@xen-orchestra/rest-api 0.31.1 → 0.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/dist/acl-privileges/acl-privilege.controller.mjs +7 -2
  2. package/dist/acl-roles/acl-role.controller.mjs +13 -2
  3. package/dist/alarms/alarm.controller.mjs +3 -1
  4. package/dist/backup-archives/backup-archive.controller.mjs +3 -1
  5. package/dist/backup-jobs/backup-job.controller.mjs +12 -1
  6. package/dist/backup-logs/backup-log.controller.mjs +3 -1
  7. package/dist/backup-repositories/backup-repositories.controller.mjs +3 -1
  8. package/dist/events/event.controller.mjs +4 -1
  9. package/dist/groups/group.controller.mjs +10 -1
  10. package/dist/hosts/host.controller.mjs +16 -1
  11. package/dist/index.mjs +2 -0
  12. package/dist/mcp/mcp.controller.mjs +59 -0
  13. package/dist/mcp/mcp.helper.mjs +11 -0
  14. package/dist/messages/message.controller.mjs +3 -1
  15. package/dist/middlewares/mcp-gate.middleware.mjs +30 -0
  16. package/dist/networks/network.controller.mjs +9 -1
  17. package/dist/open-api/routes/routes.js +33 -1
  18. package/dist/pbds/pbd.controller.mjs +5 -1
  19. package/dist/pcis/pci.controller.mjs +3 -1
  20. package/dist/pgpus/pgpu.controller.mjs +3 -1
  21. package/dist/pifs/pif.controller.mjs +6 -1
  22. package/dist/pools/pool.controller.mjs +20 -1
  23. package/dist/proxies/proxy.controller.mjs +3 -1
  24. package/dist/restore-logs/restore-log.controller.mjs +5 -1
  25. package/dist/schedules/schedule.controller.mjs +4 -1
  26. package/dist/servers/server.controller.mjs +8 -1
  27. package/dist/sms/sm.controller.mjs +3 -1
  28. package/dist/srs/sr.controller.mjs +13 -1
  29. package/dist/tasks/task.controller.mjs +6 -1
  30. package/dist/users/user.controller.mjs +13 -2
  31. package/dist/vbds/vbd.controller.mjs +10 -1
  32. package/dist/vdi-snapshots/vdi-snapshot.controller.mjs +10 -1
  33. package/dist/vdis/vdi.controller.mjs +13 -1
  34. package/dist/vifs/vif.controller.mjs +10 -1
  35. package/dist/vm-controller/vm-controller.controller.mjs +9 -1
  36. package/dist/vm-snapshots/vm-snapshot.controller.mjs +11 -1
  37. package/dist/vm-templates/vm-template.controller.mjs +11 -1
  38. package/dist/vms/vm.controller.mjs +29 -1
  39. package/dist/xoa/xoa.controller.mjs +4 -1
  40. package/eslint-rules/index.cjs +7 -0
  41. package/eslint-rules/require-mcp-expose.cjs +129 -0
  42. package/open-api/spec/swagger.json +563 -264
  43. package/package.json +2 -2
  44. package/tsoa.json +2 -1
@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Example, Get, Middlewares, Path, Query, Request, Response, Route, Security, Tags } from 'tsoa';
10
+ import { Example, Extension, Get, Middlewares, Path, Query, Request, Response, Route, Security, Tags } from 'tsoa';
11
11
  import { inject } from 'inversify';
12
12
  import { provide } from 'inversify-binding-decorators';
13
13
  import { acl } from '../middlewares/acl.middleware.mjs';
@@ -46,6 +46,7 @@ let SmController = class SmController extends XapiXoController {
46
46
  __decorate([
47
47
  Example(smIds),
48
48
  Example(partialSms),
49
+ Extension('x-mcp-exposure', 'allow'),
49
50
  Get(''),
50
51
  Security('*', ['acl']),
51
52
  __param(0, Request()),
@@ -57,6 +58,7 @@ __decorate([
57
58
  ], SmController.prototype, "getSrs", null);
58
59
  __decorate([
59
60
  Example(sm),
61
+ Extension('x-mcp-exposure', 'allow'),
60
62
  Get('{id}'),
61
63
  Middlewares(acl({ resource: 'sm', action: 'read', objectId: 'params.id' })),
62
64
  Response(notFoundResp.status, notFoundResp.description),
@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Delete, Example, Get, Middlewares, Path, Post, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
10
+ import { Delete, Example, Extension, Get, Middlewares, Path, Post, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
11
11
  import { inject } from 'inversify';
12
12
  import { provide } from 'inversify-binding-decorators';
13
13
  import { SUPPORTED_VDI_FORMAT } from '@vates/types';
