npm - @enfyra/mcp-server - Versions diffs - 0.0.107 → 0.0.108 - Mend

@enfyra/mcp-server 0.0.107 → 0.0.108

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +1 -1
package/package.json +1 -1
package/src/lib/mcp-instructions.js +1 -1
package/src/lib/mutation-guards.js +1 -1
package/src/lib/platform-operation-tools.js +0 -16
package/src/lib/table-tools.js +2 -47
package/src/mcp-server-entry.mjs +0 -199

package/README.md CHANGED Viewed

@@ -231,7 +231,7 @@ Do not create custom login/logout/me routes that manually set Enfyra token cooki
 The MCP server exposes tools for metadata discovery, examples, query/CRUD, method management, route lifecycle, route access audit/grant, routes, handlers, hooks, tables, columns, relations, cache reloads, logs, users, roles, packages, menus, extensions, scripts, flows, websocket, files, and `get_enfyra_api_context`.
-Routes have two separate controls. `isEnabled` controls runtime registration: disabled routes return `404`. Use `enable_route` and `disable_route` for this lifecycle. `publicMethods` controls anonymous access for enabled routes; use `public_route_methods`, `set_public_route_methods`, and `private_route_methods` for that access boundary.
+Routes have two separate controls. `isEnabled` controls runtime registration: disabled routes return `404`. Use `enable_route` and `disable_route` for this lifecycle. `publicMethods` controls anonymous access for enabled routes; use `public_route_methods` and `private_route_methods` for that access boundary.
 For authenticated route access, use `audit_route_access` before changing permissions and `ensure_route_access` to grant access by route path plus role/user. For production script edits, use `trace_metadata_usage`, `get_script_source`, and `patch_script_source` so changes are targeted, hash-checked, and validated.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@enfyra/mcp-server",
-  "version": "0.0.107",
+  "version": "0.0.108",
   "description": "MCP server for Enfyra - manage Enfyra instances from MCP-compatible coding tools",
   "type": "module",
   "license": "MIT",

package/src/lib/mcp-instructions.js CHANGED Viewed

@@ -36,7 +36,7 @@ export function buildMcpServerInstructions(apiBaseUrl) {
     '',
     '### Core Contracts',
     '- Tool JSON responses use `responseFormat: "json+columnar-v1"`. Large arrays of objects may be encoded as `{ format: "columnar-v1", columns: [...], rows: [[...]], rowCount }` only when that is smaller than raw JSON; read each row value by matching `columns[index]` to `rows[n][index]`. Do not guess object keys inside `rows`. `compressionStats` estimates token savings and includes whether compression was applied; use it only when the user asks about savings.',
-    '- `query_table` and `get_all_routes` require explicit intent: pass `limit` for bounded reads or `all: true` for a complete list. Do not invent arbitrary limits such as 30 or 50.',
+    '- `query_table`, `get_all_routes`, and `get_all_tables` require explicit intent: pass `limit` for bounded reads or `all: true` for a complete list. Do not invent arbitrary limits such as 30 or 50.',
     '- Read tools are minimal by default. Pass explicit `fields`; use metadata inspection before guessing field/relation names. Field exclusion mode exists: `fields=-compiledCode`, and `fields=id,-compiledCode` still means all readable fields except `compiledCode`.',
     '- Mutations return ids/status by default. Re-read with `find_one_record` or `query_table` and explicit `fields` when the saved row matters.',
     '- Dynamic repository reads use `filter`, not `where`: `@REPOS.table.find({ filter: {...} })`, `#table.find({ filter: {...} })`, and `exists(filter)`.',

package/src/lib/mutation-guards.js CHANGED Viewed

@@ -72,7 +72,7 @@ export function rejectUnsafeRelationDefinitionPayload(tableName, payload) {
   if (forbidden.length > 0) {
     throw new Error(
       `Do not send physical FK/junction fields to enfyra_relation: ${forbidden.join(', ')}. ` +
-      'Use create_relation/add_relation with targetTable/type/propertyName; Enfyra derives physical columns.'
+      'Use create_relation with targetTable/type/propertyName; Enfyra derives physical columns.'
     );
   }
 }

