mcp-server-kubernetes 3.5.0 → 3.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js
CHANGED
|
@@ -36,6 +36,21 @@ import { withTelemetry } from "./middleware/telemetry-middleware.js";
|
|
|
36
36
|
const allowOnlyReadonlyTools = process.env.ALLOW_ONLY_READONLY_TOOLS === "true";
|
|
37
37
|
const allowedToolsEnv = process.env.ALLOWED_TOOLS;
|
|
38
38
|
const nonDestructiveTools = process.env.ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS === "true";
|
|
39
|
+
const explicitlyAllowedToolNames = allowedToolsEnv
|
|
40
|
+
? new Set(allowedToolsEnv.split(",").map((t) => t.trim()).filter(Boolean))
|
|
41
|
+
: null;
|
|
42
|
+
const isToolAllowed = (name) => {
|
|
43
|
+
if (explicitlyAllowedToolNames) {
|
|
44
|
+
return explicitlyAllowedToolNames.has(name);
|
|
45
|
+
}
|
|
46
|
+
if (allowOnlyReadonlyTools) {
|
|
47
|
+
return readonlyTools.some((t) => t.name === name);
|
|
48
|
+
}
|
|
49
|
+
if (nonDestructiveTools) {
|
|
50
|
+
return !destructiveTools.some((dt) => dt.name === name);
|
|
51
|
+
}
|
|
52
|
+
return true;
|
|
53
|
+
};
|
|
39
54
|
// Define readonly tools
|
|
40
55
|
const readonlyTools = [
|
|
41
56
|
kubectlGetSchema,
|
|
@@ -109,25 +124,16 @@ server.setRequestHandler(ReadResourceRequestSchema, resourceHandlers.readResourc
|
|
|
109
124
|
registerPromptHandlers(server, k8sManager);
|
|
110
125
|
// Tools handlers
|
|
111
126
|
server.setRequestHandler(ListToolsRequestSchema, async () => {
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
const allowedToolNames = allowedToolsEnv.split(",").map((t) => t.trim());
|
|
115
|
-
tools = allTools.filter((tool) => allowedToolNames.includes(tool.name));
|
|
116
|
-
}
|
|
117
|
-
else if (allowOnlyReadonlyTools) {
|
|
118
|
-
tools = readonlyTools;
|
|
119
|
-
}
|
|
120
|
-
else if (nonDestructiveTools) {
|
|
121
|
-
tools = allTools.filter((tool) => !destructiveTools.some((dt) => dt.name === tool.name));
|
|
122
|
-
}
|
|
123
|
-
else {
|
|
124
|
-
tools = allTools;
|
|
125
|
-
}
|
|
127
|
+
const baseTools = allowOnlyReadonlyTools ? readonlyTools : allTools;
|
|
128
|
+
const tools = baseTools.filter((tool) => isToolAllowed(tool.name));
|
|
126
129
|
return { tools };
|
|
127
130
|
});
|
|
128
131
|
server.setRequestHandler(CallToolRequestSchema, withTelemetry(async (request) => {
|
|
129
132
|
try {
|
|
130
133
|
const { name, arguments: input = {} } = request.params;
|
|
134
|
+
if (!isToolAllowed(name)) {
|
|
135
|
+
throw new McpError(ErrorCode.InvalidRequest, `Tool '${name}' is not allowed under the current server configuration`);
|
|
136
|
+
}
|
|
131
137
|
// Handle new kubectl-style commands
|
|
132
138
|
if (name === "kubectl_context") {
|
|
133
139
|
return await kubectlContext(k8sManager, input);
|
|
@@ -419,24 +419,24 @@ export declare const GetJobLogsResponseSchema: z.ZodObject<{
|
|
|
419
419
|
}>;
|
|
420
420
|