@@ -224,6 +224,7 @@ let SrController = class SrController extends XapiXoController {
224
224
  __decorate([
225
225
  Example(srIds),
226
226
  Example(partialSrs),
227
+ Extension('x-mcp-exposure', 'allow'),
227
228
  Get(''),
228
229
  Security('*', ['acl']),
229
230
  __param(0, Request()),
@@ -235,6 +236,7 @@ __decorate([
235
236
  ], SrController.prototype, "getSrs", null);
236
237
  __decorate([
237
238
  Example(sr),
239
+ Extension('x-mcp-exposure', 'allow'),
238
240
  Get('{id}'),
239
241
  Middlewares(acl({ resource: 'sr', action: 'read', objectId: 'params.id' })),
240
242
  Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
@@ -243,6 +245,7 @@ __decorate([
243
245
  ], SrController.prototype, "getSr", null);
244
246
  __decorate([
245
247
  Example(genericAlarmsExample),
248
+ Extension('x-mcp-exposure', 'allow'),
246
249
  Get('{id}/alarms'),
247
250
  Security('*', ['acl']),
248
251
  Tags('alarms'),
@@ -257,6 +260,7 @@ __decorate([
257
260
  ], SrController.prototype, "getSrAlarms", null);
258
261
  __decorate([
259
262
  Example(vdiId),
263
+ Extension('x-mcp-exposure', 'confirm'),
260
264
  Post('{id}/vdis'),
261
265
  Middlewares(acl({ resource: 'sr', action: 'import:vdi', objectId: 'params.id' })),
262
266
  Tags('vdis'),
@@ -272,6 +276,7 @@ __decorate([
272
276
  __decorate([
273
277
  Example(messageIds),
274
278
  Example(partialMessages),
279
+ Extension('x-mcp-exposure', 'allow'),
275
280
  Get('{id}/messages'),
276
281
  Security('*', ['acl']),
277
282
  Tags('messages'),
@@ -287,6 +292,7 @@ __decorate([
287
292
  __decorate([
288
293
  Example(taskIds),
289
294
  Example(partialTasks),
295
+ Extension('x-mcp-exposure', 'allow'),
290
296
  Get('{id}/tasks'),
291
297
  Security('*', ['acl']),
292
298
  Tags('tasks'),
@@ -300,6 +306,7 @@ __decorate([
300
306
  __param(6, Query())
301
307
  ], SrController.prototype, "getSrTasks", null);
302
308
  __decorate([
309
+ Extension('x-mcp-exposure', 'confirm'),
303
310
  Put('{id}/tags/{tag}'),
304
311
  Middlewares(acl({ resource: 'sr', action: 'update:tags', objectId: 'params.id' })),
305
312
  SuccessResponse(noContentResp.status, noContentResp.description),
@@ -309,6 +316,7 @@ __decorate([
309
316
  __param(1, Path())
310
317
  ], SrController.prototype, "putSrTag", null);
311
318
  __decorate([
319
+ Extension('x-mcp-exposure', 'confirm'),
312
320
  Delete('{id}/tags/{tag}'),
313
321
  Middlewares(acl({ resource: 'sr', action: 'update:tags', objectId: 'params.id' })),
314
322
  SuccessResponse(noContentResp.status, noContentResp.description),
@@ -319,6 +327,7 @@ __decorate([
319
327
  ], SrController.prototype, "deleteSrTag", null);
320
328
  __decorate([
321
329
  Example(taskLocation),
330
+ Extension('x-mcp-exposure', 'confirm'),
322
331
  Post('{id}/actions/reclaim_space'),
323
332
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
324
333
  Response(noContentResp.status, noContentResp.description),
@@ -330,6 +339,7 @@ __decorate([
330
339
  ], SrController.prototype, "reclaimSpaceSr", null);
331
340
  __decorate([
332
341
  Example(taskLocation),
342
+ Extension('x-mcp-exposure', 'confirm'),
333
343
  Post('{id}/actions/scan'),
334
344
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
335
345
  Response(noContentResp.status, noContentResp.description),
@@ -341,6 +351,7 @@ __decorate([
341
351
  ], SrController.prototype, "scanSr", null);
342
352
  __decorate([
343
353
  Example(taskLocation),
354
+ Extension('x-mcp-exposure', 'confirm'),
344
355
  Post('{id}/actions/forget'),
345
356
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
346
357
  Response(noContentResp.status, noContentResp.description),
@@ -351,6 +362,7 @@ __decorate([
351
362
  __param(1, Query())
352
363
  ], SrController.prototype, "forgetSr", null);
353
364
  __decorate([
365
+ Extension('x-mcp-exposure', 'confirm'),
354
366
  Delete('{id}'),
355
367
  Middlewares(acl({ resource: 'sr', action: 'delete', objectId: 'params.id' })),
356
368
  SuccessResponse(noContentResp.status, noContentResp.description),
