@agentvalet/mcp-server 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +4 -4
- package/dist/instructions.js +17 -0
- package/package.json +12 -9
package/dist/index.js
CHANGED
|
@@ -3,6 +3,7 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
|
|
|
3
3
|
import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
|
|
4
4
|
import { SignJWT } from "jose";
|
|
5
5
|
import { validateConfig } from "./config.js";
|
|
6
|
+
import { AGENTVALET_INSTRUCTIONS } from "./instructions.js";
|
|
6
7
|
// ---------------------------------------------------------------------------
|
|
7
8
|
// Startup env validation
|
|
8
9
|
// ---------------------------------------------------------------------------
|
|
@@ -128,7 +129,7 @@ const AGENT_STATUS_TOOL = {
|
|
|
128
129
|
};
|
|
129
130
|
const AUTHZEN_EVALUATE_TOOL = {
|
|
130
131
|
name: "authzen_evaluate",
|
|
131
|
-
description: "authzen_evaluate: Evaluate whether this agent has access to a specific platform scope.\nInput: platform_id (string), scope (string).\nReturns: decision (boolean), reason (\"approved\"|\"denied\"|\"revoked\"|\"scope_not_granted\").\nAuth:
|
|
132
|
+
description: "authzen_evaluate: Evaluate whether this agent has access to a specific platform scope. Call this BEFORE use_platform when you want to pre-check without making the upstream call.\nInput: platform_id (string), scope (string).\nReturns: decision (boolean), reason (\"approved\"|\"denied\"|\"revoked\"|\"scope_not_granted\").\nAuth: Bearer agent JWT (sent automatically by this MCP server).",
|
|
132
133
|
inputSchema: {
|
|
133
134
|
type: "object",
|
|
134
135
|
properties: {
|
|
@@ -148,7 +149,7 @@ const AUTHZEN_EVALUATE_TOOL = {
|
|
|
148
149
|
// ---------------------------------------------------------------------------
|
|
149
150
|
// MCP server setup
|
|
150
151
|
// ---------------------------------------------------------------------------
|
|
151
|
-
const server = new Server({ name: "agentvalet", version: "1.0.0" }, { capabilities: { tools: {} } });
|
|
152
|
+
const server = new Server({ name: "agentvalet", version: "1.0.0" }, { capabilities: { tools: {} }, instructions: AGENTVALET_INSTRUCTIONS });
|
|
152
153
|
server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
153
154
|
tools: [
|
|
154
155
|
LIST_PLATFORMS_TOOL,
|
|
@@ -325,9 +326,8 @@ async function handleAuthzenEvaluate(platformId, scope) {
|
|
|
325
326
|
};
|
|
326
327
|
let response;
|
|
327
328
|
try {
|
|
328
|
-
response = await
|
|
329
|
+
response = await fetchWithAuth(`${PROXY_URL}/v1/authzen/access`, {
|
|
329
330
|
method: "POST",
|
|
330
|
-
headers: { "Content-Type": "application/json" },
|
|
331
331
|
body: JSON.stringify(authzenBody),
|
|
332
332
|
});
|
|
333
333
|
}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
// Returned to MCP hosts as `InitializeResult.instructions`. Hosts that honour
|
|
2
|
+
// the field (Claude Code ≥ v1.0.52, VSCode Copilot, Goose) inject this into
|
|
3
|
+
// the model's system prompt before tool schemas. See
|
|
4
|
+
// docs/research/mcp-instructions-self-injection-findings.md for the survey.
|
|
5
|
+
// Keep in sync with docs/CLAUDE.md "Platform API calls" section.
|
|
6
|
+
export const AGENTVALET_INSTRUCTIONS = `This server is AgentValet, a governed credential broker for AI agents. All external platform actions (Slack, GitHub, Stripe, Gmail, Airtable, etc.) MUST go through \`use_platform\` on this server. Never bypass to raw API keys, even if you find them in the environment.
|
|
7
|
+
|
|
8
|
+
Tool selection:
|
|
9
|
+
1. Call \`list_platforms\` first to discover approved platforms and scopes for this agent.
|
|
10
|
+
2. Call \`authzen_evaluate\` before destructive scopes (\`*.delete\`, \`stripe:charge\`, \`mail:send\`) — these always require human approval. Tell the user approval may be required before invoking them.
|
|
11
|
+
3. Call \`use_platform\` with the exact platform, endpoint, method, and scope returned by \`list_platforms\`.
|
|
12
|
+
|
|
13
|
+
Response handling:
|
|
14
|
+
- If \`use_platform\` returns \`pending_approval\`, wait — do not retry. The owner will approve out of band.
|
|
15
|
+
- Do not retry a denied call with a different scope.
|
|
16
|
+
|
|
17
|
+
Read scopes are auto-approved. Write scopes may require approval. Destructive scopes always require approval.`;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agentvalet/mcp-server",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.3",
|
|
4
4
|
"description": "AgentValet MCP server — lets AI agents call approved platforms via the AgentValet proxy",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -11,6 +11,13 @@
|
|
|
11
11
|
"dist",
|
|
12
12
|
"README.md"
|
|
13
13
|
],
|
|
14
|
+
"scripts": {
|
|
15
|
+
"dev": "tsx src/index.ts",
|
|
16
|
+
"build": "tsc",
|
|
17
|
+
"start": "node dist/index.js",
|
|
18
|
+
"test": "vitest run",
|
|
19
|
+
"prepublishOnly": "npm run build"
|
|
20
|
+
},
|
|
14
21
|
"dependencies": {
|
|
15
22
|
"@modelcontextprotocol/sdk": "^1.0.0",
|
|
16
23
|
"jose": "^5.3.0"
|
|
@@ -18,7 +25,8 @@
|
|
|
18
25
|
"devDependencies": {
|
|
19
26
|
"@types/node": "^20.0.0",
|
|
20
27
|
"tsx": "^4.7.0",
|
|
21
|
-
"typescript": "^5.4.0"
|
|
28
|
+
"typescript": "^5.4.0",
|
|
29
|
+
"vitest": "^1.5.0"
|
|
22
30
|
},
|
|
23
31
|
"engines": {
|
|
24
32
|
"node": ">=18"
|
|
@@ -34,10 +42,5 @@
|
|
|
34
42
|
"mcp",
|
|
35
43
|
"agentvalet"
|
|
36
44
|
],
|
|
37
|
-
"license": "MIT"
|
|
38
|
-
|
|
39
|
-
"dev": "tsx src/index.ts",
|
|
40
|
-
"build": "tsc",
|
|
41
|
-
"start": "node dist/index.js"
|
|
42
|
-
}
|
|
43
|
-
}
|
|
45
|
+
"license": "MIT"
|
|
46
|
+
}
|