c45246b918
Three more read-only tools on securityRegistry: - pending_review: agent-proposed changes awaiting approval (injection surface) - resource_exposure: host/url/status attack-surface inventory (resources.listExposure, scalar cols only — no monitoring/metadata/credentials) - token_audit: token label/last_used/revoked, never the hash Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
15 lines
727 B
JavaScript
15 lines
727 B
JavaScript
import * as resources from '../../../../db/repos/resources.js';
|
|
|
|
// Attack-surface inventory: every resource's host/url/status across all spaces.
|
|
// Backed by resources.listExposure (scalar columns only — no monitoring/metadata
|
|
// JSON, no credentials).
|
|
export const resourceExposureTool = {
|
|
name: 'resource_exposure',
|
|
description: 'Inventory of all resources (services/hosts) with their host, url and status — the reachable attack surface. Use to spot exposed or unexpected services. Never includes secrets or monitoring config.',
|
|
input_schema: { type: 'object', properties: {} },
|
|
async handler(_args, _ctx) {
|
|
const resourceList = await resources.listExposure();
|
|
return { resources: resourceList };
|
|
}
|
|
};
|