@withpica/mcp-server 2.52.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (251) hide show
  1. package/CHANGELOG.md +66 -0
  2. package/dist/prompts/creator-question-atlas.d.ts +48 -0
  3. package/dist/prompts/creator-question-atlas.d.ts.map +1 -0
  4. package/dist/prompts/creator-question-atlas.js +618 -0
  5. package/dist/prompts/creator-question-atlas.js.map +1 -0
  6. package/dist/prompts/index.d.ts +32 -0
  7. package/dist/prompts/index.d.ts.map +1 -1
  8. package/dist/prompts/index.js +235 -0
  9. package/dist/prompts/index.js.map +1 -1
  10. package/dist/resources/index.d.ts +10 -0
  11. package/dist/resources/index.d.ts.map +1 -1
  12. package/dist/resources/index.js +134 -1
  13. package/dist/resources/index.js.map +1 -1
  14. package/dist/server-instructions.d.ts +4 -3
  15. package/dist/server-instructions.d.ts.map +1 -1
  16. package/dist/server-instructions.js +4 -1
  17. package/dist/server-instructions.js.map +1 -1
  18. package/dist/server.d.ts +26 -0
  19. package/dist/server.d.ts.map +1 -1
  20. package/dist/server.js +108 -10
  21. package/dist/server.js.map +1 -1
  22. package/dist/skills/index.d.ts +42 -0
  23. package/dist/skills/index.d.ts.map +1 -0
  24. package/dist/skills/index.js +59 -0
  25. package/dist/skills/index.js.map +1 -0
  26. package/dist/skills/skills.generated.d.ts +25 -0
  27. package/dist/skills/skills.generated.d.ts.map +1 -0
  28. package/dist/skills/skills.generated.js +86 -0
  29. package/dist/skills/skills.generated.js.map +1 -0
  30. package/dist/tools/access-simulate.d.ts +23 -0
  31. package/dist/tools/access-simulate.d.ts.map +1 -0
  32. package/dist/tools/access-simulate.js +165 -0
  33. package/dist/tools/access-simulate.js.map +1 -0
  34. package/dist/tools/agent-identity.d.ts.map +1 -1
  35. package/dist/tools/agent-identity.js +15 -0
  36. package/dist/tools/agent-identity.js.map +1 -1
  37. package/dist/tools/agreement-types.d.ts.map +1 -1
  38. package/dist/tools/agreement-types.js +24 -0
  39. package/dist/tools/agreement-types.js.map +1 -1
  40. package/dist/tools/agreements.d.ts.map +1 -1
  41. package/dist/tools/agreements.js +21 -3
  42. package/dist/tools/agreements.js.map +1 -1
  43. package/dist/tools/analytics.d.ts.map +1 -1
  44. package/dist/tools/analytics.js +19 -1
  45. package/dist/tools/analytics.js.map +1 -1
  46. package/dist/tools/app-tools.d.ts.map +1 -1
  47. package/dist/tools/app-tools.js +11 -2
  48. package/dist/tools/app-tools.js.map +1 -1
  49. package/dist/tools/assets.d.ts.map +1 -1
  50. package/dist/tools/assets.js +33 -0
  51. package/dist/tools/assets.js.map +1 -1
  52. package/dist/tools/audio-files.d.ts +5 -0
  53. package/dist/tools/audio-files.d.ts.map +1 -1
  54. package/dist/tools/audio-files.js +91 -0
  55. package/dist/tools/audio-files.js.map +1 -1
  56. package/dist/tools/audit.d.ts.map +1 -1
  57. package/dist/tools/audit.js +11 -2
  58. package/dist/tools/audit.js.map +1 -1
  59. package/dist/tools/auth.d.ts.map +1 -1
  60. package/dist/tools/auth.js +6 -0
  61. package/dist/tools/auth.js.map +1 -1
  62. package/dist/tools/bulk.d.ts +4 -0
  63. package/dist/tools/bulk.d.ts.map +1 -1
  64. package/dist/tools/bulk.js +304 -0
  65. package/dist/tools/bulk.js.map +1 -1
  66. package/dist/tools/calendar.d.ts.map +1 -1
  67. package/dist/tools/calendar.js +3 -0
  68. package/dist/tools/calendar.js.map +1 -1
  69. package/dist/tools/collaborators.d.ts.map +1 -1
  70. package/dist/tools/collaborators.js +24 -3
  71. package/dist/tools/collaborators.js.map +1 -1
  72. package/dist/tools/comparisons.d.ts.map +1 -1
  73. package/dist/tools/comparisons.js +6 -0
  74. package/dist/tools/comparisons.js.map +1 -1
