Merge pull request #10 from Hacker0x01/upgrade-to-v0.7.3

philipkocanda · web-flow · commit 6fc871d8077a · 2025-08-28T10:36:07.000+02:00
Upgrade apollo-mcp-server to v0.7.3
diff --git a/Dockerfile b/Dockerfile
@@ -7,10 +7,11 @@ RUN apt-get update && apt-get install -y curl && \
 # Set working directory
 WORKDIR /app
 
-RUN curl -sSL https://mcp.apollo.dev/download/nix/v0.3.0 | sh
+RUN curl -sSL https://mcp.apollo.dev/download/nix/v0.7.3 | sh
 
 # Copy the graphql directory containing schema and operations
 COPY ./graphql /app/graphql
+COPY ./config.yaml /config.yaml
 
 # Copy the entrypoint script
 COPY ./entrypoint /app/entrypoint
diff --git a/README.md b/README.md
@@ -13,7 +13,7 @@ A Docker image that provides access to HackerOne's GraphQL API through the Model
    docker run -i --rm \
      -e ENDPOINT="https://hackerone.com/graphql" \
      -e TOKEN="<your_base64_encoded_token>" \
-     -e ALLOW_MUTATIONS="none" \
+     -e MUTATION_MODE="none" \
      hackertwo/hackerone-graphql-mcp-server:1.0.5
    ```
 
@@ -26,12 +26,13 @@ A Docker image that provides access to HackerOne's GraphQL API through the Model
 
 ## Environment Variables
 
-- `ENDPOINT`: GraphQL endpoint URL (default: https://hackerone.com/graphql)
-- `TOKEN`: Base64 encoded API token in format: `base64(username:api_key)`
-- `ALLOW_MUTATIONS`: Controls which mutations are allowed (default: none)
-  - `none`: No mutations allowed
-  - `explicit`: Only explicitly defined mutations allowed
-  - `all`: All mutations allowed
+| Variable                     | Description                                                                                                                                                             | Default                         |
+| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
+| `ENDPOINT`                   | GraphQL endpoint URL                                                                                                                                                    | `https://hackerone.com/graphql` |
+| `TOKEN`                      | Base64 encoded API token in format: `base64(username:api_key)`                                                                                                          | -                               |
+| `MUTATION_MODE`              | Controls which mutations are allowed:<br/>• `none`: No mutations allowed<br/>• `explicit`: Only explicitly defined mutations allowed<br/>• `all`: All mutations allowed | `none`                          |
+| `DISABLE_TYPE_DESCRIPTION`   | If set to `true`, tools will have no type descriptions (e.g. "The returned value has type ...")                                                                         | `false`                         |
+| `DISABLE_SCHEMA_DESCRIPTION` | If set to `true`, tools will have no schema description                                                                                                                 | `false`                         |
 
 ## Generating an API Token
 
@@ -65,7 +66,7 @@ A Docker image that provides access to HackerOne's GraphQL API through the Model
         "-e",
         "TOKEN=<your_base64_encoded_token>",
         "-e",
-        "ALLOW_MUTATIONS=none",
+        "MUTATION_MODE=none",
         "hackertwo/hackerone-graphql-mcp-server:1.0.5"
     ]
 }
@@ -88,7 +89,7 @@ A Docker image that provides access to HackerOne's GraphQL API through the Model
         "-e",
         "TOKEN=<your_base64_encoded_token>",
         "-e",
-        "ALLOW_MUTATIONS=none",
+        "MUTATION_MODE=none",
         "hackertwo/hackerone-graphql-mcp-server:1.0.5"
       ]
     }
diff --git a/config.yaml b/config.yaml
@@ -0,0 +1,20 @@
+# https://www.apollographql.com/docs/apollo-mcp-server/command-reference
+endpoint: __ENDPOINT__
+headers:
+  Authorization: "Bearer __TOKEN__"
+operations:
+  source: local
+  paths:
+    - /app/graphql/operations
+schema:
+  source: local
+  path: /app/graphql/schema.graphql
+logging:
+  level: error
+overrides:
+  disable_type_description: __DISABLE_TYPE_DESCRIPTION__
+  disable_schema_description: __DISABLE_SCHEMA_DESCRIPTION__
+  enable_explorer: false
+  mutation_mode: __MUTATION_MODE__
+transport:
+  type: stdio
diff --git a/entrypoint b/entrypoint
@@ -2,26 +2,36 @@
 
