import { z } from 'zod';
import { makeAuthenticatedRequest, createToolResponse } from '../../utils/apiHelpers.js';
import { formatSuccess } from '../../utils/responseHelpers.js';
const aicBaseUrl = process.env.AIC_BASE_URL;
const SCOPES = ['fr:idc:esv:read'];
export const queryESVsTool = {
name: 'queryESVs',
title: 'Query Environment Secrets and Variables (ESVs)',
description: 'Query environment secrets or variables (ESVs) in PingOne AIC by ID',
scopes: SCOPES,
annotations: {
readOnlyHint: true,
openWorldHint: true
},
inputSchema: {
type: z.enum(['variable', 'secret']).describe('Type of ESV to query'),
queryTerm: z.string().max(100).optional().describe(
'Search term to filter by ID. If omitted, returns all ESVs up to pageSize'
),
pageSize: z.number().int().min(1).max(100).optional().describe(
'Number of results to return per page (default: 50)'
),
pagedResultsCookie: z.string().optional().describe(
'Pagination cookie from previous response to retrieve next page'
),
sortKeys: z.string().max(200).optional().describe(
'Comma-separated field names to sort by. Prefix with "-" for descending. Example: "_id,-lastChangeDate"'
),
},
async toolFunction({
type,
queryTerm,
pageSize,
pagedResultsCookie,
sortKeys
}: {
type: 'variable' | 'secret';
queryTerm?: string;
pageSize?: number;
pagedResultsCookie?: string;
sortKeys?: string;
}) {
try {
const endpoint = type === 'variable' ? 'variables' : 'secrets';
const url = new URL(`https://${aicBaseUrl}/environment/${endpoint}`);
if (queryTerm) {
// Escape double quotes to prevent query injection
const escapedTerm = queryTerm.replace(/"/g, '\\"');
const queryFilter = `/_id co "${escapedTerm}"`;
url.searchParams.append('_queryFilter', queryFilter);
} else {
url.searchParams.append('_queryFilter', 'true');
}
// Page size - default to 50, max 100
const effectivePageSize = Math.min(pageSize || 50, 100);
url.searchParams.append('_pageSize', effectivePageSize.toString());
if (pagedResultsCookie) {
url.searchParams.append('_pagedResultsCookie', pagedResultsCookie);
}
if (sortKeys) {
url.searchParams.append('_sortKeys', sortKeys);
}
const { data, response } = await makeAuthenticatedRequest(
url.toString(),
SCOPES,
{
headers: {
'accept-api-version': 'resource=2.0'
}
}
);
return createToolResponse(formatSuccess(data, response));
} catch (error: any) {
return createToolResponse(`Failed to query environment ${type}s: ${error.message}`);
}
}
};
