@backstage/plugin-mcp-actions-backend 0.0.0-nightly-20250620024248

package/CHANGELOG.md

@@ -0,0 +1,23 @@
+# @backstage/plugin-mcp-actions-backend
+
+## 0.0.0-nightly-20250620024248
+
+### Patch Changes
+
+- 6bc0799: Fixed the example in the README for generating a static token by adding a subject field
+
+## 0.1.0
+
+### Minor Changes
+
+- 4ed0fb6: Initial implementation of an `mcp-actions` backend
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/catalog-client@1.10.1
+  - @backstage/backend-defaults@0.11.0
+  - @backstage/plugin-catalog-node@1.17.1
+  - @backstage/backend-plugin-api@1.4.0
+  - @backstage/errors@1.2.7
+  - @backstage/types@1.2.1

package/README.md

@@ -0,0 +1,135 @@
+# MCP Actions Backend
+
+This plugin exposes Backstage actions as MCP (Model Context Protocol) tools, allowing AI clients to discover and invoke registered actions in your Backstage backend.
+
+## Installation
+
+This plugin is installed via the `@backstage/plugin-mcp-actions-backend` package. To install it to your backend package, run the following command:
+
+```bash
+# From your root directory
+yarn --cwd packages/backend add @backstage/plugin-mcp-actions-backend
+```
+
+Then add the plugin to your backend in `packages/backend/src/index.ts`:
+
+```ts
+const backend = createBackend();
+// ...
+backend.add(import('@backstage/plugin-mcp-actions-backend'));
+```
+
+## Configuration
+
+### Configuring Actions Registry
+
+The MCP Actions Backend exposes actions that are registered with the Actions Registry. You can register actions from specific plugins by configuring the `pluginSources` in your app configuration:
+
+```yaml
+backend:
+  actions:
+    pluginSources:
+      - 'catalog'
+      - 'my-custom-plugin'
+```
+
+Actions from these plugins will be discovered and exposed as MCP tools. Each action must be registered using the Actions Registry Service in the respective plugin:
+
+```ts
+// In your plugin
+import { actionsRegistryServiceRef } from '@backstage/backend-plugin-api/alpha';
+
+export const myPlugin = createBackendPlugin({
+  pluginId: 'my-custom-plugin',
+  register(env) {
+    env.registerInit({
+      deps: {
+        actionsRegistry: actionsRegistryServiceRef,
+      },
+      async init({ actionsRegistry }) {
+        actionsRegistry.register({
+          name: 'greet-user',
+          title: 'Greet User',
+          description: 'Generate a personalized greeting',
+          schema: {
+            input: z =>
+              z.object({
+                name: z.string().describe('The name of the person to greet'),
+              }),
+            output: z =>
+              z.object({
+                greeting: z.string().describe('The generated greeting'),
+              }),
+          },
+          action: async ({ input }) => ({
+            output: { greeting: `Hello ${input.name}!` },
+          }),
+        });
+      },
+    });
+  },
+});
+```
+
+### Authentication Configuration
+
+By default, the Backstage backend requires authentication for all requests.
+
+#### External Access with Static Tokens
+
+> This is meant to be a temporary workaround until work on [device authentication](https://github.com/backstage/backstage/pull/27680) is completed.
+> This will make authentication for MCP clients and CLI's in Backstage easier than having to configure static tokens.
+
+Configure external access with static tokens in your app configuration:
+
+```yaml
+backend:
+  auth:
+    externalAccess:
+      - type: static
+        options:
+          token: ${MCP_TOKEN}
+          subject: mcp-clients
+        accessRestrictions:
+          - plugin: mcp-actions
+          - plugin: catalog
+```
+
+Generate a secure token:
+
+```bash
+node -p 'require("crypto").randomBytes(24).toString("base64")'
+```
+
+Set the `MCP_TOKEN` environment variable with this token, and configure your MCP client to use it in the [Authorization header](#configuring-mcp-clients)
+
+## Configuring MCP Clients
+
+The MCP server supports both Server-Sent Events (SSE) and Streamable HTTP protocols.
+
+The SSE protocol is deprecated, and should be avoided as it will be removed in a future release.
+
+- `Streamable HTTP`: `http://localhost:7007/api/mcp-actions/v1`
+- `SSE`: `http://localhost:7007/api/mcp-actions/v1/sse`
+
+There's a few different ways to configure MCP tools, but here's a snippet of the most common.
+
+```json
+{
+  "mcpServers": {
+    "backstage-actions": {
+      // you can also replace this with the public / internal URL of the deployed backend.
+      "url": "http://localhost:7007/api/mcp-actions/v1",
+      "headers": {
+        "Authorization": "Bearer ${MCP_TOKEN}"
+      }
+    }
+  }
+}
+```
+
+## Development
+
+This plugin backend can be started in a standalone mode from directly in this package with `yarn start`. It is a limited setup that is most convenient when developing the plugin backend itself.
+
+If you want to run the entire project, including the frontend, run `yarn start` from the root directory.

