diff --git a/apps/api/src/cloud-security/check-definition.utils.ts b/apps/api/src/cloud-security/check-definition.utils.ts index 5b67ef314e..d3b05f3048 100644 --- a/apps/api/src/cloud-security/check-definition.utils.ts +++ b/apps/api/src/cloud-security/check-definition.utils.ts @@ -38,6 +38,27 @@ export function normalizeCheckId( return findingKey; } +/** + * The stable check key used to key exceptions and suppress findings across + * scans. Prefer the stamped `findingKey` (normalized to the bare check id); + * fall back to the check run's own `checkId` for older rows stored before + * findingKey stamping. The auto-run sentinel `'all'` is not a real check, so + * it yields null (the finding can't be marked as an exception). + * + * Shared by the exception resolver and the findings query so a finding marked + * as an exception is also the one suppressed from the list. + */ +export function resolveCheckKey(params: { + findingKey: string | null; + resourceId: string | null; + runCheckId: string | null; +}): string | null { + const { findingKey, resourceId, runCheckId } = params; + if (findingKey) return normalizeCheckId(findingKey, resourceId); + if (runCheckId && runCheckId !== 'all') return runCheckId; + return null; +} + export interface SourceHashInput { provider: string; serviceName: string | null; diff --git a/apps/api/src/cloud-security/cloud-security-query.service.ts b/apps/api/src/cloud-security/cloud-security-query.service.ts index 2388b5324b..1828b34c38 100644 --- a/apps/api/src/cloud-security/cloud-security-query.service.ts +++ b/apps/api/src/cloud-security/cloud-security-query.service.ts @@ -3,7 +3,7 @@ import { db } from '@db'; import { getManifest } from '@trycompai/integration-platform'; import { sanitizeEvidence } from './evidence-sanitizer'; import { getLegacyFindings } from './cloud-security-query.legacy'; -import { normalizeCheckId } from './check-definition.utils'; +import { resolveCheckKey } from './check-definition.utils'; import type { CloudFinding, CloudProvider, @@ -364,9 +364,13 @@ export class CloudSecurityQueryService { resourceId: result.resourceId ?? null, resourceType: result.resourceType ?? null, checkId: checkRun?.checkId ?? null, - checkKey: findingKey - ? normalizeCheckId(findingKey, result.resourceId) - : null, + // Same fallback as the exception resolver so a finding marked as an + // exception is also the one suppressed from this list. + checkKey: resolveCheckKey({ + findingKey, + resourceId: result.resourceId, + runCheckId: checkRun?.checkId ?? null, + }), evidence: sanitizeEvidence(result.evidence ?? null), projectDisplayName: (() => { if (projectDisplayNameFromEvidence) { diff --git a/apps/api/src/cloud-security/exception.service.spec.ts b/apps/api/src/cloud-security/exception.service.spec.ts index edfc252cbc..0f61cc93a5 100644 --- a/apps/api/src/cloud-security/exception.service.spec.ts +++ b/apps/api/src/cloud-security/exception.service.spec.ts @@ -184,7 +184,7 @@ describe('CloudExceptionService.markAsException', () => { dbMock.integrationCheckResult.findFirst.mockResolvedValueOnce({ resourceId: null, evidence: null, - checkRun: { connectionId: 'icn_aws' }, + checkRun: { connectionId: 'icn_aws', checkId: 'all' }, }); await expect( buildService().markAsException({ @@ -195,6 +195,77 @@ describe('CloudExceptionService.markAsException', () => { }), ).rejects.toThrow(BadRequestException); }); + + it('falls back to the run checkId for older rows that have no findingKey', async () => { + // AWS integration-platform finding stored before findingKey stamping: the + // evidence has no findingKey, but a task-scoped run carries the real check + // id, which IS the normalized check id used to key the exception. + dbMock.integrationCheckResult.findFirst.mockResolvedValueOnce({ + resourceId: 'primer-production-reports-bucket', + evidence: { bucket: 'primer-production-reports-bucket' }, + checkRun: { connectionId: 'icn_aws', checkId: 'aws-s3-public-access' }, + }); + dbMock.findingException.upsert.mockResolvedValueOnce({ id: 'fex_fb' }); + + const result = await buildService().markAsException({ + findingId: 'icx_old', + organizationId: 'org_1', + userId: 'usr_1', + reason: 'Bucket intentionally public for marketing assets — reviewed.', + }); + + expect(result.id).toBe('fex_fb'); + expect(dbMock.findingException.upsert).toHaveBeenCalledWith( + expect.objectContaining({ + where: { + organizationId_connectionId_checkId_resourceId: { + organizationId: 'org_1', + connectionId: 'icn_aws', + checkId: 'aws-s3-public-access', + resourceId: 'primer-production-reports-bucket', + }, + }, + }), + ); + }); + + it("rejects older rows whose run checkId is the 'all' auto-run sentinel", async () => { + dbMock.integrationCheckResult.findFirst.mockResolvedValueOnce({ + resourceId: 'some-bucket', + evidence: { bucket: 'some-bucket' }, + checkRun: { connectionId: 'icn_aws', checkId: 'all' }, + }); + await expect( + buildService().markAsException({ + findingId: 'icx_all', + organizationId: 'org_1', + userId: 'usr_1', + reason: 'A perfectly long, well-documented reason here for tests.', + }), + ).rejects.toThrow(BadRequestException); + }); + + it('stamped findingKey (new rows) normalizes to the bare check id', async () => { + // Mirrors what AWS emitOutcomes now writes: findingKey = `${checkId}-${resourceId}`. + withFinding({ + findingKey: 'aws-s3-public-access-primer-production-reports-bucket', + resourceId: 'primer-production-reports-bucket', + connectionId: 'icn_aws', + }); + dbMock.findingException.upsert.mockResolvedValueOnce({ id: 'fex_new2' }); + + await buildService().markAsException({ + findingId: 'icx_new', + organizationId: 'org_1', + userId: 'usr_1', + reason: 'Bucket intentionally public for marketing assets — reviewed.', + }); + + const call = dbMock.findingException.upsert.mock.calls[0][0]; + expect( + call.where.organizationId_connectionId_checkId_resourceId.checkId, + ).toBe('aws-s3-public-access'); + }); }); describe('CloudExceptionService.revokeException', () => { diff --git a/apps/api/src/cloud-security/exception.service.ts b/apps/api/src/cloud-security/exception.service.ts index 25ab69163b..47d1811cfc 100644 --- a/apps/api/src/cloud-security/exception.service.ts +++ b/apps/api/src/cloud-security/exception.service.ts @@ -7,7 +7,7 @@ import { } from '@nestjs/common'; import { db } from '@db'; import { logCloudSecurityActivity } from './cloud-security-audit'; -import { normalizeCheckId } from './check-definition.utils'; +import { resolveCheckKey } from './check-definition.utils'; /** Minimum chars for an exception reason — meant to discourage low-effort * reasons like "ok" or "test". Auditors rely on this field as the @@ -198,7 +198,7 @@ export class CloudExceptionService { select: { resourceId: true, evidence: true, - checkRun: { select: { connectionId: true } }, + checkRun: { select: { connectionId: true, checkId: true } }, }, }); @@ -213,7 +213,14 @@ export class CloudExceptionService { evidence && typeof evidence.findingKey === 'string' ? evidence.findingKey : null; - if (!rawFindingKey || !result.resourceId) { + + const resolvedCheckId = resolveCheckKey({ + findingKey: rawFindingKey, + resourceId: result.resourceId, + runCheckId: result.checkRun.checkId, + }); + + if (!resolvedCheckId || !result.resourceId) { throw new BadRequestException( 'This finding cannot be marked as an exception — it lacks a stable check/resource identity.', ); @@ -221,7 +228,7 @@ export class CloudExceptionService { return { connectionId: result.checkRun.connectionId, - checkId: normalizeCheckId(rawFindingKey, result.resourceId), + checkId: resolvedCheckId, resourceId: result.resourceId, }; } diff --git a/apps/mcp-server/.speakeasy/gen.lock b/apps/mcp-server/.speakeasy/gen.lock index 1a96be386a..0ed906d9fe 100644 --- a/apps/mcp-server/.speakeasy/gen.lock +++ b/apps/mcp-server/.speakeasy/gen.lock @@ -1,25 +1,25 @@ lockVersion: 2.0.0 id: f7130d09-dac4-4515-9162-6095782b6bb6 management: - docChecksum: 9a9a5ad65c6699e7e9638e68a1a56c35 + docChecksum: f4af9daecfe34a4033296a586d8d6d7d docVersion: "1.0" - speakeasyVersion: 1.771.0 - generationVersion: 2.893.0 - releaseVersion: 0.1.0 - configChecksum: e894b6fab821ea14e0f911ca3ab4c270 + speakeasyVersion: 1.777.1 + generationVersion: 2.903.2 + releaseVersion: 0.2.0 + configChecksum: 64655550887db248ac56f6a3d0ee7ced repoURL: https://github.com/trycompai/comp.git repoSubDirectory: apps/mcp-server installationURL: https://github.com/trycompai/comp published: true persistentEdits: - generation_id: 219b44c6-152b-4cc8-80af-615af055111c - pristine_commit_hash: 9efd61aeea40cab6525bcf8f4cf67ab9b7ff74b9 - pristine_tree_hash: f63e670ba937bada46810fb93d6adb48ef9716c0 + generation_id: a46f246e-21df-453d-ad10-468b1cf49621 + pristine_commit_hash: 932e03063f9f9d48e3862d3763a6abf6a2665e55 + pristine_tree_hash: 0081b81e18ab4fb87c36964d383ed327eb05600c features: mcp-typescript: additionalDependencies: 0.1.0 constsAndDefaults: 0.1.2 - core: 1.2.29 + core: 1.3.1 defaultEnabledRetries: 0.1.0 enumUnions: 0.1.0 globalSecurity: 0.1.3 @@ -51,12 +51,12 @@ trackedFiles: pristine_git_object: 4f9e60a9462fc4def738d60c3aaadf8232ef185f manifest.json: id: ca642a226869 - last_write_checksum: sha1:d799c11312f737c8bcde4d4cbc64c3a81968936c - pristine_git_object: 21ac1e5560eb0ab6eaa69670e31d55369cd11135 + last_write_checksum: sha1:bfb39392ec0cd8aef95d8586beaf26c67fd529a8 + pristine_git_object: db0fdc1fb608fbbe681d3b1623287b8023ff0bb9 package.json: id: 7030d0b2f71b - last_write_checksum: sha1:6c242c433154c92460f8884f7349c03b66eb1f00 - pristine_git_object: 46db5252127cdedd2385cb5524ab431bab6f30dd + last_write_checksum: sha1:0e73c86369bcad1464f35a574145b49f932e93ff + pristine_git_object: b4ae779d8e01b50a0af1c4b0dc3ca2e16c0b8510 src/core.ts: id: f431fdbcd144 last_write_checksum: sha1:3c1fe2275a0f345cf54298150f100299284b3f0e @@ -113,6 +113,10 @@ trackedFiles: id: ef509a61e72f last_write_checksum: sha1:e338d6b1dcb10ce46ed0b3fbaf9ba7083770e684 pristine_git_object: d28c104ee2affa27a204ed8b1d1c7d22ea98a83a + src/funcs/cloudSecurityCloudSecurityControllerResolveSessionV1.ts: + id: dc152c49fa5b + last_write_checksum: sha1:f5270009452eb4ec7b22f0a256a842dec105ccaf + pristine_git_object: 12c45e81449ffe688789326c77474b397c5411c0 src/funcs/cloudSecurityCloudSecurityControllerRevokeExceptionV1.ts: id: 70e6376d22d3 last_write_checksum: sha1:496bc4058bf325293f961ac37fc52da6db968247 @@ -279,8 +283,8 @@ trackedFiles: pristine_git_object: 58a6dc7a30d71ad3e6e8cbccdcd5984f09516310 src/funcs/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts: id: 7ece4e8a61bb - last_write_checksum: sha1:f00487c8b854baa8d71e65327baec862fbb81f57 - pristine_git_object: a2021ac976db7043b9cd51f2acb53f095f9c1de3 + last_write_checksum: sha1:eadad44223bf03698440561fbc178b326615fcf4 + pristine_git_object: 51878d193bba57554df67d080fe008f4431f16f8 src/funcs/evidenceExportEvidenceExportControllerExportAutomationPDFV1.ts: id: d7cb5dcc9fcb last_write_checksum: sha1:113a629e9bfcaa9a5ea039a3b3d07a0c66b87e9a @@ -1109,6 +1113,18 @@ trackedFiles: id: 63dd22c20a22 last_write_checksum: sha1:4ca37ef5c079cc03b8b611ec3eb69c51f523635c pristine_git_object: 1fbcc7141869658f1ec5305162913f299bc35328 + src/funcs/securityPenetrationTestsPentestFindingContextsControllerListV1.ts: + id: f8a9b8593359 + last_write_checksum: sha1:870f91437461b192b302b8b5c7100f3d4e4880e6 + pristine_git_object: 82d82ba92bc030a6627f28e5a5b5daabbb086462 + src/funcs/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.ts: + id: f0520a765e2f + last_write_checksum: sha1:9fded81f073753f604f03dbf0f5cf65ca610d5b1 + pristine_git_object: cb83abead188a2a46bf236f74cf43f92091bc0d5 + src/funcs/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.ts: + id: 4d53b6c3a355 + last_write_checksum: sha1:c3d6f8b4700f437dd88b0a1e997a03a69f0f73fc + pristine_git_object: 0e0cfe65ee6851063e706f56f7971d557c654603 src/funcs/securityPenetrationTestsSecurityPenetrationTestsControllerCreateV1.ts: id: 76f52c7c0cf0 last_write_checksum: sha1:0c42a26d8ff176e3f85593cd1cb2f635b2d6f5d4 @@ -1183,8 +1199,8 @@ trackedFiles: pristine_git_object: 55209b092f644b438d973d00657dc11a8177e61c src/funcs/taskAutomationsAutomationsControllerCreateVersionV1.ts: id: d19082d940dd - last_write_checksum: sha1:0ab41cdf43394804c9b993582f4fa67b6e2d28c4 - pristine_git_object: 176df73b61bb712ff3067f6d1d306d80d602ef06 + last_write_checksum: sha1:b300efbda66db2c10da5b266a0a3d731457c061e + pristine_git_object: 3ceae1831dd954d6c15cae97c4e0b64c67f7935d src/funcs/taskAutomationsAutomationsControllerDeleteAutomationV1.ts: id: 6dcc7fcbf24a last_write_checksum: sha1:ed4d741082027fb01a1904fa82789befc1d3be12 @@ -1385,6 +1401,10 @@ trackedFiles: id: 66af54be04b2 last_write_checksum: sha1:49d90e774f2fb0d69bfaaa1aba09766d5bdd9520 pristine_git_object: 8cef21767275b9dd88af778a84003535ae77b3b1 + src/funcs/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.ts: + id: 2c4cf2d6c7ca + last_write_checksum: sha1:10ffde1c8a3952f8177188339ec9e9ee14a7a229 + pristine_git_object: 53769c452d2f8ce68a14e04271cdb6f93a875fdd src/funcs/trustAccessTrustAccessControllerGetPublicCustomLinksV1.ts: id: a574c836d025 last_write_checksum: sha1:edd7f95d40a74412e59d1f8d3b49c7098a607861 @@ -1473,6 +1493,10 @@ trackedFiles: id: faf0ac58925b last_write_checksum: sha1:16b7f16197e945d042791fe700ca23158cae6ca4 pristine_git_object: 8582928f2e3543ca0fd31534a2a2d2ee8bb800d5 + src/funcs/trustPortalTrustPortalControllerListCustomFrameworksV1.ts: + id: c33282a7f648 + last_write_checksum: sha1:285d821382594f363e4c7ff79ac1659dfa92a04c + pristine_git_object: 0466f61f52d6353d4f41d13fb1aa3ff81060270a src/funcs/trustPortalTrustPortalControllerListCustomLinksV1.ts: id: 33178107a509 last_write_checksum: sha1:662182630bd673cdcfcef544026599f7a8bc1cad @@ -1501,6 +1525,14 @@ trackedFiles: id: f0b5268dad90 last_write_checksum: sha1:cd340002add0b3b73cc76c846c299b9b26f4ef66 pristine_git_object: 4f3c20a53d67523c11dc28a3995eef380e77853e + src/funcs/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.ts: + id: "885914327e73" + last_write_checksum: sha1:6f08a9f846f6e25222d84986530680b1c5eaf2c1 + pristine_git_object: 2a82565e54c3e8f3c3912e4db5cd30c2e9ed0b35 + src/funcs/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.ts: + id: 24415225225e + last_write_checksum: sha1:fe67ab2c5d0f8e9dfa51d0d23881f5c9d8b179f1 + pristine_git_object: 056c93c100fcbb7f1d0fa9b9831ce004555b01b7 src/funcs/trustPortalTrustPortalControllerUpdateCustomLinkV1.ts: id: dfd1b8a1d66f last_write_checksum: sha1:97e14bd5203059ec92e43a2b92b81526992b1839 @@ -1575,28 +1607,24 @@ trackedFiles: pristine_git_object: 9c36bf01332084f735909a71036c3544cc4c7e3a src/landing-page.ts: id: ef64a6ee46d7 - last_write_checksum: sha1:994f23c65a6e78af4599d041ff0eda5fe7e1dd28 - pristine_git_object: de9d6c7d2c22f61cbc6b7572a754417c9ecf9b20 + last_write_checksum: sha1:e150f9178a75ea2a1b40a30555cf8e347529ec98 + pristine_git_object: 6e99225096366eaac8e3a05d78d8cdebb1d7d774 src/lib/base64.ts: id: "598522066688" last_write_checksum: sha1:e9f04a037018040361043104960982f7c22db52d pristine_git_object: d4bd8b341290e7a828a171d840bd0b0fff7c7cd7 src/lib/config.ts: id: 320761608fb3 - last_write_checksum: sha1:e0a9c4230e281c3f2c5529f4ae58f2c15fe3ec45 - pristine_git_object: d888cd1215839675da7105a32b365df17af50085 - src/lib/dlv.ts: - id: b1988214835a - last_write_checksum: sha1:1dd3e3fbb4550c4bf31f5ef997faff355d6f3250 - pristine_git_object: e81091f5e536f82739f71379b1fddc2d147c49e2 + last_write_checksum: sha1:02c23a9ad3f5c6fbde59bf760c7253f6d6f73c10 + pristine_git_object: def4f2dcd8d17c3be1079ab344ed907f35730ecb src/lib/encodings.ts: id: 3bd8ead98afd - last_write_checksum: sha1:c215f841a1ed6219e406215c453ac40f3d031eef - pristine_git_object: d8af4f72888097a078f662a89f0bcf11b73e3eed + last_write_checksum: sha1:3ff4ad6809b749125820fd39c01427b84d3fe0d6 + pristine_git_object: 0db3b4544467da5329053e6587ef012c66a29264 src/lib/env.ts: id: c52972a3b198 - last_write_checksum: sha1:590559fcb6039c1bd375f3c39a551fef997e0eb1 - pristine_git_object: 57172e5e7396ab0bae9bcd1b7928961a6af316ca + last_write_checksum: sha1:58321ef9da7a7572111534fb355b7be356ee1a43 + pristine_git_object: 4be189447e9b32af7da332b74976256aa4ead566 src/lib/files.ts: id: e5efa54fcb95 last_write_checksum: sha1:795c14026405d547bfc47012f7ad9666e530fa7f @@ -1605,18 +1633,14 @@ trackedFiles: id: 63a80782d37e last_write_checksum: sha1:797cbf16d3c7c4d62d3ba0eedb08617524938457 pristine_git_object: 13cf1fd7894a89f727b8d2db2ad24313a94f68c7 - src/lib/is-plain-object.ts: - id: b9862591096a - last_write_checksum: sha1:df687f25a9590b6fd95d39df41a652ae3fd4e517 - pristine_git_object: 61070d3d7c7e5e95b1ed7e7ea21869eb0767db77 src/lib/logger.ts: id: 7ee7741a02bf last_write_checksum: sha1:0ec9d3a2a34c362746b767e4f9a746c055d57a7b pristine_git_object: d181f2937d4128afbe9b0327e0f81d1fa9c877b7 src/lib/primitives.ts: id: 74859f750b28 - last_write_checksum: sha1:d5fbb4e2feef5747fc8071046bdd4122c87bd066 - pristine_git_object: 668ab9d500d77bee730a619c5fda4a1d3cd1d16c + last_write_checksum: sha1:6f2cc1b00581006b4f70a853467df8cae81bc483 + pristine_git_object: 13567e79658831eeb0c696cf5982a170aa7e213a src/lib/result.ts: id: ab7a4c1c4c71 last_write_checksum: sha1:d24994d58f37a1ca106847fcc6d2e976c6f1c093 @@ -1679,8 +1703,8 @@ trackedFiles: pristine_git_object: 35c8713b6f8c7f17e2545423d3e74401ff77d04b src/mcp-server/mcp-server.ts: id: aabbc4ab07c1 - last_write_checksum: sha1:567efe3b470557548f6eacb999337311cac075d7 - pristine_git_object: 62f0e4dc8a591d529f7e4400881c5f906504926b + last_write_checksum: sha1:fa536c2fa0851175d16b7d81b75ede913df7f9f7 + pristine_git_object: c3521094cad8c39473728d9fdaa9c623a555db67 src/mcp-server/prompts.ts: id: 26f3d73cbf31 last_write_checksum: sha1:cadb036e04534a6d9d765809eebb266d188c499b @@ -1695,8 +1719,8 @@ trackedFiles: pristine_git_object: c25696d4c4f70e081fa5d87ad6891874c509a577 src/mcp-server/server.ts: id: 2784dd48e82a - last_write_checksum: sha1:0c27f84a71d38a31dd82477e0dde9bd43f31dee4 - pristine_git_object: afa3f31a97649886f26058962739167746ff5309 + last_write_checksum: sha1:cf22bb0d0df287f9c63c9a707fa39eb06659a3de + pristine_git_object: 502eff487dc6f1a11e1dc2dcf1b63f38e86063e1 src/mcp-server/shared.ts: id: 074e80d4be1e last_write_checksum: sha1:19c9034032819a14f15c430de4350c8aba99d725 @@ -1757,6 +1781,10 @@ trackedFiles: id: 6a8cf4203b9d last_write_checksum: sha1:0e37606c7fe23889a9cd0a9f0223464b4feb60bb pristine_git_object: 263abc9c5ea5e57d5fe72997b80f25ff3de8c119 + src/mcp-server/tools/cloudSecurityCloudSecurityControllerResolveSessionV1.ts: + id: f909553fbcd6 + last_write_checksum: sha1:21beb7a13b0ed1cc9ffbefb2a046a2bfcc7f8893 + pristine_git_object: 371937770c28f61cc2479f9d33e9561cac88adce src/mcp-server/tools/cloudSecurityCloudSecurityControllerRevokeExceptionV1.ts: id: d28d75f1d5f8 last_write_checksum: sha1:ec0a702ffe622f5a353d7353204ad8e4d8803104 @@ -1883,8 +1911,8 @@ trackedFiles: pristine_git_object: f9809482840278f016d21e239e733633c6bcc258 src/mcp-server/tools/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts: id: 5d24d31d68f4 - last_write_checksum: sha1:fcdb69c8b3524711dda78a46ac6756f0eb350067 - pristine_git_object: 90c3b2cb8bfff5642e9e63fcac6bff3e4e22ea6b + last_write_checksum: sha1:7da89e1bf3b78ae448fd4892b32bdff92cb9c46e + pristine_git_object: 57dd1826031d64a6616475953775a7e1698fa826 src/mcp-server/tools/evidenceExportEvidenceExportControllerExportAutomationPDFV1.ts: id: 5182a1151bbe last_write_checksum: sha1:c9acf22b5836c223148c4fe165042d7aa3467317 @@ -2617,6 +2645,18 @@ trackedFiles: id: fc69503051f3 last_write_checksum: sha1:54bf1ceb96d8b20d96141cb004aa11dee6b5daeb pristine_git_object: f28fc3210ebf66b3d02a89cf0d1d1e6db49a8c02 + src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerListV1.ts: + id: dca105c225be + last_write_checksum: sha1:c9fe24f35bd522e65982e55593ded790a29591b2 + pristine_git_object: bba4ac99aec6c7cdf1f6f740b4eed5421bbabb5b + src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.ts: + id: 94f6ca3328b5 + last_write_checksum: sha1:8e6a298630cba13945b77fca94ca89c1ac1e1d3c + pristine_git_object: 45656f8a8fc5159b0b892c7b3daa9de35f523918 + src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.ts: + id: 46c7cf001255 + last_write_checksum: sha1:ab289ffa8657d10bd942d1f08b899af7e9690c1f + pristine_git_object: 9acd120294875920f60fd8a958a8a3f5e7886a06 src/mcp-server/tools/securityPenetrationTestsSecurityPenetrationTestsControllerCreateV1.ts: id: dd2020c42039 last_write_checksum: sha1:579da3eeb6fa8038b7944f44aca1223d5c13c0d0 @@ -2873,6 +2913,10 @@ trackedFiles: id: 97ff8b7c5525 last_write_checksum: sha1:de2efa68c8ba68a40aa36f258be3e0eb851dadaa pristine_git_object: ab9575714f38ca94c8919f476815f3db5811c10b + src/mcp-server/tools/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.ts: + id: 91632e924f45 + last_write_checksum: sha1:db0462eddd1e4f745e6ed9a747395e0f19351763 + pristine_git_object: 8c34f6f8362fbe1bb12badbcd00534685c60447c src/mcp-server/tools/trustAccessTrustAccessControllerGetPublicCustomLinksV1.ts: id: d581c7953ea4 last_write_checksum: sha1:7e6a252150c435f590d44e6a55509a1c8ecfaec8 @@ -2961,6 +3005,10 @@ trackedFiles: id: 9ef3115237e3 last_write_checksum: sha1:d34a3ae7ab00b5091eee8c0f28f0a437ce4758a5 pristine_git_object: a13dd06e00665688798c3efb28130d5ea8250fcb + src/mcp-server/tools/trustPortalTrustPortalControllerListCustomFrameworksV1.ts: + id: 452b73ab0fb5 + last_write_checksum: sha1:64b209cce366b7ddd5da9caf387253b0174281f6 + pristine_git_object: 76adaae0799dff3d5f9f109cd2199d77ee352659 src/mcp-server/tools/trustPortalTrustPortalControllerListCustomLinksV1.ts: id: 15d76fdccb3f last_write_checksum: sha1:4b7da32b23de6e0f00f2a18d6430de20a89c39c7 @@ -2989,6 +3037,14 @@ trackedFiles: id: fa81e639acf0 last_write_checksum: sha1:d34292e277eae11f14514b9c82af939b2834879e pristine_git_object: 706d21c036fb7f9aca3e7392e995c6f4e89e22a0 + src/mcp-server/tools/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.ts: + id: 5e7e72837a10 + last_write_checksum: sha1:6bec062e4ffca9933ae10fc5976b50e628c076c0 + pristine_git_object: 6e830e46c5178ef73b71f7ca695ad97871c71149 + src/mcp-server/tools/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.ts: + id: f466ef9a303f + last_write_checksum: sha1:e0024a8d76a39c5932a0418d483599e18870af21 + pristine_git_object: c1e52ce5842f896cfc6a17802518adcc3a90439c src/mcp-server/tools/trustPortalTrustPortalControllerUpdateCustomLinkV1.ts: id: 7ce632b3bbca last_write_checksum: sha1:9f9c22be488fd997b684b0000e4ea391aab7f37d @@ -3119,8 +3175,8 @@ trackedFiles: pristine_git_object: 98bf248a1fd720e7083a5acfc02c94c1a8502c88 src/models/automationscontrollercreateversionv1op.ts: id: 7c989890dc7a - last_write_checksum: sha1:58994a048d95fb38fcbfd3bf03abee42d2a3f5c7 - pristine_git_object: 76fb7b6fb0b24ad705b2edd9c85d9f8a3a949527 + last_write_checksum: sha1:9383f32dd46f38c27a33de19ca31da5cb1d5479f + pristine_git_object: df09aaded2c20ab15d7d74e8cd575e246d6197a2 src/models/automationscontrollerdeleteautomationv1op.ts: id: 772cbf9602ba last_write_checksum: sha1:9058099e44f8817de6880436b32b08b701f07286 @@ -3209,6 +3265,10 @@ trackedFiles: id: c7d41c3e8ebf last_write_checksum: sha1:52e107dc223482687b1652196efb182ea6bf3032 pristine_git_object: 285e19960169e2e3f960f6217f1dee8019ca0151 + src/models/cloudsecuritycontrollerresolvesessionv1op.ts: + id: d284c9cf0a61 + last_write_checksum: sha1:9022b1528565fbfbc5b472f1d1d0c74441d7879a + pristine_git_object: 750d5a8d3b6c6ac7581e46934472178b395a912b src/models/cloudsecuritycontrollerrevokeexceptionv1op.ts: id: b40bffe5cdea last_write_checksum: sha1:b7197c708354f710b3a46f70f83f243c129423dd @@ -3263,12 +3323,12 @@ trackedFiles: pristine_git_object: 0f8cac783c0fa34d212b1c3c63106fcaae1f7299 src/models/complianceresourceresponsedto.ts: id: acae4c9bd943 - last_write_checksum: sha1:a17fefe935e2cae2a92a3ad4e1ce2af204ffc6ca - pristine_git_object: 233f0aceffdcf3b28ddfd788dc252b5aba2e36f7 + last_write_checksum: sha1:5cb5ef5d6bdf8c790ab47cc93e80abe77ffaaafc + pristine_git_object: f14d47ebb0b00185e1a74b5903868c3394a53817 src/models/complianceresourcesignedurldto.ts: id: 02b44ad8e924 - last_write_checksum: sha1:c792acf6279046208d60bd044da847e39634e8b0 - pristine_git_object: 5f3b0aa198a3ea7af0b2d7862412d8ba879a6773 + last_write_checksum: sha1:889e8266e447f4196633bb1995962c36985a4ded + pristine_git_object: 36653b2f1ec6d3c0e7f5e9f4bff9d19135d99436 src/models/complianceresourceurlresponsedto.ts: id: 687e2f29de38 last_write_checksum: sha1:9b1ddaade240e303e734d326199356a8171e0d94 @@ -3375,8 +3435,8 @@ trackedFiles: pristine_git_object: e6e7b767b88afe5e60a347e05c7274ee1737f8a0 src/models/controlscontrollerunlinkdocumenttypev1op.ts: id: edc19b966a6a - last_write_checksum: sha1:34541c7a6990e2f83f09d98d6ed17720486d8eaa - pristine_git_object: c582816881750ec47ce97b15f1cb24aac2410ffd + last_write_checksum: sha1:e7fb53854d37ff920e218a2561694372e6602ab3 + pristine_git_object: 1298a1804fb05949e2420317f0daaeba4762dc4c src/models/createaccessrequestdto.ts: id: c099827d5497 last_write_checksum: sha1:06ccfeae9414d617517491bb34f55bba1e7251f1 @@ -3399,8 +3459,8 @@ trackedFiles: pristine_git_object: adf3ddd7642914e1668701b439d47226783d23ef src/models/createcontroldto.ts: id: 7167ad0ab0e0 - last_write_checksum: sha1:6182b1f0e005ffe33785b0685b9058d52f5f806f - pristine_git_object: 1dc738241f57e10480e8ca2e16bd2a50a44793af + last_write_checksum: sha1:89930e68d53d06c94bc18dcbd5ed91f5888f3df8 + pristine_git_object: 990acd54aea9899cc6bd16f71087618d9eb1a027 src/models/createcustomframeworkdto.ts: id: cfb60537e10a last_write_checksum: sha1:9970bb820c4a523f69287fdd62fcd21e913ba54a @@ -3411,12 +3471,12 @@ trackedFiles: pristine_git_object: 947bd0f96cac351d1c47289cf34c3ec8f89a97fd src/models/createfindingdto.ts: id: 80e0ec6bf333 - last_write_checksum: sha1:b30c99798966e607cce5319027ba6b610b2cf2f4 - pristine_git_object: ab3601b38cc56758f5831bd1b9c880be1890ff12 + last_write_checksum: sha1:974eaae3f63f574e1d234e3412c1ab51f80d006d + pristine_git_object: 0a2ef758722a6aa780eca38394553ac4a1fabb48 src/models/createpenetrationtestdto.ts: id: 7a0dcb73eca6 - last_write_checksum: sha1:bc707f9f1193ba2a135c2c54ebe65208bed6d59e - pristine_git_object: a7308aca947d1c6a55b492e4e4013ecda1bbe685 + last_write_checksum: sha1:d7be31bcc5347650bc5a087274ef27e9a5b1687b + pristine_git_object: 65314855b87740faad407c2219cffc9c0e808ac2 src/models/createpeopledto.ts: id: ca4b5fcac9a5 last_write_checksum: sha1:af5462015c5fd5e87dc6a23b303d777d4bca3111 @@ -3455,8 +3515,8 @@ trackedFiles: pristine_git_object: 41dcd9264befe30d5f4ec6485bdc14cffef61508 src/models/createversiondto.ts: id: 9f65a13f79eb - last_write_checksum: sha1:5c16da927034991cada245bea10b03ca66644b07 - pristine_git_object: a5b2f201e8e9fed1f3efc05570597b5bcebbccc9 + last_write_checksum: sha1:0fcd0d2c036fb1bb62269690d4eb70b8fba88faa + pristine_git_object: 5c12ea9501e8c12ec0769adf52dd9f716fda9e84 src/models/declinesoadocumentdto.ts: id: 217596b381df last_write_checksum: sha1:43d0f91e50026e591c3b23b66f18fac202b62f42 @@ -3655,8 +3715,8 @@ trackedFiles: pristine_git_object: 3b04cd1c519e0ab00d487cb3bd9a20cf0ee1204e src/models/findingscontrollerlistfindingsv1op.ts: id: 1ec2d800adb4 - last_write_checksum: sha1:29aa650de5d7585d853fa451e304eddcb08b7377 - pristine_git_object: 4acdb58ce31e928ff44892a83917c9ef633599f5 + last_write_checksum: sha1:1763c01c2a13bd43b86657253921f409c2f4f08c + pristine_git_object: bae96e56434f5056c9e92bd56b2f0d86549c1ffe src/models/findingscontrollerupdatefindingv1op.ts: id: c8559ae272bf last_write_checksum: sha1:5d88fa39ba6358d555b44ae6c8fab31e7653576c @@ -3767,8 +3827,8 @@ trackedFiles: pristine_git_object: 806822cd2fc2b37573412f62e72580d3a019231c src/models/linkdocumenttypesdto.ts: id: 4590345cf58e - last_write_checksum: sha1:0a8269b7202ca4c3720ab84fa4f9fff047d0ec14 - pristine_git_object: 5a1f64ad73ff11436ad403a676c3492654ce11df + last_write_checksum: sha1:696a366176d37ec1926bdb511af8b8ba34670632 + pristine_git_object: cade160b8e09977de386cbc6e5727ae44242bafb src/models/linkpoliciesdto.ts: id: e180fa45bfc9 last_write_checksum: sha1:dc310527ab9bf116550592e644b134ab8ad4ce0e @@ -3897,6 +3957,18 @@ trackedFiles: id: df2f8ceb0b50 last_write_checksum: sha1:7290670399ae92b33bdadcd93f0c57bd97da0510 pristine_git_object: c51790dfa792d839499dd7d1c42600fa9d075788 + src/models/pentestfindingcontextscontrollerlistv1op.ts: + id: 3bc09144efdd + last_write_checksum: sha1:a778b4a72d63283f2554c9e4d9309256b2c1433d + pristine_git_object: e4f77922d3055ccb0db6b8fadb0208da4bf0e799 + src/models/pentestfindingcontextscontrollerremovev1op.ts: + id: fbc39571e71f + last_write_checksum: sha1:11cbfb7d18b7523a9aad54393b3b35e467bf1a6c + pristine_git_object: 596753a1af4e25356938b6faf76cb8078be0b668 + src/models/pentestfindingcontextscontrollerupsertv1op.ts: + id: 97ecfd1d7f63 + last_write_checksum: sha1:c747e8251cacf3c88c32b6fc795e16ada5573fbc + pristine_git_object: 8283d15511c50a47ad51162cd4a17493f3ca1b6a src/models/peoplecontrollerbulkcreatemembersv1op.ts: id: 5a52bae2125a last_write_checksum: sha1:98f3ea4545d812950832febc647e907c86df783d @@ -4525,6 +4597,10 @@ trackedFiles: id: edad1d24d164 last_write_checksum: sha1:d29c116741c6825cf52f0eb490ed374c717d7019 pristine_git_object: eaab1050b4ceee84901bec428ac4523a7744fe1f + src/models/trustaccesscontrollergetpubliccustomframeworksv1op.ts: + id: f57451b3c477 + last_write_checksum: sha1:e845c3bb39caef3251aab0bc1056bbb513c35e1e + pristine_git_object: 0bca9b48464957f27ba4eac796210d4e8e95291f src/models/trustaccesscontrollergetpubliccustomlinksv1op.ts: id: f2b388e9e07c last_write_checksum: sha1:edefe5011e363c1c88507e1c2bc01b9371937da1 @@ -4605,6 +4681,10 @@ trackedFiles: id: 8b42bf2db483 last_write_checksum: sha1:328e32571c304700b5041dbd63deaed452298ca2 pristine_git_object: cefa5d95e0791e453fc9597be327b51c63923268 + src/models/trustportalcontrollerupdatecustomframeworkv1op.ts: + id: 0c0141cc1669 + last_write_checksum: sha1:5717e944537591a1bf5e59864587b166e702eec3 + pristine_git_object: 9f5b8d021e4622ccadd8f79f8f38ec343370290e src/models/trustportalcontrollerupdatecustomlinkv1op.ts: id: b10f6bec788d last_write_checksum: sha1:990ecfb4b690d261e2dd8f360122aa4c983528f9 @@ -4613,6 +4693,10 @@ trackedFiles: id: e5c169e07eed last_write_checksum: sha1:bac271b890cb8c938826652f8a66bba13a847f38 pristine_git_object: 1c48b94470580e9bf3762e8d854e2fe5111d721c + src/models/updateallowedemailsdto.ts: + id: 58f17687e01c + last_write_checksum: sha1:f10a6208bac4de13448a73410611ca7950b9d19b + pristine_git_object: 3bd71e6642418be4cebb1954f0bb37d84aa55575 src/models/updateautomationdto.ts: id: dca3254109e9 last_write_checksum: sha1:4f9dfc56b2f389b872a1aa81f1e6cae7adac895a @@ -4691,8 +4775,8 @@ trackedFiles: pristine_git_object: 50f208b729a42a5f1d35fd7d5630a5005bdd888f src/models/uploadcomplianceresourcedto.ts: id: 207b5be255f7 - last_write_checksum: sha1:3402795b05856d029de1af7c45cba6a973db416a - pristine_git_object: 7160e2aaa33a57fc4ced720588354a0f94f82190 + last_write_checksum: sha1:e89512f162b2631f32fcdf6effea66723da2d7c2 + pristine_git_object: 026aa6b597c2f4207de9426ebc35d0ea57ceec64 src/models/uploaddocumentdto.ts: id: fcadbde7579d last_write_checksum: sha1:a3f49dab9591d506a0789bcf998e1e76d59e9403 @@ -4717,6 +4801,10 @@ trackedFiles: id: c3e41e9552d3 last_write_checksum: sha1:0f6344f8253ce58865a9ea00b57fedd754319350 pristine_git_object: 704a62f021487ba5d430d9d684a3c9cc1416467d + src/models/upsertfindingcontextdto.ts: + id: 0568fd6cd7e6 + last_write_checksum: sha1:701ae46a20903baad6b07b5b656e0a75e5d83330 + pristine_git_object: ea45dd2a6d275c16171de13b14a80fb41eb56479 src/models/userresponsedto.ts: id: 5364049c7e57 last_write_checksum: sha1:6f9e47da8a8a60983325bcc4e3b1a45d1e597f10 @@ -4767,8 +4855,8 @@ trackedFiles: pristine_git_object: d89990b1a39878e9651513ee19fcba40b01670b4 src/tool-names.ts: id: a9977280f9eb - last_write_checksum: sha1:5ab0afcd882362a450e0570449b714c63c4c0842 - pristine_git_object: 4f332a52de529b2453979912419c16136a8bd9c4 + last_write_checksum: sha1:7ae774ca77ae00852d03e04eb8622d76923d0096 + pristine_git_object: 684c1bcdd825e2fba019cf5a3f9357b322e37688 src/types/async.ts: id: fac8da972f86 last_write_checksum: sha1:3ff07b3feaf390ec1aeb18ff938e139c6c4a9585 @@ -5491,7 +5579,7 @@ examples: path: id: "pol_abc123def456" requestBody: - application/json: {"sourceVersionId": "pv_abc123def456", "changelog": "Initial draft for quarterly updates"} + application/json: {"version": 1, "scriptKey": "org_abc123/tsk_abc123/aut_abc123.v1.js"} responses: "201": application/json: {} @@ -5896,6 +5984,8 @@ examples: path: taskId: "" automationId: "" + requestBody: + application/json: {"version": 1, "scriptKey": "org_abc123/tsk_abc123/aut_abc123.v1.js"} AutomationsController_getTaskAutomationRuns_v1: speakeasy-default-automations-controller-get-task-automation-runs-v1: parameters: @@ -5975,14 +6065,14 @@ examples: TrustPortalController_uploadComplianceResource_v1: speakeasy-default-trust-portal-controller-upload-compliance-resource-v1: requestBody: - application/json: {"organizationId": "org_6914cd0e16e4c7dccbb54426", "framework": "iso_27001", "fileName": "iso-27001-certificate.pdf", "fileType": "application/pdf", "fileData": ""} + application/json: {"organizationId": "org_6914cd0e16e4c7dccbb54426", "framework": "iso_27001", "customFrameworkId": "cfrm_6914cd0e16e4c7dccbb54426", "fileName": "iso-27001-certificate.pdf", "fileType": "application/pdf", "fileData": ""} responses: "201": - application/json: {"framework": "nen_7510", "fileName": "example.file", "fileSize": 5944.98, "updatedAt": "1735676478876"} + application/json: {"framework": "nen_7510", "customFrameworkId": {}, "fileName": "example.file", "fileSize": 5944.98, "updatedAt": "1735676478876"} TrustPortalController_getComplianceResourceUrl_v1: speakeasy-default-trust-portal-controller-get-compliance-resource-url-v1: requestBody: - application/json: {"organizationId": "org_6914cd0e16e4c7dccbb54426", "framework": "iso_27001"} + application/json: {"organizationId": "org_6914cd0e16e4c7dccbb54426", "framework": "iso_27001", "customFrameworkId": "cfrm_6914cd0e16e4c7dccbb54426"} responses: "200": application/json: {"signedUrl": "https://admired-petal.net", "fileName": "example.file", "fileSize": 1105.4} @@ -5992,7 +6082,7 @@ examples: application/json: {"organizationId": "org_6914cd0e16e4c7dccbb54426"} responses: "200": - application/json: [{"framework": "soc2_type1", "fileName": "example.file", "fileSize": 1020.98, "updatedAt": "1735682014552"}] + application/json: [{"framework": "soc2_type1", "customFrameworkId": {}, "fileName": "example.file", "fileSize": 1020.98, "updatedAt": "1735682014552"}] TrustPortalController_uploadTrustDocument_v1: speakeasy-default-trust-portal-controller-upload-trust-document-v1: requestBody: @@ -7121,5 +7211,41 @@ examples: providerSlug: "" query: connectionId: "" + TrustPortalController_updateAllowedEmails_v1: + speakeasy-default-trust-portal-controller-update-allowed-emails-v1: + requestBody: + application/json: {"emails": ["person@example.com"]} + TrustPortalController_listCustomFrameworks_v1: {} + TrustPortalController_updateCustomFramework_v1: + speakeasy-default-trust-portal-controller-update-custom-framework-v1: + requestBody: + application/json: {"customFrameworkId": "", "enabled": false} + TrustAccessController_getPublicCustomFrameworks_v1: + speakeasy-default-trust-access-controller-get-public-custom-frameworks-v1: + parameters: + path: + friendlyUrl: "https://kaleidoscopic-armoire.biz" + CloudSecurityController_resolveSession_v1: + speakeasy-default-cloud-security-controller-resolve-session-v1: + parameters: + path: + connectionId: "" + PentestFindingContextsController_list_v1: + speakeasy-default-pentest-finding-contexts-controller-list-v1: + parameters: + query: + targetUrl: "https://pointed-executor.name/" + PentestFindingContextsController_upsert_v1: + speakeasy-default-pentest-finding-contexts-controller-upsert-v1: + parameters: + path: + issueId: "" + requestBody: + application/json: {"runId": "pentest-abc123", "context": "Read access to appConfiguration is accepted by design: the collection only holds non-secret bootstrap configuration and write access is restricted to privileged users."} + PentestFindingContextsController_remove_v1: + speakeasy-default-pentest-finding-contexts-controller-remove-v1: + parameters: + path: + issueId: "" examplesVersion: 1.0.2 -releaseNotes: "## Mcp-typescript SDK Changes:\n* `CompAi.Risks.RisksController_createRisk_v1()`: \n * `request.department` **Changed** (Breaking ⚠️)\n* `CompAi.Policies.PoliciesController_updatePolicy_v1()`: \n * `request.body.department` **Changed** (Breaking ⚠️)\n * `response.department` **Changed** (Breaking ⚠️)\n* `CompAi.Offboarding Checklist.OffboardingChecklistController_uploadEvidence_v1()`: \n * `request.body` **Changed** (Breaking ⚠️)\n* `CompAi.Offboarding Checklist.OffboardingChecklistController_completeItem_v1()`: \n * `request.body` **Changed** (Breaking ⚠️)\n* `CompAi.People.PeopleController_getAllPeople_v1()`: `response.data[].department` **Changed** (Breaking ⚠️)\n* `CompAi.People.PeopleController_createMember_v1()`: \n * `request.department` **Changed** (Breaking ⚠️)\n * `response.department` **Changed** (Breaking ⚠️)\n* `CompAi.People.PeopleController_bulkCreateMembers_v1()`: \n * `request.members[].department` **Changed** (Breaking ⚠️)\n * `response.created[].department` **Changed** (Breaking ⚠️)\n* `CompAi.People.PeopleController_getPersonById_v1()`: `response.department` **Changed** (Breaking ⚠️)\n* `CompAi.People.PeopleController_updateMember_v1()`: \n * `request.body.department` **Changed** (Breaking ⚠️)\n * `response.department` **Changed** (Breaking ⚠️)\n* `CompAi.People.PeopleController_deleteMember_v1()`: \n * `request.skipOffboarding` **Added** (Breaking ⚠️)\n* `CompAi.People.PeopleController_unlinkDevice_v1()`: `response.department` **Changed** (Breaking ⚠️)\n* `CompAi.People.PeopleController_uploadEmploymentEvidence_v1()`: \n * `request.body` **Changed** (Breaking ⚠️)\n* `CompAi.Integrations.SyncController_getAvailableSyncProviders_v1()`: `request` **Added** (Breaking ⚠️)\n* `CompAi.Risks.RisksController_getAllRisks_v1()`: \n * `request.department` **Changed** (Breaking ⚠️)\n* `CompAi.Knowledge Base.KnowledgeBaseController_uploadDocument_v1()`: `request` **Changed** (Breaking ⚠️)\n* `CompAi.Policies.PoliciesController_getAllPolicies_v1()`: `response.data[].department` **Changed** (Breaking ⚠️)\n* `CompAi.Comments.CommentsController_createComment_v1()`: \n * `request.attachments[]` **Changed** (Breaking ⚠️)\n* `CompAi.Policies.PoliciesController_createPolicy_v1()`: \n * `request.body.department` **Changed** (Breaking ⚠️)\n * `response.department` **Changed** (Breaking ⚠️)\n* `CompAi.Policies.PoliciesController_getPolicy_v1()`: `response.department` **Changed** (Breaking ⚠️)\n* `CompAi.Risks.RisksController_updateRisk_v1()`: \n * `request.body.department` **Changed** (Breaking ⚠️)\n* `CompAi.Tasks.TasksController_uploadTaskAttachment_v1()`: \n * `request.body` **Changed** (Breaking ⚠️)\n* `CompAi.Tasks.TasksController_createTask_v1()`: \n * `request.department` **Changed** (Breaking ⚠️)\n* `CompAi.Tasks.TasksController_updateTask_v1()`: \n * `request.body.department` **Changed** (Breaking ⚠️)\n* `CompAi.Uploads.UploadsController_createUploadUrl_v1()`: \n * `request.body.purpose.enum(document)` **Added**\n* `CompAi.SOA.SOAController_getSetup_v1()`: **Added**\n* `CompAi.Integrations.SyncController_getDeviceSyncProvider_v1()`: **Added**\n* `CompAi.Attachments.AttachmentsController_createAttachment_v1()`: `request` **Changed**\n* `CompAi.Integrations.SyncController_syncDynamicProviderDevices_v1()`: **Added**\n* `CompAi.Integrations.SyncController_setDeviceSyncProvider_v1()`: **Added**\n" +releaseNotes: "## Mcp-typescript SDK Changes:\n* `CompAi.Trust Portal.TrustPortalController_listComplianceResources_v1()`: `response.