c45246b918
Three more read-only tools on securityRegistry: - pending_review: agent-proposed changes awaiting approval (injection surface) - resource_exposure: host/url/status attack-surface inventory (resources.listExposure, scalar cols only — no monitoring/metadata/credentials) - token_audit: token label/last_used/revoked, never the hash Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
14 lines
621 B
JavaScript
14 lines
621 B
JavaScript
import * as agents from '../../../../db/repos/agents.js';
|
|
|
|
// Agent credential hygiene: which tokens exist, when last used, whether revoked.
|
|
// Backed by agents.listTokenMeta — token_hash is never selected.
|
|
export const tokenAuditTool = {
|
|
name: 'token_audit',
|
|
description: 'List agent API tokens with label, last_used and revoked status (never the secret) so you can spot stale, unused, or unexpected credentials. Recommend revoking anything dormant.',
|
|
input_schema: { type: 'object', properties: {} },
|
|
async handler(_args, _ctx) {
|
|
const tokens = await agents.listTokenMeta();
|
|
return { tokens };
|
|
}
|
|
};
|