@trops/dash-core 0.1.494 → 0.1.495

package/dist/index.esm.js

@@ -49192,6 +49192,7 @@ var WidgetGrantRow = function WidgetGrantRow(_ref6) {
     }), allServerNames.map(function (serverName) {
       var decl = declaredServers[serverName] || {};
       var grant = grantedServers[serverName];
+      var allStale = isServerEntirelyStale(decl, grant);
       return /*#__PURE__*/jsxs("div", {
         className: "flex flex-col space-y-2 border-t border-gray-800 pt-2",
         children: [/*#__PURE__*/jsxs("div", {
@@ -49208,6 +49209,9 @@ var WidgetGrantRow = function WidgetGrantRow(_ref6) {
               return onRevokeServer(serverName);
             }
           })]
+        }), allStale && /*#__PURE__*/jsx("div", {
+          className: "text-xs text-amber-400 bg-amber-900 bg-opacity-20 border border-amber-700 rounded px-2 py-1.5",
+          children: "All grants on this server are no longer in the manifest \u2014 the widget likely no longer uses this server. Consider revoking."
         }), /*#__PURE__*/jsx(PermsList, {
           label: "Tools",
           declaredItems: decl.tools || [],
@@ -49241,17 +49245,44 @@ var PermsList = function PermsList(_ref7) {
     }), all.map(function (item) {
       var isGranted = grantedSet.has(item);
       var isDeclared = declaredSet.has(item);
+      var isStale = isGranted && !isDeclared;
       return /*#__PURE__*/jsxs("span", {
-        className: "text-xs font-mono break-all ".concat(isGranted ? "opacity-100" : isDeclared ? "opacity-50 line-through" : "opacity-100 text-amber-400"),
-        children: [item, !isDeclared && isGranted && /*#__PURE__*/jsx("span", {
-          className: "ml-2 opacity-60",
-          children: "(no longer declared)"
+        className: "text-xs font-mono break-all ".concat(isStale ? "text-amber-400" : isGranted ? "opacity-100" : "opacity-50 line-through"),
+        children: [item, isStale && /*#__PURE__*/jsx("span", {
+          className: "ml-2 not-italic font-sans normal-case tracking-normal text-amber-400",
+          children: "(stale \u2014 widget no longer requests this; consider revoking)"
         })]
       }, item);
     })]
   });
 };
 
+/**
+ * True when the granted entry has at least one item AND every granted
+ * item is missing from the current declared block (i.e. all of this
+ * server's grants are unused by the current manifest). Used to surface
+ * a "this whole server's grant looks unused" suggestion at the row level.
+ */
+function isServerEntirelyStale(decl, grant) {
+  if (!grant) return false;
+  var declTools = new Set(decl.tools || []);
+  var declRead = new Set(decl.readPaths || []);
+  var declWrite = new Set(decl.writePaths || []);
+  var grantedTools = grant.tools || [];
+  var grantedRead = grant.readPaths || [];
+  var grantedWrite = grant.writePaths || [];
+  var total = grantedTools.length + grantedRead.length + grantedWrite.length;
+  if (total === 0) return false;
+  var stale = grantedTools.every(function (t) {
+    return !declTools.has(t);
+  }) && grantedRead.every(function (p) {
+    return !declRead.has(p);
+  }) && grantedWrite.every(function (p) {
+    return !declWrite.has(p);
+  });
+  return stale;
+}
+
 /**
  * Renders a small badge showing how the user got to this grant. Helps
  * the user audit grants that were approved against a scanner guess
@@ -49355,6 +49386,31 @@ var EXAMPLE_FIXTURES = [{
       }
     }
   }
+}, {
+  caption: "Stale grant — the widget upgraded and dropped readPaths from its manifest, but the user's grant is still present.",
+  widgetId: "@example/upgraded-widget",
+  hasManifest: true,
+  grantOrigin: "declared",
+  declared: {
+    // Manifest now declares only the tool, no paths.
+    servers: {
+      filesystem: {
+        tools: ["read_file"],
+        readPaths: [],
+        writePaths: []
+      }
+    }
+  },
+  granted: {
+    grantOrigin: "declared",
+    servers: {
+      filesystem: {
+        tools: ["read_file"],
+        readPaths: ["~/Documents/old-notes"],
+        writePaths: []
+      }
+    }
+  }
 }];
 var noop = function noop() {};