@@ -8,7 +8,7 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
10
  import { XoController } from '../abstract-classes/xo-controller.mjs';
11
- import { Get, Path, Query, Request, Route, Security, Tags, Response, Example, Delete, Post, SuccessResponse, Middlewares, } from 'tsoa';
11
+ import { Delete, Example, Extension, Get, Middlewares, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
12
12
  import { acl } from '../middlewares/acl.middleware.mjs';
13
13
  import { asynchronousActionResp, badRequestResp, forbiddenOperationResp, noContentResp, notFoundResp, unauthorizedResp, } from '../open-api/common/response.common.mjs';
14
14
  import { inject } from 'inversify';
@@ -167,6 +167,7 @@ let TaskController = class TaskController extends XoController {
167
167
  __decorate([
168
168
  Example(taskIds),
169
169
  Example(partialTasks),
170
+ Extension('x-mcp-exposure', 'allow'),
170
171
  Get(''),
171
172
  Security('*', ['acl']),
172
173
  Response(badRequestResp.status, badRequestResp.description),
@@ -180,6 +181,7 @@ __decorate([
180
181
  ], TaskController.prototype, "getTasks", null);
181
182
  __decorate([
182
183
  Example(task),
184
+ Extension('x-mcp-exposure', 'allow'),
183
185
  Get('{id}'),
184
186
  Middlewares(acl({
185
187
  resource: 'task',
@@ -194,11 +196,13 @@ __decorate([
194
196
  __param(2, Query())
195
197
  ], TaskController.prototype, "getTask", null);
196
198
  __decorate([
199
+ Extension('x-mcp-exposure', 'confirm'),
197
200
  Delete(''),
198
201
  Security('*', ['acl']),
199
202
  SuccessResponse(noContentResp.status, noContentResp.description)
200
203
  ], TaskController.prototype, "deleteTasks", null);
201
204
  __decorate([
205
+ Extension('x-mcp-exposure', 'confirm'),
202
206
  Delete('{id}'),
203
207
  Middlewares(acl({
204
208
  resource: 'task',
@@ -213,6 +217,7 @@ __decorate([
213
217
  ], TaskController.prototype, "deleteTask", null);
214
218
  __decorate([
215
219
  Example(taskLocation),
220
+ Extension('x-mcp-exposure', 'confirm'),
216
221
  Post('{id}/actions/abort'),
217
222
  Middlewares(acl({
218
223
  resource: 'task',
@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Body, Delete, Deprecated, Example, Get, Middlewares, Patch, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
10
+ import { Body, Delete, Deprecated, Example, Extension, Get, Middlewares, Patch, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
11
11
  import { createLogger } from '@xen-orchestra/log';
12
12
  import { forbiddenOperation } from 'xo-common/api-errors.js';
13
13
  import { inject } from 'inversify';
@@ -217,6 +217,7 @@ let UserController = class UserController extends XoController {
217
217
  __decorate([
218
218
  Example(userIds),
219
219
  Example(partialUsers),
220
+ Extension('x-mcp-exposure', 'allow'),
220
221
  Get(''),
221
222
  Security('*', ['acl']),
222
223
  __param(0, Request()),
@@ -228,6 +229,7 @@ __decorate([
228
229
  ], UserController.prototype, "getUsers", null);
229
230
  __decorate([
230
231
  Example(user),
232
+ Extension('x-mcp-exposure', 'allow'),
231
233
  Get('{id}'),
232
234
  Middlewares(acl({
233
235
  resource: 'user',
@@ -240,6 +242,7 @@ __decorate([
240
242
  __param(0, Path())
241
243
  ], UserController.prototype, "getUser", null);
242
244
  __decorate([
245
+ Extension('x-mcp-exposure', 'confirm'),
243
246
  Patch('{id}'),
244
247
  Middlewares([
245
248
  json(),
@@ -259,6 +262,7 @@ __decorate([
259
262
  ], UserController.prototype, "updateUser", null);
260
263
  __decorate([
261
264
  Example(userId),
265
+ Extension('x-mcp-exposure', 'confirm'),
262
266
  Post(''),
263
267
  Middlewares([json(), acl({ resource: 'user', action: 'create', object: ({ req }) => req.body })]),
264
268
  SuccessResponse(createdResp.status, createdResp.description),
@@ -268,6 +272,7 @@ __decorate([
268
272
  __param(0, Body())
269
273
  ], UserController.prototype, "createUser", null);
270
274
  __decorate([
275
