funifier-mcp 0.3.17 → 0.3.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.cursor/rules/funifier.mdc +3 -1
- package/.github/copilot-instructions.md +3 -1
- package/AGENTS.md +3 -1
- package/CHANGELOG.md +59 -0
- package/README.md +1 -1
- package/datasource-funifier-docs/.coverage.json +15 -5
- package/datasource-funifier-docs/.validation.json +77 -36
- package/datasource-funifier-docs/knowledge/guides/aggregates.md +13 -6
- package/datasource-funifier-docs/knowledge/guides/permission-audit.md +229 -0
- package/datasource-funifier-docs/knowledge/index.md +3 -2
- package/dist/cli/init.d.ts.map +1 -1
- package/dist/cli/init.js +3 -1
- package/dist/cli/init.js.map +1 -1
- package/dist/core/api-client.d.ts +2 -0
- package/dist/core/api-client.d.ts.map +1 -1
- package/dist/core/api-client.js +98 -47
- package/dist/core/api-client.js.map +1 -1
- package/dist/core/api-client.test.js +27 -0
- package/dist/core/api-client.test.js.map +1 -1
- package/dist/core/constants.d.ts +4 -0
- package/dist/core/constants.d.ts.map +1 -1
- package/dist/core/constants.js +8 -0
- package/dist/core/constants.js.map +1 -1
- package/dist/core/logger.d.ts +9 -0
- package/dist/core/logger.d.ts.map +1 -0
- package/dist/core/logger.js +50 -0
- package/dist/core/logger.js.map +1 -0
- package/dist/mcp/api-holder.test.d.ts +2 -0
- package/dist/mcp/api-holder.test.d.ts.map +1 -0
- package/dist/mcp/api-holder.test.js +45 -0
- package/dist/mcp/api-holder.test.js.map +1 -0
- package/dist/mcp/bundle.js +108 -105
- package/dist/mcp/check-update.d.ts +9 -0
- package/dist/mcp/check-update.d.ts.map +1 -1
- package/dist/mcp/check-update.js +35 -9
- package/dist/mcp/check-update.js.map +1 -1
- package/dist/mcp/check-update.test.js +36 -6
- package/dist/mcp/check-update.test.js.map +1 -1
- package/dist/mcp/doc-path.d.ts +11 -0
- package/dist/mcp/doc-path.d.ts.map +1 -0
- package/dist/mcp/doc-path.js +66 -0
- package/dist/mcp/doc-path.js.map +1 -0
- package/dist/mcp/doc-path.test.d.ts +2 -0
- package/dist/mcp/doc-path.test.d.ts.map +1 -0
- package/dist/mcp/doc-path.test.js +77 -0
- package/dist/mcp/doc-path.test.js.map +1 -0
- package/dist/mcp/index.js +19 -0
- package/dist/mcp/index.js.map +1 -1
- package/dist/mcp/resources/documentation.d.ts.map +1 -1
- package/dist/mcp/resources/documentation.js +7 -3
- package/dist/mcp/resources/documentation.js.map +1 -1
- package/dist/mcp/tools/_audit.d.ts +103 -0
- package/dist/mcp/tools/_audit.d.ts.map +1 -0
- package/dist/mcp/tools/_audit.js +241 -0
- package/dist/mcp/tools/_audit.js.map +1 -0
- package/dist/mcp/tools/_audit.test.d.ts +2 -0
- package/dist/mcp/tools/_audit.test.d.ts.map +1 -0
- package/dist/mcp/tools/_audit.test.js +412 -0
- package/dist/mcp/tools/_audit.test.js.map +1 -0
- package/dist/mcp/tools/_backup.d.ts +37 -3
- package/dist/mcp/tools/_backup.d.ts.map +1 -1
- package/dist/mcp/tools/_backup.js +142 -11
- package/dist/mcp/tools/_backup.js.map +1 -1