[]` **Changed** (Breaking ⚠️)\n* `CompAi.Policies.PoliciesController_createPolicyVersion_v1()`: \n * `request.body` **Changed** (Breaking ⚠️)\n* `CompAi.Trust Portal.TrustPortalController_uploadComplianceResource_v1()`: \n * `request` **Changed**\n * `response` **Changed** (Breaking ⚠️)\n* `CompAi.Evidence Export (Auditor).AuditorEvidenceExportController_exportAllEvidence_v1()`: `response` **Changed** (Breaking ⚠️)\n* `CompAi.Security Penetration Tests.PentestFindingContextsController_list_v1()`: **Added**\n* `CompAi.Trust Portal.TrustPortalController_getComplianceResourceUrl_v1()`: `request` **Changed**\n* `CompAi.Security Penetration Tests.PentestFindingContextsController_upsert_v1()`: **Added**\n* `CompAi.Security Penetration Tests.PentestFindingContextsController_remove_v1()`: **Added**\n* `CompAi.Trust Portal.TrustPortalController_listCustomFrameworks_v1()`: **Added**\n* `CompAi.Trust Portal.TrustPortalController_updateCustomFramework_v1()`: **Added**\n* `CompAi.Trust Access.TrustAccessController_getPublicCustomFrameworks_v1()`: **Added**\n* `CompAi.CloudSecurity.CloudSecurityController_resolveSession_v1()`: **Added**\n* `CompAi.Trust Portal.TrustPortalController_updateAllowedEmails_v1()`: **Added**\n* `CompAi.Findings.FindingsController_listFindings_v1()`: \n * `request.evidenceFormType` **Changed**\n* `CompAi.Findings.FindingsController_createFinding_v1()`: \n * `request.evidenceFormType.enum(account-types)` **Added**\n* `CompAi.Controls.ControlsController_create_v1()`: \n * `request.documentTypes[].enum(account_types)` **Added**\n* `CompAi.Controls.ControlsController_linkDocumentTypes_v1()`: \n * `request.body.formTypes[].enum(account_types)` **Added**\n* `CompAi.Controls.ControlsController_unlinkDocumentType_v1()`: \n * `request.formType` **Changed**\n* `CompAi.Security Penetration Tests.SecurityPenetrationTestsController_create_v1()`: \n * `request.body.additionalContext` **Added**\n" diff --git a/apps/mcp-server/.speakeasy/gen.yaml b/apps/mcp-server/.speakeasy/gen.yaml index 8d627a1ca4..5f494d3a4c 100644 --- a/apps/mcp-server/.speakeasy/gen.yaml +++ b/apps/mcp-server/.speakeasy/gen.yaml @@ -31,7 +31,7 @@ generation: generateNewTests: true skipResponseBodyAssertions: false mcp-typescript: - version: 0.1.0 + version: 0.2.0 additionalDependencies: dependencies: {} devDependencies: {} diff --git a/apps/mcp-server/.speakeasy/out.openapi.yaml b/apps/mcp-server/.speakeasy/out.openapi.yaml index a73a2cf020..abf703282f 100644 --- a/apps/mcp-server/.speakeasy/out.openapi.yaml +++ b/apps/mcp-server/.speakeasy/out.openapi.yaml @@ -1,5 +1,4 @@ openapi: "3.0.0" -x-speakeasy-timeout: 120000 paths: /v1/organization: get: @@ -8419,6 +8418,12 @@ paths: description: "Automation ID" schema: type: "string" + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/CreateVersionDto" responses: "201": description: "" @@ -8608,8 +8613,8 @@ paths: x-speakeasy-mcp: name: "export-task-evidence-zip" /v1/evidence-export/all: - get: - description: "Export all organization evidence as ZIP (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." + post: + description: "Trigger bulk evidence export (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." operationId: "AuditorEvidenceExportController_exportAllEvidence_v1" parameters: - name: "includeJson" @@ -8619,24 +8624,20 @@ paths: schema: type: "boolean" responses: - "200": - description: "ZIP file generated successfully" - content: - application/zip: {} - "403": - description: "Access denied - Auditor role required" + "201": + description: "Export job started" security: - apikey: [] - summary: "Export all organization evidence as ZIP (Auditor only)" + summary: "Trigger bulk evidence export (Auditor only)" tags: - "Evidence Export (Auditor)" x-mint: metadata: - title: "Export all organization evidence as ZIP | Comp AI API" - sidebarTitle: "Export all organization evidence as ZIP (Auditor only)" - description: "Export all organization evidence as ZIP (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." - og:title: "Export all organization evidence as ZIP | Comp AI API" - og:description: "Export all organization evidence as ZIP (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." + title: "Trigger bulk evidence export (Auditor only) | Comp AI API" + sidebarTitle: "Trigger bulk evidence export (Auditor only)" + description: "Trigger bulk evidence export (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." + og:title: "Trigger bulk evidence export (Auditor only) | Comp AI API" + og:description: "Trigger bulk evidence export (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." x-speakeasy-mcp: name: "export-all-evidence" /v1/comments: @@ -9285,6 +9286,34 @@ paths: og:description: "Update allowed domains for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources." x-speakeasy-mcp: name: "update-allowed-domains" + /v1/trust-portal/settings/allowed-emails: + put: + operationId: "TrustPortalController_updateAllowedEmails_v1" + parameters: [] + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdateAllowedEmailsDto" + responses: + "200": + description: "" + security: + - apikey: [] + summary: "Update allowed emails for the trust portal" + tags: + - "Trust Portal" + description: "Update allowed emails for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + x-mint: + metadata: + title: "Update allowed emails for the trust portal | Comp AI API" + sidebarTitle: "Update allowed emails for the trust portal" + description: "Update allowed emails for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources." + og:title: "Update allowed emails for the trust portal | Comp AI API" + og:description: "Update allowed emails for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources." + x-speakeasy-mcp: + name: "update-allowed-emails" /v1/trust-portal/settings/frameworks: put: operationId: "TrustPortalController_updateFrameworks_v1" @@ -9307,6 +9336,75 @@ paths: og:description: "Update trust portal framework settings in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents." x-speakeasy-mcp: name: "update-frameworks" + /v1/trust-portal/custom-frameworks: + get: + operationId: "TrustPortalController_listCustomFrameworks_v1" + parameters: [] + responses: + "200": + description: "" + security: + - apikey: [] + summary: "List org-authored custom frameworks with their trust portal selection" + tags: + - "Trust Portal" + description: "List org-authored custom frameworks with their trust portal selection in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + x-mint: + metadata: + title: "List org-authored custom frameworks with | Comp AI API" + sidebarTitle: "List org-authored custom frameworks with their trust portal selection" + description: "List org-authored custom frameworks with their trust portal selection in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs." + og:title: "List org-authored custom frameworks with | Comp AI API" + og:description: "List org-authored custom frameworks with their trust portal selection in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs." + x-speakeasy-mcp: + name: "list-custom-frameworks" + put: + operationId: "TrustPortalController_updateCustomFramework_v1" + parameters: [] + requestBody: + required: true + description: "At least one of `enabled` or `status` must be provided." + content: + application/json: + schema: + type: "object" + required: + - "customFrameworkId" + anyOf: + - required: + - "enabled" + - required: + - "status" + properties: + customFrameworkId: + type: "string" + minLength: 1 + enabled: + type: "boolean" + status: + type: "string" + enum: + - "started" + - "in_progress" + - "compliant" + responses: + "200": + description: "" + security: + - apikey: [] + summary: "Enable/disable a custom framework on the trust portal and set its status" + tags: + - "Trust Portal" + description: "Enable/disable a custom framework on the trust portal and set its status in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + x-mint: + metadata: + title: "Enable/disable a custom framework on the | Comp AI API" + sidebarTitle: "Enable/disable a custom framework on the trust portal and set its status" + description: "Enable/disable a custom framework on the trust portal and set its status in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs." + og:title: "Enable/disable a custom framework on the | Comp AI API" + og:description: "Enable/disable a custom framework on the trust portal and set its status in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs." + x-speakeasy-mcp: + name: "update-custom-framework" /v1/trust-portal/overview: post: operationId: "TrustPortalController_updateOverview_v1" @@ -10026,6 +10124,32 @@ paths: og:description: "List published vendors and subprocessors for an organization Trust Center so reviewers can inspect third-party posture." x-speakeasy-mcp: name: "get-public-vendors" + /v1/trust-access/{friendlyUrl}/custom-frameworks: + get: + description: "Get org-authored custom frameworks shown on a trust portal in Comp AI. Manage external Trust Center access requests, NDA signing, grants, tokenized document downloads, public FAQs, and reviewer access." + operationId: "TrustAccessController_getPublicCustomFrameworks_v1" + parameters: + - name: "friendlyUrl" + required: true + in: "path" + description: "Trust Portal friendly URL or Organization ID" + schema: + type: "string" + responses: + "200": + description: "Custom frameworks retrieved successfully" + summary: "Get org-authored custom frameworks shown on a trust portal" + tags: + - "Trust Access" + x-mint: + metadata: + title: "Get org-authored custom frameworks shown on a | Comp AI API" + sidebarTitle: "Get org-authored custom frameworks shown on a trust portal" + description: "Get org-authored custom frameworks shown on a trust portal in Comp AI. Manage external Trust Center access requests, NDA signing, grants, tokenized document." + og:title: "Get org-authored custom frameworks shown on a | Comp AI API" + og:description: "Get org-authored custom frameworks shown on a trust portal in Comp AI. Manage external Trust Center access requests, NDA signing, grants, tokenized document." + x-speakeasy-mcp: + name: "get-public-custom-frameworks" /v1/findings: get: operationId: "FindingsController_listFindings_v1" @@ -10090,6 +10214,7 @@ paths: - "employee-performance-evaluation" - "network-diagram" - "tabletop-exercise" + - "account-types" type: "string" - name: "policyId" required: false @@ -13138,6 +13263,31 @@ paths: og:description: "Resolve the \"About this check\" description for a finding (AI-cached for AWS; provider-derived for GCP/Azure) in Comp AI. Run AWS, Azure, and GCP cloud." x-speakeasy-mcp: name: "get-check-definition" + /v1/cloud-security/resolve-session/{connectionId}: + post: + operationId: "CloudSecurityController_resolveSession_v1" + parameters: + - name: "connectionId" + required: true + in: "path" + schema: + type: "string" + responses: + "201": + description: "" + summary: "Resolve short-lived AWS credentials for a connection (internal only)" + tags: + - "CloudSecurity" + description: "Resolve short-lived AWS credentials for a connection (internal only) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services, review findings, and connect cloud posture results to compliance work." + x-mint: + metadata: + title: "Resolve short-lived AWS credentials for a | Comp AI API" + sidebarTitle: "Resolve short-lived AWS credentials for a connection (internal only)" + description: "Resolve short-lived AWS credentials for a connection (internal only) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services." + og:title: "Resolve short-lived AWS credentials for a | Comp AI API" + og:description: "Resolve short-lived AWS credentials for a connection (internal only) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services." + x-speakeasy-mcp: + name: "resolve-session" /v1/cloud-security/scan/{connectionId}: post: operationId: "CloudSecurityController_scan_v1" @@ -15331,11 +15481,6 @@ paths: schema: example: "ctl_abc123def456" type: "string" - - name: "frameworkInstanceId" - required: true - in: "query" - schema: - type: "string" - name: "formType" required: true in: "path" @@ -15354,6 +15499,12 @@ paths: - "employee_performance_evaluation" - "network_diagram" - "tabletop_exercise" + - "account_types" + type: "string" + - name: "frameworkInstanceId" + required: true + in: "query" + schema: type: "string" responses: "200": @@ -15636,6 +15787,115 @@ paths: og:description: "Get penetration test PDF in Comp AI. Create AI-powered penetration test runs, track progress, inspect findings and events, and download markdown or PDF." x-speakeasy-mcp: name: "get-pdf" + /v1/pentest-finding-contexts: + get: + description: "Returns the customer-written context notes attached to pentest findings for a target URL. These notes are shared with the testing agent on future scans of the same target so retests are informed, not blind." + operationId: "PentestFindingContextsController_list_v1" + parameters: + - name: "X-Organization-Id" + in: "header" + description: "Organization ID (required for session auth, optional for API key auth)" + required: false + schema: + type: "string" + - name: "targetUrl" + required: true + in: "query" + description: "Target URL the notes are attached to" + schema: + type: "string" + responses: + "200": + description: "Context notes returned" + security: + - apikey: [] + summary: "List pentest finding context notes" + tags: + - "Security Penetration Tests" + x-speakeasy-mcp: + name: "list-pentest-finding-contexts" + x-mint: + metadata: + title: "List pentest finding context notes | Comp AI API" + sidebarTitle: "List pentest finding context notes" + description: "Returns the customer-written context notes attached to pentest findings for a target URL. These notes are shared with the testing agent on future scans of." + og:title: "List pentest finding context notes | Comp AI API" + og:description: "Returns the customer-written context notes attached to pentest findings for a target URL. These notes are shared with the testing agent on future scans of." + /v1/pentest-finding-contexts/{issueId}: + put: + description: "Saves a customer context note on a pentest finding, e.g. an accepted-by-design rationale or remediation details. Future scans of the same target pass the note to the testing agent so the issue is retested with that context." + operationId: "PentestFindingContextsController_upsert_v1" + parameters: + - name: "X-Organization-Id" + in: "header" + description: "Organization ID (required for session auth, optional for API key auth)" + required: false + schema: + type: "string" + - name: "issueId" + required: true + in: "path" + schema: + type: "string" + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpsertFindingContextDto" + responses: + "200": + description: "Context note saved" + "404": + description: "Run or finding not found" + security: + - apikey: [] + summary: "Add context to a pentest finding" + tags: + - "Security Penetration Tests" + x-speakeasy-mcp: + name: "set-pentest-finding-context" + x-mint: + metadata: + title: "Add context to a pentest finding | Comp AI API" + sidebarTitle: "Add context to a pentest finding" + description: "Saves a customer context note on a pentest finding, e.g. an accepted-by-design rationale or remediation details. Future scans of the same target pass the." + og:title: "Add context to a pentest finding | Comp AI API" + og:description: "Saves a customer context note on a pentest finding, e.g. an accepted-by-design rationale or remediation details. Future scans of the same target pass the." + delete: + description: "Deletes the customer context note attached to a pentest finding so future scans of the target no longer receive it from the testing agent briefing." + operationId: "PentestFindingContextsController_remove_v1" + parameters: + - name: "X-Organization-Id" + in: "header" + description: "Organization ID (required for session auth, optional for API key auth)" + required: false + schema: + type: "string" + - name: "issueId" + required: true + in: "path" + schema: + type: "string" + responses: + "200": + description: "Context note deleted" + "404": + description: "No context found for finding" + security: + - apikey: [] + summary: "Remove context from a pentest finding" + tags: + - "Security Penetration Tests" + x-speakeasy-mcp: + name: "delete-pentest-finding-context" + x-mint: + metadata: + title: "Remove context from a pentest finding | Comp AI API" + sidebarTitle: "Remove context from a pentest finding" + description: "Deletes the customer context note attached to a pentest finding so future scans of the target no longer receive it from the testing agent briefing." + og:title: "Remove context from a pentest finding | Comp AI API" + og:description: "Deletes the customer context note attached to a pentest finding so future scans of the target no longer receive it from the testing agent briefing." /v1/offboarding-checklist/pending: get: description: "Lists members whose offboarding checklist is still incomplete, with their outstanding items, so you can track and finish departing-employee offboarding." @@ -17952,14 +18212,20 @@ components: CreateVersionDto: type: "object" properties: - sourceVersionId: + version: + type: "number" + description: "Version number for this published script" + example: 1 + scriptKey: type: "string" - description: "Optional version ID to base the new version on" - example: "pv_abc123def456" + description: "S3 key of the already-generated & published automation script (returned by the publish step)." + example: "org_abc123/tsk_abc123/aut_abc123.v1.js" changelog: type: "string" - description: "Optional changelog to associate with the new version" - example: "Initial draft for quarterly updates" + description: "Optional changelog describing this version" + required: + - "version" + - "scriptKey" UpdateVersionContentDto: type: "object" properties: @@ -18327,7 +18593,7 @@ components: example: "org_6914cd0e16e4c7dccbb54426" framework: type: "string" - description: "Compliance framework identifier" + description: "Native compliance framework identifier" enum: - "iso_27001" - "iso_42001" @@ -18342,6 +18608,10 @@ components: - "pipeda" - "ccpa" example: "iso_27001" + customFrameworkId: + type: "string" + description: "Org-authored custom framework ID (alternative to `framework`)" + example: "cfrm_6914cd0e16e4c7dccbb54426" fileName: type: "string" description: "Original file name (PDF only)" @@ -18355,7 +18625,6 @@ components: description: "Base64 encoded PDF content" required: - "organizationId" - - "framework" - "fileName" - "fileType" - "fileData" @@ -18377,6 +18646,12 @@ components: - "iso_9001" - "pipeda" - "ccpa" + description: "Set for native-framework certificates; null for custom ones" + nullable: true + customFrameworkId: + type: "object" + description: "Set for custom-framework certificates; null for native ones" + nullable: true fileName: type: "string" fileSize: @@ -18387,6 +18662,7 @@ components: description: "ISO timestamp when the certificate was last updated" required: - "framework" + - "customFrameworkId" - "fileName" - "fileSize" - "updatedAt" @@ -18399,7 +18675,7 @@ components: example: "org_6914cd0e16e4c7dccbb54426" framework: type: "string" - description: "Compliance framework identifier" + description: "Native compliance framework identifier" enum: - "iso_27001" - "iso_42001" @@ -18414,9 +18690,12 @@ components: - "pipeda" - "ccpa" example: "iso_27001" + customFrameworkId: + type: "string" + description: "Org-authored custom framework ID (alternative to `framework`)" + example: "cfrm_6914cd0e16e4c7dccbb54426" required: - "organizationId" - - "framework" ComplianceResourceUrlResponseDto: type: "object" properties: @@ -18517,6 +18796,18 @@ components: example: "org_6914cd0e16e4c7dccbb54426" required: - "organizationId" + UpdateAllowedEmailsDto: + type: "object" + properties: + emails: + description: "Email addresses that bypass NDA signing for trust portal access. Replaces the full list; send an empty array to clear it." + example: + - "person@example.com" + type: "array" + items: + type: "string" + required: + - "emails" CreateAccessRequestDto: type: "object" properties: @@ -18588,6 +18879,7 @@ components: - "employee-performance-evaluation" - "network-diagram" - "tabletop-exercise" + - "account-types" policyId: type: "string" description: "Policy ID" @@ -19498,6 +19790,7 @@ components: - "employee_performance_evaluation" - "network_diagram" - "tabletop_exercise" + - "account_types" required: - "name" - "description" @@ -19566,6 +19859,7 @@ components: - "employee_performance_evaluation" - "network_diagram" - "tabletop_exercise" + - "account_types" required: - "formTypes" CreatePenetrationTestDto: @@ -19579,8 +19873,27 @@ components: type: "string" description: "Repository URL containing the target application code" example: "https://github.com/org/repo" + additionalContext: + type: "string" + description: "Free-text context shared with the testing agent, e.g. remediation notes or accepted-by-design explanations from a previous run. Saved per-finding context notes for the same target are appended automatically. Max 4000 characters." + maxLength: 4000 required: - "targetUrl" + UpsertFindingContextDto: + type: "object" + properties: + runId: + type: "string" + description: "Penetration test run ID the finding belongs to" + example: "pentest-abc123" + context: + type: "string" + description: "Context for the finding, e.g. an accepted-by-design rationale or remediation details. Shared with the testing agent on future scans of the same target. Max 2000 characters." + example: "Read access to appConfiguration is accepted by design: the collection only holds non-secret bootstrap configuration and write access is restricted to privileged users." + maxLength: 2000 + required: + - "runId" + - "context" CreateTemplateItemDto: type: "object" properties: @@ -19624,3 +19937,4 @@ components: s3Key: type: "string" description: "Key of an evidence file already uploaded via /v1/uploads/presign (purpose=evidence). The server fetches the bytes from storage — no base64 needed. Provide fileData or s3Key (not both)." +x-speakeasy-timeout: 120000 diff --git a/apps/mcp-server/.speakeasy/workflow.lock b/apps/mcp-server/.speakeasy/workflow.lock index fcf275428b..4ec98925ba 100644 --- a/apps/mcp-server/.speakeasy/workflow.lock +++ b/apps/mcp-server/.speakeasy/workflow.lock @@ -1,9 +1,9 @@ -speakeasyVersion: 1.771.0 +speakeasyVersion: 1.777.1 sources: Comp AI API: sourceNamespace: comp-ai-api - sourceRevisionDigest: sha256:039e93d4b45e552389d5262892dc21a59025e6587fc754da38755d4e8f03180e - sourceBlobDigest: sha256:e0db9c31cbc3fd60d411c83cac21f208c2206b15bb63736c63bdc34db021b74e + sourceRevisionDigest: sha256:85bf4b7327ee324c966dc8ad4d902ee16e701b16379577af299fd21a9c0c5512 + sourceBlobDigest: sha256:149837e17543b6537f69321b86578bf74cca0f789b55a93f5edc9813d8c10e6c tags: - latest - "1.0" @@ -11,8 +11,8 @@ targets: comp-ai: source: Comp AI API sourceNamespace: comp-ai-api - sourceRevisionDigest: sha256:039e93d4b45e552389d5262892dc21a59025e6587fc754da38755d4e8f03180e - sourceBlobDigest: sha256:e0db9c31cbc3fd60d411c83cac21f208c2206b15bb63736c63bdc34db021b74e + sourceRevisionDigest: sha256:85bf4b7327ee324c966dc8ad4d902ee16e701b16379577af299fd21a9c0c5512 + sourceBlobDigest: sha256:149837e17543b6537f69321b86578bf74cca0f789b55a93f5edc9813d8c10e6c workflow: workflowVersion: 1.0.0 speakeasyVersion: latest diff --git a/apps/mcp-server/README.md b/apps/mcp-server/README.md index 02e571d6da..02273972f2 100644 --- a/apps/mcp-server/README.md +++ b/apps/mcp-server/README.md @@ -30,9 +30,9 @@ Comp AI API: Compliance automation API for SOC 2, ISO 27001, HIPAA, GDPR, eviden
