Critical-risk tools in Keploy
9 of the 103 tools in Keploy are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
bulkDeleteTestSuitesDestructivePOST /apps/{appId}/test-suites/bulk-delete — Bulk-delete test suites — Requires scope: `write`.
-
delete_mockDestructiveDrop one mock from a test set. Idempotent — returns 200 even if the mock is already gone, so retries on a network blip are safe. Accepts UUID or Name as `mock_id`. `branch_id` ...
-
delete_recordingDestructiveWholesale-delete a recording (test set + its cases + mocks + mapping). `branch_id` is REQUIRED — the delete lays a tombstone overlay on the branch (mergeable). Direct deletes fr...
-
delete_test_suiteDestructiveDelete a test suite on a Keploy branch — synchronous, no playbook to walk. USE THIS when: * The dev's update_test_suite call was rejected with "preserves no steps from the ex...
-
deleteAppDestructiveDELETE /apps/{appId} — Delete an app — Requires scope: `admin`.
-
deleteMockDestructiveDELETE /apps/{appId}/recordings/{testSetId}/mocks/{mockId} — Drop one mock — Idempotent — returns 200 even if the mock is already gone. Path `{mockId}` accepts both the UUID `_i...
-
deleteTestSuiteDestructiveDELETE /apps/{appId}/test-suites/{suiteId} — Delete a test suite — Requires scope: `write`.
-
devloop_mutation_demoDestructiveProve the just-generated API test actually catches bugs by applying 3 real source-level mutations to the handler, running the test against each, and reverting. The doc-stated "m...
-
revokeAPIKeyDestructiveDELETE /api-keys/{keyId} — Revoke an API key — Requires scope: `admin`.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.