package/src/lib/platform-operation-tools.js CHANGED Viewed

@@ -1047,22 +1047,6 @@ export function registerPlatformOperationTools(server, ENFYRA_API_URL) {
     })),
   );
-  server.tool(
-    'set_public_route_methods',
-    'Business operation: replace a route publicMethods list exactly.',
-    {
-      path: z.string().optional().describe('Route path, e.g. /sum. Use either path or routeId.'),
-      routeId: z.union([z.string(), z.number()]).optional().describe('Route id. Use either path or routeId.'),
-      methods: z.array(z.string()).describe('Exact HTTP method names that should be public. Use an empty array to make all methods private.'),
-    },
-    async ({ path, routeId, methods }) => jsonText(await updateRoutePublicMethods(ENFYRA_API_URL, {
-      path,
-      routeId,
-      methods,
-      mode: 'replace',
-    })),
-  );
   server.tool(
     'private_route_methods',
     'Business operation: make specific public route methods private again.',

package/src/lib/table-tools.js CHANGED Viewed

@@ -381,7 +381,7 @@ export function registerTableTools(server, ENFYRA_API_URL) {
           targetColumn: target,
           preservedColumnIds: beforeIds.filter((id) => id !== String(columnId)),
           destructive: true,
-          next: 'Call delete_column/remove_column again with confirm=true to drop the physical column and metadata.',
+          next: 'Call delete_column again with confirm=true to drop the physical column and metadata.',
         }, null, 2) }],
       };
     }
@@ -423,7 +423,7 @@ export function registerTableTools(server, ENFYRA_API_URL) {
           targetRelation: target,
           preservedRelationIds: beforeIds.filter((id) => id !== String(relationId)),
           destructive: true,
-          next: 'Call delete_relation/remove_relation again with confirm=true to drop relation metadata and any derived FK/junction structures.',
+          next: 'Call delete_relation again with confirm=true to drop relation metadata and any derived FK/junction structures.',
         }, null, 2) }],
       };
     }
@@ -699,18 +699,6 @@ export function registerTableTools(server, ENFYRA_API_URL) {
     appendColumnToTable
   );
-  server.tool(
-    'add_column',
-    [
-      'Alias for create_column. Add a column to an existing table through the canonical enfyra_table cascade.',
-      'Use this for schema additions, including hidden secret fields with isPublished=false.',
-      'Reads full table metadata and skips non-persisted generated/derived column metadata without id/_id when rebuilding the table columns payload.',
-      'Run schema changes sequentially — migration locks DB per operation.',
-    ].join(' '),
-    columnCreateSchema,
-    appendColumnToTable
-  );
   // ─── UPDATE COLUMN ───
   server.tool(
@@ -788,18 +776,6 @@ export function registerTableTools(server, ENFYRA_API_URL) {
     removeColumnFromTable
   );
-  server.tool(
-    'remove_column',
-    [
-      'Alias for delete_column. Remove a column through the canonical enfyra_table cascade.',
-      'This drops the physical column. Confirm destructive schema changes before calling.',
-      'Reads full table metadata and skips non-persisted generated/derived column metadata without id/_id when rebuilding the table columns payload.',
-      'Run schema changes sequentially — migration locks DB per operation.',
-    ].join(' '),
-    columnDeleteSchema,
-    removeColumnFromTable
-  );
   // ─── CREATE RELATION ───
   server.tool(
@@ -817,18 +793,6 @@ export function registerTableTools(server, ENFYRA_API_URL) {
     appendRelationToTable
   );
-  server.tool(
-    'add_relation',
-    [
-      'Alias for create_relation. Add a relation through the canonical enfyra_table cascade.',
-      'sourceTableId and targetTableId may be table ids, exact table names, or aliases.',
-      'Use relation propertyName only; never provide physical FK or junction column names.',
-      'Run schema changes sequentially — migration locks DB per operation.',
-    ].join(' '),
-    relationCreateSchema,
-    appendRelationToTable
-  );
   // ─── DELETE RELATION ───
   server.tool(
@@ -844,13 +808,4 @@ export function registerTableTools(server, ENFYRA_API_URL) {
     removeRelationFromTable
   );
-  server.tool(
-    'remove_relation',
-    [
-      'Alias for delete_relation. Remove a relation through the canonical enfyra_table cascade.',
-      'This can drop FK columns or junction tables. Confirm destructive schema changes before calling.',
-    ].join(' '),
-    relationDeleteSchema,
-    removeRelationFromTable
-  );
 }