Claude Desktop -Install the MCP server as a Desktop Extension using the pre-built [`mcp-server.mcpb`](https://github.com/trycompai/comp/releases/download/v0.1.0/mcp-server.mcpb) file: +Install the MCP server as a Desktop Extension using the pre-built [`mcp-server.mcpb`](https://github.com/trycompai/comp/releases/download/v0.2.0/mcp-server.mcpb) file: -Simply drag and drop the [`mcp-server.mcpb`](https://github.com/trycompai/comp/releases/download/v0.1.0/mcp-server.mcpb) file onto Claude Desktop to install the extension. +Simply drag and drop the [`mcp-server.mcpb`](https://github.com/trycompai/comp/releases/download/v0.2.0/mcp-server.mcpb) file onto Claude Desktop to install the extension. The MCP bundle package includes the MCP server and all necessary configuration. Once installed, the server will be available without additional setup. diff --git a/apps/mcp-server/RELEASES.md b/apps/mcp-server/RELEASES.md index 11ca795a08..c5eed9cf9a 100644 --- a/apps/mcp-server/RELEASES.md +++ b/apps/mcp-server/RELEASES.md @@ -30,4 +30,12 @@ Based on: - OpenAPI Doc - Speakeasy CLI 1.771.0 (2.893.0) https://github.com/speakeasy-api/speakeasy ### Generated -- [mcp-typescript v0.1.0] apps/mcp-server \ No newline at end of file +- [mcp-typescript v0.1.0] apps/mcp-server + +## 2026-06-12 00:27:40 +### Changes +Based on: +- OpenAPI Doc +- Speakeasy CLI 1.777.1 (2.903.2) https://github.com/speakeasy-api/speakeasy +### Generated +- [mcp-typescript v0.2.0] apps/mcp-server \ No newline at end of file diff --git a/apps/mcp-server/manifest.json b/apps/mcp-server/manifest.json index 21ac1e5560..db0fdc1fb6 100644 --- a/apps/mcp-server/manifest.json +++ b/apps/mcp-server/manifest.json @@ -1,7 +1,7 @@ { "manifest_version": "0.3", "name": "@trycompai/mcp-server", - "version": "0.1.0", + "version": "0.2.0", "description": "", "long_description": "Comp AI API: Compliance automation API for SOC 2, ISO 27001, HIPAA, GDPR, evidence collection, policy workflows, Trust Access, security questionnaires, integrations, cloud checks, and device compliance.", "author": { @@ -570,7 +570,7 @@ }, { "name": "export-all-evidence", - "description": "Export all organization evidence as ZIP (Auditor only)\n\nExport all organization evidence as ZIP (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." + "description": "Trigger bulk evidence export (Auditor only)\n\nTrigger bulk evidence export (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." }, { "name": "get-comments", @@ -652,10 +652,22 @@ "name": "update-allowed-domains", "description": "Update allowed domains for the trust portal\n\nUpdate allowed domains for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." }, + { + "name": "update-allowed-emails", + "description": "Update allowed emails for the trust portal\n\nUpdate allowed emails for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + }, { "name": "update-frameworks", "description": "Update trust portal framework settings\n\nUpdate trust portal framework settings in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." }, + { + "name": "list-custom-frameworks", + "description": "List org-authored custom frameworks with their trust portal selection\n\nList org-authored custom frameworks with their trust portal selection in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + }, + { + "name": "update-custom-framework", + "description": "Enable/disable a custom framework on the trust portal and set its status\n\nEnable/disable a custom framework on the trust portal and set its status in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + }, { "name": "update-overview", "description": "Update Trust Center overview\n\nUpdate the public Trust Center overview content that explains security posture and compliance status to prospects and customers." @@ -756,6 +768,10 @@ "name": "get-public-vendors", "description": "List Trust Center vendors\n\nList published vendors and subprocessors for an organization Trust Center so reviewers can inspect third-party posture." }, + { + "name": "get-public-custom-frameworks", + "description": "Get org-authored custom frameworks shown on a trust portal\n\nGet org-authored custom frameworks shown on a trust portal in Comp AI. Manage external Trust Center access requests, NDA signing, grants, tokenized document downloads, public FAQs, and reviewer access." + }, { "name": "list-findings", "description": "List audit findings\n\nList audit findings with status, severity, owner, history, and remediation context for compliance review workflows." @@ -1128,6 +1144,10 @@ "name": "get-check-definition", "description": "Resolve the \"About this check\" description for a finding (AI-cached for AWS; provider-derived for GCP/Azure)\n\nResolve the \"About this check\" description for a finding (AI-cached for AWS; provider-derived for GCP/Azure) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services, review findings, and connect cloud posture." }, + { + "name": "resolve-session", + "description": "Resolve short-lived AWS credentials for a connection (internal only)\n\nResolve short-lived AWS credentials for a connection (internal only) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services, review findings, and connect cloud posture results to compliance work." + }, { "name": "scan", "description": "Run cloud security scan\n\nTrigger a cloud security scan for a connected AWS, Azure, or GCP account and collect findings for compliance remediation." @@ -1328,6 +1348,18 @@ "name": "get-pdf", "description": "Get penetration test PDF\n\nGet penetration test PDF in Comp AI. Create AI-powered penetration test runs, track progress, inspect findings and events, and download markdown or PDF reports." }, + { + "name": "list-pentest-finding-contexts", + "description": "List pentest finding context notes\n\nReturns the customer-written context notes attached to pentest findings for a target URL. These notes are shared with the testing agent on future scans of the same target so retests are informed, not blind." + }, + { + "name": "set-pentest-finding-context", + "description": "Add context to a pentest finding\n\nSaves a customer context note on a pentest finding, e.g. an accepted-by-design rationale or remediation details. Future scans of the same target pass the note to the testing agent so the issue is retested with that context." + }, + { + "name": "delete-pentest-finding-context", + "description": "Remove context from a pentest finding\n\nDeletes the customer context note attached to a pentest finding so future scans of the target no longer receive it from the testing agent briefing." + }, { "name": "get-pending-offboardings", "description": "Get members with pending offboarding checklists\n\nLists members whose offboarding checklist is still incomplete, with their outstanding items, so you can track and finish departing-employee offboarding." diff --git a/apps/mcp-server/package-lock.json b/apps/mcp-server/package-lock.json index 3cf3e4623a..d58a4472d5 100644 --- a/apps/mcp-server/package-lock.json +++ b/apps/mcp-server/package-lock.json @@ -1,12 +1,12 @@ { "name": "@trycompai/mcp-server", - "version": "0.1.0", + "version": "0.2.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@trycompai/mcp-server", - "version": "0.1.0", + "version": "0.2.0", "dependencies": { "@modelcontextprotocol/sdk": "1.26.0", "@stricli/core": "^1.1.2", diff --git a/apps/mcp-server/package.json b/apps/mcp-server/package.json index 46db525212..b4ae779d8e 100644 --- a/apps/mcp-server/package.json +++ b/apps/mcp-server/package.json @@ -1,6 +1,6 @@ { "name": "@trycompai/mcp-server", - "version": "0.1.0", + "version": "0.2.0", "author": "Comp AI", "type": "module", "sideEffects": false, diff --git a/apps/mcp-server/src/funcs/cloudSecurityCloudSecurityControllerResolveSessionV1.ts b/apps/mcp-server/src/funcs/cloudSecurityCloudSecurityControllerResolveSessionV1.ts new file mode 100644 index 0000000000..12c45e8144 --- /dev/null +++ b/apps/mcp-server/src/funcs/cloudSecurityCloudSecurityControllerResolveSessionV1.ts @@ -0,0 +1,153 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { CompAiCore } from "../core.js"; +import { encodeSimple } from "../lib/encodings.js"; +import { compactMap } from "../lib/primitives.js"; +import { safeParse } from "../lib/schemas.js"; +import { RequestOptions } from "../lib/sdks.js"; +import { extractSecurity, resolveGlobalSecurity } from "../lib/security.js"; +import { pathToFunc } from "../lib/url.js"; +import { + CloudSecurityControllerResolveSessionV1Request, + CloudSecurityControllerResolveSessionV1Request$zodSchema, +} from "../models/cloudsecuritycontrollerresolvesessionv1op.js"; +import { APIError } from "../models/errors/apierror.js"; +import { + ConnectionError, + InvalidRequestError, + RequestAbortedError, + RequestTimeoutError, + UnexpectedClientError, +} from "../models/errors/httpclienterrors.js"; +import { SDKValidationError } from "../models/errors/sdkvalidationerror.js"; +import { APICall, APIPromise } from "../types/async.js"; +import { Result } from "../types/fp.js"; + +/** + * Resolve short-lived AWS credentials for a connection (internal only) + * + * @remarks + * Resolve short-lived AWS credentials for a connection (internal only) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services, review findings, and connect cloud posture results to compliance work. + */ +export function cloudSecurityCloudSecurityControllerResolveSessionV1( + client$: CompAiCore, + request: CloudSecurityControllerResolveSessionV1Request, + options?: RequestOptions, +): APIPromise< + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + > +> { + return new APIPromise($do( + client$, + request, + options, + )); +} + +async function $do( + client$: CompAiCore, + request: CloudSecurityControllerResolveSessionV1Request, + options?: RequestOptions, +): Promise< + [ + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + >, + APICall, + ] +> { + const parsed$ = safeParse( + request, + (value$) => + CloudSecurityControllerResolveSessionV1Request$zodSchema.parse(value$), + "Input validation failed", + ); + if (!parsed$.ok) { + return [parsed$, { status: "invalid" }]; + } + const payload$ = parsed$.value; + const body$ = null; + + const pathParams$ = { + connectionId: encodeSimple("connectionId", payload$.connectionId, { + explode: false, + charEncoding: "percent", + }), + }; + const path$ = pathToFunc("/v1/cloud-security/resolve-session/{connectionId}")( + pathParams$, + ); + + const headers$ = new Headers(compactMap({ + Accept: "*/*", + })); + const securityInput = await extractSecurity(client$._options.security); + const requestSecurity = resolveGlobalSecurity(securityInput); + + const context = { + options: client$._options, + baseURL: options?.serverURL ?? client$._baseURL ?? "", + operationID: "CloudSecurityController_resolveSession_v1", + oAuth2Scopes: null, + resolvedSecurity: requestSecurity, + securitySource: client$._options.security, + retryConfig: options?.retries + || client$._options.retryConfig + || { strategy: "none" }, + retryCodes: options?.retryCodes || [ + "429", + "500", + "502", + "503", + "504", + ], + }; + + const requestRes = client$._createRequest(context, { + security: requestSecurity, + method: "POST", + baseURL: options?.serverURL, + path: path$, + headers: headers$, + body: body$, + userAgent: client$._options.userAgent, + timeoutMs: options?.timeoutMs || client$._options.timeoutMs + || 120000, + }, options); + if (!requestRes.ok) { + return [requestRes, { status: "invalid" }]; + } + const req$ = requestRes.value; + + const doResult = await client$._do(req$, { + context, + errorCodes: [], + retryConfig: context.retryConfig, + retryCodes: context.retryCodes, + }); + if (!doResult.ok) { + return [doResult, { status: "request-error", request: req$ }]; + } + return [doResult, { + status: "complete", + "request": req$, + response: doResult.value, + }]; +} diff --git a/apps/mcp-server/src/funcs/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts b/apps/mcp-server/src/funcs/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts index a2021ac976..51878d193b 100644 --- a/apps/mcp-server/src/funcs/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts +++ b/apps/mcp-server/src/funcs/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts @@ -26,10 +26,10 @@ import { APICall, APIPromise } from "../types/async.js"; import { Result } from "../types/fp.js"; /** - * Export all organization evidence as ZIP (Auditor only) + * Trigger bulk evidence export (Auditor only) * * @remarks - * Export all organization evidence as ZIP (Auditor only) in Comp AI. Export all organization evidence for an auditor review package. + * Trigger bulk evidence export (Auditor only) in Comp AI. Export all organization evidence for an auditor review package. * * If set, this operation will use {@link Security.apikey} from the global security. */ @@ -123,7 +123,7 @@ async function $do( const requestRes = client$._createRequest(context, { security: requestSecurity, - method: "GET", + method: "POST", baseURL: options?.serverURL, path: path$, headers: headers$, diff --git a/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerListV1.ts b/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerListV1.ts new file mode 100644 index 0000000000..82d82ba92b --- /dev/null +++ b/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerListV1.ts @@ -0,0 +1,155 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { CompAiCore } from "../core.js"; +import { encodeFormQuery, encodeSimple } from "../lib/encodings.js"; +import { compactMap } from "../lib/primitives.js"; +import { safeParse } from "../lib/schemas.js"; +import { RequestOptions } from "../lib/sdks.js"; +import { extractSecurity, resolveGlobalSecurity } from "../lib/security.js"; +import { pathToFunc } from "../lib/url.js"; +import { APIError } from "../models/errors/apierror.js"; +import { + ConnectionError, + InvalidRequestError, + RequestAbortedError, + RequestTimeoutError, + UnexpectedClientError, +} from "../models/errors/httpclienterrors.js"; +import { SDKValidationError } from "../models/errors/sdkvalidationerror.js"; +import { + PentestFindingContextsControllerListV1Request, + PentestFindingContextsControllerListV1Request$zodSchema, +} from "../models/pentestfindingcontextscontrollerlistv1op.js"; +import { APICall, APIPromise } from "../types/async.js"; +import { Result } from "../types/fp.js"; + +/** + * List pentest finding context notes + * + * @remarks + * Returns the customer-written context notes attached to pentest findings for a target URL. These notes are shared with the testing agent on future scans of the same target so retests are informed, not blind. + * + * If set, this operation will use {@link Security.apikey} from the global security. + */ +export function securityPenetrationTestsPentestFindingContextsControllerListV1( + client$: CompAiCore, + request: PentestFindingContextsControllerListV1Request, + options?: RequestOptions, +): APIPromise< + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + > +> { + return new APIPromise($do( + client$, + request, + options, + )); +} + +async function $do( + client$: CompAiCore, + request: PentestFindingContextsControllerListV1Request, + options?: RequestOptions, +): Promise< + [ + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + >, + APICall, + ] +> { + const parsed$ = safeParse( + request, + (value$) => + PentestFindingContextsControllerListV1Request$zodSchema.parse(value$), + "Input validation failed", + ); + if (!parsed$.ok) { + return [parsed$, { status: "invalid" }]; + } + const payload$ = parsed$.value; + const body$ = null; + const path$ = pathToFunc("/v1/pentest-finding-contexts")(); + const query$ = encodeFormQuery({ + "targetUrl": payload$.targetUrl, + }); + + const headers$ = new Headers(compactMap({ + Accept: "*/*", + "X-Organization-Id": encodeSimple( + "X-Organization-Id", + payload$.xOrganizationId, + { explode: false, charEncoding: "none" }, + ), + })); + const securityInput = await extractSecurity(client$._options.security); + const requestSecurity = resolveGlobalSecurity(securityInput, [0]); + + const context = { + options: client$._options, + baseURL: options?.serverURL ?? client$._baseURL ?? "", + operationID: "PentestFindingContextsController_list_v1", + oAuth2Scopes: null, + resolvedSecurity: requestSecurity, + securitySource: client$._options.security, + retryConfig: options?.retries + || client$._options.retryConfig + || { strategy: "none" }, + retryCodes: options?.retryCodes || [ + "429", + "500", + "502", + "503", + "504", + ], + }; + + const requestRes = client$._createRequest(context, { + security: requestSecurity, + method: "GET", + baseURL: options?.serverURL, + path: path$, + headers: headers$, + query: query$, + body: body$, + userAgent: client$._options.userAgent, + timeoutMs: options?.timeoutMs || client$._options.timeoutMs + || 120000, + }, options); + if (!requestRes.ok) { + return [requestRes, { status: "invalid" }]; + } + const req$ = requestRes.value; + + const doResult = await client$._do(req$, { + context, + errorCodes: [], + retryConfig: context.retryConfig, + retryCodes: context.retryCodes, + }); + if (!doResult.ok) { + return [doResult, { status: "request-error", request: req$ }]; + } + return [doResult, { + status: "complete", + "request": req$, + response: doResult.value, + }]; +} diff --git a/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.ts b/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.ts new file mode 100644 index 0000000000..cb83abead1 --- /dev/null +++ b/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.ts @@ -0,0 +1,160 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { CompAiCore } from "../core.js"; +import { encodeSimple } from "../lib/encodings.js"; +import { compactMap } from "../lib/primitives.js"; +import { safeParse } from "../lib/schemas.js"; +import { RequestOptions } from "../lib/sdks.js"; +import { extractSecurity, resolveGlobalSecurity } from "../lib/security.js"; +import { pathToFunc } from "../lib/url.js"; +import { APIError } from "../models/errors/apierror.js"; +import { + ConnectionError, + InvalidRequestError, + RequestAbortedError, + RequestTimeoutError, + UnexpectedClientError, +} from "../models/errors/httpclienterrors.js"; +import { SDKValidationError } from "../models/errors/sdkvalidationerror.js"; +import { + PentestFindingContextsControllerRemoveV1Request, + PentestFindingContextsControllerRemoveV1Request$zodSchema, +} from "../models/pentestfindingcontextscontrollerremovev1op.js"; +import { APICall, APIPromise } from "../types/async.js"; +import { Result } from "../types/fp.js"; + +/** + * Remove context from a pentest finding + * + * @remarks + * Deletes the customer context note attached to a pentest finding so future scans of the target no longer receive it from the testing agent briefing. + * + * If set, this operation will use {@link Security.apikey} from the global security. + */ +export function securityPenetrationTestsPentestFindingContextsControllerRemoveV1( + client$: CompAiCore, + request: PentestFindingContextsControllerRemoveV1Request, + options?: RequestOptions, +): APIPromise< + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + > +> { + return new APIPromise($do( + client$, + request, + options, + )); +} + +async function $do( + client$: CompAiCore, + request: PentestFindingContextsControllerRemoveV1Request, + options?: RequestOptions, +): Promise< + [ + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + >, + APICall, + ] +> { + const parsed$ = safeParse( + request, + (value$) => + PentestFindingContextsControllerRemoveV1Request$zodSchema.parse(value$), + "Input validation failed", + ); + if (!parsed$.ok) { + return [parsed$, { status: "invalid" }]; + } + const payload$ = parsed$.value; + const body$ = null; + + const pathParams$ = { + issueId: encodeSimple("issueId", payload$.issueId, { + explode: false, + charEncoding: "percent", + }), + }; + const path$ = pathToFunc("/v1/pentest-finding-contexts/{issueId}")( + pathParams$, + ); + + const headers$ = new Headers(compactMap({ + Accept: "*/*", + "X-Organization-Id": encodeSimple( + "X-Organization-Id", + payload$.xOrganizationId, + { explode: false, charEncoding: "none" }, + ), + })); + const securityInput = await extractSecurity(client$._options.security); + const requestSecurity = resolveGlobalSecurity(securityInput, [0]); + + const context = { + options: client$._options, + baseURL: options?.serverURL ?? client$._baseURL ?? "", + operationID: "PentestFindingContextsController_remove_v1", + oAuth2Scopes: null, + resolvedSecurity: requestSecurity, + securitySource: client$._options.security, + retryConfig: options?.retries + || client$._options.retryConfig + || { strategy: "none" }, + retryCodes: options?.retryCodes || [ + "429", + "500", + "502", + "503", + "504", + ], + }; + + const requestRes = client$._createRequest(context, { + security: requestSecurity, + method: "DELETE", + baseURL: options?.serverURL, + path: path$, + headers: headers$, + body: body$, + userAgent: client$._options.userAgent, + timeoutMs: options?.timeoutMs || client$._options.timeoutMs + || 120000, + }, options); + if (!requestRes.ok) { + return [requestRes, { status: "invalid" }]; + } + const req$ = requestRes.value; + + const doResult = await client$._do(req$, { + context, + errorCodes: [], + retryConfig: context.retryConfig, + retryCodes: context.retryCodes, + }); + if (!doResult.ok) { + return [doResult, { status: "request-error", request: req$ }]; + } + return [doResult, { + status: "complete", + "request": req$, + response: doResult.value, + }]; +} diff --git a/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.ts b/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.ts new file mode 100644 index 0000000000..0e0cfe65ee --- /dev/null +++ b/apps/mcp-server/src/funcs/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.ts @@ -0,0 +1,161 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { CompAiCore } from "../core.js"; +import { encodeJSON, encodeSimple } from "../lib/encodings.js"; +import { compactMap } from "../lib/primitives.js"; +import { safeParse } from "../lib/schemas.js"; +import { RequestOptions } from "../lib/sdks.js"; +import { extractSecurity, resolveGlobalSecurity } from "../lib/security.js"; +import { pathToFunc } from "../lib/url.js"; +import { APIError } from "../models/errors/apierror.js"; +import { + ConnectionError, + InvalidRequestError, + RequestAbortedError, + RequestTimeoutError, + UnexpectedClientError, +} from "../models/errors/httpclienterrors.js"; +import { SDKValidationError } from "../models/errors/sdkvalidationerror.js"; +import { + PentestFindingContextsControllerUpsertV1Request, + PentestFindingContextsControllerUpsertV1Request$zodSchema, +} from "../models/pentestfindingcontextscontrollerupsertv1op.js"; +import { APICall, APIPromise } from "../types/async.js"; +import { Result } from "../types/fp.js"; + +/** + * Add context to a pentest finding + * + * @remarks + * Saves a customer context note on a pentest finding, e.g. an accepted-by-design rationale or remediation details. Future scans of the same target pass the note to the testing agent so the issue is retested with that context. + * + * If set, this operation will use {@link Security.apikey} from the global security. + */ +export function securityPenetrationTestsPentestFindingContextsControllerUpsertV1( + client$: CompAiCore, + request: PentestFindingContextsControllerUpsertV1Request, + options?: RequestOptions, +): APIPromise< + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + > +> { + return new APIPromise($do( + client$, + request, + options, + )); +} + +async function $do( + client$: CompAiCore, + request: PentestFindingContextsControllerUpsertV1Request, + options?: RequestOptions, +): Promise< + [ + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + >, + APICall, + ] +> { + const parsed$ = safeParse( + request, + (value$) => + PentestFindingContextsControllerUpsertV1Request$zodSchema.parse(value$), + "Input validation failed", + ); + if (!parsed$.ok) { + return [parsed$, { status: "invalid" }]; + } + const payload$ = parsed$.value; + const body$ = encodeJSON("body", payload$.body, { explode: true }); + + const pathParams$ = { + issueId: encodeSimple("issueId", payload$.issueId, { + explode: false, + charEncoding: "percent", + }), + }; + const path$ = pathToFunc("/v1/pentest-finding-contexts/{issueId}")( + pathParams$, + ); + + const headers$ = new Headers(compactMap({ + "Content-Type": "application/json", + Accept: "*/*", + "X-Organization-Id": encodeSimple( + "X-Organization-Id", + payload$.xOrganizationId, + { explode: false, charEncoding: "none" }, + ), + })); + const securityInput = await extractSecurity(client$._options.security); + const requestSecurity = resolveGlobalSecurity(securityInput, [0]); + + const context = { + options: client$._options, + baseURL: options?.serverURL ?? client$._baseURL ?? "", + operationID: "PentestFindingContextsController_upsert_v1", + oAuth2Scopes: null, + resolvedSecurity: requestSecurity, + securitySource: client$._options.security, + retryConfig: options?.retries + || client$._options.retryConfig + || { strategy: "none" }, + retryCodes: options?.retryCodes || [ + "429", + "500", + "502", + "503", + "504", + ], + }; + + const requestRes = client$._createRequest(context, { + security: requestSecurity, + method: "PUT", + baseURL: options?.serverURL, + path: path$, + headers: headers$, + body: body$, + userAgent: client$._options.userAgent, + timeoutMs: options?.timeoutMs || client$._options.timeoutMs + || 120000, + }, options); + if (!requestRes.ok) { + return [requestRes, { status: "invalid" }]; + } + const req$ = requestRes.value; + + const doResult = await client$._do(req$, { + context, + errorCodes: [], + retryConfig: context.retryConfig, + retryCodes: context.retryCodes, + }); + if (!doResult.ok) { + return [doResult, { status: "request-error", request: req$ }]; + } + return [doResult, { + status: "complete", + "request": req$, + response: doResult.value, + }]; +} diff --git a/apps/mcp-server/src/funcs/taskAutomationsAutomationsControllerCreateVersionV1.ts b/apps/mcp-server/src/funcs/taskAutomationsAutomationsControllerCreateVersionV1.ts index 176df73b61..3ceae1831d 100644 --- a/apps/mcp-server/src/funcs/taskAutomationsAutomationsControllerCreateVersionV1.ts +++ b/apps/mcp-server/src/funcs/taskAutomationsAutomationsControllerCreateVersionV1.ts @@ -3,7 +3,7 @@ */ import { CompAiCore } from "../core.js"; -import { encodeSimple } from "../lib/encodings.js"; +import { encodeJSON, encodeSimple } from "../lib/encodings.js"; import { compactMap } from "../lib/primitives.js"; import { safeParse } from "../lib/schemas.js"; import { RequestOptions } from "../lib/sdks.js"; @@ -85,7 +85,7 @@ async function $do( return [parsed$, { status: "invalid" }]; } const payload$ = parsed$.value; - const body$ = null; + const body$ = encodeJSON("body", payload$.body, { explode: true }); const pathParams$ = { automationId: encodeSimple("automationId", payload$.automationId, { @@ -104,6 +104,7 @@ async function $do( ); const headers$ = new Headers(compactMap({ + "Content-Type": "application/json", Accept: "*/*", })); const securityInput = await extractSecurity(client$._options.security); diff --git a/apps/mcp-server/src/funcs/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.ts b/apps/mcp-server/src/funcs/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.ts new file mode 100644 index 0000000000..53769c452d --- /dev/null +++ b/apps/mcp-server/src/funcs/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.ts @@ -0,0 +1,155 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { CompAiCore } from "../core.js"; +import { encodeSimple } from "../lib/encodings.js"; +import { compactMap } from "../lib/primitives.js"; +import { safeParse } from "../lib/schemas.js"; +import { RequestOptions } from "../lib/sdks.js"; +import { extractSecurity, resolveGlobalSecurity } from "../lib/security.js"; +import { pathToFunc } from "../lib/url.js"; +import { APIError } from "../models/errors/apierror.js"; +import { + ConnectionError, + InvalidRequestError, + RequestAbortedError, + RequestTimeoutError, + UnexpectedClientError, +} from "../models/errors/httpclienterrors.js"; +import { SDKValidationError } from "../models/errors/sdkvalidationerror.js"; +import { + TrustAccessControllerGetPublicCustomFrameworksV1Request, + TrustAccessControllerGetPublicCustomFrameworksV1Request$zodSchema, +} from "../models/trustaccesscontrollergetpubliccustomframeworksv1op.js"; +import { APICall, APIPromise } from "../types/async.js"; +import { Result } from "../types/fp.js"; + +/** + * Get org-authored custom frameworks shown on a trust portal + * + * @remarks + * Get org-authored custom frameworks shown on a trust portal in Comp AI. Manage external Trust Center access requests, NDA signing, grants, tokenized document downloads, public FAQs, and reviewer access. + */ +export function trustAccessTrustAccessControllerGetPublicCustomFrameworksV1( + client$: CompAiCore, + request: TrustAccessControllerGetPublicCustomFrameworksV1Request, + options?: RequestOptions, +): APIPromise< + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + > +> { + return new APIPromise($do( + client$, + request, + options, + )); +} + +async function $do( + client$: CompAiCore, + request: TrustAccessControllerGetPublicCustomFrameworksV1Request, + options?: RequestOptions, +): Promise< + [ + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + >, + APICall, + ] +> { + const parsed$ = safeParse( + request, + (value$) => + TrustAccessControllerGetPublicCustomFrameworksV1Request$zodSchema.parse( + value$, + ), + "Input validation failed", + ); + if (!parsed$.ok) { + return [parsed$, { status: "invalid" }]; + } + const payload$ = parsed$.value; + const body$ = null; + + const pathParams$ = { + friendlyUrl: encodeSimple("friendlyUrl", payload$.friendlyUrl, { + explode: false, + charEncoding: "percent", + }), + }; + const path$ = pathToFunc("/v1/trust-access/{friendlyUrl}/custom-frameworks")( + pathParams$, + ); + + const headers$ = new Headers(compactMap({ + Accept: "*/*", + })); + const securityInput = await extractSecurity(client$._options.security); + const requestSecurity = resolveGlobalSecurity(securityInput); + + const context = { + options: client$._options, + baseURL: options?.serverURL ?? client$._baseURL ?? "", + operationID: "TrustAccessController_getPublicCustomFrameworks_v1", + oAuth2Scopes: null, + resolvedSecurity: requestSecurity, + securitySource: client$._options.security, + retryConfig: options?.retries + || client$._options.retryConfig + || { strategy: "none" }, + retryCodes: options?.retryCodes || [ + "429", + "500", + "502", + "503", + "504", + ], + }; + + const requestRes = client$._createRequest(context, { + security: requestSecurity, + method: "GET", + baseURL: options?.serverURL, + path: path$, + headers: headers$, + body: body$, + userAgent: client$._options.userAgent, + timeoutMs: options?.timeoutMs || client$._options.timeoutMs + || 120000, + }, options); + if (!requestRes.ok) { + return [requestRes, { status: "invalid" }]; + } + const req$ = requestRes.value; + + const doResult = await client$._do(req$, { + context, + errorCodes: [], + retryConfig: context.retryConfig, + retryCodes: context.retryCodes, + }); + if (!doResult.ok) { + return [doResult, { status: "request-error", request: req$ }]; + } + return [doResult, { + status: "complete", + "request": req$, + response: doResult.value, + }]; +} diff --git a/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerListCustomFrameworksV1.ts b/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerListCustomFrameworksV1.ts new file mode 100644 index 0000000000..0466f61f52 --- /dev/null +++ b/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerListCustomFrameworksV1.ts @@ -0,0 +1,125 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { CompAiCore } from "../core.js"; +import { compactMap } from "../lib/primitives.js"; +import { RequestOptions } from "../lib/sdks.js"; +import { extractSecurity, resolveGlobalSecurity } from "../lib/security.js"; +import { pathToFunc } from "../lib/url.js"; +import { APIError } from "../models/errors/apierror.js"; +import { + ConnectionError, + InvalidRequestError, + RequestAbortedError, + RequestTimeoutError, + UnexpectedClientError, +} from "../models/errors/httpclienterrors.js"; +import { SDKValidationError } from "../models/errors/sdkvalidationerror.js"; +import { APICall, APIPromise } from "../types/async.js"; +import { Result } from "../types/fp.js"; + +/** + * List org-authored custom frameworks with their trust portal selection + * + * @remarks + * List org-authored custom frameworks with their trust portal selection in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures. + * + * If set, this operation will use {@link Security.apikey} from the global security. + */ +export function trustPortalTrustPortalControllerListCustomFrameworksV1( + client$: CompAiCore, + options?: RequestOptions, +): APIPromise< + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + > +> { + return new APIPromise($do( + client$, + options, + )); +} + +async function $do( + client$: CompAiCore, + options?: RequestOptions, +): Promise< + [ + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + >, + APICall, + ] +> { + const path$ = pathToFunc("/v1/trust-portal/custom-frameworks")(); + + const headers$ = new Headers(compactMap({ + Accept: "*/*", + })); + const securityInput = await extractSecurity(client$._options.security); + const requestSecurity = resolveGlobalSecurity(securityInput, [0]); + + const context = { + options: client$._options, + baseURL: options?.serverURL ?? client$._baseURL ?? "", + operationID: "TrustPortalController_listCustomFrameworks_v1", + oAuth2Scopes: null, + resolvedSecurity: requestSecurity, + securitySource: client$._options.security, + retryConfig: options?.retries + || client$._options.retryConfig + || { strategy: "none" }, + retryCodes: options?.retryCodes || [ + "429", + "500", + "502", + "503", + "504", + ], + }; + + const requestRes = client$._createRequest(context, { + security: requestSecurity, + method: "GET", + baseURL: options?.serverURL, + path: path$, + headers: headers$, + userAgent: client$._options.userAgent, + timeoutMs: options?.timeoutMs || client$._options.timeoutMs + || 120000, + }, options); + if (!requestRes.ok) { + return [requestRes, { status: "invalid" }]; + } + const req$ = requestRes.value; + + const doResult = await client$._do(req$, { + context, + errorCodes: [], + retryConfig: context.retryConfig, + retryCodes: context.retryCodes, + }); + if (!doResult.ok) { + return [doResult, { status: "request-error", request: req$ }]; + } + return [doResult, { + status: "complete", + "request": req$, + response: doResult.value, + }]; +} diff --git a/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.ts b/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.ts new file mode 100644 index 0000000000..2a82565e54 --- /dev/null +++ b/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.ts @@ -0,0 +1,146 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { CompAiCore } from "../core.js"; +import { encodeJSON } from "../lib/encodings.js"; +import { compactMap } from "../lib/primitives.js"; +import { safeParse } from "../lib/schemas.js"; +import { RequestOptions } from "../lib/sdks.js"; +import { extractSecurity, resolveGlobalSecurity } from "../lib/security.js"; +import { pathToFunc } from "../lib/url.js"; +import { APIError } from "../models/errors/apierror.js"; +import { + ConnectionError, + InvalidRequestError, + RequestAbortedError, + RequestTimeoutError, + UnexpectedClientError, +} from "../models/errors/httpclienterrors.js"; +import { SDKValidationError } from "../models/errors/sdkvalidationerror.js"; +import { + UpdateAllowedEmailsDto, + UpdateAllowedEmailsDto$zodSchema, +} from "../models/updateallowedemailsdto.js"; +import { APICall, APIPromise } from "../types/async.js"; +import { Result } from "../types/fp.js"; + +/** + * Update allowed emails for the trust portal + * + * @remarks + * Update allowed emails for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures. + * + * If set, this operation will use {@link Security.apikey} from the global security. + */ +export function trustPortalTrustPortalControllerUpdateAllowedEmailsV1( + client$: CompAiCore, + request: UpdateAllowedEmailsDto, + options?: RequestOptions, +): APIPromise< + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + > +> { + return new APIPromise($do( + client$, + request, + options, + )); +} + +async function $do( + client$: CompAiCore, + request: UpdateAllowedEmailsDto, + options?: RequestOptions, +): Promise< + [ + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + >, + APICall, + ] +> { + const parsed$ = safeParse( + request, + (value$) => UpdateAllowedEmailsDto$zodSchema.parse(value$), + "Input validation failed", + ); + if (!parsed$.ok) { + return [parsed$, { status: "invalid" }]; + } + const payload$ = parsed$.value; + const body$ = encodeJSON("body", payload$, { explode: true }); + const path$ = pathToFunc("/v1/trust-portal/settings/allowed-emails")(); + + const headers$ = new Headers(compactMap({ + "Content-Type": "application/json", + Accept: "*/*", + })); + const securityInput = await extractSecurity(client$._options.security); + const requestSecurity = resolveGlobalSecurity(securityInput, [0]); + + const context = { + options: client$._options, + baseURL: options?.serverURL ?? client$._baseURL ?? "", + operationID: "TrustPortalController_updateAllowedEmails_v1", + oAuth2Scopes: null, + resolvedSecurity: requestSecurity, + securitySource: client$._options.security, + retryConfig: options?.retries + || client$._options.retryConfig + || { strategy: "none" }, + retryCodes: options?.retryCodes || [ + "429", + "500", + "502", + "503", + "504", + ], + }; + + const requestRes = client$._createRequest(context, { + security: requestSecurity, + method: "PUT", + baseURL: options?.serverURL, + path: path$, + headers: headers$, + body: body$, + userAgent: client$._options.userAgent, + timeoutMs: options?.timeoutMs || client$._options.timeoutMs + || 120000, + }, options); + if (!requestRes.ok) { + return [requestRes, { status: "invalid" }]; + } + const req$ = requestRes.value; + + const doResult = await client$._do(req$, { + context, + errorCodes: [], + retryConfig: context.retryConfig, + retryCodes: context.retryCodes, + }); + if (!doResult.ok) { + return [doResult, { status: "request-error", request: req$ }]; + } + return [doResult, { + status: "complete", + "request": req$, + response: doResult.value, + }]; +} diff --git a/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.ts b/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.ts new file mode 100644 index 0000000000..056c93c100 --- /dev/null +++ b/apps/mcp-server/src/funcs/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.ts @@ -0,0 +1,149 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { CompAiCore } from "../core.js"; +import { encodeJSON } from "../lib/encodings.js"; +import { compactMap } from "../lib/primitives.js"; +import { safeParse } from "../lib/schemas.js"; +import { RequestOptions } from "../lib/sdks.js"; +import { extractSecurity, resolveGlobalSecurity } from "../lib/security.js"; +import { pathToFunc } from "../lib/url.js"; +import { APIError } from "../models/errors/apierror.js"; +import { + ConnectionError, + InvalidRequestError, + RequestAbortedError, + RequestTimeoutError, + UnexpectedClientError, +} from "../models/errors/httpclienterrors.js"; +import { SDKValidationError } from "../models/errors/sdkvalidationerror.js"; +import { + TrustPortalControllerUpdateCustomFrameworkV1Request, + TrustPortalControllerUpdateCustomFrameworkV1Request$zodSchema, +} from "../models/trustportalcontrollerupdatecustomframeworkv1op.js"; +import { APICall, APIPromise } from "../types/async.js"; +import { Result } from "../types/fp.js"; + +/** + * Enable/disable a custom framework on the trust portal and set its status + * + * @remarks + * Enable/disable a custom framework on the trust portal and set its status in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures. + * + * If set, this operation will use {@link Security.apikey} from the global security. + */ +export function trustPortalTrustPortalControllerUpdateCustomFrameworkV1( + client$: CompAiCore, + request: TrustPortalControllerUpdateCustomFrameworkV1Request, + options?: RequestOptions, +): APIPromise< + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + > +> { + return new APIPromise($do( + client$, + request, + options, + )); +} + +async function $do( + client$: CompAiCore, + request: TrustPortalControllerUpdateCustomFrameworkV1Request, + options?: RequestOptions, +): Promise< + [ + Result< + Response, + | APIError + | SDKValidationError + | UnexpectedClientError + | InvalidRequestError + | RequestAbortedError + | RequestTimeoutError + | ConnectionError + >, + APICall, + ] +> { + const parsed$ = safeParse( + request, + (value$) => + TrustPortalControllerUpdateCustomFrameworkV1Request$zodSchema.parse( + value$, + ), + "Input validation failed", + ); + if (!parsed$.ok) { + return [parsed$, { status: "invalid" }]; + } + const payload$ = parsed$.value; + const body$ = encodeJSON("body", payload$, { explode: true }); + const path$ = pathToFunc("/v1/trust-portal/custom-frameworks")(); + + const headers$ = new Headers(compactMap({ + "Content-Type": "application/json", + Accept: "*/*", + })); + const securityInput = await extractSecurity(client$._options.security); + const requestSecurity = resolveGlobalSecurity(securityInput, [0]); + + const context = { + options: client$._options, + baseURL: options?.serverURL ?? client$._baseURL ?? "", + operationID: "TrustPortalController_updateCustomFramework_v1", + oAuth2Scopes: null, + resolvedSecurity: requestSecurity, + securitySource: client$._options.security, + retryConfig: options?.retries + || client$._options.retryConfig + || { strategy: "none" }, + retryCodes: options?.retryCodes || [ + "429", + "500", + "502", + "503", + "504", + ], + }; + + const requestRes = client$._createRequest(context, { + security: requestSecurity, + method: "PUT", + baseURL: options?.serverURL, + path: path$, + headers: headers$, + body: body$, + userAgent: client$._options.userAgent, + timeoutMs: options?.timeoutMs || client$._options.timeoutMs + || 120000, + }, options); + if (!requestRes.ok) { + return [requestRes, { status: "invalid" }]; + } + const req$ = requestRes.value; + + const doResult = await client$._do(req$, { + context, + errorCodes: [], + retryConfig: context.retryConfig, + retryCodes: context.retryCodes, + }); + if (!doResult.ok) { + return [doResult, { status: "request-error", request: req$ }]; + } + return [doResult, { + status: "complete", + "request": req$, + response: doResult.value, + }]; +} diff --git a/apps/mcp-server/src/landing-page.ts b/apps/mcp-server/src/landing-page.ts index de9d6c7d2c..6e99225096 100644 --- a/apps/mcp-server/src/landing-page.ts +++ b/apps/mcp-server/src/landing-page.ts @@ -930,7 +930,7 @@ http_headers = { "apikey" = "YOUR_APIKEY" }`;