  75. package/dist/tools/credits.d.ts +18 -0
  76. package/dist/tools/credits.d.ts.map +1 -1
  77. package/dist/tools/credits.js +344 -4
  78. package/dist/tools/credits.js.map +1 -1
  79. package/dist/tools/custody.d.ts.map +1 -1
  80. package/dist/tools/custody.js +23 -2
  81. package/dist/tools/custody.js.map +1 -1
  82. package/dist/tools/dashboard.d.ts.map +1 -1
  83. package/dist/tools/dashboard.js +43 -7
  84. package/dist/tools/dashboard.js.map +1 -1
  85. package/dist/tools/directory.d.ts.map +1 -1
  86. package/dist/tools/directory.js +3 -0
  87. package/dist/tools/directory.js.map +1 -1
  88. package/dist/tools/discovery.d.ts.map +1 -1
  89. package/dist/tools/discovery.js +99 -2
  90. package/dist/tools/discovery.js.map +1 -1
  91. package/dist/tools/disputes.d.ts.map +1 -1
  92. package/dist/tools/disputes.js +4 -1
  93. package/dist/tools/disputes.js.map +1 -1
  94. package/dist/tools/documents.d.ts.map +1 -1
  95. package/dist/tools/documents.js +3 -0
  96. package/dist/tools/documents.js.map +1 -1
  97. package/dist/tools/duplicates.d.ts.map +1 -1
  98. package/dist/tools/duplicates.js +6 -0
  99. package/dist/tools/duplicates.js.map +1 -1
  100. package/dist/tools/enrichment.d.ts.map +1 -1
  101. package/dist/tools/enrichment.js +33 -0
  102. package/dist/tools/enrichment.js.map +1 -1
  103. package/dist/tools/explainability.d.ts +24 -0
  104. package/dist/tools/explainability.d.ts.map +1 -0
  105. package/dist/tools/explainability.js +137 -0
  106. package/dist/tools/explainability.js.map +1 -0
  107. package/dist/tools/exports.d.ts.map +1 -1
  108. package/dist/tools/exports.js +18 -3
  109. package/dist/tools/exports.js.map +1 -1
  110. package/dist/tools/feedback.d.ts.map +1 -1
  111. package/dist/tools/feedback.js +3 -0
  112. package/dist/tools/feedback.js.map +1 -1
  113. package/dist/tools/files.d.ts.map +1 -1
  114. package/dist/tools/files.js +22 -0
  115. package/dist/tools/files.js.map +1 -1
  116. package/dist/tools/groups.d.ts.map +1 -1
  117. package/dist/tools/groups.js +12 -0
  118. package/dist/tools/groups.js.map +1 -1
  119. package/dist/tools/import-documents.d.ts.map +1 -1
  120. package/dist/tools/import-documents.js +10 -1
  121. package/dist/tools/import-documents.js.map +1 -1
  122. package/dist/tools/import.d.ts.map +1 -1
  123. package/dist/tools/import.js +65 -18
  124. package/dist/tools/import.js.map +1 -1
  125. package/dist/tools/index.d.ts +142 -6
  126. package/dist/tools/index.d.ts.map +1 -1
  127. package/dist/tools/index.js +289 -108
  128. package/dist/tools/index.js.map +1 -1
  129. package/dist/tools/integrations.d.ts.map +1 -1
  130. package/dist/tools/integrations.js +28 -8
  131. package/dist/tools/integrations.js.map +1 -1
  132. package/dist/tools/labels.d.ts.map +1 -1
  133. package/dist/tools/labels.js +3 -0
  134. package/dist/tools/labels.js.map +1 -1
  135. package/dist/tools/licensing.d.ts.map +1 -1
  136. package/dist/tools/licensing.js +15 -0
  137. package/dist/tools/licensing.js.map +1 -1
  138. package/dist/tools/memory.d.ts.map +1 -1
  139. package/dist/tools/memory.js +15 -3
  140. package/dist/tools/memory.js.map +1 -1
  141. package/dist/tools/metadata.d.ts.map +1 -1
  142. package/dist/tools/metadata.js +112 -0
  143. package/dist/tools/metadata.js.map +1 -1
  144. package/dist/tools/multimedia.d.ts.map +1 -1
  145. package/dist/tools/multimedia.js +15 -0
  146. package/dist/tools/multimedia.js.map +1 -1
  147. package/dist/tools/my-recent-questions.d.ts +25 -0
  148. package/dist/tools/my-recent-questions.d.ts.map +1 -0
  149. package/dist/tools/my-recent-questions.js +186 -0
  150. package/dist/tools/my-recent-questions.js.map +1 -0