- package/dist/mcp/tools/_backup.test.js +195 -0
- package/dist/mcp/tools/_backup.test.js.map +1 -1
- package/dist/mcp/tools/_char-guard.d.ts +2 -1
- package/dist/mcp/tools/_char-guard.d.ts.map +1 -1
- package/dist/mcp/tools/_char-guard.js +10 -3
- package/dist/mcp/tools/_char-guard.js.map +1 -1
- package/dist/mcp/tools/_fetch-current.d.ts +2 -1
- package/dist/mcp/tools/_fetch-current.d.ts.map +1 -1
- package/dist/mcp/tools/_fetch-current.js +2 -74
- package/dist/mcp/tools/_fetch-current.js.map +1 -1
- package/dist/mcp/tools/_registry.d.ts +183 -0
- package/dist/mcp/tools/_registry.d.ts.map +1 -0
- package/dist/mcp/tools/_registry.js +88 -0
- package/dist/mcp/tools/_registry.js.map +1 -0
- package/dist/mcp/tools/_registry.test.d.ts +2 -0
- package/dist/mcp/tools/_registry.test.d.ts.map +1 -0
- package/dist/mcp/tools/_registry.test.js +103 -0
- package/dist/mcp/tools/_registry.test.js.map +1 -0
- package/dist/mcp/tools/_scope-engine.d.ts +40 -0
- package/dist/mcp/tools/_scope-engine.d.ts.map +1 -0
- package/dist/mcp/tools/_scope-engine.js +197 -0
- package/dist/mcp/tools/_scope-engine.js.map +1 -0
- package/dist/mcp/tools/_scope-engine.test.d.ts +2 -0
- package/dist/mcp/tools/_scope-engine.test.d.ts.map +1 -0
- package/dist/mcp/tools/_scope-engine.test.js +241 -0
- package/dist/mcp/tools/_scope-engine.test.js.map +1 -0
- package/dist/mcp/tools/database.d.ts +4 -0
- package/dist/mcp/tools/database.d.ts.map +1 -1
- package/dist/mcp/tools/database.js +23 -4
- package/dist/mcp/tools/database.js.map +1 -1
- package/dist/mcp/tools/database.test.js +19 -0
- package/dist/mcp/tools/database.test.js.map +1 -1
- package/dist/mcp/tools/delete.d.ts.map +1 -1
- package/dist/mcp/tools/delete.js +3 -98
- package/dist/mcp/tools/delete.js.map +1 -1
- package/dist/mcp/tools/execute.d.ts.map +1 -1
- package/dist/mcp/tools/execute.js +36 -4
- package/dist/mcp/tools/execute.js.map +1 -1
- package/dist/mcp/tools/execute.test.d.ts +2 -0
- package/dist/mcp/tools/execute.test.d.ts.map +1 -0
- package/dist/mcp/tools/execute.test.js +87 -0
- package/dist/mcp/tools/execute.test.js.map +1 -0
- package/dist/mcp/tools/get.d.ts.map +1 -1
- package/dist/mcp/tools/get.js +4 -93
- package/dist/mcp/tools/get.js.map +1 -1
- package/dist/mcp/tools/index.d.ts.map +1 -1
- package/dist/mcp/tools/index.js +42 -1
- package/dist/mcp/tools/index.js.map +1 -1
- package/dist/mcp/tools/list.d.ts.map +1 -1
- package/dist/mcp/tools/list.js +3 -91
- package/dist/mcp/tools/list.js.map +1 -1
- package/dist/mcp/tools/logs.d.ts.map +1 -1
- package/dist/mcp/tools/logs.js +5 -3
- package/dist/mcp/tools/logs.js.map +1 -1
- package/dist/mcp/tools/permissions.d.ts.map +1 -1
- package/dist/mcp/tools/permissions.js +68 -11
- package/dist/mcp/tools/permissions.js.map +1 -1
- package/dist/mcp/tools/permissions.test.js +268 -4
- package/dist/mcp/tools/permissions.test.js.map +1 -1
- package/dist/mcp/tools/read-doc.d.ts.map +1 -1
- package/dist/mcp/tools/read-doc.js +10 -28
