UNPKG

@jupiterone/jupiterone-mcp

Version:

Model Context Protocol server for JupiterOne account rules and rule details

43 lines 2.62 kB
import type { Query } from '../../types/jupiterone.js'; import type { J1QLValidator } from '../../utils/j1ql-validator.js'; import type { ToolResult } from './types.js'; /** * The HTTP status of an upstream authentication/authorization rejection, or `null` for any other * error. An account can stay in `list-accounts` (membership) yet fail live authorization — revoked, * disabled, or gated behind SSO — so these need their own message, not a raw envelope. Rejections * arrive three ways: a real 401/403, a GraphQL `extensions.code` (FORBIDDEN/UNAUTHENTICATED) inside * an HTTP 200, or, failing both, an authz-shaped message. Code/message hits map to the equivalent * status so callers get a consistent access-denied frame. */ export declare function accessDeniedStatus(error: unknown): number | null; /** * Agent-facing message for an access-denied upstream response. The guidance is tenancy-aware: * `list-accounts` and "try another accountId" only make sense when the host supplies an account * resolver (multi-tenant). With a fixed account (single-tenant subdomain / env account) there is * no discovery tool and no account to switch to, so steer the caller to re-authenticate instead. */ export declare function accessDeniedMessage(statusCode: number, hasAccountDiscovery: boolean): string; export declare function accessDeniedResult(statusCode: number, hasAccountDiscovery: boolean): ToolResult; /** * Generic error envelope for a thrown handler. Upstream GraphQL errors are already sanitized at * the shared client (S9), so `error.message` is safe to surface here. Access-denied (401/403) * errors are framed by the registration chokepoint before this is reached. */ export declare function toErrorResponse(error: unknown, context: string): ToolResult; /** Validate each J1QL query in a rule/widget definition before the create/update call. */ export declare function validateQueries(queries: Query[] | undefined, validator: J1QLValidator, options?: { maxPollAttempts?: number; }): Promise<Array<{ queryName: string; error: string; suggestion: string; }>>; /** Tool result returned (as a non-throwing outcome) when pre-create query validation fails. */ export declare function createValidationErrorResponse(validationResults: Array<{ queryName: string; error: string; suggestion: string; }>): ToolResult; /** Validator-aware error for execute-j1ql-query: maps execution errors to actionable suggestions. */ export declare function createQueryErrorResponse(error: unknown, query: string, validator: J1QLValidator): ToolResult; //# sourceMappingURL=errors.d.ts.map