@itm-platform/mcp-server 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +173 -141
- package/package.json +2 -2
- package/dist/src/auth/api-key-auth.d.ts +0 -3
- package/dist/src/auth/api-key-auth.d.ts.map +0 -1
- package/dist/src/auth/api-key-auth.js +0 -53
- package/dist/src/auth/api-key-auth.js.map +0 -1
- package/dist/src/auth/effective-user-context.d.ts +0 -16
- package/dist/src/auth/effective-user-context.d.ts.map +0 -1
- package/dist/src/auth/effective-user-context.js +0 -9
- package/dist/src/auth/effective-user-context.js.map +0 -1
- package/dist/src/auth/license-resolver.d.ts +0 -6
- package/dist/src/auth/license-resolver.d.ts.map +0 -1
- package/dist/src/auth/license-resolver.js +0 -12
- package/dist/src/auth/license-resolver.js.map +0 -1
- package/dist/src/auth/oauth-auth.d.ts +0 -22
- package/dist/src/auth/oauth-auth.d.ts.map +0 -1
- package/dist/src/auth/oauth-auth.js +0 -34
- package/dist/src/auth/oauth-auth.js.map +0 -1
- package/dist/src/auth/oauth-metadata.d.ts +0 -10
- package/dist/src/auth/oauth-metadata.d.ts.map +0 -1
- package/dist/src/auth/oauth-metadata.js +0 -8
- package/dist/src/auth/oauth-metadata.js.map +0 -1
- package/dist/src/auth/token-extraction.d.ts +0 -2
- package/dist/src/auth/token-extraction.d.ts.map +0 -1
- package/dist/src/auth/token-extraction.js +0 -7
- package/dist/src/auth/token-extraction.js.map +0 -1
- package/dist/src/clients/audit-client.d.ts +0 -25
- package/dist/src/clients/audit-client.d.ts.map +0 -1
- package/dist/src/clients/audit-client.js +0 -37
- package/dist/src/clients/audit-client.js.map +0 -1
- package/dist/src/clients/datamart-client.d.ts +0 -16
- package/dist/src/clients/datamart-client.d.ts.map +0 -1
- package/dist/src/clients/datamart-client.js +0 -32
- package/dist/src/clients/datamart-client.js.map +0 -1
- package/dist/src/clients/index.d.ts +0 -18
- package/dist/src/clients/index.d.ts.map +0 -1
- package/dist/src/clients/index.js +0 -11
- package/dist/src/clients/index.js.map +0 -1
- package/dist/src/clients/rest-client.d.ts +0 -14
- package/dist/src/clients/rest-client.d.ts.map +0 -1
- package/dist/src/clients/rest-client.js +0 -29
- package/dist/src/clients/rest-client.js.map +0 -1
- package/dist/src/logger.d.ts +0 -3
- package/dist/src/logger.d.ts.map +0 -1
- package/dist/src/logger.js +0 -37
- package/dist/src/logger.js.map +0 -1
- package/dist/src/prompts/portfolio-overview.d.ts +0 -3
- package/dist/src/prompts/portfolio-overview.d.ts.map +0 -1
- package/dist/src/prompts/portfolio-overview.js +0 -21
- package/dist/src/prompts/portfolio-overview.js.map +0 -1
- package/dist/src/prompts/project-status.d.ts +0 -3
- package/dist/src/prompts/project-status.d.ts.map +0 -1
- package/dist/src/prompts/project-status.js +0 -24
- package/dist/src/prompts/project-status.js.map +0 -1
- package/dist/src/prompts/risk-analysis.d.ts +0 -3
- package/dist/src/prompts/risk-analysis.d.ts.map +0 -1
- package/dist/src/prompts/risk-analysis.js +0 -23
- package/dist/src/prompts/risk-analysis.js.map +0 -1
- package/dist/src/prompts/team-workload.d.ts +0 -3
- package/dist/src/prompts/team-workload.d.ts.map +0 -1
- package/dist/src/prompts/team-workload.js +0 -29
- package/dist/src/prompts/team-workload.js.map +0 -1
- package/dist/src/resources/calendars.d.ts +0 -4
- package/dist/src/resources/calendars.d.ts.map +0 -1
- package/dist/src/resources/calendars.js +0 -18
- package/dist/src/resources/calendars.js.map +0 -1
- package/dist/src/resources/schemas.d.ts +0 -4
- package/dist/src/resources/schemas.d.ts.map +0 -1
- package/dist/src/resources/schemas.js +0 -34
- package/dist/src/resources/schemas.js.map +0 -1
- package/dist/src/server.d.ts +0 -2
- package/dist/src/server.d.ts.map +0 -1
- package/dist/src/server.js +0 -213
- package/dist/src/server.js.map +0 -1
- package/dist/src/tools/datamart.d.ts +0 -17
- package/dist/src/tools/datamart.d.ts.map +0 -1
- package/dist/src/tools/datamart.js +0 -68
- package/dist/src/tools/datamart.js.map +0 -1
- package/dist/src/tools/financials.d.ts +0 -4
- package/dist/src/tools/financials.d.ts.map +0 -1
- package/dist/src/tools/financials.js +0 -50
- package/dist/src/tools/financials.js.map +0 -1
- package/dist/src/tools/graphql-queries.d.ts +0 -22
- package/dist/src/tools/graphql-queries.d.ts.map +0 -1
- package/dist/src/tools/graphql-queries.js +0 -26
- package/dist/src/tools/graphql-queries.js.map +0 -1
- package/dist/src/tools/portfolio.d.ts +0 -10
- package/dist/src/tools/portfolio.d.ts.map +0 -1
- package/dist/src/tools/portfolio.js +0 -54