+ Extension('x-mcp-exposure', 'confirm'),
271
276
  Delete('{id}'),
272
277
  Middlewares(acl({
273
278
  resource: 'user',
@@ -283,6 +288,7 @@ __decorate([
283
288
  __decorate([
284
289
  Example(groupIds),
285
290
  Example(partialGroups),
291
+ Extension('x-mcp-exposure', 'allow'),
286
292
  Get('{id}/groups'),
287
293
  Security('*', ['acl']),
288
294
  Tags('groups'),
@@ -297,6 +303,7 @@ __decorate([
297
303
  ], UserController.prototype, "getUserGroups", null);
298
304
  __decorate([
299
305
  Example(authenticationTokens),
306
+ Extension('x-mcp-exposure', 'allow'),
300
307
  Get('{id}/authentication_tokens'),
301
308
  Security('*', ['acl']),
302
309
  Response(notFoundResp.status, notFoundResp.description),
@@ -309,6 +316,7 @@ __decorate([
309
316
  __decorate([
310
317
  Example(taskIds),
311
318
  Example(partialTasks),
319
+ Extension('x-mcp-exposure', 'allow'),
312
320
  Get('{id}/tasks'),
313
321
  Security('*', ['acl']),
314
322
  Tags('tasks'),
@@ -324,6 +332,7 @@ __decorate([
324
332
  __decorate([
325
333
  Example(authenticationToken),
326
334
  Deprecated(),
335
+ Extension('x-mcp-exposure', 'confirm'),
327
336
  Post('authentication_tokens'),
328
337
  Middlewares(json()),
329
338
  SuccessResponse(createdResp.status, createdResp.description),
@@ -332,6 +341,7 @@ __decorate([
332
341
  ], UserController.prototype, "postDeprecatedAuthenticationTokens", null);
333
342
  __decorate([
334
343
  Example(authenticationToken),
344
+ Extension('x-mcp-exposure', 'confirm'),
335
345
  Post('{id}/authentication_tokens'),
336
346
  Middlewares(json()),
337
347
  Security('*', ['acl']),
@@ -344,9 +354,10 @@ __decorate([
344
354
  __decorate([
345
355
  Example(aclPrivilegeIds),
346
356
  Example(partialAclPrivileges),
357
+ Extension('x-mcp-exposure', 'allow'),
347
358
  Get('{id}/acl-privileges'),
348
359
  Security('*', ['acl']),
349
- Tags('acls'),
360
+ Tags('rbacs'),
350
361
  Response(notFoundResp.status, notFoundResp.description),
351
362
  __param(0, Request()),
352
363
  __param(1, Path()),
@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Body, Delete, Example, Get, Middlewares, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
10
+ import { Body, Delete, Example, Extension, Get, Middlewares, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
11
11
  import { json } from 'express';
12
12
  import { inject } from 'inversify';
13
13
  import { invalidParameters as invalidParametersError } from 'xo-common/api-errors.js';
@@ -183,6 +183,7 @@ let VbdController = class VbdController extends XapiXoController {
183
183
  __decorate([
184
184
  Example(vbdIds),
185
185
  Example(partialVbds),
186
+ Extension('x-mcp-exposure', 'allow'),
186
187
  Get(''),
187
188
  Security('*', ['acl']),
188
189
  __param(0, Request()),
@@ -194,6 +195,7 @@ __decorate([
194
195
  ], VbdController.prototype, "getVbds", null);
195
196
  __decorate([
196
197
  Example(vbd),
198
+ Extension('x-mcp-exposure', 'allow'),
197
199
  Get('{id}'),
198
200
  Middlewares(acl({ resource: 'vbd', action: 'read', objectId: 'params.id' })),
199
201
  Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
@@ -202,6 +204,7 @@ __decorate([
202
204
  ], VbdController.prototype, "getVbd", null);
203
205
  __decorate([
204
206
  Example(vbdId),
207
+ Extension('x-mcp-exposure', 'confirm'),
205
208
  Post(''),
206
209
  Middlewares(json()),
207
210
  SuccessResponse(createdResp.status, createdResp.description),
@@ -210,6 +213,7 @@ __decorate([
210
213
  __param(0, Body())
211
214
  ], VbdController.prototype, "createVbd", null);
212
215
  __decorate([
216
+ Extension('x-mcp-exposure', 'confirm'),
213
217
  Delete('{id}'),
214
218
  SuccessResponse(noContentResp.status, noContentResp.description),
215
219
  Response(notFoundResp.status, notFoundResp.description),
@@ -217,6 +221,7 @@ __decorate([
217
221
  ], VbdController.prototype, "deleteVbd", null);
218
222
  __decorate([
219
223
  Example(genericAlarmsExample),
224
+ Extension('x-mcp-exposure', 'allow'),
