@directus/api 29.1.1 → 31.0.0

package/dist/mcp/tools/schema.js

@@ -0,0 +1,317 @@
+import { z } from 'zod';
+import { CollectionsService } from '../../services/collections.js';
+import { FieldsService } from '../../services/fields.js';
+import { RelationsService } from '../../services/relations.js';
+import { defineTool } from '../define.js';
+import prompts from './prompts/index.js';
+export const SchemaValidateSchema = z.strictObject({
+    keys: z.array(z.string()).optional(),
+});
+export const SchemaInputSchema = z.object({
+    keys: z
+        .array(z.string())
+        .optional()
+        .describe('Collection names to get detailed schema for. If omitted, returns a lightweight list of all collections.'),
+});
+export const schema = defineTool({
+    name: 'schema',
+    description: prompts.schema,
+    annotations: {
+        title: 'Directus - Schema',
+    },
+    inputSchema: SchemaInputSchema,
+    validateSchema: SchemaValidateSchema,
+    async handler({ args, accountability, schema }) {
+        const serviceOptions = {
+            schema,
+            accountability,
+        };
+        const collectionsService = new CollectionsService(serviceOptions);
+        const collections = await collectionsService.readByQuery();
+        // If no keys provided, return lightweight collection list
+        if (!args.keys || args.keys.length === 0) {
+            const lightweightOverview = {
+                collections: [],
+                collection_folders: [],
+                notes: {},
+            };
+            collections.forEach((collection) => {
+                // Separate folders from real collections
+                if (!collection.schema) {
+                    lightweightOverview.collection_folders.push(collection.collection);
+                }
+                else {
+                    lightweightOverview.collections.push(collection.collection);
+                }
+                // Extract note if exists (for both collections and folders)
+                if (collection.meta?.note && !collection.meta.note.startsWith('$t')) {
+                    lightweightOverview.notes[collection.collection] = collection.meta.note;
+                }
+            });
+            return {
+                type: 'text',
+                data: lightweightOverview,
+            };
+        }
+        // If keys provided, return detailed schema for requested collections
+        const overview = {};
+        const fieldsService = new FieldsService(serviceOptions);
+        const fields = await fieldsService.readAll();
+        const relationsService = new RelationsService(serviceOptions);
+        const relations = await relationsService.readAll();
+        const snapshot = {
+            collections,
+            fields,
+            relations,
+        };
+        fields.forEach((field) => {
+            // Skip collections not requested
+            if (!args.keys?.includes(field.collection))
+                return;
+            // Skip UI-only fields
+            if (field.type === 'alias' && field.meta?.special?.includes('no-data'))
+                return;
+            if (!overview[field.collection]) {
+                overview[field.collection] = {};
+            }
+            const fieldOverview = {
+                type: field.type,
+            };
+            if (field.schema?.is_primary_key) {
+                fieldOverview.primary_key = field.schema?.is_primary_key;
+            }
+            if (field.meta?.required) {
+                fieldOverview.required = field.meta.required;
+            }
+            if (field.meta?.readonly) {
+                fieldOverview.readonly = field.meta.readonly;
+            }
+            if (field.meta?.note) {
+                fieldOverview.note = field.meta.note;
+            }
+            if (field.meta?.interface) {
+                fieldOverview.interface = {
+                    type: field.meta.interface,
+                };
+                if (field.meta.options?.['choices']) {
+                    fieldOverview.interface.choices = field.meta.options['choices'].map(
+                    // Only return the value of the choice to reduce size and potential for confusion.
+                    (choice) => choice.value);
+                }
+            }
+            // Process nested fields for JSON fields with options.fields (like repeaters)
