From 8f06ad171ef51f4f3884c65e40814da0ebf7ee78 Mon Sep 17 00:00:00 2001 From: Rob Pocklington Date: Mon, 15 Sep 2025 11:17:38 +1000 Subject: [PATCH 1/2] fix: add missing accounting scope accounting.budgets.read --- xero_accounting.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/xero_accounting.yaml b/xero_accounting.yaml index 856bc2b24..392801432 100644 --- a/xero_accounting.yaml +++ b/xero_accounting.yaml @@ -19740,6 +19740,7 @@ components: profile: your profile information accounting.attachments: Grant read-write access to attachments accounting.attachments.read: Grant read-only access to attachments + accounting.budgets.read: Grant read-only access to read budgets accounting.contacts: Grant read-write access to contacts and contact groups accounting.contacts.read: Grant read-only access to contacts and contact groups accounting.journals.read: Grant read-only access to journals From 786c7ad531553539e33ffeed3e52d761486206dd Mon Sep 17 00:00:00 2001 From: Rob Pocklington Date: Mon, 15 Sep 2025 11:18:03 +1000 Subject: [PATCH 2/2] chore: enable missing scopes lint rule as error --- .spectral.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.spectral.yaml b/.spectral.yaml index 0d0b376fd..7203e7d96 100644 --- a/.spectral.yaml +++ b/.spectral.yaml @@ -159,3 +159,4 @@ rules: owasp:api4:2023-string-restricted: off # Disable string restricted rule to address warnings path-params: off # Disable path parameter validation to address mapping key issues owasp:api8:2023-define-cors-origin: off # Disable CORS origin header requirement + oas3-operation-security-defined: error # Ensure all scopes are listed in schema