- package/dist/src/tools/portfolio.js.map +0 -1
- package/dist/src/tools/projects.d.ts +0 -42
- package/dist/src/tools/projects.d.ts.map +0 -1
- package/dist/src/tools/projects.js +0 -73
- package/dist/src/tools/projects.js.map +0 -1
- package/dist/src/tools/reference-data.d.ts +0 -4
- package/dist/src/tools/reference-data.d.ts.map +0 -1
- package/dist/src/tools/reference-data.js +0 -19
- package/dist/src/tools/reference-data.js.map +0 -1
- package/dist/src/tools/risks-issues.d.ts +0 -4
- package/dist/src/tools/risks-issues.d.ts.map +0 -1
- package/dist/src/tools/risks-issues.js +0 -33
- package/dist/src/tools/risks-issues.js.map +0 -1
- package/dist/src/tools/services.d.ts +0 -41
- package/dist/src/tools/services.d.ts.map +0 -1
- package/dist/src/tools/services.js +0 -67
- package/dist/src/tools/services.js.map +0 -1
- package/dist/src/tools/tasks.d.ts +0 -4
- package/dist/src/tools/tasks.d.ts.map +0 -1
- package/dist/src/tools/tasks.js +0 -17
- package/dist/src/tools/tasks.js.map +0 -1
- package/dist/src/tools/users.d.ts +0 -4
- package/dist/src/tools/users.d.ts.map +0 -1
- package/dist/src/tools/users.js +0 -30
- package/dist/src/tools/users.js.map +0 -1
- package/dist/src/tools/write-tools.d.ts +0 -75
- package/dist/src/tools/write-tools.d.ts.map +0 -1
- package/dist/src/tools/write-tools.js +0 -193
- package/dist/src/tools/write-tools.js.map +0 -1
- package/dist/src/validation/query-validator.d.ts +0 -15
- package/dist/src/validation/query-validator.d.ts.map +0 -1
- package/dist/src/validation/query-validator.js +0 -141
- package/dist/src/validation/query-validator.js.map +0 -1
package/README.md
CHANGED
|
@@ -1,193 +1,225 @@
|
|
|
1
|
-
# ITM
|
|
1
|
+
# ITM Platform MCP Server
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Connect ITM Platform to AI assistants through the [Model Context Protocol](https://modelcontextprotocol.io). The ITM Platform MCP server lets MCP-compatible clients search projects, inspect budgets, summarize portfolio health, create tasks, log risks and issues, and update project details using your ITM Platform permissions.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
It works with Claude, VS Code, Cursor, OpenAI Codex, Windsurf, JetBrains AI Assistant, and any other client that supports MCP.
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
- Public docs: [developers.itmplatform.com/mcp](https://developers.itmplatform.com/mcp/)
|
|
8
|
+
- npm package: [@itm-platform/mcp-server](https://www.npmjs.com/package/@itm-platform/mcp-server)
|
|
9
|
+
- Hosted MCP URL: `https://api.itmplatform.com/v2/_/mcp/`
|
|
8
10
|
|
|
9
|
-
|
|
11
|
+
## Quick Start
|
|
10
12
|
|
|
11
|
-
|
|
13
|
+
### Hosted connection with OAuth
|
|
12
14
|
|
|
13
|
-
|
|
15
|
+
Use the hosted server if your AI client supports remote MCP servers. There is nothing to install: add the URL, sign in with your ITM Platform account, and approve the requested access.
|
|
14
16
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
```
|
|
19
|
-
AI Client (Claude, Cursor, VS Code, Codex...)
|
|
20
|
-
|
|
|
21
|
-
| HTTP (remote) or stdio (local)
|
|
22
|
-
v
|
|
23
|
-
ITM.MCP Server
|
|
24
|
-
| authenticates as the user, calls ITM APIs
|
|
25
|
-
v
|
|
26
|
-
ITM.API Gateway --> DataMart (GraphQL) + v2 REST (users, reference data)
|
|
17
|
+
```bash
|
|
18
|
+
claude mcp add --scope user --transport http itm-platform https://api.itmplatform.com/v2/_/mcp/
|
|
27
19
|
```
|
|
28
20
|
|
|
29
|
-
|
|
21
|
+
For other MCP clients, use this remote URL:
|
|
30
22
|
|
|
31
|
-
|
|
23
|
+
```text
|
|
24
|
+
https://api.itmplatform.com/v2/_/mcp/
|
|
25
|
+
```
|
|
32
26
|
|
|
33
|
-
|
|
34
|
-
|-----------|----------------|--------------|---------|
|
|
35
|
-
| **Tools** | AI model decides when to call | Executable read/write operations | `search_projects`, `get_project_budget` |
|
|
36
|
-
| **Resources** | Client app loads as context | Read-only reference data (schemas, docs) | `itm://schema/component` |
|
|
37
|
-
| **Prompts** | User triggers a workflow template | Pre-composed multi-tool request | `/project_status` fetches project + tasks + risks + budget in one shot |
|
|
27
|
+
OAuth is the recommended setup for most users because your AI client never sees your ITM Platform password or API key.
|
|
38
28
|
|
|
39
|
-
|
|
29
|
+
### Local connection with an API key
|
|
30
|
+
|
|
31
|
+
Use the npm package if you prefer to run the server locally, work behind a firewall, or need to connect to a self-hosted ITM Platform instance.