+            if (field.type === 'json' && field.meta?.options?.['fields']) {
+                const nestedFields = field.meta.options['fields'];
+                fieldOverview.fields = processNestedFields({
+                    fields: nestedFields,
+                    maxDepth: 5,
+                    currentDepth: 0,
+                    snapshot,
+                });
+            }
+            // Handle collection-item-dropdown interface
+            if (field.type === 'json' && field.meta?.interface === 'collection-item-dropdown') {
+                fieldOverview.fields = processCollectionItemDropdown({
+                    field,
+                    snapshot,
+                });
+            }
+            // Handle relationships
+            if (field.meta?.special) {
+                const relationshipType = getRelationType(field.meta.special);
+                if (relationshipType) {
+                    fieldOverview.relation = buildRelationInfo(field, relationshipType, snapshot);
+                }
+            }
+            overview[field.collection][field.field] = fieldOverview;
+        });
+        return {
+            type: 'text',
+            data: overview,
+        };
+    },
+});
+// Helpers
+function processNestedFields(options) {
+    const { fields, maxDepth = 5, currentDepth = 0, snapshot } = options;
+    const result = {};
+    if (currentDepth >= maxDepth) {
+        return result;
+    }
+    if (!Array.isArray(fields)) {
+        return result;
+    }
+    for (const field of fields) {
+        const fieldKey = field.field || field.name;
+        if (!fieldKey)
+            continue;
+        const fieldOverview = {
+            type: field.type ?? 'any',
+        };
+        if (field.meta) {
+            const { required, readonly, note, interface: interfaceConfig, options } = field.meta;
+            if (required)
+                fieldOverview.required = required;
+            if (readonly)
+                fieldOverview.readonly = readonly;
+            if (note)
+                fieldOverview.note = note;
+            if (interfaceConfig) {
+                fieldOverview.interface = { type: interfaceConfig };
+                if (options?.choices) {
+                    fieldOverview.interface.choices = options.choices;
+                }
+            }
+        }
+        // Handle nested fields recursively
+        const nestedFields = field.meta?.options?.fields || field.options?.fields;
+        if (field.type === 'json' && nestedFields) {
+            fieldOverview.fields = processNestedFields({
+                fields: nestedFields,
+                maxDepth,
+                currentDepth: currentDepth + 1,
+                snapshot,
+            });
+        }
+        // Handle collection-item-dropdown interface
+        if (field.type === 'json' && field.meta?.interface === 'collection-item-dropdown') {
+            fieldOverview.fields = processCollectionItemDropdown({
+                field,
+                snapshot,
+            });
+        }
+        result[fieldKey] = fieldOverview;
+    }
+    return result;
+}
+function processCollectionItemDropdown(options) {
+    const { field, snapshot } = options;
+    const selectedCollection = field.meta?.options?.['selectedCollection'];
+    let keyType = 'string | number | uuid';
+    // Find the primary key type for the selected collection
+    if (selectedCollection && snapshot?.fields) {
+        const primaryKeyField = snapshot.fields.find((f) => f.collection === selectedCollection && f.schema?.is_primary_key);
+        if (primaryKeyField) {
+            keyType = primaryKeyField.type;
+        }
+    }
+    return {
+        collection: {
+            value: selectedCollection,
+            type: 'string',
+        },
+        key: {
+            type: keyType,
+        },
+    };
+}
+function getRelationType(special) {
+    if (special.includes('m2o') || special.includes('file'))
+        return 'm2o';
+    if (special.includes('o2m'))
+        return 'o2m';
+    if (special.includes('m2m') || special.includes('files'))
+        return 'm2m';
+    if (special.includes('m2a'))
+        return 'm2a';
+    return null;
+}
+function buildRelationInfo(field, type, snapshot) {
+    switch (type) {
+        case 'm2o':
+            return buildManyToOneRelation(field, snapshot);
