@clavex/mcp-server 1.0.0

package/dist/tools/fga.js

@@ -0,0 +1,126 @@
+import { z } from "zod";
+import { getClient } from "../client.js";
+import { handleError } from "../helpers.js";
+export function registerFGATools(server) {
+    // ── Check relationship ─────────────────────────────────────────────────────
+    server.registerTool("clavex_fga_check", {
+        title: "FGA Relationship Check",
+        description: `Check whether a user has a specific relationship to an object in the Fine-Grained Authorization (FGA) store.
+
+Uses Google Zanzibar–style ReBAC (Relationship-Based Access Control) via OpenFGA.
+
+Args:
+  - org_id: Organization UUID (must have a provisioned FGA store)
+  - user: Subject identifier, e.g. "user:alice-uuid" or "team:engineering"
+  - relation: Relation to check, e.g. "can_read", "owner", "member", "viewer"
+  - object: Object identifier, e.g. "document:budget-2025", "project:phoenix"
+
+Returns: { allowed: true|false }
+
+Use when:
+  "can user alice read document budget-2025?"
+  "does team:engineering have owner access on project:phoenix?"
+  "verifica se l'utente <id> può approvare il documento <id>"`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            user: z.string().describe("Subject — e.g. 'user:alice-uuid' or 'team:engineering'"),
+            relation: z.string().describe("Relation to check — e.g. 'can_read', 'owner', 'member'"),
+            object: z.string().describe("Object — e.g. 'document:budget-2025'"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id, user, relation, object }) => handleError(async () => {
+        const result = await getClient().post(getClient().orgPath(org_id, "/fga/check"), { user, relation, object });
+        const verdict = result.allowed ? "✅ **ALLOWED**" : "❌ **DENIED**";
+        return `${verdict}\n\n\`${user}\` **${relation}** \`${object}\` → \`allowed: ${result.allowed}\``;
+    }));
+    // ── Write relationship tuple ────────────────────────────────────────────────
+    server.registerTool("clavex_fga_write_tuple", {
+        title: "FGA Write Relationship Tuple",
+        description: `Create or delete a relationship tuple in the FGA store.
+
+Tuples express facts like "user:alice is owner of document:budget-2025".
+Creating a tuple grants the relationship; deleting it removes the permission.
+
+Args:
+  - org_id: Organization UUID
+  - user: Subject — e.g. "user:alice-uuid", "team:engineering"
+  - relation: Relation — e.g. "owner", "viewer", "member", "can_approve"
+  - object: Object — e.g. "document:budget-2025", "project:phoenix"
+  - delete: Pass true to remove the relationship (default: false = create)
+
+Returns: Confirmation message.
+
+Use when:
+  "grant user alice viewer access to document:budget-2025"
+  "add team:engineering as member of project:phoenix"
+  "revoke bob's owner access on document:payroll"
+  "concedi a <user> il ruolo <relation> su <object>"`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            user: z.string().describe("Subject — e.g. 'user:alice-uuid'"),
+            relation: z.string().describe("Relation — e.g. 'owner', 'viewer', 'member'"),
+            object: z.string().describe("Object — e.g. 'document:budget-2025'"),
+            delete: z.boolean().default(false).describe("Set true to REMOVE the relationship (default: false = create)"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true },
+    }, async ({ org_id, user, relation, object, delete: del }) => handleError(async () => {
+        const body = del
+            ? { deletes: [{ user, relation, object }] }
+            : { writes: [{ user, relation, object }] };
+        await getClient().post(getClient().orgPath(org_id, "/fga/write"), body);
+        const action = del ? "deleted" : "created";
+        return `Relationship tuple ${action}: \`${user}\` **${relation}** \`${object}\``;
+    }));
+    // ── Read relationship tuples ───────────────────────────────────────────────
+    server.registerTool("clavex_fga_read_tuples", {
+        title: "FGA Read Relationship Tuples",
+        description: `Read relationship tuples from the FGA store, optionally filtered by user, relation, and/or object.
+
+All three filters are optional — pass only the ones you want to filter on (partial match).
+
+Args:
+  - org_id: Organization UUID
+  - user (optional): Filter by subject — e.g. "user:alice-uuid"
+  - relation (optional): Filter by relation — e.g. "owner"
+  - object (optional): Filter by object type or instance — e.g. "document:" or "document:budget-2025"
+  - page_size (optional): Max results per page (default: 50)
+
+Returns: Table of matching tuples.
+
+Use when:
+  "list all tuples for user alice"
+  "what permissions does team:engineering have?"
+  "show all owners of document:payroll"
+  "elenca i diritti dell'utente <id>"`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            user: z.string().optional().describe("Filter by subject (partial match ok)"),
+            relation: z.string().optional().describe("Filter by relation"),
+            object: z.string().optional().describe("Filter by object or object type prefix"),
+            page_size: z.number().int().min(1).max(100).default(50).describe("Max results (1-100)"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id, user, relation, object, page_size }) => handleError(async () => {
+        const params = new URLSearchParams();
+        if (user)
+            params.set("user", user);
+        if (relation)
+            params.set("relation", relation);
+        if (object)
+            params.set("object", object);
+        if (page_size)
+            params.set("page_size", String(page_size));
+        const path = getClient().orgPath(org_id, `/fga/read?${params.toString()}`);
+        const result = await getClient().get(path);
+        const tuples = (result.tuples ?? []).map((t) => ({
+            user: t.key.user,
+            relation: t.key.relation,
+            object: t.key.object,
+        }));
+        if (tuples.length === 0)
+            return "_No matching tuples found._";
+        const rows = tuples.map((t) => `| \`${t.user}\` | **${t.relation}** | \`${t.object}\` |`).join("\n");
+        return `| User | Relation | Object |\n| --- | --- | --- |\n${rows}`;
+    }));
+}
+//# sourceMappingURL=fga.js.map