|
|
40
32
|
|
|
41
33
|
```bash
|
|
42
|
-
|
|
43
|
-
cp .env.sample .env # edit with your credentials
|
|
44
|
-
npm test # unit tests (124 tests)
|
|
45
|
-
npm run build # compile TypeScript to dist/
|
|
46
|
-
npm run dev # HTTP dev server on port 6170 (for testing with curl)
|
|
47
|
-
npm run test:e2e # E2E tests (requires local ITM.API + DataMart)
|
|
34
|
+
npx @itm-platform/mcp-server
|
|
48
35
|
```
|
|
49
36
|
|
|
50
|
-
|
|
37
|
+
Your MCP client must pass these environment variables to the server:
|
|
38
|
+
|
|
39
|
+
| Variable | Value |
|
|
40
|
+
|----------|-------|
|
|
41
|
+
| `ITM_API_URL` | `https://api.itmplatform.com` |
|
|
42
|
+
| `ITM_COMPANY` | Your company/account slug |
|
|
43
|
+
| `ITM_API_KEY` | Your personal API key from ITM Platform |
|
|
44
|
+
|
|
45
|
+
Example stdio configuration:
|
|
46
|
+
|
|
47
|
+
```json
|
|
48
|
+
{
|
|
49
|
+
"mcpServers": {
|
|
50
|
+
"itm-platform": {
|
|
51
|
+
"command": "npx",
|
|
52
|
+
"args": ["@itm-platform/mcp-server"],
|
|
53
|
+
"env": {
|
|
54
|
+
"ITM_API_URL": "https://api.itmplatform.com",
|
|
55
|
+
"ITM_COMPANY": "{your-account}",
|
|
56
|
+
"ITM_API_KEY": "your-api-key"
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
```
|
|
51
62
|
|
|
52
|
-
|
|
63
|
+
To create an API key, log in to ITM Platform, open **My Profile**, and generate a key from the **API Key** section.
|
|
53
64
|
|
|
54
|
-
|
|
65
|
+
## What You Can Ask
|
|
55
66
|
|
|
56
|
-
|
|
57
|
-
claude mcp add --scope user --transport http itm-platform https://api.itmplatform.com/v2/_/mcp/
|
|
58
|
-
```
|
|
67
|
+
Once connected, your AI assistant can use ITM Platform data in normal conversation:
|
|
59
68
|
|
|
60
|
-
|
|
69
|
+
> "Which projects are behind schedule?"
|
|
61
70
|
|
|
62
|
-
|
|
63
|
-
claude mcp add --scope user itm-platform -- npx @itm-platform/mcp-server
|
|
64
|
-
```
|
|
71
|
+
> "Give me a budget summary for the Digital Transformation program."
|
|
65
72
|
|
|
66
|
-
|
|
73
|
+
> "Create a high-priority task in Project Alpha due next Friday."
|
|
67
74
|
|
|
68
|
-
|
|
69
|
-
|----------|-------|------------|-------------|
|
|
70
|
-
| `ITM_API_URL` | Required | Required | ITM.API base URL |
|
|
71
|
-
| `ITM_COMPANY` | Required | -- | Company/tenant slug |
|
|
72
|
-
| `ITM_API_KEY` | Required* | -- | Per-user API key (generate from My Profile) |
|
|
73
|
-
| `ITM_TOKEN` | Required* | -- | Session token (alternative to API key) |
|
|
74
|
-
| `PORT` | -- | Required | HTTP listen port |
|
|
75
|
-
| `ITM_AUTH_URL` | -- | Required | Internal OAuth authorization server URL (used for token exchange) |
|
|
76
|
-
| `ITM_AUTH_PUBLIC_URL` | -- | Required* | Public OAuth URL advertised to AI clients. Falls back to `ITM_AUTH_URL` |
|
|
77
|
-
| `MCP_SERVER_URL` | -- | Required | MCP server public URL (OAuth audience) |
|
|
78
|
-
| `LOG_LEVEL` | Optional | Optional | Pino log level: `debug`, `info`, `warn`, `error` (default: `info`) |
|
|
79
|
-
| `ITM_AUDIT_ENABLED` | Optional | Optional | Enable audit logging to ITM backend |
|
|
75
|
+
> "What open risks exist across my portfolio?"
|
|
80
76
|
|
|
81
|
-
|
|
77
|
+
The MCP server authenticates as you, calls ITM Platform APIs, and returns only the data your ITM Platform account is allowed to access.
|
|
82
78
|
|
|
83
|
-
|
|
79
|
+
## Capabilities
|
|
84
80
|
|
|
85
|
-
|
|
81
|
+
The server exposes 20 MCP tools, 6 resources, and 4 prompt templates.