+        case 'o2m':
+            return buildOneToManyRelation(field, snapshot);
+        case 'm2m':
+            return buildManyToManyRelation(field, snapshot);
+        case 'm2a':
+            return buildManyToAnyRelation(field, snapshot);
+        default:
+            return { type };
+    }
+}
+function buildManyToOneRelation(field, snapshot) {
+    // For M2O, the relation is directly on this field
+    const relation = snapshot.relations.find((r) => r.collection === field.collection && r.field === field.field);
+    // The target collection is either in related_collection or foreign_key_table
+    const targetCollection = relation?.related_collection || relation?.schema?.foreign_key_table || field.schema?.foreign_key_table;
+    return {
+        type: 'm2o',
+        collection: targetCollection,
+    };
+}
+function buildOneToManyRelation(field, snapshot) {
+    // For O2M, we need to find the relation that points BACK to this field
+    // The relation will have this field stored in meta.one_field
+    const reverseRelation = snapshot.relations.find((r) => r.meta?.one_collection === field.collection && r.meta?.one_field === field.field);
+    if (!reverseRelation) {
+        return { type: 'o2m' };
+    }
+    return {
+        type: 'o2m',
+        collection: reverseRelation.collection,
+        many_field: reverseRelation.field,
+    };
+}
+function buildManyToManyRelation(field, snapshot) {
+    // Find the junction table relation that references this field
+    // This relation will have our field as meta.one_field
+    const junctionRelation = snapshot.relations.find((r) => r.meta?.one_field === field.field &&
+        r.meta?.one_collection === field.collection &&
+        r.collection !== field.collection);
+    if (!junctionRelation) {
+        return { type: 'm2m' };
+    }
+    // Find the other side of the junction (pointing to the target collection)
+    // This is stored in meta.junction_field
+    const targetRelation = snapshot.relations.find((r) => r.collection === junctionRelation.collection && r.field === junctionRelation.meta?.junction_field);
+    const targetCollection = targetRelation?.related_collection || 'directus_files';
+    const result = {
+        type: 'm2m',
+        collection: targetCollection,
+        junction: {
+            collection: junctionRelation.collection,
+            many_field: junctionRelation.field,
+            junction_field: junctionRelation.meta?.junction_field,
+        },
+    };
+    if (junctionRelation.meta?.sort_field) {
+        result.junction.sort_field = junctionRelation.meta.sort_field;
+    }
+    return result;
+}
+function buildManyToAnyRelation(field, snapshot) {
+    // Find the junction table relation that references this field
+    // This relation will have our field as meta.one_field
+    const junctionRelation = snapshot.relations.find((r) => r.meta?.one_field === field.field && r.meta?.one_collection === field.collection);
+    if (!junctionRelation) {
+        return { type: 'm2a' };
+    }
+    // Find the polymorphic relation in the junction table
+    // This relation will have one_allowed_collections set
+    const polymorphicRelation = snapshot.relations.find((r) => r.collection === junctionRelation.collection &&
+        r.meta?.one_allowed_collections &&
+        r.meta.one_allowed_collections.length > 0);
+    if (!polymorphicRelation) {
+        return { type: 'm2a' };
+    }
+    // Find the relation back to our parent collection
+    const parentRelation = snapshot.relations.find((r) => r.collection === junctionRelation.collection &&
+        r.related_collection === field.collection &&
+        r.field !== polymorphicRelation.field);
+    const result = {
+        type: 'm2a',
+        one_allowed_collections: polymorphicRelation.meta?.one_allowed_collections,
+        junction: {
+            collection: junctionRelation.collection,
+            many_field: parentRelation?.field || `${field.collection}_id`,
+            junction_field: polymorphicRelation.field,
+            one_collection_field: polymorphicRelation.meta?.one_collection_field || 'collection',
+        },
+    };
+    const sortField = parentRelation?.meta?.sort_field || polymorphicRelation.meta?.sort_field;
+    if (sortField) {
+        result.junction.sort_field = sortField;
+    }
+    return result;
+}

