@masonator/coolify-mcp 2.8.1 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/__tests__/coolify-client.test.js +248 -19
  2. package/dist/__tests__/integration/diagnostics.integration.test.js +3 -2
  3. package/dist/__tests__/mcp-server.test.js +103 -1
  4. package/dist/lib/coolify-client.d.ts +21 -3
  5. package/dist/lib/coolify-client.js +86 -9
  6. package/dist/lib/mcp-server.js +28 -10
  7. package/dist/types/coolify.d.ts +10 -5
  8. package/package.json +3 -3
package/dist/__tests__/coolify-client.test.js CHANGED
@@ -1,12 +1,14 @@
1
1
  import { jest, describe, it, expect, beforeEach } from '@jest/globals';
2
2
  import { CoolifyClient } from '../lib/coolify-client.js';
3
3
  // Helper to create mock response
4
- function mockResponse(data, ok = true, status = 200) {
4
+ function mockResponse(data, ok = true, status = 200, contentType = 'application/json') {
5
+ const body = contentType.includes('application/json') ? JSON.stringify(data) : String(data);
5
6
  return {
6
7
  ok,
7
8
  status,
8
9
  statusText: ok ? 'OK' : 'Error',
9
- text: async () => JSON.stringify(data),
10
+ headers: new Headers({ 'Content-Type': contentType }),
11
+ text: async () => body,
10
12
  };
11
13
  }
12
14
  const mockFetch = jest.fn();
@@ -521,6 +523,21 @@ describe('CoolifyClient', () => {
521
523
  const result = await client.deleteServer('test-uuid');
522
524
  expect(result).toEqual({});
523
525
  });
526
+ it('should return plain text responses without JSON parsing', async () => {
527
+ mockFetch.mockResolvedValueOnce(mockResponse('log line 1\nlog line 2', true, 200, 'text/plain; charset=utf-8'));
528
+ const result = await client.getApplicationLogs('app-uuid', 50);
529
+ expect(result).toBe('log line 1\nlog line 2');
530
+ });
531
+ it('should fall back to raw text when JSON responses are malformed', async () => {
532
+ mockFetch.mockResolvedValueOnce({
533
+ ok: true,
534
+ status: 200,
535
+ headers: new Headers({ 'Content-Type': 'application/json' }),
536
+ text: async () => 'not valid json',
537
+ });
538
+ const result = await client.getApplicationLogs('app-uuid', 50);
539
+ expect(result).toBe('not valid json');
540
+ });
524
541
  it('should handle API errors without message', async () => {
525
542
  mockFetch.mockResolvedValueOnce(mockResponse({}, false, 500));
526
543
  await expect(client.listServers()).rejects.toThrow('HTTP 500: Error');
@@ -1154,21 +1171,72 @@ describe('CoolifyClient', () => {
1154
1171
  uuid: 'env-var-uuid',
1155
1172
  key: 'API_KEY',
1156
1173
  value: 'secret123',
1157
- is_build_time: false,
1174
+ is_buildtime: false,
1175
+ is_runtime: true,
1158
1176
  };
1159
- it('should list application env vars', async () => {
1177
+ it('should list application env vars with values masked by default (#159)', async () => {
1160
1178
  mockFetch.mockResolvedValueOnce(mockResponse([mockEnvVar]));
1161
1179
  const result = await client.listApplicationEnvVars('app-uuid');
1162
- expect(result).toEqual([mockEnvVar]);
1180
+ // value masked, metadata preserved
1181
+ expect(result).toEqual([
1182
+ {
1183
+ uuid: 'env-var-uuid',
1184
+ key: 'API_KEY',
1185
+ value: '***',
1186
+ is_buildtime: false,
1187
+ is_runtime: true,
1188
+ },
1189
+ ]);
1163
1190
  expect(mockFetch).toHaveBeenCalledWith('http://localhost:3000/api/v1/applications/app-uuid/envs', expect.any(Object));
1164
1191
  });
1165
- it('should list application env vars with summary', async () => {
1192
+ it('should list application env vars with real_value also masked on the full projection (#159)', async () => {
1166
1193
  const fullEnvVar = {
1167
1194
  id: 1,
1168
1195
  uuid: 'env-var-uuid',
1169
1196
  key: 'API_KEY',
1170
1197
  value: 'secret123',
1171
- is_build_time: false,
1198
+ real_value: 'secret123',
1199
+ is_buildtime: false,
1200
+ is_runtime: true,
1201
+ is_literal: true,
1202
+ is_multiline: false,
1203
+ is_preview: false,
1204
+ is_shared: false,
1205
+ is_shown_once: false,
1206
+ application_id: 1,
1207
+ created_at: '2024-01-01',
1208
+ updated_at: '2024-01-01',
1209
+ };
1210
+ mockFetch.mockResolvedValueOnce(mockResponse([fullEnvVar]));
1211
+ const result = (await client.listApplicationEnvVars('app-uuid'));
1212
+ expect(result[0].value).toBe('***');
1213
+ expect(result[0].real_value).toBe('***');
1214
+ // Metadata stays intact
1215
+ expect(result[0]).toMatchObject({
1216
+ uuid: 'env-var-uuid',
1217
+ key: 'API_KEY',