|
|
86
82
|
|
|
87
|
-
|
|
83
|
+
### Read Tools
|
|
88
84
|
|
|
89
|
-
|
|
85
|
+
| Tool | What it does |
|
|
86
|
+
|------|--------------|
|
|
87
|
+
| `search_projects` | Find projects by name, status, type, or date range |
|
|
88
|
+
| `get_project` | Retrieve project details, including optional tasks, risks, issues, budget, purchases, and revenues |
|
|
89
|
+
| `search_services` | Find services by name, status, type, or date range |
|
|
90
|
+
| `get_service` | Retrieve service details |
|
|
91
|
+
| `list_project_tasks` | List tasks for a project |
|
|
92
|
+
| `get_project_budget` | Get budget, actuals, revenue, cost, and margin information |
|
|
93
|
+
| `get_project_purchases` | List purchase orders for a project |
|
|
94
|
+
| `get_project_revenues` | List revenue items for a project |
|
|
95
|
+
| `get_project_risks` | List project risks |
|
|
96
|
+
| `get_project_issues` | List project issues |
|
|
97
|
+
| `aggregate_portfolio` | Group and summarize portfolio data |
|
|
98
|
+
| `query_datamart` | Run validated DataMart queries for advanced analysis |
|
|
99
|
+
| `search_users` | Find users and team members |
|
|
100
|
+
| `get_user` | Retrieve user details |
|
|
101
|
+
| `get_reference_data` | Retrieve statuses, types, priorities, and other reference lists |
|
|
90
102
|
|
|
91
|
-
|
|
92
|
-
|------|-------------|
|
|
93
|
-
| `search_projects` | Find projects by name, status, type, date range |
|
|
94
|
-
| `search_services` | Find services by name, status, type, date range |
|
|
95
|
-
| `get_project` | Full project details with optional subcomponents (tasks, risks, budget, etc.) |
|
|
96
|
-
| `get_service` | Full service details with optional subcomponents |
|
|
97
|
-
| `list_project_tasks` | Tasks for a project |
|
|
98
|
-
| `get_project_risks` | Risks for a project |
|
|
99
|
-
| `get_project_issues` | Issues for a project |
|
|
100
|
-
| `get_project_budget` | Budget summary (top-down, bottom-up, actual, period-end close) |
|
|
101
|
-
| `get_project_purchases` | Purchase orders for a project |
|
|
102
|
-
| `get_project_revenues` | Revenue items for a project |
|
|
103
|
-
| `aggregate_portfolio` | Portfolio analytics -- group, count, sum, avg across all projects |
|
|
104
|
-
| `query_datamart` | Raw DataMart query for advanced analysis (validated, safe operators only) |
|
|
103
|
+
### Write Tools
|
|
105
104
|
|
|
106
|
-
|
|
105
|
+
| Tool | What it does |
|
|
106
|
+
|------|--------------|
|
|
107
|
+
| `create_task` | Add a task to a project |
|
|
108
|
+
| `update_task` | Update task fields such as status, dates, assignee, and progress |
|
|
109
|
+
| `create_risk` | Log a project risk |
|
|
110
|
+
| `create_issue` | Log a project issue |
|
|
111
|
+
| `update_project` | Update project fields such as name, status, dates, and priority |
|
|
107
112
|
|
|
108
|
-
|
|
109
|
-
|------|-------------|
|
|
110
|
-
| `search_users` | Find team members |
|
|
111
|
-
| `get_user` | User details |
|
|
112
|
-
| `get_reference_data` | Status lists, types, priorities for any entity |
|
|
113
|
+
Write operations confirm the saved state from the ITM Platform REST API. DataMart-backed search results may take up to 60 seconds to reflect recent writes.
|
|
113
114
|
|
|
114
|
-
###
|
|
115
|
+
### Resources and Prompts
|
|
115
116
|
|
|
116
|
-
|
|
117
|
-
|------|-------------|
|
|
118
|
-
| `create_task` | Create a new task in a project |
|
|
119
|
-
| `update_task` | PATCH task fields (status, dates, assignee, progress) |
|
|
120
|
-
| `create_risk` | Log a new risk in a project |
|
|
121
|
-
| `create_issue` | Log a new issue in a project |
|
|
122
|
-
| `update_project` | PATCH project fields (name, status, dates, priority) |
|
|
117
|
+
Resources give AI clients read-only context such as DataMart schemas and project calendars. Prompt templates provide guided workflows for common analysis tasks:
|
|
123
118
|
|
|
124
|
-
|
|
119
|
+
| Prompt | What it helps with |
|
|
120
|
+
|--------|--------------------|
|
|
121
|
+
| `/project_status` | Summarize health, tasks, risks, issues, and budget for one project |
|
|
122
|
+
| `/portfolio_overview` | Analyze portfolio status, methodology, budget, and delivery patterns |
|
|
123
|
+
| `/team_workload` | Review assignments and workload patterns |
|
|
124
|
+
| `/risk_analysis` | Assess risk exposure, issues, and budget impact |
|
|
125
125
|
|
|
126
|
-
##
|
|
126
|
+
## Authentication and Permissions
|
|
127
127
|
|
|
128
|
-
|
|
128
|
+
The MCP server uses the same identity and permission model as ITM Platform.
