harper-kb 0.2.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/embeddings.js +2 -2
- package/dist/core/embeddings.js.map +1 -1
- package/dist/hooks.d.ts +33 -11
- package/dist/hooks.d.ts.map +1 -1
- package/dist/hooks.js +6 -6
- package/dist/hooks.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/mcp/server.d.ts.map +1 -1
- package/dist/mcp/server.js +10 -1
- package/dist/mcp/server.js.map +1 -1
- package/dist/resources/HistoryResource.d.ts +1 -1
- package/dist/resources/HistoryResource.d.ts.map +1 -1
- package/dist/resources/HistoryResource.js +13 -1
- package/dist/resources/HistoryResource.js.map +1 -1
- package/dist/resources/KnowledgeBaseResource.d.ts +4 -4
- package/dist/resources/KnowledgeBaseResource.d.ts.map +1 -1
- package/dist/resources/KnowledgeBaseResource.js +75 -21
- package/dist/resources/KnowledgeBaseResource.js.map +1 -1
- package/dist/resources/KnowledgeEntryResource.d.ts.map +1 -1
- package/dist/resources/KnowledgeEntryResource.js +62 -12
- package/dist/resources/KnowledgeEntryResource.js.map +1 -1
- package/dist/resources/QueryLogResource.d.ts +1 -1
- package/dist/resources/QueryLogResource.d.ts.map +1 -1
- package/dist/resources/QueryLogResource.js +22 -7
- package/dist/resources/QueryLogResource.js.map +1 -1
- package/dist/resources/ServiceKeyResource.d.ts +3 -3
- package/dist/resources/ServiceKeyResource.d.ts.map +1 -1
- package/dist/resources/ServiceKeyResource.js +65 -22
- package/dist/resources/ServiceKeyResource.js.map +1 -1
- package/dist/resources/TagResource.d.ts +1 -1
- package/dist/resources/TagResource.d.ts.map +1 -1
- package/dist/resources/TagResource.js +13 -1
- package/dist/resources/TagResource.js.map +1 -1
- package/dist/resources/TriageResource.d.ts +3 -3
- package/dist/resources/TriageResource.d.ts.map +1 -1
- package/dist/resources/TriageResource.js +68 -25
- package/dist/resources/TriageResource.js.map +1 -1
- package/dist/resources/WebhookEndpointResource.d.ts +3 -3
- package/dist/resources/WebhookEndpointResource.d.ts.map +1 -1
- package/dist/resources/WebhookEndpointResource.js +65 -22
- package/dist/resources/WebhookEndpointResource.js.map +1 -1
- package/package.json +2 -2
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
* PUT /Triage/<id> — process a triage item (team role required)
|
|
11
11
|
*/
|
|
12
12
|
import { submitTriage, processTriage, listPending } from "../core/triage.js";
|
|
13
|
+
import { checkAccess } from "../hooks.js";
|
|
13
14
|
function getResourceClass() {
|
|
14
15
|
return globalThis.Resource;
|
|
15
16
|
}
|
|
@@ -20,41 +21,69 @@ export class TriageResource extends getResourceClass() {
|
|
|
20
21
|
static loadAsInstance = false;
|
|
21
22
|
/**
|
|
22
23
|
* GET /Triage/?kbId=.. — list pending triage items.
|
|
23
|
-
*
|
|
24
|
+
* Default: team role required. Hook can override.