1218
+ is_buildtime: false,
1219
+ is_runtime: true,
1220
+ is_literal: true,
1221
+ is_preview: false,
1222
+ application_id: 1,
1223
+ created_at: '2024-01-01',
1224
+ updated_at: '2024-01-01',
1225
+ });
1226
+ });
1227
+ it('should list application env vars with real values when reveal=true (#159)', async () => {
1228
+ mockFetch.mockResolvedValueOnce(mockResponse([mockEnvVar]));
1229
+ const result = await client.listApplicationEnvVars('app-uuid', { reveal: true });
1230
+ expect(result).toEqual([mockEnvVar]);
1231
+ });
1232
+ it('should list application env vars with summary, masked by default (#159)', async () => {
1233
+ const fullEnvVar = {
1234
+ id: 1,
1235
+ uuid: 'env-var-uuid',
1236
+ key: 'API_KEY',
1237
+ value: 'secret123',
1238
+ is_buildtime: false,
1239
+ is_runtime: true,
1172
1240
  is_literal: true,
1173
1241
  is_multiline: false,
1174
1242
  is_preview: false,
@@ -1180,13 +1248,46 @@ describe('CoolifyClient', () => {
1180
1248
  };
1181
1249
  mockFetch.mockResolvedValueOnce(mockResponse([fullEnvVar]));
1182
1250
  const result = await client.listApplicationEnvVars('app-uuid', { summary: true });
1183
- // Summary should only include uuid, key, value, is_build_time
1251
+ // Summary should only include uuid, key, value, is_buildtime, is_runtime — and value masked
1252
+ expect(result).toEqual([
1253
+ {
1254
+ uuid: 'env-var-uuid',
1255
+ key: 'API_KEY',
1256
+ value: '***',
1257
+ is_buildtime: false,
1258
+ is_runtime: true,
1259
+ },
1260
+ ]);
1261
+ });
1262
+ it('should list application env vars with summary and reveal=true returning real values (#159)', async () => {
1263
+ const fullEnvVar = {
1264
+ id: 1,
1265
+ uuid: 'env-var-uuid',
1266
+ key: 'API_KEY',
1267
+ value: 'secret123',
1268
+ is_buildtime: false,
1269
+ is_runtime: true,
1270
+ is_literal: true,
1271
+ is_multiline: false,
1272
+ is_preview: false,
1273
+ is_shared: false,
1274
+ is_shown_once: false,
1275
+ application_id: 1,
1276
+ created_at: '2024-01-01',
1277
+ updated_at: '2024-01-01',
1278
+ };
1279
+ mockFetch.mockResolvedValueOnce(mockResponse([fullEnvVar]));
1280
+ const result = await client.listApplicationEnvVars('app-uuid', {
1281
+ summary: true,
1282
+ reveal: true,
1283
+ });
1184
1284
  expect(result).toEqual([
1185
1285
  {
1186
1286
  uuid: 'env-var-uuid',
1187
1287
  key: 'API_KEY',
1188
1288
  value: 'secret123',
1189
- is_build_time: false,
1289
+ is_buildtime: false,
1290
+ is_runtime: true,
1190
1291
  },
1191
1292
  ]);
1192
1293
  });
@@ -1195,10 +1296,31 @@ describe('CoolifyClient', () => {
1195
1296
  const result = await client.createApplicationEnvVar('app-uuid', {
1196
1297
  key: 'NEW_VAR',
1197
1298
  value: 'new-value',
1198
- is_build_time: true,
1299
+ is_buildtime: true,
1199
1300
  });
1200
1301
  expect(result).toEqual({ uuid: 'new-env-uuid' });
1201
1302
  });
1303
+ it('should create runtime-only env var (no Dockerfile ARG injection)', async () => {
1304
+ // Regression for #135: setting is_buildtime=false avoids multiline values
1305
+ // (PEM keys, etc.) being injected as Dockerfile ARG and breaking the build.
1306
+ mockFetch.mockResolvedValueOnce(mockResponse({ uuid: 'new-env-uuid' }));
1307
+ await client.createApplicationEnvVar('app-uuid', {
1308
+ key: 'PASSPORT_PRIVATE_KEY',
1309
+ value: '-----BEGIN PRIVATE KEY-----\nMIIE...\n-----END PRIVATE KEY-----',
1310
+ is_buildtime: false,
1311
+ is_runtime: true,
1312
+ });
1313
+ expect(mockFetch).toHaveBeenCalledWith('http://localhost:3000/api/v1/applications/app-uuid/envs', expect.objectContaining({
1314
+ method: 'POST',
1315
+ body: expect.stringContaining('"is_buildtime":false'),
1316
+ }));
1317
+ const body = JSON.parse(mockFetch.mock.calls[0][1].body);
1318
+ expect(body).toMatchObject({
1319
+ key: 'PASSPORT_PRIVATE_KEY',
1320
+ is_buildtime: false,
1321
+ is_runtime: true,
1322
+ });
1323
+ });
1202
1324
  it('should update application env var', async () => {
1203
1325
  mockFetch.mockResolvedValueOnce(mockResponse({ message: 'Updated' }));
1204
1326
  const result = await client.updateApplicationEnvVar('app-uuid', {
@@ -1207,6 +1329,22 @@ describe('CoolifyClient', () => {
1207
1329
  });
1208
1330
  expect(result).toEqual({ message: 'Updated' });
1209
1331
  });
1332
+ it('should update env var to runtime-only (flip is_buildtime=false)', async () => {
1333
+ mockFetch.mockResolvedValueOnce(mockResponse({ message: 'Updated' }));