Instructions

One-click installation for Claude Desktop users

- + 📥 Download MCP Bundle
diff --git a/apps/mcp-server/src/lib/config.ts b/apps/mcp-server/src/lib/config.ts index d888cd1215..def4f2dcd8 100644 --- a/apps/mcp-server/src/lib/config.ts +++ b/apps/mcp-server/src/lib/config.ts @@ -65,8 +65,8 @@ export function serverURLFromOptions(options: SDKOptions): URL | null { export const SDK_METADATA = { language: "typescript", openapiDocVersion: "1.0", - sdkVersion: "0.1.0", - genVersion: "2.893.0", + sdkVersion: "0.2.0", + genVersion: "2.903.2", userAgent: - "speakeasy-sdk/mcp-typescript 0.1.0 2.893.0 1.0 @trycompai/mcp-server", + "speakeasy-sdk/mcp-typescript 0.2.0 2.903.2 1.0 @trycompai/mcp-server", } as const; diff --git a/apps/mcp-server/src/lib/dlv.ts b/apps/mcp-server/src/lib/dlv.ts deleted file mode 100644 index e81091f5e5..0000000000 --- a/apps/mcp-server/src/lib/dlv.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. - */ - -/* -MIT License - -Copyright (c) 2024 Jason Miller (http://jasonformat.com) - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -/** - * @param obj The object to walk - * @param key The key path to walk the object with - * @param def A default value to return if the result is undefined - * - * @example - * dlv(obj, "a.b.c.d") - * @example - * dlv(object, ["a", "b", "c", "d"]) - * @example - * dlv(object, "foo.bar.baz", "Hello, default value!") - */ -export function dlv( - obj: any, - key: string | string[], - def?: T, - p?: number, - undef?: never, -): T | undefined { - key = Array.isArray(key) ? key : key.split("."); - for (p = 0; p < key.length; p++) { - const k = key[p]; - obj = k != null && obj ? obj[k] : undef; - } - return obj === undef ? def : obj; -} diff --git a/apps/mcp-server/src/lib/encodings.ts b/apps/mcp-server/src/lib/encodings.ts index d8af4f7288..0db3b45444 100644 --- a/apps/mcp-server/src/lib/encodings.ts +++ b/apps/mcp-server/src/lib/encodings.ts @@ -3,7 +3,7 @@ */ import { bytesToBase64 } from "./base64.js"; -import { isPlainObject } from "./is-plain-object.js"; +import { isPlainObject } from "./primitives.js"; export class EncodingError extends Error { constructor(message: string) { diff --git a/apps/mcp-server/src/lib/env.ts b/apps/mcp-server/src/lib/env.ts index 57172e5e73..4be189447e 100644 --- a/apps/mcp-server/src/lib/env.ts +++ b/apps/mcp-server/src/lib/env.ts @@ -2,8 +2,6 @@ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. */ -import { dlv } from "./dlv.js"; - import * as z from "zod"; export interface Env { @@ -27,8 +25,13 @@ export function env(): Env { return envMemo; } + const globals = globalThis as { + process?: { env?: Record }; + Deno?: { env?: { toObject?: () => Record } }; + }; + envMemo = envSchema.parse( - dlv(globalThis, "process.env") ?? dlv(globalThis, "Deno.env") ?? {}, + globals.process?.env ?? globals.Deno?.env?.toObject?.() ?? {}, ); return envMemo; } diff --git a/apps/mcp-server/src/lib/is-plain-object.ts b/apps/mcp-server/src/lib/is-plain-object.ts deleted file mode 100644 index 61070d3d7c..0000000000 --- a/apps/mcp-server/src/lib/is-plain-object.ts +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. - */ - -/* -MIT License - -Copyright (c) Sindre Sorhus (https://sindresorhus.com) - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -// Taken from https://github.com/sindresorhus/is-plain-obj/blob/97f38e8836f86a642cce98fc6ab3058bc36df181/index.js - -export function isPlainObject(value: unknown): value is object { - if (typeof value !== "object" || value === null) { - return false; - } - - const prototype = Object.getPrototypeOf(value); - return ( - (prototype === null || - prototype === Object.prototype || - Object.getPrototypeOf(prototype) === null) && - !(Symbol.toStringTag in value) && - !(Symbol.iterator in value) - ); -} diff --git a/apps/mcp-server/src/lib/primitives.ts b/apps/mcp-server/src/lib/primitives.ts index 668ab9d500..13567e7965 100644 --- a/apps/mcp-server/src/lib/primitives.ts +++ b/apps/mcp-server/src/lib/primitives.ts @@ -111,3 +111,19 @@ export function invariant( throw new InvariantError(message); } } + +export function isPlainObject( + value: unknown, +): value is Record { + if (value === null || typeof value !== "object") return false; + if (Object.prototype.toString.call(value) !== "[object Object]") return false; + const proto = Object.getPrototypeOf(value); + if (proto === null || proto === Object.prototype) return true; + // cross-realm plain objects (vm contexts, iframes) inherit from a + // different realm's Object.prototype, which itself has a null prototype + try { + return Object.getPrototypeOf(proto) === null; + } catch { + return false; + } +} diff --git a/apps/mcp-server/src/mcp-server/mcp-server.ts b/apps/mcp-server/src/mcp-server/mcp-server.ts index 62f0e4dc8a..c3521094ca 100644 --- a/apps/mcp-server/src/mcp-server/mcp-server.ts +++ b/apps/mcp-server/src/mcp-server/mcp-server.ts @@ -21,7 +21,7 @@ const routes = buildRouteMap({ export const app = buildApplication(routes, { name: "mcp", versionInfo: { - currentVersion: "0.1.0", + currentVersion: "0.2.0", }, }); diff --git a/apps/mcp-server/src/mcp-server/server.ts b/apps/mcp-server/src/mcp-server/server.ts index afa3f31a97..502eff487d 100644 --- a/apps/mcp-server/src/mcp-server/server.ts +++ b/apps/mcp-server/src/mcp-server/server.ts @@ -30,6 +30,7 @@ import { tool$cloudSecurityCloudSecurityControllerGetProvidersV1 } from "./tools import { tool$cloudSecurityCloudSecurityControllerGetRunStatusV1 } from "./tools/cloudSecurityCloudSecurityControllerGetRunStatusV1.js"; import { tool$cloudSecurityCloudSecurityControllerMarkFindingAsExceptionV1 } from "./tools/cloudSecurityCloudSecurityControllerMarkFindingAsExceptionV1.js"; import { tool$cloudSecurityCloudSecurityControllerResolveGcpSetupStepV1 } from "./tools/cloudSecurityCloudSecurityControllerResolveGcpSetupStepV1.js"; +import { tool$cloudSecurityCloudSecurityControllerResolveSessionV1 } from "./tools/cloudSecurityCloudSecurityControllerResolveSessionV1.js"; import { tool$cloudSecurityCloudSecurityControllerRevokeExceptionV1 } from "./tools/cloudSecurityCloudSecurityControllerRevokeExceptionV1.js"; import { tool$cloudSecurityCloudSecurityControllerScanV1 } from "./tools/cloudSecurityCloudSecurityControllerScanV1.js"; import { tool$cloudSecurityCloudSecurityControllerSelectGcpProjectsV1 } from "./tools/cloudSecurityCloudSecurityControllerSelectGcpProjectsV1.js"; @@ -245,6 +246,9 @@ import { tool$rolesRolesControllerGetRoleV1 } from "./tools/rolesRolesController import { tool$rolesRolesControllerListRolesV1 } from "./tools/rolesRolesControllerListRolesV1.js"; import { tool$rolesRolesControllerUpdateBuiltInObligationsV1 } from "./tools/rolesRolesControllerUpdateBuiltInObligationsV1.js"; import { tool$rolesRolesControllerUpdateRoleV1 } from "./tools/rolesRolesControllerUpdateRoleV1.js"; +import { tool$securityPenetrationTestsPentestFindingContextsControllerListV1 } from "./tools/securityPenetrationTestsPentestFindingContextsControllerListV1.js"; +import { tool$securityPenetrationTestsPentestFindingContextsControllerRemoveV1 } from "./tools/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.js"; +import { tool$securityPenetrationTestsPentestFindingContextsControllerUpsertV1 } from "./tools/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.js"; import { tool$securityPenetrationTestsSecurityPenetrationTestsControllerCreateV1 } from "./tools/securityPenetrationTestsSecurityPenetrationTestsControllerCreateV1.js"; import { tool$securityPenetrationTestsSecurityPenetrationTestsControllerGetByIdV1 } from "./tools/securityPenetrationTestsSecurityPenetrationTestsControllerGetByIdV1.js"; import { tool$securityPenetrationTestsSecurityPenetrationTestsControllerGetEventsV1 } from "./tools/securityPenetrationTestsSecurityPenetrationTestsControllerGetEventsV1.js"; @@ -309,6 +313,7 @@ import { tool$trustAccessTrustAccessControllerCreateAccessRequestV1 } from "./to import { tool$trustAccessTrustAccessControllerDenyRequestV1 } from "./tools/trustAccessTrustAccessControllerDenyRequestV1.js"; import { tool$trustAccessTrustAccessControllerGetAccessRequestV1 } from "./tools/trustAccessTrustAccessControllerGetAccessRequestV1.js"; import { tool$trustAccessTrustAccessControllerGetFaqsV1 } from "./tools/trustAccessTrustAccessControllerGetFaqsV1.js"; +import { tool$trustAccessTrustAccessControllerGetPublicCustomFrameworksV1 } from "./tools/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.js"; import { tool$trustAccessTrustAccessControllerGetPublicCustomLinksV1 } from "./tools/trustAccessTrustAccessControllerGetPublicCustomLinksV1.js"; import { tool$trustAccessTrustAccessControllerGetPublicFaviconV1 } from "./tools/trustAccessTrustAccessControllerGetPublicFaviconV1.js"; import { tool$trustAccessTrustAccessControllerGetPublicOverviewV1 } from "./tools/trustAccessTrustAccessControllerGetPublicOverviewV1.js"; @@ -331,6 +336,7 @@ import { tool$trustPortalTrustPortalControllerGetOverviewV1 } from "./tools/trus import { tool$trustPortalTrustPortalControllerGetSettingsV1 } from "./tools/trustPortalTrustPortalControllerGetSettingsV1.js"; import { tool$trustPortalTrustPortalControllerGetTrustDocumentUrlV1 } from "./tools/trustPortalTrustPortalControllerGetTrustDocumentUrlV1.js"; import { tool$trustPortalTrustPortalControllerListComplianceResourcesV1 } from "./tools/trustPortalTrustPortalControllerListComplianceResourcesV1.js"; +import { tool$trustPortalTrustPortalControllerListCustomFrameworksV1 } from "./tools/trustPortalTrustPortalControllerListCustomFrameworksV1.js"; import { tool$trustPortalTrustPortalControllerListCustomLinksV1 } from "./tools/trustPortalTrustPortalControllerListCustomLinksV1.js"; import { tool$trustPortalTrustPortalControllerListTrustDocumentsV1 } from "./tools/trustPortalTrustPortalControllerListTrustDocumentsV1.js"; import { tool$trustPortalTrustPortalControllerListVendorsV1 } from "./tools/trustPortalTrustPortalControllerListVendorsV1.js"; @@ -338,6 +344,8 @@ import { tool$trustPortalTrustPortalControllerRemoveFaviconV1 } from "./tools/tr import { tool$trustPortalTrustPortalControllerReorderCustomLinksV1 } from "./tools/trustPortalTrustPortalControllerReorderCustomLinksV1.js"; import { tool$trustPortalTrustPortalControllerTogglePortalV1 } from "./tools/trustPortalTrustPortalControllerTogglePortalV1.js"; import { tool$trustPortalTrustPortalControllerUpdateAllowedDomainsV1 } from "./tools/trustPortalTrustPortalControllerUpdateAllowedDomainsV1.js"; +import { tool$trustPortalTrustPortalControllerUpdateAllowedEmailsV1 } from "./tools/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.js"; +import { tool$trustPortalTrustPortalControllerUpdateCustomFrameworkV1 } from "./tools/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.js"; import { tool$trustPortalTrustPortalControllerUpdateCustomLinkV1 } from "./tools/trustPortalTrustPortalControllerUpdateCustomLinkV1.js"; import { tool$trustPortalTrustPortalControllerUpdateFaqsV1 } from "./tools/trustPortalTrustPortalControllerUpdateFaqsV1.js"; import { tool$trustPortalTrustPortalControllerUpdateFrameworksV1 } from "./tools/trustPortalTrustPortalControllerUpdateFrameworksV1.js"; @@ -368,7 +376,7 @@ export function createMCPServer(deps: { }) { const server = new McpServer({ name: "CompAi", - version: "0.1.0", + version: "0.2.0", }); const getClient = deps.getSDK || (() => @@ -568,7 +576,10 @@ export function createMCPServer(deps: { tool(tool$trustPortalTrustPortalControllerCheckDnsRecordsV1); tool(tool$trustPortalTrustPortalControllerUpdateFaqsV1); tool(tool$trustPortalTrustPortalControllerUpdateAllowedDomainsV1); + tool(tool$trustPortalTrustPortalControllerUpdateAllowedEmailsV1); tool(tool$trustPortalTrustPortalControllerUpdateFrameworksV1); + tool(tool$trustPortalTrustPortalControllerListCustomFrameworksV1); + tool(tool$trustPortalTrustPortalControllerUpdateCustomFrameworkV1); tool(tool$trustPortalTrustPortalControllerUpdateOverviewV1); tool(tool$trustPortalTrustPortalControllerGetOverviewV1); tool(tool$trustPortalTrustPortalControllerCreateCustomLinkV1); @@ -594,6 +605,7 @@ export function createMCPServer(deps: { tool(tool$trustAccessTrustAccessControllerGetPublicCustomLinksV1); tool(tool$trustAccessTrustAccessControllerGetPublicFaviconV1); tool(tool$trustAccessTrustAccessControllerGetPublicVendorsV1); + tool(tool$trustAccessTrustAccessControllerGetPublicCustomFrameworksV1); tool(tool$findingsFindingsControllerListFindingsV1); tool(tool$findingsFindingsControllerCreateFindingV1); tool(tool$findingsFindingsControllerGetOrganizationFindingsV1); @@ -687,6 +699,7 @@ export function createMCPServer(deps: { tool(tool$cloudSecurityCloudSecurityControllerRevokeExceptionV1); tool(tool$cloudSecurityCloudSecurityControllerGetHistoryV1); tool(tool$cloudSecurityCloudSecurityControllerGetCheckDefinitionV1); + tool(tool$cloudSecurityCloudSecurityControllerResolveSessionV1); tool(tool$cloudSecurityCloudSecurityControllerScanV1); tool(tool$cloudSecurityCloudSecurityControllerDetectServicesV1); tool(tool$cloudSecurityCloudSecurityControllerDetectGcpOrgV1); @@ -747,6 +760,9 @@ export function createMCPServer(deps: { tool$securityPenetrationTestsSecurityPenetrationTestsControllerGetReportV1, ); tool(tool$securityPenetrationTestsSecurityPenetrationTestsControllerGetPdfV1); + tool(tool$securityPenetrationTestsPentestFindingContextsControllerListV1); + tool(tool$securityPenetrationTestsPentestFindingContextsControllerUpsertV1); + tool(tool$securityPenetrationTestsPentestFindingContextsControllerRemoveV1); tool( tool$offboardingChecklistOffboardingChecklistControllerGetPendingOffboardingsV1, ); diff --git a/apps/mcp-server/src/mcp-server/tools/cloudSecurityCloudSecurityControllerResolveSessionV1.ts b/apps/mcp-server/src/mcp-server/tools/cloudSecurityCloudSecurityControllerResolveSessionV1.ts new file mode 100644 index 0000000000..371937770c --- /dev/null +++ b/apps/mcp-server/src/mcp-server/tools/cloudSecurityCloudSecurityControllerResolveSessionV1.ts @@ -0,0 +1,45 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { cloudSecurityCloudSecurityControllerResolveSessionV1 } from "../../funcs/cloudSecurityCloudSecurityControllerResolveSessionV1.js"; +import { CloudSecurityControllerResolveSessionV1Request$zodSchema } from "../../models/cloudsecuritycontrollerresolvesessionv1op.js"; +import { formatResult, ToolDefinition } from "../tools.js"; + +const args = { + request: CloudSecurityControllerResolveSessionV1Request$zodSchema, +}; + +export const tool$cloudSecurityCloudSecurityControllerResolveSessionV1: + ToolDefinition = { + name: "resolve-session", + description: + `Resolve short-lived AWS credentials for a connection (internal only) + +Resolve short-lived AWS credentials for a connection (internal only) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services, review findings, and connect cloud posture results to compliance work.`, + annotations: { + "title": "", + "destructiveHint": false, + "idempotentHint": false, + "openWorldHint": false, + "readOnlyHint": false, + }, + args, + tool: async (client, args, ctx) => { + const [result] = + await cloudSecurityCloudSecurityControllerResolveSessionV1( + client, + args.request, + { fetchOptions: { signal: ctx.signal } }, + ).$inspect(); + + if (!result.ok) { + return { + content: [{ type: "text", text: result.error.message }], + isError: true, + }; + } + + return formatResult(result.value); + }, + }; diff --git a/apps/mcp-server/src/mcp-server/tools/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts b/apps/mcp-server/src/mcp-server/tools/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts index 90c3b2cb8b..57dd182603 100644 --- a/apps/mcp-server/src/mcp-server/tools/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts +++ b/apps/mcp-server/src/mcp-server/tools/evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1.ts @@ -14,9 +14,9 @@ const args = { export const tool$evidenceExportAuditorAuditorEvidenceExportControllerExportAllEvidenceV1: ToolDefinition = { name: "export-all-evidence", - description: `Export all organization evidence as ZIP (Auditor only) + description: `Trigger bulk evidence export (Auditor only) -Export all organization evidence as ZIP (Auditor only) in Comp AI. Export all organization evidence for an auditor review package.`, +Trigger bulk evidence export (Auditor only) in Comp AI. Export all organization evidence for an auditor review package.`, annotations: { "title": "", "destructiveHint": false, diff --git a/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerListV1.ts b/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerListV1.ts new file mode 100644 index 0000000000..bba4ac99ae --- /dev/null +++ b/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerListV1.ts @@ -0,0 +1,44 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { securityPenetrationTestsPentestFindingContextsControllerListV1 } from "../../funcs/securityPenetrationTestsPentestFindingContextsControllerListV1.js"; +import { PentestFindingContextsControllerListV1Request$zodSchema } from "../../models/pentestfindingcontextscontrollerlistv1op.js"; +import { formatResult, ToolDefinition } from "../tools.js"; + +const args = { + request: PentestFindingContextsControllerListV1Request$zodSchema, +}; + +export const tool$securityPenetrationTestsPentestFindingContextsControllerListV1: + ToolDefinition = { + name: "list-pentest-finding-contexts", + description: `List pentest finding context notes + +Returns the customer-written context notes attached to pentest findings for a target URL. These notes are shared with the testing agent on future scans of the same target so retests are informed, not blind.`, + annotations: { + "title": "", + "destructiveHint": false, + "idempotentHint": false, + "openWorldHint": false, + "readOnlyHint": false, + }, + args, + tool: async (client, args, ctx) => { + const [result] = + await securityPenetrationTestsPentestFindingContextsControllerListV1( + client, + args.request, + { fetchOptions: { signal: ctx.signal } }, + ).$inspect(); + + if (!result.ok) { + return { + content: [{ type: "text", text: result.error.message }], + isError: true, + }; + } + + return formatResult(result.value); + }, + }; diff --git a/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.ts b/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.ts new file mode 100644 index 0000000000..45656f8a8f --- /dev/null +++ b/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.ts @@ -0,0 +1,44 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { securityPenetrationTestsPentestFindingContextsControllerRemoveV1 } from "../../funcs/securityPenetrationTestsPentestFindingContextsControllerRemoveV1.js"; +import { PentestFindingContextsControllerRemoveV1Request$zodSchema } from "../../models/pentestfindingcontextscontrollerremovev1op.js"; +import { formatResult, ToolDefinition } from "../tools.js"; + +const args = { + request: PentestFindingContextsControllerRemoveV1Request$zodSchema, +}; + +export const tool$securityPenetrationTestsPentestFindingContextsControllerRemoveV1: + ToolDefinition = { + name: "delete-pentest-finding-context", + description: `Remove context from a pentest finding + +Deletes the customer context note attached to a pentest finding so future scans of the target no longer receive it from the testing agent briefing.`, + annotations: { + "title": "", + "destructiveHint": false, + "idempotentHint": false, + "openWorldHint": false, + "readOnlyHint": false, + }, + args, + tool: async (client, args, ctx) => { + const [result] = + await securityPenetrationTestsPentestFindingContextsControllerRemoveV1( + client, + args.request, + { fetchOptions: { signal: ctx.signal } }, + ).