|
|
24
25
|
*/
|
|
25
26
|
async get(target) {
|
|
26
27
|
const user = this.getCurrentUser();
|
|
27
|
-
if (!user) {
|
|
28
|
-
return { status: 401, data: { error: 'Authentication required' } };
|
|
29
|
-
}
|
|
30
|
-
if (user.role !== 'team') {
|
|
31
|
-
return { status: 403, data: { error: 'Team role required' } };
|
|
32
|
-
}
|
|
33
28
|
const kbId = extractKbId(target);
|
|
34
29
|
if (!kbId) {
|
|
35
30
|
return { status: 400, data: { error: 'kbId query parameter is required' } };
|
|
36
31
|
}
|
|
32
|
+
const accessResult = await checkAccess({
|
|
33
|
+
user,
|
|
34
|
+
kbId,
|
|
35
|
+
resource: 'Triage',
|
|
36
|
+
operation: 'read',
|
|
37
|
+
channel: 'rest',
|
|
38
|
+
});
|
|
39
|
+
if (accessResult) {
|
|
40
|
+
if (!accessResult.allow) {
|
|
41
|
+
return { status: user ? 403 : 401, data: { error: accessResult.reason || 'Access denied' } };
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
else {
|
|
45
|
+
if (!user) {
|
|
46
|
+
return { status: 401, data: { error: 'Authentication required' } };
|
|
47
|
+
}
|
|
48
|
+
if (user.role !== 'team') {
|
|
49
|
+
return { status: 403, data: { error: 'Team role required' } };
|
|
50
|
+
}
|
|
51
|
+
}
|
|
37
52
|
return listPending(kbId);
|
|
38
53
|
}
|
|
39
54
|
/**
|
|
40
55
|
* POST /Triage/?kbId=.. — submit a new triage item.
|
|
41
|
-
*
|
|
56
|
+
* Default: service_account or ai_agent role. Hook can override.
|
|
42
57
|
*/
|
|
43
58
|
async post(target, data) {
|
|
44
59
|
const user = this.getCurrentUser();
|
|
45
|
-
if (!user) {
|
|
46
|
-
return { status: 401, data: { error: 'Authentication required' } };
|
|
47
|
-
}
|
|
48
|
-
if (user.role !== 'service_account' && user.role !== 'ai_agent') {
|
|
49
|
-
return {
|
|
50
|
-
status: 403,
|
|
51
|
-
data: { error: 'service_account or ai_agent role required' },
|
|
52
|
-
};
|
|
53
|
-
}
|
|
54
60
|
const kbId = extractKbId(target) || data?.kbId;
|
|
55
61
|
if (!kbId) {
|
|
56
62
|
return { status: 400, data: { error: 'kbId is required' } };
|
|
57
63
|
}
|
|
64
|
+
const accessResult = await checkAccess({
|
|
65
|
+
user,
|
|
66
|
+
kbId,
|
|
67
|
+
resource: 'Triage',
|
|
68
|
+
operation: 'write',
|
|
69
|
+
channel: 'rest',
|
|
70
|
+
});
|
|
71
|
+
if (accessResult) {
|
|
72
|
+
if (!accessResult.allow) {
|
|
73
|
+
return { status: user ? 403 : 401, data: { error: accessResult.reason || 'Access denied' } };
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
else {
|
|
77
|
+
if (!user) {
|
|
78
|
+
return { status: 401, data: { error: 'Authentication required' } };
|
|
79
|
+
}
|
|
80
|
+
if (user.role !== 'service_account' && user.role !== 'ai_agent') {
|
|
81
|
+
return {
|
|
82
|
+
status: 403,
|
|
83
|
+
data: { error: 'service_account or ai_agent role required' },
|
|
84
|
+
};
|
|
85
|
+
}
|
|
86
|
+
}
|
|
58
87
|
if (!data?.source || !data?.summary) {
|
|
59
88
|
return {
|
|
60
89
|
status: 400,
|
|
@@ -65,7 +94,7 @@ export class TriageResource extends getResourceClass() {
|
|
|
65
94
|
}
|
|
66
95
|
/**
|
|
67
96
|
* PUT /Triage/<id> — process a triage item.
|
|
68
|
-
*
|
|
97
|
+
* Default: team role required. Hook can override.