|
|
129
129
|
|
|
130
|
-
|
|
|
131
|
-
|
|
132
|
-
|
|
|
133
|
-
|
|
|
134
|
-
| `/team_workload` | Fetches users + assignments, asks AI for workload analysis |
|
|
135
|
-
| `/risk_analysis` | Fetches risks + issues + budget, asks AI for risk assessment |
|
|
130
|
+
| Connection method | Authentication | Best for |
|
|
131
|
+
|-------------------|----------------|----------|
|
|
132
|
+
| Hosted HTTP | OAuth 2.1 with PKCE | Most users and managed AI clients |
|
|
133
|
+
| Local stdio | ITM Platform API key | Local execution, firewalled networks, self-hosted environments |
|
|
136
134
|
|
|
137
|
-
|
|
135
|
+
OAuth sessions use scopes:
|
|
138
136
|
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
audit-client.ts # Phase 2: audit logging (fire-and-forget)
|
|
155
|
-
tools/ # One file per tool group
|
|
156
|
-
write-tools.ts # Phase 2: create/update tools (task, risk, issue, project)
|
|
157
|
-
resources/ # Schema + calendar resources
|
|
158
|
-
prompts/ # Workflow templates
|
|
159
|
-
validation/
|
|
160
|
-
query-validator.ts # Allowlist of safe MongoDB operators
|
|
161
|
-
```
|
|
137
|
+
| Scope | Allows |
|
|
138
|
+
|-------|--------|
|
|
139
|
+
| `mcp:read` | Read-only tools such as search, get, list, aggregate, and query |
|
|
140
|
+
| `mcp:write` | Read tools plus create and update tools |
|
|
141
|
+
|
|
142
|
+
API key sessions use the full permissions of the ITM Platform user who generated the key.
|
|
143
|
+
|
|
144
|
+
License access:
|
|
145
|
+
|
|
146
|
+
| License | MCP access |
|
|
147
|
+
|---------|------------|
|
|
148
|
+
| Company Admin | Full read and write access |
|
|
149
|
+
| Full User | Full read and write access |
|
|
150
|
+
| Project Manager | Not yet available |
|
|
151
|
+
| Team Member | Blocked |
|
|
162
152
|
|
|
163
|
-
|
|
153
|
+
Your AI assistant does not receive your ITM Platform password or API key. Project data is returned to the AI client you choose, so the AI provider's data-handling policy applies to any data it processes.
|
|
164
154
|
|
|
165
|
-
|
|
166
|
-
|-------------|--------|
|
|
167
|
-
| CompanyAdmin | Full |
|
|
168
|
-
| FullUser | Full |
|
|
169
|
-
| ProjectManager | Blocked in Phase 1 (requires gateway PM-scope injection -- Phase 2) |
|
|
170
|
-
| TeamMember | Blocked |
|
|
155
|
+
## Client Setup
|
|
171
156
|
|
|
172
|
-
|
|
157
|
+
Use the public docs for client-specific setup:
|
|
173
158
|
|
|
174
|
-
|
|
159
|
+
- [Claude Code, Claude Desktop, VS Code, Cursor, Codex, Windsurf, and JetBrains](https://developers.itmplatform.com/mcp/#ai-clients)
|
|
160
|
+
- [Connect with OAuth](https://developers.itmplatform.com/mcp/#setup-oauth)
|
|
161
|
+
- [Connect with an API key](https://developers.itmplatform.com/mcp/#setup-stdio)
|
|
162
|
+
- [Troubleshooting](https://developers.itmplatform.com/mcp/#troubleshooting)
|
|
175
163
|
|
|
176
|
-
|
|
164
|
+
For any MCP-compatible client, the two connection values are:
|
|
177
165
|
|
|
178
|
-
|
|
179
|
-
|
|
166
|
+
| Method | Value |
|
|
167
|
+
|--------|-------|
|
|
168
|
+
| Remote URL | `https://api.itmplatform.com/v2/_/mcp/` |
|
|
169
|
+
| Local command | `npx @itm-platform/mcp-server` |
|
|
170
|
+
|
|
171
|
+
## Self-Hosting
|
|
172
|
+
|
|
173
|
+
For a local stdio server, configure `ITM_API_URL`, `ITM_COMPANY`, and either `ITM_API_KEY` or `ITM_TOKEN`.
|
|
174
|
+
|
|
175
|
+
For an HTTP server with OAuth, configure:
|
|
176
|
+
|
|
177
|
+
| Variable | Description |
|
|
178
|
+
|----------|-------------|
|
|
179
|
+
| `ITM_API_URL` | ITM Platform API gateway URL |
|
|
180
|
+
| `PORT` | HTTP listen port |
|
|
181
|
+
| `ITM_AUTH_URL` | OAuth authorization server URL used for token exchange |
|
|
182
|
+
| `ITM_AUTH_PUBLIC_URL` | Public OAuth URL advertised to AI clients |
|
|
183
|
+
| `MCP_SERVER_URL` | Public MCP server URL used as the OAuth audience |
|
|
184
|
+
| `LOG_LEVEL` | Optional Pino log level: `debug`, `info`, `warn`, or `error` |
|
|
185
|
+
| `ITM_AUDIT_ENABLED` | Enables server-side audit logging when set to `true` |
|
|
186
|
+
|
|
187
|
+
When deployed behind a reverse proxy, `ITM_AUTH_URL` can point to a server-to-server address while `ITM_AUTH_PUBLIC_URL` must be reachable by AI clients.
|
|
188
|
+
|
|
189
|
+
## Development
|
|
190
|
+
|
|
191
|
+
Requirements:
|
|
192
|
+
|
|
193
|
+
- Node.js 20 or later
|
|
194
|
+
- npm
|
|
195
|
+
|
|
196
|
+
Install dependencies, run tests, and build:
|
|
197
|
+
|
|
198
|
+
```bash
|
|
199
|
+
npm install
|
|
200
|
+
npm test
|
|
201
|
+
npm run build
|
|
202
|
+
```
|
|
203
|
+
|
|
204
|
+
Run the HTTP development server:
|
|
205
|
+
|
|
206
|
+
```bash
|
|
207
|
+
cp .env.sample .env
|
|
208
|
+
npm run dev
|
|
209
|
+
```
|
|
180
210
|
|
|
181
|
-
|
|
211
|
+
The package entry point is `dist/server.js`; the npm executable is `mcp-server`.
|
|
182
212
|
|
|
183
|
-
|
|
213
|
+
## Troubleshooting
|
|
184
214
|
|
|
185
|
-
|
|
215
|
+
If tools do not appear in your AI client, confirm that the server configuration is in the correct file for that client, restart the client, and check that `npx @itm-platform/mcp-server` runs successfully for local setups.
|
|
186
216
|
|
|
187
|
-
|
|
217
|
+
If authentication fails, regenerate your API key or reconnect the OAuth server so your client receives a fresh token.
|
|
188
218
|
|
|
189
|
-
|
|
219
|
+
If a write succeeds but a later search shows old data, wait up to 60 seconds. Writes are confirmed from the REST API immediately, while DataMart search indexes update asynchronously.
|
|
190
220
|
|
|
191
|
-
|
|
221
|
+
## More Help
|
|
192
222
|
|
|
193
|
-
- [
|
|
223
|
+
- MCP docs: [modelcontextprotocol.io](https://modelcontextprotocol.io)
|
|
224
|
+
- ITM Platform help: [help.itmplatform.com](https://help.itmplatform.com)
|
|
225
|
+
- ITM Platform developer docs: [developers.itmplatform.com/documentation](https://developers.itmplatform.com/documentation)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@itm-platform/mcp-server",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.2",
|
|
4
4
|
"description": "MCP server for ITM Platform",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/server.js",
|
|
@@ -22,7 +22,7 @@
|
|
|
22
22
|
],
|
|
23
23
|
"scripts": {
|
|
24
24
|
"dev": "cross-env PORT=6170 node --env-file=.env --import tsx src/server.ts",
|
|
25
|
-
"build": "tsc",
|
|
25
|
+
"build": "node scripts/increase-package-version.mjs && tsc",
|
|
26
26
|
"start": "node dist/server.js",
|
|
27
27
|
"test": "vitest run",
|
|
28
28
|
"test:integration": "vitest run --config vitest.integration.config.ts",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"api-key-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/api-key-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AA0BnE,wBAAsB,eAAe,IAAI,OAAO,CAAC,oBAAoB,CAAC,CA6CrE"}
|
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
import { resolveLicenseAccess } from './license-resolver.js';
|
|
2
|
-
function resolveAuthHeaders() {
|
|
3
|
-
const apiKey = process.env.ITM_API_KEY;
|
|
4
|
-
const token = process.env.ITM_TOKEN;
|
|
5
|
-
if (apiKey) {
|
|
6
|
-
return { source: 'api-key', headers: { 'Authorization': `Bearer ${apiKey}` } };
|
|
7
|
-
}
|
|
8
|
-
if (token) {
|
|
9
|
-
return { source: 'token', headers: { 'Token': token } };
|
|
10
|
-
}
|
|
11
|
-
throw new Error('Missing required environment variable: ITM_API_KEY or ITM_TOKEN');
|
|
12
|
-
}
|
|
13
|
-
export async function resolveIdentity() {
|
|
14
|
-
const apiUrl = process.env.ITM_API_URL;
|
|
15
|
-
const company = process.env.ITM_COMPANY;
|
|
16
|
-
if (!apiUrl)
|
|
17
|
-
throw new Error('Missing required environment variable: ITM_API_URL');
|
|
18
|
-
if (!company)
|
|
19
|
-
throw new Error('Missing required environment variable: ITM_COMPANY');
|
|
20
|
-
const { source, headers: authHeaders } = resolveAuthHeaders();
|
|
21
|
-
const url = `${apiUrl}/v2/${company}/resolve/identity`;
|
|
22
|
-
const response = await fetch(url, {
|
|
23
|
-
method: 'POST',
|
|
24
|
-
headers: {
|
|
25
|
-
...authHeaders,
|
|
26
|
-
'Content-Type': 'application/json',
|
|
27
|
-
},
|
|
28
|
-
});
|
|
29
|
-
if (!response.ok) {
|
|
30
|
-
throw new Error(`Identity resolution failed: ${response.status} ${response.statusText}`);
|
|
31
|
-
}
|
|
32
|
-
const identity = await response.json();
|
|
33
|
-
const { dataMartAccess, pmScopeUserId } = resolveLicenseAccess(identity.licenseTypeIds, identity.userId);
|
|
34
|
-
if (dataMartAccess === 'pm-scoped') {
|
|
35
|
-
throw new Error('PM-only access is not yet available for MCP. It will arrive with hosted MCP (Phase 2) or gateway scope injection.');
|
|
36
|
-
}
|
|
37
|
-
if (dataMartAccess === 'none') {
|
|
38
|
-
throw new Error('Team Member access is not available for MCP.');
|
|
39
|
-
}
|
|
40
|
-
return {
|
|
41
|
-
source,
|
|
42
|
-
company,
|
|
43
|
-
accountId: identity.accountId,
|
|
44
|
-
userId: identity.userId,
|
|
45
|
-
languageId: identity.languageId,
|
|
46
|
-
email: identity.email,
|
|
47
|
-
licenseTypeIds: identity.licenseTypeIds,
|
|
48
|
-
dataMartAccess,
|
|
49
|
-
pmScopeUserId,
|
|
50
|
-
authHeaders,
|
|
51
|
-
};
|
|
52
|
-
}
|
|
53
|
-
