Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | 17x 17x 17x 17x 17x 17x 17x | import { z } from 'zod';
import { requiredId, paginationFields } from '../utils';
// ============================================================================
// browse_job_token_scope - CQRS Query Tool (discriminated union schema)
// Actions: get, list_projects, list_groups
//
// The CI/CD job token "inbound" scope controls which OTHER projects/groups may
// access this project's resources using their pipeline CI_JOB_TOKEN. These
// read actions inspect the current scope toggle and the inbound allowlists.
// Project-level only (no group equivalent in the GitLab API).
// ============================================================================
const projectIdField = requiredId.describe(
"Project whose job token scope is inspected. Numeric ID or URL-encoded path (e.g. 'group/project' or '123').",
);
// --- Action: get ---
const GetJobTokenScopeSchema = z.object({
action: z
.literal('get')
.describe('Get the job token scope settings (inbound_enabled / outbound_enabled)'),
project_id: projectIdField,
});
// --- Action: list_projects ---
const ListProjectsSchema = z.object({
action: z
.literal('list_projects')
.describe('List projects on the inbound job token allowlist for this project'),
project_id: projectIdField,
...paginationFields(),
});
// --- Action: list_groups ---
const ListGroupsSchema = z.object({
action: z
.literal('list_groups')
.describe('List groups on the inbound job token allowlist for this project'),
project_id: projectIdField,
...paginationFields(),
});
// --- Discriminated union combining all actions ---
export const BrowseJobTokenScopeSchema = z.discriminatedUnion('action', [
GetJobTokenScopeSchema,
ListProjectsSchema,
ListGroupsSchema,
]);
export type BrowseJobTokenScopeInput = z.infer<typeof BrowseJobTokenScopeSchema>;
|