npm - @centrali-io/centrali-mcp - Versions diffs - 4.5.2 → 5.0.0 - Mend

@centrali-io/centrali-mcp 4.5.2 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -4,11 +4,30 @@ MCP (Model Context Protocol) server for the Centrali platform. Lets AI assistant
 > **Full documentation:** [docs.centrali.io](https://docs.centrali.io) — SDK guide, API reference, compute functions, orchestrations, and more.
-Built on `@centrali-io/centrali-sdk` v4.4.7. Authenticates via service account client credentials.
+## Two ways to connect
-## Setup
+### Option 1: Hosted MCP Server (recommended)
-Add to your MCP client configuration (e.g., Claude Desktop, Cursor):
+The easiest way to connect any AI client to Centrali. Add a single URL — authentication happens in the browser via OAuth.
+**Claude Desktop / Claude Code / Cursor:**
+```json
+{
+  "mcpServers": {
+    "centrali": {
+      "type": "url",
+      "url": "https://mcp.centrali.io"
+    }
+  }
+}
+```
+On first use, your AI client opens a browser for login and workspace selection. No client ID, secret, or workspace slug needed.
+### Option 2: Stdio with Service Account (CI/automation)
+For headless environments (CI pipelines, automation scripts, cron jobs) where browser login isn't possible. Uses service account credentials with RBAC permissions.
 ```json
 {
@@ -27,14 +46,22 @@ Add to your MCP client configuration (e.g., Claude Desktop, Cursor):
 }
 ```
-### Environment Variables
+### Migrating from OAuth stdio to hosted
+If you were previously using `CENTRALI_OAUTH_CLIENT_ID` with the stdio package, switch to the hosted URL:
+1. Remove the old `command`/`args`/`env` configuration
+2. Replace with: `{ "type": "url", "url": "https://mcp.centrali.io" }`
+3. On next connection, authenticate in the browser
+### Environment Variables (stdio mode only)
 | Variable | Required | Description |
 |----------|----------|-------------|
 | `CENTRALI_URL` | Yes | Centrali instance URL (e.g., `https://centrali.io`) |
+| `CENTRALI_WORKSPACE` | Yes | Workspace slug to operate in |
 | `CENTRALI_CLIENT_ID` | Yes | Service account client ID |
 | `CENTRALI_CLIENT_SECRET` | Yes | Service account client secret |
-| `CENTRALI_WORKSPACE` | Yes | Workspace slug to operate in |
 ### Service Account Permissions
@@ -42,16 +69,12 @@ A freshly created service account **has no permissions by default**. You must as
 **Quickest setup — full admin access:**
-1. In the Console, go to **Settings → Service Accounts**
+1. In the Console, go to **Settings > Service Accounts**
 2. Create your service account and save the client secret
 3. Open the service account, go to the **Groups** tab
 4. Add it to the **workspace_administrators** group
-This gives the MCP server full access to all workspace resources.
-**Least-privilege setup — custom permissions:**
-If you only want the MCP to manage specific resources (e.g., collections and records but not billing), create a custom group with a policy scoped to the resources you need, then add the service account to that group. See the [Policies and Permissions guide](https://docs.centrali.io/authentication/policies-and-permissions/) for details.
+**Least-privilege setup:** Create a custom group with a policy scoped to the resources you need. See the [Policies and Permissions guide](https://docs.centrali.io/authentication/policies-and-permissions/) for details.
 ## Getting Started