//# sourceMappingURL=api-key-auth.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"api-key-auth.js","sourceRoot":"","sources":["../../../src/auth/api-key-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAY7D,SAAS,kBAAkB;IACzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACvC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;IAEpC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,eAAe,EAAE,UAAU,MAAM,EAAE,EAAE,EAAE,CAAC;IACjF,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC;IAC1D,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;AACrF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACvC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACxC,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACnF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IAEpF,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAE9D,MAAM,GAAG,GAAG,GAAG,MAAM,OAAO,OAAO,mBAAmB,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,GAAG,WAAW;YACd,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,QAAQ,GAAqB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACzD,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,GAAG,oBAAoB,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEzG,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,mHAAmH,CACpH,CAAC;IACJ,CAAC;IACD,IAAI,cAAc,KAAK,MAAM,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,OAAO;QACL,MAAM;QACN,OAAO;QACP,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,cAAc,EAAE,QAAQ,CAAC,cAAc;QACvC,cAAc;QACd,aAAa;QACb,WAAW;KACZ,CAAC;AACJ,CAAC"}
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
export interface EffectiveUserContext {
|
|
2
|
-
source: 'api-key' | 'token';
|
|
3
|
-
company: string;
|
|
4
|
-
accountId: number;
|
|
5
|
-
userId: number;
|
|
6
|
-
languageId: number;
|
|
7
|
-
email: string;
|
|
8
|
-
licenseTypeIds: number[];
|
|
9
|
-
dataMartAccess: 'full' | 'pm-scoped' | 'none';
|
|
10
|
-
pmScopeUserId?: number;
|
|
11
|
-
authHeaders: Record<string, string>;
|
|
12
|
-
grantedScopes?: string[];
|
|
13
|
-
}
|
|
14
|
-
export declare const WRITE_TOOL_NAMES: Set<string>;
|
|
15
|
-
export declare function hasScope(ctx: EffectiveUserContext, scope: string): boolean;
|
|
16
|
-
//# sourceMappingURL=effective-user-context.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"effective-user-context.d.ts","sourceRoot":"","sources":["../../../src/auth/effective-user-context.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,eAAO,MAAM,gBAAgB,aAE3B,CAAC;AAEH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAG1E"}
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
export const WRITE_TOOL_NAMES = new Set([
|
|
2
|
-
'create_task', 'update_task', 'create_risk', 'create_issue', 'update_project',
|
|
3
|
-
]);
|
|
4
|
-
export function hasScope(ctx, scope) {
|
|
5
|
-
if (!ctx.grantedScopes)
|
|
6
|
-
return true;
|
|
7
|
-
return ctx.grantedScopes.includes(scope);
|
|
8
|
-
}
|
|
9
|
-
//# sourceMappingURL=effective-user-context.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"effective-user-context.js","sourceRoot":"","sources":["../../../src/auth/effective-user-context.ts"],"names":[],"mappings":"AAcA,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IACtC,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB;CAC9E,CAAC,CAAC;AAEH,MAAM,UAAU,QAAQ,CAAC,GAAyB,EAAE,KAAa;IAC/D,IAAI,CAAC,GAAG,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC3C,CAAC"}
|
|
@@ -1,6 +0,0 @@
|
|
|
1
|
-
export interface LicenseAccessResult {
|
|
2
|
-
dataMartAccess: 'full' | 'pm-scoped' | 'none';
|
|
3
|
-
pmScopeUserId?: number;
|
|
4
|
-
}
|
|
5
|
-
export declare function resolveLicenseAccess(licenseTypeIds: number[], userId: number): LicenseAccessResult;
|
|
6
|
-
//# sourceMappingURL=license-resolver.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"license-resolver.d.ts","sourceRoot":"","sources":["../../../src/auth/license-resolver.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAKD,wBAAgB,oBAAoB,CAAC,cAAc,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAQlG"}
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
const FULL_ACCESS_TYPES = new Set([0, 1]);
|
|
2
|
-
const PM_TYPE = 2;
|
|
3
|
-
export function resolveLicenseAccess(licenseTypeIds, userId) {
|
|
4
|
-
if (licenseTypeIds.some(id => FULL_ACCESS_TYPES.has(id))) {
|
|
5
|
-
return { dataMartAccess: 'full' };
|
|
6
|
-
}
|
|
7
|
-
if (licenseTypeIds.includes(PM_TYPE)) {
|
|
8
|
-
return { dataMartAccess: 'pm-scoped', pmScopeUserId: userId };
|
|
9
|
-
}
|
|
10
|
-
return { dataMartAccess: 'none' };
|
|
11
|
-
}
|
|
12
|
-
//# sourceMappingURL=license-resolver.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"license-resolver.js","sourceRoot":"","sources":["../../../src/auth/license-resolver.ts"],"names":[],"mappings":"AAKA,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC1C,MAAM,OAAO,GAAG,CAAC,CAAC;AAElB,MAAM,UAAU,oBAAoB,CAAC,cAAwB,EAAE,MAAc;IAC3E,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC;IACpC,CAAC;IACD,IAAI,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC;IAChE,CAAC;IACD,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC;AACpC,CAAC"}
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
import type { Logger } from 'pino';
|
|
2
|
-
import type { EffectiveUserContext } from './effective-user-context.js';
|
|
3
|
-
export interface TokenExchangeResult {
|
|
4
|
-
sessionToken: string;
|
|
5
|
-
userId: number;
|
|
6
|
-
accountId: number;
|
|
7
|
-
company: string;
|
|
8
|
-
email: string;
|
|
9
|
-
languageId: number;
|
|
10
|
-
licenseTypeIds: number[];
|
|
11
|
-