package/dist/tools/fga.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fga.js","sourceRoot":"","sources":["../../src/tools/fga.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,MAAM,UAAU,gBAAgB,CAAC,MAAiB;IAChD,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,kBAAkB,EAClB;QACE,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE;;;;;;;;;;;;;;;8DAe2C;QACxD,WAAW,EAAE;YACX,MAAM,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACzD,IAAI,EAAM,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC;YACvF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC;YACvF,MAAM,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;SACtE;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,CAC3C,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CACnC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,EACzC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAC3B,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC;QAClE,OAAO,GAAG,OAAO,SAAS,IAAI,QAAQ,QAAQ,QAAQ,MAAM,mBAAmB,MAAM,CAAC,OAAO,IAAI,CAAC;IACpG,CAAC,CAAC,CACL,CAAC;IAEF,+EAA+E;IAC/E,MAAM,CAAC,YAAY,CACjB,wBAAwB,EACxB;QACE,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE;;;;;;;;;;;;;;;;;;qDAkBkC;QAC/C,WAAW,EAAE;YACX,MAAM,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACzD,IAAI,EAAM,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC;YACjE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;YAC5E,MAAM,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;YACrE,MAAM,EAAI,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,+DAA+D,CAAC;SAC/G;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACnF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,CACxD,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,IAAI,GAAG,GAAG;YACd,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE;YAC3C,CAAC,CAAC,EAAE,MAAM,EAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAE9C,MAAM,SAAS,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;QAExE,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3C,OAAO,sBAAsB,MAAM,OAAO,IAAI,QAAQ,QAAQ,QAAQ,MAAM,IAAI,CAAC;IACnF,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,wBAAwB,EACxB;QACE,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE;;;;;;;;;;;;;;;;;sCAiBmB;QAChC,WAAW,EAAE;YACX,MAAM,EAAK,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC1D,IAAI,EAAO,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;YACjF,QAAQ,EAAG,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YAC/D,MAAM,EAAK,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;YACnF,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;SACxF;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,CACtD,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,IAAI;YAAO,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACxC,IAAI,QAAQ;YAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAChD,IAAI,MAAM;YAAK,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC5C,IAAI,SAAS;YAAE,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAE1D,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CAAiF,IAAI,CAAC,CAAC;QAE3H,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;YAChB,QAAQ,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ;YACxB,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;SACrB,CAAC,CAAC,CAAC;QAEJ,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,6BAA6B,CAAC;QAE9D,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,QAAQ,UAAU,CAAC,CAAC,MAAM,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrG,OAAO,sDAAsD,IAAI,EAAE,CAAC;IACtE,CAAC,CAAC,CACL,CAAC;AACJ,CAAC"}

