Cool tool! Got an issue for you:
The DN API's list_roles endpoint returns roles without expanding firewallRules — the field comes back as []. The actual rules are only returned by get_role /
get_role_by_id. This is consistent with common API patterns (list = shallow, get = deep).
The /network-architect audit skill (in .claude/skills/network-architect/SKILL.md) instructs the assistant to analyze rules from list_roles output. With shallow data,
every role appears to have zero rules — producing false "overly permissive" and "no rules defined" warnings on well-configured networks.
Repro:
- Account with at least one role that has firewall rules defined in the admin panel.
- Run /network-architect audit.
- Audit reports all roles as having firewallRules: [].
- Confirm with get_role <role_id> — rules are present.
Fix suggestions (in order of effort):
- (A) Update SKILL.md to iterate get_role for each role after list_roles.
- (B) Add a convenience MCP tool list_roles_with_rules that does the fan-out server-side.
- (C) File upstream with Defined Networking to expand rules in list responses (may be off the table for pagination/cost reasons).
Env:
- defined-mcp version (installed via uv tool install --editable . from latest main as of 2026-04-17)
- Claude Code latest
Cool tool! Got an issue for you:
The DN API's list_roles endpoint returns roles without expanding firewallRules — the field comes back as []. The actual rules are only returned by get_role /
get_role_by_id. This is consistent with common API patterns (list = shallow, get = deep).
The /network-architect audit skill (in .claude/skills/network-architect/SKILL.md) instructs the assistant to analyze rules from list_roles output. With shallow data,
every role appears to have zero rules — producing false "overly permissive" and "no rules defined" warnings on well-configured networks.
Repro:
Fix suggestions (in order of effort):
Env: