Skip to content

Commit ed1492b

Browse files
authored
fix(google-vault): validate against live API docs, add matter/hold/saved-query CRUD coverage (#5482)
* fix(google-vault): validate integration against live API docs, add matter/hold/saved-query CRUD coverage - Fix critical bug: create_matters_export sent the deprecated Query.searchMethod field (deprecated 2019, support ended 2020) instead of method, silently breaking account/org-unit scoped exports - Fix duplicate matterId subBlock id (two definitions collided across operations) - Add matter lifecycle: update, close, reopen, delete, undelete - Add matter collaborator management: add/remove permissions - Add export delete - Add hold update, delete, add/remove held accounts - Add saved query create/list/delete - Bump tool versions to 1.0.0 to match repo convention - Fix docsLink to point at docs.sim.ai instead of the vendor site - All new endpoints are covered by the existing ediscovery + devstorage.read_only OAuth scopes (no new scopes requested) * fix(google-vault): pageToken should be user-or-llm visibility, not hidden Greptile review: hidden is reserved for framework-injected tokens; pageToken in list_saved_queries.ts should be user-or-llm so an agent/user can pass it, matching the pattern used elsewhere for tool-supplied pagination cursors. * fix(google-vault): fail loudly instead of silently clearing hold scope on update Cursor Bugbot: PUT holds/{id} replaces the full resource — a name/query-only update with no accountEmails/orgUnitId would silently drop the hold's custodian coverage. Now throws a clear error directing callers to resend the scope or use add_held_accounts/remove_held_accounts for incremental changes. * fix(google-vault): reject unscoped exports/saved-queries for non-MAIL corpus Independent audit (parallel doc-verification pass): create_matters_export and create_saved_query resolved Query.method to undefined when corpus wasn't MAIL and no accountEmails/orgUnitId was given, silently sending an invalid request (method is a required Query field) instead of a clear error. Now throws with an actionable message before the request is sent. * fix(google-vault): document full-replace semantics on hold update query filters Cursor Bugbot: update_matters_holds only sets query.mailQuery/groupsQuery/ driveQuery when terms/date/shared-drive fields are provided, but the PUT replaces the whole hold — omitting a previously-set filter clears it, not leaves it unchanged. Filters are legitimately optional (a hold may have none), so this can't be hard-required like scope; instead the tool and field descriptions now explicitly state the full-replace behavior and direct callers to resupply current values via Vault List Holds first. * fix(google-vault): isolate stale-value-prone subblocks per operation Cursor Bugbot: consolidating shared subblocks across operations left two cross-contamination risks since a stale value from one operation stays in block state until overwritten: - accountEmails/orgUnitId are checked emails-first with silent either/or priority; sharing them across update_matters_holds and create_saved_query meant a leftover value from a different operation could silently override the intended scope. Gave both operations dedicated fields (updateHoldAccountEmails/updateHoldOrgUnitId, savedQueryAccountEmails/ savedQueryOrgUnitId), remapped in tools.config.params. - matterId presence alone switches google_vault_list_matters between list-all and single-get. Sharing it with every other operation meant a leftover matterId could silently turn "List Matters" into a single-matter fetch. Gave list_matters its own optional listMatterId field. create_matters_holds/create_matters_export keep sharing accountEmails/ orgUnitId as before this PR (pre-existing behavior, not introduced here). * fix(google-vault): isolate list-optional-id fields from required-elsewhere counterparts Cursor Bugbot: exportId/holdId/savedQueryId were shared between their respective list operation (optional filter) and update/delete/held-account operations (required). A stale ID left over from a delete/update on the same block instance would silently narrow the corresponding list operation to a single-resource get instead of listing the collection. Gave each list operation its own dedicated optional field (listExportId, listHoldId, listSavedQueryId), remapped in tools.config.params — same pattern already used for listMatterId. * fix(google-vault): defensively order mutually-exclusive scope spreads Greptile: savedQueryAccountEmails/savedQueryOrgUnitId spread after their updateHold* counterparts, so if both were ever truthy at once the wrong one would silently win. In practice they're mutually exclusive (each only populated while its own single 'operation' value is selected, so at most one pair is ever truthy), but reordering costs nothing and removes any doubt about precedence. * docs: regenerate integration docs Reruns scripts/generate-docs.ts against the current block/tool/trigger registry. Picks up google_vault's new operations plus everything else that had landed on staging without a docs regen (bigquery, google_calendar, google_maps, onedrive, microsoft_teams, gitlab, github, discord, dropbox, and others), plus icon and integrations.json updates.
1 parent 0134a5b commit ed1492b

54 files changed

Lines changed: 5215 additions & 168 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

apps/docs/components/icons.tsx

Lines changed: 357 additions & 0 deletions
Large diffs are not rendered by default.

apps/docs/content/docs/en/integrations/athena.mdx

Lines changed: 120 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,45 @@ List recent Athena query execution IDs
166166
| `queryExecutionIds` | array | List of query execution IDs |
167167
| `nextToken` | string | Pagination token for next page |
168168