dataMartAccess: 'full' | 'pm-scoped' | 'none';
|
|
12
|
-
pmScopeUserId?: number;
|
|
13
|
-
expiresAt: string;
|
|
14
|
-
scope: string;
|
|
15
|
-
}
|
|
16
|
-
export interface OAuthConfig {
|
|
17
|
-
tokenExchangeUrl: string;
|
|
18
|
-
audience: string;
|
|
19
|
-
}
|
|
20
|
-
export declare function exchangeToken(oauthToken: string, config: OAuthConfig, log?: Logger): Promise<TokenExchangeResult>;
|
|
21
|
-
export declare function buildEffectiveUserContextFromExchange(result: TokenExchangeResult): EffectiveUserContext;
|
|
22
|
-
//# sourceMappingURL=oauth-auth.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/oauth-auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAExE,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAsB,aAAa,CACjC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,WAAW,EACnB,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,mBAAmB,CAAC,CAoB9B;AAED,wBAAgB,qCAAqC,CAAC,MAAM,EAAE,mBAAmB,GAAG,oBAAoB,CAcvG"}
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
export async function exchangeToken(oauthToken, config, log) {
|
|
2
|
-
log?.debug({ url: config.tokenExchangeUrl }, 'Token exchange request');
|
|
3
|
-
const response = await fetch(config.tokenExchangeUrl, {
|
|
4
|
-
method: 'POST',
|
|
5
|
-
headers: {
|
|
6
|
-
'Content-Type': 'application/json',
|
|
7
|
-
'Authorization': `Bearer ${oauthToken}`,
|
|
8
|
-
},
|
|
9
|
-
body: JSON.stringify({ audience: config.audience }),
|
|
10
|
-
});
|
|
11
|
-
if (!response.ok) {
|
|
12
|
-
log?.error({ status: response.status }, 'Token exchange failed');
|
|
13
|
-
throw new Error(`Token exchange failed: ${response.status} ${response.statusText}`);
|
|
14
|
-
}
|
|
15
|
-
const result = await response.json();
|
|
16
|
-
log?.info({ userId: result.userId, company: result.company }, 'Token exchange succeeded');
|
|
17
|
-
return result;
|
|
18
|
-
}
|
|
19
|
-
export function buildEffectiveUserContextFromExchange(result) {
|
|
20
|
-
return {
|
|
21
|
-
source: 'token',
|
|
22
|
-
company: result.company,
|
|
23
|
-
accountId: result.accountId,
|
|
24
|
-
userId: result.userId,
|
|
25
|
-
languageId: result.languageId,
|
|
26
|
-
email: result.email,
|
|
27
|
-
licenseTypeIds: result.licenseTypeIds,
|
|
28
|
-
dataMartAccess: result.dataMartAccess,
|
|
29
|
-
pmScopeUserId: result.pmScopeUserId,
|
|
30
|
-
grantedScopes: result.scope.split(' ').filter(Boolean),
|
|
31
|
-
authHeaders: { 'Token': result.sessionToken },
|
|
32
|
-
};
|
|
33
|
-
}
|
|
34
|
-
//# sourceMappingURL=oauth-auth.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-auth.js","sourceRoot":"","sources":["../../../src/auth/oauth-auth.ts"],"names":[],"mappings":"AAsBA,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAkB,EAClB,MAAmB,EACnB,GAAY;IAEZ,GAAG,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,gBAAgB,EAAE,EAAE,wBAAwB,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE;QACpD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,UAAU,UAAU,EAAE;SACxC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;KACpD,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,GAAG,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyB,CAAC;IAC5D,GAAG,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,EAAE,0BAA0B,CAAC,CAAC;IAC1F,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,qCAAqC,CAAC,MAA2B;IAC/E,OAAO;QACL,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,aAAa,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QACtD,WAAW,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,YAAY,EAAE;KAC9C,CAAC;AACJ,CAAC"}
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
export interface ProtectedResourceMetadata {
|
|
2
|
-
resource: string;
|
|
3
|
-
authorization_servers: string[];
|
|
4
|
-
scopes_supported: string[];
|
|
5
|
-
}
|
|
6
|
-
export declare function buildProtectedResourceMetadata(config: {
|
|
7
|
-
mcpServerUrl: string;
|
|
8
|
-
authorizationServerUrl: string;
|
|
9
|
-
}): ProtectedResourceMetadata;
|
|
10
|
-
//# sourceMappingURL=oauth-metadata.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-metadata.d.ts","sourceRoot":"","sources":["../../../src/auth/oauth-metadata.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,wBAAgB,8BAA8B,CAAC,MAAM,EAAE;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,sBAAsB,EAAE,MAAM,CAAC;CAChC,GAAG,yBAAyB,CAM5B"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-metadata.js","sourceRoot":"","sources":["../../../src/auth/oauth-metadata.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,8BAA8B,CAAC,MAG9C;IACC,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,YAAY;QAC7B,qBAAqB,EAAE,CAAC,MAAM,CAAC,sBAAsB,CAAC;QACtD,gBAAgB,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;KAC5C,CAAC;AACJ,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"token-extraction.d.ts","sourceRoot":"","sources":["../../../src/auth/token-extraction.ts"],"names":[],"mappings":"AAAA,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GAAG,MAAM,GAAG,SAAS,CAIlG"}
|