package/dist/index.js CHANGED Viewed

@@ -36,16 +36,32 @@ function getRequiredEnv(name) {
 }
 function main() {
     return __awaiter(this, void 0, void 0, function* () {
+        // ── Migration check ──────────────────────────────────────────
+        // Browser OAuth and client_credentials flows have moved to the hosted MCP server.
+        // Detect old env vars and guide users to the new setup.
+        if (process.env.CENTRALI_OAUTH_CLIENT_ID) {
+            console.error("\n" +
+                "══════════════════════════════════════════════════════════════\n" +
+                "  Browser OAuth has moved to the hosted MCP server.\n" +
+                "\n" +
+                "  Replace this stdio configuration with a single URL:\n" +
+                "\n" +
+                '    { "type": "url", "url": "https://mcp.centrali.io" }\n' +
+                "\n" +
+                "  Your AI client will open a browser for login automatically.\n" +
+                "  No client ID, secret, or workspace slug needed.\n" +
+                "\n" +
+                "  Guide: https://docs.centrali.io/sdk/mcp/\n" +
+                "══════════════════════════════════════════════════════════════\n");
+            process.exit(0);
+        }
+        // ── Service account mode (the only mode for stdio) ───────────
         const baseUrl = getRequiredEnv("CENTRALI_URL");
+        const workspaceId = getRequiredEnv("CENTRALI_WORKSPACE");
         const clientId = getRequiredEnv("CENTRALI_CLIENT_ID");
         const clientSecret = getRequiredEnv("CENTRALI_CLIENT_SECRET");
-        const workspaceId = getRequiredEnv("CENTRALI_WORKSPACE");
-        const sdk = new centrali_sdk_1.CentraliSDK({
-            baseUrl,
-            workspaceId,
-            clientId,
-            clientSecret,
-        });
+        const sdk = new centrali_sdk_1.CentraliSDK({ baseUrl, workspaceId, clientId, clientSecret });
+        console.error(`[centrali-mcp] Ready — service account (client: ${clientId})`);
         const server = new mcp_js_1.McpServer({
             name: "centrali",
             version: "1.0.0",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@centrali-io/centrali-mcp",
-  "version": "4.5.2",
+  "version": "5.0.0",
   "description": "Centrali MCP Server - AI assistant integration for Centrali workspaces",
   "main": "dist/index.js",
   "type": "commonjs",

package/src/index.ts CHANGED Viewed

@@ -27,17 +27,36 @@ function getRequiredEnv(name: string): string {
 }
 async function main() {
+  // ── Migration check ──────────────────────────────────────────
+  // Browser OAuth and client_credentials flows have moved to the hosted MCP server.
+  // Detect old env vars and guide users to the new setup.
+  if (process.env.CENTRALI_OAUTH_CLIENT_ID) {
+    console.error(
+      "\n" +
+      "══════════════════════════════════════════════════════════════\n" +
+      "  Browser OAuth has moved to the hosted MCP server.\n" +
+      "\n" +
+      "  Replace this stdio configuration with a single URL:\n" +
+      "\n" +
+      '    { "type": "url", "url": "https://mcp.centrali.io" }\n' +
+      "\n" +
+      "  Your AI client will open a browser for login automatically.\n" +
+      "  No client ID, secret, or workspace slug needed.\n" +
+      "\n" +
+      "  Guide: https://docs.centrali.io/sdk/mcp/\n" +
+      "══════════════════════════════════════════════════════════════\n"
+    );
+    process.exit(0);
+  }
+  // ── Service account mode (the only mode for stdio) ───────────
   const baseUrl = getRequiredEnv("CENTRALI_URL");
+  const workspaceId = getRequiredEnv("CENTRALI_WORKSPACE");
   const clientId = getRequiredEnv("CENTRALI_CLIENT_ID");
   const clientSecret = getRequiredEnv("CENTRALI_CLIENT_SECRET");
-  const workspaceId = getRequiredEnv("CENTRALI_WORKSPACE");
-  const sdk = new CentraliSDK({
-    baseUrl,
-    workspaceId,
-    clientId,
-    clientSecret,
-  });
+  const sdk = new CentraliSDK({ baseUrl, workspaceId, clientId, clientSecret });
+  console.error(`[centrali-mcp] Ready — service account (client: ${clientId})`);
   const server = new McpServer({
     name: "centrali",