package/dist/tools/groups.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerGroupTools(server: McpServer): void;
+//# sourceMappingURL=groups.d.ts.map

package/dist/tools/groups.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.d.ts","sourceRoot":"","sources":["../../src/tools/groups.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAKpE,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAkM1D"}

package/dist/tools/groups.js

@@ -0,0 +1,135 @@
+import { z } from "zod";
+import { getClient } from "../client.js";
+import { handleError, mdTable } from "../helpers.js";
+export function registerGroupTools(server) {
+    server.registerTool("clavex_list_groups", {
+        title: "List Groups",
+        description: `List all groups in an organization.
+
+Returns: id, name, description, member_count.
+
+Use when: "show groups in org <id>", "what groups exist for acme?".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id }) => handleError(async () => {
+        const groups = await getClient().get(getClient().orgPath(org_id, "/groups"));
+        return mdTable(groups, ["id", "name", "description"]);
+    }));
+    server.registerTool("clavex_create_group", {
+        title: "Create Group",
+        description: `Create a new group in an organization.
+
+Args:
+  - org_id: Organization UUID
+  - name: Group name (e.g. "Admins", "Engineering")
+  - description (optional): Group description
+
+Returns: Created group JSON.
+
+Use when: "create group Admins in org <id>", "add a new security group".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            name: z.string().describe("Group name"),
+            description: z.string().optional().describe("Group description"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false },
+    }, async ({ org_id, name, description }) => handleError(async () => {
+        const group = await getClient().post(getClient().orgPath(org_id, "/groups"), { name, description });
+        return `Group created:\n\n${JSON.stringify(group, null, 2)}`;
+    }));
+    server.registerTool("clavex_list_group_members", {
+        title: "List Group Members",
+        description: `List all users who are members of a group.
+
+Returns: id, email, first_name, last_name of each member.
+
+Use when: "who is in the Admins group?", "list members of group <id>".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            group_id: z.string().uuid().describe("Group UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id, group_id }) => handleError(async () => {
+        const members = await getClient().get(getClient().orgPath(org_id, `/groups/${group_id}/members`));
+        return mdTable(members, ["id", "email", "first_name", "last_name"]);
+    }));
+    server.registerTool("clavex_add_group_member", {
+        title: "Add User to Group",
+        description: `Add a user to a group.
+
+Use when: "add Alice to the Admins group", "put user <user_id> in group <group_id>".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            group_id: z.string().uuid().describe("Group UUID"),
+            user_id: z.string().uuid().describe("User UUID to add"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true },
+    }, async ({ org_id, group_id, user_id }) => handleError(async () => {
+        await getClient().put(getClient().orgPath(org_id, `/groups/${group_id}/members/${user_id}`));
+        return `User ${user_id} added to group ${group_id}.`;
+    }));
+    server.registerTool("clavex_remove_group_member", {
+        title: "Remove User from Group",
+        description: `Remove a user from a group.
+
+Use when: "remove Alice from the Admins group", "revoke group membership for user <id>".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            group_id: z.string().uuid().describe("Group UUID"),
+            user_id: z.string().uuid().describe("User UUID to remove"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true },
+    }, async ({ org_id, group_id, user_id }) => handleError(async () => {
+        await getClient().del(getClient().orgPath(org_id, `/groups/${group_id}/members/${user_id}`));
+        return `User ${user_id} removed from group ${group_id}.`;
+    }));
+    // ── Roles ──────────────────────────────────────────────────────────────────
+    server.registerTool("clavex_list_roles", {
+        title: "List Roles",
+        description: `List all roles defined in an organization.
+
+Returns: id, name, description for each role.
+
+Use when: "what roles are available in org <id>?", "list permissions/roles".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id }) => handleError(async () => {
+        const roles = await getClient().get(getClient().orgPath(org_id, "/roles"));
+        return mdTable(roles, ["id", "name", "description"]);
+    }));
+    server.registerTool("clavex_assign_role", {
+        title: "Assign Role to User",
+        description: `Assign a role to a user in an organization.
+
+Use when: "give Alice the admin role", "assign role <id> to user <id>".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            role_id: z.string().uuid().describe("Role UUID"),
+            user_id: z.string().uuid().describe("User UUID"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true },
+    }, async ({ org_id, role_id, user_id }) => handleError(async () => {
+        await getClient().put(getClient().orgPath(org_id, `/roles/${role_id}/users/${user_id}`));
+        return `Role ${role_id} assigned to user ${user_id}.`;
+    }));
+    server.registerTool("clavex_unassign_role", {
+        title: "Revoke Role from User",
+        description: `Revoke a role from a user in an organization.
+
+Use when: "remove admin role from Alice", "revoke role <id> from user <id>".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            role_id: z.string().uuid().describe("Role UUID"),
+            user_id: z.string().uuid().describe("User UUID"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true },
+    }, async ({ org_id, role_id, user_id }) => handleError(async () => {
+        await getClient().del(getClient().orgPath(org_id, `/roles/${role_id}/users/${user_id}`));
+        return `Role ${role_id} revoked from user ${user_id}.`;
+    }));
+}
+//# sourceMappingURL=groups.js.map

