@jupiterone/jupiterone-mcp
Version:
Model Context Protocol server for JupiterOne account rules and rule details
37 lines • 1.9 kB
TypeScript
import { GraphQLClient } from 'graphql-request';
/**
* Error surfaced to callers in place of graphql-request's `ClientError`.
*
* `ClientError.message` embeds `JSON.stringify({ response, request })` — i.e. the full
* GraphQL query, its variables, and the response status/headers/body. Surfacing that into
* model context or stderr leaks internal API structure and (via variables) potentially
* sensitive values. This type exposes only the upstream error message and status code.
*/
export declare class JupiterOneApiError extends Error {
readonly statusCode?: number;
/**
* The first GraphQL error's `extensions.code` (e.g. `FORBIDDEN`, `UNAUTHENTICATED`) when the
* upstream delivered the failure as a GraphQL error inside an HTTP 200. Authorization rejections
* arrive this way, so preserving the code lets the error layer frame them as access-denied even
* though the transport status is 200.
*/
readonly code?: string;
constructor(message: string, statusCode?: number, code?: string);
}
/**
* Convert any thrown value into a sanitized error safe for model context and logs.
*
* For a `ClientError`, keeps only the upstream GraphQL error message (which the J1QL
* validator pattern-matches on) and the status code; drops the query, variables, headers,
* and raw response body. Other errors are reduced to their message with no object dumping.
*/
export declare function sanitizeGraphQLError(error: unknown): JupiterOneApiError;
/**
* GraphQLClient that routes every thrown error through {@link sanitizeGraphQLError}. Fixing
* the leak at the single shared client means downstream services and tool handlers never
* see the raw `ClientError`, without editing every call site.
*/
export declare class SanitizingGraphQLClient extends GraphQLClient {
request(...args: any[]): Promise<any>;
}
//# sourceMappingURL=sanitize-error.d.ts.map