@icoretech/warden-mcp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +156 -0
  3. package/bin/warden-mcp.js +60 -0
  4. package/dist/app.js +3 -0
  5. package/dist/bw/bwCli.js +106 -0
  6. package/dist/bw/bwHeaders.js +87 -0
  7. package/dist/bw/bwPool.js +54 -0
  8. package/dist/bw/bwSession.js +230 -0
  9. package/dist/bw/mutex.js +19 -0
  10. package/dist/sdk/generateArgs.js +64 -0
  11. package/dist/sdk/keychainSdk.js +1225 -0
  12. package/dist/sdk/patch.js +34 -0
  13. package/dist/sdk/redact.js +76 -0
  14. package/dist/sdk/types.js +2 -0
  15. package/dist/sdk/usernameGenerator.js +142 -0
  16. package/dist/server.js +22 -0
  17. package/dist/tools/registerTools.js +1250 -0
  18. package/dist/transports/http.js +376 -0
  19. package/dist/transports/stdio.js +33 -0
  20. package/package.json +52 -0
package/dist/tools/registerTools.js ADDED
@@ -0,0 +1,1250 @@
1
+ // src/tools/registerTools.ts
2
+ import { z } from 'zod';
3
+ export function registerTools(server, deps) {
4
+ const toolMeta = {};
5
+ const isReadOnly = (() => {
6
+ const v = (process.env.READONLY ?? process.env.KEYCHAIN_READONLY ?? 'false')
7
+ .trim()
8
+ .toLowerCase();
9
+ return v === '1' || v === 'true' || v === 'yes' || v === 'on';
10
+ })();
11
+ function readonlyBlocked() {
12
+ return {
13
+ structuredContent: { ok: false, error: 'READONLY' },
14
+ content: [{ type: 'text', text: 'Blocked: READONLY=true' }],
15
+ isError: true,
16
+ };
17
+ }
18
+ function toolResult(kind, value, revealed) {
19
+ return { result: { kind, value, revealed } };
20
+ }
21
+ const uriMatchSchema = z.enum([
22
+ 'domain',
23
+ 'host',
24
+ 'startsWith',
25
+ 'exact',
26
+ 'regex',
27
+ 'never',
28
+ ]);
29
+ const uriMatchInputSchema = z.union([
30
+ uriMatchSchema,
31
+ // Common alias from other clients/LLMs; normalize to "domain".
32
+ z.literal('base_domain'),
33
+ z.literal('baseDomain'),
34
+ // bw uses numeric match values internally (0..5)
35
+ z.number().int().min(0).max(5),
36
+ ]);
37
+ function normalizeUriMatchInput(match) {
38
+ if (match === 'base_domain' || match === 'baseDomain')
39
+ return 'domain';
40
+ if (typeof match === 'number') {
41
+ if (match === 0)
42
+ return 'domain';
43
+ if (match === 1)
44
+ return 'host';
45
+ if (match === 2)
46
+ return 'startsWith';
47
+ if (match === 3)
48
+ return 'exact';
49
+ if (match === 4)
50
+ return 'regex';
51
+ if (match === 5)
52
+ return 'never';
53
+ return undefined;
54
+ }
55
+ return match;
56
+ }
57
+ function normalizeUrisInput(uris) {
58
+ if (!uris)
59
+ return undefined;
60
+ return uris.map((u) => ({
61
+ ...u,
62
+ match: normalizeUriMatchInput(u.match),
63
+ }));
64
+ }
65
+ server.registerTool(`${deps.toolPrefix}.status`, {
66
+ title: 'Vault Status',
67
+ description: 'Returns Bitwarden CLI status (locked/unlocked, server, user).',
68
+ annotations: { readOnlyHint: true },
69
+ inputSchema: {},
70
+ _meta: toolMeta,
71
+ }, async (_input, extra) => {
72
+ const sdk = await deps.getSdk(extra.authInfo);
73
+ const status = await sdk.status();
74
+ const summary = status &&
75
+ typeof status === 'object' &&
76
+ typeof status.summary === 'string'
77
+ ? String(status.summary)
78
+ : 'Vault access ready.';
79
+ return {
80
+ structuredContent: { status },
81
+ content: [{ type: 'text', text: summary }],
82
+ };
83
+ });
84
+ server.registerTool(`${deps.toolPrefix}.encode`, {
85
+ title: 'Encode',
86
+ description: 'Base64-encode a string (bw encode).',
87
+ annotations: { readOnlyHint: true },
88
+ inputSchema: {
89
+ value: z.string(),
90
+ },
91
+ _meta: toolMeta,
92
+ }, async (input, extra) => {
93
+ const sdk = await deps.getSdk(extra.authInfo);
94
+ const encoded = await sdk.encode(input);
95
+ return {
96
+ structuredContent: encoded,
97
+ content: [{ type: 'text', text: 'OK' }],
98
+ };
99
+ });
100
+ server.registerTool(`${deps.toolPrefix}.generate`, {
101
+ title: 'Generate',
102
+ description: 'Generate a password/passphrase (bw generate). Returning the value requires reveal=true.',
103
+ annotations: { readOnlyHint: true },
104
+ inputSchema: {
105
+ uppercase: z.boolean().optional(),
106
+ lowercase: z.boolean().optional(),
107
+ number: z.boolean().optional(),
108
+ special: z.boolean().optional(),
109
+ passphrase: z.boolean().optional(),
110
+ length: z.number().int().min(5).max(256).optional(),
111
+ words: z.number().int().min(3).max(50).optional(),
112
+ minNumber: z.number().int().min(0).max(50).optional(),
113
+ minSpecial: z.number().int().min(0).max(50).optional(),
114
+ separator: z.string().optional(),
115
+ capitalize: z.boolean().optional(),
116
+ includeNumber: z.boolean().optional(),
117
+ ambiguous: z.boolean().optional(),
118
+ reveal: z.boolean().optional(),
119
+ },
120
+ _meta: toolMeta,
121
+ }, async (input, extra) => {
122
+ const sdk = await deps.getSdk(extra.authInfo);
123
+ const result = await sdk.generate(input);
124
+ return {
125
+ structuredContent: toolResult('generated', result.value, result.revealed),
126
+ content: [{ type: 'text', text: 'OK' }],
127
+ };
128
+ });
129
+ server.registerTool(`${deps.toolPrefix}.generate_username`, {
130
+ title: 'Generate Username',
131
+ description: 'Generate a username like the Bitwarden generator (random word, plus-addressed email, catch-all). Returning the value requires reveal=true.',
132
+ annotations: { readOnlyHint: true },
133
+ inputSchema: {
134
+ type: z
135
+ .enum([
136
+ 'random_word',
137
+ 'plus_addressed_email',