|
|
69
98
|
*
|
|
70
99
|
* Body should include:
|
|
71
100
|
* { action: "accepted" | "dismissed" | "linked",
|
|
@@ -75,16 +104,30 @@ export class TriageResource extends getResourceClass() {
|
|
|
75
104
|
*/
|
|
76
105
|
async put(_target, data) {
|
|
77
106
|
const user = this.getCurrentUser();
|
|
78
|
-
if (!user) {
|
|
79
|
-
return { status: 401, data: { error: 'Authentication required' } };
|
|
80
|
-
}
|
|
81
|
-
if (user.role !== 'team') {
|
|
82
|
-
return { status: 403, data: { error: 'Team role required' } };
|
|
83
|
-
}
|
|
84
107
|
const id = this.getId();
|
|
85
108
|
if (!id) {
|
|
86
109
|
return { status: 400, data: { error: 'Triage item ID required' } };
|
|
87
110
|
}
|
|
111
|
+
const accessResult = await checkAccess({
|
|
112
|
+
user,
|
|
113
|
+
kbId: null,
|
|
114
|
+
resource: 'Triage',
|
|
115
|
+
operation: 'write',
|
|
116
|
+
channel: 'rest',
|
|
117
|
+
});
|
|
118
|
+
if (accessResult) {
|
|
119
|
+
if (!accessResult.allow) {
|
|
120
|
+
return { status: user ? 403 : 401, data: { error: accessResult.reason || 'Access denied' } };
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
else {
|
|
124
|
+
if (!user) {
|
|
125
|
+
return { status: 401, data: { error: 'Authentication required' } };
|
|
126
|
+
}
|
|
127
|
+
if (user.role !== 'team') {
|
|
128
|
+
return { status: 403, data: { error: 'Team role required' } };
|
|
129
|
+
}
|
|
130
|
+
}
|
|
88
131
|
if (!data?.action) {
|
|
89
132
|
return {
|
|
90
133
|
status: 400,
|
|
@@ -98,7 +141,7 @@ export class TriageResource extends getResourceClass() {
|
|
|
98
141
|
};
|
|
99
142
|
}
|
|
100
143
|
const action = data.action;
|
|
101
|
-
const processedBy = data.processedBy || user
|
|
144
|
+
const processedBy = data.processedBy || user?.username || user?.id || 'unknown';
|
|
102
145
|
const options = {};
|
|
103
146
|
if (data.entryData) {
|
|
104
147
|
options.entryData = data.entryData;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TriageResource.js","sourceRoot":"","sources":["../../src/resources/TriageResource.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"TriageResource.js","sourceRoot":"","sources":["../../src/resources/TriageResource.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG1C,SAAS,gBAAgB;IACxB,OAAQ,UAAkB,CAAC,QAAQ,CAAC;AACrC,CAAC;AAED,SAAS,WAAW,CAAC,MAAY;IAChC,OAAO,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,MAAM,EAAE,IAAI,IAAI,IAAI,CAAC;AACtD,CAAC;AAED,MAAM,OAAO,cAAe,SAAQ,gBAAgB,EAAE;IACrD,MAAM,CAAC,cAAc,GAAG,KAAK,CAAC;IAE9B;;;OAGG;IACH,KAAK,CAAC,GAAG,CAAC,MAAY;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,kCAAkC,EAAE,EAAE,CAAC;QAC7E,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC;YACtC,IAAI;YACJ,IAAI;YACJ,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,MAAM;SACf,CAAC,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBACzB,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,IAAI,eAAe,EAAE,EAAE,CAAC;YAC9F,CAAC;QACF,CAAC;aAAM,CAAC;YACP,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,CAAC;YACpE,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC1B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC;YAC/D,CAAC;QACF,CAAC;QAED,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,MAAW,EAAE,IAAS;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,IAAI,CAAC;QAC/C,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,CAAC;QAC7D,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC;YACtC,IAAI;YACJ,IAAI;YACJ,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,OAAO;YAClB,OAAO,EAAE,MAAM;SACf,CAAC,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBACzB,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,IAAI,eAAe,EAAE,EAAE,CAAC;YAC9F,CAAC;QACF,CAAC;aAAM,CAAC;YACP,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,CAAC;YACpE,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACjE,OAAO;oBACN,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,EAAE,KAAK,EAAE,2CAA2C,EAAE;iBAC5D,CAAC;YACH,CAAC;QACF,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YACrC,OAAO;gBACN,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,iCAAiC,EAAE;aAClD,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACvE,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,GAAG,CAAC,OAAY,EAAE,IAAS;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,EAAE,EAAE,CAAC;YACT,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,CAAC;QACpE,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC;YACtC,IAAI;YACJ,IAAI,EAAE,IAAI;YACV,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,OAAO;YAClB,OAAO,EAAE,MAAM;SACf,CAAC,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBACzB,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,IAAI,eAAe,EAAE,EAAE,CAAC;YAC9F,CAAC;QACF,CAAC;aAAM,CAAC;YACP,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,CAAC;YACpE,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC1B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC;YAC/D,CAAC;QACF,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;YACnB,OAAO;gBACN,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,qDAAqD,EAAE;aACtE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAChE,OAAO;gBACN,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,+CAA+C,EAAE;aAChE,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAsB,CAAC;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,EAAE,QAAQ,IAAI,IAAI,EAAE,EAAE,IAAI,SAAS,CAAC;QAChF,MAAM,OAAO,GAAyB,EAAE,CAAC;QAEzC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QACpC,CAAC;QACD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;QAC5C,CAAC;QAED,IAAI,CAAC;YACJ,OAAO,MAAM,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAK,KAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACpD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,EAAE,CAAC;YACnE,CAAC;YACD,MAAM,KAAK,CAAC;QACb,CAAC;IACF,CAAC"}
|
|
@@ -14,7 +14,7 @@ export declare class WebhookEndpointResource extends WebhookEndpointResource_bas
|
|
|
14
14
|
static loadAsInstance: boolean;
|
|
15
15
|
/**
|
|
16
16
|
* GET /WebhookEndpoint/?kbId=.. — list all webhook endpoints for a KB.
|
|
17
|
-
*
|
|
17
|
+
* Default: team role required. Hook can override.
|
|
18
18
|
*/
|
|
19
19
|
get(target?: any): Promise<import("../types.ts").WebhookEndpoint[] | {
|
|
20
20
|
status: number;
|
|
@@ -24,7 +24,7 @@ export declare class WebhookEndpointResource extends WebhookEndpointResource_bas
|
|
|
24
24
|
}>;
|
|
25
25
|
/**
|
|
26
26
|
* POST /WebhookEndpoint/?kbId=.. — create a new webhook endpoint.
|
|
27
|
-
*
|
|
27
|
+
* Default: team role required. Hook can override.
|
|
28
28
|
*
|
|
29
29
|
* Body: { provider: "github", label?: "owner/repo" }
|
|
30
30
|
*
|
|
@@ -50,7 +50,7 @@ export declare class WebhookEndpointResource extends WebhookEndpointResource_bas
|
|
|
50
50
|
}>;
|
|
51
51
|
/**
|
|
52
52
|
* DELETE /WebhookEndpoint/<id>?kbId=.. — delete a webhook endpoint.
|
|
53
|
-
*
|
|
53
|
+
* Default: team role required. Hook can override.
|
|
54
54
|
*/
|
|
55
55
|
delete(target?: any): Promise<true | {
|
|
56
56
|
status: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WebhookEndpointResource.d.ts","sourceRoot":"","sources":["../../src/resources/WebhookEndpointResource.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;;
|
|
1
|
+
{"version":3,"file":"WebhookEndpointResource.d.ts","sourceRoot":"","sources":["../../src/resources/WebhookEndpointResource.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;;AAaH,qBAAa,uBAAwB,SAAQ,4BAAkB;IAC9D,MAAM,CAAC,cAAc,UAAS;IAE9B;;;OAGG;IACG,GAAG,CAAC,MAAM,CAAC,EAAE,GAAG;;;;;;IA8BtB;;;;;;;;OAQG;IACG,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;;;;;;;;;;;;;;;;;IA6DjC;;;OAGG;IACG,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG;;;;;;CAuCzB"}
|
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
* DELETE /WebhookEndpoint/<id>?kbId=.. — delete an endpoint (team role)
|
|
11
11
|
*/
|
|
12
12
|
import { createWebhookEndpoint, listWebhookEndpoints, deleteWebhookEndpoint } from "../core/webhook-endpoints.js";
|
|
13
|
+
import { checkAccess } from "../hooks.js";
|
|
13
14
|
function getResourceClass() {
|
|
14
15
|
return globalThis.Resource;
|
|
15
16
|
}
|
|
@@ -20,25 +21,39 @@ export class WebhookEndpointResource extends getResourceClass() {
|
|
|
20
21
|
static loadAsInstance = false;
|
|
21
22
|
/**
|
|
22
23
|
* GET /WebhookEndpoint/?kbId=.. — list all webhook endpoints for a KB.