package/src/mcp-server-entry.mjs CHANGED Viewed

@@ -2468,137 +2468,6 @@ server.tool(
   },
 );
-server.tool(
-  'create_column_rule',
-  [
-    'Create a REST body validation rule for a table column.',
-    'Use inspect_table first to confirm validateBody, column type, and existing rules. Rule value is JSON; common shape is {"v": ...}.',
-  ].join(' '),
-  {
-    tableName: z.string().describe('Table name or alias'),
-    columnName: z.string().describe('Column name'),
-    ruleType: z.enum(['min', 'max', 'minLength', 'maxLength', 'pattern', 'format', 'minItems', 'maxItems', 'custom']).describe('Validation rule type'),
-    value: z.string().optional().describe('Rule payload JSON, e.g. {"v":10} or {"v":"email"}'),
-    message: z.string().optional().describe('Custom validation error message'),
-    description: z.string().optional().describe('Admin note'),
-    isEnabled: z.boolean().optional().default(true).describe('Enable the rule immediately'),
-  },
-  async ({ tableName, columnName, ruleType, value, message, description, isEnabled }) => {
-    const { tables } = await getMetadataTables();
-    const table = resolveTableOrThrow(tables, tableName);
-    const column = resolveFieldOrThrow(table, columnName, 'column');
-    const body = {
-      ruleType,
-      value: parseJsonArg(value, null),
-      message,
-      description,
-      isEnabled,
-      column: { id: getId(column) },
-    };
-    const result = await fetchAPI(ENFYRA_API_URL, '/enfyra_column_rule', {
-      method: 'POST',
-      body: JSON.stringify(body),
-    });
-    return { content: [{ type: 'text', text: `Column rule created for ${table.name}.${column.name}.\n${JSON.stringify(result, null, 2)}` }] };
-  },
-);
-server.tool(
-  'create_field_permission',
-  [
-    'Create a field permission for one column or relation.',
-    'Exactly one of columnName or relationName is required. Scope requires roleId or allowedUserIds. Conditions use the field permission condition DSL, not the full query DSL.',
-  ].join(' '),
-  {
-    tableName: z.string().describe('Table name or alias'),
-    columnName: z.string().optional().describe('Column name to protect'),
-    relationName: z.string().optional().describe('Relation propertyName to protect'),
-    action: z.enum(['read', 'create', 'update']).default('read').describe('Action this permission applies to'),
-    effect: z.enum(['allow', 'deny']).default('allow').describe('Allow or deny this field action'),
-    roleId: z.union([z.string(), z.number()]).optional().describe('Role id scope'),
-    allowedUserIds: z.array(z.union([z.string(), z.number()])).optional().describe('Specific user ids scope'),
-    condition: z.string().optional().describe('Optional condition JSON using field permission condition DSL'),
-    description: z.string().optional().describe('Admin note'),
-    isEnabled: z.boolean().optional().default(true).describe('Enable immediately'),
-  },
-  async ({ tableName, columnName, relationName, action, effect, roleId, allowedUserIds, condition, description, isEnabled }) => {
-    if (!!columnName === !!relationName) throw new Error('Provide exactly one of columnName or relationName');
-    if (!roleId && (!allowedUserIds || allowedUserIds.length === 0)) {
-      throw new Error('Provide roleId or allowedUserIds');
-    }
-    const { tables } = await getMetadataTables();
-    const table = resolveTableOrThrow(tables, tableName);
-    const body = {
-      isEnabled,
-      description,
-      action,
-      effect,
-      condition: parseJsonArg(condition, null),
