@itm-platform/mcp-server 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. package/README.md +173 -141
  2. package/package.json +2 -2
  3. package/dist/src/auth/api-key-auth.d.ts +0 -3
  4. package/dist/src/auth/api-key-auth.d.ts.map +0 -1
  5. package/dist/src/auth/api-key-auth.js +0 -53
  6. package/dist/src/auth/api-key-auth.js.map +0 -1
  7. package/dist/src/auth/effective-user-context.d.ts +0 -16
  8. package/dist/src/auth/effective-user-context.d.ts.map +0 -1
  9. package/dist/src/auth/effective-user-context.js +0 -9
  10. package/dist/src/auth/effective-user-context.js.map +0 -1
  11. package/dist/src/auth/license-resolver.d.ts +0 -6
  12. package/dist/src/auth/license-resolver.d.ts.map +0 -1
  13. package/dist/src/auth/license-resolver.js +0 -12
  14. package/dist/src/auth/license-resolver.js.map +0 -1
  15. package/dist/src/auth/oauth-auth.d.ts +0 -22
  16. package/dist/src/auth/oauth-auth.d.ts.map +0 -1
  17. package/dist/src/auth/oauth-auth.js +0 -34
  18. package/dist/src/auth/oauth-auth.js.map +0 -1
  19. package/dist/src/auth/oauth-metadata.d.ts +0 -10
  20. package/dist/src/auth/oauth-metadata.d.ts.map +0 -1
  21. package/dist/src/auth/oauth-metadata.js +0 -8
  22. package/dist/src/auth/oauth-metadata.js.map +0 -1
  23. package/dist/src/auth/token-extraction.d.ts +0 -2
  24. package/dist/src/auth/token-extraction.d.ts.map +0 -1
  25. package/dist/src/auth/token-extraction.js +0 -7
  26. package/dist/src/auth/token-extraction.js.map +0 -1
  27. package/dist/src/clients/audit-client.d.ts +0 -25
  28. package/dist/src/clients/audit-client.d.ts.map +0 -1
  29. package/dist/src/clients/audit-client.js +0 -37
  30. package/dist/src/clients/audit-client.js.map +0 -1
  31. package/dist/src/clients/datamart-client.d.ts +0 -16
  32. package/dist/src/clients/datamart-client.d.ts.map +0 -1
  33. package/dist/src/clients/datamart-client.js +0 -32
  34. package/dist/src/clients/datamart-client.js.map +0 -1
  35. package/dist/src/clients/index.d.ts +0 -18
  36. package/dist/src/clients/index.d.ts.map +0 -1
  37. package/dist/src/clients/index.js +0 -11
  38. package/dist/src/clients/index.js.map +0 -1
  39. package/dist/src/clients/rest-client.d.ts +0 -14
  40. package/dist/src/clients/rest-client.d.ts.map +0 -1
  41. package/dist/src/clients/rest-client.js +0 -29
  42. package/dist/src/clients/rest-client.js.map +0 -1
  43. package/dist/src/logger.d.ts +0 -3
  44. package/dist/src/logger.d.ts.map +0 -1
  45. package/dist/src/logger.js +0 -37
  46. package/dist/src/logger.js.map +0 -1
  47. package/dist/src/prompts/portfolio-overview.d.ts +0 -3
  48. package/dist/src/prompts/portfolio-overview.d.ts.map +0 -1
  49. package/dist/src/prompts/portfolio-overview.js +0 -21
  50. package/dist/src/prompts/portfolio-overview.js.map +0 -1
  51. package/dist/src/prompts/project-status.d.ts +0 -3
  52. package/dist/src/prompts/project-status.d.ts.map +0 -1
  53. package/dist/src/prompts/project-status.js +0 -24
  54. package/dist/src/prompts/project-status.js.map +0 -1
  55. package/dist/src/prompts/risk-analysis.d.ts +0 -3
  56. package/dist/src/prompts/risk-analysis.d.ts.map +0 -1
  57. package/dist/src/prompts/risk-analysis.js +0 -23
  58. package/dist/src/prompts/risk-analysis.js.map +0 -1
  59. package/dist/src/prompts/team-workload.d.ts +0 -3
  60. package/dist/src/prompts/team-workload.d.ts.map +0 -1
  61. package/dist/src/prompts/team-workload.js +0 -29
  62. package/dist/src/prompts/team-workload.js.map +0 -1
  63. package/dist/src/resources/calendars.d.ts +0 -4
  64. package/dist/src/resources/calendars.d.ts.map +0 -1
  65. package/dist/src/resources/calendars.js +0 -18
  66. package/dist/src/resources/calendars.js.map +0 -1
  67. package/dist/src/resources/schemas.d.ts +0 -4
  68. package/dist/src/resources/schemas.d.ts.map +0 -1
  69. package/dist/src/resources/schemas.js +0 -34
  70. package/dist/src/resources/schemas.js.map +0 -1
  71. package/dist/src/server.d.ts +0 -2
  72. package/dist/src/server.d.ts.map +0 -1
  73. package/dist/src/server.js +0 -213
  74. package/dist/src/server.js.map +0 -1
  75. package/dist/src/tools/datamart.d.ts +0 -17
  76. package/dist/src/tools/datamart.d.ts.map +0 -1
  77. package/dist/src/tools/datamart.js +0 -68
  78. package/dist/src/tools/datamart.js.map +0 -1
  79. package/dist/src/tools/financials.d.ts +0 -4
  80. package/dist/src/tools/financials.d.ts.map +0 -1
  81. package/dist/src/tools/financials.js +0 -50
  82. package/dist/src/tools/financials.js.map +0 -1
  83. package/dist/src/tools/graphql-queries.d.ts +0 -22
  84. package/dist/src/tools/graphql-queries.d.ts.map +0 -1
  85. package/dist/src/tools/graphql-queries.js +0 -26
  86. package/dist/src/tools/graphql-queries.js.map +0 -1
  87. package/dist/src/tools/portfolio.d.ts +0 -10
  88. package/dist/src/tools/portfolio.d.ts.map +0 -1
  89. package/dist/src/tools/portfolio.js +0 -54
  90. package/dist/src/tools/portfolio.js.map +0 -1
  91. package/dist/src/tools/projects.d.ts +0 -42
  92. package/dist/src/tools/projects.d.ts.map +0 -1
  93. package/dist/src/tools/projects.js +0 -73
  94. package/dist/src/tools/projects.js.map +0 -1
  95. package/dist/src/tools/reference-data.d.ts +0 -4
  96. package/dist/src/tools/reference-data.d.ts.map +0 -1
  97. package/dist/src/tools/reference-data.js +0 -19
  98. package/dist/src/tools/reference-data.js.map +0 -1
  99. package/dist/src/tools/risks-issues.d.ts +0 -4
  100. package/dist/src/tools/risks-issues.d.ts.map +0 -1
  101. package/dist/src/tools/risks-issues.js +0 -33
  102. package/dist/src/tools/risks-issues.js.map +0 -1
  103. package/dist/src/tools/services.d.ts +0 -41
  104. package/dist/src/tools/services.d.ts.map +0 -1
  105. package/dist/src/tools/services.js +0 -67
  106. package/dist/src/tools/services.js.map +0 -1
  107. package/dist/src/tools/tasks.d.ts +0 -4
  108. package/dist/src/tools/tasks.d.ts.map +0 -1
  109. package/dist/src/tools/tasks.js +0 -17
  110. package/dist/src/tools/tasks.js.map +0 -1
  111. package/dist/src/tools/users.d.ts +0 -4
  112. package/dist/src/tools/users.d.ts.map +0 -1
  113. package/dist/src/tools/users.js +0 -30
  114. package/dist/src/tools/users.js.map +0 -1
  115. package/dist/src/tools/write-tools.d.ts +0 -75
  116. package/dist/src/tools/write-tools.d.ts.map +0 -1
  117. package/dist/src/tools/write-tools.js +0 -193
  118. package/dist/src/tools/write-tools.js.map +0 -1
  119. package/dist/src/validation/query-validator.d.ts +0 -15
  120. package/dist/src/validation/query-validator.d.ts.map +0 -1
  121. package/dist/src/validation/query-validator.js +0 -141
  122. package/dist/src/validation/query-validator.js.map +0 -1
package/README.md CHANGED
@@ -1,193 +1,225 @@
1
- # ITM.MCP
1
+ # ITM Platform MCP Server
2
2
 
3
- > For cross-cutting documentation (debugging, database schema, environments, API versioning, build commands), see the [parent README](../README.md#documentation-index).
3
+ Connect ITM Platform to AI assistants through the [Model Context Protocol](https://modelcontextprotocol.io). The ITM Platform MCP server lets MCP-compatible clients search projects, inspect budgets, summarize portfolio health, create tasks, log risks and issues, and update project details using your ITM Platform permissions.
4
4
 
5
- MCP (Model Context Protocol) server for ITM Platform. Exposes project management data to AI assistants -- Claude, ChatGPT, VS Code Copilot, Cursor, JetBrains -- through a universal open protocol.
5
+ It works with Claude, VS Code, Cursor, OpenAI Codex, Windsurf, JetBrains AI Assistant, and any other client that supports MCP.
6
6
 
7
- **Status:** Phase 2 in progress -- 20 tools (15 read + 5 write), 6 resources, 4 prompts. OAuth scope enforcement, audit logging, and token exchange in place. 137 unit tests, 23 E2E tests.
7
+ - Public docs: [developers.itmplatform.com/mcp](https://developers.itmplatform.com/mcp/)
8
+ - npm package: [@itm-platform/mcp-server](https://www.npmjs.com/package/@itm-platform/mcp-server)
9
+ - Hosted MCP URL: `https://api.itmplatform.com/v2/_/mcp/`
8
10
 
9
- See [House Rules](../House-rules.md) for coding conventions.
11
+ ## Quick Start
10
12
 
11
- ## How it works
13
+ ### Hosted connection with OAuth
12
14
 
13
- MCP is a JSON-RPC 2.0 protocol that lets AI assistants discover and call tools on external servers. The server supports two transports:
15
+ Use the hosted server if your AI client supports remote MCP servers. There is nothing to install: add the URL, sign in with your ITM Platform account, and approve the requested access.
14
16
 
15
- - **HTTP + OAuth (recommended)** -- AI clients connect to a hosted URL and authenticate via OAuth 2.1 (PKCE). No local install needed.
16
- - **stdio** -- AI clients spawn the server as a local child process. Auth via API key.
17
-
18
- ```
19
- AI Client (Claude, Cursor, VS Code, Codex...)