220
225
  Get('{id}/alarms'),
221
226
  Security('*', ['acl']),
222
227
  Tags('alarms'),
@@ -232,6 +237,7 @@ __decorate([
232
237
  __decorate([
233
238
  Example(messageIds),
234
239
  Example(partialMessages),
240
+ Extension('x-mcp-exposure', 'allow'),
235
241
  Get('{id}/messages'),
236
242
  Security('*', ['acl']),
237
243
  Tags('messages'),
@@ -247,6 +253,7 @@ __decorate([
247
253
  __decorate([
248
254
  Example(taskIds),
249
255
  Example(partialTasks),
256
+ Extension('x-mcp-exposure', 'allow'),
250
257
  Get('{id}/tasks'),
251
258
  Security('*', ['acl']),
252
259
  Tags('tasks'),
@@ -261,6 +268,7 @@ __decorate([
261
268
  ], VbdController.prototype, "getVbdTasks", null);
262
269
  __decorate([
263
270
  Example(taskLocation),
271
+ Extension('x-mcp-exposure', 'confirm'),
264
272
  Post('{id}/actions/connect'),
265
273
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
266
274
  Response(noContentResp.status, noContentResp.description),
@@ -271,6 +279,7 @@ __decorate([
271
279
  ], VbdController.prototype, "connectVbd", null);
272
280
  __decorate([
273
281
  Example(taskLocation),
282
+ Extension('x-mcp-exposure', 'confirm'),
274
283
  Post('{id}/actions/disconnect'),
275
284
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
276
285
  Response(noContentResp.status, noContentResp.description),
@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Delete, Example, Get, Path, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags } from 'tsoa';
10
+ import { Delete, Example, Extension, Get, Path, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
11
11
  import { inject } from 'inversify';
12
12
  import { provide } from 'inversify-binding-decorators';
13
13
  import { escapeUnsafeComplexMatcher } from '../helpers/utils.helper.mjs';
@@ -145,6 +145,7 @@ let VdiSnapshotController = class VdiSnapshotController extends XapiXoController
145
145
  __decorate([
146
146
  Example(vdiSnapshotIds),
147
147
  Example(partialVdiSnapshots),
148
+ Extension('x-mcp-exposure', 'allow'),
148
149
  Get(''),
149
150
  Security('*', ['acl']),
150
151
  __param(0, Request()),
@@ -155,6 +156,7 @@ __decorate([
155
156
  __param(5, Query())
156
157
  ], VdiSnapshotController.prototype, "getVdiSnapshots", null);
157
158
  __decorate([
159
+ Extension('x-mcp-exposure', 'deny'),
158
160
  Get('{id}.{format}'),
159
161
  SuccessResponse(200, 'Download started', 'application/octet-stream'),
160
162
  Response(notFoundResp.status, notFoundResp.description),
@@ -165,12 +167,14 @@ __decorate([
165
167
  ], VdiSnapshotController.prototype, "exportVdiSnapshotContent", null);
166
168
  __decorate([
167
169
  Example(vdiSnapshot),
170
+ Extension('x-mcp-exposure', 'allow'),
168
171
  Get('{id}'),
169
172
  Response(notFoundResp.status, notFoundResp.description),
170
173
  __param(0, Path())
171
174
  ], VdiSnapshotController.prototype, "getVdiSnapshot", null);
172
175
  __decorate([
173
176
  Example(genericAlarmsExample),
177
+ Extension('x-mcp-exposure', 'allow'),
174
178
  Get('{id}/alarms'),
175
179
  Security('*', ['acl']),
176
180
  Tags('alarms'),
@@ -184,6 +188,7 @@ __decorate([
184
188
  __param(6, Query())
185
189
  ], VdiSnapshotController.prototype, "getVdiSnapshotAlarms", null);
186
190
  __decorate([
191
+ Extension('x-mcp-exposure', 'confirm'),
187
192
  Delete('{id}'),
188
193
  SuccessResponse(noContentResp.status, noContentResp.description),
189
194
  Response(notFoundResp.status, notFoundResp.description),
@@ -192,6 +197,7 @@ __decorate([
192
197
  __decorate([
193
198
  Example(messageIds),
194
199
  Example(partialMessages),
200
+ Extension('x-mcp-exposure', 'allow'),
195
201
  Get('{id}/messages'),
196
202
  Security('*', ['acl']),
197
203
  Tags('messages'),
@@ -207,6 +213,7 @@ __decorate([
207
213
  __decorate([
208
214
  Example(taskIds),
209
215
  Example(partialTasks),
216
+ Extension('x-mcp-exposure', 'allow'),
210
217
  Get('{id}/tasks'),
211
218
  Security('*', ['acl']),
212
219