package/dist/index.cjs.js

@@ -0,0 +1,10 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var plugin = require('./plugin.cjs.js');
+
+
+
+exports.default = plugin.mcpPlugin;
+//# sourceMappingURL=index.cjs.js.map

package/dist/index.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;"}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
+
+/**
+ * mcpPlugin backend plugin
+ *
+ * @public
+ */
+declare const mcpPlugin: _backstage_backend_plugin_api.BackendFeature;
+
+export { mcpPlugin as default };

package/dist/plugin.cjs.js

@@ -0,0 +1,46 @@
+'use strict';
+
+var backendPluginApi = require('@backstage/backend-plugin-api');
+var express = require('express');
+var McpService = require('./services/McpService.cjs.js');
+var createStreamableRouter = require('./routers/createStreamableRouter.cjs.js');
+var createSseRouter = require('./routers/createSseRouter.cjs.js');
+var alpha = require('@backstage/backend-plugin-api/alpha');
+
+const mcpPlugin = backendPluginApi.createBackendPlugin({
+  pluginId: "mcp-actions",
+  register(env) {
+    env.registerInit({
+      deps: {
+        logger: backendPluginApi.coreServices.logger,
+        auth: backendPluginApi.coreServices.auth,
+        httpAuth: backendPluginApi.coreServices.httpAuth,
+        httpRouter: backendPluginApi.coreServices.httpRouter,
+        actions: alpha.actionsServiceRef,
+        registry: alpha.actionsRegistryServiceRef
+      },
+      async init({ actions, logger, httpRouter, httpAuth }) {
+        const mcpService = await McpService.McpService.create({
+          actions
+        });
+        const sseRouter = createSseRouter.createSseRouter({
+          mcpService,
+          httpAuth
+        });
+        const streamableRouter = createStreamableRouter.createStreamableRouter({
+          mcpService,
+          httpAuth,
+          logger
+        });
+        const router = express.Router();
+        router.use(express.json());
+        router.use("/v1/sse", sseRouter);
+        router.use("/v1", streamableRouter);
+        httpRouter.use(router);
+      }
+    });
+  }
+});
+
+exports.mcpPlugin = mcpPlugin;
+//# sourceMappingURL=plugin.cjs.js.map

package/dist/plugin.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  coreServices,\n  createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport { json, Router } from 'express';\nimport { McpService } from './services/McpService';\nimport { createStreamableRouter } from './routers/createStreamableRouter';\nimport { createSseRouter } from './routers/createSseRouter';\nimport {\n  actionsRegistryServiceRef,\n  actionsServiceRef,\n} from '@backstage/backend-plugin-api/alpha';\n\n/**\n * mcpPlugin backend plugin\n *\n * @public\n */\nexport const mcpPlugin = createBackendPlugin({\n  pluginId: 'mcp-actions',\n  register(env) {\n    env.registerInit({\n      deps: {\n        logger: coreServices.logger,\n        auth: coreServices.auth,\n        httpAuth: coreServices.httpAuth,\n        httpRouter: coreServices.httpRouter,\n        actions: actionsServiceRef,\n        registry: actionsRegistryServiceRef,\n      },\n      async init({ actions, logger, httpRouter, httpAuth }) {\n        const mcpService = await McpService.create({\n          actions,\n        });\n\n        const sseRouter = createSseRouter({\n          mcpService,\n          httpAuth,\n        });\n\n        const streamableRouter = createStreamableRouter({\n          mcpService,\n          httpAuth,\n          logger,\n        });\n\n        const router = Router();\n        router.use(json());\n\n        router.use('/v1/sse', sseRouter);\n        router.use('/v1', streamableRouter);\n\n        httpRouter.use(router);\n      },\n    });\n  },\n});\n"],"names":["createBackendPlugin","coreServices","actionsServiceRef","actionsRegistryServiceRef","McpService","createSseRouter","createStreamableRouter","Router","json"],"mappings":";;;;;;;;;AAiCO,MAAM,YAAYA,oCAAoB,CAAA;AAAA,EAC3C,QAAU,EAAA,aAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,QAAQC,6BAAa,CAAA,MAAA;AAAA,QACrB,MAAMA,6BAAa,CAAA,IAAA;AAAA,QACnB,UAAUA,6BAAa,CAAA,QAAA;AAAA,QACvB,YAAYA,6BAAa,CAAA,UAAA;AAAA,QACzB,OAAS,EAAAC,uBAAA;AAAA,QACT,QAAU,EAAAC;AAAA,OACZ;AAAA,MACA,MAAM,IAAK,CAAA,EAAE,SAAS,MAAQ,EAAA,UAAA,EAAY,UAAY,EAAA;AACpD,QAAM,MAAA,UAAA,GAAa,MAAMC,qBAAA,CAAW,MAAO,CAAA;AAAA,UACzC;AAAA,SACD,CAAA;AAED,QAAA,MAAM,YAAYC,+BAAgB,CAAA;AAAA,UAChC,UAAA;AAAA,UACA;AAAA,SACD,CAAA;AAED,QAAA,MAAM,mBAAmBC,6CAAuB,CAAA;AAAA,UAC9C,UAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AAED,QAAA,MAAM,SAASC,cAAO,EAAA;AACtB,QAAO,MAAA,CAAA,GAAA,CAAIC,cAAM,CAAA;AAEjB,QAAO,MAAA,CAAA,GAAA,CAAI,WAAW,SAAS,CAAA;AAC/B,QAAO,MAAA,CAAA,GAAA,CAAI,OAAO,gBAAgB,CAAA;AAElC,QAAA,UAAA,CAAW,IAAI,MAAM,CAAA;AAAA;AACvB,KACD,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/routers/createSseRouter.cjs.js

