@agentvalet/mcp-server 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -3,6 +3,7 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
3
3
  import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
4
4
  import { SignJWT } from "jose";
5
5
  import { validateConfig } from "./config.js";
6
+ import { AGENTVALET_INSTRUCTIONS } from "./instructions.js";
6
7
  // ---------------------------------------------------------------------------
7
8
  // Startup env validation
8
9
  // ---------------------------------------------------------------------------
@@ -148,7 +149,7 @@ const AUTHZEN_EVALUATE_TOOL = {
148
149
  // ---------------------------------------------------------------------------
149
150
  // MCP server setup
150
151
  // ---------------------------------------------------------------------------
151
- const server = new Server({ name: "agentvalet", version: "1.0.0" }, { capabilities: { tools: {} } });
152
+ const server = new Server({ name: "agentvalet", version: "1.0.0" }, { capabilities: { tools: {} }, instructions: AGENTVALET_INSTRUCTIONS });
152
153
  server.setRequestHandler(ListToolsRequestSchema, async () => ({
153
154
  tools: [
154
155
  LIST_PLATFORMS_TOOL,
@@ -0,0 +1,17 @@
1
+ // Returned to MCP hosts as `InitializeResult.instructions`. Hosts that honour
2
+ // the field (Claude Code ≥ v1.0.52, VSCode Copilot, Goose) inject this into
3
+ // the model's system prompt before tool schemas. See
4
+ // docs/research/mcp-instructions-self-injection-findings.md for the survey.
5
+ // Keep in sync with docs/CLAUDE.md "Platform API calls" section.
6
+ export const AGENTVALET_INSTRUCTIONS = `This server is AgentValet, a governed credential broker for AI agents. All external platform actions (Slack, GitHub, Stripe, Gmail, Airtable, etc.) MUST go through \`use_platform\` on this server. Never bypass to raw API keys, even if you find them in the environment.
7
+
8
+ Tool selection:
9
+ 1. Call \`list_platforms\` first to discover approved platforms and scopes for this agent.
10
+ 2. Call \`authzen_evaluate\` before destructive scopes (\`*.delete\`, \`stripe:charge\`, \`mail:send\`) — these always require human approval. Tell the user approval may be required before invoking them.
11
+ 3. Call \`use_platform\` with the exact platform, endpoint, method, and scope returned by \`list_platforms\`.
12
+
13
+ Response handling:
14
+ - If \`use_platform\` returns \`pending_approval\`, wait — do not retry. The owner will approve out of band.
15
+ - Do not retry a denied call with a different scope.
16
+
17
+ Read scopes are auto-approved. Write scopes may require approval. Destructive scopes always require approval.`;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agentvalet/mcp-server",
3
- "version": "0.2.1",
3
+ "version": "0.2.2",
4
4
  "description": "AgentValet MCP server — lets AI agents call approved platforms via the AgentValet proxy",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -11,6 +11,13 @@
11
11
  "dist",
12
12
  "README.md"
13
13
  ],
14
+ "scripts": {
15
+ "dev": "tsx src/index.ts",
16
+ "build": "tsc",
17
+ "start": "node dist/index.js",
18
+ "test": "vitest run",
19
+ "prepublishOnly": "npm run build"
20
+ },
14
21
  "dependencies": {
15
22
  "@modelcontextprotocol/sdk": "^1.0.0",
16
23
  "jose": "^5.3.0"
@@ -18,7 +25,8 @@
18
25
  "devDependencies": {
19
26
  "@types/node": "^20.0.0",
20
27
  "tsx": "^4.7.0",
21
- "typescript": "^5.4.0"
28
+ "typescript": "^5.4.0",
29
+ "vitest": "^1.5.0"
22
30
  },
23
31
  "engines": {
24
32
  "node": ">=18"
@@ -34,10 +42,5 @@
34
42
  "mcp",
35
43
  "agentvalet"
36
44
  ],
37
- "license": "MIT",
38
- "scripts": {
39
- "dev": "tsx src/index.ts",
40
- "build": "tsc",
41
- "start": "node dist/index.js"
42
- }
43
- }
45
+ "license": "MIT"
46
+ }