138
+ 'catch_all_email',
139
+ 'forwarded_email_alias',
140
+ ])
141
+ .optional(),
142
+ capitalize: z.boolean().optional(),
143
+ includeNumber: z.boolean().optional(),
144
+ email: z.string().optional(),
145
+ domain: z.string().optional(),
146
+ reveal: z.boolean().optional(),
147
+ },
148
+ _meta: toolMeta,
149
+ }, async (input, extra) => {
150
+ const sdk = await deps.getSdk(extra.authInfo);
151
+ const result = await sdk.generateUsername(input);
152
+ return {
153
+ structuredContent: toolResult('generated', result.value, result.revealed),
154
+ content: [{ type: 'text', text: 'OK' }],
155
+ };
156
+ });
157
+ server.registerTool(`${deps.toolPrefix}.list_folders`, {
158
+ title: 'List Folders',
159
+ description: 'List Bitwarden folders (personal).',
160
+ annotations: { readOnlyHint: true },
161
+ inputSchema: {
162
+ search: z.string().optional(),
163
+ limit: z.number().int().min(1).max(500).optional(),
164
+ },
165
+ _meta: toolMeta,
166
+ }, async (input, extra) => {
167
+ const sdk = await deps.getSdk(extra.authInfo);
168
+ const folders = await sdk.listFolders(input);
169
+ const results = folders
170
+ .filter((x) => x && typeof x === 'object')
171
+ .map((x) => {
172
+ const rec = x;
173
+ return { id: rec.id, name: rec.name };
174
+ });
175
+ return {
176
+ structuredContent: { results },
177
+ content: [{ type: 'text', text: `Found ${results.length} folder(s).` }],
178
+ };
179
+ });
180
+ server.registerTool(`${deps.toolPrefix}.create_folder`, {
181
+ title: 'Create Folder',
182
+ description: 'Create a Bitwarden folder (personal).',
183
+ inputSchema: {
184
+ name: z.string(),
185
+ },
186
+ _meta: toolMeta,
187
+ }, async (input, extra) => {
188
+ if (isReadOnly)
189
+ return readonlyBlocked();
190
+ const sdk = await deps.getSdk(extra.authInfo);
191
+ const folder = await sdk.createFolder(input.name);
192
+ return {
193
+ structuredContent: { folder },
194
+ content: [{ type: 'text', text: 'Created.' }],
195
+ };
196
+ });
197
+ server.registerTool(`${deps.toolPrefix}.edit_folder`, {
198
+ title: 'Edit Folder',
199
+ description: 'Rename a Bitwarden folder (personal).',
200
+ inputSchema: {
201
+ id: z.string(),
202
+ name: z.string(),
203
+ },
204
+ _meta: toolMeta,
205
+ }, async (input, extra) => {
206
+ if (isReadOnly)
207
+ return readonlyBlocked();
208
+ const sdk = await deps.getSdk(extra.authInfo);
209
+ const folder = await sdk.editFolder(input);
210
+ return {
211
+ structuredContent: { folder },
212
+ content: [{ type: 'text', text: 'Updated.' }],
213
+ };
214
+ });
215
+ server.registerTool(`${deps.toolPrefix}.delete_folder`, {
216
+ title: 'Delete Folder',
217
+ description: 'Delete a Bitwarden folder (personal).',
218
+ inputSchema: {
219
+ id: z.string(),
220
+ },
221
+ _meta: toolMeta,
222
+ }, async (input, extra) => {
223
+ if (isReadOnly)
224
+ return readonlyBlocked();
225
+ const sdk = await deps.getSdk(extra.authInfo);
226
+ await sdk.deleteFolder(input);
227
+ return {
228
+ structuredContent: { ok: true },
229
+ content: [{ type: 'text', text: 'Deleted.' }],
230
+ };
231
+ });
232
+ server.registerTool(`${deps.toolPrefix}.list_org_collections`, {
233
+ title: 'List Org Collections',
234
+ description: 'List organization collections.',
235
+ annotations: { readOnlyHint: true },
236
+ inputSchema: {
237
+ organizationId: z.string(),
238
+ search: z.string().optional(),
239
+ limit: z.number().int().min(1).max(500).optional(),
240
+ },
241
+ _meta: toolMeta,
242
+ }, async (input, extra) => {
243
+ const sdk = await deps.getSdk(extra.authInfo);
244
+ const cols = await sdk.listOrgCollections(input);
245
+ const results = cols
246
+ .filter((x) => x && typeof x === 'object')
247
+ .map((x) => {
248
+ const rec = x;
249
+ return {
250
+ id: rec.id,
251
+ name: rec.name,
252
+ organizationId: rec.organizationId ?? null,
253
+ };
254
+ });
255
+ return {
256
+ structuredContent: { results },
257
+ content: [
258
+ { type: 'text', text: `Found ${results.length} org collection(s).` },
259
+ ],
260
+ };
261
+ });
262
+ server.registerTool(`${deps.toolPrefix}.create_org_collection`, {
263
+ title: 'Create Org Collection',
264
+ description: 'Create an organization collection.',
265
+ inputSchema: {
266
+ organizationId: z.string(),
267
+ name: z.string(),
268
+ },
269
+ _meta: toolMeta,
270
+ }, async (input, extra) => {
271
+ if (isReadOnly)
272
+ return readonlyBlocked();
273
+ const sdk = await deps.getSdk(extra.authInfo);
274
+ const collection = await sdk.createOrgCollection(input);
275
+ return {
276
+ structuredContent: { collection },
277
+ content: [{ type: 'text', text: 'Created.' }],
278
+ };
279
+ });
280
+ server.registerTool(`${deps.toolPrefix}.edit_org_collection`, {
281
+ title: 'Edit Org Collection',
282
+ description: 'Rename an organization collection.',
283
+ inputSchema: {
284
+ organizationId: z.string(),
285
+ id: z.string(),
286
+ name: z.string(),
287
+ },
288
+ _meta: toolMeta,
289
+ }, async (input, extra) => {
290
+ if (isReadOnly)
291
+ return readonlyBlocked();
292
+ const sdk = await deps.getSdk(extra.authInfo);
293
+ const collection = await sdk.editOrgCollection(input);
294
+ return {
295
+ structuredContent: { collection },
296
+ content: [{ type: 'text', text: 'Updated.' }],
297
+ };
298
+ });
299
+ server.registerTool(`${deps.toolPrefix}.delete_org_collection`, {
300
+ title: 'Delete Org Collection',
301
+ description: 'Delete an organization collection.',
302