package/dist/mcp/tools/system.d.ts

@@ -0,0 +1,3 @@
+export declare const system: import("../types.js").ToolConfig<{
+    promptOverride?: string | null | undefined;
+}>;

package/dist/mcp/tools/system.js

@@ -0,0 +1,22 @@
+import { z } from 'zod';
+import { defineTool } from '../define.js';
+import prompts from './prompts/index.js';
+const SystemPromptInputSchema = z.object({});
+const SystemPromptValidateSchema = z.object({
+    promptOverride: z.union([z.string(), z.null()]).optional(),
+});
+export const system = defineTool({
+    name: 'system-prompt',
+    description: prompts.systemPromptDescription,
+    annotations: {
+        title: 'Directus - System Prompt',
+    },
+    inputSchema: SystemPromptInputSchema,
+    validateSchema: SystemPromptValidateSchema,
+    async handler({ args }) {
+        return {
+            type: 'text',
+            data: args.promptOverride || prompts.systemPrompt,
+        };
+    },
+});

package/dist/mcp/tools/trigger-flow.d.ts

@@ -0,0 +1,8 @@
+export declare const triggerFlow: import("../types.js").ToolConfig<{
+    id: string | number;
+    collection: string;
+    keys?: (string | number)[] | undefined;
+    query?: Record<string, any> | undefined;
+    headers?: Record<string, any> | undefined;
+    data?: Record<string, any> | undefined;
+}>;

package/dist/mcp/tools/trigger-flow.js

@@ -0,0 +1,48 @@
+import { InvalidPayloadError } from '@directus/errors';
+import { z } from 'zod';
+import { getFlowManager } from '../../flows.js';
+import { FlowsService } from '../../services/flows.js';
+import { defineTool } from '../define.js';
+import { TriggerFlowInputSchema, TriggerFlowValidateSchema } from '../schema.js';
+import prompts from './prompts/index.js';
+export const triggerFlow = defineTool({
+    name: 'trigger-flow',
+    description: prompts.triggerFlow,
+    annotations: {
+        title: 'Directus - Trigger Flow',
+    },
+    inputSchema: TriggerFlowInputSchema,
+    validateSchema: TriggerFlowValidateSchema,
+    async handler({ args, schema, accountability }) {
+        const flowsService = new FlowsService({ schema, accountability });
+        const flow = await flowsService.readOne(args.id, {
+            filter: { status: { _eq: 'active' }, trigger: { _eq: 'manual' } },
+            fields: ['options'],
+        });
+        /**
+         * Collection and Required selection are validated by the server.
+         * Required fields is an additional validation we do.
+         */
+        const requiredFields = (flow.options?.['fields'] ?? [])
+            .filter((field) => field.meta?.required)
+            .map((field) => field.field);
+        for (const fieldName of requiredFields) {
+            if (!args.data || !(fieldName in args.data)) {
+                throw new InvalidPayloadError({ reason: `Required field "${fieldName}" is missing` });
+            }
+        }
+        const flowManager = getFlowManager();
+        const { result } = await flowManager.runWebhookFlow(`POST-${args.id}`, {
+            path: `/trigger/${args.id}`,
+            query: args.query ?? {},
+            method: 'POST',
+            body: {
+                collection: args.collection,
+                keys: args.keys,
+                ...(args.data ?? {}),
+            },
+            headers: args.headers ?? {},
+        }, { accountability, schema });
+        return { type: 'text', data: result };
+    },
+});

package/dist/mcp/transport.d.ts

@@ -0,0 +1,13 @@
+import type { Transport } from '@modelcontextprotocol/sdk/shared/transport.js';
+import type { JSONRPCMessage, MessageExtraInfo } from '@modelcontextprotocol/sdk/types.js';
+import type { Response } from 'express';
+export declare class DirectusTransport implements Transport {
+    res: Response;
+    onerror?: (error: Error) => void;
+    onmessage?: (message: JSONRPCMessage, extra?: MessageExtraInfo) => void;
+    onclose?: () => void;
+    constructor(res: Response);
+    start(): Promise<void>;
+    send(message: JSONRPCMessage): Promise<void>;
+    close(): Promise<void>;
+}

package/dist/mcp/transport.js

@@ -0,0 +1,18 @@
+export class DirectusTransport {
+    res;
+    onerror;
+    onmessage;
+    onclose;
+    constructor(res) {
+        this.res = res;
+    }
+    async start() {
+        return;
+    }
+    async send(message) {
+        this.res.json(message);
+    }
+    async close() {
+        return;
+    }
+}