- package/dist/mcp/tools/read-doc.js.map +1 -1
- package/dist/mcp/tools/save.d.ts.map +1 -1
- package/dist/mcp/tools/save.js +4 -81
- package/dist/mcp/tools/save.js.map +1 -1
- package/package.json +3 -2
- package/skills/funifier/SKILL.md +3 -1
- package/skills/funifier/references/audit-permissions.md +97 -0
- package/skills/funifier/references/configure-security.md +6 -0
- package/skills/funifier/references/create-action.md +7 -0
- package/skills/funifier/references/create-aggregate.md +99 -79
- package/skills/funifier/references/create-audit.md +8 -0
- package/skills/funifier/references/create-challenge.md +7 -0
- package/skills/funifier/references/create-competition.md +7 -0
- package/skills/funifier/references/create-crossword.md +6 -0
- package/skills/funifier/references/create-custom-object.md +6 -0
- package/skills/funifier/references/create-custom-page.md +6 -0
- package/skills/funifier/references/create-folder.md +7 -0
- package/skills/funifier/references/create-lastmile.md +6 -0
- package/skills/funifier/references/create-leaderboard.md +6 -0
- package/skills/funifier/references/create-level.md +7 -0
- package/skills/funifier/references/create-lottery.md +7 -0
- package/skills/funifier/references/create-mystery.md +6 -0
- package/skills/funifier/references/create-notification.md +6 -0
- package/skills/funifier/references/create-point.md +7 -0
- package/skills/funifier/references/create-quiz.md +7 -0
- package/skills/funifier/references/create-scheduler.md +6 -0
- package/skills/funifier/references/create-story.md +6 -0
- package/skills/funifier/references/create-swap.md +6 -0
- package/skills/funifier/references/create-trigger.md +8 -0
- package/skills/funifier/references/create-virtual-good.md +6 -0
- package/skills/funifier/references/create-webhook.md +6 -0
- package/skills/funifier/references/create-websocket.md +6 -0
- package/skills/funifier/references/create-widget.md +6 -0
- package/skills/funifier/references/date-handling.md +6 -0
- package/skills/funifier/references/debug.md +6 -0
- package/skills/funifier/references/help.md +6 -0
- package/skills/funifier/references/implement-frontend.md +7 -0
- package/skills/funifier/references/import-csv.md +6 -0
- package/skills/funifier/references/manage-indexes.md +6 -0
- package/skills/funifier/references/manage-player.md +7 -0
- package/skills/funifier/references/manage-team.md +6 -0
- package/skills/funifier/references/query-aggregate.md +111 -0
- package/skills/funifier/references/upload-file.md +6 -0
- package/datasource-funifier-docs/.search-index.json +0 -58758
- package/datasource-funifier-docs/.skills-map.json +0 -141
|
@@ -0,0 +1,241 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.auditManifestSchema = exports.auditEntrySchema = void 0;
|
|
4
|
+
exports.resolvePrincipal = resolvePrincipal;
|
|
5
|
+
exports.runAudit = runAudit;
|
|
6
|
+
const zod_1 = require("zod");
|
|
7
|
+
const _scope_engine_1 = require("./_scope-engine");