+ inputSchema: {
303
+ organizationId: z.string(),
304
+ id: z.string(),
305
+ },
306
+ _meta: toolMeta,
307
+ }, async (input, extra) => {
308
+ if (isReadOnly)
309
+ return readonlyBlocked();
310
+ const sdk = await deps.getSdk(extra.authInfo);
311
+ await sdk.deleteOrgCollection(input);
312
+ return {
313
+ structuredContent: { ok: true },
314
+ content: [{ type: 'text', text: 'Deleted.' }],
315
+ };
316
+ });
317
+ server.registerTool(`${deps.toolPrefix}.move_item_to_organization`, {
318
+ title: 'Move Item To Organization',
319
+ description: 'Move an item to an organization (optionally assigning collection ids).',
320
+ inputSchema: {
321
+ id: z.string(),
322
+ organizationId: z.string(),
323
+ collectionIds: z.array(z.string()).optional(),
324
+ },
325
+ _meta: toolMeta,
326
+ }, async (input, extra) => {
327
+ if (isReadOnly)
328
+ return readonlyBlocked();
329
+ const sdk = await deps.getSdk(extra.authInfo);
330
+ const item = await sdk.moveItemToOrganization(input);
331
+ return {
332
+ structuredContent: { item },
333
+ content: [{ type: 'text', text: 'Moved.' }],
334
+ };
335
+ });
336
+ server.registerTool(`${deps.toolPrefix}.list_organizations`, {
337
+ title: 'List Organizations',
338
+ description: 'List organizations available to the current Bitwarden user.',
339
+ annotations: { readOnlyHint: true },
340
+ inputSchema: {
341
+ search: z.string().optional(),
342
+ limit: z.number().int().min(1).max(500).optional(),
343
+ },
344
+ _meta: toolMeta,
345
+ }, async (input, extra) => {
346
+ const sdk = await deps.getSdk(extra.authInfo);
347
+ const orgs = await sdk.listOrganizations(input);
348
+ const results = orgs
349
+ .filter((x) => x && typeof x === 'object')
350
+ .map((x) => {
351
+ const rec = x;
352
+ return { id: rec.id, name: rec.name };
353
+ });
354
+ return {
355
+ structuredContent: { results },
356
+ content: [{ type: 'text', text: `Found ${results.length} org(s).` }],
357
+ };
358
+ });
359
+ server.registerTool(`${deps.toolPrefix}.list_collections`, {
360
+ title: 'List Collections',
361
+ description: 'List collections (optionally filtered by organization).',
362
+ annotations: { readOnlyHint: true },
363
+ inputSchema: {
364
+ search: z.string().optional(),
365
+ organizationId: z.string().optional(),
366
+ limit: z.number().int().min(1).max(500).optional(),
367
+ },
368
+ _meta: toolMeta,
369
+ }, async (input, extra) => {
370
+ const sdk = await deps.getSdk(extra.authInfo);
371
+ const cols = await sdk.listCollections(input);
372
+ const results = cols
373
+ .filter((x) => x && typeof x === 'object')
374
+ .map((x) => {
375
+ const rec = x;
376
+ return {
377
+ id: rec.id,
378
+ name: rec.name,
379
+ organizationId: rec.organizationId ?? null,
380
+ };
381
+ });
382
+ return {
383
+ structuredContent: { results },
384
+ content: [
385
+ { type: 'text', text: `Found ${results.length} collection(s).` },
386
+ ],
387
+ };
388
+ });
389
+ server.registerTool(`${deps.toolPrefix}.search_items`, {
390
+ title: 'Search Items',
391
+ description: 'Search vault items by text and filters (org/folder/collection/url).',
392
+ annotations: { readOnlyHint: true },
393
+ inputSchema: {
394
+ text: z.string().optional(),
395
+ type: z
396
+ .enum(['login', 'note', 'ssh_key', 'card', 'identity'])
397
+ .optional(),
398
+ organizationId: z
399
+ .union([z.string(), z.literal('null'), z.literal('notnull')])
400
+ .optional(),
401
+ folderId: z
402
+ .union([z.string(), z.literal('null'), z.literal('notnull')])
403
+ .optional(),
404
+ collectionId: z.string().optional(),
405
+ url: z.string().optional(),
406
+ trash: z.boolean().optional(),
407
+ limit: z.number().int().min(1).max(500).optional(),
408
+ },
409
+ _meta: toolMeta,
410
+ }, async (input, extra) => {
411
+ const sdk = await deps.getSdk(extra.authInfo);
412
+ const items = await sdk.searchItems(input);
413
+ const minimal = items.map((i) => sdk.minimalSummary(i));
414
+ return {
415
+ structuredContent: { results: minimal },
416
+ content: [{ type: 'text', text: `Found ${minimal.length} item(s).` }],
417
+ };
418
+ });
419
+ server.registerTool(`${deps.toolPrefix}.get_item`, {
420
+ title: 'Get Item',
421
+ description: 'Get a vault item by id.',
422
+ annotations: { readOnlyHint: true },
423
+ inputSchema: {
424
+ id: z.string(),
425
+ reveal: z.boolean().optional(),
426
+ },
427
+ _meta: toolMeta,
428
+ }, async (input, extra) => {
429
+ const sdk = await deps.getSdk(extra.authInfo);
430
+ const item = await sdk.getItem(input.id, { reveal: input.reveal });
431
+ return {
432
+ structuredContent: { item },
433
+ content: [{ type: 'text', text: 'OK' }],
434
+ };
435
+ });
436
+ server.registerTool(`${deps.toolPrefix}.get_uri`, {
437
+ title: 'Get URI',
438
+ description: 'Get a login URI by search term (bw get uri).',
439
+ annotations: { readOnlyHint: true },
440
+ inputSchema: {
441
+ term: z.string(),
442
+ },
443
+ _meta: toolMeta,
444
+ }, async (input, extra) => {
445
+ const sdk = await deps.getSdk(extra.authInfo);
446
+ const uri = await sdk.getUri(input);
447
+ return {
448
+ structuredContent: toolResult('uri', uri.value, uri.revealed),
449
+ content: [{ type: 'text', text: 'OK' }],
450
+ };
451
+ });
452
+ server.registerTool(`${deps.toolPrefix}.get_notes`, {
453
+ title: 'Get Notes',
454
+ description: 'Get item notes by search term (bw get notes).',
455
+ annotations: { readOnlyHint: true },
456
+ inputSchema: {
457
+ term: z.string(),
458