@@ -0,0 +1,47 @@
+'use strict';
+
+var PromiseRouter = require('express-promise-router');
+var sse_js = require('@modelcontextprotocol/sdk/server/sse.js');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var PromiseRouter__default = /*#__PURE__*/_interopDefaultCompat(PromiseRouter);
+
+const createSseRouter = ({
+  mcpService,
+  httpAuth
+}) => {
+  const router = PromiseRouter__default.default();
+  const transportsToSessionId = /* @__PURE__ */ new Map();
+  router.get("/", async (req, res) => {
+    const server = mcpService.getServer({
+      credentials: await httpAuth.credentials(req)
+    });
+    const transport = new sse_js.SSEServerTransport(
+      `${req.originalUrl}/messages`,
+      res
+    );
+    transportsToSessionId.set(transport.sessionId, transport);
+    res.on("close", () => {
+      transportsToSessionId.delete(transport.sessionId);
+    });
+    await server.connect(transport);
+  });
+  router.post("/messages", async (req, res) => {
+    const sessionId = req.query.sessionId;
+    if (!sessionId) {
+      res.status(400).contentType("text/plain").write("sessionId is required");
+      return;
+    }
+    const transport = transportsToSessionId.get(sessionId);
+    if (transport) {
+      await transport.handlePostMessage(req, res, req.body);
+    } else {
+      res.status(400).contentType("text/plain").write(`No transport found for sessionId "${sessionId}"`);
+    }
+  });
+  return router;
+};
+
+exports.createSseRouter = createSseRouter;
+//# sourceMappingURL=createSseRouter.cjs.js.map