20
- |
21
- | HTTP (remote) or stdio (local)
22
- v
23
- ITM.MCP Server
24
- | authenticates as the user, calls ITM APIs
25
- v
26
- ITM.API Gateway --> DataMart (GraphQL) + v2 REST (users, reference data)
17
+ ```bash
18
+ claude mcp add --scope user --transport http itm-platform https://api.itmplatform.com/v2/_/mcp/
27
19
  ```
28
20
 
29
- **Key point:** The AI model never sees user credentials. Auth is handled by the MCP server. The model only sees tool names, descriptions, and results.
21
+ For other MCP clients, use this remote URL:
30
22
 
31
- ### Three MCP primitives
23
+ ```text
24
+ https://api.itmplatform.com/v2/_/mcp/
25
+ ```
32
26
 
33
- | Primitive | Who controls it | What it does | Example |
34
- |-----------|----------------|--------------|---------|
35
- | **Tools** | AI model decides when to call | Executable read/write operations | `search_projects`, `get_project_budget` |
36
- | **Resources** | Client app loads as context | Read-only reference data (schemas, docs) | `itm://schema/component` |
37
- | **Prompts** | User triggers a workflow template | Pre-composed multi-tool request | `/project_status` fetches project + tasks + risks + budget in one shot |
27
+ OAuth is the recommended setup for most users because your AI client never sees your ITM Platform password or API key.
38
28
 
39
- ## Quick start
29
+ ### Local connection with an API key
30
+
31
+ Use the npm package if you prefer to run the server locally, work behind a firewall, or need to connect to a self-hosted ITM Platform instance.
40
32
 
41
33
  ```bash
42
- npm install
43
- cp .env.sample .env # edit with your credentials
44
- npm test # unit tests (124 tests)
45
- npm run build # compile TypeScript to dist/
46
- npm run dev # HTTP dev server on port 6170 (for testing with curl)
47
- npm run test:e2e # E2E tests (requires local ITM.API + DataMart)
34
+ npx @itm-platform/mcp-server
48
35
  ```
49
36
 
50
- ## End-user setup
37
+ Your MCP client must pass these environment variables to the server:
38
+
39
+ | Variable | Value |
40
+ |----------|-------|
41
+ | `ITM_API_URL` | `https://api.itmplatform.com` |
42
+ | `ITM_COMPANY` | Your company/account slug |
43
+ | `ITM_API_KEY` | Your personal API key from ITM Platform |
44
+
45
+ Example stdio configuration:
46
+
47
+ ```json
48
+ {
49
+ "mcpServers": {
50
+ "itm-platform": {
51
+ "command": "npx",
52
+ "args": ["@itm-platform/mcp-server"],
53
+ "env": {
54
+ "ITM_API_URL": "https://api.itmplatform.com",
55
+ "ITM_COMPANY": "{your-account}",
56
+ "ITM_API_KEY": "your-api-key"
57
+ }
58
+ }
59
+ }
60
+ }
61
+ ```
51
62
 
52
- For end-user setup instructions (OAuth, per-client configuration, npm package), see the [APIDocs site](APIDocs/).
63
+ To create an API key, log in to ITM Platform, open **My Profile**, and generate a key from the **API Key** section.
53
64
 
54
- **Quick connect (OAuth):**
65
+ ## What You Can Ask
55
66
 
56
- ```bash
57
- claude mcp add --scope user --transport http itm-platform https://api.itmplatform.com/v2/_/mcp/
58
- ```
67
+ Once connected, your AI assistant can use ITM Platform data in normal conversation:
59
68
 
60
- **Quick connect (npm, local):**
69
+ > "Which projects are behind schedule?"
61
70
 
62
- ```bash
63
- claude mcp add --scope user itm-platform -- npx @itm-platform/mcp-server
64
- ```
71
+ > "Give me a budget summary for the Digital Transformation program."
65
72
 
66
- ## Server configuration (development / deployment)
73
+ > "Create a high-priority task in Project Alpha due next Friday."
67
74
 
68
- | Variable | Stdio | HTTP+OAuth | Description |
69
- |----------|-------|------------|-------------|
70
- | `ITM_API_URL` | Required | Required | ITM.API base URL |
71
- | `ITM_COMPANY` | Required | -- | Company/tenant slug |
72
- | `ITM_API_KEY` | Required* | -- | Per-user API key (generate from My Profile) |
73
- | `ITM_TOKEN` | Required* | -- | Session token (alternative to API key) |
74
- | `PORT` | -- | Required | HTTP listen port |
75
- | `ITM_AUTH_URL` | -- | Required | Internal OAuth authorization server URL (used for token exchange) |
76
- | `ITM_AUTH_PUBLIC_URL` | -- | Required* | Public OAuth URL advertised to AI clients. Falls back to `ITM_AUTH_URL` |
77
- | `MCP_SERVER_URL` | -- | Required | MCP server public URL (OAuth audience) |
78
- | `LOG_LEVEL` | Optional | Optional | Pino log level: `debug`, `info`, `warn`, `error` (default: `info`) |
79
- | `ITM_AUDIT_ENABLED` | Optional | Optional | Enable audit logging to ITM backend |
75
+ > "What open risks exist across my portfolio?"
80
76
 
81
- \* One of `ITM_API_KEY` or `ITM_TOKEN` is required for stdio mode.
77
+ The MCP server authenticates as you, calls ITM Platform APIs, and returns only the data your ITM Platform account is allowed to access.