  Tags('tasks'),
@@ -220,6 +227,7 @@ __decorate([
220
227
  __param(6, Query())
221
228
  ], VdiSnapshotController.prototype, "getVdiSnapshotTasks", null);
222
229
  __decorate([
230
+ Extension('x-mcp-exposure', 'confirm'),
223
231
  Put('{id}/tags/{tag}'),
224
232
  SuccessResponse(noContentResp.status, noContentResp.description),
225
233
  Response(notFoundResp.status, notFoundResp.description),
@@ -227,6 +235,7 @@ __decorate([
227
235
  __param(1, Path())
228
236
  ], VdiSnapshotController.prototype, "putVdiSnapshotTag", null);
229
237
  __decorate([
238
+ Extension('x-mcp-exposure', 'confirm'),
230
239
  Delete('{id}/tags/{tag}'),
231
240
  SuccessResponse(noContentResp.status, noContentResp.description),
232
241
  Response(notFoundResp.status, notFoundResp.description),
@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Body, Delete, Example, Get, Middlewares, Path, Post, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
10
+ import { Body, Delete, Example, Extension, Get, Middlewares, Path, Post, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
11
11
  import { inject } from 'inversify';
12
12
  import { provide } from 'inversify-binding-decorators';
13
13
  import { json } from 'express';
@@ -217,6 +217,7 @@ let VdiController = class VdiController extends XapiXoController {
217
217
  __decorate([
218
218
  Example(vdiIds),
219
219
  Example(partialVdis),
220
+ Extension('x-mcp-exposure', 'allow'),
220
221
  Get(''),
221
222
  Security('*', ['acl']),
222
223
  __param(0, Request()),
@@ -227,6 +228,7 @@ __decorate([
227
228
  __param(5, Query())
228
229
  ], VdiController.prototype, "getVdis", null);
229
230
  __decorate([
231
+ Extension('x-mcp-exposure', 'deny'),
230
232
  Get('{id}.{format}'),
231
233
  Middlewares(acl({ resource: 'vdi', action: 'export-content', objectId: 'params.id' })),
232
234
  SuccessResponse(200, 'Download started', 'application/octet-stream'),
@@ -238,6 +240,7 @@ __decorate([
238
240
  __param(2, Path())
239
241
  ], VdiController.prototype, "exportVdiContent", null);
240
242
  __decorate([
243
+ Extension('x-mcp-exposure', 'deny'),
241
244
  Put('{id}.{format}'),
242
245
  Middlewares(acl({ resource: 'vdi', action: 'import-content', objectId: 'params.id' })),
243
246
  SuccessResponse(noContentResp.status, noContentResp.description),
@@ -251,6 +254,7 @@ __decorate([
251
254
  ], VdiController.prototype, "importVdiContent", null);
252
255
  __decorate([
253
256
  Example(vdi),
257
+ Extension('x-mcp-exposure', 'allow'),
254
258
  Get('{id}'),
255
259
  Middlewares(acl({ resource: 'vdi', action: 'read', objectId: 'params.id' })),
256
260
  Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
@@ -259,6 +263,7 @@ __decorate([
259
263
  ], VdiController.prototype, "getVdi", null);
260
264
  __decorate([
261
265
  Example(genericAlarmsExample),
266
+ Extension('x-mcp-exposure', 'allow'),
262
267
  Get('{id}/alarms'),
263
268
  Security('*', ['acl']),
264
269
  Tags('alarms'),
@@ -273,6 +278,7 @@ __decorate([
273
278
  ], VdiController.prototype, "getVdiAlarms", null);
274
279
  __decorate([
275
280
  Example(vdiId),
281
+ Extension('x-mcp-exposure', 'confirm'),
276
282
  Post(''),
277
283
  Middlewares(json()),
278
284
  SuccessResponse(createdResp.status, createdResp.description),
@@ -281,6 +287,7 @@ __decorate([
281
287
  __param(0, Body())
282
288
  ], VdiController.prototype, "createVdi", null);
283
289
  __decorate([
290
+ Extension('x-mcp-exposure', 'confirm'),
284
291
  Delete('{id}'),
285
292
  Middlewares(acl({ resource: 'vdi', action: 'delete', objectId: 'params.id' })),
286
293
  SuccessResponse(noContentResp.status, noContentResp.description),
@@ -291,6 +298,7 @@ __decorate([
291
298
  __decorate([
292
299
  Example(messageIds),
293
300
  Example(partialMessages),
301
+ Extension('x-mcp-exposure', 'allow'),
294
302
  Get('{id}/messages'),
295
303
  Security('*', ['acl']),
296
304
  Tags('messages'),
@@ -306,6 +314,7 @@ __decorate([
306
314
  __decorate([
307
315