  151. package/dist/tools/my-reported-issues.d.ts.map +1 -1
  152. package/dist/tools/my-reported-issues.js +3 -0
  153. package/dist/tools/my-reported-issues.js.map +1 -1
  154. package/dist/tools/notes.d.ts.map +1 -1
  155. package/dist/tools/notes.js +12 -0
  156. package/dist/tools/notes.js.map +1 -1
  157. package/dist/tools/notifications.d.ts.map +1 -1
  158. package/dist/tools/notifications.js +25 -1
  159. package/dist/tools/notifications.js.map +1 -1
  160. package/dist/tools/onboarding.d.ts.map +1 -1
  161. package/dist/tools/onboarding.js +3 -0
  162. package/dist/tools/onboarding.js.map +1 -1
  163. package/dist/tools/people.d.ts +4 -0
  164. package/dist/tools/people.d.ts.map +1 -1
  165. package/dist/tools/people.js +58 -1
  166. package/dist/tools/people.js.map +1 -1
  167. package/dist/tools/projects.d.ts.map +1 -1
  168. package/dist/tools/projects.js +18 -0
  169. package/dist/tools/projects.js.map +1 -1
  170. package/dist/tools/public-filter.d.ts.map +1 -1
  171. package/dist/tools/public-filter.js +6 -0
  172. package/dist/tools/public-filter.js.map +1 -1
  173. package/dist/tools/publishers.d.ts.map +1 -1
  174. package/dist/tools/publishers.js +6 -0
  175. package/dist/tools/publishers.js.map +1 -1
  176. package/dist/tools/recordings.d.ts.map +1 -1
  177. package/dist/tools/recordings.js +15 -0
  178. package/dist/tools/recordings.js.map +1 -1
  179. package/dist/tools/recovery-hints.d.ts.map +1 -1
  180. package/dist/tools/recovery-hints.js +105 -0
  181. package/dist/tools/recovery-hints.js.map +1 -1
  182. package/dist/tools/release-rich.d.ts.map +1 -1
  183. package/dist/tools/release-rich.js +4 -2
  184. package/dist/tools/release-rich.js.map +1 -1
  185. package/dist/tools/releases.d.ts.map +1 -1
  186. package/dist/tools/releases.js +55 -0
  187. package/dist/tools/releases.js.map +1 -1
  188. package/dist/tools/report-issue.d.ts.map +1 -1
  189. package/dist/tools/report-issue.js +3 -0
  190. package/dist/tools/report-issue.js.map +1 -1
  191. package/dist/tools/royalties.d.ts.map +1 -1
  192. package/dist/tools/royalties.js +18 -3
  193. package/dist/tools/royalties.js.map +1 -1
  194. package/dist/tools/search.d.ts.map +1 -1
  195. package/dist/tools/search.js +10 -1
  196. package/dist/tools/search.js.map +1 -1
  197. package/dist/tools/send.d.ts.map +1 -1
  198. package/dist/tools/send.js +9 -0
  199. package/dist/tools/send.js.map +1 -1
  200. package/dist/tools/sessions.d.ts.map +1 -1
  201. package/dist/tools/sessions.js +12 -0
  202. package/dist/tools/sessions.js.map +1 -1
  203. package/dist/tools/settings.d.ts.map +1 -1
  204. package/dist/tools/settings.js +30 -3
  205. package/dist/tools/settings.js.map +1 -1
  206. package/dist/tools/share-links.d.ts.map +1 -1
  207. package/dist/tools/share-links.js +15 -0
  208. package/dist/tools/share-links.js.map +1 -1
  209. package/dist/tools/share-send.d.ts +28 -0
  210. package/dist/tools/share-send.d.ts.map +1 -0
  211. package/dist/tools/share-send.js +131 -0
  212. package/dist/tools/share-send.js.map +1 -0
  213. package/dist/tools/sharing.d.ts +29 -0
  214. package/dist/tools/sharing.d.ts.map +1 -0
  215. package/dist/tools/sharing.js +131 -0
  216. package/dist/tools/sharing.js.map +1 -0
  217. package/dist/tools/signup.d.ts.map +1 -1
  218. package/dist/tools/signup.js +3 -0
  219. package/dist/tools/signup.js.map +1 -1
  220. package/dist/tools/skills.d.ts +25 -0
  221. package/dist/tools/skills.d.ts.map +1 -0
  222. package/dist/tools/skills.js +144 -0
  223. package/dist/tools/skills.js.map +1 -0
  224. package/dist/tools/split-sheets.d.ts.map +1 -1
  225. package/dist/tools/split-sheets.js +22 -1
