venafi-connector-machine 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/bundle.mjs +27 -0
  2. package/package.json +2 -2
package/bundle.mjs CHANGED
@@ -31160,6 +31160,32 @@ if !strings.HasPrefix(certPEM, "-----BEGIN CERTIFICATE-----") {
31160
31160
  }
31161
31161
  \`\`\`
31162
31162
 
31163
+ ### 26. Default/Fallback Binding Must Be Assigned BEFORE Discovery Type Filtering
31164
+
31165
+ **The problem**: If a connector has both a default binding type (e.g., "unbound" for certificates with no object references) and a \`discoveryTypes\` filter, incorrect ordering silently drops certificates.
31166
+
31167
+ **The symptom**: Discovery returns only certificates with explicit bindings. Unbound certificates are silently excluded \u2014 no error, no log message.
31168
+
31169
+ **Wrong order** (unbound assigned after filter):
31170
+ \`\`\`go
31171
+ bindings := findBindings(cert) // returns [] for unbound certs
31172
+ bindings = filterByType(bindings) // filters empty list \u2192 returns nil \u2192 CERT DROPPED
31173
+ if len(bindings) == 0 {
31174
+ bindings = []{{"unbound", cert}} // never reached!
31175
+ }
31176
+ \`\`\`
31177
+
31178
+ **Correct order** (unbound assigned before filter):
31179
+ \`\`\`go
31180
+ bindings := findBindings(cert) // returns [] for unbound certs
31181
+ if len(bindings) == 0 {
31182
+ bindings = []{{"unbound", cert}} // assigned FIRST
31183
+ }
31184
+ bindings = filterByType(bindings) // can now properly include/exclude "unbound"
31185
+ \`\`\`
31186
+
31187
+ This is a logic trap because the default assignment and the filter are independent concerns that interact badly when ordered wrong. Any connector with a catch-all binding type AND a discovery type filter will hit this bug.
31188
+
31163
31189
  ---
31164
31190
 
31165
31191
  ## Things That Were Challenging But Eventually Worked
@@ -33170,6 +33196,7 @@ ${LESSONS_LEARNED}
33170
33196
  23. **certificateBundle.certificateChain is an ARRAY** \u2014 Venafi Cloud sends it as \`["base64cert1", "base64cert2"]\`, not a single string. Manifest must declare \`{ "type": "array", "items": { "contentEncoding": "base64", "type": "string" } }\`. Go struct uses \`[][]byte\` (auto base64 decode) or \`[]string\` (manual decode)
33171
33197
  24. **Certificate chain ordering is undocumented** \u2014 Venafi Cloud sends the chain array but the ordering guarantee is not documented. Pass through in received order and note this assumption. Targets with strict ordering requirements may need issuer/subject-based re-sorting
33172
33198
  25. **REST API discovery: convert base64 DER to PEM** \u2014 when a target API returns certs as base64-encoded DER, you MUST convert to PEM for the discovery response (\`base64.Decode \u2192 pem.EncodeToMemory\`). Validate with \`strings.HasPrefix(cert, "-----BEGIN CERTIFICATE-----")\`
33199
+ 26. **Default binding must be assigned BEFORE discovery type filtering** \u2014 if "unbound" (or any fallback binding) is assigned after the filter runs, unbound certs are silently dropped. Always: find bindings \u2192 assign default if empty \u2192 then filter
33173
33200
  `;
33174
33201
  }
33175
33202
  function getRESTClientPattern(args) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "venafi-connector-machine",
3
- "version": "1.0.2",
3
+ "version": "1.0.4",
4
4
  "description": "MCP server providing machine connector-specific knowledge, templates, and tools for building Venafi TLS Protect Cloud machine connectors",
5
5
  "main": "bundle.mjs",
6
6
  "type": "module",
@@ -41,4 +41,4 @@
41
41
  "typescript": "^5.7.0",
42
42
  "@types/node": "^22.0.0"
43
43
  }
44
- }
44
+ }