@clavex/mcp-server 1.0.0

package/dist/tools/clients.js

@@ -0,0 +1,124 @@
+import { z } from "zod";
+import { getClient } from "../client.js";
+import { handleError, mdTable } from "../helpers.js";
+export function registerClientTools(server) {
+    // ── List clients ───────────────────────────────────────────────────────────
+    server.registerTool("clavex_list_clients", {
+        title: "List OIDC Clients",
+        description: `List all OIDC/OAuth2 clients registered in an organization.
+
+Returns: client_id, name, grant_types, redirect_uris, is_active.
+
+Use when: "show me all apps registered in org <id>", "list OIDC clients for acme".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id }) => handleError(async () => {
+        const clients = await getClient().get(getClient().orgPath(org_id, "/clients"));
+        return mdTable(clients, ["client_id", "name", "grant_types", "is_active"]);
+    }));
+    // ── Get client ─────────────────────────────────────────────────────────────
+    server.registerTool("clavex_get_client", {
+        title: "Get OIDC Client",
+        description: `Get full details of an OIDC/OAuth2 client registration.
+
+Returns full client JSON including redirect URIs, scopes, grant types, and settings.
+
+Note: client_secret is never returned after creation — use clavex_rotate_client_secret to reset it.`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            client_id: z.string().describe("OIDC client_id"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id, client_id }) => handleError(async () => {
+        const client = await getClient().get(getClient().orgPath(org_id, `/clients/${client_id}`));
+        return JSON.stringify(client, null, 2);
+    }));
+    // ── Create client ──────────────────────────────────────────────────────────
+    server.registerTool("clavex_create_client", {
+        title: "Create OIDC Client",
+        description: `Register a new OIDC/OAuth2 client in an organization.
+
+Args:
+  - org_id: Organization UUID
+  - name: Human-readable client name (e.g. "My Web App")
+  - redirect_uris: Array of allowed redirect URIs (must be https:// in production)
+  - grant_types: Array of allowed grant types. Common values:
+      ["authorization_code"] — standard web app
+      ["authorization_code", "refresh_token"] — web app with refresh
+      ["client_credentials"] — machine-to-machine
+  - response_types (optional): defaults to ["code"]
+  - scopes (optional): allowed scopes, defaults to ["openid", "profile", "email"]
+  - is_public (optional): true for SPAs/mobile apps (no client_secret)
+  - post_logout_redirect_uris (optional): allowed logout redirect URIs
+
+Returns: Created client JSON including the one-time plaintext client_secret.
+IMPORTANT: Save the client_secret immediately — it will never be shown again.
+
+Use when: "register Grafana as an OIDC client", "add a new web app to acme org".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            name: z.string().describe("Client display name"),
+            redirect_uris: z.array(z.string().url()).min(1).describe("Allowed redirect URIs"),
+            grant_types: z.array(z.string()).describe('e.g. ["authorization_code","refresh_token"]'),
+            response_types: z.array(z.string()).optional().describe('e.g. ["code"]'),
+            scopes: z.array(z.string()).optional().describe('e.g. ["openid","profile","email","groups"]'),
+            is_public: z.boolean().optional().describe("True for SPA/mobile (no client_secret)"),
+            post_logout_redirect_uris: z.array(z.string().url()).optional().describe("Allowed post-logout redirect URIs"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false },
+    }, async ({ org_id, ...params }) => handleError(async () => {
+        const result = await getClient().post(getClient().orgPath(org_id, "/clients"), params);
+        const secret = result.client_secret
+            ? `\n\n⚠️  SAVE THIS SECRET — it will not be shown again:\nclient_secret: ${result.client_secret}`
+            : "";
+        return `Client registered successfully.${secret}\n\n${JSON.stringify(result, null, 2)}`;
+    }));
+    // ── Update client ──────────────────────────────────────────────────────────
+    server.registerTool("clavex_update_client", {
+        title: "Update OIDC Client",
+        description: `Update an existing OIDC client registration (PATCH semantics).
+
+Args:
+  - org_id, client_id: identifiers
+  - name, redirect_uris, grant_types, scopes, is_active (all optional): new values
+
+Returns: Updated client JSON.
+
+Use when: "add a redirect URI to the Grafana client", "disable client <id>".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            client_id: z.string().describe("OIDC client_id"),
+            name: z.string().optional().describe("New display name"),
+            redirect_uris: z.array(z.string().url()).optional().describe("New redirect URIs (replaces existing)"),
+            post_logout_redirect_uris: z.array(z.string().url()).optional().describe("New logout redirect URIs"),
+            scopes: z.array(z.string()).optional().describe("New allowed scopes"),
+            is_active: z.boolean().optional().describe("Enable or disable the client"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true },
+    }, async ({ org_id, client_id, ...updates }) => handleError(async () => {
+        const body = Object.fromEntries(Object.entries(updates).filter(([, v]) => v !== undefined));
+        const result = await getClient().patch(getClient().orgPath(org_id, `/clients/${client_id}`), body);
+        return `Client updated:\n\n${JSON.stringify(result, null, 2)}`;
+    }));
+    // ── Rotate secret ──────────────────────────────────────────────────────────
+    server.registerTool("clavex_rotate_client_secret", {
+        title: "Rotate Client Secret",
+        description: `Generate a new client_secret for an OIDC client. The old secret is immediately invalidated.
+
+Returns: New plaintext client_secret.
+IMPORTANT: Update the secret in your application immediately after rotation.
+
+Use when: "rotate secret for client <id>", "regenerate client credentials".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            client_id: z.string().describe("OIDC client_id"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false },
+    }, async ({ org_id, client_id }) => handleError(async () => {
+        const result = await getClient().post(getClient().orgPath(org_id, `/clients/${client_id}/rotate-secret`));
+        return `⚠️  New secret (save immediately):\nclient_secret: ${result.client_secret}`;
+    }));
+}
+//# sourceMappingURL=clients.js.map

