@octopusdeploy/mcp-server 1.1.0 → 2.1.0

package/README.md

@@ -20,14 +20,10 @@ Most tools exposed by the MCP Server use stable APIs that have been available fr
 
 ### Install via Docker
 
-Run with environment variables
-```bash
-docker run -i --rm -e OCTOPUS_API_KEY=your-key -e OCTOPUS_SERVER_URL=https://your-octopus.com octopusdeploy/mcp-server
-```
+Credentials must be supplied via environment variables to avoid exposing them in the host process list (`ps aux` / `/proc/<pid>/cmdline`). The Octopus server URL can still be supplied via the `--server-url` flag.
 
-Run with CLI arguments
 ```bash
-docker run -i --rm octopusdeploy/mcp-server --server-url https://your-octopus.com --api-key YOUR_API_KEY
+docker run -i --rm -e OCTOPUS_API_KEY=your-key -e OCTOPUS_SERVER_URL=https://your-octopus.com octopusdeploy/mcp-server
 ```
 
 Full example configuration (for Claude Desktop, Claude Code, and Cursor):
@@ -41,12 +37,16 @@ Full example configuration (for Claude Desktop, Claude Code, and Cursor):
         "run",
         "-i",
         "--rm",
-        "octopusdeploy/mcp-server",
-        "--server-url",
-        "https://your-octopus.com",
-        "--api-key",
-        "YOUR_API_KEY"
-      ]
+        "-e",
+        "OCTOPUS_SERVER_URL",
+        "-e",
+        "OCTOPUS_API_KEY",
+        "octopusdeploy/mcp-server"
+      ],
+      "env": {
+        "OCTOPUS_SERVER_URL": "https://your-octopus.com",
+        "OCTOPUS_API_KEY": "YOUR_API_KEY"
+      }
     },
   }
 }
@@ -65,59 +65,105 @@ We are planning to release a native ARM build shortly so that those arguments wi
 #### Requirements
 - Node.js >= v20.0.0
 - Octopus Deploy instance that can be accessed by the MCP server via HTTPS
-- Octopus Deploy API Key
+- Octopus Deploy API Key or Access Token (see [Authentication](#authentication) below)
 
 #### Configuration
 
 Full example configuration (for Claude Desktop, Claude Code, and Cursor):
 
-**Read-only mode (default, recommended for production):**
+**Write tools enabled (default):**
 ```json
 {
   "mcpServers": {
     "octopusdeploy": {
       "type": "stdio",
       "command": "npx",
-      "args": ["-y", "@octopusdeploy/mcp-server", "--api-key", "YOUR_API_KEY", "--server-url", "https://your-octopus.com"]
+      "args": ["-y", "@octopusdeploy/mcp-server"],
+      "env": {
+        "OCTOPUS_SERVER_URL": "https://your-octopus.com",
+        "OCTOPUS_API_KEY": "YOUR_API_KEY"
+      }
     }
   }
 }
 ```
 
-**Write mode enabled (for development/testing):**
+**Read-only mode (recommended for production):**
 ```json
 {
   "mcpServers": {
     "octopusdeploy": {
       "type": "stdio",
       "command": "npx",
-      "args": ["-y", "@octopusdeploy/mcp-server", "--api-key", "YOUR_API_KEY", "--server-url", "https://your-octopus.com", "--no-read-only"]
+      "args": ["-y", "@octopusdeploy/mcp-server", "--read-only"],
+      "env": {
+        "OCTOPUS_SERVER_URL": "https://your-octopus.com",
+        "OCTOPUS_API_KEY": "YOUR_API_KEY"
+      }
     }
   }
 }
 ```
 
-The Octopus MCP Server is typically configured within your AI Client of choice. 
+The Octopus MCP Server is typically configured within your AI Client of choice.
 
-It is packaged as an npm package and executed via Node's `npx` command. Your configuration will include the command invocation `npx`, and a set of arguments that supply the Octopus MCP Server package and provide the Octopus Server URL and API key required, if they are not available as environment variables.
-
-The command line invocation you will be configuring will be one of the two following variants:
+It is packaged as an npm package and executed via Node's `npx` command. Credentials (API key or access token) must be supplied via environment variables — they are not accepted as command-line arguments to avoid exposing secrets in the process list. The Octopus server URL may be supplied via either the `OCTOPUS_SERVER_URL` environment variable or the `--server-url` flag.
 
 ```bash
+OCTOPUS_API_KEY=API-KEY \
+OCTOPUS_SERVER_URL=https://your-octopus.com \
 npx -y @octopusdeploy/mcp-server
 ```
 
-With configuration provided via environment variables:
+Or with the server URL on the command line:
+```bash
+OCTOPUS_API_KEY=API-KEY \
+npx -y @octopusdeploy/mcp-server --server-url https://your-octopus.com
+```
+
+### Authentication
+
+The MCP server supports two authentication methods. Both are supplied via environment variables — credentials are not accepted on the command line because flags are visible in the host process list to any local user.
+
+#### API Key (recommended for interactive use)
+
+API keys are the standard authentication method for Octopus Deploy. You can generate one from your Octopus Deploy user profile.
+
 ```bash
-OCTOPUS_API_KEY=API-KEY
-OCTOPUS_SERVER_URL=https://your-octopus.com
+OCTOPUS_API_KEY=API-XXXXXXXXXXXXXXXXXXXXXXXXXX \
+OCTOPUS_SERVER_URL=https://your-octopus.com \
+npx -y @octopusdeploy/mcp-server
 ```
 