+ reveal: z.boolean().optional(),
459
+ },
460
+ _meta: toolMeta,
461
+ }, async (input, extra) => {
462
+ const sdk = await deps.getSdk(extra.authInfo);
463
+ const notes = await sdk.getNotes({ term: input.term }, { reveal: input.reveal });
464
+ return {
465
+ structuredContent: toolResult('notes', notes.value, notes.revealed),
466
+ content: [{ type: 'text', text: 'OK' }],
467
+ };
468
+ });
469
+ server.registerTool(`${deps.toolPrefix}.get_exposed`, {
470
+ title: 'Get Exposed',
471
+ description: 'Check exposed status by search term (bw get exposed).',
472
+ annotations: { readOnlyHint: true },
473
+ inputSchema: {
474
+ term: z.string(),
475
+ },
476
+ _meta: toolMeta,
477
+ }, async (input, extra) => {
478
+ const sdk = await deps.getSdk(extra.authInfo);
479
+ const exposed = await sdk.getExposed(input);
480
+ return {
481
+ structuredContent: toolResult('exposed', exposed.value, exposed.revealed),
482
+ content: [{ type: 'text', text: 'OK' }],
483
+ };
484
+ });
485
+ server.registerTool(`${deps.toolPrefix}.get_folder`, {
486
+ title: 'Get Folder',
487
+ description: 'Get a folder by id (bw get folder).',
488
+ annotations: { readOnlyHint: true },
489
+ inputSchema: {
490
+ id: z.string(),
491
+ },
492
+ _meta: toolMeta,
493
+ }, async (input, extra) => {
494
+ const sdk = await deps.getSdk(extra.authInfo);
495
+ const folder = await sdk.getFolder(input);
496
+ return {
497
+ structuredContent: { folder },
498
+ content: [{ type: 'text', text: 'OK' }],
499
+ };
500
+ });
501
+ server.registerTool(`${deps.toolPrefix}.get_collection`, {
502
+ title: 'Get Collection',
503
+ description: 'Get a collection by id (bw get collection).',
504
+ annotations: { readOnlyHint: true },
505
+ inputSchema: {
506
+ id: z.string(),
507
+ organizationId: z.string().optional(),
508
+ },
509
+ _meta: toolMeta,
510
+ }, async (input, extra) => {
511
+ const sdk = await deps.getSdk(extra.authInfo);
512
+ const collection = await sdk.getCollection(input);
513
+ return {
514
+ structuredContent: { collection },
515
+ content: [{ type: 'text', text: 'OK' }],
516
+ };
517
+ });
518
+ server.registerTool(`${deps.toolPrefix}.get_organization`, {
519
+ title: 'Get Organization',
520
+ description: 'Get an organization by id (bw get organization).',
521
+ annotations: { readOnlyHint: true },
522
+ inputSchema: {
523
+ id: z.string(),
524
+ },
525
+ _meta: toolMeta,
526
+ }, async (input, extra) => {
527
+ const sdk = await deps.getSdk(extra.authInfo);
528
+ const organization = await sdk.getOrganization(input);
529
+ return {
530
+ structuredContent: { organization },
531
+ content: [{ type: 'text', text: 'OK' }],
532
+ };
533
+ });
534
+ server.registerTool(`${deps.toolPrefix}.get_org_collection`, {
535
+ title: 'Get Org Collection',
536
+ description: 'Get an org collection by id (bw get org-collection).',
537
+ annotations: { readOnlyHint: true },
538
+ inputSchema: {
539
+ id: z.string(),
540
+ organizationId: z.string().optional(),
541
+ },
542
+ _meta: toolMeta,
543
+ }, async (input, extra) => {
544
+ const sdk = await deps.getSdk(extra.authInfo);
545
+ const collection = await sdk.getOrgCollection(input);
546
+ return {
547
+ structuredContent: { collection },
548
+ content: [{ type: 'text', text: 'OK' }],
549
+ };
550
+ });
551
+ server.registerTool(`${deps.toolPrefix}.delete_item`, {
552
+ title: 'Delete Item',
553
+ description: 'Delete an item by id (soft-delete by default; set permanent=true to hard delete).',
554
+ inputSchema: {
555
+ id: z.string(),
556
+ permanent: z.boolean().optional(),
557
+ },
558
+ _meta: toolMeta,
559
+ }, async (input, extra) => {
560
+ if (isReadOnly)
561
+ return readonlyBlocked();
562
+ const sdk = await deps.getSdk(extra.authInfo);
563
+ await sdk.deleteItem(input);
564
+ return {
565
+ structuredContent: { ok: true },
566
+ content: [{ type: 'text', text: 'Deleted.' }],
567
+ };
568
+ });
569
+ server.registerTool(`${deps.toolPrefix}.delete_items`, {
570
+ title: 'Delete Items',
571
+ description: 'Delete multiple items by id. Returns per-id results (soft-delete by default; set permanent=true to hard delete).',
572
+ inputSchema: {
573
+ ids: z.array(z.string()).min(1).max(200),
574
+ permanent: z.boolean().optional(),
575
+ },
576
+ _meta: toolMeta,
577
+ }, async (input, extra) => {
578
+ if (isReadOnly)
579
+ return readonlyBlocked();
580
+ const sdk = await deps.getSdk(extra.authInfo);
581
+ const results = await sdk.deleteItems(input);
582
+ const okCount = results.filter((r) => r.ok).length;
583
+ return {
584
+ structuredContent: { results, okCount, total: results.length },
585
+ content: [
586
+ { type: 'text', text: `Deleted ${okCount}/${results.length}.` },
587
+ ],
588
+ };
589
+ });
590
+ server.registerTool(`${deps.toolPrefix}.restore_item`, {
591
+ title: 'Restore Item',
592
+ description: 'Restore an item from trash by id.',
593
+ inputSchema: {
594
+ id: z.string(),
595
+ },
596
+ _meta: toolMeta,
597
+ }, async (input, extra) => {
598
+ if (isReadOnly)
599
+ return readonlyBlocked();
600
+ const sdk = await deps.getSdk(extra.authInfo);
601
+ const item = await sdk.restoreItem(input);
602
+ return {
603
+ structuredContent: { item },
604
+ content: [{ type: 'text', text: 'Restored.' }],
605
+ };
606
+ });
607
+ server.registerTool(`${deps.toolPrefix}.create_attachment`, {
608
+ title: 'Create Attachment',
609
+ description: 'Attach a file (base64) to an existing item. Returns the updated (redacted) item.',
610
+ inputSchema: {