package/dist/tools/groups.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.js","sourceRoot":"","sources":["../../src/tools/groups.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAErD,MAAM,UAAU,kBAAkB,CAAC,MAAiB;IAClD,MAAM,CAAC,YAAY,CACjB,oBAAoB,EACpB;QACE,KAAK,EAAE,aAAa;QACpB,WAAW,EAAE;;;;oEAIiD;QAC9D,WAAW,EAAE;YACX,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SACxD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CACnB,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CAClC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CACvC,CAAC;QACF,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,qBAAqB,EACrB;QACE,KAAK,EAAE,cAAc;QACrB,WAAW,EAAE;;;;;;;;;yEASsD;QACnE,WAAW,EAAE;YACX,MAAM,EAAO,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5D,IAAI,EAAS,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;YAC9C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SACjE;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACpF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,CACtC,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CAClC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,EACtC,EAAE,IAAI,EAAE,WAAW,EAAE,CACtB,CAAC;QACF,OAAO,qBAAqB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IAC/D,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,2BAA2B,EAC3B;QACE,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE;;;;uEAIoD;QACjE,WAAW,EAAE;YACX,MAAM,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACzD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;SACnD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC7B,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,OAAO,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CACnC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,QAAQ,UAAU,CAAC,CAC3D,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC,CAAC;IACtE,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,yBAAyB,EACzB;QACE,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE;;qFAEkE;QAC/E,WAAW,EAAE;YACX,MAAM,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACzD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;YAClD,OAAO,EAAG,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;SACzD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACnF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CACtC,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,SAAS,EAAE,CAAC,GAAG,CACnB,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,QAAQ,YAAY,OAAO,EAAE,CAAC,CACtE,CAAC;QACF,OAAO,QAAQ,OAAO,mBAAmB,QAAQ,GAAG,CAAC;IACvD,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,4BAA4B,EAC5B;QACE,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE;;yFAEsE;QACnF,WAAW,EAAE;YACX,MAAM,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACzD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;YAClD,OAAO,EAAG,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;SAC5D;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACnF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CACtC,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,SAAS,EAAE,CAAC,GAAG,CACnB,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,QAAQ,YAAY,OAAO,EAAE,CAAC,CACtE,CAAC;QACF,OAAO,QAAQ,OAAO,uBAAuB,QAAQ,GAAG,CAAC;IAC3D,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,KAAK,EAAE,YAAY;QACnB,WAAW,EAAE;;;;6EAI0D;QACvE,WAAW,EAAE;YACX,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SACxD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CACnB,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CACjC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CACtC,CAAC;QACF,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,oBAAoB,EACpB;QACE,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE;;wEAEqD;QAClE,WAAW,EAAE;YACX,MAAM,EAAG,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACxD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;YAChD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;SACjD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACnF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CACrC,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,SAAS,EAAE,CAAC,GAAG,CACnB,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,OAAO,UAAU,OAAO,EAAE,CAAC,CAClE,CAAC;QACF,OAAO,QAAQ,OAAO,qBAAqB,OAAO,GAAG,CAAC;IACxD,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE;;6EAE0D;QACvE,WAAW,EAAE;YACX,MAAM,EAAG,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACxD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;YAChD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;SACjD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACnF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CACrC,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,SAAS,EAAE,CAAC,GAAG,CACnB,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,OAAO,UAAU,OAAO,EAAE,CAAC,CAClE,CAAC;QACF,OAAO,QAAQ,OAAO,sBAAsB,OAAO,GAAG,CAAC;IACzD,CAAC,CAAC,CACL,CAAC;AACJ,CAAC"}