|
|
8
|
+
// ─── Schema (T7) ─────────────────────────────────────────────────────────────
|
|
9
|
+
exports.auditEntrySchema = zod_1.z.object({
|
|
10
|
+
method: zod_1.z.string().transform((m) => m.toUpperCase()),
|
|
11
|
+
path: zod_1.z.string().transform((p) => p.startsWith("/v3") ? p : `/v3${p.startsWith("/") ? p : `/${p}`}`),
|
|
12
|
+
auth: zod_1.z.string().min(1, { message: "auth is required" }),
|
|
13
|
+
evidence: zod_1.z.string().min(1, { message: "evidence is required" }),
|
|
14
|
+
confidence: zod_1.z.enum(["high", "low"]).default("high"),
|
|
15
|
+
});
|
|
16
|
+
exports.auditManifestSchema = zod_1.z.object({
|
|
17
|
+
version: zod_1.z.literal(1),
|
|
18
|
+
entries: zod_1.z.array(exports.auditEntrySchema).max(500, { message: "Manifest must not exceed 500 entries" }),
|
|
19
|
+
});
|
|
20
|
+
function resolvePrincipal(auth, security) {
|
|
21
|
+
const apps = security.apps ?? [];
|
|
22
|
+
const roles = security.roles ?? [];
|
|
23
|
+
// "public" or "role:public" → scope of role named "public"
|
|
24
|
+
if (auth === "public" || auth === "role:public") {
|
|
25
|
+
const role = roles.find((r) => r.name === "public");
|
|
26
|
+
if (!role)
|
|
27
|
+
return { kind: "missing-principal", label: "role:public", scope: "" };
|
|
28
|
+
return { kind: "role", label: "role:public", scope: role.scope };
|
|
29
|
+
}
|
|
30
|
+
// "player" → alias for "role:player" (SecurityFilter.java:153-211: Bearer embeds role scope at login)
|
|
31
|
+
if (auth === "player" || auth === "role:player") {
|
|
32
|
+
const role = roles.find((r) => r.name === "player");
|
|
33
|
+
if (!role)
|
|
34
|
+
return { kind: "missing-principal", label: "role:player", scope: "" };
|
|
35
|
+
return { kind: "role", label: "role:player", scope: role.scope };
|
|
36
|
+
}
|
|
37
|
+
// "role:<name>" → generic named role
|
|
38
|
+
if (auth.startsWith("role:")) {
|
|
39
|
+
const roleName = auth.slice(5);
|
|
40
|
+
const role = roles.find((r) => r.name === roleName);
|
|
41
|
+
if (!role)
|
|
42
|
+
return { kind: "missing-principal", label: auth, scope: "" };
|
|
43
|
+
return { kind: "role", label: auth, scope: role.scope };
|
|
44
|
+
}
|
|
45
|
+
// "app:<name>" → app entry scope (SecurityFilter.java:153-211: Basic API_KEY:APP_SECRET)
|
|
46
|
+
if (auth.startsWith("app:")) {
|
|
47
|
+
const appName = auth.slice(4);
|
|
48
|
+
const app = apps.find((a) => a.name === appName);
|
|
49
|
+
if (!app)
|
|
50
|
+
return { kind: "missing-principal", label: auth, scope: "" };
|
|
51
|
+
return { kind: "app", label: auth, scope: app.scope };
|
|
52
|
+
}
|
|
53
|
+
return { kind: "missing-principal", label: auth, scope: "" };
|
|
54
|
+
}
|
|
55
|
+
// ─── Audit diff (T8) ─────────────────────────────────────────────────────────
|
|
56
|
+
// read_all/write_all/delete_all can be narrowed to exact verb_entity tokens.
|
|
57
|
+
// "database" is a keyword with no narrower alternative — handled separately.