  226. package/dist/tools/split-sheets.js.map +1 -1
  227. package/dist/tools/storage-config.d.ts.map +1 -1
  228. package/dist/tools/storage-config.js +6 -0
  229. package/dist/tools/storage-config.js.map +1 -1
  230. package/dist/tools/subscription.d.ts.map +1 -1
  231. package/dist/tools/subscription.js +9 -10
  232. package/dist/tools/subscription.js.map +1 -1
  233. package/dist/tools/sync-placements.d.ts.map +1 -1
  234. package/dist/tools/sync-placements.js +20 -2
  235. package/dist/tools/sync-placements.js.map +1 -1
  236. package/dist/tools/team.d.ts.map +1 -1
  237. package/dist/tools/team.js +15 -0
  238. package/dist/tools/team.js.map +1 -1
  239. package/dist/tools/telegram.d.ts.map +1 -1
  240. package/dist/tools/telegram.js +9 -0
  241. package/dist/tools/telegram.js.map +1 -1
  242. package/dist/tools/uploads.d.ts.map +1 -1
  243. package/dist/tools/uploads.js +6 -0
  244. package/dist/tools/uploads.js.map +1 -1
  245. package/dist/tools/works.d.ts +4 -0
  246. package/dist/tools/works.d.ts.map +1 -1
  247. package/dist/tools/works.js +83 -3
  248. package/dist/tools/works.js.map +1 -1
  249. package/package.json +7 -6
  250. package/scripts/build-skills.ts +229 -0
  251. package/server.json +2 -2
package/dist/tools/index.d.ts CHANGED
@@ -40,8 +40,74 @@ export interface NextStepHint {
40
40
  * lands so every tool is forced to declare its workflow at compile time.
41
41
  */
42
42
  export type WorkflowTag = "work-required" | "recording-required" | "work-credits-required" | "recording-credits-required" | "person-required" | "audio-upload-required" | "enrichment-resolve-required" | "agreement-required" | "multimedia-required" | "export-required" | "claim-required" | "session-required" | "split-sheet-required" | "recording-splits-required" | "sync-placement-required" | "infrastructure";
43
+ /**
44
+ * ADR-226 Decision 2 — vernacular intent posture for every tool.
45
+ *
46
+ * - `creator-entry` — Atlas covers it; `Use when the user asks: '...'` block
47
+ * in the description is required (Phase 7 lint enforces).
48
+ * - `internal` — programmatic handoff between tools (e.g. presigned-PUT
49
+ * finalize step). Requires a one-line `vernacular_reason`.
50
+ * - `specialist` — mutating / destructive / not-yet-covered context;
51
+ * invoked by exact name. Requires a one-line `vernacular_reason`.
52
+ *
53
+ * Universal coverage: every tool declares its kind. Phase 7 lint promotes
54
+ * the field to a required-with-blocking check; Phase 3 (this commit)
55
+ * leaves it optional during the bulk-classification ramp and flips it to
56
+ * required in the same commit once all 244 tools have been populated by
57
+ * `scripts/bulk-classify-vernacular-kind.ts`.
58
+ */
59
+ export type VernacularKind = "creator-entry" | "internal" | "specialist";
60
+ /**
61
+ * ADR-230 — authority tier declared on every tool definition.
62
+ *
63
+ * - `read` — pure query, no state mutation. Maps to readOnlyHint:true,
64
+ * risk_level:"safe", required scope `read:*` (or `write:*`
65
+ * via the read-implies-write rule in `hasScope`).
66
+ * - `draft` — produces a proposal/preview/hint without persisting
67
+ * state. Same hints as `write` (readOnlyHint:false,
68
+ * risk_level:"mutating"). No confirmation token.
69
+ * - `write` — persistent state change. May opt into per-tool
70
+ * confirmation via `previewMode: "two_step_token"`.
71
+ * - `destructive` — irreversible state change (delete / merge / send
72
+ * broadcast / disconnect). destructiveHint:true,
73
+ * risk_level:"destructive", confirmation token required,
74
+ * requires elevated `destructive:*` scope (admin satisfies).