82
78
 
83
- In HTTP mode, if both `ITM_AUTH_URL` and `MCP_SERVER_URL` are set, OAuth is mandatory and every session must provide a Bearer token. If either is missing, the server runs in dev mode using the startup identity.
79
+ ## Capabilities
84
80
 
85
- On deployed environments, `ITM_AUTH_URL` points to `localhost` for internal server-to-server token exchange. `ITM_AUTH_PUBLIC_URL` must be set to the public URL so AI clients can discover the OAuth authorization server.
81
+ The server exposes 20 MCP tools, 6 resources, and 4 prompt templates.
86
82
 
87
- ## Tools (Phase 1 -- read-only)
83
+ ### Read Tools
88
84
 
89
- ### DataMart-backed (fast, single-query reads)
85
+ | Tool | What it does |
86
+ |------|--------------|
87
+ | `search_projects` | Find projects by name, status, type, or date range |
88
+ | `get_project` | Retrieve project details, including optional tasks, risks, issues, budget, purchases, and revenues |
89
+ | `search_services` | Find services by name, status, type, or date range |
90
+ | `get_service` | Retrieve service details |
91
+ | `list_project_tasks` | List tasks for a project |
92
+ | `get_project_budget` | Get budget, actuals, revenue, cost, and margin information |
93
+ | `get_project_purchases` | List purchase orders for a project |
94
+ | `get_project_revenues` | List revenue items for a project |
95
+ | `get_project_risks` | List project risks |
96
+ | `get_project_issues` | List project issues |
97
+ | `aggregate_portfolio` | Group and summarize portfolio data |
98
+ | `query_datamart` | Run validated DataMart queries for advanced analysis |
99
+ | `search_users` | Find users and team members |
100
+ | `get_user` | Retrieve user details |
101
+ | `get_reference_data` | Retrieve statuses, types, priorities, and other reference lists |
90
102
 
91
- | Tool | Description |
92
- |------|-------------|
93
- | `search_projects` | Find projects by name, status, type, date range |
94
- | `search_services` | Find services by name, status, type, date range |
95
- | `get_project` | Full project details with optional subcomponents (tasks, risks, budget, etc.) |
96
- | `get_service` | Full service details with optional subcomponents |
97
- | `list_project_tasks` | Tasks for a project |
98
- | `get_project_risks` | Risks for a project |
99
- | `get_project_issues` | Issues for a project |
100
- | `get_project_budget` | Budget summary (top-down, bottom-up, actual, period-end close) |
101
- | `get_project_purchases` | Purchase orders for a project |
102
- | `get_project_revenues` | Revenue items for a project |
103
- | `aggregate_portfolio` | Portfolio analytics -- group, count, sum, avg across all projects |
104
- | `query_datamart` | Raw DataMart query for advanced analysis (validated, safe operators only) |
103
+ ### Write Tools
105
104
 
106
- ### v2 REST-backed (users, reference data)
105
+ | Tool | What it does |
106
+ |------|--------------|
107
+ | `create_task` | Add a task to a project |
108
+ | `update_task` | Update task fields such as status, dates, assignee, and progress |
109
+ | `create_risk` | Log a project risk |
110
+ | `create_issue` | Log a project issue |
111
+ | `update_project` | Update project fields such as name, status, dates, and priority |
107
112
 
108
- | Tool | Description |
109
- |------|-------------|
110
- | `search_users` | Find team members |
111
- | `get_user` | User details |
112
- | `get_reference_data` | Status lists, types, priorities for any entity |
113
+ Write operations confirm the saved state from the ITM Platform REST API. DataMart-backed search results may take up to 60 seconds to reflect recent writes.
113
114
 
114
- ### Write tools (Phase 2 -- v2 REST-backed)
115
+ ### Resources and Prompts
115
116
 
116
- | Tool | Description |
117
- |------|-------------|
118
- | `create_task` | Create a new task in a project |
119
- | `update_task` | PATCH task fields (status, dates, assignee, progress) |
120
- | `create_risk` | Log a new risk in a project |
121
- | `create_issue` | Log a new issue in a project |
122
- | `update_project` | PATCH project fields (name, status, dates, priority) |
117
+ Resources give AI clients read-only context such as DataMart schemas and project calendars. Prompt templates provide guided workflows for common analysis tasks:
123
118
 
124
- Write tools return confirmed state from v2 REST (source of truth). Subsequent DataMart reads may lag 5-60 seconds due to eventual consistency -- this is noted in every write response.
119
+ | Prompt | What it helps with |
120
+ |--------|--------------------|
121
+ | `/project_status` | Summarize health, tasks, risks, issues, and budget for one project |
122
+ | `/portfolio_overview` | Analyze portfolio status, methodology, budget, and delivery patterns |
123
+ | `/team_workload` | Review assignments and workload patterns |
124
+ | `/risk_analysis` | Assess risk exposure, issues, and budget impact |
125
125
 
126
- ## Prompts
126
+ ## Authentication and Permissions
127
127
 
128
- Workflow templates the user can trigger. The MCP server returns a pre-composed message that instructs the AI to call the right tools.
128
+ The MCP server uses the same identity and permission model as ITM Platform.
