@fruition/fcp-mcp-server 1.31.0 → 1.33.0

package/README.md

@@ -40,6 +40,15 @@ MCP (Model Context Protocol) server that gives Claude Code direct access to the
 | `fcp_db_query` | Run a read-only SQL query (SELECT/SHOW/EXPLAIN/DESCRIBE) against a site's read-only DB replica |
 | `fcp_cluster_http` | GET/HEAD an in-cluster Kubernetes Service URL through FCP (devs firewalled off the cluster) |
 
+### Cluster Safe-Edit Action Tools
+
+Structural, audited mutations (operator tier). The caller supplies ONLY a site (+ optional revision); the target deployment is resolved from the site's stack server-side — no deployment name or raw command is ever accepted. Admin-gated REST routes, `CLUSTER_GATEWAY_DISABLED` kill-switch, prod-cluster Slack alert.
+
+| Tool | Description |
+|------|-------------|
+| `fcp_restart_varnish` | Restart a site's varnish deployment (rollout restart) |
+| `fcp_rollback_web` | Roll back a site's web (nginx + php-fpm) deployment (rollout undo), optional `to_revision` |
+
 ### Tasker Job Control Tools
 
 | Tool | Description |

package/dist/index.d.ts

@@ -505,6 +505,15 @@ export declare class FCPClient {
         cluster?: string;
         namespace?: string;
     }): Promise<any>;
+    restartVarnish(input: {
+        site?: string;
+        domain?: string;
+    }): Promise<any>;
+    rollbackWeb(input: {
+        site?: string;
+        domain?: string;
+        to_revision?: number;
+    }): Promise<any>;
     backupListSites(): Promise<any>;
     backupGetConfig(): Promise<any>;
     backupListEligible(): Promise<any>;

package/dist/index.js

@@ -84,6 +84,7 @@ const ROLE_HIERARCHY = [
     'admin',
     'billing_admin',
     'operator',
+    'developer',
     'viewer',
     'none',
 ];
@@ -167,15 +168,19 @@ const TOOL_PERMISSIONS = {
     fcp_trusted_ip_list_ranges: 'viewer',
     fcp_trusted_ip_export: 'viewer',
     fcp_list_freezes: 'viewer',
-    fcp_db_query: 'viewer',
-    fcp_cluster_http: 'viewer',
+    fcp_db_query: 'developer',
+    fcp_cluster_http: 'developer',
     fcp_list_certificates: 'viewer',
-    fcp_cluster_pods: 'viewer',
-    fcp_cluster_logs: 'viewer',
-    fcp_cluster_ingress: 'viewer',
-    fcp_cluster_deployments: 'viewer',
-    fcp_cluster_events: 'viewer',
-    fcp_cluster_describe: 'viewer',
+    fcp_cluster_pods: 'developer',
+    fcp_cluster_logs: 'developer',
+    fcp_cluster_ingress: 'developer',
+    fcp_cluster_deployments: 'developer',
+    fcp_cluster_events: 'developer',
+    fcp_cluster_describe: 'developer',
+    // Cluster Safe-Edit Actions (Phase 2) — developer tier (least-privilege
+    // cluster-gateway access for firewalled devs).
+    fcp_restart_varnish: 'developer',
+    fcp_rollback_web: 'developer',
     fcp_dns_current: 'viewer',
     fcp_dns_history: 'viewer',
     fcp_list_deployments: 'viewer',
@@ -1100,6 +1105,25 @@ export class FCPClient {
         return this.fetch(`/api/cluster/info/describe?${p.toString()}`);
     }
     // ============================================================================
+    // Cluster Safe-Edit Actions (FCP Cluster Gateway, Phase 2)
+    // ============================================================================
+    async restartVarnish(input) {
+        return this.fetch('/api/cluster/actions/restart-varnish', {
+            method: 'POST',
+            body: JSON.stringify({ site: input.site, domain: input.domain }),
+        });
+    }
+    async rollbackWeb(input) {
+        return this.fetch('/api/cluster/actions/rollback-web', {
+            method: 'POST',
+            body: JSON.stringify({
+                site: input.site,
+                domain: input.domain,
+                to_revision: input.to_revision,
+            }),
+        });
+    }
+    // ============================================================================
     // Backup Management Methods
     // ============================================================================
     async backupListSites() {
@@ -3775,6 +3799,35 @@ const TOOLS = [
         },
     },
     // ============================================================================
+    // Cluster Safe-Edit Actions (FCP Cluster Gateway, Phase 2)
+    // Operator-tier, structurally-allowlisted: the caller supplies ONLY a site
+    // (+ optional revision). No deployment name, kind, or raw command is ever
+    // accepted — the deployment is resolved from the site's stack server-side.
+    // ============================================================================
+    {
+        name: 'fcp_restart_varnish',
+        description: "Safe-edit: restart a site's varnish deployment (rollout restart). Target the site by \"site\" (website id or domain) or \"domain\". The varnish deployment is resolved structurally from the site's stack — you do NOT (and cannot) specify a deployment name or command. Operator tier; admin-gated server-side. Honors the cluster-gateway kill-switch.",
+        inputSchema: {
+            type: 'object',
+            properties: {
+                site: { type: 'string', description: 'Website id or domain (resolves cluster+namespace+stack)' },
+                domain: { type: 'string', description: 'Alias for site: a domain to resolve' },
+            },
+        },
+    },
+    {
+        name: 'fcp_rollback_web',
+        description: "Safe-edit: roll back a site's web (nginx + php-fpm) deployment (rollout undo), optionally to a specific revision. Target the site by \"site\" (website id or domain) or \"domain\"; optional \"to_revision\" (positive integer). The web deployment is resolved structurally from the site's stack — you do NOT (and cannot) specify a deployment name or command. Operator tier; admin-gated server-side. Honors the cluster-gateway kill-switch.",
+        inputSchema: {
+            type: 'object',
+            properties: {
+                site: { type: 'string', description: 'Website id or domain (resolves cluster+namespace+stack)' },
+                domain: { type: 'string', description: 'Alias for site: a domain to resolve' },
+                to_revision: { type: 'number', description: 'Optional revision to roll back to (positive integer)' },
+            },
+        },
+    },
+    // ============================================================================
     // Backup Management Tools
     // ============================================================================
     {
@@ -5783,6 +5836,17 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
             }
             // ============================================================================
+            // Cluster Safe-Edit Action Handlers (FCP Cluster Gateway, Phase 2)
+            // ============================================================================
+            case 'fcp_restart_varnish': {
+                const result = await client.restartVarnish(args);
+                return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+            }
+            case 'fcp_rollback_web': {
+                const result = await client.rollbackWeb(args);
+                return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+            }
+            // ============================================================================
             // Backup Management Handlers
             // ============================================================================
             case 'fcp_backup_list_sites': {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fruition/fcp-mcp-server",
-  "version": "1.31.0",
+  "version": "1.33.0",
   "description": "MCP Server for FCP Launch Coordination System - enables Claude Code to interact with FCP launches and track development time",
   "main": "dist/index.js",
   "type": "module",