1334
+ await client.updateApplicationEnvVar('app-uuid', {
1335
+ key: 'NODE_ENV',
1336
+ value: 'production',
1337
+ is_buildtime: false,
1338
+ is_runtime: true,
1339
+ });
1340
+ const body = JSON.parse(mockFetch.mock.calls[0][1].body);
1341
+ expect(body).toEqual({
1342
+ key: 'NODE_ENV',
1343
+ value: 'production',
1344
+ is_buildtime: false,
1345
+ is_runtime: true,
1346
+ });
1347
+ });
1210
1348
  it('should bulk update application env vars', async () => {
1211
1349
  mockFetch.mockResolvedValueOnce(mockResponse({ message: 'Updated' }));
1212
1350
  const result = await client.bulkUpdateApplicationEnvVars('app-uuid', {
@@ -1482,12 +1620,54 @@ describe('CoolifyClient', () => {
1482
1620
  key: 'SVC_KEY',
1483
1621
  value: 'svc-value',
1484
1622
  };
1485
- it('should list service env vars', async () => {
1623
+ it('should list service env vars with values masked by default (#159)', async () => {
1486
1624
  mockFetch.mockResolvedValueOnce(mockResponse([mockEnvVar]));
1487
1625
  const result = await client.listServiceEnvVars('test-uuid');
1488
- expect(result).toEqual([mockEnvVar]);
1626
+ // value masked, metadata (uuid, key) preserved
1627
+ expect(result).toEqual([
1628
+ {
1629
+ uuid: 'svc-env-uuid',
1630
+ key: 'SVC_KEY',
1631
+ value: '***',
1632
+ },
1633
+ ]);
1489
1634
  expect(mockFetch).toHaveBeenCalledWith('http://localhost:3000/api/v1/services/test-uuid/envs', expect.any(Object));
1490
1635
  });
1636
+ it('should list service env vars with real_value masked on the full projection (#159)', async () => {
1637
+ const fullEnvVar = {
1638
+ id: 1,
1639
+ uuid: 'svc-env-uuid',
1640
+ key: 'SVC_KEY',
1641
+ value: 'svc-value',
1642
+ real_value: 'svc-value',
1643
+ is_buildtime: false,
1644
+ is_runtime: true,
1645
+ is_literal: true,
1646
+ is_multiline: false,
1647
+ is_preview: false,
1648
+ is_shared: false,
1649
+ is_shown_once: false,
1650
+ service_id: 42,
1651
+ created_at: '2024-01-01',
1652
+ updated_at: '2024-01-01',
1653
+ };
1654
+ mockFetch.mockResolvedValueOnce(mockResponse([fullEnvVar]));
1655
+ const result = await client.listServiceEnvVars('test-uuid');
1656
+ expect(result[0].value).toBe('***');
1657
+ expect(result[0].real_value).toBe('***');
1658
+ expect(result[0]).toMatchObject({
1659
+ uuid: 'svc-env-uuid',
1660
+ key: 'SVC_KEY',
1661
+ is_buildtime: false,
1662
+ is_runtime: true,
1663
+ service_id: 42,
1664
+ });
1665
+ });
1666
+ it('should list service env vars with real values when reveal=true (#159)', async () => {
1667
+ mockFetch.mockResolvedValueOnce(mockResponse([mockEnvVar]));
1668
+ const result = await client.listServiceEnvVars('test-uuid', { reveal: true });
1669
+ expect(result).toEqual([mockEnvVar]);
1670
+ });
1491
1671
  it('should create service env var', async () => {
1492
1672
  mockFetch.mockResolvedValueOnce(mockResponse({ uuid: 'new-env-uuid' }));
1493
1673
  const result = await client.createServiceEnvVar('test-uuid', {
@@ -2008,9 +2188,17 @@ describe('CoolifyClient', () => {
2008
2188
  uuid: 'env-1',
2009
2189
  key: 'DATABASE_URL',
2010
2190
  value: 'postgres://...',
2011
- is_build_time: false,
2191
+ is_buildtime: false,
2192
+ is_runtime: true,
2193
+ },
2194
+ {
2195
+ id: 2,
2196
+ uuid: 'env-2',
2197
+ key: 'NODE_ENV',
2198
+ value: 'production',
2199
+ is_buildtime: true,
2200
+ is_runtime: true,
2012
2201
  },
2013
- { id: 2, uuid: 'env-2', key: 'NODE_ENV', value: 'production', is_build_time: true },
2014
2202
  ];
2015
2203
  const mockDeployments = [
2016
2204
  {
@@ -2057,12 +2245,28 @@ describe('CoolifyClient', () => {
2057
2245
  expect(result.logs).toBe(mockLogs);
2058
2246
  expect(result.environment_variables.count).toBe(2);
2059
2247
  expect(result.environment_variables.variables).toEqual([
2060
- { key: 'DATABASE_URL', is_build_time: false },
2061
- { key: 'NODE_ENV', is_build_time: true },
2248
+ { key: 'DATABASE_URL', is_buildtime: false, is_runtime: true },
2249
+ { key: 'NODE_ENV', is_buildtime: true, is_runtime: true },
2062
2250
  ]);
2063
2251
  expect(result.recent_deployments).toHaveLength(2);
2064
2252
  expect(result.errors).toBeUndefined();
2065
2253
  });
2254
+ it('should apply default flags when env var omits is_buildtime/is_runtime', async () => {
2255
+ // Hits the `?? false` / `?? true` fallback branches in the diagnose mapping
2256
+ // for legacy Coolify responses that don't carry both flags explicitly.