package/dist/tools/idps.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerIDPTools(server: McpServer): void;
+//# sourceMappingURL=idps.d.ts.map

package/dist/tools/idps.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"idps.d.ts","sourceRoot":"","sources":["../../src/tools/idps.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAKpE,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAmIxD"}

package/dist/tools/idps.js

@@ -0,0 +1,98 @@
+import { z } from "zod";
+import { getClient } from "../client.js";
+import { handleError, mdTable } from "../helpers.js";
+export function registerIDPTools(server) {
+    // ── List IdPs ──────────────────────────────────────────────────────────────
+    server.registerTool("clavex_list_idps", {
+        title: "List Identity Providers",
+        description: `List all external identity providers (OIDC federation, SAML, social) configured in an organization.
+
+Returns: id, provider_type, name, issuer, is_active.
+
+Use when: "what SSO providers does org <id> have?", "list identity providers for acme".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id }) => handleError(async () => {
+        const idps = await getClient().get(getClient().orgPath(org_id, "/identity-providers"));
+        return mdTable(idps, ["id", "provider_type", "name", "issuer", "is_active"]);
+    }));
+    // ── Get IdP ────────────────────────────────────────────────────────────────
+    server.registerTool("clavex_get_idp", {
+        title: "Get Identity Provider",
+        description: `Get full configuration details of an identity provider.
+
+Use when: "show IdP config for <id>", "what are the SAML settings for this org?".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            idp_id: z.string().uuid().describe("Identity Provider UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id, idp_id }) => handleError(async () => {
+        const idp = await getClient().get(getClient().orgPath(org_id, `/identity-providers/${idp_id}`));
+        return JSON.stringify(idp, null, 2);
+    }));
+    // ── Webhooks ───────────────────────────────────────────────────────────────
+    server.registerTool("clavex_list_webhooks", {
+        title: "List Webhooks",
+        description: `List all webhook endpoints registered in an organization.
+
+Returns: id, url, event_types, is_active.
+
+Use when: "show webhooks for org <id>", "what events does acme receive?".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id }) => handleError(async () => {
+        const hooks = await getClient().get(getClient().orgPath(org_id, "/webhooks"));
+        return mdTable(hooks, ["id", "url", "event_types", "is_active"]);
+    }));
+    server.registerTool("clavex_create_webhook", {
+        title: "Create Webhook",
+        description: `Register a webhook endpoint to receive Clavex identity events.
+
+Args:
+  - org_id: Organization UUID
+  - url: HTTPS endpoint that will receive webhook POSTs
+  - event_types: Array of event types to subscribe to. Common values:
+      "user.created", "user.updated", "user.deleted",
+      "session.created", "session.revoked",
+      "org.updated"
+  - description (optional): Label for the webhook
+
+Returns: Created webhook JSON with signing secret.
+IMPORTANT: Save the signing_secret — used to verify webhook signatures (HMAC-SHA256).
+
+Use when: "add a webhook to notify my app on user.created", "set up event delivery to <url>".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            url: z.string().url().describe("HTTPS endpoint URL"),
+            event_types: z.array(z.string()).describe('Events to subscribe to, e.g. ["user.created"]'),
+            description: z.string().optional().describe("Human-readable label"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false },
+    }, async ({ org_id, url, event_types, description }) => handleError(async () => {
+        const hook = await getClient().post(getClient().orgPath(org_id, "/webhooks"), { url, event_types, description });
+        const secret = hook.signing_secret
+            ? `\n\n⚠️  SAVE THIS SIGNING SECRET:\nsigning_secret: ${hook.signing_secret}`
+            : "";
+        return `Webhook created.${secret}\n\n${JSON.stringify(hook, null, 2)}`;
+    }));
+    server.registerTool("clavex_delete_webhook", {
+        title: "Delete Webhook",
+        description: `Delete a webhook endpoint. No more events will be delivered to its URL.
+
+Use when: "remove webhook <id>", "unsubscribe endpoint from events".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            webhook_id: z.string().uuid().describe("Webhook UUID"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: true, idempotentHint: true },
+    }, async ({ org_id, webhook_id }) => handleError(async () => {
+        await getClient().del(getClient().orgPath(org_id, `/webhooks/${webhook_id}`));
+        return `Webhook ${webhook_id} deleted.`;
+    }));
+}
+//# sourceMappingURL=idps.js.map