611
+ itemId: z.string(),
612
+ filename: z.string(),
613
+ contentBase64: z.string(),
614
+ reveal: z.boolean().optional(),
615
+ },
616
+ _meta: toolMeta,
617
+ }, async (input, extra) => {
618
+ if (isReadOnly)
619
+ return readonlyBlocked();
620
+ const sdk = await deps.getSdk(extra.authInfo);
621
+ const item = await sdk.createAttachment(input);
622
+ return {
623
+ structuredContent: { item },
624
+ content: [{ type: 'text', text: 'Attached.' }],
625
+ };
626
+ });
627
+ server.registerTool(`${deps.toolPrefix}.delete_attachment`, {
628
+ title: 'Delete Attachment',
629
+ description: 'Delete an attachment from an item. Returns the updated (redacted) item.',
630
+ inputSchema: {
631
+ itemId: z.string(),
632
+ attachmentId: z.string(),
633
+ reveal: z.boolean().optional(),
634
+ },
635
+ _meta: toolMeta,
636
+ }, async (input, extra) => {
637
+ if (isReadOnly)
638
+ return readonlyBlocked();
639
+ const sdk = await deps.getSdk(extra.authInfo);
640
+ const item = await sdk.deleteAttachment(input);
641
+ return {
642
+ structuredContent: { item },
643
+ content: [{ type: 'text', text: 'Deleted.' }],
644
+ };
645
+ });
646
+ server.registerTool(`${deps.toolPrefix}.get_attachment`, {
647
+ title: 'Get Attachment',
648
+ description: 'Download an attachment from an item and return it as base64 (bw get attachment).',
649
+ annotations: { readOnlyHint: true },
650
+ inputSchema: {
651
+ itemId: z.string(),
652
+ attachmentId: z.string(),
653
+ },
654
+ _meta: toolMeta,
655
+ }, async (input, extra) => {
656
+ const sdk = await deps.getSdk(extra.authInfo);
657
+ const attachment = await sdk.getAttachment(input);
658
+ return {
659
+ structuredContent: { attachment },
660
+ content: [{ type: 'text', text: 'OK' }],
661
+ };
662
+ });
663
+ server.registerTool(`${deps.toolPrefix}.send_list`, {
664
+ title: 'Send List',
665
+ description: 'List all the Sends owned by you (bw send list).',
666
+ annotations: { readOnlyHint: true, openWorldHint: true },
667
+ inputSchema: {},
668
+ _meta: toolMeta,
669
+ }, async (_input, extra) => {
670
+ const sdk = await deps.getSdk(extra.authInfo);
671
+ const sends = await sdk.sendList();
672
+ return {
673
+ structuredContent: { sends },
674
+ content: [{ type: 'text', text: 'OK' }],
675
+ };
676
+ });
677
+ server.registerTool(`${deps.toolPrefix}.send_template`, {
678
+ title: 'Send Template',
679
+ description: 'Get json templates for send objects (bw send template).',
680
+ annotations: { readOnlyHint: true, openWorldHint: true },
681
+ inputSchema: {
682
+ object: z.enum(['send.text', 'text', 'send.file', 'file']),
683
+ },
684
+ _meta: toolMeta,
685
+ }, async (input, extra) => {
686
+ const sdk = await deps.getSdk(extra.authInfo);
687
+ const template = await sdk.sendTemplate(input);
688
+ return {
689
+ structuredContent: { template },
690
+ content: [{ type: 'text', text: 'OK' }],
691
+ };
692
+ });
693
+ server.registerTool(`${deps.toolPrefix}.send_get`, {
694
+ title: 'Send Get',
695
+ description: 'Get Sends owned by you. Use text=true to return text content; downloadFile=true to download a file send (bw send get).',
696
+ annotations: { readOnlyHint: true, openWorldHint: true },
697
+ inputSchema: {
698
+ id: z.string(),
699
+ text: z.boolean().optional(),
700
+ downloadFile: z.boolean().optional(),
701
+ },
702
+ _meta: toolMeta,
703
+ }, async (input, extra) => {
704
+ const sdk = await deps.getSdk(extra.authInfo);
705
+ const result = await sdk.sendGet(input);
706
+ return {
707
+ structuredContent: { result },
708
+ content: [{ type: 'text', text: 'OK' }],
709
+ };
710
+ });
711
+ server.registerTool(`${deps.toolPrefix}.send_create`, {
712
+ title: 'Send Create',
713
+ description: 'Create a Bitwarden Send. For file sends, pass filename+contentBase64. (bw send).',
714
+ annotations: {
715
+ readOnlyHint: false,
716
+ destructiveHint: false,
717
+ openWorldHint: true,
718
+ },
719
+ inputSchema: {
720
+ type: z.enum(['text', 'file']),
721
+ text: z.string().optional(),
722
+ filename: z.string().optional(),
723
+ contentBase64: z.string().optional(),
724
+ deleteInDays: z.number().int().min(1).max(3650).optional(),
725
+ password: z.string().optional(),
726
+ maxAccessCount: z.number().int().min(1).max(1_000_000).optional(),
727
+ hidden: z.boolean().optional(),
728
+ name: z.string().optional(),
729
+ notes: z.string().optional(),
730
+ fullObject: z.boolean().optional(),
731
+ },
732
+ _meta: toolMeta,
733
+ }, async (input, extra) => {
734
+ if (isReadOnly)
735
+ return readonlyBlocked();
736
+ const sdk = await deps.getSdk(extra.authInfo);
737
+ const send = await sdk.sendCreate(input);
738
+ return {
739
+ structuredContent: { send },
740
+ content: [{ type: 'text', text: 'OK' }],
741
+ };
742
+ });
743
+ server.registerTool(`${deps.toolPrefix}.send_create_encoded`, {
744
+ title: 'Send Create (Encoded JSON)',
745
+ description: 'Create a Send via `bw send create`. Provide `encodedJson` (base64) or `json` (will be bw-encoded). Optional: `text`, `hidden`, or `file` (filename+contentBase64).',
746
+ annotations: {
747
+ readOnlyHint: false,
748
+ destructiveHint: false,
749
+ openWorldHint: true,
750
+ },
751
+ inputSchema: {
752
+ encodedJson: z.string().optional(),
753
+ json: z.unknown().optional(),
754
+ text: z.string().optional(),
755
+ hidden: z.boolean().optional(),
756
+ file: z
757
+ .object({
758
+ filename: z.string(),
759
+ contentBase64: z.string(),
760
+ })
761
+ .optional(),