2257
+ const envVarsMissingFlags = [
2258
+ { id: 1, uuid: 'env-1', key: 'LEGACY_VAR', value: 'x' },
2259
+ ];
2260
+ mockFetch
2261
+ .mockResolvedValueOnce(mockResponse(mockApp))
2262
+ .mockResolvedValueOnce(mockResponse(mockLogs))
2263
+ .mockResolvedValueOnce(mockResponse(envVarsMissingFlags))
2264
+ .mockResolvedValueOnce(mockResponse({ count: 0, deployments: [] }));
2265
+ const result = await client.diagnoseApplication(testAppUuid);
2266
+ expect(result.environment_variables.variables).toEqual([
2267
+ { key: 'LEGACY_VAR', is_buildtime: false, is_runtime: true },
2268
+ ]);
2269
+ });
2066
2270
  it('should detect unhealthy application status', async () => {
2067
2271
  const unhealthyApp = { ...mockApp, status: 'exited:unhealthy' };
2068
2272
  mockFetch
@@ -2543,15 +2747,40 @@ describe('CoolifyClient', () => {
2543
2747
  // No API calls should be made
2544
2748
  expect(mockFetch).not.toHaveBeenCalled();
2545
2749
  });
2546
- it('should send build time flag when specified', async () => {
2750
+ it('should send buildtime flag when specified', async () => {
2547
2751
  mockFetch
2548
2752
  .mockResolvedValueOnce(mockResponse(mockApps))
2549
2753
  .mockResolvedValueOnce(mockResponse({ message: 'Updated' }));
2550
2754
  await client.bulkEnvUpdate(['app-1'], 'BUILD_VAR', 'value', true);
2551
- // Verify the PATCH call was made with is_build_time
2755
+ // Verify the PATCH call was made with is_buildtime (one word — Coolify API field name)
2756
+ expect(mockFetch).toHaveBeenCalledWith('http://localhost:3000/api/v1/applications/app-1/envs', expect.objectContaining({
2757
+ method: 'PATCH',
2758
+ body: JSON.stringify({ key: 'BUILD_VAR', value: 'value', is_buildtime: true }),
2759
+ }));
2760
+ });
2761
+ it('should send both buildtime and runtime flags for runtime-only vars', async () => {
2762
+ mockFetch
2763
+ .mockResolvedValueOnce(mockResponse(mockApps))
2764
+ .mockResolvedValueOnce(mockResponse({ message: 'Updated' }));
2765
+ await client.bulkEnvUpdate(['app-1'], 'PEM_KEY', 'multiline-value', false, true);
2766
+ expect(mockFetch).toHaveBeenCalledWith('http://localhost:3000/api/v1/applications/app-1/envs', expect.objectContaining({
2767
+ method: 'PATCH',
2768
+ body: JSON.stringify({
2769
+ key: 'PEM_KEY',
2770
+ value: 'multiline-value',
2771
+ is_buildtime: false,
2772
+ is_runtime: true,
2773
+ }),
2774
+ }));
2775
+ });
2776
+ it('should send only is_runtime when buildtime is left undefined', async () => {
2777
+ mockFetch
2778
+ .mockResolvedValueOnce(mockResponse(mockApps))
2779
+ .mockResolvedValueOnce(mockResponse({ message: 'Updated' }));
2780
+ await client.bulkEnvUpdate(['app-1'], 'API_KEY', 'val', undefined, false);
2552
2781
  expect(mockFetch).toHaveBeenCalledWith('http://localhost:3000/api/v1/applications/app-1/envs', expect.objectContaining({
2553
2782
  method: 'PATCH',
2554
- body: JSON.stringify({ key: 'BUILD_VAR', value: 'value', is_build_time: true }),
2783
+ body: JSON.stringify({ key: 'API_KEY', value: 'val', is_runtime: false }),
2555
2784
  }));
2556
2785
  });
2557
2786
  });
package/dist/__tests__/integration/diagnostics.integration.test.js CHANGED
@@ -54,11 +54,12 @@ describeFn('Diagnostic Integration Tests', () => {
54
54
  expect(result.environment_variables).toBeDefined();
55
55
  expect(typeof result.environment_variables.count).toBe('number');
56
56
  expect(Array.isArray(result.environment_variables.variables)).toBe(true);
57
- // Values should be hidden (only key and is_build_time exposed)
57
+ // Values should be hidden (only key, is_buildtime, is_runtime exposed)
58
58
  if (result.environment_variables.variables.length > 0) {
59
59
  const firstVar = result.environment_variables.variables[0];
60
60
  expect(firstVar).toHaveProperty('key');
61
- expect(firstVar).toHaveProperty('is_build_time');
61
+ expect(firstVar).toHaveProperty('is_buildtime');
62
+ expect(firstVar).toHaveProperty('is_runtime');
62
63
  expect(firstVar).not.toHaveProperty('value');
63
64
  }
64
65
  // Should have recent deployments array
package/dist/__tests__/mcp-server.test.js CHANGED
@@ -6,7 +6,7 @@
6
6
  * These tests verify MCP server instantiation and structure.
7
7
  */
8
8
  import { createRequire } from 'module';
9
- import { describe, it, expect, beforeEach } from '@jest/globals';
9
+ import { describe, it, expect, beforeEach, jest } from '@jest/globals';
10
10
  import { CoolifyMcpServer, VERSION, truncateLogs, getApplicationActions, getDeploymentActions, getPagination, } from '../lib/mcp-server.js';
11
11
  describe('CoolifyMcpServer v2', () => {
12
12
  let server;
@@ -161,6 +161,108 @@ describe('CoolifyMcpServer v2', () => {
161
161
  expect(client['accessToken']).toBe('test-token');
162
162
  });
163
163
  });
164
+ describe('env_vars tool handler', () => {
165
+ // Reach the SDK-registered handler so the is_buildtime / is_runtime
166
+ // passthrough lines are actually executed (not just type-checked).