package/dist/mcp/types.d.ts

@@ -0,0 +1,56 @@
+import type { Accountability, Query, SchemaOverview } from '@directus/types';
+import type { ToolAnnotations } from '@modelcontextprotocol/sdk/types.js';
+import type { ZodType } from 'zod';
+export type ToolResultBase = {
+    type?: 'text' | 'image' | 'audio';
+    url?: string | undefined;
+};
+export type TextToolResult = ToolResultBase & {
+    type: 'text';
+    data: unknown;
+};
+export type AssetToolResult = ToolResultBase & {
+    type: 'image' | 'audio';
+    data: string;
+    mimeType: string;
+};
+export type ToolResult = TextToolResult | AssetToolResult;
+export type ToolHandler<T> = {
+    (options: {
+        args: T;
+        sanitizedQuery: Query;
+        schema: SchemaOverview;
+        accountability: Accountability | undefined;
+    }): Promise<ToolResult | undefined>;
+};
+export type ToolEndpoint<T> = {
+    (options: {
+        input: T;
+        data: unknown;
+    }): string[] | undefined;
+};
+export interface ToolConfig<T> {
+    name: string;
+    description: string;
+    endpoint?: ToolEndpoint<T>;
+    admin?: boolean;
+    inputSchema: ZodType<any>;
+    validateSchema?: ZodType<T>;
+    annotations?: ToolAnnotations;
+    handler: ToolHandler<T>;
+}
+export interface Prompt {
+    name: string;
+    system_prompt?: string | null;
+    description?: string;
+    messages: {
+        role: 'user' | 'assistant';
+        text: string;
+    }[];
+}
+export interface MCPOptions {
+    promptsCollection?: string;
+    allowDeletes?: boolean;
+    systemPromptEnabled?: boolean;
+    systemPrompt?: string | null;
+}

package/dist/mcp/types.js

@@ -0,0 +1 @@
+export {};

package/dist/middleware/respond.js

@@ -10,7 +10,7 @@ import { getCacheKey } from '../utils/get-cache-key.js';
 import { getDateFormatted } from '../utils/get-date-formatted.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { stringByteSize } from '../utils/get-string-byte-size.js';
-import { permissionsCachable } from '../utils/permissions-cachable.js';
+import { permissionsCacheable } from '../utils/permissions-cacheable.js';
 export const respond = asyncHandler(async (req, res) => {
     const env = useEnv();
     const logger = useLogger();
@@ -29,7 +29,7 @@ export const respond = asyncHandler(async (req, res) => {
         !req.sanitizedQuery.export &&
         res.locals['cache'] !== false &&
         exceedsMaxSize === false &&
-        (await permissionsCachable(req.collection, {
+        (await permissionsCacheable(req.collection, {
             knex: getDatabase(),
             schema: req.schema,
         }, req.accountability))) {

package/dist/services/authentication.js

@@ -15,6 +15,7 @@ import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { getSecret } from '../utils/get-secret.js';
 import { stall } from '../utils/stall.js';
 import { ActivityService } from './activity.js';
+import { RevisionsService } from './revisions.js';
 import { SettingsService } from './settings.js';
 import { TFAService } from './tfa.js';
 const env = useEnv();
@@ -96,6 +97,25 @@ export class AuthenticationService {
                 if (error instanceof RateLimiterRes && error.remainingPoints === 0) {
                     await this.knex('directus_users').update({ status: 'suspended' }).where({ id: user.id });
                     user.status = 'suspended';
+                    if (this.accountability) {
+                        const activity = await this.activityService.createOne({
+                            action: Action.UPDATE,
+                            user: user.id,
+                            ip: this.accountability.ip,
+                            user_agent: this.accountability.userAgent,
+                            origin: this.accountability.origin,
+                            collection: 'directus_users',
+                            item: user.id,
+                        });
+                        const revisionsService = new RevisionsService({ knex: this.knex, schema: this.schema });
+                        await revisionsService.createOne({
+                            activity: activity,
+                            collection: 'directus_users',
+                            item: user.id,
+                            data: user,
+                            delta: { status: 'suspended' },
+                        });
+                    }
                     // This means that new attempts after the user has been re-activated will be accepted
                     await loginAttemptsLimiter.set(user.id, 0, 0);
                 }
@@ -137,6 +157,22 @@ export class AuthenticationService {
             app_access: globalAccess.app,
             admin_access: globalAccess.admin,
         };
+        // Add role-based enforcement to token payload for users who need to set up 2FA
+        if (!user.tfa_secret) {
+            // Check if user has role-based enforcement
+            const roleEnforcement = await this.knex
+                .select('directus_policies.enforce_tfa')
+                .from('directus_users')
+                .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
+                .leftJoin('directus_access', 'directus_roles.id', 'directus_access.role')
+                .leftJoin('directus_policies', 'directus_access.policy', 'directus_policies.id')
+                .where('directus_users.id', user.id)
+                .where('directus_policies.enforce_tfa', true)
+                .first();
+            if (roleEnforcement) {
+                tokenPayload.enforce_tfa = true;
+            }
+        }
         const refreshToken = nanoid(64);
         const refreshTokenExpiration = new Date(Date.now() + getMilliseconds(env['REFRESH_TOKEN_TTL'], 0));
         if (options?.session) {