|
|
23
|
-
*
|
|
24
|
+
* Default: team role required. Hook can override.
|
|
24
25
|
*/
|
|
25
26
|
async get(target) {
|
|
26
27
|
const user = this.getCurrentUser();
|
|
27
|
-
if (!user) {
|
|
28
|
-
return { status: 401, data: { error: 'Authentication required' } };
|
|
29
|
-
}
|
|
30
|
-
if (user.role !== 'team') {
|
|
31
|
-
return { status: 403, data: { error: 'Team role required' } };
|
|
32
|
-
}
|
|
33
28
|
const kbId = extractKbId(target);
|
|
34
29
|
if (!kbId) {
|
|
35
30
|
return { status: 400, data: { error: 'kbId query parameter is required' } };
|
|
36
31
|
}
|
|
32
|
+
const accessResult = await checkAccess({
|
|
33
|
+
user,
|
|
34
|
+
kbId,
|
|
35
|
+
resource: 'WebhookEndpoint',
|
|
36
|
+
operation: 'read',
|
|
37
|
+
channel: 'rest',
|
|
38
|
+
});
|
|
39
|
+
if (accessResult) {
|
|
40
|
+
if (!accessResult.allow) {
|
|
41
|
+
return { status: user ? 403 : 401, data: { error: accessResult.reason || 'Access denied' } };
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
else {
|
|
45
|
+
if (!user) {
|
|
46
|
+
return { status: 401, data: { error: 'Authentication required' } };
|
|
47
|
+
}
|
|
48
|
+
if (user.role !== 'team') {
|
|
49
|
+
return { status: 403, data: { error: 'Team role required' } };
|
|
50
|
+
}
|
|
51
|
+
}
|
|
37
52
|
return listWebhookEndpoints(kbId);
|
|
38
53
|
}
|
|
39
54
|
/**
|
|
40
55
|
* POST /WebhookEndpoint/?kbId=.. — create a new webhook endpoint.
|
|
41
|
-
*
|
|
56
|
+
* Default: team role required. Hook can override.
|
|
42
57
|
*
|
|
43
58
|
* Body: { provider: "github", label?: "owner/repo" }
|
|
44
59
|
*
|
|
@@ -47,16 +62,30 @@ export class WebhookEndpointResource extends getResourceClass() {
|
|
|
47
62
|
*/
|
|
48
63
|
async post(target, data) {
|
|
49
64
|
const user = this.getCurrentUser();
|
|
50
|
-
if (!user) {
|
|
51
|
-
return { status: 401, data: { error: 'Authentication required' } };
|
|
52
|
-
}
|
|
53
|
-
if (user.role !== 'team') {
|
|
54
|
-
return { status: 403, data: { error: 'Team role required' } };
|
|
55
|
-
}
|
|
56
65
|
const kbId = extractKbId(target) || data?.kbId;
|
|
57
66
|
if (!kbId) {
|
|
58
67
|
return { status: 400, data: { error: 'kbId is required' } };
|
|
59
68
|
}
|
|
69
|
+
const accessResult = await checkAccess({
|
|
70
|
+
user,
|
|
71
|
+
kbId,
|
|
72
|
+
resource: 'WebhookEndpoint',
|
|
73
|
+
operation: 'write',
|
|
74
|
+
channel: 'rest',
|
|
75
|
+
});
|
|
76
|
+
if (accessResult) {
|
|
77
|
+
if (!accessResult.allow) {
|
|
78
|
+
return { status: user ? 403 : 401, data: { error: accessResult.reason || 'Access denied' } };
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
else {
|
|
82
|
+
if (!user) {
|
|
83
|
+
return { status: 401, data: { error: 'Authentication required' } };
|
|
84
|
+
}
|
|
85
|
+
if (user.role !== 'team') {
|
|
86
|
+
return { status: 403, data: { error: 'Team role required' } };
|
|
87
|
+
}
|
|
88
|
+
}
|
|
60
89
|
if (!data?.provider) {
|
|
61
90
|
return { status: 400, data: { error: 'provider is required' } };
|
|
62
91
|
}
|
|
@@ -68,7 +97,7 @@ export class WebhookEndpointResource extends getResourceClass() {
|
|
|
68
97
|
};
|
|
69
98
|
}
|
|
70
99
|
try {
|
|
71
|
-
const { endpoint, secret } = await createWebhookEndpoint(kbId, data.provider, data.label, user
|
|
100