package/dist/routers/createSseRouter.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createSseRouter.cjs.js","sources":["../../src/routers/createSseRouter.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport PromiseRouter from 'express-promise-router';\nimport { Router } from 'express';\nimport { McpService } from '../services/McpService';\nimport { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js';\nimport { HttpAuthService } from '@backstage/backend-plugin-api';\n\n/**\n * Legacy SSE endpoint for older clients, hopefully will not be needed for much longer.\n */\nexport const createSseRouter = ({\n  mcpService,\n  httpAuth,\n}: {\n  mcpService: McpService;\n  httpAuth: HttpAuthService;\n}): Router => {\n  const router = PromiseRouter();\n  const transportsToSessionId = new Map<string, SSEServerTransport>();\n\n  router.get('/', async (req, res) => {\n    const server = mcpService.getServer({\n      credentials: await httpAuth.credentials(req),\n    });\n\n    const transport = new SSEServerTransport(\n      `${req.originalUrl}/messages`,\n      res,\n    );\n\n    transportsToSessionId.set(transport.sessionId, transport);\n\n    res.on('close', () => {\n      transportsToSessionId.delete(transport.sessionId);\n    });\n\n    await server.connect(transport);\n  });\n\n  router.post('/messages', async (req, res) => {\n    const sessionId = req.query.sessionId as string;\n\n    if (!sessionId) {\n      res.status(400).contentType('text/plain').write('sessionId is required');\n      return;\n    }\n\n    const transport = transportsToSessionId.get(sessionId);\n    if (transport) {\n      await transport.handlePostMessage(req, res, req.body);\n    } else {\n      res\n        .status(400)\n        .contentType('text/plain')\n        .write(`No transport found for sessionId \"${sessionId}\"`);\n    }\n  });\n  return router;\n};\n"],"names":["PromiseRouter","SSEServerTransport"],"mappings":";;;;;;;;;AAwBO,MAAM,kBAAkB,CAAC;AAAA,EAC9B,UAAA;AAAA,EACA;AACF,CAGc,KAAA;AACZ,EAAA,MAAM,SAASA,8BAAc,EAAA;AAC7B,EAAM,MAAA,qBAAA,uBAA4B,GAAgC,EAAA;AAElE,EAAA,MAAA,CAAO,GAAI,CAAA,GAAA,EAAK,OAAO,GAAA,EAAK,GAAQ,KAAA;AAClC,IAAM,MAAA,MAAA,GAAS,WAAW,SAAU,CAAA;AAAA,MAClC,WAAa,EAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG;AAAA,KAC5C,CAAA;AAED,IAAA,MAAM,YAAY,IAAIC,yBAAA;AAAA,MACpB,CAAA,EAAG,IAAI,WAAW,CAAA,SAAA,CAAA;AAAA,MAClB;AAAA,KACF;AAEA,IAAsB,qBAAA,CAAA,GAAA,CAAI,SAAU,CAAA,SAAA,EAAW,SAAS,CAAA;AAExD,IAAI,GAAA,CAAA,EAAA,CAAG,SAAS,MAAM;AACpB,MAAsB,qBAAA,CAAA,MAAA,CAAO,UAAU,SAAS,CAAA;AAAA,KACjD,CAAA;AAED,IAAM,MAAA,MAAA,CAAO,QAAQ,SAAS,CAAA;AAAA,GAC/B,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,WAAA,EAAa,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC3C,IAAM,MAAA,SAAA,GAAY,IAAI,KAAM,CAAA,SAAA;AAE5B,IAAA,IAAI,CAAC,SAAW,EAAA;AACd,MAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,YAAY,YAAY,CAAA,CAAE,MAAM,uBAAuB,CAAA;AACvE,MAAA;AAAA;AAGF,IAAM,MAAA,SAAA,GAAY,qBAAsB,CAAA,GAAA,CAAI,SAAS,CAAA;AACrD,IAAA,IAAI,SAAW,EAAA;AACb,MAAA,MAAM,SAAU,CAAA,iBAAA,CAAkB,GAAK,EAAA,GAAA,EAAK,IAAI,IAAI,CAAA;AAAA,KAC/C,MAAA;AACL,MACG,GAAA,CAAA,MAAA,CAAO,GAAG,CACV,CAAA,WAAA,CAAY,YAAY,CACxB,CAAA,KAAA,CAAM,CAAqC,kCAAA,EAAA,SAAS,CAAG,CAAA,CAAA,CAAA;AAAA;AAC5D,GACD,CAAA;AACD,EAAO,OAAA,MAAA;AACT;;;;"}

package/dist/routers/createStreamableRouter.cjs.js

@@ -0,0 +1,77 @@
+'use strict';
+
+var PromiseRouter = require('express-promise-router');
+var streamableHttp_js = require('@modelcontextprotocol/sdk/server/streamableHttp.js');
+var errors = require('@backstage/errors');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var PromiseRouter__default = /*#__PURE__*/_interopDefaultCompat(PromiseRouter);
+
+const createStreamableRouter = ({
+  mcpService,
+  httpAuth,
+  logger
+}) => {
+  const router = PromiseRouter__default.default();
+  router.post("/", async (req, res) => {
+    try {
+      const server = mcpService.getServer({
+        credentials: await httpAuth.credentials(req)
+      });
+      const transport = new streamableHttp_js.StreamableHTTPServerTransport({
+        // stateless implementation for now, so that we can support multiple
+        // instances of the server backend, and avoid sticky sessions.
+        sessionIdGenerator: void 0
+      });
+      await server.connect(transport);
+      await transport.handleRequest(req, res, req.body);
+      res.on("close", () => {
+        transport.close();
+        server.close();
+      });
+    } catch (error) {
+      if (errors.isError(error)) {
+        logger.error(error.message);
+      }
+      if (!res.headersSent) {
+        res.status(500).json({
+          jsonrpc: "2.0",
+          error: {
+            code: -32603,
+            message: "Internal server error"
+          },
+          id: null
+        });
+      }
+    }
+  });
+  router.get("/", async (_, res) => {
+    res.writeHead(405).end(
+      JSON.stringify({
+        jsonrpc: "2.0",
+        error: {
+          code: -32e3,
+          message: "Method not allowed."
+        },
+        id: null
+      })
+    );
+  });
+  router.delete("/", async (_, res) => {
+    res.writeHead(405).end(
+      JSON.stringify({
+        jsonrpc: "2.0",
+        error: {
+          code: -32e3,
+          message: "Method not allowed."
+        },
+        id: null
+      })
+    );
+  });
+  return router;
+};
+
+exports.createStreamableRouter = createStreamableRouter;
+//# sourceMappingURL=createStreamableRouter.cjs.js.map