|
|
58
|
+
const NARROWABLE_BROAD_TOKENS = new Set(["read_all", "write_all", "delete_all"]);
|
|
59
|
+
/** Compute the minimal exact token set that would replace `broadToken` for its matched entries. */
|
|
60
|
+
function computeNarrowing(broadToken, scope, entries) {
|
|
61
|
+
const exactTokens = new Set();
|
|
62
|
+
for (const entry of entries) {
|
|
63
|
+
const decision = (0, _scope_engine_1.evaluateScope)(scope, entry.method, entry.path);
|
|
64
|
+
if (decision.allowed && decision.matchedToken === broadToken) {
|
|
65
|
+
exactTokens.add(`${(0, _scope_engine_1.verbFor)(entry.method)}_${(0, _scope_engine_1.entityFull)(entry.path)}`);
|
|
66
|
+
const cleanPath = entry.path.split("?")[0];
|
|
67
|
+
if (cleanPath === "/v3/database" || cleanPath.startsWith("/v3/database/")) {
|
|
68
|
+
exactTokens.add("database");
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
return [...exactTokens].sort();
|
|
73
|
+
}
|
|
74
|
+
/** Per-principal missing/excess/manual-review diff against the principal's scope. */
|
|
75
|
+
function computePrincipalDiff(label, scope, entries) {
|
|
76
|
+
const findings = [];
|
|
77
|
+
const publicEntries = entries.filter((e) => (0, _scope_engine_1.isPublicPath)(e.method, e.path));
|
|
78
|
+
const checkedEntries = entries.filter((e) => !(0, _scope_engine_1.isPublicPath)(e.method, e.path));
|
|
79
|
+
// Informational: public-path entries are excluded from missing/excess math
|
|
80
|
+
for (const entry of publicEntries) {
|
|
81
|
+
findings.push({
|
|
82
|
+
severity: "public-no-scope-needed",
|
|
83
|
+
principal: label,
|
|
84
|
+
rule: "public-path",
|
|
85
|
+
evidence: entry.evidence,
|
|
86
|
+
path: entry.path,
|
|
87
|
+
method: entry.method,
|
|
88
|
+
detail: `${entry.method} ${entry.path} is a public path — no scope required.`,
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
// Missing: entries that would be denied
|
|
92
|
+
for (const entry of checkedEntries) {
|
|
93
|
+
const decision = (0, _scope_engine_1.evaluateScope)(scope, entry.method, entry.path);
|
|
94
|
+
if (!decision.allowed) {
|
|
95
|
+
findings.push({
|
|
96
|
+
severity: "missing",
|
|
97
|
+
principal: label,
|
|
98
|
+
rule: decision.rule,
|
|
99
|
+
evidence: entry.evidence,
|
|
100
|
+
path: entry.path,
|
|
101
|
+
method: entry.method,
|
|
102
|
+
requiredTokens: decision.requiredTokens,
|
|
103
|
+
detail: `${entry.method} ${entry.path} would be denied — missing: [${decision.requiredTokens.join(", ")}].` +
|
|
104
|
+
(entry.confidence === "low" ? " (low-confidence entry)" : ""),
|
|
105
|
+
});
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
// Excess + manual-review: analyse scope tokens against observed usage
|
|
109
|
+
const scopeTokens = scope.replace(/ /g, "").split(",").filter(Boolean);
|
|
110
|
+
const used = (0, _scope_engine_1.usedTokens)(scope, checkedEntries.map((e) => ({ method: e.method, path: e.path })));
|
|
111
|
+
for (const token of scopeTokens) {
|
|
112
|
+
if (_scope_engine_1.MANUAL_REVIEW_TOKENS.has(token)) {
|
|
113
|
+
findings.push({
|
|
114
|
+
severity: "manual-review",
|
|
115
|
+
principal: label,
|
|
116
|
+
rule: "non-path-token",
|
|
117
|
+
detail: `'${token}' cannot be verified from path analysis — manual review required.`,
|
|
118
|
+
});
|
|
119
|
+
continue;
|
|
120
|
+
}
|
|
121
|
+
if (!used.has(token)) {
|
|
122
|
+
findings.push({
|
|
123
|
+
severity: "excess",
|
|
124
|
+
principal: label,
|
|
125
|
+
rule: "unused-token",
|
|
126
|
+
excessTokens: [token],
|
|
127
|
+
detail: `'${token}' is granted but no manifest entry requires it.`,
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
else if (NARROWABLE_BROAD_TOKENS.has(token)) {
|
|
131
|
+
// Broad token is used but could be replaced by exact tokens (PSEC-10)
|
|
132
|
+
const narrowing = computeNarrowing(token, scope, checkedEntries);
|
|
133
|
+
findings.push({
|
|
134
|
+
severity: "excess",
|
|
135
|
+
principal: label,
|
|