75
+ *
76
+ * The 4-value `tier` is PICA's authority surface. The 3-value `risk_level`
77
+ * on `mcp_audit_log` is derived from `tier` (read→safe, draft|write→mutating,
78
+ * destructive→destructive) — sister of the MCP-standard `readOnlyHint` /
79
+ * `destructiveHint` fields, kept for ADR-199 client compatibility.
80
+ */
81
+ export type Tier = "read" | "draft" | "write" | "destructive";
82
+ /**
83
+ * ADR-230 — derive the MCP-standard 3-value risk classification from the
84
+ * declared tier. Sourced once at registration and at audit-write time so
85
+ * the contract that hints, audit row, and confirmation requirement all
86
+ * agree is mechanical.
87
+ */
88
+ export declare function tierToRiskLevel(tier: Tier): "safe" | "mutating" | "destructive";
89
+ /**
90
+ * ADR-230 — derive the required API-key scope from the declared tier.
91
+ *
92
+ * - `read` → `read:<resource>` (write:* satisfies via `hasScope`).
93
+ * - `draft|write` → `write:<resource>`.
94
+ * - `destructive` → `destructive:*` (admin satisfies via `hasScope`); the
95
+ * write:<resource> scope is also required for the
96
+ * underlying write surface.
97
+ *
98
+ * Returns the *additional* scope tier beyond per-resource. Resource scope
99
+ * is composed at call-site by `lib/services/mcp-scopes.ts`.
100
+ */
101
+ export declare function tierToScopeKind(tier: Tier): "read" | "write" | "destructive";
43
102
  export interface ToolDefinition {
44
103
  name: string;
104
+ /**
105
+ * ADR-230 — authority tier. Required for every customer-facing tool.
106
+ * Sourced from per-tool declaration; drives MCP hints, audit-log
107
+ * `risk_level`, confirmation-token requirement, and required scope.
108
+ * See {@link Tier} above for semantics.
109
+ */
110
+ tier: Tier;
45
111
  description: string;
46
112
  /**
47
113
  * ADR-214 — workflow(s) this tool belongs to. See `WorkflowTag` above.
@@ -50,6 +116,21 @@ export interface ToolDefinition {
50
116
  * part of any user-facing workflow.
51
117
  */
52
118
  workflows: WorkflowTag | WorkflowTag[];
119
+ /**
120
+ * ADR-226 Decision 2 — vernacular intent posture. See `VernacularKind`
121
+ * above. Optional during Phase 3 ramp; Phase 7 lint flips it to a
122
+ * required-with-blocking check once every tool is populated.
123
+ */
124
+ vernacular_kind?: VernacularKind;
125
+ /**
126
+ * ADR-226 Decision 2 — required when `vernacular_kind` is `'internal'`
127
+ * or `'specialist'`. One-line documentation of why the tool is not a
128
+ * creator-vernacular entry point (e.g. "Invoked after presigned PUT
129
+ * completes" or "Specialist context; not yet covered by the Creator
130
+ * Question Atlas"). Phase 7 lint enforces presence on non-`creator-entry`
131
+ * kinds.
132
+ */
133
+ vernacular_reason?: string;
53
134
  inputSchema: {
54
135
  type: string;
55
136
  properties: Record<string, any>;
@@ -118,6 +199,16 @@ export interface ToolDefinition {
118
199
  export type ToolCategory = "catalog" | "enrichment" | "business" | "discovery" | "media" | "comms" | "settings";
119
200
  export interface ToolMetadata {
120
201
  category: ToolCategory;
202
+ /**
203
+ * @deprecated ADR-230 — use the declared `tier` on the tool
204
+ * definition (`ToolDefinition.tier` — required by lint Rule 13) as
205
+ * the source of truth. `risk` is retained as a quiet fallback for
206
+ * the unlikely case of a tool that bypasses lint (legacy tolerance
207
+ * inside `ToolRegistry.listTools`) and to drive the
208
+ * `injectMetadataIntoDescription` annotations + `retry_safe` hints
209
+ * exposed via `getToolMetadata`. Do NOT add new consumers; route
210
+ * tier-aware logic through the tool definition's declared `tier`.