  Example(taskIds),
308
316
  Example(partialTasks),
317
+ Extension('x-mcp-exposure', 'allow'),
309
318
  Get('{id}/tasks'),
310
319
  Security('*', ['acl']),
311
320
  Tags('tasks'),
@@ -321,6 +330,7 @@ __decorate([
321
330
  __decorate([
322
331
  Example(taskLocation),
323
332
  Example(vdiId),
333
+ Extension('x-mcp-exposure', 'confirm'),
324
334
  Post('{id}/actions/migrate'),
325
335
  Middlewares(json()),
326
336
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
@@ -332,6 +342,7 @@ __decorate([
332
342
  __param(2, Query())
333
343
  ], VdiController.prototype, "migrateVdi", null);
334
344
  __decorate([
345
+ Extension('x-mcp-exposure', 'confirm'),
335
346
  Put('{id}/tags/{tag}'),
336
347
  Middlewares(acl({ resource: 'vdi', action: 'update:tags', objectId: 'params.id' })),
337
348
  SuccessResponse(noContentResp.status, noContentResp.description),
@@ -341,6 +352,7 @@ __decorate([
341
352
  __param(1, Path())
342
353
  ], VdiController.prototype, "putVdiTag", null);
343
354
  __decorate([
355
+ Extension('x-mcp-exposure', 'confirm'),
344
356
  Delete('{id}/tags/{tag}'),
345
357
  Middlewares(acl({ resource: 'vdi', action: 'update:tags', objectId: 'params.id' })),
346
358
  SuccessResponse(noContentResp.status, noContentResp.description),
@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Body, Delete, Example, Get, Middlewares, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
10
+ import { Body, Delete, Example, Extension, Get, Middlewares, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
11
11
  import { inject } from 'inversify';
12
12
  import { json } from 'express';
13
13
  import { acl } from '../middlewares/acl.middleware.mjs';
@@ -189,6 +189,7 @@ let VifController = class VifController extends XapiXoController {
189
189
  __decorate([
190
190
  Example(vifIds),
191
191
  Example(partialVifs),
192
+ Extension('x-mcp-exposure', 'allow'),
192
193
  Get(''),
193
194
  Security('*', ['acl']),
194
195
  __param(0, Request()),
@@ -200,6 +201,7 @@ __decorate([
200
201
  ], VifController.prototype, "getVifs", null);
201
202
  __decorate([
202
203
  Example(vif),
204
+ Extension('x-mcp-exposure', 'allow'),
203
205
  Get('{id}'),
204
206
  Middlewares(acl({ resource: 'vif', action: 'read', objectId: 'params.id' })),
205
207
  Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
@@ -208,6 +210,7 @@ __decorate([
208
210
  ], VifController.prototype, "getVif", null);
209
211
  __decorate([
210
212
  Example(genericAlarmsExample),
213
+ Extension('x-mcp-exposure', 'allow'),
211
214
  Get('{id}/alarms'),
212
215
  Security('*', ['acl']),
213
216
  Tags('alarms'),
@@ -223,6 +226,7 @@ __decorate([
223
226
  __decorate([
224
227
  Example(messageIds),
225
228
  Example(partialMessages),
229
+ Extension('x-mcp-exposure', 'allow'),
226
230
  Get('{id}/messages'),
227
231
  Security('*', ['acl']),
228
232
  Tags('messages'),
@@ -238,6 +242,7 @@ __decorate([
238
242
  __decorate([
239
243
  Example(taskIds),
240
244
  Example(partialTasks),
245
+ Extension('x-mcp-exposure', 'allow'),
241
246
  Get('{id}/tasks'),
242
247
  Security('*', ['acl']),
243
248
  Tags('tasks'),
@@ -252,6 +257,7 @@ __decorate([
252
257
  ], VifController.prototype, "getVifTasks", null);
253
258
  __decorate([
254
259
  Example(vifId),
260
+ Extension('x-mcp-exposure', 'confirm'),
255
261
  Post(''),
256
262
  Middlewares(json()),
257
263
  SuccessResponse(createdResp.status, createdResp.description),
@@ -261,6 +267,7 @@ __decorate([
261
267
  __param(0, Body())
262
268
  ], VifController.prototype, "createVif", null);
263
269
  __decorate([
270
+ Extension('x-mcp-exposure', 'confirm'),
264
271
  Delete('{id}'),
265
272
  SuccessResponse(noContentResp.status, noContentResp.description),
266
273
  Response(notFoundResp.status, notFoundResp.description),
@@ -269,6 +276,7 @@ __decorate([
269
276
  ], VifController.prototype, "destroyVif", null);
270
277
  __decorate([
271
278
  Example(taskLocation),
279
+ Extension('x-mcp-exposure', 'confirm'),