package/dist/tools/idps.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"idps.js","sourceRoot":"","sources":["../../src/tools/idps.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAErD,MAAM,UAAU,gBAAgB,CAAC,MAAiB;IAChD,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,kBAAkB,EAClB;QACE,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE;;;;wFAIqE;QAClF,WAAW,EAAE;YACX,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SACxD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CACnB,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,IAAI,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CAChC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,qBAAqB,CAAC,CACnD,CAAC;QACF,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,gBAAgB,EAChB;QACE,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE;;kFAE+D;QAC5E,WAAW,EAAE;YACX,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACvD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;SAC7D;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,CAC3B,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CAC/B,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,uBAAuB,MAAM,EAAE,CAAC,CAC7D,CAAC;QACF,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE;;;;0EAIuD;QACpE,WAAW,EAAE;YACX,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SACxD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CACnB,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CACjC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,CACzC,CAAC;QACF,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;IACnE,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,uBAAuB,EACvB;QACE,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE;;;;;;;;;;;;;;8FAc2E;QACxF,WAAW,EAAE;YACX,MAAM,EAAO,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5D,GAAG,EAAU,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YAC5D,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,+CAA+C,CAAC;YAC1F,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sBAAsB,CAAC;SACpE;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACpF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,EAAE,CAClD,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,IAAI,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CACjC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,EACxC,EAAE,GAAG,EAAE,WAAW,EAAE,WAAW,EAAE,CAClC,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc;YAChC,CAAC,CAAC,sDAAsD,IAAI,CAAC,cAAc,EAAE;YAC7E,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,mBAAmB,MAAM,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IACzE,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,uBAAuB,EACvB;QACE,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE;;qEAEkD;QAC/D,WAAW,EAAE;YACX,MAAM,EAAM,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC3D,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC;SACvD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE;KAClF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,CAC/B,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,SAAS,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,UAAU,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,WAAW,UAAU,WAAW,CAAC;IAC1C,CAAC,CAAC,CACL,CAAC;AACJ,CAAC"}

package/dist/tools/orgs.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerOrgTools(server: McpServer): void;
+//# sourceMappingURL=orgs.d.ts.map

package/dist/tools/orgs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"orgs.d.ts","sourceRoot":"","sources":["../../src/tools/orgs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAKpE,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAiHxD"}