package/dist/routers/createStreamableRouter.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createStreamableRouter.cjs.js","sources":["../../src/routers/createStreamableRouter.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport PromiseRouter from 'express-promise-router';\nimport { Router } from 'express';\nimport { McpService } from '../services/McpService';\nimport { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';\nimport { HttpAuthService, LoggerService } from '@backstage/backend-plugin-api';\nimport { isError } from '@backstage/errors';\n\nexport const createStreamableRouter = ({\n  mcpService,\n  httpAuth,\n  logger,\n}: {\n  mcpService: McpService;\n  logger: LoggerService;\n  httpAuth: HttpAuthService;\n}): Router => {\n  const router = PromiseRouter();\n\n  router.post('/', async (req, res) => {\n    try {\n      const server = mcpService.getServer({\n        credentials: await httpAuth.credentials(req),\n      });\n\n      const transport = new StreamableHTTPServerTransport({\n        // stateless implementation for now, so that we can support multiple\n        // instances of the server backend, and avoid sticky sessions.\n        sessionIdGenerator: undefined,\n      });\n\n      await server.connect(transport);\n      await transport.handleRequest(req, res, req.body);\n\n      res.on('close', () => {\n        transport.close();\n        server.close();\n      });\n    } catch (error) {\n      if (isError(error)) {\n        logger.error(error.message);\n      }\n\n      if (!res.headersSent) {\n        res.status(500).json({\n          jsonrpc: '2.0',\n          error: {\n            code: -32603,\n            message: 'Internal server error',\n          },\n          id: null,\n        });\n      }\n    }\n  });\n\n  router.get('/', async (_, res) => {\n    // We only support POST requests, so we return a 405 error for all other methods.\n    res.writeHead(405).end(\n      JSON.stringify({\n        jsonrpc: '2.0',\n        error: {\n          code: -32000,\n          message: 'Method not allowed.',\n        },\n        id: null,\n      }),\n    );\n  });\n\n  router.delete('/', async (_, res) => {\n    // We only support POST requests, so we return a 405 error for all other methods.\n    res.writeHead(405).end(\n      JSON.stringify({\n        jsonrpc: '2.0',\n        error: {\n          code: -32000,\n          message: 'Method not allowed.',\n        },\n        id: null,\n      }),\n    );\n  });\n\n  return router;\n};\n"],"names":["PromiseRouter","StreamableHTTPServerTransport","isError"],"mappings":";;;;;;;;;;AAsBO,MAAM,yBAAyB,CAAC;AAAA,EACrC,UAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF,CAIc,KAAA;AACZ,EAAA,MAAM,SAASA,8BAAc,EAAA;AAE7B,EAAA,MAAA,CAAO,IAAK,CAAA,GAAA,EAAK,OAAO,GAAA,EAAK,GAAQ,KAAA;AACnC,IAAI,IAAA;AACF,MAAM,MAAA,MAAA,GAAS,WAAW,SAAU,CAAA;AAAA,QAClC,WAAa,EAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG;AAAA,OAC5C,CAAA;AAED,MAAM,MAAA,SAAA,GAAY,IAAIC,+CAA8B,CAAA;AAAA;AAAA;AAAA,QAGlD,kBAAoB,EAAA,KAAA;AAAA,OACrB,CAAA;AAED,MAAM,MAAA,MAAA,CAAO,QAAQ,SAAS,CAAA;AAC9B,MAAA,MAAM,SAAU,CAAA,aAAA,CAAc,GAAK,EAAA,GAAA,EAAK,IAAI,IAAI,CAAA;AAEhD,MAAI,GAAA,CAAA,EAAA,CAAG,SAAS,MAAM;AACpB,QAAA,SAAA,CAAU,KAAM,EAAA;AAChB,QAAA,MAAA,CAAO,KAAM,EAAA;AAAA,OACd,CAAA;AAAA,aACM,KAAO,EAAA;AACd,MAAI,IAAAC,cAAA,CAAQ,KAAK,CAAG,EAAA;AAClB,QAAO,MAAA,CAAA,KAAA,CAAM,MAAM,OAAO,CAAA;AAAA;AAG5B,MAAI,IAAA,CAAC,IAAI,WAAa,EAAA;AACpB,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACnB,OAAS,EAAA,KAAA;AAAA,UACT,KAAO,EAAA;AAAA,YACL,IAAM,EAAA,CAAA,KAAA;AAAA,YACN,OAAS,EAAA;AAAA,WACX;AAAA,UACA,EAAI,EAAA;AAAA,SACL,CAAA;AAAA;AACH;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,GAAA,EAAK,OAAO,CAAA,EAAG,GAAQ,KAAA;AAEhC,IAAI,GAAA,CAAA,SAAA,CAAU,GAAG,CAAE,CAAA,GAAA;AAAA,MACjB,KAAK,SAAU,CAAA;AAAA,QACb,OAAS,EAAA,KAAA;AAAA,QACT,KAAO,EAAA;AAAA,UACL,IAAM,EAAA,CAAA,IAAA;AAAA,UACN,OAAS,EAAA;AAAA,SACX;AAAA,QACA,EAAI,EAAA;AAAA,OACL;AAAA,KACH;AAAA,GACD,CAAA;AAED,EAAA,MAAA,CAAO,MAAO,CAAA,GAAA,EAAK,OAAO,CAAA,EAAG,GAAQ,KAAA;AAEnC,IAAI,GAAA,CAAA,SAAA,CAAU,GAAG,CAAE,CAAA,GAAA;AAAA,MACjB,KAAK,SAAU,CAAA;AAAA,QACb,OAAS,EAAA,KAAA;AAAA,QACT,KAAO,EAAA;AAAA,UACL,IAAM,EAAA,CAAA,IAAA;AAAA,UACN,OAAS,EAAA;AAAA,SACX;AAAA,QACA,EAAI,EAAA;AAAA,OACL;AAAA,KACH;AAAA,GACD,CAAA;AAED,EAAO,OAAA,MAAA;AACT;;;;"}

