npm - @fruition/fcp-mcp-server - Versions diffs - 1.32.0 → 1.34.0 - Mend

@fruition/fcp-mcp-server 1.32.0 → 1.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -514,6 +514,13 @@ export declare class FCPClient {
         domain?: string;
         to_revision?: number;
     }): Promise<any>;
+    tunnelGrant(input: {
+        site?: string;
+        domain?: string;
+        service: string;
+        port?: number;
+        ttl_seconds?: number;
+    }): Promise<any>;
     backupListSites(): Promise<any>;
     backupGetConfig(): Promise<any>;
     backupListEligible(): Promise<any>;

package/dist/index.js CHANGED Viewed

@@ -84,6 +84,7 @@ const ROLE_HIERARCHY = [
     'admin',
     'billing_admin',
     'operator',
+    'developer',
     'viewer',
     'none',
 ];
@@ -167,19 +168,22 @@ const TOOL_PERMISSIONS = {
     fcp_trusted_ip_list_ranges: 'viewer',
     fcp_trusted_ip_export: 'viewer',
     fcp_list_freezes: 'viewer',
-    fcp_db_query: 'viewer',
-    fcp_cluster_http: 'viewer',
+    fcp_db_query: 'developer',
+    fcp_cluster_http: 'developer',
     fcp_list_certificates: 'viewer',
-    fcp_cluster_pods: 'viewer',
-    fcp_cluster_logs: 'viewer',
-    fcp_cluster_ingress: 'viewer',
-    fcp_cluster_deployments: 'viewer',
-    fcp_cluster_events: 'viewer',
-    fcp_cluster_describe: 'viewer',
-    // Cluster Safe-Edit Actions (Phase 2) — operator tier (developer tier is a
-    // separate cross-cutting follow-up).
-    fcp_restart_varnish: 'operator',
-    fcp_rollback_web: 'operator',
+    fcp_cluster_pods: 'developer',
+    fcp_cluster_logs: 'developer',
+    fcp_cluster_ingress: 'developer',
+    fcp_cluster_deployments: 'developer',
+    fcp_cluster_events: 'developer',
+    fcp_cluster_describe: 'developer',
+    // Cluster Safe-Edit Actions (Phase 2) — developer tier (least-privilege
+    // cluster-gateway access for firewalled devs).
+    fcp_restart_varnish: 'developer',
+    fcp_rollback_web: 'developer',
+    // Cluster Tunnel Grant (Phase 3a) — developer tier (mints a scoped
+    // short-lived JWT for the firewalled fcp-tunnel CLI; relay not yet built).
+    fcp_tunnel_grant: 'developer',
     fcp_dns_current: 'viewer',
     fcp_dns_history: 'viewer',
     fcp_list_deployments: 'viewer',
@@ -1123,6 +1127,21 @@ export class FCPClient {
         });
     }
     // ============================================================================
+    // Cluster Tunnel Grant (FCP Cluster Gateway, Phase 3a)
+    // ============================================================================
+    async tunnelGrant(input) {
+        return this.fetch('/api/cluster/tunnel/grant', {
+            method: 'POST',
+            body: JSON.stringify({
+                site: input.site,
+                domain: input.domain,
+                service: input.service,
+                port: input.port,
+                ttl_seconds: input.ttl_seconds,
+            }),
+        });
+    }
+    // ============================================================================
     // Backup Management Methods
     // ============================================================================
     async backupListSites() {
@@ -3827,6 +3846,30 @@ const TOOLS = [
         },
     },
     // ============================================================================
+    // Cluster Tunnel Grant Tool (FCP Cluster Gateway, Phase 3a)
+    // Developer-tier. Mints a short-lived, scoped JWT for the (separately-built,
+    // not-yet-published) fcp-tunnel CLI to tunnel into ONE in-cluster Service:port.
+    // ============================================================================
+    {
+        name: 'fcp_tunnel_grant',
+        description: "Mint a short-lived, scoped tunnel token for a site's in-cluster service. Target the site by \"site\" (website id or domain) or \"domain\"; pick a logical \"service\" kind (web | varnish | php-fpm | db). The real Service:port (or read-only DB replica for db) is resolved server-side — you do NOT specify a deployment, host, or port. Returns a signed JWT (max 4h TTL), its expiry, and the exact fcp-tunnel command to run. NOTE: the fcp-tunnel CLI + the relay (tunnel-service) are NOT shipped yet; this only mints the token. Developer tier; cluster-gateway gated server-side. Honors the kill-switch.",
+        inputSchema: {
+            type: 'object',
+            properties: {
+                site: { type: 'string', description: 'Website id or domain (resolves cluster+namespace)' },
+                domain: { type: 'string', description: 'Alias for site: a domain to resolve' },
+                service: {
+                    type: 'string',
+                    enum: ['web', 'varnish', 'php-fpm', 'db'],
+                    description: 'Logical service kind to tunnel to (db tunnels to the read-only replica)',
+                },
+                port: { type: 'number', description: 'Reserved; the port is always resolved server-side' },
+                ttl_seconds: { type: 'number', description: 'Requested token lifetime in seconds (capped at 4h)' },
+            },
+            required: ['service'],
+        },
+    },
+    // ============================================================================
     // Backup Management Tools
     // ============================================================================
     {
@@ -5845,6 +5888,10 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 const result = await client.rollbackWeb(args);
                 return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
             }
+            case 'fcp_tunnel_grant': {
+                const result = await client.tunnelGrant(args);
+                return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+            }
             // ============================================================================
             // Backup Management Handlers
             // ============================================================================

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fruition/fcp-mcp-server",
-  "version": "1.32.0",
+  "version": "1.34.0",
   "description": "MCP Server for FCP Launch Coordination System - enables Claude Code to interact with FCP launches and track development time",
   "main": "dist/index.js",
   "type": "module",