169+
### `athena_batch_get_query_execution`
170+
171+
Get the status and details of up to 50 Athena query executions in one call
172+
173+
#### Input
174+
175+
| Parameter | Type | Required | Description |
176+
| --------- | ---- | -------- | ----------- |
177+
| `awsRegion` | string | Yes | AWS region \(e.g., us-east-1\) |
178+
| `awsAccessKeyId` | string | Yes | AWS access key ID |
179+
| `awsSecretAccessKey` | string | Yes | AWS secret access key |
180+
| `queryExecutionIds` | string | Yes | Comma-separated query execution IDs to check \(up to 50\) |
181+
182+
#### Output
183+
184+
| Parameter | Type | Description |
185+
| --------- | ---- | ----------- |
186+
| `queryExecutions` | array | Details for each successfully retrieved query execution |
187+
|`queryExecutionId` | string | Query execution ID |
188+
|`query` | string | SQL query string |
189+
|`state` | string | Query state \(QUEUED, RUNNING, SUCCEEDED, FAILED, CANCELLED\) |
190+
|`stateChangeReason` | string | Reason for state change |
191+
|`statementType` | string | Statement type \(DDL, DML, UTILITY\) |
192+
|`database` | string | Database name |
193+
|`catalog` | string | Data catalog name |
194+
|`workGroup` | string | Workgroup name |
195+
|`submissionDateTime` | number | Query submission time \(Unix epoch ms\) |
196+
|`completionDateTime` | number | Query completion time \(Unix epoch ms\) |
197+
|`dataScannedInBytes` | number | Amount of data scanned in bytes |
198+
|`engineExecutionTimeInMillis` | number | Engine execution time in milliseconds |
199+
|`queryPlanningTimeInMillis` | number | Query planning time in milliseconds |
200+
|`queryQueueTimeInMillis` | number | Time the query spent in queue in milliseconds |
201+
|`totalExecutionTimeInMillis` | number | Total execution time in milliseconds |
202+
|`outputLocation` | string | S3 location of query results |
203+
| `unprocessedQueryExecutionIds` | array | Query execution IDs that could not be retrieved, with error details |
204+
|`queryExecutionId` | string | Query execution ID |
205+
|`errorCode` | string | Error code |
206+
|`errorMessage` | string | Error message |
207+
169208
### `athena_create_named_query`
170209

171210
Create a saved/named query in AWS Athena
@@ -235,4 +274,85 @@ List saved/named query IDs in AWS Athena
235274
| `namedQueryIds` | array | List of named query IDs |
236275
| `nextToken` | string | Pagination token for next page |
237276

277+
### `athena_delete_named_query`
278+
279+
Delete a saved/named query in AWS Athena
280+
281+
#### Input
282+
283+
| Parameter | Type | Required | Description |
284+
| --------- | ---- | -------- | ----------- |
285+
| `awsRegion` | string | Yes | AWS region \(e.g., us-east-1\) |
286+
| `awsAccessKeyId` | string | Yes | AWS access key ID |
287+
| `awsSecretAccessKey` | string | Yes | AWS secret access key |
288+
| `namedQueryId` | string | Yes | Named query ID to delete |
289+
290+
#### Output
291+
292+
| Parameter | Type | Description |
293+
| --------- | ---- | ----------- |
294+
| `success` | boolean | Whether the named query was successfully deleted |
295+
296+
### `athena_list_databases`
297+
298+
List the databases available in an Athena data catalog
299+
300+
#### Input
301+
302+
| Parameter | Type | Required | Description |
303+
| --------- | ---- | -------- | ----------- |
304+
| `awsRegion` | string | Yes | AWS region \(e.g., us-east-1\) |
305+
| `awsAccessKeyId` | string | Yes | AWS access key ID |
306+
| `awsSecretAccessKey` | string | Yes | AWS secret access key |
307+
| `catalogName` | string | Yes | Data catalog name to list databases from \(e.g., AwsDataCatalog\) |
308+
| `workGroup` | string | No | Workgroup for which the metadata is being fetched \(required for IAM Identity Center enabled catalogs\) |
309+
| `maxResults` | number | No | Maximum number of results \(1-50\) |
310+
| `nextToken` | string | No | Pagination token from a previous request |
311+
312+
#### Output
313+
314+
| Parameter | Type | Description |
315+
| --------- | ---- | ----------- |
316+
| `databases` | array | List of databases \(name, description\) |
317+
|`name` | string | Database name |
318+
|`description` | string | Database description |
319+
| `nextToken` | string | Pagination token for next page |
320+
321+
### `athena_list_table_metadata`
322+
323+
List tables and their column/partition metadata for an Athena database
324+
325+
#### Input
326+
327+
| Parameter | Type | Required | Description |
328+
| --------- | ---- | -------- | ----------- |
329+
| `awsRegion` | string | Yes | AWS region \(e.g., us-east-1\) |
330+
| `awsAccessKeyId` | string | Yes | AWS access key ID |
331+
| `awsSecretAccessKey` | string | Yes | AWS secret access key |
332+
| `catalogName` | string | Yes | Data catalog name \(e.g., AwsDataCatalog\) |
333+
| `databaseName` | string | Yes | Database name to list tables from |
334+
| `expression` | string | No | Regex filter that pattern-matches table names |
335+
| `workGroup` | string | No | Workgroup for which the metadata is being fetched \(required for IAM Identity Center enabled catalogs\) |
336+
| `maxResults` | number | No | Maximum number of results \(1-50\) |
337+
| `nextToken` | string | No | Pagination token from a previous request |
338+
339+
#### Output
340+
341+
| Parameter | Type | Description |
342+
| --------- | ---- | ----------- |
343+
| `tables` | array | Table metadata \(name, type, columns, partition keys\) |
344+
|`name` | string | Table name |
345+
|`tableType` | string | Table type |
346+
|`createTime` | number | Table creation time \(Unix epoch ms\) |
347+
|`lastAccessTime` | number | Table last access time \(Unix epoch ms\) |
348+
|`columns` | array | Column definitions |
349+
|`name` | string | Column name |
350+
|`type` | string | Column data type |
351+
|`comment` | string | Column comment |
352+
|`partitionKeys` | array | Partition key definitions |
353+
|`name` | string | Partition key name |
354+
|`type` | string | Partition key data type |
355+
|`comment` | string | Partition key comment |
356+
| `nextToken` | string | Pagination token for next page |
357+
238358

0 commit comments

Comments
 (0)