762
+ },
763
+ _meta: toolMeta,
764
+ }, async (input, extra) => {
765
+ if (isReadOnly)
766
+ return readonlyBlocked();
767
+ const sdk = await deps.getSdk(extra.authInfo);
768
+ const send = await sdk.sendCreateEncoded(input);
769
+ return {
770
+ structuredContent: { send },
771
+ content: [{ type: 'text', text: 'OK' }],
772
+ };
773
+ });
774
+ server.registerTool(`${deps.toolPrefix}.send_edit`, {
775
+ title: 'Send Edit (Encoded JSON)',
776
+ description: 'Edit a Send via `bw send edit`. Provide `encodedJson` (base64) or `json` (will be bw-encoded). Optional: `itemId` (maps to --itemid).',
777
+ annotations: {
778
+ readOnlyHint: false,
779
+ destructiveHint: false,
780
+ openWorldHint: true,
781
+ },
782
+ inputSchema: {
783
+ encodedJson: z.string().optional(),
784
+ json: z.unknown().optional(),
785
+ itemId: z.string().optional(),
786
+ },
787
+ _meta: toolMeta,
788
+ }, async (input, extra) => {
789
+ if (isReadOnly)
790
+ return readonlyBlocked();
791
+ const sdk = await deps.getSdk(extra.authInfo);
792
+ const send = await sdk.sendEdit(input);
793
+ return {
794
+ structuredContent: { send },
795
+ content: [{ type: 'text', text: 'OK' }],
796
+ };
797
+ });
798
+ server.registerTool(`${deps.toolPrefix}.send_remove_password`, {
799
+ title: 'Send Remove Password',
800
+ description: "Remove a Send's saved password (bw send remove-password).",
801
+ annotations: {
802
+ readOnlyHint: false,
803
+ destructiveHint: true,
804
+ openWorldHint: true,
805
+ },
806
+ inputSchema: {
807
+ id: z.string(),
808
+ },
809
+ _meta: toolMeta,
810
+ }, async (input, extra) => {
811
+ if (isReadOnly)
812
+ return readonlyBlocked();
813
+ const sdk = await deps.getSdk(extra.authInfo);
814
+ const result = await sdk.sendRemovePassword(input);
815
+ return {
816
+ structuredContent: { result },
817
+ content: [{ type: 'text', text: 'OK' }],
818
+ };
819
+ });
820
+ server.registerTool(`${deps.toolPrefix}.send_delete`, {
821
+ title: 'Send Delete',
822
+ description: 'Delete a Send (bw send delete).',
823
+ annotations: {
824
+ readOnlyHint: false,
825
+ destructiveHint: true,
826
+ openWorldHint: true,
827
+ },
828
+ inputSchema: {
829
+ id: z.string(),
830
+ },
831
+ _meta: toolMeta,
832
+ }, async (input, extra) => {
833
+ if (isReadOnly)
834
+ return readonlyBlocked();
835
+ const sdk = await deps.getSdk(extra.authInfo);
836
+ const result = await sdk.sendDelete(input);
837
+ return {
838
+ structuredContent: { result },
839
+ content: [{ type: 'text', text: 'OK' }],
840
+ };
841
+ });
842
+ server.registerTool(`${deps.toolPrefix}.receive`, {
843
+ title: 'Receive',
844
+ description: 'Access a Bitwarden Send from a url. Use obj=true for JSON object; downloadFile=true for file content. (bw receive)',
845
+ annotations: { readOnlyHint: true, openWorldHint: true },
846
+ inputSchema: {
847
+ url: z.string(),
848
+ password: z.string().optional(),
849
+ obj: z.boolean().optional(),
850
+ downloadFile: z.boolean().optional(),
851
+ },
852
+ _meta: toolMeta,
853
+ }, async (input, extra) => {
854
+ const sdk = await deps.getSdk(extra.authInfo);
855
+ const result = await sdk.receive(input);
856
+ return {
857
+ structuredContent: { result },
858
+ content: [{ type: 'text', text: 'OK' }],
859
+ };
860
+ });
861
+ server.registerTool(`${deps.toolPrefix}.get_username`, {
862
+ title: 'Get Username',
863
+ description: 'Get a login username by search term (bw get username).',
864
+ annotations: { readOnlyHint: true },
865
+ inputSchema: {
866
+ term: z.string(),
867
+ },
868
+ _meta: toolMeta,
869
+ }, async (input, extra) => {
870
+ const sdk = await deps.getSdk(extra.authInfo);
871
+ const username = await sdk.getUsername(input);
872
+ return {
873
+ structuredContent: toolResult('username', username.value, username.revealed),
874
+ content: [{ type: 'text', text: 'OK' }],
875
+ };
876
+ });
877
+ server.registerTool(`${deps.toolPrefix}.get_password`, {
878
+ title: 'Get Password',
879
+ description: 'Get a login password by search term (bw get password). Returning a password requires reveal=true.',
880
+ annotations: { readOnlyHint: true },
881
+ inputSchema: {
882
+ term: z.string(),
883
+ reveal: z.boolean().optional(),
884
+ },
885
+ _meta: toolMeta,
886
+ }, async (input, extra) => {
887
+ const sdk = await deps.getSdk(extra.authInfo);
888
+ const password = await sdk.getPassword({ term: input.term }, { reveal: input.reveal });
889
+ return {
890
+ structuredContent: toolResult('password', password.value, password.revealed),
891
+ content: [{ type: 'text', text: 'OK' }],
892
+ };
893
+ });
894
+ server.registerTool(`${deps.toolPrefix}.get_totp`, {
895
+ title: 'Get TOTP',
896
+ description: 'Get a TOTP code/seed by search term (bw get totp). Returning a TOTP requires reveal=true.',
897
+ annotations: { readOnlyHint: true },
898
+ inputSchema: {
899
+ term: z.string(),
900
+ reveal: z.boolean().optional(),
901
+ },
902
+ _meta: toolMeta,
903
+ }, async (input, extra) => {
904
+ const sdk = await deps.getSdk(extra.authInfo);
905
+ const totp = await sdk.getTotp({ term: input.term }, { reveal: input.reveal });
906
+ return {
907
+ structuredContent: toolResult('totp', totp.value, totp.revealed),
908
+ content: [{ type: 'text', text: 'OK' }],
909
+ };
910
+ });
911
+ server.registerTool(`${deps.toolPrefix}.get_password_history`, {
912
+ title: 'Get Password History',
913
+ description: 'Get an item password history (if any). Returning passwords requires reveal=true.',
