@agentvalet/mcp-server 0.2.2 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +77 -3
- package/dist/instructions.js +1 -0
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -129,7 +129,7 @@ const AGENT_STATUS_TOOL = {
|
|
|
129
129
|
};
|
|
130
130
|
const AUTHZEN_EVALUATE_TOOL = {
|
|
131
131
|
name: "authzen_evaluate",
|
|
132
|
-
description: "authzen_evaluate: Evaluate whether this agent has access to a specific platform scope.\nInput: platform_id (string), scope (string).\nReturns: decision (boolean), reason (\"approved\"|\"denied\"|\"revoked\"|\"scope_not_granted\").\nAuth:
|
|
132
|
+
description: "authzen_evaluate: Evaluate whether this agent has access to a specific platform scope. Call this BEFORE use_platform when you want to pre-check without making the upstream call.\nInput: platform_id (string), scope (string).\nReturns: decision (boolean), reason (\"approved\"|\"denied\"|\"revoked\"|\"scope_not_granted\").\nAuth: Bearer agent JWT (sent automatically by this MCP server).",
|
|
133
133
|
inputSchema: {
|
|
134
134
|
type: "object",
|
|
135
135
|
properties: {
|
|
@@ -145,6 +145,45 @@ const AUTHZEN_EVALUATE_TOOL = {
|
|
|
145
145
|
required: ["platform_id", "scope"],
|
|
146
146
|
},
|
|
147
147
|
};
|
|
148
|
+
const REPORT_SELF_DIAGNOSTIC_TOOL = {
|
|
149
|
+
name: "report_self_diagnostic",
|
|
150
|
+
description: "report_self_diagnostic: Lodge a self-report (error/warning/info) with the AgentValet owner. Use after a use_platform error returns a report_hint, OR proactively when you encounter a problem the user should know about.\nInput: severity (debug|info|warn|error|critical), message (string, required, max 4096 bytes), code (string, optional, max 128 chars), platform (string, optional), endpoint (string, optional), correlation_id (uuid string, optional — copy from the failing call's report_hint to stitch this report to the broker-side audit row), context (object, optional, JSON-serialised must be < 16 KiB).\nReturns: { id, received_at } on success.\nAuth: Bearer agent JWT (sent automatically).",
|
|
151
|
+
inputSchema: {
|
|
152
|
+
type: "object",
|
|
153
|
+
properties: {
|
|
154
|
+
severity: {
|
|
155
|
+
type: "string",
|
|
156
|
+
enum: ["debug", "info", "warn", "error", "critical"],
|
|
157
|
+
description: "Severity level. error/critical trigger an owner notification.",
|
|
158
|
+
},
|
|
159
|
+
message: {
|
|
160
|
+
type: "string",
|
|
161
|
+
description: "One-sentence agent narrative describing what happened.",
|
|
162
|
+
},
|
|
163
|
+
code: {
|
|
164
|
+
type: "string",
|
|
165
|
+
description: "Optional short machine code (e.g. 'permission_denied').",
|
|
166
|
+
},
|
|
167
|
+
platform: {
|
|
168
|
+
type: "string",
|
|
169
|
+
description: "Optional platform id this report relates to.",
|
|
170
|
+
},
|
|
171
|
+
endpoint: {
|
|
172
|
+
type: "string",
|
|
173
|
+
description: "Optional endpoint that failed.",
|
|
174
|
+
},
|
|
175
|
+
correlation_id: {
|
|
176
|
+
type: "string",
|
|
177
|
+
description: "Optional UUID — copy from a use_platform error's report_hint to stitch this report to the audit row.",
|
|
178
|
+
},
|
|
179
|
+
context: {
|
|
180
|
+
type: "object",
|
|
181
|
+
description: "Optional structured context (request params, error details). Avoid secrets.",
|
|
182
|
+
},
|
|
183
|
+
},
|
|
184
|
+
required: ["severity", "message"],
|
|
185
|
+
},
|
|
186
|
+
};
|
|
148
187
|
// TODO: intent_resolve tool — planned for future release
|
|
149
188
|
// ---------------------------------------------------------------------------
|
|
150
189
|
// MCP server setup
|
|
@@ -157,6 +196,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
|
157
196
|
AGENT_REGISTER_TOOL,
|
|