136
|
+
rule: "broad-token-narrowable",
|
|
137
|
+
excessTokens: [token],
|
|
138
|
+
narrowingSuggestion: narrowing,
|
|
139
|
+
detail: `'${token}' authorizes your entries but could be narrowed to [${narrowing.join(", ")}]. Broad token grants access beyond observed usage.`,
|
|
140
|
+
});
|
|
141
|
+
}
|
|
142
|
+
// Non-broad token that IS used → not excess, no finding
|
|
143
|
+
}
|
|
144
|
+
return findings;
|
|
145
|
+
}
|
|
146
|
+
// ─── Danger rules (T9) ───────────────────────────────────────────────────────
|
|
147
|
+
/** Static danger findings derived from the live security document alone — manifest-independent. */
|
|
148
|
+
function computeDangerFindings(security) {
|
|
149
|
+
const findings = [];
|
|
150
|
+
const apps = security.apps ?? [];
|
|
151
|
+
const roles = security.roles ?? [];
|
|
152
|
+
const publicRole = roles.find((r) => r.name === "public");
|
|
153
|
+
const playerRole = roles.find((r) => r.name === "player");
|
|
154
|
+
if (publicRole) {
|
|
155
|
+
const tokens = publicRole.scope.replace(/ /g, "").split(",").filter(Boolean);
|
|
156
|
+
for (const t of ["write_all", "delete_all", "database"]) {
|
|
157
|
+
if (tokens.includes(t)) {
|
|
158
|
+
findings.push({
|
|
159
|
+
severity: "danger",
|
|
160
|
+
principal: "role:public",
|
|
161
|
+
rule: "public-role-dangerous-token",
|
|
162
|
+
detail: `Role 'public' has '${t}' — unauthenticated callers can perform privileged operations.`,
|
|
163
|
+
});
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
for (const t of ["read_encrypted_field_values", "read_encrypted_player_password"]) {
|
|
167
|
+
if (tokens.includes(t)) {
|
|
168
|
+
findings.push({
|
|
169
|
+
severity: "danger",
|
|
170
|
+
principal: "role:public",
|
|
171
|
+
rule: "public-role-encrypted-access",
|
|
172
|
+
detail: `Role 'public' has '${t}' — encrypted data accessible to unauthenticated callers.`,
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
if (playerRole) {
|
|
178
|
+
const tokens = playerRole.scope.replace(/ /g, "").split(",").filter(Boolean);
|
|
179
|
+
for (const t of ["read_encrypted_field_values", "read_encrypted_player_password"]) {
|
|
180
|
+
if (tokens.includes(t)) {
|
|
181
|
+
findings.push({
|
|
182
|
+
severity: "danger",
|
|
183
|
+
principal: "role:player",
|
|
184
|
+
rule: "player-role-encrypted-access",
|
|
185
|
+
detail: `Role 'player' has '${t}' — encrypted data accessible to all authenticated players.`,
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
for (const app of apps) {
|
|
191
|
+
if (!app.scope || !app.scope.replace(/ /g, "")) {
|
|
192
|
+
findings.push({
|
|
193
|
+
severity: "danger",
|
|
194
|
+
principal: `app:${app.name}`,
|
|
195
|
+
rule: "empty-scope-app",
|
|
196
|
+
detail: `App '${app.name}' has an empty scope — no API calls will be authorized.`,
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
return findings;
|
|
201
|
+
}
|
|
202
|
+
// ─── Main audit function ──────────────────────────────────────────────────────
|
|
203
|
+
function runAudit(manifest, security) {
|
|
204
|
+
const findings = [];
|
|
205
|
+
const notes = [];
|
|
206
|
+
// Danger findings fire regardless of manifest content (T9)
|
|
207
|
+
findings.push(...computeDangerFindings(security));
|
|
208
|
+
// Per-principal diff (T7, T8)
|
|
209
|
+
const byAuth = new Map();
|
|
210
|
+
for (const entry of manifest.entries) {
|
|
211
|
+
const list = byAuth.get(entry.auth) ?? [];
|
|
212
|
+
list.push(entry);
|
|
213
|
+
byAuth.set(entry.auth, list);
|
|
214
|
+
}
|
|
215
|
+
for (const [auth, entries] of byAuth) {
|
|
216
|
+
const principal = resolvePrincipal(auth, security);
|
|
217
|
+
if (principal.kind === "missing-principal") {
|
|
218
|
+
findings.push({
|
|
219
|
+
severity: "missing-principal",
|
|
220
|
+
principal: principal.label,
|
|
221
|
+
rule: "unknown-principal",
|
|
222
|
+
detail: `Principal '${auth}' not found in the live security document — entries for this auth context cannot be evaluated.`,