914
+ annotations: { readOnlyHint: true },
915
+ inputSchema: {
916
+ id: z.string(),
917
+ reveal: z.boolean().optional(),
918
+ },
919
+ _meta: toolMeta,
920
+ }, async (input, extra) => {
921
+ const sdk = await deps.getSdk(extra.authInfo);
922
+ const history = await sdk.getPasswordHistory(input.id, {
923
+ reveal: input.reveal,
924
+ });
925
+ return {
926
+ structuredContent: toolResult('password_history', history.value, history.revealed),
927
+ content: [{ type: 'text', text: 'OK' }],
928
+ };
929
+ });
930
+ server.registerTool(`${deps.toolPrefix}.create_login`, {
931
+ title: 'Create Login',
932
+ description: 'Create a login item.',
933
+ inputSchema: {
934
+ name: z.string(),
935
+ username: z.string().optional(),
936
+ password: z.string().optional(),
937
+ uris: z
938
+ .array(z.object({
939
+ uri: z.string(),
940
+ match: uriMatchInputSchema.optional(),
941
+ }))
942
+ .optional(),
943
+ totp: z.string().optional(),
944
+ notes: z.string().optional(),
945
+ fields: z
946
+ .array(z.object({
947
+ name: z.string(),
948
+ value: z.string(),
949
+ hidden: z.boolean().optional(),
950
+ }))
951
+ .optional(),
952
+ attachments: z
953
+ .array(z.object({
954
+ filename: z.string(),
955
+ contentBase64: z.string(),
956
+ }))
957
+ .optional(),
958
+ favorite: z.boolean().optional(),
959
+ organizationId: z.string().optional(),
960
+ collectionIds: z.array(z.string()).optional(),
961
+ folderId: z.string().optional(),
962
+ },
963
+ _meta: toolMeta,
964
+ }, async (input, extra) => {
965
+ if (isReadOnly)
966
+ return readonlyBlocked();
967
+ const sdk = await deps.getSdk(extra.authInfo);
968
+ const created = await sdk.createLogin({
969
+ ...input,
970
+ uris: normalizeUrisInput(input.uris),
971
+ });
972
+ return {
973
+ structuredContent: { item: created },
974
+ content: [{ type: 'text', text: 'Created.' }],
975
+ };
976
+ });
977
+ server.registerTool(`${deps.toolPrefix}.create_logins`, {
978
+ title: 'Create Logins',
979
+ description: 'Create multiple login items in a single call.',
980
+ inputSchema: {
981
+ items: z.array(z.object({
982
+ name: z.string(),
983
+ username: z.string().optional(),
984
+ password: z.string().optional(),
985
+ uris: z
986
+ .array(z.object({
987
+ uri: z.string(),
988
+ match: uriMatchInputSchema.optional(),
989
+ }))
990
+ .optional(),
991
+ totp: z.string().optional(),
992
+ notes: z.string().optional(),
993
+ fields: z
994
+ .array(z.object({
995
+ name: z.string(),
996
+ value: z.string(),
997
+ hidden: z.boolean().optional(),
998
+ }))
999
+ .optional(),
1000
+ attachments: z
1001
+ .array(z.object({
1002
+ filename: z.string(),
1003
+ contentBase64: z.string(),
1004
+ }))
1005
+ .optional(),
1006
+ favorite: z.boolean().optional(),
1007
+ organizationId: z.string().optional(),
1008
+ collectionIds: z.array(z.string()).optional(),
1009
+ folderId: z.string().optional(),
1010
+ })),
1011
+ continueOnError: z.boolean().optional(),
1012
+ },
1013
+ _meta: toolMeta,
1014
+ }, async (input, extra) => {
1015
+ if (isReadOnly)
1016
+ return readonlyBlocked();
1017
+ const sdk = await deps.getSdk(extra.authInfo);
1018
+ const results = await sdk.createLogins({
1019
+ items: input.items.map((it) => ({
1020
+ ...it,
1021
+ uris: normalizeUrisInput(it.uris),
1022
+ })),
1023
+ continueOnError: input.continueOnError,
1024
+ });
1025
+ return {
1026
+ structuredContent: { results },
1027
+ content: [
1028
+ { type: 'text', text: `Created ${results.length} login(s).` },
1029
+ ],
1030
+ };
1031
+ });
1032
+ server.registerTool(`${deps.toolPrefix}.set_login_uris`, {
1033
+ title: 'Set Login URIs',
1034
+ description: 'Set or update the URIs (and per-URI match types) for a login item. mode=replace overwrites; mode=merge updates/adds by uri.',
1035
+ inputSchema: {
1036
+ id: z.string(),
1037
+ mode: z.enum(['replace', 'merge']).optional(),
1038
+ uris: z.array(z.object({
1039
+ uri: z.string(),
1040
+ match: uriMatchInputSchema.optional(),
1041
+ })),
1042
+ reveal: z.boolean().optional(),
1043
+ },
1044
+ _meta: toolMeta,
1045
+ }, async (input, extra) => {
1046
+ if (isReadOnly)
1047
+ return readonlyBlocked();
1048
+ const sdk = await deps.getSdk(extra.authInfo);
1049
+ const updated = await sdk.setLoginUris({
1050
+ id: input.id,
1051
+ mode: input.mode,
1052
+ uris: normalizeUrisInput(input.uris) ?? [],
1053
+ reveal: input.reveal,
1054
+ });
1055
+ return {
1056
+ structuredContent: { item: updated },
1057
+ content: [{ type: 'text', text: 'Updated.' }],
1058
+ };
1059
+ });
1060
+ server.registerTool(`${deps.toolPrefix}.create_note`, {
1061
+ title: 'Create Note',
1062
+ description: 'Create a secure note item.',
1063
+ inputSchema: {
1064
+ name: z.string(),
1065
+ notes: z.string().optional(),
1066
+ fields: z
1067
+ .array(z.object({
1068
+ name: z.string(),
1069
+ value: z.string(),
1070
+ hidden: z.boolean().optional(),
1071
+ }))
1072
+ .optional(),
1073
+ favorite: z.boolean().optional(),
1074
+ organizationId: z.string().optional(),
1075
+ collectionIds: z.array(z.string()).optional(),
1076
+ folderId: z.string().optional(),
1077
+ },
1078
+ _meta: toolMeta,
1079
+ }, async (input, extra) => {
1080
+ if (isReadOnly)
1081
+ return readonlyBlocked();
1082
+ const sdk = await deps.getSdk(extra.authInfo);
1083
+ const created = await sdk.createNote(input);
1084
+ return {
1085
+ structuredContent: { item: created },
1086
+ content: [{ type: 'text', text: 'Created.' }],
1087
+ };
1088