package/dist/services/McpService.cjs.js

@@ -0,0 +1,74 @@
+'use strict';
+
+var index_js = require('@modelcontextprotocol/sdk/server/index.js');
+var types_js = require('@modelcontextprotocol/sdk/types.js');
+var package_json = require('@backstage/plugin-mcp-actions-backend/package.json');
+var errors = require('@backstage/errors');
+
+class McpService {
+  constructor(actions) {
+    this.actions = actions;
+  }
+  static async create({ actions }) {
+    return new McpService(actions);
+  }
+  getServer({ credentials }) {
+    const server = new index_js.Server(
+      {
+        name: "backstage",
+        // TODO: this version will most likely change in the future.
+        version: package_json.version
+      },
+      { capabilities: { tools: {} } }
+    );
+    server.setRequestHandler(types_js.ListToolsRequestSchema, async () => {
+      const { actions } = await this.actions.list({ credentials });
+      return {
+        tools: actions.map((action) => ({
+          inputSchema: action.schema.input,
+          // todo(blam): this is unfortunately not supported by most clients yet.
+          // When this is provided you need to provide structuredContent instead.
+          // outputSchema: action.schema.output,
+          name: action.name,
+          description: action.description,
+          annotations: {
+            title: action.title,
+            destructiveHint: action.attributes.destructive,
+            idempotentHint: action.attributes.idempotent,
+            readOnlyHint: action.attributes.readOnly,
+            openWorldHint: false
+          }
+        }))
+      };
+    });
+    server.setRequestHandler(types_js.CallToolRequestSchema, async ({ params }) => {
+      const { actions } = await this.actions.list({ credentials });
+      const action = actions.find((a) => a.name === params.name);
+      if (!action) {
+        throw new errors.NotFoundError(`Action "${params.name}" not found`);
+      }
+      const { output } = await this.actions.invoke({
+        id: action.id,
+        input: params.arguments,
+        credentials
+      });
+      return {
+        // todo(blam): unfortunately structuredContent is not supported by most clients yet.
+        // so the validation for the output happens in the default actions registry
+        // and we return it as json text instead for now.
+        content: [
+          {
+            type: "text",
+            text: ["```json", JSON.stringify(output, null, 2), "```"].join(
+              "\n"
+            )
+          }
+        ]
+      };
+    });
+    return server;
+  }
+}
+
+exports.McpService = McpService;
+//# sourceMappingURL=McpService.cjs.js.map