167
+ const callEnvVars = async (srv, args) => {
168
+ const tool = srv._registeredTools['env_vars'];
169
+ return tool.handler(args, {});
170
+ };
171
+ it('forwards is_buildtime/is_runtime to createApplicationEnvVar', async () => {
172
+ const spy = jest
173
+ .spyOn(server['client'], 'createApplicationEnvVar')
174
+ .mockResolvedValue({ uuid: 'env-1' });
175
+ await callEnvVars(server, {
176
+ resource: 'application',
177
+ action: 'create',
178
+ uuid: 'app-uuid',
179
+ key: 'PEM_KEY',
180
+ value: '-----BEGIN-----',
181
+ is_buildtime: false,
182
+ is_runtime: true,
183
+ });
184
+ expect(spy).toHaveBeenCalledWith('app-uuid', {
185
+ key: 'PEM_KEY',
186
+ value: '-----BEGIN-----',
187
+ is_buildtime: false,
188
+ is_runtime: true,
189
+ });
190
+ });
191
+ it('forwards is_buildtime/is_runtime to updateApplicationEnvVar', async () => {
192
+ const spy = jest
193
+ .spyOn(server['client'], 'updateApplicationEnvVar')
194
+ .mockResolvedValue({ message: 'Updated' });
195
+ await callEnvVars(server, {
196
+ resource: 'application',
197
+ action: 'update',
198
+ uuid: 'app-uuid',
199
+ key: 'NODE_ENV',
200
+ value: 'production',
201
+ is_buildtime: false,
202
+ is_runtime: true,
203
+ });
204
+ expect(spy).toHaveBeenCalledWith('app-uuid', {
205
+ key: 'NODE_ENV',
206
+ value: 'production',
207
+ is_buildtime: false,
208
+ is_runtime: true,
209
+ });
210
+ });
211
+ it('forwards is_buildtime/is_runtime to createServiceEnvVar', async () => {
212
+ const spy = jest
213
+ .spyOn(server['client'], 'createServiceEnvVar')
214
+ .mockResolvedValue({ uuid: 'env-1' });
215
+ await callEnvVars(server, {
216
+ resource: 'service',
217
+ action: 'create',
218
+ uuid: 'svc-uuid',
219
+ key: 'API_KEY',
220
+ value: 'secret',
221
+ is_buildtime: true,
222
+ is_runtime: undefined,
223
+ });
224
+ expect(spy).toHaveBeenCalledWith('svc-uuid', {
225
+ key: 'API_KEY',
226
+ value: 'secret',
227
+ is_buildtime: true,
228
+ is_runtime: undefined,
229
+ });
230
+ });
231
+ it('returns key/value error when create is missing required fields', async () => {
232
+ const result = (await callEnvVars(server, {
233
+ resource: 'application',
234
+ action: 'create',
235
+ uuid: 'app-uuid',
236
+ }));
237
+ expect(result.content[0].text).toContain('key, value required');
238
+ });
239
+ it('returns key/value error when service create is missing required fields', async () => {
240
+ const result = (await callEnvVars(server, {
241
+ resource: 'service',
242
+ action: 'create',
243
+ uuid: 'svc-uuid',
244
+ }));
245
+ expect(result.content[0].text).toContain('key, value required');
246
+ });
247
+ });
248
+ describe('bulk_env_update tool handler', () => {
249
+ it('forwards is_buildtime/is_runtime to bulkEnvUpdate', async () => {
250
+ const spy = jest.spyOn(server['client'], 'bulkEnvUpdate').mockResolvedValue({
251
+ summary: { total: 2, succeeded: 2, failed: 0 },
252
+ succeeded: [],
253
+ failed: [],
254
+ });
255
+ const tool = server._registeredTools['bulk_env_update'];
256
+ await tool.handler({
257
+ app_uuids: ['app-1', 'app-2'],
258
+ key: 'PEM_KEY',
259
+ value: 'multiline',
260
+ is_buildtime: false,
261
+ is_runtime: true,
262
+ }, {});
263
+ expect(spy).toHaveBeenCalledWith(['app-1', 'app-2'], 'PEM_KEY', 'multiline', false, true);
264
+ });
265
+ });
164
266
  });
165
267
  describe('truncateLogs', () => {
166
268
  // Plain text log tests
package/dist/lib/coolify-client.d.ts CHANGED
@@ -125,8 +125,16 @@ export declare class CoolifyClient {
125
125
  }): Promise<ApplicationActionResponse>;
126
126
  stopApplication(uuid: string): Promise<ApplicationActionResponse>;
127
127
  restartApplication(uuid: string): Promise<ApplicationActionResponse>;
128
+ /**
129
+ * List env vars for an application.
130
+ *
131
+ * Default behaviour masks `value` (and `real_value` on the full projection)
132
+ * with a sentinel string so secrets are not leaked to MCP clients. Pass
133
+ * `reveal: true` when the caller explicitly needs the plaintext value.
134
+ */
128
135
  listApplicationEnvVars(uuid: string, options?: {
129
136
  summary?: boolean;
137
+ reveal?: boolean;
130
138
  }): Promise<EnvironmentVariable[] | EnvVarSummary[]>;
131
139
  createApplicationEnvVar(uuid: string, data: CreateEnvVarRequest): Promise<UuidResponse>;
132
140
  updateApplicationEnvVar(uuid: string, data: UpdateEnvVarRequest): Promise<MessageResponse>;
@@ -155,7 +163,16 @@ export declare class CoolifyClient {
155
163
  startService(uuid: string): Promise<MessageResponse>;
156
164
  stopService(uuid: string): Promise<MessageResponse>;
157
165
  restartService(uuid: string): Promise<MessageResponse>;
158
- listServiceEnvVars(uuid: string): Promise<EnvironmentVariable[]>;
166
+ /**
167
+ * List env vars for a service.