129
129
 
130
- | Prompt | What it does |
131
- |--------|-------------|
132
- | `/project_status` | Fetches project + tasks + risks + budget, asks AI to summarize |
133
- | `/portfolio_overview` | Aggregates projects by status/methodology/budget, asks AI for health overview |
134
- | `/team_workload` | Fetches users + assignments, asks AI for workload analysis |
135
- | `/risk_analysis` | Fetches risks + issues + budget, asks AI for risk assessment |
130
+ | Connection method | Authentication | Best for |
131
+ |-------------------|----------------|----------|
132
+ | Hosted HTTP | OAuth 2.1 with PKCE | Most users and managed AI clients |
133
+ | Local stdio | ITM Platform API key | Local execution, firewalled networks, self-hosted environments |
136
134
 
137
- ## Architecture
135
+ OAuth sessions use scopes:
138
136
 
139
- ```
140
- src/
141
- server.ts # MCP server bootstrap (stdio + HTTP, per-session auth)
142
- instrument-server.ts # Tool-call logging + audit wrapper (wraps registerTool)
143
- logger.ts # Pino logger factory (stderr + rotating file in logs/mcp.log)
144
- auth/
145
- effective-user-context.ts # User identity type
146
- api-key-auth.ts # API key auth, calls /resolve/identity
147
- license-resolver.ts # License type -> access level
148
- oauth-auth.ts # Phase 2: OAuth token exchange
149
- oauth-metadata.ts # Phase 2: /.well-known/oauth-protected-resource
150
- token-extraction.ts # Bearer token extraction from headers
151
- clients/
152
- datamart-client.ts # DataMart GraphQL through gateway
153
- rest-client.ts # v2 REST through gateway (GET, POST, PATCH)
154
- audit-client.ts # Phase 2: audit logging (fire-and-forget)
155
- tools/ # One file per tool group
156
- write-tools.ts # Phase 2: create/update tools (task, risk, issue, project)
157
- resources/ # Schema + calendar resources
158
- prompts/ # Workflow templates
159
- validation/
160
- query-validator.ts # Allowlist of safe MongoDB operators
161
- ```
137
+ | Scope | Allows |
138
+ |-------|--------|
139
+ | `mcp:read` | Read-only tools such as search, get, list, aggregate, and query |
140
+ | `mcp:write` | Read tools plus create and update tools |
141
+
142
+ API key sessions use the full permissions of the ITM Platform user who generated the key.
143
+
144
+ License access:
145
+
146
+ | License | MCP access |
147
+ |---------|------------|
148
+ | Company Admin | Full read and write access |
149
+ | Full User | Full read and write access |
150
+ | Project Manager | Not yet available |
151
+ | Team Member | Blocked |
162
152
 
163
- ## Access control
153
+ Your AI assistant does not receive your ITM Platform password or API key. Project data is returned to the AI client you choose, so the AI provider's data-handling policy applies to any data it processes.
164
154
 
165
- | License type | Access |
166
- |-------------|--------|
167
- | CompanyAdmin | Full |
168
- | FullUser | Full |
169
- | ProjectManager | Blocked in Phase 1 (requires gateway PM-scope injection -- Phase 2) |
170
- | TeamMember | Blocked |
155
+ ## Client Setup
171
156
 
172
- **OAuth scope enforcement:** OAuth sessions respect granted scopes. Sessions with `mcp:read` only see 15 read tools; `mcp:write` is required to see and use write tools. API-key/stdio sessions get all tools unconditionally (backward compatible).
157
+ Use the public docs for client-specific setup:
173
158
 
174
- ## Logging
159
+ - [Claude Code, Claude Desktop, VS Code, Cursor, Codex, Windsurf, and JetBrains](https://developers.itmplatform.com/mcp/#ai-clients)
160
+ - [Connect with OAuth](https://developers.itmplatform.com/mcp/#setup-oauth)
161
+ - [Connect with an API key](https://developers.itmplatform.com/mcp/#setup-stdio)
162
+ - [Troubleshooting](https://developers.itmplatform.com/mcp/#troubleshooting)
175
163
 
176
- Uses [Pino](https://getpino.io/) (same as DataMart and MSTeamsBot). Logs go to two destinations:
164
+ For any MCP-compatible client, the two connection values are:
177
165
 
178
- - **stderr** -- pretty-printed, colorized (stdout is reserved for the MCP JSON-RPC protocol)
179
- - **`logs/mcp.log`** -- rotating file relative to the MCP application root, 10 MB max, keeps 5 old files (skipped in test)
166
+ | Method | Value |
167
+ |--------|-------|
168
+ | Remote URL | `https://api.itmplatform.com/v2/_/mcp/` |
169
+ | Local command | `npx @itm-platform/mcp-server` |
170
+
171
+ ## Self-Hosting
172
+
173
+ For a local stdio server, configure `ITM_API_URL`, `ITM_COMPANY`, and either `ITM_API_KEY` or `ITM_TOKEN`.
174
+
175
+ For an HTTP server with OAuth, configure:
176
+
177
+ | Variable | Description |
178
+ |----------|-------------|
179
+ | `ITM_API_URL` | ITM Platform API gateway URL |
180
+ | `PORT` | HTTP listen port |
181
+ | `ITM_AUTH_URL` | OAuth authorization server URL used for token exchange |
182
+ | `ITM_AUTH_PUBLIC_URL` | Public OAuth URL advertised to AI clients |
183
+ | `MCP_SERVER_URL` | Public MCP server URL used as the OAuth audience |
184
+ | `LOG_LEVEL` | Optional Pino log level: `debug`, `info`, `warn`, or `error` |
185
+ | `ITM_AUDIT_ENABLED` | Enables server-side audit logging when set to `true` |
186
+
187
+ When deployed behind a reverse proxy, `ITM_AUTH_URL` can point to a server-to-server address while `ITM_AUTH_PUBLIC_URL` must be reachable by AI clients.