package/dist/tools/clients.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"clients.js","sourceRoot":"","sources":["../../src/tools/clients.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAErD,MAAM,UAAU,mBAAmB,CAAC,MAAiB;IACnD,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,qBAAqB,EACrB;QACE,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE;;;;mFAIgE;QAC7E,WAAW,EAAE;YACX,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SACxD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CACnB,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,OAAO,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CACnC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,CACxC,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;IAC7E,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE;;;;oGAIiF;QAC9F,WAAW,EAAE;YACX,MAAM,EAAK,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC1D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC;SACjD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,CAC9B,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CAClC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,SAAS,EAAE,CAAC,CACrD,CAAC;QACF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE;;;;;;;;;;;;;;;;;;iFAkB8D;QAC3E,WAAW,EAAE;YACX,MAAM,EAAqB,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC1E,IAAI,EAAuB,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;YACrE,aAAa,EAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,uBAAuB,CAAC;YAC7F,WAAW,EAAgB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,6CAA6C,CAAC;YACtG,cAAc,EAAa,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;YACnF,MAAM,EAAqB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;YAChH,SAAS,EAAkB,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;YACpG,yBAAyB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;SAC9G;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACpF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,EAAE,EAAE,CAC9B,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CACnC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,EACvC,MAAM,CACP,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa;YACjC,CAAC,CAAC,0EAA0E,MAAM,CAAC,aAAa,EAAE;YAClG,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,kCAAkC,MAAM,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IAC1F,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE;;;;;;;;6EAQ0D;QACvE,WAAW,EAAE;YACX,MAAM,EAAqB,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC1E,SAAS,EAAkB,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAChE,IAAI,EAAuB,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC7E,aAAa,EAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;YACjH,yBAAyB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACpG,MAAM,EAAqB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YACxF,SAAS,EAAkB,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;SAC3F;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACnF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,CAC1C,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAC7B,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAC3D,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,KAAK,CACpC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,SAAS,EAAE,CAAC,EACpD,IAAI,CACL,CAAC;QACF,OAAO,sBAAsB,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IACjE,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,6BAA6B,EAC7B;QACE,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EAAE;;;;;4EAKyD;QACtE,WAAW,EAAE;YACX,MAAM,EAAK,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC1D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC;SACjD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACpF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,CAC9B,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CACnC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,SAAS,gBAAgB,CAAC,CACnE,CAAC;QACF,OAAO,sDAAsD,MAAM,CAAC,aAAa,EAAE,CAAC;IACtF,CAAC,CAAC,CACL,CAAC;AACJ,CAAC"}

package/dist/tools/developer.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerDeveloperTools(server: McpServer): void;
+//# sourceMappingURL=developer.d.ts.map

package/dist/tools/developer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"developer.d.ts","sourceRoot":"","sources":["../../src/tools/developer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAyTpE,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA2V9D"}