@agentvalet/mcp-server 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -129,7 +129,7 @@ const AGENT_STATUS_TOOL = {
129
129
  };
130
130
  const AUTHZEN_EVALUATE_TOOL = {
131
131
  name: "authzen_evaluate",
132
- description: "authzen_evaluate: Evaluate whether this agent has access to a specific platform scope.\nInput: platform_id (string), scope (string).\nReturns: decision (boolean), reason (\"approved\"|\"denied\"|\"revoked\"|\"scope_not_granted\").\nAuth: None.",
132
+ description: "authzen_evaluate: Evaluate whether this agent has access to a specific platform scope. Call this BEFORE use_platform when you want to pre-check without making the upstream call.\nInput: platform_id (string), scope (string).\nReturns: decision (boolean), reason (\"approved\"|\"denied\"|\"revoked\"|\"scope_not_granted\").\nAuth: Bearer agent JWT (sent automatically by this MCP server).",
133
133
  inputSchema: {
134
134
  type: "object",
135
135
  properties: {
@@ -145,6 +145,45 @@ const AUTHZEN_EVALUATE_TOOL = {
145
145
  required: ["platform_id", "scope"],
146
146
  },
147
147
  };
148
+ const REPORT_SELF_DIAGNOSTIC_TOOL = {
149
+ name: "report_self_diagnostic",
150
+ description: "report_self_diagnostic: Lodge a self-report (error/warning/info) with the AgentValet owner. Use after a use_platform error returns a report_hint, OR proactively when you encounter a problem the user should know about.\nInput: severity (debug|info|warn|error|critical), message (string, required, max 4096 bytes), code (string, optional, max 128 chars), platform (string, optional), endpoint (string, optional), correlation_id (uuid string, optional — copy from the failing call's report_hint to stitch this report to the broker-side audit row), context (object, optional, JSON-serialised must be < 16 KiB).\nReturns: { id, received_at } on success.\nAuth: Bearer agent JWT (sent automatically).",
151
+ inputSchema: {
152
+ type: "object",
153
+ properties: {
154
+ severity: {
155
+ type: "string",
156
+ enum: ["debug", "info", "warn", "error", "critical"],
157
+ description: "Severity level. error/critical trigger an owner notification.",
158
+ },
159
+ message: {
160
+ type: "string",
161
+ description: "One-sentence agent narrative describing what happened.",
162
+ },
163
+ code: {
164
+ type: "string",
165
+ description: "Optional short machine code (e.g. 'permission_denied').",
166
+ },
167
+ platform: {
168
+ type: "string",
169
+ description: "Optional platform id this report relates to.",
170
+ },
171
+ endpoint: {
172
+ type: "string",
173
+ description: "Optional endpoint that failed.",
174
+ },
175
+ correlation_id: {
176
+ type: "string",
177
+ description: "Optional UUID — copy from a use_platform error's report_hint to stitch this report to the audit row.",
178
+ },
179
+ context: {
180
+ type: "object",
181
+ description: "Optional structured context (request params, error details). Avoid secrets.",
182
+ },
183
+ },
184
+ required: ["severity", "message"],
185
+ },
186
+ };
148
187
  // TODO: intent_resolve tool — planned for future release
149
188
  // ---------------------------------------------------------------------------
150
189
  // MCP server setup
@@ -157,6 +196,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
157
196
  AGENT_REGISTER_TOOL,
158
197
  AGENT_STATUS_TOOL,
159
198
  AUTHZEN_EVALUATE_TOOL,
199
+ REPORT_SELF_DIAGNOSTIC_TOOL,
160
200
  ],
161
201
  }));
162
202
  server.setRequestHandler(CallToolRequestSchema, async (request) => {
@@ -207,6 +247,12 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
207
247
  }
208
248
  return await handleAuthzenEvaluate(args.platform_id, args.scope);
209
249
  }
250
+ if (name === "report_self_diagnostic") {
251
+ if (!args || typeof args.severity !== "string" || typeof args.message !== "string") {
252
+ return errorContent("Invalid or missing arguments: severity and message are required");
253
+ }
254
+ return await handleReportSelfDiagnostic(args);
255
+ }
210
256
  return {
211
257
  content: [{ type: "text", text: `Unknown tool: ${name}` }],
212
258
  isError: true,
@@ -326,9 +372,8 @@ async function handleAuthzenEvaluate(platformId, scope) {
326
372
  };
327
373
  let response;
328
374
  try {
329
- response = await fetchWithTimeout(`${PROXY_URL}/v1/authzen/access`, {
375
+ response = await fetchWithAuth(`${PROXY_URL}/v1/authzen/access`, {
330
376
  method: "POST",
331
- headers: { "Content-Type": "application/json" },
332
377
  body: JSON.stringify(authzenBody),
333
378
  });
334
379
  }
@@ -340,6 +385,35 @@ async function handleAuthzenEvaluate(platformId, scope) {
340
385
  return errorContent(`Proxy error ${response.status}: ${body}`);
341
386
  return { content: [{ type: "text", text: body }] };
342
387
  }
388
+ async function handleReportSelfDiagnostic(args) {
389
+ if (AGENT_PRIVATE_KEY_RAW === null) {
390
+ await notifyBindSecret();
391
+ return pendingFirstCallResponse();
392
+ }
393
+ // Whitelist body fields — never forward owner_id/agent_id (proxy derives those from JWT).
394
+ const body = {
395
+ severity: args.severity,
396
+ message: args.message,
397
+ };
398
+ for (const k of ["code", "platform", "endpoint", "correlation_id", "context"]) {
399
+ if (args[k] !== undefined)
400
+ body[k] = args[k];
401
+ }
402
+ let response;
403
+ try {
404
+ response = await fetchWithAuth(`${PROXY_URL}/v1/agents/self/diagnostics`, {
405
+ method: "POST",
406
+ body: JSON.stringify(body),
407
+ });
408
+ }
409
+ catch (err) {
410
+ return errorContent(`Network error: ${err instanceof Error ? err.message : err}`);
411
+ }
412
+ const text = await response.text();
413
+ if (!response.ok)
414
+ return errorContent(`Proxy error ${response.status}: ${text}`);
415
+ return { content: [{ type: "text", text }] };
416
+ }
343
417
  // ---------------------------------------------------------------------------
344
418
  // Connect transport
345
419
  // ---------------------------------------------------------------------------
@@ -13,5 +13,6 @@ Tool selection:
13
13
  Response handling:
14
14
  - If \`use_platform\` returns \`pending_approval\`, wait — do not retry. The owner will approve out of band.
15
15
  - Do not retry a denied call with a different scope.
16
+ - If a \`use_platform\` error response includes a \`report_hint\` block, you may briefly ask the user "Want me to lodge this with your AgentValet owner?" — on yes, call \`report_self_diagnostic\` with a one-sentence narrative plus the \`correlation_id\` from the hint so the owner can investigate.
16
17
 
17
18
  Read scopes are auto-approved. Write scopes may require approval. Destructive scopes always require approval.`;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agentvalet/mcp-server",
3
- "version": "0.2.2",
3
+ "version": "0.2.4",
4
4
  "description": "AgentValet MCP server — lets AI agents call approved platforms via the AgentValet proxy",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",