188
+
189
+ ## Development
190
+
191
+ Requirements:
192
+
193
+ - Node.js 20 or later
194
+ - npm
195
+
196
+ Install dependencies, run tests, and build:
197
+
198
+ ```bash
199
+ npm install
200
+ npm test
201
+ npm run build
202
+ ```
203
+
204
+ Run the HTTP development server:
205
+
206
+ ```bash
207
+ cp .env.sample .env
208
+ npm run dev
209
+ ```
180
210
 
181
- Set `LOG_LEVEL` in `.env` to control verbosity (`debug`, `info`, `warn`, `error`; default: `info`). All log entries include `{ service: 'mcp', app: 'ITM.MCP' }` base fields and ISO timestamps.
211
+ The package entry point is `dist/server.js`; the npm executable is `mcp-server`.
182
212
 
183
- HTTP clients (DataMart, REST) log at `debug` level on success (with duration in ms) and `error` on failure.
213
+ ## Troubleshooting
184
214
 
185
- **Tool-call logging:** Every MCP tool invocation is logged at `info` level with tool name, userId, and aiClientId. Completion is logged at `debug` with duration in ms. Failures are logged at `error`.
215
+ If tools do not appear in your AI client, confirm that the server configuration is in the correct file for that client, restart the client, and check that `npx @itm-platform/mcp-server` runs successfully for local setups.
186
216
 
187
- **Audit:** When `ITM_AUDIT_ENABLED=true`, every tool call (read and write) sends an audit entry to the ITM backend (`/v2/{company}/mcp/audit`). Audit is fire-and-forget -- failures do not affect tool execution. Each entry includes: timestamp, userId, accountId, toolName, parametersHash (SHA-256), success, error (if any), aiClientId, durationMs.
217
+ If authentication fails, regenerate your API key or reconnect the OAuth server so your client receives a fresh token.
188
218
 
189
- ## Specification
219
+ If a write succeeds but a later search shows old data, wait up to 60 seconds. Writes are confirmed from the REST API immediately, while DataMart search indexes update asynchronously.
190
220
 
191
- Full design, architecture decisions, phased rollout, and E2E test details:
221
+ ## More Help
192
222
 
193
- - [SPEC_MCP_SERVER.md](zz_Specifications/SPEC_MCP_SERVER.md)
223
+ - MCP docs: [modelcontextprotocol.io](https://modelcontextprotocol.io)
224
+ - ITM Platform help: [help.itmplatform.com](https://help.itmplatform.com)
225
+ - ITM Platform developer docs: [developers.itmplatform.com/documentation](https://developers.itmplatform.com/documentation)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@itm-platform/mcp-server",
3
- "version": "1.0.0",
3
+ "version": "1.0.2",
4
4
  "description": "MCP server for ITM Platform",
5
5
  "type": "module",
6
6
  "main": "dist/server.js",
@@ -22,7 +22,7 @@
22
22
  ],
23
23
  "scripts": {
24
24
  "dev": "cross-env PORT=6170 node --env-file=.env --import tsx src/server.ts",
25
- "build": "tsc",
25
+ "build": "node scripts/increase-package-version.mjs && tsc",
26
26
  "start": "node dist/server.js",
27
27
  "test": "vitest run",
28
28
  "test:integration": "vitest run --config vitest.integration.config.ts",
@@ -1,3 +0,0 @@
1
- import { EffectiveUserContext } from './effective-user-context.js';
2
- export declare function resolveIdentity(): Promise<EffectiveUserContext>;
3
- //# sourceMappingURL=api-key-auth.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"api-key-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/api-key-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AA0BnE,wBAAsB,eAAe,IAAI,OAAO,CAAC,oBAAoB,CAAC,CA6CrE"}
@@ -1,53 +0,0 @@
1
- import { resolveLicenseAccess } from './license-resolver.js';
2
- function resolveAuthHeaders() {
3
- const apiKey = process.env.ITM_API_KEY;
4
- const token = process.env.ITM_TOKEN;
5
- if (apiKey) {
6
- return { source: 'api-key', headers: { 'Authorization': `Bearer ${apiKey}` } };
7
- }
8
- if (token) {
9
- return { source: 'token', headers: { 'Token': token } };
10
- }
11
- throw new Error('Missing required environment variable: ITM_API_KEY or ITM_TOKEN');
12
- }
13
- export async function resolveIdentity() {
14
- const apiUrl = process.env.ITM_API_URL;
15
- const company = process.env.ITM_COMPANY;
16
- if (!apiUrl)
17
- throw new Error('Missing required environment variable: ITM_API_URL');
18
- if (!company)
19
- throw new Error('Missing required environment variable: ITM_COMPANY');
20
- const { source, headers: authHeaders } = resolveAuthHeaders();
21
- const url = `${apiUrl}/v2/${company}/resolve/identity`;
22
- const response = await fetch(url, {
23
- method: 'POST',
24
- headers: {
25
- ...authHeaders,
26
- 'Content-Type': 'application/json',
27
- },
28
- });
29
- if (!response.ok) {
30
- throw new Error(`Identity resolution failed: ${response.status} ${response.statusText}`);
31
- }
32
- const identity = await response.json();
33
- const { dataMartAccess, pmScopeUserId } = resolveLicenseAccess(identity.licenseTypeIds, identity.userId);
34
- if (dataMartAccess === 'pm-scoped') {
35
- throw new Error('PM-only access is not yet available for MCP. It will arrive with hosted MCP (Phase 2) or gateway scope injection.');
36
- }
37
- if (dataMartAccess === 'none') {
38
- throw new Error('Team Member access is not available for MCP.');
39
- }
40
- return {
41
- source,
42
- company,