211
+ */
121
212
  risk: "safe" | "mutating" | "destructive";
122
213
  retry_safe: boolean;
123
214
  display_name: string;
@@ -181,6 +272,35 @@ export interface ToolExecutorContext {
181
272
  server?: Server;
182
273
  }
183
274
  export type ToolExecutor = (args: Record<string, any>, ctx?: ToolExecutorContext) => Promise<any>;
275
+ /**
276
+ * Sanitize tool parameters for `mcp_audit_log.parameters`. Pure function
277
+ * so it's directly testable; the registry's private method delegates here.
278
+ *
279
+ * Security audit 2026-05-11 P2. The audit log is queryable by anyone with
280
+ * team-portal access. Tools like `pica_sign_in`, `pica_share_links_*`,
281
+ * and `team_comms_send` previously landed bare emails / share tokens /
282
+ * OAuth refresh tokens in the log because the only redaction was a
283
+ * `delete sanitized.confirmation_token` + length truncation.
284
+ *
285
+ * Deny-list is keyed off the param name (case-insensitive substring
286
+ * match) — covers `password`, `api_key`, `token`, `secret`,
287
+ * `authorization`, plus `confirmation_token` via the `token` substring.
288
+ * Sister keys like `refresh_token` / `id_token` / `access_token` /
289
+ * `share_token` / `client_secret` also match.
290
+ *
291
+ * Email values (regardless of param key) get the local-part masked to
292
+ * the first two characters: `jane@example.com` → `ja***@example.com`.
293
+ * Locals ≤ 2 chars become all-asterisk.
294
+ *
295
+ * Strings > 500 chars are truncated to 500 + `...[truncated]`.
296
+ *
297
+ * Exported under `_internal` so test files can exercise the function
298
+ * without instantiating a `ToolRegistry`.
299
+ */
300
+ declare function sanitizeAuditParams(args: Record<string, any>): Record<string, unknown>;
301
+ export declare const _internal: {
302
+ sanitizeAuditParams: typeof sanitizeAuditParams;
303
+ };
184
304
  export declare class ToolRegistry {
185
305
  private tools;
186
306
  private pica;
@@ -192,14 +312,29 @@ export declare class ToolRegistry {
192
312
  constructor(pica: PicaClient | null, config?: ServerConfig, reinitializeCallback?: (apiKey: string) => void, callerContext?: CallerContext, signOutCallback?: () => void);
193
313
  setAuditLogger(logger: McpAuditLogger): void;
194
314
  setCallerContext(context: CallerContext): void;
315
+ /**
316
+ * Read clientInfo from the MCP `initialize` handshake. SDK populates this
317
+ * on the per-request `Server` for HTTP and on the long-lived `Server` for
318
+ * stdio; either way getClientVersion() returns the same shape after the
319
+ * handshake completes. Returns empty when ctx is absent or the handshake
320
+ * hasn't run (lobby-mode dispatches that bypass the per-request transport).
321
+ *
322
+ * Stamped onto audit rows as provenance only — never used as a permission
323
+ * boundary, since clientInfo is self-declared by the client.
324
+ */
325
+ private extractClientInfo;
195
326
  /**
196
327
  * Register all available tools
197
328
  */
198
329
  private registerAllTools;
199
- private static readonly DESTRUCTIVE_PATTERNS;
200
- private static readonly MUTATING_PATTERNS;
201
- private static readonly SAFE_OVERRIDES;
202
- private classifyTool;
330
+ /**
331
+ * ADR-230 declared tier lookup by tool name. Used by the HTTP MCP
332
+ * dispatcher (`app/api/mcp/route.ts`) to enforce the elevated
333
+ * `destructive:*` scope on top of the resource-level scope from
334
+ * `lib/services/mcp-scopes`. Returns undefined for unknown tools or
335
+ * tools that haven't declared tier yet (legacy tolerance).
336
+ */
337
+ getToolTier(name: string): Tier | undefined;
203
338
  /**
204
339
  * List all available tools with write-safety prefixes injected.
205
340
  * When discoveryMode is enabled, only the 5 handshake-visible tools are returned.
@@ -221,8 +356,8 @@ export declare class ToolRegistry {
221
356
  */
222
357
  private buildDestructivePreview;
223
358
  /**
224
- * Sanitize tool parameters for audit logging.
225
- * Strips confirmation tokens and truncates large string values.
359
+ * Sanitize tool parameters for audit logging — delegates to the
360
+ * pure-function impl below so it can be exercised directly in tests.
