@jupiterone/jupiterone-mcp
Version:
Model Context Protocol server for JupiterOne account rules and rule details
43 lines • 2.62 kB
TypeScript
import type { Query } from '../../types/jupiterone.js';
import type { J1QLValidator } from '../../utils/j1ql-validator.js';
import type { ToolResult } from './types.js';
/**
* The HTTP status of an upstream authentication/authorization rejection, or `null` for any other
* error. An account can stay in `list-accounts` (membership) yet fail live authorization — revoked,
* disabled, or gated behind SSO — so these need their own message, not a raw envelope. Rejections
* arrive three ways: a real 401/403, a GraphQL `extensions.code` (FORBIDDEN/UNAUTHENTICATED) inside
* an HTTP 200, or, failing both, an authz-shaped message. Code/message hits map to the equivalent
* status so callers get a consistent access-denied frame.
*/
export declare function accessDeniedStatus(error: unknown): number | null;
/**
* Agent-facing message for an access-denied upstream response. The guidance is tenancy-aware:
* `list-accounts` and "try another accountId" only make sense when the host supplies an account
* resolver (multi-tenant). With a fixed account (single-tenant subdomain / env account) there is
* no discovery tool and no account to switch to, so steer the caller to re-authenticate instead.
*/
export declare function accessDeniedMessage(statusCode: number, hasAccountDiscovery: boolean): string;
export declare function accessDeniedResult(statusCode: number, hasAccountDiscovery: boolean): ToolResult;
/**
* Generic error envelope for a thrown handler. Upstream GraphQL errors are already sanitized at
* the shared client (S9), so `error.message` is safe to surface here. Access-denied (401/403)
* errors are framed by the registration chokepoint before this is reached.
*/
export declare function toErrorResponse(error: unknown, context: string): ToolResult;
/** Validate each J1QL query in a rule/widget definition before the create/update call. */
export declare function validateQueries(queries: Query[] | undefined, validator: J1QLValidator, options?: {
maxPollAttempts?: number;
}): Promise<Array<{
queryName: string;
error: string;
suggestion: string;
}>>;
/** Tool result returned (as a non-throwing outcome) when pre-create query validation fails. */
export declare function createValidationErrorResponse(validationResults: Array<{
queryName: string;
error: string;
suggestion: string;
}>): ToolResult;
/** Validator-aware error for execute-j1ql-query: maps execution errors to actionable suggestions. */
export declare function createQueryErrorResponse(error: unknown, query: string, validator: J1QLValidator): ToolResult;
//# sourceMappingURL=errors.d.ts.map