forked from core/php-mcp
130 lines
4.5 KiB
PHP
130 lines
4.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Core\Mod\Mcp\Database\Seeders;
|
|
|
|
use Core\Mod\Mcp\Models\McpSensitiveTool;
|
|
use Illuminate\Database\Seeder;
|
|
|
|
/**
|
|
* Seeds default sensitive tool definitions.
|
|
*
|
|
* These tools require stricter auditing due to their potential
|
|
* impact on security, privacy, or critical operations.
|
|
*/
|
|
class SensitiveToolSeeder extends Seeder
|
|
{
|
|
/**
|
|
* Run the database seeds.
|
|
*/
|
|
public function run(): void
|
|
{
|
|
$sensitiveTools = [
|
|
// Database operations
|
|
[
|
|
'tool_name' => 'query_database',
|
|
'reason' => 'Direct database access - may expose sensitive data',
|
|
'redact_fields' => ['password', 'email', 'phone', 'address', 'ssn'],
|
|
'require_explicit_consent' => false,
|
|
],
|
|
|
|
// User management
|
|
[
|
|
'tool_name' => 'create_user',
|
|
'reason' => 'User account creation - security sensitive',
|
|
'redact_fields' => ['password', 'secret'],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
[
|
|
'tool_name' => 'update_user',
|
|
'reason' => 'User account modification - security sensitive',
|
|
'redact_fields' => ['password', 'secret', 'email'],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
[
|
|
'tool_name' => 'delete_user',
|
|
'reason' => 'User account deletion - irreversible operation',
|
|
'redact_fields' => [],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
|
|
// API key management
|
|
[
|
|
'tool_name' => 'create_api_key',
|
|
'reason' => 'API key creation - security credential',
|
|
'redact_fields' => ['key', 'secret', 'token'],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
[
|
|
'tool_name' => 'revoke_api_key',
|
|
'reason' => 'API key revocation - access control',
|
|
'redact_fields' => [],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
|
|
// Billing and financial
|
|
[
|
|
'tool_name' => 'upgrade_plan',
|
|
'reason' => 'Plan upgrade - financial impact',
|
|
'redact_fields' => ['card_number', 'cvv', 'payment_method'],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
[
|
|
'tool_name' => 'create_coupon',
|
|
'reason' => 'Coupon creation - financial impact',
|
|
'redact_fields' => [],
|
|
'require_explicit_consent' => false,
|
|
],
|
|
[
|
|
'tool_name' => 'process_refund',
|
|
'reason' => 'Refund processing - financial transaction',
|
|
'redact_fields' => ['card_number', 'bank_account'],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
|
|
// Content operations
|
|
[
|
|
'tool_name' => 'delete_content',
|
|
'reason' => 'Content deletion - irreversible data loss',
|
|
'redact_fields' => [],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
[
|
|
'tool_name' => 'publish_content',
|
|
'reason' => 'Public content publishing - visibility impact',
|
|
'redact_fields' => [],
|
|
'require_explicit_consent' => false,
|
|
],
|
|
|
|
// System configuration
|
|
[
|
|
'tool_name' => 'update_config',
|
|
'reason' => 'System configuration change - affects application behaviour',
|
|
'redact_fields' => ['api_key', 'secret', 'password'],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
|
|
// Webhook management
|
|
[
|
|
'tool_name' => 'create_webhook',
|
|
'reason' => 'External webhook creation - data exfiltration risk',
|
|
'redact_fields' => ['secret', 'token'],
|
|
'require_explicit_consent' => true,
|
|
],
|
|
];
|
|
|
|
foreach ($sensitiveTools as $tool) {
|
|
McpSensitiveTool::updateOrCreate(
|
|
['tool_name' => $tool['tool_name']],
|
|
[
|
|
'reason' => $tool['reason'],
|
|
'redact_fields' => $tool['redact_fields'],
|
|
'require_explicit_consent' => $tool['require_explicit_consent'],
|
|
]
|
|
);
|
|
}
|
|
|
|
$this->command->info('Registered '.count($sensitiveTools).' sensitive tool definitions.');
|
|
}
|
|
}
|