|
|
223
|
+
});
|
|
224
|
+
continue;
|
|
225
|
+
}
|
|
226
|
+
findings.push(...computePrincipalDiff(principal.label, principal.scope, entries));
|
|
227
|
+
}
|
|
228
|
+
// Completeness + freshness notes (T9)
|
|
229
|
+
if (manifest.entries.length === 0) {
|
|
230
|
+
notes.push("No manifest entries — danger findings above apply regardless. " +
|
|
231
|
+
"Run a full audit by providing all Funifier API calls your project makes.");
|
|
232
|
+
}
|
|
233
|
+
else {
|
|
234
|
+
notes.push("Excess findings are candidates for removal. They may be required by consumers outside this manifest. Verify before removing.");
|
|
235
|
+
}
|
|
236
|
+
// Bearer freshness: scope is embedded at login, role edits don't retroactively affect live tokens
|
|
237
|
+
notes.push("Bearer freshness: scope is embedded in the token at login time. " +
|
|
238
|
+
"Role scope changes take effect only on the player's next login — live tokens carry the scope at their issuance time.");
|
|
239
|
+
return { manifest_entries: manifest.entries.length, findings, notes };
|
|
240
|
+
}
|
|
241
|
+
//# sourceMappingURL=_audit.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"_audit.js","sourceRoot":"","sources":["../../../src/mcp/tools/_audit.ts"],"names":[],"mappings":";;;AA4EA,4CAmCC;AAyKD,4BAkDC;AA1UD,6BAAwB;AACxB,mDAQyB;AAEzB,gFAAgF;AAEnE,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACpD,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/B,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAClE;IACD,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC;IACxD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAChE,UAAU,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;CACpD,CAAC,CAAC;AAEU,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C,OAAO,EAAE,OAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACrB,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,wBAAgB,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;CACjG,CAAC,CAAC;AAkDH,SAAgB,gBAAgB,CAAC,IAAY,EAAE,QAA+B;IAC5E,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;IAEnC,2DAA2D;IAC3D,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACjF,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;IACnE,CAAC;IAED,sGAAsG;IACtG,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACjF,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;IACnE,CAAC;IAED,qCAAqC;IACrC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACxE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;IAC1D,CAAC;IAED,yFAAyF;IACzF,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,GAAG;YAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACvE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC;IACxD,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;AAC/D,CAAC;AAED,gFAAgF;AAEhF,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;AAEjF,mGAAmG;AACnG,SAAS,gBAAgB,CAAC,UAAkB,EAAE,KAAa,EAAE,OAAqB;IAChF,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAA,6BAAa,EAAC,KAAK,EAAE,KAAK,CAAC,MAAoB,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9E,IAAI,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;YAC7D,WAAW,CAAC,GAAG,CAAC,GAAG,IAAA,uBAAO,EAAC,KAAK,CAAC,MAAoB,CAAC,IAAI,IAAA,0BAAU,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACpF,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,SAAS,KAAK,cAAc,IAAI,SAAS,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC1E,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,qFAAqF;AACrF,SAAS,oBAAoB,CAAC,KAAa,EAAE,KAAa,EAAE,OAAqB;IAC/E,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAY,EAAC,CAAC,CAAC,MAAoB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1F,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,4BAAY,EAAC,CAAC,CAAC,MAAoB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAE5F,2EAA2E;IAC3E,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,wBAAwB;YAClC,SAAS,EAAE,KAAK;YAChB,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