168
+ *
169
+ * Default behaviour masks `value` (and `real_value`) with a sentinel string
170
+ * so secrets are not leaked to MCP clients. Pass `reveal: true` when the
171
+ * caller explicitly needs the plaintext value.
172
+ */
173
+ listServiceEnvVars(uuid: string, options?: {
174
+ reveal?: boolean;
175
+ }): Promise<EnvironmentVariable[]>;
159
176
  createServiceEnvVar(uuid: string, data: CreateEnvVarRequest): Promise<UuidResponse>;
160
177
  updateServiceEnvVar(uuid: string, data: UpdateEnvVarRequest): Promise<MessageResponse>;
161
178
  deleteServiceEnvVar(uuid: string, envUuid: string): Promise<MessageResponse>;
@@ -257,9 +274,10 @@ export declare class CoolifyClient {
257
274
  * @param appUuids - Array of application UUIDs
258
275
  * @param key - Environment variable key
259
276
  * @param value - Environment variable value
260
- * @param isBuildTime - Whether this is a build-time variable (default: false)
277
+ * @param isBuildtime - Sets the build-time flag on the variable when provided
278
+ * @param isRuntime - Sets the runtime flag on the variable when provided
261
279
  */
262
- bulkEnvUpdate(appUuids: string[], key: string, value: string, isBuildTime?: boolean): Promise<BatchOperationResult>;
280
+ bulkEnvUpdate(appUuids: string[], key: string, value: string, isBuildtime?: boolean, isRuntime?: boolean): Promise<BatchOperationResult>;
263
281
  /**
264
282
  * Emergency stop all running applications across entire infrastructure.
265
283
  */
package/dist/lib/coolify-client.js CHANGED
@@ -142,7 +142,42 @@ function toEnvVarSummary(envVar) {
142
142
  uuid: envVar.uuid,
143
143
  key: envVar.key,
144
144
  value: envVar.value,
145
- is_build_time: envVar.is_build_time,
145
+ is_buildtime: envVar.is_buildtime,
146
+ is_runtime: envVar.is_runtime,
147
+ };
148
+ }
149
+ /**
150
+ * Sentinel string used to replace plaintext env var values when masking.
151
+ * Exported via behaviour, not as a public API — clients should treat any
152
+ * non-real string as "value not returned".
153
+ */
154
+ const MASKED_VALUE = '***';
155
+ /**
156
+ * Mask the `value` and `real_value` fields on a full {@link EnvironmentVariable}.
157
+ * All other metadata (uuid, key, flags, timestamps, ids) is preserved verbatim.
158
+ *
159
+ * Applied at the API boundary so callers cannot accidentally leak secrets to
160
+ * an LLM client by forgetting to strip values downstream. Pair with the
161
+ * `reveal: true` opt-in on list methods when the caller genuinely needs the
162
+ * plaintext (e.g. "what is FOO set to right now?").
163
+ */
164
+ function maskEnvVar(envVar) {
165
+ const masked = {
166
+ ...envVar,
167
+ value: MASKED_VALUE,
168
+ };
169
+ if (envVar.real_value !== undefined) {
170
+ masked.real_value = MASKED_VALUE;
171
+ }
172
+ return masked;
173
+ }
174
+ /**
175
+ * Mask the `value` field on an {@link EnvVarSummary}. Metadata is preserved.
176
+ */
177
+ function maskEnvVarSummary(envVar) {
178
+ return {
179
+ ...envVar,
180
+ value: MASKED_VALUE,
146
181
  };
147
182
  }
148
183
  /**
@@ -192,7 +227,22 @@ export class CoolifyClient {
192
227
  });
193
228
  // Handle empty responses (204 No Content, etc.)
194
229
  const text = await response.text();
195
- const data = text ? JSON.parse(text) : {};
230
+ const contentType = response.headers?.get('Content-Type')?.toLowerCase() ?? '';
231
+ const isJsonResponse = !contentType || contentType.includes('application/json') || contentType.includes('+json');
232
+ let data = {};
233
+ if (text) {
234
+ if (isJsonResponse) {
235
+ try {
236
+ data = JSON.parse(text);
237
+ }
238
+ catch {
239
+ data = text;
240
+ }
241
+ }
242
+ else {
243
+ data = text;
244
+ }
245
+ }
196
246
  if (!response.ok) {
197
247
  const error = data;
198
248
  // Include validation errors if present
@@ -476,9 +526,21 @@ export class CoolifyClient {
476
526
  // ===========================================================================
477
527
  // Application Environment Variables
478
528
  // ===========================================================================
529
+ /**
530
+ * List env vars for an application.
531
+ *
532
+ * Default behaviour masks `value` (and `real_value` on the full projection)
533
+ * with a sentinel string so secrets are not leaked to MCP clients. Pass
534
+ * `reveal: true` when the caller explicitly needs the plaintext value.