226
361
  */
227
362
  private sanitizeParams;
228
363
  /**
@@ -290,4 +425,5 @@ export declare class ToolRegistry {
290
425
  */
291
426
  executeTool(name: string, args: Record<string, any>, ctx?: ToolExecutorContext): Promise<any>;
292
427
  }
428
+ export {};
293
429
  //# sourceMappingURL=index.d.ts.map
package/dist/tools/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AA6D/C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAU5C,OAAO,EAAE,cAAc,EAAE,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAIL,KAAK,YAAY,EAElB,MAAM,qBAAqB,CAAC;AAE7B;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,0EAA0E;IAC1E,IAAI,EAAE,MAAM,CAAC;IACb,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,IAAI,EAAE,YAAY,GAAG,YAAY,GAAG,oBAAoB,CAAC;CAC1D;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,oBAAoB,GACpB,uBAAuB,GACvB,4BAA4B,GAC5B,iBAAiB,GACjB,uBAAuB,GACvB,6BAA6B,GAC7B,oBAAoB,GACpB,qBAAqB,GACrB,iBAAiB,GACjB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,GACtB,2BAA2B,GAC3B,yBAAyB,GACzB,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB;;;;;OAKG;IACH,SAAS,EAAE,WAAW,GAAG,WAAW,EAAE,CAAC;IACvC,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAChC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;KAChC,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE;QACb,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;KAChC,CAAC;IACF;;;;OAIG;IACH,SAAS,CAAC,EAAE,YAAY,EAAE,CAAC;IAC3B;;;;;OAKG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAChD;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,SAAS,GAAG,gBAAgB,GAAG,MAAM,CAAC;IACpD,WAAW,CAAC,EAAE;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB;;;;WAIG;QACH,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;QAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,0BAA0B,CAAC,EAAE,OAAO,CAAC;QACrC,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;IACF,KAAK,CAAC,EAAE;QACN,EAAE,CAAC,EAAE;YACH,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC;QACF,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED,MAAM,MAAM,YAAY,GACpB,SAAS,GACT,YAAY,GACZ,UAAU,GACV,WAAW,GACX,OAAO,GACP,OAAO,GACP,UAAU,CAAC;AAEf,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;IAC1C,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,YAAY,GACrB,MAAM,CAKR;AAED,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAQzD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CACV;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,GAC9B;QACE,IAAI,EAAE,eAAe,CAAC;QACtB,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GACD;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAC1D,CAAC;IACF,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,EAAE;QACN,aAAa,CAAC,EAAE,YAAY,CAAC;QAC7B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,YAAY,GAAG,CACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,GAAG,CAAC,EAAE,mBAAmB,KACtB,OAAO,CAAC,GAAG,CAAC,CAAC;AAElB,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAOX;IACF,OAAO,CAAC,IAAI,CAAoB;IAChC,OAAO,CAAC,MAAM,CAAC,CAAe;IAC9B,OAAO,CAAC,oBAAoB,CAAC,CAA2B;IACxD,OAAO,CAAC,eAAe,CAAC,CAAa;IACrC,OAAO,CAAC,WAAW,CAAC,CAAiB;IACrC,OAAO,CAAC,aAAa,CAAgB;gBAGnC,IAAI,EAAE,UAAU,GAAG,IAAI,EACvB,MAAM,CAAC,EAAE,YAAY,EACrB,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,EAC/C,aAAa,CAAC,EAAE,aAAa,EAC7B,eAAe,CAAC,EAAE,MAAM,IAAI;IAc9B,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAI5C,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI;IAI9C;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAgaxB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAM1C;IAEF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CA4BvC;IAGF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAanC;IAEH,OAAO,CAAC,YAAY;IAapB;;;;OAIG;IACH,SAAS,IAAI,cAAc,EAAE;IAkG7B;;;;;;;;OAQG;IACH,OAAO,CAAC,yBAAyB;IAkDjC;;OAEG;YACW,uBAAuB;IA8MrC;;;OAGG;IACH,OAAO,CAAC,cAAc;IAWtB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,kBAAkB;IAY1B;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,kBAAkB,CAqDxB;IAEF;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,iBAAiB;IAuBzB;;;;;;OAMG;YACW,kBAAkB;IA6BhC;;;;;;OAMG;IACG,WAAW,CACf,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,GAAG,CAAC,EAAE,mBAAmB,GACxB,OAAO,CAAC,GAAG,CAAC;CA2MhB"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAmE/C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAU5C,OAAO,EAAE,cAAc,EAAE,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAIL,KAAK,YAAY,EAElB,MAAM,qBAAqB,CAAC;AAE7B;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,0EAA0E;IAC1E,IAAI,EAAE,MAAM,CAAC;IACb,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,IAAI,EAAE,YAAY,GAAG,YAAY,GAAG,oBAAoB,CAAC;CAC1D;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,oBAAoB,GACpB,uBAAuB,GACvB,4BAA4B,GAC5B,iBAAiB,GACjB,uBAAuB,GACvB,6BAA6B,GAC7B,oBAAoB,GACpB,qBAAqB,GACrB,iBAAiB,GACjB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,GACtB,2BAA2B,GAC3B,yBAAyB,GACzB,gBAAgB,CAAC;AAErB;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,cAAc,GAAG,eAAe,GAAG,UAAU,GAAG,YAAY,CAAC;AAEzE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,MAAM,IAAI,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,aAAa,CAAC;AAE9D;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,IAAI,GACT,MAAM,GAAG,UAAU,GAAG,aAAa,CAUrC;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,GAAG,OAAO,GAAG,aAAa,CAU5E;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb;;;;;OAKG;IACH,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB;;;;;OAKG;IACH,SAAS,EAAE,WAAW,GAAG,WAAW,EAAE,CAAC;IACvC;;;;OAIG;IACH,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC;;;;;;;OAOG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAChC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;KAChC,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE;QACb,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;KAChC,CAAC;IACF;;;;OAIG;IACH,SAAS,CAAC,EAAE,YAAY,EAAE,CAAC;IAC3B;;;;;OAKG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAChD;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,SAAS,GAAG,gBAAgB,GAAG,MAAM,CAAC;IACpD,WAAW,CAAC,EAAE;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB;;;;WAIG;QACH,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;QAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,0BAA0B,CAAC,EAAE,OAAO,CAAC;QACrC,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;IACF,KAAK,CAAC,EAAE;QACN,EAAE,CAAC,EAAE;YACH,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC;QACF,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED,MAAM,MAAM,YAAY,GACpB,SAAS,GACT,YAAY,GACZ,UAAU,GACV,WAAW,GACX,OAAO,GACP,OAAO,GACP,UAAU,CAAC;AAEf,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB;;;;;;;;;OASG;IACH,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;IAC1C,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,YAAY,GACrB,MAAM,CAKR;AAED,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAQzD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CACV;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,GAC9B;QACE,IAAI,EAAE,eAAe,CAAC;QACtB,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GACD;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAC1D,CAAC;IACF,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,EAAE;QACN,aAAa,CAAC,EAAE,YAAY,CAAC;QAC7B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,YAAY,GAAG,CACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,GAAG,CAAC,EAAE,mBAAmB,KACtB,OAAO,CAAC,GAAG,CAAC,CAAC;AAElB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,iBAAS,mBAAmB,CAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GACxB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAkCzB;AAED,eAAO,MAAM,SAAS;;CAA0B,CAAC;AAEjD,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAOX;IACF,OAAO,CAAC,IAAI,CAAoB;IAChC,OAAO,CAAC,MAAM,CAAC,CAAe;IAC9B,OAAO,CAAC,oBAAoB,CAAC,CAA2B;IACxD,OAAO,CAAC,eAAe,CAAC,CAAa;IACrC,OAAO,CAAC,WAAW,CAAC,CAAiB;IACrC,OAAO,CAAC,aAAa,CAAgB;gBAGnC,IAAI,EAAE,UAAU,GAAG,IAAI,EACvB,MAAM,CAAC,EAAE,YAAY,EACrB,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,EAC/C,aAAa,CAAC,EAAE,aAAa,EAC7B,eAAe,CAAC,EAAE,MAAM,IAAI;IAc9B,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAI5C,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI;IAI9C;;;;;;;;;OASG;IACH,OAAO,CAAC,iBAAiB;IAazB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA4cxB;;;;;;OAMG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAI3C;;;;OAIG;IACH,SAAS,IAAI,cAAc,EAAE;IAyI7B;;;;;;;;OAQG;IACH,OAAO,CAAC,yBAAyB;IAiEjC;;OAEG;YACW,uBAAuB;IAgOrC;;;OAGG;IACH,OAAO,CAAC,cAAc;IAItB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,kBAAkB;IAY1B;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,kBAAkB,CAqDxB;IAEF;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,iBAAiB;IAuBzB;;;;;;OAMG;YACW,kBAAkB;IA6BhC;;;;;;OAMG;IACG,WAAW,CACf,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,GAAG,CAAC,EAAE,mBAAmB,GACxB,OAAO,CAAC,GAAG,CAAC;CA0OhB"}