package/dist/tools/orgs.js

@@ -0,0 +1,90 @@
+import { z } from "zod";
+import { getClient } from "../client.js";
+import { handleError, mdTable } from "../helpers.js";
+export function registerOrgTools(server) {
+    // ── List orgs ──────────────────────────────────────────────────────────────
+    server.registerTool("clavex_list_orgs", {
+        title: "List Organizations",
+        description: `List all organizations in the Clavex instance. Requires superadmin token.
+
+Returns a table with columns: id, slug, name, is_active, created_at.
+
+Use when: "show me all tenants", "list all orgs", "how many organizations are there".`,
+        inputSchema: {},
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async () => handleError(async () => {
+        const orgs = await getClient().get("/api/v1/organizations");
+        return mdTable(orgs, ["id", "slug", "name", "is_active", "created_at"]);
+    }));
+    // ── Get org ────────────────────────────────────────────────────────────────
+    server.registerTool("clavex_get_org", {
+        title: "Get Organization",
+        description: `Get details of a single organization by its UUID.
+
+Returns full JSON of the org object.
+
+Use when: "get org abc123", "show details of organization <id>".`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id }) => handleError(async () => {
+        const org = await getClient().get(`/api/v1/organizations/${org_id}`);
+        return JSON.stringify(org, null, 2);
+    }));
+    // ── Create org ─────────────────────────────────────────────────────────────
+    server.registerTool("clavex_create_org", {
+        title: "Create Organization",
+        description: `Create a new organization (tenant) in Clavex. Requires superadmin.
+
+Args:
+  - name (string): Display name for the organization
+  - slug (string): URL slug used in auth endpoints (e.g. "acme" → /acme/authorize). Must be unique, lowercase, alphanumeric+hyphens.
+  - domain (string, optional): Primary email domain for the org
+  - logo_url (string, optional): URL to the org logo
+
+Returns: Created organization JSON.
+
+Use when: "create a new tenant for ACME", "add organization example.com".`,
+        inputSchema: {
+            name: z.string().min(2).describe("Display name for the organization"),
+            slug: z.string().regex(/^[a-z0-9-]+$/).describe("URL slug (lowercase, alphanumeric + hyphens)"),
+            domain: z.string().optional().describe("Primary email domain, e.g. acme.com"),
+            logo_url: z.string().url().optional().describe("URL to the organization logo"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false },
+    }, async ({ name, slug, domain, logo_url }) => handleError(async () => {
+        const org = await getClient().post("/api/v1/organizations", {
+            name, slug, domain, logo_url,
+        });
+        return `Organization created:\n\n${JSON.stringify(org, null, 2)}`;
+    }));
+    // ── Update org ─────────────────────────────────────────────────────────────
+    server.registerTool("clavex_update_org", {
+        title: "Update Organization",
+        description: `Update an organization's settings. All fields are optional (PATCH semantics).
+
+Args:
+  - org_id (string): Organization UUID
+  - name (string, optional): New display name
+  - domain (string, optional): New primary domain
+  - logo_url (string, optional): New logo URL
+  - is_active (boolean, optional): Enable or disable the organization
+
+Returns: Updated organization JSON.`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            name: z.string().optional().describe("New display name"),
+            domain: z.string().optional().describe("New primary domain"),
+            logo_url: z.string().url().optional().describe("New logo URL"),
+            is_active: z.boolean().optional().describe("Enable or disable the org"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true },
+    }, async ({ org_id, ...updates }) => handleError(async () => {
+        // Remove undefined values
+        const body = Object.fromEntries(Object.entries(updates).filter(([, v]) => v !== undefined));
+        const org = await getClient().patch(`/api/v1/organizations/${org_id}`, body);
+        return `Organization updated:\n\n${JSON.stringify(org, null, 2)}`;
+    }));
+}
+//# sourceMappingURL=orgs.js.map

package/dist/tools/orgs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"orgs.js","sourceRoot":"","sources":["../../src/tools/orgs.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAErD,MAAM,UAAU,gBAAgB,CAAC,MAAiB;IAChD,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,kBAAkB,EAClB;QACE,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE;;;;sFAImE;QAChF,WAAW,EAAE,EAAE;QACf,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,IAAI,EAAE,CACT,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,IAAI,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CAAiC,uBAAuB,CAAC,CAAC;QAC5F,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;IAC1E,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,gBAAgB,EAChB;QACE,KAAK,EAAE,kBAAkB;QACzB,WAAW,EAAE;;;;iEAI8C;QAC3D,WAAW,EAAE;YACX,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SACxD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CACnB,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CAA0B,yBAAyB,MAAM,EAAE,CAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE;;;;;;;;;;0EAUuD;QACpE,WAAW,EAAE;YACX,IAAI,EAAM,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;YACzE,IAAI,EAAM,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,8CAA8C,CAAC;YACnG,MAAM,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;YAC/E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;SAC/E;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACpF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,CACzC,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CAA0B,uBAAuB,EAAE;YACnF,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ;SAC7B,CAAC,CAAC;QACH,OAAO,4BAA4B,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IACpE,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE;;;;;;;;;oCASiB;QAC9B,WAAW,EAAE;YACX,MAAM,EAAK,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC1D,IAAI,EAAO,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC7D,MAAM,EAAK,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YAC/D,QAAQ,EAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC;YAC/D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;SACxE;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACnF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,CAC/B,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,0BAA0B;QAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAC7B,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAC3D,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC,KAAK,CACjC,yBAAyB,MAAM,EAAE,EACjC,IAAI,CACL,CAAC;QACF,OAAO,4BAA4B,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IACpE,CAAC,CAAC,CACL,CAAC;AACJ,CAAC"}

package/dist/tools/pam.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerPAMTools(server: McpServer): void;
+//# sourceMappingURL=pam.d.ts.map

package/dist/tools/pam.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pam.d.ts","sourceRoot":"","sources":["../../src/tools/pam.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAKpE,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAuRxD"}