43
- accountId: identity.accountId,
44
- userId: identity.userId,
45
- languageId: identity.languageId,
46
- email: identity.email,
47
- licenseTypeIds: identity.licenseTypeIds,
48
- dataMartAccess,
49
- pmScopeUserId,
50
- authHeaders,
51
- };
52
- }
53
- //# sourceMappingURL=api-key-auth.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"api-key-auth.js","sourceRoot":"","sources":["../../../src/auth/api-key-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAY7D,SAAS,kBAAkB;IACzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACvC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;IAEpC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,eAAe,EAAE,UAAU,MAAM,EAAE,EAAE,EAAE,CAAC;IACjF,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC;IAC1D,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;AACrF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACvC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACxC,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACnF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IAEpF,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAE9D,MAAM,GAAG,GAAG,GAAG,MAAM,OAAO,OAAO,mBAAmB,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,GAAG,WAAW;YACd,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,QAAQ,GAAqB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACzD,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,GAAG,oBAAoB,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEzG,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,mHAAmH,CACpH,CAAC;IACJ,CAAC;IACD,IAAI,cAAc,KAAK,MAAM,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,OAAO;QACL,MAAM;QACN,OAAO;QACP,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,cAAc,EAAE,QAAQ,CAAC,cAAc;QACvC,cAAc;QACd,aAAa;QACb,WAAW;KACZ,CAAC;AACJ,CAAC"}
@@ -1,16 +0,0 @@
1
- export interface EffectiveUserContext {
2
- source: 'api-key' | 'token';
3
- company: string;
4
- accountId: number;
5
- userId: number;
6
- languageId: number;
7
- email: string;
8
- licenseTypeIds: number[];
9
- dataMartAccess: 'full' | 'pm-scoped' | 'none';
10
- pmScopeUserId?: number;
11
- authHeaders: Record<string, string>;
12
- grantedScopes?: string[];
13
- }
14
- export declare const WRITE_TOOL_NAMES: Set<string>;
15
- export declare function hasScope(ctx: EffectiveUserContext, scope: string): boolean;
16
- //# sourceMappingURL=effective-user-context.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"effective-user-context.d.ts","sourceRoot":"","sources":["../../../src/auth/effective-user-context.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,eAAO,MAAM,gBAAgB,aAE3B,CAAC;AAEH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAG1E"}
@@ -1,9 +0,0 @@
1
- export const WRITE_TOOL_NAMES = new Set([
2
- 'create_task', 'update_task', 'create_risk', 'create_issue', 'update_project',
3
- ]);
4
- export function hasScope(ctx, scope) {
5
- if (!ctx.grantedScopes)
6
- return true;
7
- return ctx.grantedScopes.includes(scope);
8
- }
9
- //# sourceMappingURL=effective-user-context.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"effective-user-context.js","sourceRoot":"","sources":["../../../src/auth/effective-user-context.ts"],"names":[],"mappings":"AAcA,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IACtC,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB;CAC9E,CAAC,CAAC;AAEH,MAAM,UAAU,QAAQ,CAAC,GAAyB,EAAE,KAAa;IAC/D,IAAI,CAAC,GAAG,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC3C,CAAC"}
@@ -1,6 +0,0 @@
1
- export interface LicenseAccessResult {
2
- dataMartAccess: 'full' | 'pm-scoped' | 'none';
3
- pmScopeUserId?: number;
4
- }
5
- export declare function resolveLicenseAccess(licenseTypeIds: number[], userId: number): LicenseAccessResult;
6
- //# sourceMappingURL=license-resolver.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"license-resolver.d.ts","sourceRoot":"","sources":["../../../src/auth/license-resolver.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAKD,wBAAgB,oBAAoB,CAAC,cAAc,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAQlG"}
@@ -1,12 +0,0 @@
1
- const FULL_ACCESS_TYPES = new Set([0, 1]);
2
- const PM_TYPE = 2;
3
- export function resolveLicenseAccess(licenseTypeIds, userId) {
4
- if (licenseTypeIds.some(id => FULL_ACCESS_TYPES.has(id))) {
5
- return { dataMartAccess: 'full' };
6
- }
7
- if (licenseTypeIds.includes(PM_TYPE)) {
8
- return { dataMartAccess: 'pm-scoped', pmScopeUserId: userId };
9
- }
10
- return { dataMartAccess: 'none' };
11
- }
12
- //# sourceMappingURL=license-resolver.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"license-resolver.js","sourceRoot":"","sources":["../../../src/auth/license-resolver.ts"],"names":[],"mappings":"AAKA,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC1C,MAAM,OAAO,GAAG,CAAC,CAAC;AAElB,MAAM,UAAU,oBAAoB,CAAC,cAAwB,EAAE,MAAc;IAC3E,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC;IACpC,CAAC;IACD,IAAI,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC;IAChE,CAAC;IACD,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC;AACpC,CAAC"}
@@ -1,22 +0,0 @@
1
- import type { Logger } from 'pino';
2
- import type { EffectiveUserContext } from './effective-user-context.js';
3
- export interface TokenExchangeResult {
4