 # NOTE: Log level must be as high as possible to avoid breaking the stdio MCP protocol.
 
-# Set default value for ALLOW_MUTATIONS if not provided
-ALLOW_MUTATIONS="${ALLOW_MUTATIONS:-none}"
+ENDPOINT="${ENDPOINT:-https://hackerone.com/graphql}"
+MUTATION_MODE="${ALLOW_MUTATIONS:-${MUTATION_MODE:-none}}" # backwards compatible with ALLOW_MUTATIONS
+DISABLE_TYPE_DESCRIPTION="${DISABLE_TYPE_DESCRIPTION:-false}"
+DISABLE_SCHEMA_DESCRIPTION="${DISABLE_SCHEMA_DESCRIPTION:-false}"
 
-# Validate ALLOW_MUTATIONS value
-case "$ALLOW_MUTATIONS" in
+# Validate that TOKEN is provided
+if [ -z "$TOKEN" ]; then
+    echo "Error: TOKEN environment variable is required" >&2
+    exit 1
+fi
+
+# Validate MUTATION_MODE value
+case "$MUTATION_MODE" in
   "none"|"explicit"|"all")
     # Valid value, continue
     ;;
   *)
-    echo "Error: ALLOW_MUTATIONS must be one of: none, explicit, all. Got: $ALLOW_MUTATIONS" >&2
+    echo "Error: MUTATION_MODE must be one of: none, explicit, all. Got: $MUTATION_MODE" >&2
     exit 1
     ;;
 esac
 
-# https://www.apollographql.com/docs/apollo-mcp-server/command-reference
-/app/apollo-mcp-server --directory "/app/graphql" \
-  --schema "schema.graphql" \
-  --operations operations/ \
-  --log error \
-  --endpoint "${ENDPOINT}" \
-  --header "Authorization: Bearer ${TOKEN}" \
-  --allow-mutations "$ALLOW_MUTATIONS" \
-  "$@"
+# Create a temporary config file with the dynamic endpoint and authorization header
+CONFIG_FILE="/tmp/config.yaml"
+sed -e "s|__ENDPOINT__|${ENDPOINT}|g" \
+    -e "s|__TOKEN__|${TOKEN}|g" \
+    -e "s|__MUTATION_MODE__|${MUTATION_MODE}|g" \
+    -e "s|__DISABLE_TYPE_DESCRIPTION__|${DISABLE_TYPE_DESCRIPTION}|g" \
+    -e "s|__DISABLE_SCHEMA_DESCRIPTION__|${DISABLE_SCHEMA_DESCRIPTION}|g" \
+    /config.yaml > "$CONFIG_FILE"
+
+# Launch the apollo-mcp-server with the dynamically generated config
+/app/apollo-mcp-server "$CONFIG_FILE"
diff --git a/graphql/operations/GetHackerOneCurrentUser.graphql b/graphql/operations/GetHackerOneCurrentUser.graphql
@@ -1,7 +1,4 @@
-query GetHackerOneCurrentUser($extra: Boolean = true) {
-  # This extra field is a hack to force inputs, a workaround for https://github.com/apollographql/apollo-mcp-server/issues/136
-  _unused: __typename @skip(if: $extra)
-
+query GetHackerOneCurrentUser {
   me {
     id
     databaseId: _id
diff --git a/graphql/schema.graphql b/graphql/schema.graphql
@@ -21543,12 +21543,6 @@ enum HaiTaskAgentEnum {
   A Flowise-powered agent specialized for content summarization, analysis, and information extraction
   """
   FLOWISE_SAMPLE
-
-  """
-  A Bedrock agent specialized for calculations, system operations, and data
-  processing with human oversight for sensitive operations
-  """
-  INSIGHT_AGENT
 }
 
 type HaiTaskArtifact implements Node {
@@ -22198,7 +22192,8 @@ An intake recommendation on a report
 type IntakeRecommendation implements Node {
   confidence: Int
   id: ID!
-  message: String
+  message_for_customer: String
+  message_for_reporter: String
   recommended_action: String
   steps: Hash
 }
@@ -31635,6 +31630,7 @@ type PentestChecklistEdge {
 }
 
 type PentestChecklistTemplate implements Node {
+  aasm_state: String!
   archived_at: DateTime
   description: String
   global: Boolean!