272
280
  Post('{id}/actions/connect'),
273
281
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
274
282
  Response(noContentResp.status, noContentResp.description),
@@ -279,6 +287,7 @@ __decorate([
279
287
  ], VifController.prototype, "connectVif", null);
280
288
  __decorate([
281
289
  Example(taskLocation),
290
+ Extension('x-mcp-exposure', 'confirm'),
282
291
  Post('{id}/actions/disconnect'),
283
292
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
284
293
  Response(noContentResp.status, noContentResp.description),
@@ -10,7 +10,7 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
10
10
  import { inject } from 'inversify';
11
11
  import { XapiXoController } from '../abstract-classes/xapi-xo-controller.mjs';
12
12
  import { RestApi } from '../rest-api/rest-api.mjs';
13
- import { Delete, Example, Get, Path, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, Middlewares } from 'tsoa';
13
+ import { Delete, Example, Extension, Get, Middlewares, Path, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
14
14
  import { AlarmService } from '../alarms/alarm.service.mjs';
15
15
  import { escapeUnsafeComplexMatcher, limitAndFilterArray } from '../helpers/utils.helper.mjs';
16
16
  import { acl } from '../middlewares/acl.middleware.mjs';
@@ -149,6 +149,7 @@ let VmControllerController = class VmControllerController extends XapiXoControll
149
149
  __decorate([
150
150
  Example(vmControllerIds),
151
151
  Example(partialVmControllers),
152
+ Extension('x-mcp-exposure', 'allow'),
152
153
  Get(''),
153
154
  Security('*', ['acl']),
154
155
  __param(0, Request()),
@@ -160,6 +161,7 @@ __decorate([
160
161
  ], VmControllerController.prototype, "getVmControllers", null);
161
162
  __decorate([
162
163
  Example(vmController),
164
+ Extension('x-mcp-exposure', 'allow'),
163
165
  Get('{id}'),
164
166
  Middlewares(acl({ resource: 'vm-controller', action: 'read', objectId: 'params.id' })),
165
167
  Response(notFoundResp.status, notFoundResp.description),
@@ -168,6 +170,7 @@ __decorate([
168
170
  ], VmControllerController.prototype, "getVmController", null);
169
171
  __decorate([
170
172
  Example(genericAlarmsExample),
173
+ Extension('x-mcp-exposure', 'allow'),
171
174
  Get('{id}/alarms'),
172
175
  Security('*', ['acl']),
173
176
  Tags('alarms'),
@@ -182,6 +185,7 @@ __decorate([
182
185
  ], VmControllerController.prototype, "getVmControllerAlarms", null);
183
186
  __decorate([
184
187
  Example(vmControllerVdis),
188
+ Extension('x-mcp-exposure', 'allow'),
185
189
  Get('{id}/vdis'),
186
190
  Security('*', ['acl']),
187
191
  Tags('vdis'),
@@ -197,6 +201,7 @@ __decorate([
197
201
  __decorate([
198
202
  Example(messageIds),
199
203
  Example(partialMessages),
204
+ Extension('x-mcp-exposure', 'allow'),
200
205
  Get('{id}/messages'),
201
206
  Security('*', ['acl']),
202
207
  Tags('messages'),
@@ -212,6 +217,7 @@ __decorate([
212
217
  __decorate([
213
218
  Example(taskIds),
214
219
  Example(partialTasks),
220
+ Extension('x-mcp-exposure', 'allow'),
215
221
  Get('{id}/tasks'),
216
222
  Security('*', ['acl']),
217
223
  Tags('tasks'),
@@ -225,6 +231,7 @@ __decorate([
225
231
  __param(6, Query())
226
232
  ], VmControllerController.prototype, "getVmControllerTasks", null);
227
233
  __decorate([
234
+ Extension('x-mcp-exposure', 'confirm'),
228
235
  Put('{id}/tags/{tag}'),
229
236
  Middlewares(acl({ resource: 'vm-controller', action: 'update:tags', objectId: 'params.id' })),
230
237
  SuccessResponse(noContentResp.status, noContentResp.description),
@@ -234,6 +241,7 @@ __decorate([
234
241
  __param(1, Path())
235
242
  ], VmControllerController.prototype, "putVmControllerTag", null);
236
243
  __decorate([
244
+ Extension('x-mcp-exposure', 'confirm'),
237
245
  Delete('{id}/tags/{tag}'),
238
246
  Middlewares(acl({ resource: 'vm-controller', action: 'update:tags', objectId: 'params.id' })),
239
247
  SuccessResponse(noContentResp.status, noContentResp.description),