158
197
|
AGENT_STATUS_TOOL,
|
|
159
198
|
AUTHZEN_EVALUATE_TOOL,
|
|
199
|
+
REPORT_SELF_DIAGNOSTIC_TOOL,
|
|
160
200
|
],
|
|
161
201
|
}));
|
|
162
202
|
server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
@@ -207,6 +247,12 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
207
247
|
}
|
|
208
248
|
return await handleAuthzenEvaluate(args.platform_id, args.scope);
|
|
209
249
|
}
|
|
250
|
+
if (name === "report_self_diagnostic") {
|
|
251
|
+
if (!args || typeof args.severity !== "string" || typeof args.message !== "string") {
|
|
252
|
+
return errorContent("Invalid or missing arguments: severity and message are required");
|
|
253
|
+
}
|
|
254
|
+
return await handleReportSelfDiagnostic(args);
|
|
255
|
+
}
|
|
210
256
|
return {
|
|
211
257
|
content: [{ type: "text", text: `Unknown tool: ${name}` }],
|
|
212
258
|
isError: true,
|
|
@@ -326,9 +372,8 @@ async function handleAuthzenEvaluate(platformId, scope) {
|
|
|
326
372
|
};
|
|
327
373
|
let response;
|
|
328
374
|
try {
|
|
329
|
-
response = await
|
|
375
|
+
response = await fetchWithAuth(`${PROXY_URL}/v1/authzen/access`, {
|
|
330
376
|
method: "POST",
|
|
331
|
-
headers: { "Content-Type": "application/json" },
|
|
332
377
|
body: JSON.stringify(authzenBody),
|
|
333
378
|
});
|
|
334
379
|
}
|
|
@@ -340,6 +385,35 @@ async function handleAuthzenEvaluate(platformId, scope) {
|
|
|
340
385
|
return errorContent(`Proxy error ${response.status}: ${body}`);
|
|
341
386
|
return { content: [{ type: "text", text: body }] };
|
|
342
387
|
}
|
|
388
|
+
async function handleReportSelfDiagnostic(args) {
|
|
389
|
+
if (AGENT_PRIVATE_KEY_RAW === null) {
|
|
390
|
+
await notifyBindSecret();
|
|
391
|
+
return pendingFirstCallResponse();
|
|
392
|
+
}
|
|
393
|
+
// Whitelist body fields — never forward owner_id/agent_id (proxy derives those from JWT).
|
|
394
|
+
const body = {
|
|
395
|
+
severity: args.severity,
|
|
396
|
+
message: args.message,
|
|
397
|
+
};
|
|
398
|
+
for (const k of ["code", "platform", "endpoint", "correlation_id", "context"]) {
|
|
399
|
+
if (args[k] !== undefined)
|
|
400
|
+
body[k] = args[k];
|
|
401
|
+
}
|
|
402
|
+
let response;
|
|
403
|
+
try {
|
|
404
|
+
response = await fetchWithAuth(`${PROXY_URL}/v1/agents/self/diagnostics`, {
|
|
405
|
+
method: "POST",
|
|
406
|
+
body: JSON.stringify(body),
|
|
407
|
+
});
|
|
408
|
+
}
|
|
409
|
+
catch (err) {
|
|
410
|
+
return errorContent(`Network error: ${err instanceof Error ? err.message : err}`);
|
|
411
|
+
}
|
|
412
|
+
const text = await response.text();
|
|
413
|
+
if (!response.ok)
|
|
414
|
+
return errorContent(`Proxy error ${response.status}: ${text}`);
|
|
415
|
+
return { content: [{ type: "text", text }] };
|
|
416
|
+
}
|
|
343
417
|
// ---------------------------------------------------------------------------
|
|
344
418
|
// Connect transport
|
|
345
419
|
// ---------------------------------------------------------------------------
|
package/dist/instructions.js
CHANGED
|
@@ -13,5 +13,6 @@ Tool selection:
|
|
|
13
13
|
Response handling:
|
|
14
14
|
- If \`use_platform\` returns \`pending_approval\`, wait — do not retry. The owner will approve out of band.
|
|
15
15
|
- Do not retry a denied call with a different scope.
|
|
16
|
+
- If a \`use_platform\` error response includes a \`report_hint\` block, you may briefly ask the user "Want me to lodge this with your AgentValet owner?" — on yes, call \`report_self_diagnostic\` with a one-sentence narrative plus the \`correlation_id\` from the hint so the owner can investigate.
|
|
16
17
|
|
|
17
18
|
Read scopes are auto-approved. Write scopes may require approval. Destructive scopes always require approval.`;
|