You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
[v1.89.0]
Added TOON output for scan, validate, and revoke, optimized for LLM/agent workflows; prefer --format toon when calling Kingfisher from an LLM.
Expanded built-in revocation support with new YAML revocation flows for Cloudflare, Confluent, Doppler, Mapbox, Particle.io, Twitch, and additional Vercel token formats.
Added revocation coverage documentation: new docs/REVOCATION_PROVIDERS.md matrix and README links highlighting supported revocation providers/rule IDs.
Access Map: added Microsoft Teams provider. Parses Incoming Webhook URLs (legacy and workflow-based) to extract tenant and webhook identity, probes for active status, and reports channel-level blast radius. Supports standalone access-map microsoftteams (alias msteams) and automatic mapping for validated kingfisher.msteams.* and kingfisher.microsoftteamswebhook.* findings.
Added Microsoft Teams scan target: kingfisher scan teams "QUERY" searches Teams messages via Microsoft Graph Search API and scans them for secrets, mirroring the Slack integration.
Requires KF_TEAMS_TOKEN environment variable (Microsoft Graph access token with ChannelMessage.Read.All or Chat.Read permissions).
Findings reference Teams message URLs in reports; see docs/USAGE.md and docs/INTEGRATIONS.md for authentication setup.