-      ...(roleId ? { role: { id: roleId } } : {}),
-      ...(allowedUserIds?.length ? { allowedUsers: allowedUserIds.map((id) => ({ id })) } : {}),
-    };
-    if (columnName) {
-      body.column = { id: getId(resolveFieldOrThrow(table, columnName, 'column')) };
-    } else {
-      body.relation = { id: getId(resolveFieldOrThrow(table, relationName, 'relation')) };
-    }
-    const result = await fetchAPI(ENFYRA_API_URL, '/enfyra_field_permission', {
-      method: 'POST',
-      body: JSON.stringify(body),
-    });
-    return { content: [{ type: 'text', text: `Field permission created on ${table.name}.${columnName || relationName}.\n${JSON.stringify(result, null, 2)}` }] };
-  },
-);
-server.tool(
-  'create_route_permission',
-  [
-    'Create route access permission for a route and REST methods.',
-    'Use this when a non-root role/user should access an authenticated route. publicMethods are for public access; route permissions are for authenticated role/user access.',
-  ].join(' '),
-  {
-    path: z.string().optional().describe('Route path, e.g. /enfyra_user'),
-    routeId: z.union([z.string(), z.number()]).optional().describe('Route id. Use either path or routeId.'),
-    methods: z.array(z.string()).describe('REST method names this permission allows. Each value must exist in enfyra_method.name.'),
-    roleId: z.union([z.string(), z.number()]).optional().describe('Role id scope'),
-    allowedUserIds: z.array(z.union([z.string(), z.number()])).optional().describe('Specific user ids scope'),
-    description: z.string().optional().describe('Admin note'),
-    isEnabled: z.boolean().optional().default(true).describe('Enable immediately'),
-  },
-  async ({ path, routeId, methods, roleId, allowedUserIds, description, isEnabled }) => {
-    if (!path && !routeId) throw new Error('Provide path or routeId');
-    if (!roleId && (!allowedUserIds || allowedUserIds.length === 0)) {
-      throw new Error('Provide roleId or allowedUserIds');
-    }
-    const routes = await fetchAll('/enfyra_route?limit=1000');
-    const route = routes.find((item) => (
-      routeId ? sameId(getId(item), routeId) : item.path === normalizeRestPath(path)
-    ));
-    if (!route) throw new Error(`Route not found: ${routeId || path}`);
-    const methodMap = await getMethodMap();
-    const body = {
-      isEnabled,
-      description,
-      route: { id: getId(route) },
-      methods: resolveMethodIds(methodMap, methods),
-      ...(roleId ? { role: { id: roleId } } : {}),
-      ...(allowedUserIds?.length ? { allowedUsers: allowedUserIds.map((id) => ({ id })) } : {}),
-    };
-    const result = await fetchAPI(ENFYRA_API_URL, '/enfyra_route_permission', {
-      method: 'POST',
-      body: JSON.stringify(body),
-    });
-    const routeReload = await reloadRoutesResult();
-    return { content: [{ type: 'text', text: JSON.stringify({
-      action: 'created',
-      kind: 'route_permission',
-      route: route.path,
-      routeReload,
-      result,
-    }, null, 2) }] };
-  },
-);
 server.tool(
   'audit_route_access',
   [
@@ -2772,74 +2641,6 @@ server.tool(
   },
 );
-server.tool(
-  'create_guard',
-  [
-    'Create a metadata guard with optional rules for REST request gating.',
-    'Root guards attach to one route by path/routeId or globally with isGlobal. pre_auth runs before JWT and only has IP/route context; post_auth runs after auth and can use user id.',
-    'Rule types: rate_limit_by_ip, rate_limit_by_user, rate_limit_by_route, ip_whitelist, ip_blacklist. Rate limits use {"maxRequests":number,"perSeconds":number}; IP lists use {"ips":["127.0.0.1","10.0.0.0/24"]}.',
-    'Do not use rate_limit_by_user or userIds on pre_auth guards. Create risky global/IP whitelist guards disabled first, then inspect and test before enabling.',
-  ].join(' '),
-  {
-    name: z.string().describe('Guard name'),
-    position: z.enum(['pre_auth', 'post_auth']).default('pre_auth').describe('Execution position for root guard. pre_auth has only IP/route context; post_auth also has authenticated user id.'),
-    routeId: z.union([z.string(), z.number()]).optional().describe('Optional route id'),
-    path: z.string().optional().describe('Optional route path'),
-    methods: z.array(z.string()).optional().describe('Method names this guard applies to. Empty means all configured behavior for route/global.'),
-    combinator: z.enum(['and', 'or']).default('and').describe('How child guards/rules combine'),
-    priority: z.number().optional().default(0).describe('Lower runs first'),
-    isGlobal: z.boolean().optional().default(false).describe('Apply globally instead of one route'),
-    isEnabled: z.boolean().optional().default(false).describe('Enable immediately. Default false to avoid accidental lockout.'),
-    description: z.string().optional().describe('Admin note'),
-    rules: z.string().optional().describe('Optional rules JSON array: [{type, config, priority?, isEnabled?, description?, userIds?}]. Supported types: rate_limit_by_ip, rate_limit_by_user, rate_limit_by_route, ip_whitelist, ip_blacklist.'),
-  },
-  async ({ name, position, routeId, path, methods, combinator, priority, isGlobal, isEnabled, description, rules }) => {
-    let route = null;
-    if (!isGlobal && (routeId || path)) {
-      const routes = await fetchAll('/enfyra_route?limit=1000');
-      route = routes.find((item) => (
-        routeId ? sameId(getId(item), routeId) : item.path === normalizeRestPath(path)
-      ));
-      if (!route) throw new Error(`Route not found: ${routeId || path}`);
-    }
-    const methodMap = await getMethodMap();
-    const guardBody = {
-      name,
-      position,
-      combinator,
-      priority,
-      isGlobal,
-      isEnabled,
-      description,
-      ...(route ? { route: { id: getId(route) } } : {}),
-      ...(methods?.length ? { methods: resolveMethodIds(methodMap, methods) } : {}),
-    };
-    const guard = await fetchAPI(ENFYRA_API_URL, '/enfyra_guard', {
-      method: 'POST',
-      body: JSON.stringify(guardBody),
-    });
-    const ruleInputs = parseJsonArg(rules, []);
-    const createdRules = [];
-    for (const rule of ruleInputs) {
-      const ruleBody = {
-        type: rule.type,
-        config: rule.config,
-        priority: rule.priority ?? 0,
-        isEnabled: rule.isEnabled ?? true,
-        description: rule.description,
-        guard: { id: resultRecordId(guard) },
-        ...(Array.isArray(rule.userIds) && rule.userIds.length ? { users: rule.userIds.map((id) => ({ id })) } : {}),
-      };
-      createdRules.push(await fetchAPI(ENFYRA_API_URL, '/enfyra_guard_rule', {
-        method: 'POST',
-        body: JSON.stringify(ruleBody),
-      }));
-    }
-    await fetchAPI(ENFYRA_API_URL, '/admin/reload/guards', { method: 'POST' }).catch(() => {});
-    return { content: [{ type: 'text', text: `Guard created. Guard cache reloaded.\n${JSON.stringify({ guard, rules: createdRules }, null, 2)}` }] };
-  },
-);
 // Register table tools
 registerTableTools(server, ENFYRA_API_URL);
 registerPlatformOperationTools(server, ENFYRA_API_URL);