535
+ */
479
536
  async listApplicationEnvVars(uuid, options) {
480
537
  const envVars = await this.request(`/applications/${uuid}/envs`);
481
- return options?.summary ? envVars.map(toEnvVarSummary) : envVars;
538
+ const reveal = options?.reveal === true;
539
+ if (options?.summary) {
540
+ const summaries = envVars.map(toEnvVarSummary);
541
+ return reveal ? summaries : summaries.map(maskEnvVarSummary);
542
+ }
543
+ return reveal ? envVars : envVars.map(maskEnvVar);
482
544
  }
483
545
  async createApplicationEnvVar(uuid, data) {
484
546
  return this.request(`/applications/${uuid}/envs`, {
@@ -661,8 +723,16 @@ export class CoolifyClient {
661
723
  // ===========================================================================
662
724
  // Service Environment Variables
663
725
  // ===========================================================================
664
- async listServiceEnvVars(uuid) {
665
- return this.request(`/services/${uuid}/envs`);
726
+ /**
727
+ * List env vars for a service.
728
+ *
729
+ * Default behaviour masks `value` (and `real_value`) with a sentinel string
730
+ * so secrets are not leaked to MCP clients. Pass `reveal: true` when the
731
+ * caller explicitly needs the plaintext value.
732
+ */
733
+ async listServiceEnvVars(uuid, options) {
734
+ const envVars = await this.request(`/services/${uuid}/envs`);
735
+ return options?.reveal === true ? envVars : envVars.map(maskEnvVar);
666
736
  }
667
737
  async createServiceEnvVar(uuid, data) {
668
738
  return this.request(`/services/${uuid}/envs`, {
@@ -1026,7 +1096,8 @@ export class CoolifyClient {
1026
1096
  count: envVars?.length || 0,
1027
1097
  variables: (envVars || []).map((v) => ({
1028
1098
  key: v.key,
1029
- is_build_time: v.is_build_time ?? false,
1099
+ is_buildtime: v.is_buildtime ?? false,
1100
+ is_runtime: v.is_runtime ?? true,
1030
1101
  })),
1031
1102
  },
1032
1103
  recent_deployments: (deployments || []).slice(0, 5).map((d) => ({
@@ -1292,9 +1363,10 @@ export class CoolifyClient {
1292
1363
  * @param appUuids - Array of application UUIDs
1293
1364
  * @param key - Environment variable key
1294
1365
  * @param value - Environment variable value
1295
- * @param isBuildTime - Whether this is a build-time variable (default: false)
1366
+ * @param isBuildtime - Sets the build-time flag on the variable when provided
1367
+ * @param isRuntime - Sets the runtime flag on the variable when provided
1296
1368
  */
1297
- async bulkEnvUpdate(appUuids, key, value, isBuildTime = false) {
1369
+ async bulkEnvUpdate(appUuids, key, value, isBuildtime, isRuntime) {
1298
1370
  // Early return for empty array - avoid unnecessary API call
1299
1371
  if (appUuids.length === 0) {
1300
1372
  return {
@@ -1311,7 +1383,12 @@ export class CoolifyClient {
1311
1383
  uuid,
1312
1384
  name: appMap.get(uuid) || uuid,
1313
1385
  }));
1314
- const results = await Promise.allSettled(appUuids.map((uuid) => this.updateApplicationEnvVar(uuid, { key, value, is_build_time: isBuildTime })));
1386
+ const results = await Promise.allSettled(appUuids.map((uuid) => this.updateApplicationEnvVar(uuid, {
1387
+ key,
1388
+ value,
1389
+ is_buildtime: isBuildtime,
1390
+ is_runtime: isRuntime,
1391
+ })));
1315
1392
  return this.aggregateBatchResults(resources, results);
1316
1393
  }
1317
1394
  /**
package/dist/lib/mcp-server.js CHANGED
@@ -682,27 +682,39 @@ export class CoolifyMcpServer extends McpServer {
682
682
  // =========================================================================
683
683
  // Environment Variables (1 tool - consolidated)
684
684
  // =========================================================================
685
- this.tool('env_vars', 'Manage env vars for app or service', {
685
+ this.tool('env_vars', "Manage env vars for app or service. Values are masked by default (returned as '***') to avoid leaking secrets to MCP clients; pass reveal=true on the list action when the caller explicitly needs the plaintext (e.g. 'what is FOO set to?'). Set is_buildtime=false (and/or is_runtime=true) for runtime-only vars to avoid Dockerfile ARG issues with multiline values like PEM keys.", {
686
686
  resource: z.enum(['application', 'service']),
687
687
  action: z.enum(['list', 'create', 'update', 'delete']),
688
688
  uuid: z.string(),
689
689
  key: z.string().optional(),
690
690
  value: z.string().optional(),
691
691
  env_uuid: z.string().optional(),
692
- }, async ({ resource, action, uuid, key, value, env_uuid }) => {
692
+ is_buildtime: z.boolean().optional(),
693
+ is_runtime: z.boolean().optional(),
694
+ reveal: z.boolean().optional(),
695
+ }, async ({ resource, action, uuid, key, value, env_uuid, is_buildtime, is_runtime, reveal, }) => {
693
696
  if (resource === 'application') {
694
697
  switch (action) {
695
698
  case 'list':
696
- return wrap(() => this.client.listApplicationEnvVars(uuid, { summary: true }));
699
+ return wrap(() => this.client.listApplicationEnvVars(uuid, { summary: true, reveal }));