$inspect(); + + if (!result.ok) { + return { + content: [{ type: "text", text: result.error.message }], + isError: true, + }; + } + + return formatResult(result.value); + }, + }; diff --git a/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.ts b/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.ts new file mode 100644 index 0000000000..9acd120294 --- /dev/null +++ b/apps/mcp-server/src/mcp-server/tools/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.ts @@ -0,0 +1,44 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { securityPenetrationTestsPentestFindingContextsControllerUpsertV1 } from "../../funcs/securityPenetrationTestsPentestFindingContextsControllerUpsertV1.js"; +import { PentestFindingContextsControllerUpsertV1Request$zodSchema } from "../../models/pentestfindingcontextscontrollerupsertv1op.js"; +import { formatResult, ToolDefinition } from "../tools.js"; + +const args = { + request: PentestFindingContextsControllerUpsertV1Request$zodSchema, +}; + +export const tool$securityPenetrationTestsPentestFindingContextsControllerUpsertV1: + ToolDefinition = { + name: "set-pentest-finding-context", + description: `Add context to a pentest finding + +Saves a customer context note on a pentest finding, e.g. an accepted-by-design rationale or remediation details. Future scans of the same target pass the note to the testing agent so the issue is retested with that context.`, + annotations: { + "title": "", + "destructiveHint": false, + "idempotentHint": false, + "openWorldHint": false, + "readOnlyHint": false, + }, + args, + tool: async (client, args, ctx) => { + const [result] = + await securityPenetrationTestsPentestFindingContextsControllerUpsertV1( + client, + args.request, + { fetchOptions: { signal: ctx.signal } }, + ).$inspect(); + + if (!result.ok) { + return { + content: [{ type: "text", text: result.error.message }], + isError: true, + }; + } + + return formatResult(result.value); + }, + }; diff --git a/apps/mcp-server/src/mcp-server/tools/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.ts b/apps/mcp-server/src/mcp-server/tools/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.ts new file mode 100644 index 0000000000..8c34f6f836 --- /dev/null +++ b/apps/mcp-server/src/mcp-server/tools/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.ts @@ -0,0 +1,44 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { trustAccessTrustAccessControllerGetPublicCustomFrameworksV1 } from "../../funcs/trustAccessTrustAccessControllerGetPublicCustomFrameworksV1.js"; +import { TrustAccessControllerGetPublicCustomFrameworksV1Request$zodSchema } from "../../models/trustaccesscontrollergetpubliccustomframeworksv1op.js"; +import { formatResult, ToolDefinition } from "../tools.js"; + +const args = { + request: TrustAccessControllerGetPublicCustomFrameworksV1Request$zodSchema, +}; + +export const tool$trustAccessTrustAccessControllerGetPublicCustomFrameworksV1: + ToolDefinition = { + name: "get-public-custom-frameworks", + description: `Get org-authored custom frameworks shown on a trust portal + +Get org-authored custom frameworks shown on a trust portal in Comp AI. Manage external Trust Center access requests, NDA signing, grants, tokenized document downloads, public FAQs, and reviewer access.`, + annotations: { + "title": "", + "destructiveHint": false, + "idempotentHint": false, + "openWorldHint": false, + "readOnlyHint": false, + }, + args, + tool: async (client, args, ctx) => { + const [result] = + await trustAccessTrustAccessControllerGetPublicCustomFrameworksV1( + client, + args.request, + { fetchOptions: { signal: ctx.signal } }, + ).$inspect(); + + if (!result.ok) { + return { + content: [{ type: "text", text: result.error.message }], + isError: true, + }; + } + + return formatResult(result.value); + }, + }; diff --git a/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerListCustomFrameworksV1.ts b/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerListCustomFrameworksV1.ts new file mode 100644 index 0000000000..76adaae079 --- /dev/null +++ b/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerListCustomFrameworksV1.ts @@ -0,0 +1,38 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { trustPortalTrustPortalControllerListCustomFrameworksV1 } from "../../funcs/trustPortalTrustPortalControllerListCustomFrameworksV1.js"; +import { formatResult, ToolDefinition } from "../tools.js"; + +export const tool$trustPortalTrustPortalControllerListCustomFrameworksV1: + ToolDefinition = { + name: "list-custom-frameworks", + description: + `List org-authored custom frameworks with their trust portal selection + +List org-authored custom frameworks with their trust portal selection in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures.`, + annotations: { + "title": "", + "destructiveHint": false, + "idempotentHint": false, + "openWorldHint": false, + "readOnlyHint": false, + }, + tool: async (client, ctx) => { + const [result] = + await trustPortalTrustPortalControllerListCustomFrameworksV1( + client, + { fetchOptions: { signal: ctx.signal } }, + ).$inspect(); + + if (!result.ok) { + return { + content: [{ type: "text", text: result.error.message }], + isError: true, + }; + } + + return formatResult(result.value); + }, + }; diff --git a/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.ts b/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.ts new file mode 100644 index 0000000000..6e830e46c5 --- /dev/null +++ b/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.ts @@ -0,0 +1,44 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { trustPortalTrustPortalControllerUpdateAllowedEmailsV1 } from "../../funcs/trustPortalTrustPortalControllerUpdateAllowedEmailsV1.js"; +import { UpdateAllowedEmailsDto$zodSchema } from "../../models/updateallowedemailsdto.js"; +import { formatResult, ToolDefinition } from "../tools.js"; + +const args = { + request: UpdateAllowedEmailsDto$zodSchema, +}; + +export const tool$trustPortalTrustPortalControllerUpdateAllowedEmailsV1: + ToolDefinition = { + name: "update-allowed-emails", + description: `Update allowed emails for the trust portal + +Update allowed emails for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures.`, + annotations: { + "title": "", + "destructiveHint": false, + "idempotentHint": false, + "openWorldHint": false, + "readOnlyHint": false, + }, + args, + tool: async (client, args, ctx) => { + const [result] = + await trustPortalTrustPortalControllerUpdateAllowedEmailsV1( + client, + args.request, + { fetchOptions: { signal: ctx.signal } }, + ).$inspect(); + + if (!result.ok) { + return { + content: [{ type: "text", text: result.error.message }], + isError: true, + }; + } + + return formatResult(result.value); + }, + }; diff --git a/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.ts b/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.ts new file mode 100644 index 0000000000..c1e52ce584 --- /dev/null +++ b/apps/mcp-server/src/mcp-server/tools/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.ts @@ -0,0 +1,46 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import { trustPortalTrustPortalControllerUpdateCustomFrameworkV1 } from "../../funcs/trustPortalTrustPortalControllerUpdateCustomFrameworkV1.js"; +import { TrustPortalControllerUpdateCustomFrameworkV1Request$zodSchema } from "../../models/trustportalcontrollerupdatecustomframeworkv1op.js"; +import { formatResult, ToolDefinition } from "../tools.js"; + +const args = { + request: TrustPortalControllerUpdateCustomFrameworkV1Request$zodSchema + .describe(`At least one of \`enabled\` or \`status\` must be provided.`), +}; + +export const tool$trustPortalTrustPortalControllerUpdateCustomFrameworkV1: + ToolDefinition = { + name: "update-custom-framework", + description: + `Enable/disable a custom framework on the trust portal and set its status + +Enable/disable a custom framework on the trust portal and set its status in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures.`, + annotations: { + "title": "", + "destructiveHint": false, + "idempotentHint": false, + "openWorldHint": false, + "readOnlyHint": false, + }, + args, + tool: async (client, args, ctx) => { + const [result] = + await trustPortalTrustPortalControllerUpdateCustomFrameworkV1( + client, + args.request, + { fetchOptions: { signal: ctx.signal } }, + ).$inspect(); + + if (!result.ok) { + return { + content: [{ type: "text", text: result.error.message }], + isError: true, + }; + } + + return formatResult(result.value); + }, + }; diff --git a/apps/mcp-server/src/models/automationscontrollercreateversionv1op.ts b/apps/mcp-server/src/models/automationscontrollercreateversionv1op.ts index 76fb7b6fb0..df09aaded2 100644 --- a/apps/mcp-server/src/models/automationscontrollercreateversionv1op.ts +++ b/apps/mcp-server/src/models/automationscontrollercreateversionv1op.ts @@ -3,15 +3,21 @@ */ import * as z from "zod"; +import { + CreateVersionDto, + CreateVersionDto$zodSchema, +} from "./createversiondto.js"; export type AutomationsControllerCreateVersionV1Request = { taskId: string; automationId: string; + body: CreateVersionDto; }; export const AutomationsControllerCreateVersionV1Request$zodSchema: z.ZodType< AutomationsControllerCreateVersionV1Request > = z.object({ automationId: z.string().describe("Automation ID"), + body: CreateVersionDto$zodSchema, taskId: z.string().describe("Task ID"), }); diff --git a/apps/mcp-server/src/models/cloudsecuritycontrollerresolvesessionv1op.ts b/apps/mcp-server/src/models/cloudsecuritycontrollerresolvesessionv1op.ts new file mode 100644 index 0000000000..750d5a8d3b --- /dev/null +++ b/apps/mcp-server/src/models/cloudsecuritycontrollerresolvesessionv1op.ts @@ -0,0 +1,14 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import * as z from "zod"; + +export type CloudSecurityControllerResolveSessionV1Request = { + connectionId: string; +}; + +export const CloudSecurityControllerResolveSessionV1Request$zodSchema: + z.ZodType = z.object({ + connectionId: z.string(), + }); diff --git a/apps/mcp-server/src/models/complianceresourceresponsedto.ts b/apps/mcp-server/src/models/complianceresourceresponsedto.ts index 233f0aceff..f14d47ebb0 100644 --- a/apps/mcp-server/src/models/complianceresourceresponsedto.ts +++ b/apps/mcp-server/src/models/complianceresourceresponsedto.ts @@ -5,6 +5,9 @@ import * as z from "zod"; import { ClosedEnum } from "../types/enums.js"; +/** + * Set for native-framework certificates; null for custom ones + */ export const ComplianceResourceResponseDtoFramework = { Iso27001: "iso_27001", Iso42001: "iso_42001", @@ -19,6 +22,9 @@ export const ComplianceResourceResponseDtoFramework = { Pipeda: "pipeda", Ccpa: "ccpa", } as const; +/** + * Set for native-framework certificates; null for custom ones + */ export type ComplianceResourceResponseDtoFramework = ClosedEnum< typeof ComplianceResourceResponseDtoFramework >; @@ -36,10 +42,21 @@ export const ComplianceResourceResponseDtoFramework$zodSchema = z.enum([ "iso_9001", "pipeda", "ccpa", -]); +]).describe("Set for native-framework certificates; null for custom ones"); + +/** + * Set for custom-framework certificates; null for native ones + */ +export type CustomFrameworkId = {}; + +export const CustomFrameworkId$zodSchema: z.ZodType = z + .object({}).describe( + "Set for custom-framework certificates; null for native ones", + ); export type ComplianceResourceResponseDto = { - framework: ComplianceResourceResponseDtoFramework; + framework: ComplianceResourceResponseDtoFramework | null; + customFrameworkId: CustomFrameworkId | null; fileName: string; fileSize: number; updatedAt: string; @@ -48,9 +65,12 @@ export type ComplianceResourceResponseDto = { export const ComplianceResourceResponseDto$zodSchema: z.ZodType< ComplianceResourceResponseDto > = z.object({ + customFrameworkId: z.lazy(() => CustomFrameworkId$zodSchema).nullable() + .describe("Set for custom-framework certificates; null for native ones"), fileName: z.string(), fileSize: z.number().describe("File size in bytes"), - framework: ComplianceResourceResponseDtoFramework$zodSchema, + framework: ComplianceResourceResponseDtoFramework$zodSchema.nullable() + .describe("Set for native-framework certificates; null for custom ones"), updatedAt: z.string().describe( "ISO timestamp when the certificate was last updated", ), diff --git a/apps/mcp-server/src/models/complianceresourcesignedurldto.ts b/apps/mcp-server/src/models/complianceresourcesignedurldto.ts index 5f3b0aa198..36653b2f1e 100644 --- a/apps/mcp-server/src/models/complianceresourcesignedurldto.ts +++ b/apps/mcp-server/src/models/complianceresourcesignedurldto.ts @@ -6,7 +6,7 @@ import * as z from "zod"; import { ClosedEnum } from "../types/enums.js"; /** - * Compliance framework identifier + * Native compliance framework identifier */ export const ComplianceResourceSignedUrlDtoFramework = { Iso27001: "iso_27001", @@ -23,7 +23,7 @@ export const ComplianceResourceSignedUrlDtoFramework = { Ccpa: "ccpa", } as const; /** - * Compliance framework identifier + * Native compliance framework identifier */ export type ComplianceResourceSignedUrlDtoFramework = ClosedEnum< typeof ComplianceResourceSignedUrlDtoFramework @@ -42,19 +42,22 @@ export const ComplianceResourceSignedUrlDtoFramework$zodSchema = z.enum([ "iso_9001", "pipeda", "ccpa", -]).describe("Compliance framework identifier"); +]).describe("Native compliance framework identifier"); export type ComplianceResourceSignedUrlDto = { organizationId: string; - framework: ComplianceResourceSignedUrlDtoFramework; + framework?: ComplianceResourceSignedUrlDtoFramework | undefined; + customFrameworkId?: string | undefined; }; export const ComplianceResourceSignedUrlDto$zodSchema: z.ZodType< ComplianceResourceSignedUrlDto > = z.object({ - framework: ComplianceResourceSignedUrlDtoFramework$zodSchema.describe( - "Compliance framework identifier", + customFrameworkId: z.string().optional().describe( + "Org-authored custom framework ID (alternative to `framework`)", ), + framework: ComplianceResourceSignedUrlDtoFramework$zodSchema.optional() + .describe("Native compliance framework identifier"), organizationId: z.string().describe( "Organization ID that owns the compliance resource", ), diff --git a/apps/mcp-server/src/models/controlscontrollerunlinkdocumenttypev1op.ts b/apps/mcp-server/src/models/controlscontrollerunlinkdocumenttypev1op.ts index c582816881..1298a1804f 100644 --- a/apps/mcp-server/src/models/controlscontrollerunlinkdocumenttypev1op.ts +++ b/apps/mcp-server/src/models/controlscontrollerunlinkdocumenttypev1op.ts @@ -28,6 +28,7 @@ export const ControlsControllerUnlinkDocumentTypeV1FormType = { EmployeePerformanceEvaluation: "employee_performance_evaluation", NetworkDiagram: "network_diagram", TabletopExercise: "tabletop_exercise", + AccountTypes: "account_types", } as const; /** * Evidence form type to unlink from the control @@ -49,12 +50,13 @@ export const ControlsControllerUnlinkDocumentTypeV1FormType$zodSchema = z.enum([ "employee_performance_evaluation", "network_diagram", "tabletop_exercise", + "account_types", ]).describe("Evidence form type to unlink from the control"); export type ControlsControllerUnlinkDocumentTypeV1Request = { id: string; - frameworkInstanceId: string; formType: ControlsControllerUnlinkDocumentTypeV1FormType; + frameworkInstanceId: string; }; export const ControlsControllerUnlinkDocumentTypeV1Request$zodSchema: z.ZodType< diff --git a/apps/mcp-server/src/models/createcontroldto.ts b/apps/mcp-server/src/models/createcontroldto.ts index 1dc738241f..990acd54ae 100644 --- a/apps/mcp-server/src/models/createcontroldto.ts +++ b/apps/mcp-server/src/models/createcontroldto.ts @@ -22,6 +22,7 @@ export const DocumentType = { EmployeePerformanceEvaluation: "employee_performance_evaluation", NetworkDiagram: "network_diagram", TabletopExercise: "tabletop_exercise", + AccountTypes: "account_types", } as const; export type DocumentType = ClosedEnum; @@ -38,6 +39,7 @@ export const DocumentType$zodSchema = z.enum([ "employee_performance_evaluation", "network_diagram", "tabletop_exercise", + "account_types", ]); export type CreateControlDto = { diff --git a/apps/mcp-server/src/models/createfindingdto.ts b/apps/mcp-server/src/models/createfindingdto.ts index ab3601b38c..0a2ef75872 100644 --- a/apps/mcp-server/src/models/createfindingdto.ts +++ b/apps/mcp-server/src/models/createfindingdto.ts @@ -21,6 +21,7 @@ export const EvidenceFormType = { EmployeePerformanceEvaluation: "employee-performance-evaluation", NetworkDiagram: "network-diagram", TabletopExercise: "tabletop-exercise", + AccountTypes: "account-types", } as const; /** * Evidence form type @@ -40,6 +41,7 @@ export const EvidenceFormType$zodSchema = z.enum([ "employee-performance-evaluation", "network-diagram", "tabletop-exercise", + "account-types", ]).describe("Evidence form type"); /** diff --git a/apps/mcp-server/src/models/createpenetrationtestdto.ts b/apps/mcp-server/src/models/createpenetrationtestdto.ts index a7308aca94..65314855b8 100644 --- a/apps/mcp-server/src/models/createpenetrationtestdto.ts +++ b/apps/mcp-server/src/models/createpenetrationtestdto.ts @@ -7,11 +7,15 @@ import * as z from "zod"; export type CreatePenetrationTestDto = { targetUrl: string; repoUrl?: string | undefined; + additionalContext?: string | undefined; }; export const CreatePenetrationTestDto$zodSchema: z.ZodType< CreatePenetrationTestDto > = z.object({ + additionalContext: z.string().optional().describe( + "Free-text context shared with the testing agent, e.g. remediation notes or accepted-by-design explanations from a previous run. Saved per-finding context notes for the same target are appended automatically. Max 4000 characters.", + ), repoUrl: z.string().optional().describe( "Repository URL containing the target application code", ), diff --git a/apps/mcp-server/src/models/createversiondto.ts b/apps/mcp-server/src/models/createversiondto.ts index a5b2f201e8..5c12ea9501 100644 --- a/apps/mcp-server/src/models/createversiondto.ts +++ b/apps/mcp-server/src/models/createversiondto.ts @@ -5,17 +5,19 @@ import * as z from "zod"; export type CreateVersionDto = { - sourceVersionId?: string | undefined; + version: number; + scriptKey: string; changelog?: string | undefined; }; export const CreateVersionDto$zodSchema: z.ZodType = z.object( { changelog: z.string().optional().describe( - "Optional changelog to associate with the new version", + "Optional changelog describing this version", ), - sourceVersionId: z.string().optional().describe( - "Optional version ID to base the new version on", + scriptKey: z.string().describe( + "S3 key of the already-generated & published automation script (returned by the publish step).", ), + version: z.number().describe("Version number for this published script"), }, ); diff --git a/apps/mcp-server/src/models/findingscontrollerlistfindingsv1op.ts b/apps/mcp-server/src/models/findingscontrollerlistfindingsv1op.ts index 4acdb58ce3..bae96e5643 100644 --- a/apps/mcp-server/src/models/findingscontrollerlistfindingsv1op.ts +++ b/apps/mcp-server/src/models/findingscontrollerlistfindingsv1op.ts @@ -75,6 +75,7 @@ export const FindingsControllerListFindingsV1EvidenceFormType = { EmployeePerformanceEvaluation: "employee-performance-evaluation", NetworkDiagram: "network-diagram", TabletopExercise: "tabletop-exercise", + AccountTypes: "account-types", } as const; export type FindingsControllerListFindingsV1EvidenceFormType = ClosedEnum< typeof FindingsControllerListFindingsV1EvidenceFormType @@ -94,6 +95,7 @@ export const FindingsControllerListFindingsV1EvidenceFormType$zodSchema = z "employee-performance-evaluation", "network-diagram", "tabletop-exercise", + "account-types", ]); export type FindingsControllerListFindingsV1Request = { diff --git a/apps/mcp-server/src/models/linkdocumenttypesdto.ts b/apps/mcp-server/src/models/linkdocumenttypesdto.ts index 5a1f64ad73..cade160b8e 100644 --- a/apps/mcp-server/src/models/linkdocumenttypesdto.ts +++ b/apps/mcp-server/src/models/linkdocumenttypesdto.ts @@ -18,6 +18,7 @@ export const FormType = { EmployeePerformanceEvaluation: "employee_performance_evaluation", NetworkDiagram: "network_diagram", TabletopExercise: "tabletop_exercise", + AccountTypes: "account_types", } as const; export type FormType = ClosedEnum; @@ -34,6 +35,7 @@ export const FormType$zodSchema = z.enum([ "employee_performance_evaluation", "network_diagram", "tabletop_exercise", + "account_types", ]); export type LinkDocumentTypesDto = { formTypes: Array }; diff --git a/apps/mcp-server/src/models/pentestfindingcontextscontrollerlistv1op.ts b/apps/mcp-server/src/models/pentestfindingcontextscontrollerlistv1op.ts new file mode 100644 index 0000000000..e4f77922d3 --- /dev/null +++ b/apps/mcp-server/src/models/pentestfindingcontextscontrollerlistv1op.ts @@ -0,0 +1,19 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import * as z from "zod"; + +export type PentestFindingContextsControllerListV1Request = { + xOrganizationId?: string | undefined; + targetUrl: string; +}; + +export const PentestFindingContextsControllerListV1Request$zodSchema: z.ZodType< + PentestFindingContextsControllerListV1Request +> = z.object({ + targetUrl: z.string().describe("Target URL the notes are attached to"), + xOrganizationId: z.string().describe( + "Organization ID (required