export declare const PortForwardResponseSchema: z.ZodObject<{
|
|
421
421
|
content: z.ZodArray<z.ZodObject<{
|
|
422
|
-
|
|
423
|
-
|
|
422
|
+
type: z.ZodLiteral<"text">;
|
|
423
|
+
text: z.ZodString;
|
|
424
424
|
}, "strip", z.ZodTypeAny, {
|
|
425
|
-
|
|
426
|
-
|
|
425
|
+
type: "text";
|
|
426
|
+
text: string;
|
|
427
427
|
}, {
|
|
428
|
-
|
|
429
|
-
|
|
428
|
+
type: "text";
|
|
429
|
+
text: string;
|
|
430
430
|
}>, "many">;
|
|
431
431
|
}, "strip", z.ZodTypeAny, {
|
|
432
432
|
content: {
|
|
433
|
-
|
|
434
|
-
|
|
433
|
+
type: "text";
|
|
434
|
+
text: string;
|
|
435
435
|
}[];
|
|
436
436
|
}, {
|
|
437
437
|
content: {
|
|
438
|
-
|
|
439
|
-
|
|
438
|
+
type: "text";
|
|
439
|
+
text: string;
|
|
440
440
|
}[];
|
|
441
441
|
}>;
|
|
442
442
|
export declare const ScaleDeploymentResponseSchema: z.ZodObject<{
|
|
@@ -62,10 +62,7 @@ export const GetJobLogsResponseSchema = z.object({
|
|
|
62
62
|
content: z.array(ToolResponseContent),
|
|
63
63
|
});
|
|
64
64
|
export const PortForwardResponseSchema = z.object({
|
|
65
|
-
content: z.array(
|
|
66
|
-
success: z.boolean(),
|
|
67
|
-
message: z.string(),
|
|
68
|
-
})),
|
|
65
|
+
content: z.array(ToolResponseContent),
|
|
69
66
|
});
|
|
70
67
|
export const ScaleDeploymentResponseSchema = z.object({
|
|
71
68
|
content: z.array(z.object({
|
|
@@ -35,8 +35,8 @@ export declare function startPortForward(k8sManager: KubernetesManager, input: {
|
|
|
35
35
|
namespace?: string;
|
|
36
36
|
}): Promise<{
|
|
37
37
|
content: {
|
|
38
|
-
|
|
39
|
-
|
|
38
|
+
type: "text";
|
|
39
|
+
text: string;
|
|
40
40
|
}[];
|
|
41
41
|
}>;
|
|
42
42
|
export declare const StopPortForwardSchema: {
|
|
@@ -59,7 +59,7 @@ export declare function stopPortForward(k8sManager: KubernetesManager, input: {
|
|
|
59
59
|
id: string;
|
|
60
60
|
}): Promise<{
|
|
61
61
|
content: {
|
|
62
|
-
|
|
63
|
-
|
|
62
|
+
type: "text";
|
|
63
|
+
text: string;
|
|
64
64
|
}[];
|
|
65
65
|
}>;
|
|
@@ -80,7 +80,15 @@ export async function startPortForward(k8sManager, input) {
|
|
|
80
80
|
ports: [{ local: input.localPort, remote: input.targetPort }],
|
|
81
81
|
});
|
|
82
82
|
return {
|
|
83
|
-
content: [
|
|
83
|
+
content: [
|
|
84
|
+
{
|
|
85
|
+
type: "text",
|
|
86
|
+
text: JSON.stringify({
|
|
87
|
+
success: result.success,
|
|
88
|
+
message: result.message,
|
|
89
|
+
}),
|
|
90
|
+
},
|
|
91
|
+
],
|
|
84
92
|
};
|
|
85
93
|
}
|
|
86
94
|
catch (error) {
|
|
@@ -111,7 +119,13 @@ export async function stopPortForward(k8sManager, input) {
|
|
|
111
119
|
k8sManager.removePortForward(input.id);
|
|
112
120
|
return {
|
|
113
121
|
content: [
|
|
114
|
-
{
|
|
122
|
+
{
|
|
123
|
+
type: "text",
|
|
124
|
+
text: JSON.stringify({
|
|
125
|
+
success: true,
|
|
126
|
+
message: "port-forward stopped successfully",
|
|
127
|
+
}),
|
|
128
|
+
},
|
|
115
129
|
],
|
|
116
130
|
};
|
|
117
131
|
}
|