697
700
  case 'create':
698
701
  if (!key || !value)
699
702
  return { content: [{ type: 'text', text: 'Error: key, value required' }] };
700
- // Note: is_build_time is not passed - Coolify API rejects it for create action
701
- return wrap(() => this.client.createApplicationEnvVar(uuid, { key, value }));
703
+ return wrap(() => this.client.createApplicationEnvVar(uuid, {
704
+ key,
705
+ value,
706
+ is_buildtime,
707
+ is_runtime,
708
+ }));
702
709
  case 'update':
703
710
  if (!key || !value)
704
711
  return { content: [{ type: 'text', text: 'Error: key, value required' }] };
705
- return wrap(() => this.client.updateApplicationEnvVar(uuid, { key, value }));
712
+ return wrap(() => this.client.updateApplicationEnvVar(uuid, {
713
+ key,
714
+ value,
715
+ is_buildtime,
716
+ is_runtime,
717
+ }));
706
718
  case 'delete':
707
719
  if (!env_uuid)
708
720
  return { content: [{ type: 'text', text: 'Error: env_uuid required' }] };
@@ -712,11 +724,16 @@ export class CoolifyMcpServer extends McpServer {
712
724
  else {
713
725
  switch (action) {
714
726
  case 'list':
715
- return wrap(() => this.client.listServiceEnvVars(uuid));
727
+ return wrap(() => this.client.listServiceEnvVars(uuid, { reveal }));
716
728
  case 'create':
717
729
  if (!key || !value)
718
730
  return { content: [{ type: 'text', text: 'Error: key, value required' }] };
719
- return wrap(() => this.client.createServiceEnvVar(uuid, { key, value }));
731
+ return wrap(() => this.client.createServiceEnvVar(uuid, {
732
+ key,
733
+ value,
734
+ is_buildtime,
735
+ is_runtime,
736
+ }));
720
737
  case 'update':
721
738
  return {
722
739
  content: [
@@ -1056,8 +1073,9 @@ export class CoolifyMcpServer extends McpServer {
1056
1073
  app_uuids: z.array(z.string()),
1057
1074
  key: z.string(),
1058
1075
  value: z.string(),
1059
- is_build_time: z.boolean().optional(),
1060
- }, async ({ app_uuids, key, value, is_build_time }) => wrap(() => this.client.bulkEnvUpdate(app_uuids, key, value, is_build_time)));
1076
+ is_buildtime: z.boolean().optional(),
1077
+ is_runtime: z.boolean().optional(),
1078
+ }, async ({ app_uuids, key, value, is_buildtime, is_runtime }) => wrap(() => this.client.bulkEnvUpdate(app_uuids, key, value, is_buildtime, is_runtime)));
1061
1079
  this.tool('stop_all_apps', 'EMERGENCY: Stop all running apps', { confirm: z.literal(true) }, async ({ confirm }) => {
1062
1080
  if (!confirm)
1063
1081
  return { content: [{ type: 'text', text: 'Error: confirm=true required' }] };
package/dist/types/coolify.d.ts CHANGED
@@ -344,7 +344,8 @@ export interface EnvironmentVariable {
344
344
  uuid: string;
345
345
  key: string;
346
346
  value: string;
347
- is_build_time: boolean;
347
+ is_buildtime: boolean;
348
+ is_runtime: boolean;
348
349
  is_literal: boolean;
349
350
  is_multiline: boolean;
350
351
  is_preview: boolean;
@@ -365,7 +366,8 @@ export interface CreateEnvVarRequest {
365
366
  is_literal?: boolean;
366
367
  is_multiline?: boolean;
367
368
  is_shown_once?: boolean;
368
- is_build_time?: boolean;
369
+ is_buildtime?: boolean;
370
+ is_runtime?: boolean;
369
371
  }
370
372
  export interface UpdateEnvVarRequest {
371
373
  key: string;
@@ -374,7 +376,8 @@ export interface UpdateEnvVarRequest {
374
376
  is_literal?: boolean;
375
377
  is_multiline?: boolean;
376
378
  is_shown_once?: boolean;
377
- is_build_time?: boolean;
379
+ is_buildtime?: boolean;
380
+ is_runtime?: boolean;
378
381
  }
379
382
  export interface BulkUpdateEnvVarsRequest {
380
383
  data: CreateEnvVarRequest[];
@@ -383,7 +386,8 @@ export interface EnvVarSummary {
383
386
  uuid: string;
384
387
  key: string;
385
388
  value: string;
386
- is_build_time: boolean;
389
+ is_buildtime: boolean;
390
+ is_runtime: boolean;
387
391
  }
388
392
  export type DatabaseType = 'postgresql' | 'mysql' | 'mariadb' | 'mongodb' | 'redis' | 'keydb' | 'clickhouse' | 'dragonfly';
389
393
  export interface DatabaseLimits {
@@ -844,7 +848,8 @@ export interface ApplicationDiagnostic {
844
848
  count: number;
845
849
  variables: Array<{
846
850
  key: string;
847
- is_build_time: boolean;
851
+ is_buildtime: boolean;
852
+ is_runtime: boolean;
848
853
  }>;
849
854
  };
850
855
  recent_deployments: Array<{
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@masonator/coolify-mcp",
3
3
  "scope": "@masonator",
4
- "version": "2.8.1",
4
+ "version": "2.9.0",
5
5
  "mcpName": "io.github.StuMason/coolify",
6
6
  "description": "MCP server for Coolify — 38 optimized tools for infrastructure management, diagnostics, and documentation search",
7
7
  "type": "module",
@@ -75,8 +75,8 @@
75
75
  "globals": "^17.0.0",
76
76
  "husky": "^9.0.11",
77
77
  "jest": "^30.3.0",
78
- "jest-junit": "^16.0.0",
79
- "lint-staged": "^16.2.7",
78
+ "jest-junit": "^17.0.0",
79
+ "lint-staged": "^17.0.4",
80
80
  "markdownlint-cli2": "^0.22.0",
81
81
  "prettier": "^3.5.3",
82
82
  "shx": "^0.4.0",