for session auth, optional for API key auth)", + ).optional(), +}); diff --git a/apps/mcp-server/src/models/pentestfindingcontextscontrollerremovev1op.ts b/apps/mcp-server/src/models/pentestfindingcontextscontrollerremovev1op.ts new file mode 100644 index 0000000000..596753a1af --- /dev/null +++ b/apps/mcp-server/src/models/pentestfindingcontextscontrollerremovev1op.ts @@ -0,0 +1,18 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import * as z from "zod"; + +export type PentestFindingContextsControllerRemoveV1Request = { + xOrganizationId?: string | undefined; + issueId: string; +}; + +export const PentestFindingContextsControllerRemoveV1Request$zodSchema: + z.ZodType = z.object({ + issueId: z.string(), + xOrganizationId: z.string().describe( + "Organization ID (required for session auth, optional for API key auth)", + ).optional(), + }); diff --git a/apps/mcp-server/src/models/pentestfindingcontextscontrollerupsertv1op.ts b/apps/mcp-server/src/models/pentestfindingcontextscontrollerupsertv1op.ts new file mode 100644 index 0000000000..8283d15511 --- /dev/null +++ b/apps/mcp-server/src/models/pentestfindingcontextscontrollerupsertv1op.ts @@ -0,0 +1,24 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import * as z from "zod"; +import { + UpsertFindingContextDto, + UpsertFindingContextDto$zodSchema, +} from "./upsertfindingcontextdto.js"; + +export type PentestFindingContextsControllerUpsertV1Request = { + xOrganizationId?: string | undefined; + issueId: string; + body: UpsertFindingContextDto; +}; + +export const PentestFindingContextsControllerUpsertV1Request$zodSchema: + z.ZodType = z.object({ + body: UpsertFindingContextDto$zodSchema, + issueId: z.string(), + xOrganizationId: z.string().describe( + "Organization ID (required for session auth, optional for API key auth)", + ).optional(), + }); diff --git a/apps/mcp-server/src/models/trustaccesscontrollergetpubliccustomframeworksv1op.ts b/apps/mcp-server/src/models/trustaccesscontrollergetpubliccustomframeworksv1op.ts new file mode 100644 index 0000000000..0bca9b4846 --- /dev/null +++ b/apps/mcp-server/src/models/trustaccesscontrollergetpubliccustomframeworksv1op.ts @@ -0,0 +1,18 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import * as z from "zod"; + +export type TrustAccessControllerGetPublicCustomFrameworksV1Request = { + friendlyUrl: string; +}; + +export const TrustAccessControllerGetPublicCustomFrameworksV1Request$zodSchema: + z.ZodType = z.object( + { + friendlyUrl: z.string().describe( + "Trust Portal friendly URL or Organization ID", + ), + }, + ); diff --git a/apps/mcp-server/src/models/trustportalcontrollerupdatecustomframeworkv1op.ts b/apps/mcp-server/src/models/trustportalcontrollerupdatecustomframeworkv1op.ts new file mode 100644 index 0000000000..9f5b8d021e --- /dev/null +++ b/apps/mcp-server/src/models/trustportalcontrollerupdatecustomframeworkv1op.ts @@ -0,0 +1,84 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import * as z from "zod"; +import { ClosedEnum } from "../types/enums.js"; + +export const TrustPortalControllerUpdateCustomFrameworkV1Status2 = { + Started: "started", + InProgress: "in_progress", + Compliant: "compliant", +} as const; +export type TrustPortalControllerUpdateCustomFrameworkV1Status2 = ClosedEnum< + typeof TrustPortalControllerUpdateCustomFrameworkV1Status2 +>; + +export const TrustPortalControllerUpdateCustomFrameworkV1Status2$zodSchema = z + .enum([ + "started", + "in_progress", + "compliant", + ]); + +export type TrustPortalControllerUpdateCustomFrameworkV1RequestBody2 = { + customFrameworkId: string; + enabled?: boolean | undefined; + status: TrustPortalControllerUpdateCustomFrameworkV1Status2; +}; + +export const TrustPortalControllerUpdateCustomFrameworkV1RequestBody2$zodSchema: + z.ZodType = z + .object({ + customFrameworkId: z.string(), + enabled: z.boolean().optional(), + status: TrustPortalControllerUpdateCustomFrameworkV1Status2$zodSchema, + }); + +export const TrustPortalControllerUpdateCustomFrameworkV1Status1 = { + Started: "started", + InProgress: "in_progress", + Compliant: "compliant", +} as const; +export type TrustPortalControllerUpdateCustomFrameworkV1Status1 = ClosedEnum< + typeof TrustPortalControllerUpdateCustomFrameworkV1Status1 +>; + +export const TrustPortalControllerUpdateCustomFrameworkV1Status1$zodSchema = z + .enum([ + "started", + "in_progress", + "compliant", + ]); + +export type TrustPortalControllerUpdateCustomFrameworkV1RequestBody1 = { + customFrameworkId: string; + enabled: boolean; + status?: TrustPortalControllerUpdateCustomFrameworkV1Status1 | undefined; +}; + +export const TrustPortalControllerUpdateCustomFrameworkV1RequestBody1$zodSchema: + z.ZodType = z + .object({ + customFrameworkId: z.string(), + enabled: z.boolean(), + status: TrustPortalControllerUpdateCustomFrameworkV1Status1$zodSchema + .optional(), + }); + +/** + * At least one of `enabled` or `status` must be provided. + */ +export type TrustPortalControllerUpdateCustomFrameworkV1Request = + | TrustPortalControllerUpdateCustomFrameworkV1RequestBody1 + | TrustPortalControllerUpdateCustomFrameworkV1RequestBody2; + +export const TrustPortalControllerUpdateCustomFrameworkV1Request$zodSchema: + z.ZodType = z.union([ + z.lazy(() => + TrustPortalControllerUpdateCustomFrameworkV1RequestBody1$zodSchema + ), + z.lazy(() => + TrustPortalControllerUpdateCustomFrameworkV1RequestBody2$zodSchema + ), + ]).describe("At least one of `enabled` or `status` must be provided."); diff --git a/apps/mcp-server/src/models/updateallowedemailsdto.ts b/apps/mcp-server/src/models/updateallowedemailsdto.ts new file mode 100644 index 0000000000..3bd71e6642 --- /dev/null +++ b/apps/mcp-server/src/models/updateallowedemailsdto.ts @@ -0,0 +1,15 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import * as z from "zod"; + +export type UpdateAllowedEmailsDto = { emails: Array }; + +export const UpdateAllowedEmailsDto$zodSchema: z.ZodType< + UpdateAllowedEmailsDto +> = z.object({ + emails: z.array(z.string()).describe( + "Email addresses that bypass NDA signing for trust portal access. Replaces the full list; send an empty array to clear it.", + ), +}); diff --git a/apps/mcp-server/src/models/uploadcomplianceresourcedto.ts b/apps/mcp-server/src/models/uploadcomplianceresourcedto.ts index 7160e2aaa3..026aa6b597 100644 --- a/apps/mcp-server/src/models/uploadcomplianceresourcedto.ts +++ b/apps/mcp-server/src/models/uploadcomplianceresourcedto.ts @@ -6,7 +6,7 @@ import * as z from "zod"; import { ClosedEnum } from "../types/enums.js"; /** - * Compliance framework identifier + * Native compliance framework identifier */ export const UploadComplianceResourceDtoFramework = { Iso27001: "iso_27001", @@ -23,7 +23,7 @@ export const UploadComplianceResourceDtoFramework = { Ccpa: "ccpa", } as const; /** - * Compliance framework identifier + * Native compliance framework identifier */ export type UploadComplianceResourceDtoFramework = ClosedEnum< typeof UploadComplianceResourceDtoFramework @@ -42,11 +42,12 @@ export const UploadComplianceResourceDtoFramework$zodSchema = z.enum([ "iso_9001", "pipeda", "ccpa", -]).describe("Compliance framework identifier"); +]).describe("Native compliance framework identifier"); export type UploadComplianceResourceDto = { organizationId: string; - framework: UploadComplianceResourceDtoFramework; + framework?: UploadComplianceResourceDtoFramework | undefined; + customFrameworkId?: string | undefined; fileName: string; fileType: string; fileData: string; @@ -55,11 +56,14 @@ export type UploadComplianceResourceDto = { export const UploadComplianceResourceDto$zodSchema: z.ZodType< UploadComplianceResourceDto > = z.object({ + customFrameworkId: z.string().optional().describe( + "Org-authored custom framework ID (alternative to `framework`)", + ), fileData: z.string().describe("Base64 encoded PDF content"), fileName: z.string().describe("Original file name (PDF only)"), fileType: z.string().describe("MIME type of the file"), - framework: UploadComplianceResourceDtoFramework$zodSchema.describe( - "Compliance framework identifier", + framework: UploadComplianceResourceDtoFramework$zodSchema.optional().describe( + "Native compliance framework identifier", ), organizationId: z.string().describe( "Organization ID that owns the compliance resource", diff --git a/apps/mcp-server/src/models/upsertfindingcontextdto.ts b/apps/mcp-server/src/models/upsertfindingcontextdto.ts new file mode 100644 index 0000000000..ea45dd2a6d --- /dev/null +++ b/apps/mcp-server/src/models/upsertfindingcontextdto.ts @@ -0,0 +1,16 @@ +/* + * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT. + */ + +import * as z from "zod"; + +export type UpsertFindingContextDto = { runId: string; context: string }; + +export const UpsertFindingContextDto$zodSchema: z.ZodType< + UpsertFindingContextDto +> = z.object({ + context: z.string().describe( + "Context for the finding, e.g. an accepted-by-design rationale or remediation details. Shared with the testing agent on future scans of the same target. Max 2000 characters.", + ), + runId: z.string().describe("Penetration test run ID the finding belongs to"), +}); diff --git a/apps/mcp-server/src/tool-names.ts b/apps/mcp-server/src/tool-names.ts index 4f332a52de..684c1bcdd8 100644 --- a/apps/mcp-server/src/tool-names.ts +++ b/apps/mcp-server/src/tool-names.ts @@ -530,7 +530,7 @@ export const toolNames: Array<{ name: string; description: string }>= [ }, { "name": "export-all-evidence", - "description": "Export all organization evidence as ZIP (Auditor only)\n\nExport all organization evidence as ZIP (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." + "description": "Trigger bulk evidence export (Auditor only)\n\nTrigger bulk evidence export (Auditor only) in Comp AI. Export all organization evidence for an auditor review package." }, { "name": "get-comments", @@ -612,10 +612,22 @@ export const toolNames: Array<{ name: string; description: string }>= [ "name": "update-allowed-domains", "description": "Update allowed domains for the trust portal\n\nUpdate allowed domains for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." }, + { + "name": "update-allowed-emails", + "description": "Update allowed emails for the trust portal\n\nUpdate allowed emails for the trust portal in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + }, { "name": "update-frameworks", "description": "Update trust portal framework settings\n\nUpdate trust portal framework settings in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." }, + { + "name": "list-custom-frameworks", + "description": "List org-authored custom frameworks with their trust portal selection\n\nList org-authored custom frameworks with their trust portal selection in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + }, + { + "name": "update-custom-framework", + "description": "Enable/disable a custom framework on the trust portal and set its status\n\nEnable/disable a custom framework on the trust portal and set its status in Comp AI. Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures." + }, { "name": "update-overview", "description": "Update Trust Center overview\n\nUpdate the public Trust Center overview content that explains security posture and compliance status to prospects and customers." @@ -716,6 +728,10 @@ export const toolNames: Array<{ name: string; description: string }>= [ "name": "get-public-vendors", "description": "List Trust Center vendors\n\nList published vendors and subprocessors for an organization Trust Center so reviewers can inspect third-party posture." }, + { + "name": "get-public-custom-frameworks", + "description": "Get org-authored custom frameworks shown on a trust portal\n\nGet org-authored custom frameworks shown on a trust portal in Comp AI. Manage external Trust Center access requests, NDA signing, grants, tokenized document downloads, public FAQs, and reviewer access." + }, { "name": "list-findings", "description": "List audit findings\n\nList audit findings with status, severity, owner, history, and remediation context for compliance review workflows." @@ -1088,6 +1104,10 @@ export const toolNames: Array<{ name: string; description: string }>= [ "name": "get-check-definition", "description": "Resolve the \"About this check\" description for a finding (AI-cached for AWS; provider-derived for GCP/Azure)\n\nResolve the \"About this check\" description for a finding (AI-cached for AWS; provider-derived for GCP/Azure) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services, review findings, and connect cloud posture." }, + { + "name": "resolve-session", + "description": "Resolve short-lived AWS credentials for a connection (internal only)\n\nResolve short-lived AWS credentials for a connection (internal only) in Comp AI. Run AWS, Azure, and GCP cloud security scans, detect enabled services, review findings, and connect cloud posture results to compliance work." + }, { "name": "scan", "description": "Run cloud security scan\n\nTrigger a cloud security scan for a connected AWS, Azure, or GCP account and collect findings for compliance remediation." @@ -1288,6 +1308,18 @@ export const toolNames: Array<{ name: string; description: string }>= [ "name": "get-pdf", "description": "Get penetration test PDF\n\nGet penetration test PDF in Comp AI. Create AI-powered penetration test runs, track progress, inspect findings and events, and download markdown or PDF reports." }, + { + "name": "list-pentest-finding-contexts", + "description": "List pentest finding context notes\n\nReturns the customer-written context notes attached to pentest findings for a target URL. These notes are shared with the testing agent on future scans of the same target so retests are informed, not blind." + }, + { + "name": "set-pentest-finding-context", + "description": "Add context to a pentest finding\n\nSaves a customer context note on a pentest finding, e.g. an accepted-by-design rationale or remediation details. Future scans of the same target pass the note to the testing agent so the issue is retested with that context." + }, + { + "name": "delete-pentest-finding-context", + "description": "Remove context from a pentest finding\n\nDeletes the customer context note attached to a pentest finding so future scans of the target no longer receive it from the testing agent briefing." + }, { "name": "get-pending-offboardings", "description": "Get members with pending offboarding checklists\n\nLists members whose offboarding checklist is still incomplete, with their outstanding items, so you can track and finish departing-employee offboarding." diff --git a/packages/integration-platform/src/manifests/aws/checks/__tests__/aws-checks.test.ts b/packages/integration-platform/src/manifests/aws/checks/__tests__/aws-checks.test.ts index 190da69c8b..fddbfcf7df 100644 --- a/packages/integration-platform/src/manifests/aws/checks/__tests__/aws-checks.test.ts +++ b/packages/integration-platform/src/manifests/aws/checks/__tests__/aws-checks.test.ts @@ -809,11 +809,12 @@ describe('IAM/CloudTrail outcomes carry evidence (so the UI shows "View Evidence // ── AWS account attribution (multi-account findings) ─────────────────────── -function captureCtx(credentials: Record) { +function captureCtx(credentials: Record, checkId?: string) { const passed: Array<{ description: string; evidence?: Record }> = []; const failed: Array<{ description: string; evidence?: Record }> = []; const ctx = { credentials, + checkId, pass: (r: { description: string; evidence?: Record }) => passed.push(r), fail: (r: { description: string; evidence?: Record }) => @@ -894,6 +895,35 @@ describe('emitOutcomes — attributes findings to the AWS account', () => { '(AWS account 123456789012 — Production AWS)', ); }); + + it('stamps a stable findingKey of `${checkId}-${resourceId}` so findings can be excepted', () => { + const { ctx, passed } = captureCtx( + { roleArn: 'arn:aws:iam::123456789012:role/CompAIAuditor' }, + 'aws-s3-public-access', + ); + emitOutcomes(ctx, [PASS_OUTCOME]); // resourceId = 'my-bucket' + expect(passed[0]!.evidence?.findingKey).toBe('aws-s3-public-access-my-bucket'); + // Account attribution still applied alongside. + expect(passed[0]!.evidence?.awsAccountId).toBe('123456789012'); + }); + + it('stamps findingKey even for key-auth connections with no account id (the un-exceptable bug)', () => { + const { ctx, passed } = captureCtx( + { access_key_id: 'AKIA', secret_access_key: 'secret' }, + 'aws-s3-public-access', + ); + emitOutcomes(ctx, [PASS_OUTCOME]); + expect(passed[0]!.evidence?.findingKey).toBe('aws-s3-public-access-my-bucket'); + expect(passed[0]!.evidence?.awsAccountId).toBeUndefined(); + }); + + it('omits findingKey when the runner did not set ctx.checkId', () => { + const { ctx, passed } = captureCtx({ + roleArn: 'arn:aws:iam::123456789012:role/CompAIAuditor', + }); + emitOutcomes(ctx, [PASS_OUTCOME]); + expect(passed[0]!.evidence?.findingKey).toBeUndefined(); + }); }); describe('account-level findings carry AWS account attribution (cubic finding on CS-533)', () => { diff --git a/packages/integration-platform/src/manifests/aws/checks/shared.ts b/packages/integration-platform/src/manifests/aws/checks/shared.ts index a72a584ac6..46e1e5cf20 100644 --- a/packages/integration-platform/src/manifests/aws/checks/shared.ts +++ b/packages/integration-platform/src/manifests/aws/checks/shared.ts @@ -307,20 +307,33 @@ export function awsConnectionNameFromCtx(ctx: CheckContext): string | null { export function emitOutcomes(ctx: CheckContext, outcomes: CheckOutcome[]): void { const accountId = awsAccountIdFromCtx(ctx); const connectionName = awsConnectionNameFromCtx(ctx); + const checkId = ctx.checkId; // "AWS account 123456789012 — Production AWS" (name only shown when set). const label = accountId ? `AWS account ${accountId}${connectionName ? ` — ${connectionName}` : ''}` : null; const describe = (description: string) => label ? `${description} (${label})` : description; - const stamp = (evidence: Record | undefined) => - accountId - ? { - ...(evidence ?? {}), - awsAccountId: accountId, - ...(connectionName ? { awsConnectionName: connectionName } : {}), - } - : evidence; + // Stamp a stable per-(check, resource) `findingKey` so the finding can be + // marked as an exception and matched across scans. normalizeCheckId() strips + // the "-" suffix back to the check id on the consuming side, so it + // must mirror this exact shape. Account attribution fields are added only when + // the account id is known (role-auth connections). + const stamp = ( + evidence: Record | undefined, + resourceId: string, + ): Record | undefined => { + const findingKey = checkId ? `${checkId}-${resourceId}` : undefined; + if (!findingKey && !accountId) return evidence; + return { + ...(evidence ?? {}), + ...(findingKey ? { findingKey } : {}), + ...(accountId ? { awsAccountId: accountId } : {}), + ...(accountId && connectionName + ? { awsConnectionName: connectionName } + : {}), + }; + }; for (const o of outcomes) { if (o.kind === 'pass') { @@ -329,7 +342,7 @@ export function emitOutcomes(ctx: CheckContext, outcomes: CheckOutcome[]): void description: describe(o.description), resourceType: o.resourceType, resourceId: o.resourceId, - evidence: stamp(o.evidence) ?? {}, + evidence: stamp(o.evidence, o.resourceId) ?? {}, }); } else { ctx.fail({ @@ -339,7 +352,7 @@ export function emitOutcomes(ctx: CheckContext, outcomes: CheckOutcome[]): void resourceId: o.resourceId, severity: o.severity ?? 'medium', remediation: o.remediation ?? 'Review and remediate this finding.', - evidence: stamp(o.evidence), + evidence: stamp(o.evidence, o.resourceId), }); } } diff --git a/packages/integration-platform/src/runtime/check-runner.ts b/packages/integration-platform/src/runtime/check-runner.ts index 5141794c8d..253f476191 100644 --- a/packages/integration-platform/src/runtime/check-runner.ts +++ b/packages/integration-platform/src/runtime/check-runner.ts @@ -38,6 +38,10 @@ export async function runCheck( const startTime = Date.now(); const { ctx, getResults } = createCheckContext(options); + // Expose the running check's id so emitters (e.g. AWS emitOutcomes) can stamp + // a stable findingKey on each outcome. Distinct from RunCheckOptions.checkId, + // which is the optional "run only this check" filter. + ctx.checkId = check.id; try { ctx.log(`Starting check: ${check.name}`); diff --git a/packages/integration-platform/src/types.ts b/packages/integration-platform/src/types.ts index e1cb010af9..acbbef67da 100644 --- a/packages/integration-platform/src/types.ts +++ b/packages/integration-platform/src/types.ts @@ -286,6 +286,14 @@ export interface CheckContext { /** Organization ID */ organizationId: string; + /** + * The id of the check currently running (e.g. "aws-s3-public-access"). + * Set by the runner before `run()` is invoked. AWS `emitOutcomes` uses it + * to stamp a stable `findingKey` on each outcome so findings can be marked + * as exceptions and matched across scans. + */ + checkId?: string; + /** Connection metadata (e.g., OAuth team/user info from token response) */ metadata?: Record;