package/dist/services/fields.js

@@ -339,7 +339,7 @@ export class FieldsService {
                 await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
             }
             if (opts?.emitEvents !== false && nestedActionEvents.length > 0) {
-                const updatedSchema = await getSchema();
+                const updatedSchema = await getSchema({ database: this.knex });
                 for (const nestedActionEvent of nestedActionEvents) {
                     nestedActionEvent.context.schema = updatedSchema;
                     emitter.emitAction(nestedActionEvent.event, nestedActionEvent.meta, nestedActionEvent.context);
@@ -451,7 +451,7 @@ export class FieldsService {
                 await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
             }
             if (opts?.emitEvents !== false && nestedActionEvents.length > 0) {
-                const updatedSchema = await getSchema();
+                const updatedSchema = await getSchema({ database: this.knex });
                 for (const nestedActionEvent of nestedActionEvents) {
                     nestedActionEvent.context.schema = updatedSchema;
                     emitter.emitAction(nestedActionEvent.event, nestedActionEvent.meta, nestedActionEvent.context);
@@ -480,7 +480,7 @@ export class FieldsService {
                 await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
             }
             if (opts?.emitEvents !== false && nestedActionEvents.length > 0) {
-                const updatedSchema = await getSchema();
+                const updatedSchema = await getSchema({ database: this.knex });
                 for (const nestedActionEvent of nestedActionEvents) {
                     nestedActionEvent.context.schema = updatedSchema;
                     emitter.emitAction(nestedActionEvent.event, nestedActionEvent.meta, nestedActionEvent.context);
@@ -621,7 +621,7 @@ export class FieldsService {
                 await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
             }
             if (opts?.emitEvents !== false && nestedActionEvents.length > 0) {
-                const updatedSchema = await getSchema();
+                const updatedSchema = await getSchema({ database: this.knex });
                 for (const nestedActionEvent of nestedActionEvents) {
                     nestedActionEvent.context.schema = updatedSchema;
                     emitter.emitAction(nestedActionEvent.event, nestedActionEvent.meta, nestedActionEvent.context);

package/dist/services/graphql/index.d.ts

@@ -1,4 +1,4 @@
-import type { AbstractServiceOptions, Accountability, GraphQLParams, GQLScope, Item, Query, SchemaOverview } from '@directus/types';
+import type { AbstractServiceOptions, Accountability, GraphQLParams, GQLScope, Item, Query, SchemaOverview, PrimaryKey } from '@directus/types';
 import type { FormattedExecutionResult, GraphQLSchema } from 'graphql';
 import type { Knex } from 'knex';
 export declare class GraphQLService {
@@ -22,7 +22,7 @@ export declare class GraphQLService {
     /**
      * Execute the read action on the correct service. Checks for singleton as well.
      */
-    read(collection: string, query: Query): Promise<Partial<Item>>;
+    read(collection: string, query: Query, id?: PrimaryKey): Promise<Partial<Item>>;
     /**
      * Upsert and read singleton item
      */

package/dist/services/graphql/index.js

@@ -61,16 +61,17 @@ export class GraphQLService {
     /**
      * Execute the read action on the correct service. Checks for singleton as well.
      */
-    async read(collection, query) {
+    async read(collection, query, id) {
         const service = getService(collection, {
             knex: this.knex,
             accountability: this.accountability,
             schema: this.schema,
         });
-        const result = this.schema.collections[collection].singleton
-            ? await service.readSingleton(query, { stripNonRequested: false })
-            : await service.readByQuery(query, { stripNonRequested: false });
-        return result;
+        if (this.schema.collections[collection].singleton)
+            return await service.readSingleton(query, { stripNonRequested: false });
+        if (id)
+            return await service.readOne(id, query, { stripNonRequested: false });
+        return await service.readByQuery(query, { stripNonRequested: false });
     }
     /**
      * Upsert and read singleton item