACvC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,SAAS,MAAM,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAChF,CAAA;YACD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU;gBACV,KAAK;gBACL,OAAO,EACL,kBAAkB,KAAK,CAAC,MAAM,OAAO;oBACrC,2CAA2C;oBAC3C,4CAA4C;oBAC5C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;aACnB,CAAA;QACH,CAAC;QACD,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,IAAI,CAAC,KAAK,CAAC,MAAM;gBACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAA;YAC3F,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,KAAK,CAAC,MAAM,cAAc,EAAE,CAAA;YAC5F,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CAAA;QAC5C,CAAC;QACD,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,MAAM;gBACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,8CAA8C,EAAE,CAAA;YAC9F,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;YACtD,IAAI,CAAC,OAAO;gBACV,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,UAAU;oBACV,KAAK,EAAE,SAAS,KAAK,CAAC,MAAM,oCAAoC;iBACjE,CAAA;YACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,KAAK,CAAC,MAAM,YAAY,EAAE,CAAA;QAClF,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAA0B,EAC1B,QAAqB;IAErB,MAAM,UAAU,GAAoB,oBAAoB,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAA;IAE5E,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC;QACrB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM;gBAChC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,UAAU;oBACV,KAAK,EAAE,qDAAqD;iBAC7D,CAAA;YACH,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;YACvE,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU;gBACV,UAAU;gBACV,OAAO,EACL,sBAAsB;oBACtB,eAAe,UAAU,CAAC,MAAM,IAAI;oBACpC,eAAe,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,MAAM,KAAK;oBAC7D,sBAAsB,UAAU,CAAC,UAAU,EAAE;aAChD,CAAA;QACH,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM;gBAChC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,UAAU;oBACV,KAAK,EAAE,qDAAqD;iBAC7D,CAAA;YACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;YACpE,IAAI,CAAC,OAAO;gBACV,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,UAAU;oBACV,KAAK,EAAE,iCAAiC,KAAK,CAAC,MAAM,gBAAgB,KAAK,CAAC,MAAM,IAAI;iBACrF,CAAA;YACH,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU;gBACV,OAAO,EAAE,SAAS,KAAK,CAAC,MAAM,wBAAwB,KAAK,CAAC,MAAM,IAAI;aACvE,CAAA;QACH,CAAC;QACD,KAAK,kBAAkB,CAAC,CAAC,CAAC;YACxB,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,eAAe,EAAE,CAAA;YACnD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU;gBACV,WAAW;gBACX,OAAO,EACL,wBAAwB,WAAW,CAAC,MAAM,OAAO;oBACjD,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;wBACvB,CAAC,CAAC,4BAA4B;wBAC9B,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;aACvF,CAAA;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAA4B,EAC5B,QAAqB;IAErB,MAAM,UAAU,GAAoB,oBAAoB,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAA;IAE5E,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC;QACrB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC,KAAK,CAAC,IAAI;gBACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAA;YACvF,IAAI,CAAC,KAAK,CAAC,MAAM;gBACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAA;YACzF,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,MAAM;gBAC1B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAA;YAC5F,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM;gBACxB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,0CAA0C,EAAE,CAAA;YAC1F,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,YAAY,CACvC,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,OAAO,CACd,CAAA;YACD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU;gBACV,MAAM;gBACN,OAAO,EACL,uBAAuB;oBACvB,eAAe,MAAM,CAAC,IAAI,IAAI;oBAC9B,aAAa,MAAM,CAAC,EAAE,IAAI;oBAC1B,iBAAiB,MAAM,CAAC,MAAM,IAAI;oBAClC,oBAAoB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBACnD,kBAAkB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aAChD,CAAA;QACH,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,EAAE,CAAA;YAC7C,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU;gBACV,QAAQ;gBACR,OAAO,EACL,qBAAqB,QAAQ,CAAC,MAAM,OAAO;oBAC3C,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;wBACpB,CAAC,CAAC,sBAAsB;wBACxB,CAAC,CAAC,QAAQ;6BACL,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;6BAC9E,IAAI,CAAC,IAAI,CAAC,CAAC;aACrB,CAAA;QACH,CAAC;QACD,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,IAAI,CAAC,KAAK,CAAC,QAAQ;gBACjB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,wCAAwC,EAAE,CAAA;YACxF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;YACtD,IAAI,CAAC,MAAM;gBACT,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,WAAW,KAAK,CAAC,QAAQ,cAAc,EAAE,CAAA;YACvF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,CAAA;QAC9C,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC,KAAK,CAAC,QAAQ;gBACjB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAA;YAC3F,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;YAC1D,IAAI,CAAC,OAAO;gBACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,WAAW,KAAK,CAAC,QAAQ,cAAc,EAAE,CAAA;YACvF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,WAAW,KAAK,CAAC,QAAQ,YAAY,EAAE,CAAA;QACtF,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/src/tools/rbac-tools.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Tests for RBAC MCP tools
+ * @see SMI-3901: RBAC MCP Tools
+ */
+export {};
+//# sourceMappingURL=rbac-tools.test.d.ts.map

package/dist/src/tools/rbac-tools.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-tools.test.d.ts","sourceRoot":"","sources":["../../../src/tools/rbac-tools.test.ts"],"names":[],"mappings":"AAAA;;;GAGG"}