package/dist/services/McpService.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"McpService.cjs.js","sources":["../../src/services/McpService.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { BackstageCredentials } from '@backstage/backend-plugin-api';\nimport { Server as McpServer } from '@modelcontextprotocol/sdk/server/index.js';\nimport {\n  ListToolsRequestSchema,\n  CallToolRequestSchema,\n} from '@modelcontextprotocol/sdk/types.js';\nimport { JsonObject } from '@backstage/types';\nimport { ActionsService } from '@backstage/backend-plugin-api/alpha';\nimport { version } from '@backstage/plugin-mcp-actions-backend/package.json';\nimport { NotFoundError } from '@backstage/errors';\n\nexport class McpService {\n  constructor(private readonly actions: ActionsService) {}\n\n  static async create({ actions }: { actions: ActionsService }) {\n    return new McpService(actions);\n  }\n\n  getServer({ credentials }: { credentials: BackstageCredentials }) {\n    const server = new McpServer(\n      {\n        name: 'backstage',\n        // TODO: this version will most likely change in the future.\n        version,\n      },\n      { capabilities: { tools: {} } },\n    );\n\n    server.setRequestHandler(ListToolsRequestSchema, async () => {\n      // TODO: switch this to be configuration based later\n      const { actions } = await this.actions.list({ credentials });\n\n      return {\n        tools: actions.map(action => ({\n          inputSchema: action.schema.input,\n          // todo(blam): this is unfortunately not supported by most clients yet.\n          // When this is provided you need to provide structuredContent instead.\n          // outputSchema: action.schema.output,\n          name: action.name,\n          description: action.description,\n          annotations: {\n            title: action.title,\n            destructiveHint: action.attributes.destructive,\n            idempotentHint: action.attributes.idempotent,\n            readOnlyHint: action.attributes.readOnly,\n            openWorldHint: false,\n          },\n        })),\n      };\n    });\n\n    server.setRequestHandler(CallToolRequestSchema, async ({ params }) => {\n      const { actions } = await this.actions.list({ credentials });\n      const action = actions.find(a => a.name === params.name);\n\n      if (!action) {\n        throw new NotFoundError(`Action \"${params.name}\" not found`);\n      }\n\n      const { output } = await this.actions.invoke({\n        id: action.id,\n        input: params.arguments as JsonObject,\n        credentials,\n      });\n\n      return {\n        // todo(blam): unfortunately structuredContent is not supported by most clients yet.\n        // so the validation for the output happens in the default actions registry\n        // and we return it as json text instead for now.\n        content: [\n          {\n            type: 'text',\n            text: ['```json', JSON.stringify(output, null, 2), '```'].join(\n              '\\n',\n            ),\n          },\n        ],\n      };\n    });\n\n    return server;\n  }\n}\n"],"names":["McpServer","version","ListToolsRequestSchema","CallToolRequestSchema","NotFoundError"],"mappings":";;;;;;;AA0BO,MAAM,UAAW,CAAA;AAAA,EACtB,YAA6B,OAAyB,EAAA;AAAzB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA;AAA0B,EAEvD,aAAa,MAAA,CAAO,EAAE,OAAA,EAAwC,EAAA;AAC5D,IAAO,OAAA,IAAI,WAAW,OAAO,CAAA;AAAA;AAC/B,EAEA,SAAA,CAAU,EAAE,WAAA,EAAsD,EAAA;AAChE,IAAA,MAAM,SAAS,IAAIA,eAAA;AAAA,MACjB;AAAA,QACE,IAAM,EAAA,WAAA;AAAA;AAAA,iBAENC;AAAA,OACF;AAAA,MACA,EAAE,YAAc,EAAA,EAAE,KAAO,EAAA,IAAK;AAAA,KAChC;AAEA,IAAO,MAAA,CAAA,iBAAA,CAAkBC,iCAAwB,YAAY;AAE3D,MAAM,MAAA,EAAE,SAAY,GAAA,MAAM,KAAK,OAAQ,CAAA,IAAA,CAAK,EAAE,WAAA,EAAa,CAAA;AAE3D,MAAO,OAAA;AAAA,QACL,KAAA,EAAO,OAAQ,CAAA,GAAA,CAAI,CAAW,MAAA,MAAA;AAAA,UAC5B,WAAA,EAAa,OAAO,MAAO,CAAA,KAAA;AAAA;AAAA;AAAA;AAAA,UAI3B,MAAM,MAAO,CAAA,IAAA;AAAA,UACb,aAAa,MAAO,CAAA,WAAA;AAAA,UACpB,WAAa,EAAA;AAAA,YACX,OAAO,MAAO,CAAA,KAAA;AAAA,YACd,eAAA,EAAiB,OAAO,UAAW,CAAA,WAAA;AAAA,YACnC,cAAA,EAAgB,OAAO,UAAW,CAAA,UAAA;AAAA,YAClC,YAAA,EAAc,OAAO,UAAW,CAAA,QAAA;AAAA,YAChC,aAAe,EAAA;AAAA;AACjB,SACA,CAAA;AAAA,OACJ;AAAA,KACD,CAAA;AAED,IAAA,MAAA,CAAO,iBAAkB,CAAAC,8BAAA,EAAuB,OAAO,EAAE,QAAa,KAAA;AACpE,MAAM,MAAA,EAAE,SAAY,GAAA,MAAM,KAAK,OAAQ,CAAA,IAAA,CAAK,EAAE,WAAA,EAAa,CAAA;AAC3D,MAAA,MAAM,SAAS,OAAQ,CAAA,IAAA,CAAK,OAAK,CAAE,CAAA,IAAA,KAAS,OAAO,IAAI,CAAA;AAEvD,MAAA,IAAI,CAAC,MAAQ,EAAA;AACX,QAAA,MAAM,IAAIC,oBAAA,CAAc,CAAW,QAAA,EAAA,MAAA,CAAO,IAAI,CAAa,WAAA,CAAA,CAAA;AAAA;AAG7D,MAAA,MAAM,EAAE,MAAO,EAAA,GAAI,MAAM,IAAA,CAAK,QAAQ,MAAO,CAAA;AAAA,QAC3C,IAAI,MAAO,CAAA,EAAA;AAAA,QACX,OAAO,MAAO,CAAA,SAAA;AAAA,QACd;AAAA,OACD,CAAA;AAED,MAAO,OAAA;AAAA;AAAA;AAAA;AAAA,QAIL,OAAS,EAAA;AAAA,UACP;AAAA,YACE,IAAM,EAAA,MAAA;AAAA,YACN,IAAA,EAAM,CAAC,SAAA,EAAW,IAAK,CAAA,SAAA,CAAU,QAAQ,IAAM,EAAA,CAAC,CAAG,EAAA,KAAK,CAAE,CAAA,IAAA;AAAA,cACxD;AAAA;AACF;AACF;AACF,OACF;AAAA,KACD,CAAA;AAED,IAAO,OAAA,MAAA;AAAA;AAEX;;;;"}