- sessionToken: string;
5
- userId: number;
6
- accountId: number;
7
- company: string;
8
- email: string;
9
- languageId: number;
10
- licenseTypeIds: number[];
11
- dataMartAccess: 'full' | 'pm-scoped' | 'none';
12
- pmScopeUserId?: number;
13
- expiresAt: string;
14
- scope: string;
15
- }
16
- export interface OAuthConfig {
17
- tokenExchangeUrl: string;
18
- audience: string;
19
- }
20
- export declare function exchangeToken(oauthToken: string, config: OAuthConfig, log?: Logger): Promise<TokenExchangeResult>;
21
- export declare function buildEffectiveUserContextFromExchange(result: TokenExchangeResult): EffectiveUserContext;
22
- //# sourceMappingURL=oauth-auth.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/oauth-auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAExE,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAsB,aAAa,CACjC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,WAAW,EACnB,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,mBAAmB,CAAC,CAoB9B;AAED,wBAAgB,qCAAqC,CAAC,MAAM,EAAE,mBAAmB,GAAG,oBAAoB,CAcvG"}
@@ -1,34 +0,0 @@
1
- export async function exchangeToken(oauthToken, config, log) {
2
- log?.debug({ url: config.tokenExchangeUrl }, 'Token exchange request');
3
- const response = await fetch(config.tokenExchangeUrl, {
4
- method: 'POST',
5
- headers: {
6
- 'Content-Type': 'application/json',
7
- 'Authorization': `Bearer ${oauthToken}`,
8
- },
9
- body: JSON.stringify({ audience: config.audience }),
10
- });
11
- if (!response.ok) {
12
- log?.error({ status: response.status }, 'Token exchange failed');
13
- throw new Error(`Token exchange failed: ${response.status} ${response.statusText}`);
14
- }
15
- const result = await response.json();
16
- log?.info({ userId: result.userId, company: result.company }, 'Token exchange succeeded');
17
- return result;
18
- }
19
- export function buildEffectiveUserContextFromExchange(result) {
20
- return {
21
- source: 'token',
22
- company: result.company,
23
- accountId: result.accountId,
24
- userId: result.userId,
25
- languageId: result.languageId,
26
- email: result.email,
27
- licenseTypeIds: result.licenseTypeIds,
28
- dataMartAccess: result.dataMartAccess,
29
- pmScopeUserId: result.pmScopeUserId,
30
- grantedScopes: result.scope.split(' ').filter(Boolean),
31
- authHeaders: { 'Token': result.sessionToken },
32
- };
33
- }
34
- //# sourceMappingURL=oauth-auth.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-auth.js","sourceRoot":"","sources":["../../../src/auth/oauth-auth.ts"],"names":[],"mappings":"AAsBA,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAkB,EAClB,MAAmB,EACnB,GAAY;IAEZ,GAAG,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,gBAAgB,EAAE,EAAE,wBAAwB,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE;QACpD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,UAAU,UAAU,EAAE;SACxC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;KACpD,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,GAAG,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyB,CAAC;IAC5D,GAAG,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,EAAE,0BAA0B,CAAC,CAAC;IAC1F,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,qCAAqC,CAAC,MAA2B;IAC/E,OAAO;QACL,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,aAAa,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QACtD,WAAW,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,YAAY,EAAE;KAC9C,CAAC;AACJ,CAAC"}
@@ -1,10 +0,0 @@
1
- export interface ProtectedResourceMetadata {
2
- resource: string;
3
- authorization_servers: string[];
4
- scopes_supported: string[];
5
- }
6
- export declare function buildProtectedResourceMetadata(config: {
7
- mcpServerUrl: string;
8
- authorizationServerUrl: string;
9
- }): ProtectedResourceMetadata;
10
- //# sourceMappingURL=oauth-metadata.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-metadata.d.ts","sourceRoot":"","sources":["../../../src/auth/oauth-metadata.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,wBAAgB,8BAA8B,CAAC,MAAM,EAAE;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,sBAAsB,EAAE,MAAM,CAAC;CAChC,GAAG,yBAAyB,CAM5B"}
@@ -1,8 +0,0 @@
1
- export function buildProtectedResourceMetadata(config) {
2
- return {
3
- resource: config.mcpServerUrl,
4
- authorization_servers: [config.authorizationServerUrl],
5
- scopes_supported: ['mcp:read', 'mcp:write'],
6
- };
7
- }
8
- //# sourceMappingURL=oauth-metadata.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-metadata.js","sourceRoot":"","sources":["../../../src/auth/oauth-metadata.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,8BAA8B,CAAC,MAG9C;IACC,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,YAAY;QAC7B,qBAAqB,EAAE,CAAC,MAAM,CAAC,sBAAsB,CAAC;QACtD,gBAAgB,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;KAC5C,CAAC;AACJ,CAAC"}
@@ -1,2 +0,0 @@
1
- export declare function extractBearerToken(headers: Record<string, string | undefined>): string | undefined;
2
- //# sourceMappingURL=token-extraction.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"token-extraction.d.ts","sourceRoot":"","sources":["../../../src/auth/token-extraction.ts"],"names":[],"mappings":"AAAA,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GAAG,MAAM,GAAG,SAAS,CAIlG"}