+ });
1089
+ server.registerTool(`${deps.toolPrefix}.create_ssh_key`, {
1090
+ title: 'Create SSH Key',
1091
+ description: 'Create an SSH key object (stored as secure note with fields).',
1092
+ inputSchema: {
1093
+ name: z.string(),
1094
+ publicKey: z.string(),
1095
+ privateKey: z.string(),
1096
+ fingerprint: z.string().optional(),
1097
+ comment: z.string().optional(),
1098
+ notes: z.string().optional(),
1099
+ favorite: z.boolean().optional(),
1100
+ organizationId: z.string().optional(),
1101
+ collectionIds: z.array(z.string()).optional(),
1102
+ folderId: z.string().optional(),
1103
+ },
1104
+ _meta: toolMeta,
1105
+ }, async (input, extra) => {
1106
+ if (isReadOnly)
1107
+ return readonlyBlocked();
1108
+ const sdk = await deps.getSdk(extra.authInfo);
1109
+ const created = await sdk.createSshKey(input);
1110
+ return {
1111
+ structuredContent: { item: created },
1112
+ content: [{ type: 'text', text: 'Created.' }],
1113
+ };
1114
+ });
1115
+ server.registerTool(`${deps.toolPrefix}.create_card`, {
1116
+ title: 'Create Card',
1117
+ description: 'Create a payment card item.',
1118
+ inputSchema: {
1119
+ name: z.string(),
1120
+ cardholderName: z.string().optional(),
1121
+ brand: z.string().optional(),
1122
+ number: z.string().optional(),
1123
+ expMonth: z.string().optional(),
1124
+ expYear: z.string().optional(),
1125
+ code: z.string().optional(),
1126
+ notes: z.string().optional(),
1127
+ fields: z
1128
+ .array(z.object({
1129
+ name: z.string(),
1130
+ value: z.string(),
1131
+ hidden: z.boolean().optional(),
1132
+ }))
1133
+ .optional(),
1134
+ favorite: z.boolean().optional(),
1135
+ organizationId: z.string().optional(),
1136
+ collectionIds: z.array(z.string()).optional(),
1137
+ folderId: z.string().optional(),
1138
+ },
1139
+ _meta: toolMeta,
1140
+ }, async (input, extra) => {
1141
+ if (isReadOnly)
1142
+ return readonlyBlocked();
1143
+ const sdk = await deps.getSdk(extra.authInfo);
1144
+ const created = await sdk.createCard(input);
1145
+ return {
1146
+ structuredContent: { item: created },
1147
+ content: [{ type: 'text', text: 'Created.' }],
1148
+ };
1149
+ });
1150
+ server.registerTool(`${deps.toolPrefix}.create_identity`, {
1151
+ title: 'Create Identity',
1152
+ description: 'Create an identity item.',
1153
+ inputSchema: {
1154
+ name: z.string(),
1155
+ identity: z
1156
+ .object({
1157
+ title: z.string().optional(),
1158
+ firstName: z.string().optional(),
1159
+ middleName: z.string().optional(),
1160
+ lastName: z.string().optional(),
1161
+ address1: z.string().optional(),
1162
+ address2: z.string().optional(),
1163
+ address3: z.string().optional(),
1164
+ city: z.string().optional(),
1165
+ state: z.string().optional(),
1166
+ postalCode: z.string().optional(),
1167
+ country: z.string().optional(),
1168
+ company: z.string().optional(),
1169
+ email: z.string().optional(),
1170
+ phone: z.string().optional(),
1171
+ ssn: z.string().optional(),
1172
+ username: z.string().optional(),
1173
+ passportNumber: z.string().optional(),
1174
+ licenseNumber: z.string().optional(),
1175
+ })
1176
+ .optional(),
1177
+ notes: z.string().optional(),
1178
+ fields: z
1179
+ .array(z.object({
1180
+ name: z.string(),
1181
+ value: z.string(),
1182
+ hidden: z.boolean().optional(),
1183
+ }))
1184
+ .optional(),
1185
+ favorite: z.boolean().optional(),
1186
+ organizationId: z.string().optional(),
1187
+ collectionIds: z.array(z.string()).optional(),
1188
+ folderId: z.string().optional(),
1189
+ },
1190
+ _meta: toolMeta,
1191
+ }, async (input, extra) => {
1192
+ if (isReadOnly)
1193
+ return readonlyBlocked();
1194
+ const sdk = await deps.getSdk(extra.authInfo);
1195
+ const created = await sdk.createIdentity(input);
1196
+ return {
1197
+ structuredContent: { item: created },
1198
+ content: [{ type: 'text', text: 'Created.' }],
1199
+ };
1200
+ });
1201
+ server.registerTool(`${deps.toolPrefix}.update_item`, {
1202
+ title: 'Update Item',
1203
+ description: 'Update selected fields of an item by id.',
1204
+ inputSchema: {
1205
+ id: z.string(),
1206
+ patch: z.object({
1207
+ name: z.string().optional(),
1208
+ notes: z.string().optional(),
1209
+ favorite: z.boolean().optional(),
1210
+ folderId: z.union([z.string(), z.null()]).optional(),
1211
+ collectionIds: z.array(z.string()).optional(),
1212
+ login: z
1213
+ .object({
1214
+ username: z.string().optional(),
1215
+ password: z.string().optional(),
1216
+ totp: z.string().optional(),
1217
+ uris: z
1218
+ .array(z.object({
1219
+ uri: z.string(),
1220
+ match: uriMatchInputSchema.optional(),
1221
+ }))
1222
+ .optional(),
1223
+ })
1224
+ .optional(),
1225
+ fields: z
1226
+ .array(z.object({
1227
+ name: z.string(),
1228
+ value: z.string(),
1229
+ hidden: z.boolean().optional(),
1230
+ }))
1231
+ .optional(),
1232
+ }),
1233
+ },
1234
+ _meta: toolMeta,
1235
+ }, async (input, extra) => {
1236
+ if (isReadOnly)
1237
+ return readonlyBlocked();
1238
+ const sdk = await deps.getSdk(extra.authInfo);
1239
+ const patch = input.patch;
1240
+ if (patch.login && Array.isArray(patch.login.uris)) {
1241
+ // Accept a couple of common match aliases at the MCP boundary.
1242
+ patch.login.uris = normalizeUrisInput(patch.login.uris);
1243
+ }
1244
+ const updated = await sdk.updateItem(input.id, patch);
1245
+ return {
1246
+ structuredContent: { item: updated },
1247
+ content: [{ type: 'text', text: 'Updated.' }],
1248
+ };
1249
+ });
1250
+ }