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "@backstage/plugin-mcp-actions-backend",
+  "version": "0.0.0-nightly-20250620024248",
+  "backstage": {
+    "role": "backend-plugin",
+    "pluginId": "mcp-actions",
+    "pluginPackages": [
+      "@backstage/plugin-mcp-actions-backend"
+    ],
+    "features": {
+      ".": "@backstage/BackendFeature"
+    }
+  },
+  "publishConfig": {
+    "access": "public",
+    "main": "dist/index.cjs.js",
+    "types": "dist/index.d.ts"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/backstage/backstage",
+    "directory": "plugins/mcp-actions-backend"
+  },
+  "license": "Apache-2.0",
+  "main": "dist/index.cjs.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "backstage-cli package build",
+    "clean": "backstage-cli package clean",
+    "lint": "backstage-cli package lint",
+    "prepack": "backstage-cli package prepack",
+    "postpack": "backstage-cli package postpack",
+    "start": "backstage-cli package start",
+    "test": "backstage-cli package test"
+  },
+  "dependencies": {
+    "@backstage/backend-defaults": "0.11.0",
+    "@backstage/backend-plugin-api": "1.4.0",
+    "@backstage/catalog-client": "1.10.1",
+    "@backstage/errors": "1.2.7",
+    "@backstage/plugin-catalog-node": "1.17.1",
+    "@backstage/types": "1.2.1",
+    "@modelcontextprotocol/sdk": "^1.12.3",
+    "express": "^4.17.1",
+    "express-promise-router": "^4.1.0",
+    "zod": "^3.22.4"
+  },
+  "devDependencies": {
+    "@backstage/backend-test-utils": "1.6.0",
+    "@backstage/cli": "0.33.0",
+    "@types/express": "^4.17.6"
+  },
+  "typesVersions": {
+    "*": {
+      "package.json": [
+        "package.json"
+      ]
+    }
+  }
+}