|
+
const { endpoint, secret } = await createWebhookEndpoint(kbId, data.provider, data.label, user?.username || user?.id);
|
|
72
101
|
return {
|
|
73
102
|
...endpoint,
|
|
74
103
|
secret,
|
|
@@ -85,16 +114,10 @@ export class WebhookEndpointResource extends getResourceClass() {
|
|
|
85
114
|
}
|
|
86
115
|
/**
|
|
87
116
|
* DELETE /WebhookEndpoint/<id>?kbId=.. — delete a webhook endpoint.
|
|
88
|
-
*
|
|
117
|
+
* Default: team role required. Hook can override.
|
|
89
118
|
*/
|
|
90
119
|
async delete(target) {
|
|
91
120
|
const user = this.getCurrentUser();
|
|
92
|
-
if (!user) {
|
|
93
|
-
return { status: 401, data: { error: 'Authentication required' } };
|
|
94
|
-
}
|
|
95
|
-
if (user.role !== 'team') {
|
|
96
|
-
return { status: 403, data: { error: 'Team role required' } };
|
|
97
|
-
}
|
|
98
121
|
const id = this.getId();
|
|
99
122
|
if (!id) {
|
|
100
123
|
return { status: 400, data: { error: 'Webhook endpoint ID required' } };
|
|
@@ -103,6 +126,26 @@ export class WebhookEndpointResource extends getResourceClass() {
|
|
|
103
126
|
if (!kbId) {
|
|
104
127
|
return { status: 400, data: { error: 'kbId query parameter is required' } };
|
|
105
128
|
}
|
|
129
|
+
const accessResult = await checkAccess({
|
|
130
|
+
user,
|
|
131
|
+
kbId,
|
|
132
|
+
resource: 'WebhookEndpoint',
|
|
133
|
+
operation: 'write',
|
|
134
|
+
channel: 'rest',
|
|
135
|
+
});
|
|
136
|
+
if (accessResult) {
|
|
137
|
+
if (!accessResult.allow) {
|
|
138
|
+
return { status: user ? 403 : 401, data: { error: accessResult.reason || 'Access denied' } };
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
else {
|
|
142
|
+
if (!user) {
|
|
143
|
+
return { status: 401, data: { error: 'Authentication required' } };
|
|
144
|
+
}
|
|
145
|
+
if (user.role !== 'team') {
|
|
146
|
+
return { status: 403, data: { error: 'Team role required' } };
|
|
147
|
+
}
|
|
148
|
+
}
|
|
106
149
|
try {
|
|
107
150
|
await deleteWebhookEndpoint(String(id), kbId);
|
|
108
151
|
return true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WebhookEndpointResource.js","sourceRoot":"","sources":["../../src/resources/WebhookEndpointResource.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"WebhookEndpointResource.js","sourceRoot":"","sources":["../../src/resources/WebhookEndpointResource.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AAClH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,SAAS,gBAAgB;IACxB,OAAQ,UAAkB,CAAC,QAAQ,CAAC;AACrC,CAAC;AAED,SAAS,WAAW,CAAC,MAAY;IAChC,OAAO,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,MAAM,EAAE,IAAI,IAAI,IAAI,CAAC;AACtD,CAAC;AAED,MAAM,OAAO,uBAAwB,SAAQ,gBAAgB,EAAE;IAC9D,MAAM,CAAC,cAAc,GAAG,KAAK,CAAC;IAE9B;;;OAGG;IACH,KAAK,CAAC,GAAG,CAAC,MAAY;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,kCAAkC,EAAE,EAAE,CAAC;QAC7E,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC;YACtC,IAAI;YACJ,IAAI;YACJ,QAAQ,EAAE,iBAAiB;YAC3B,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,MAAM;SACf,CAAC,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBACzB,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,IAAI,eAAe,EAAE,EAAE,CAAC;YAC9F,CAAC;QACF,CAAC;aAAM,CAAC;YACP,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,CAAC;YACpE,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC1B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC;YAC/D,CAAC;QACF,CAAC;QAED,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAI,CAAC,MAAW,EAAE,IAAS;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,IAAI,CAAC;QAC/C,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,CAAC;QAC7D,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC;YACtC,IAAI;YACJ,IAAI;YACJ,QAAQ,EAAE,iBAAiB;YAC3B,SAAS,EAAE,OAAO;YAClB,OAAO,EAAE,MAAM;SACf,CAAC,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBACzB,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,IAAI,eAAe,EAAE,EAAE,CAAC;YAC9F,CAAC;QACF,CAAC;aAAM,CAAC;YACP,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,CAAC;YACpE,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC1B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC;YAC/D,CAAC;QACF,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC;YACrB,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE,EAAE,CAAC;QACjE,CAAC;QAED,MAAM,cAAc,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,OAAO;gBACN,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,4BAA4B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;aACxE,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACJ,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,qBAAqB,CACvD,IAAI,EACJ,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,KAAK,EACV,IAAI,EAAE,QAAQ,IAAI,IAAI,EAAE,EAAE,CAC1B,CAAC;YAEF,OAAO;gBACN,GAAG,QAAQ;gBACX,MAAM;gBACN,UAAU,EAAE,aAAa,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,MAAM,EAAE;aAC1D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,OAAO,GAAI,KAAe,CAAC,OAAO,CAAC;YACzC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACnC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC;YAClD,CAAC;YACD,MAAM,KAAK,CAAC;QACb,CAAC;IACF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,MAAY;QACxB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,EAAE,EAAE,CAAC;YACT,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,8BAA8B,EAAE,EAAE,CAAC;QACzE,CAAC;QAED,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,kCAAkC,EAAE,EAAE,CAAC;QAC7E,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC;YACtC,IAAI;YACJ,IAAI;YACJ,QAAQ,EAAE,iBAAiB;YAC3B,SAAS,EAAE,OAAO;YAClB,OAAO,EAAE,MAAM;SACf,CAAC,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBACzB,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,IAAI,eAAe,EAAE,EAAE,CAAC;YAC9F,CAAC;QACF,CAAC;aAAM,CAAC;YACP,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,CAAC;YACpE,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC1B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC;YAC/D,CAAC;QACF,CAAC;QAED,IAAI,CAAC;YACJ,MAAM,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,4BAA4B,EAAE,EAAE,CAAC;QACvE,CAAC;IACF,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "harper-kb",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.3.0",
|
|
4
4
|
"description": "Knowledge base plugin for Harper with MCP server integration",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -51,7 +51,7 @@
|
|
|
51
51
|
"typescript": "^5.7.0"
|
|
52
52
|
},
|
|
53
53
|
"optionalDependencies": {
|
|
54
|
-
"harper-fabric-embeddings": "^0.1.
|
|
54
|
+
"harper-fabric-embeddings": "^0.1.4"
|
|
55
55
|
},
|
|
56
56
|
"peerDependencies": {
|
|
57
57
|
"harperdb": ">=4.7.0"
|