,wCAAwC;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAA,6BAAa,EAAC,KAAK,EAAE,KAAK,CAAC,MAAoB,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9E,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,SAAS;gBACnB,SAAS,EAAE,KAAK;gBAChB,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,cAAc,EAAE,QAAQ,CAAC,cAAc;gBACvC,MAAM,EACJ,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,gCAAgC,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBACnG,CAAC,KAAK,CAAC,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,CAAC;aAChE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACvE,MAAM,IAAI,GAAG,IAAA,0BAAU,EAAC,KAAK,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAEhG,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,oCAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACpC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,eAAe;gBACzB,SAAS,EAAE,KAAK;gBAChB,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EAAE,IAAI,KAAK,mEAAmE;aACrF,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACrB,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,QAAQ;gBAClB,SAAS,EAAE,KAAK;gBAChB,IAAI,EAAE,cAAc;gBACpB,YAAY,EAAE,CAAC,KAAK,CAAC;gBACrB,MAAM,EAAE,IAAI,KAAK,iDAAiD;aACnE,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,sEAAsE;YACtE,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;YACjE,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,QAAQ;gBAClB,SAAS,EAAE,KAAK;gBAChB,IAAI,EAAE,wBAAwB;gBAC9B,YAAY,EAAE,CAAC,KAAK,CAAC;gBACrB,mBAAmB,EAAE,SAAS;gBAC9B,MAAM,EAAE,IAAI,KAAK,uDAAuD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,qDAAqD;aAClJ,CAAC,CAAC;QACL,CAAC;QACD,wDAAwD;IAC1D,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gFAAgF;AAEhF,mGAAmG;AACnG,SAAS,qBAAqB,CAAC,QAA+B;IAC5D,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;IAEnC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAE1D,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7E,KAAK,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,EAAE,UAAU,CAAC,EAAE,CAAC;YACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,QAAQ;oBAClB,SAAS,EAAE,aAAa;oBACxB,IAAI,EAAE,6BAA6B;oBACnC,MAAM,EAAE,sBAAsB,CAAC,gEAAgE;iBAChG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,gCAAgC,CAAC,EAAE,CAAC;YAClF,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,QAAQ;oBAClB,SAAS,EAAE,aAAa;oBACxB,IAAI,EAAE,8BAA8B;oBACpC,MAAM,EAAE,sBAAsB,CAAC,2DAA2D;iBAC3F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7E,KAAK,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,gCAAgC,CAAC,EAAE,CAAC;YAClF,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,QAAQ;oBAClB,SAAS,EAAE,aAAa;oBACxB,IAAI,EAAE,8BAA8B;oBACpC,MAAM,EAAE,sBAAsB,CAAC,6DAA6D;iBAC7F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,QAAQ;gBAClB,SAAS,EAAE,OAAO,GAAG,CAAC,IAAI,EAAE;gBAC5B,IAAI,EAAE,iBAAiB;gBACvB,MAAM,EAAE,QAAQ,GAAG,CAAC,IAAI,yDAAyD;aAClF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,iFAAiF;AAEjF,SAAgB,QAAQ,CAAC,QAAuB,EAAE,QAA+B;IAC/E,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,2DAA2D;IAC3D,QAAQ,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAElD,8BAA8B;IAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC/C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEnD,IAAI,SAAS,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,mBAAmB;gBAC7B,SAAS,EAAE,SAAS,CAAC,KAAK;gBAC1B,IAAI,EAAE,mBAAmB;gBACzB,MAAM,EAAE,cAAc,IAAI,gGAAgG;aAC3H,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,sCAAsC;IACtC,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CACR,gEAAgE;YAC9D,0EAA0E,CAC7E,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CACR,8HAA8H,CAC/H,CAAC;IACJ,CAAC;IAED,kGAAkG;IAClG,KAAK,CAAC,IAAI,CACR,kEAAkE;QAChE,sHAAsH,CACzH,CAAC;IAEF,OAAO,EAAE,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AACxE,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"_audit.test.d.ts","sourceRoot":"","sources":["../../../src/mcp/tools/_audit.test.ts"],"names":[],"mappings":""}
|