Skip to content

fix: manageGateway 工具参数设计不清晰导致 HTTP 函数配置不完整 #555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
binggg wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: manageGateway 工具参数设计不清晰导致 HTTP 函数配置不完整 #555

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion mcp/src/tools/gateway.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ describe("gateway tools", () => {
expect(payload).toMatchObject({
success: true,
message:
"已为目标 helloFn 创建网关访问路径。注意:路由配置传播通常需要等待 30 秒到 3 分钟,请勿立即访问。",
"已为目标 helloFn 创建网关访问路径。注意:路由配置传播通常需要等待 30 秒到 3 分钟,请勿立即访问。该操作只创建网关入口,不会自动放开函数安全规则;若需要匿名或浏览器直接访问,请继续检查函数资源权限。",
data: {
action: "createAccess",
targetType: "function",
Expand All @@ -175,6 +175,17 @@ describe("gateway tools", () => {
action: "getAccess",
reason: "等待 30 秒到 3 分钟后再确认访问入口是否已生效",
}),
expect.objectContaining({
tool: "queryPermissions",
action: "getResourcePermission",
reason:
"确认函数安全规则是否允许预期访问方;网关 auth=false 不等于函数已允许匿名访问",
}),
expect.objectContaining({
tool: "managePermissions",
action: "updateResourcePermission",
reason: "只有在确认需要匿名或浏览器直连访问时,才按实际安全要求更新函数权限",
}),
],
});
});
Expand Down
29 changes: 24 additions & 5 deletions mcp/src/tools/gateway.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,13 +358,23 @@ export function registerGatewayTools(server: ExtendedMcpServer) {
path: accessPath,
raw: result,
},
`已为目标 ${input.targetName} 创建网关访问路径。注意:路由配置传播通常需要等待 30 秒到 3 分钟,请勿立即访问。`,
`已为目标 ${input.targetName} 创建网关访问路径。注意:路由配置传播通常需要等待 30 秒到 3 分钟,请勿立即访问。该操作只创建网关入口,不会自动放开函数安全规则;若需要匿名或浏览器直接访问,请继续检查函数资源权限。`,
[
{
tool: "queryGateway",
action: "getAccess",
reason: "等待 30 秒到 3 分钟后再确认访问入口是否已生效",
},
{
tool: "queryPermissions",
action: "getResourcePermission",
reason: "确认函数安全规则是否允许预期访问方;网关 auth=false 不等于函数已允许匿名访问",
},
{
tool: "managePermissions",
action: "updateResourcePermission",
reason: "只有在确认需要匿名或浏览器直连访问时,才按实际安全要求更新函数权限",
},
],
);
}
Expand Down Expand Up @@ -563,17 +573,26 @@ export function registerGatewayTools(server: ExtendedMcpServer) {
{
title: "管理网关域资源",
description:
"网关域统一写入口。通过 action 创建目标访问入口,后续承接更通用的网关配置能力。",
"网关域统一写入口。通过 action 创建目标访问入口,后续承接更通用的网关配置能力。注意 createAccess 只创建网关入口,不会自动修改函数资源权限。",
inputSchema: {
action: z.enum(MANAGE_GATEWAY_ACTIONS).describe("写操作类型,例如 createAccess"),
targetType: z
.enum(["function"])
.optional()
.describe("目标资源类型。当前支持 function,后续可扩展"),
targetName: z.string().optional().describe("目标资源名称"),
path: z.string().optional().describe("访问路径,默认 /{targetName}"),
type: z.enum(["Event", "HTTP"]).optional().describe("目标函数的本身类型(非接入形式)。如果被访问的函数是 Event 型(默认),此处必须传 Event;只有当被访问函数在创建时就是 HTTP 函数时才传 HTTP。"),
auth: z.boolean().optional().describe("是否开启鉴权"),
path: z
.string()
.optional()
.describe("访问路径,默认 /{targetName}。该参数只创建网关入口,不会自动放开函数资源权限。"),
type: z
.enum(["Event", "HTTP"])
.optional()
.describe("目标函数的本身类型(非接入形式)。如果被访问的函数是 Event 型(默认),此处必须传 Event;只有当被访问函数在创建时就是 HTTP 函数时才传 HTTP。"),
auth: z
.boolean()
.optional()
.describe("是否开启网关路径鉴权。该开关仅控制网关入口本身,不会修改函数资源权限;若需匿名或浏览器直连访问,还需检查并按需调整函数安全规则。"),
route: z
.object({
routeId: z.string().optional(),
Expand Down
Loading