-Or with configuration supplied via the command line:
+#### Access Token / Bearer Token (automated scenarios only)
+
+The server also supports short-lived access tokens (Bearer tokens) as an alternative to API keys. This authentication method is intended **only for automated scenarios** where an external system issues a short-lived token to the MCP server (e.g., CI/CD pipelines, automated orchestration, or machine-to-machine workflows). Do not use long-lived Bearer tokens — use API keys instead for interactive or long-running sessions.
+
 ```bash
-npx -y @octopusdeploy/mcp-server --server-url https://your-octopus.com --api-key YOUR_API_KEY
+OCTOPUS_ACCESS_TOKEN=your-short-lived-token \
+OCTOPUS_SERVER_URL=https://your-octopus.com \
+npx -y @octopusdeploy/mcp-server
 ```
 
+Full example configuration with an access token:
+```json
+{
+  "mcpServers": {
+    "octopusdeploy": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@octopusdeploy/mcp-server"],
+      "env": {
+        "OCTOPUS_SERVER_URL": "https://your-octopus.com",
+        "OCTOPUS_ACCESS_TOKEN": "YOUR_TOKEN"
+      }
+    }
+  }
+}
+```
+
+If both an API key and an access token are provided, the access token takes precedence. The active authentication method is recorded in the log file (configurable with `--log-file`) so operators can confirm which credential is in use.
+
 ### Configuration Options
 
 The Octopus MCP Server supports several command-line options to customize which tools are available. 
@@ -143,47 +189,68 @@ Available toolsets:
 - **projects** - Project operations
 - **deployments** - Deployment operations
 - **releases** - Release management
+- **runbooks** - Runbook discovery and execution
 - **tasks** - Task operations
 - **tenants** - Multi-tenancy operations
 - **kubernetes** - Kubernetes operations
 - **machines** - Deployment target operations
 - **certificates** - Certificate operations
 - **accounts** - Account operations
+- **interruptions** - Manual intervention and approval operations
+- **featureToggles** - Inspect and lightly adjust customer feature toggles
+- **context** - Authenticated user and project context (current user, Git branches)
 
 #### Read-Only Mode
-The server runs in read-only mode by default for security. Most tools are read-only operations, but some tools can perform write operations (like creating releases and deployments).
+The server runs with write tools enabled by default. Pass `--read-only` to disable all write tools and block POST/PUT/PATCH/DELETE through the `execute` backstop. Most curated tools are already read-only; only a small set perform writes.
 
-**Write-enabled tools:**
+**Write-enabled tools (always-write):**
 - `create_release` - Create new releases
 - `deploy_release` - Deploy releases to environments and tenants
+- `run_runbook` - Run a runbook against one or more environments (and optional tenants)
+- `update_feature_toggle` - Adjust per-environment state and rollout percentages on an existing feature toggle
 
-To use write-enabled tools, you must explicitly disable read-only mode:
+**Conditionally-writing tool:** `execute` is a structured REST backstop whose tier (read / write / delete) is determined by the HTTP method passed to it. See the [API Catalog & Backstop](#api-catalog--backstop) section for details.
+
+Write tools are gated by an MCP elicitation prompt: clients that support elicitation will be asked to confirm before the call proceeds. Clients without elicitation support must pass `confirm: true` in the tool arguments — otherwise the tool aborts with an error. Set `OCTOPUS_SKIP_ELICITATION=true` to bypass the gate entirely (intended for unattended automation).
+
+The server uses a three-tier read/write/delete classification, enforced server-side based on the HTTP method (the agent cannot bypass this by lying about intent):
+
+- **read** — always allowed. GET requests through `execute`, plus all `find_*` / `get_*` / `list_*` tools.
+- **write** — POST/PUT/PATCH through `execute` and the always-write tools above. Blocked when `--read-only` is set.
+- **delete** — DELETE through `execute`. Requires `--allow-deletes` and is blocked when `--read-only` is set. A small set of catastrophic-delete paths (e.g. `DELETE /api/spaces/{id}`, `DELETE /api/users/{id}`) and API-key endpoints are on a hard sensitive denylist that ignores both flags.
 
 ```bash
-# Run in read-only mode (default) - write tools are disabled
+# Default - write tools enabled (POST/PUT/PATCH)
 npx -y @octopusdeploy/mcp-server
 
-# Disable read-only mode to enable write operations
-npx -y @octopusdeploy/mcp-server --no-read-only
+# Read-only mode - write/delete tools disabled
+npx -y @octopusdeploy/mcp-server --read-only
+
+# Additionally permit DELETE requests through the execute tool
+npx -y @octopusdeploy/mcp-server --allow-deletes
 ```
 
-**Security Note:** When disabling read-only mode, ensure you use an API key with appropriate, least-privilege permissions. Write operations can create releases and trigger deployments in your Octopus instance.
+**Security Note:** Use an API key with appropriate, least-privilege permissions — write operations can create releases and trigger deployments in your Octopus instance. For production, consider passing `--read-only` unless you have a specific, controlled use case for writes. `--allow-deletes` is off by default; only enable it when the agent must issue DELETE requests through `execute`. If you pass `--allow-deletes` together with `--read-only`, the server prints a startup warning to stderr — DELETE requests remain blocked by the read-only gate.
 
 #### Complete Examples
 
+All examples below assume `OCTOPUS_API_KEY` is set in the environment. The `--server-url` flag is shown for clarity but can also be provided via `OCTOPUS_SERVER_URL`.
+
 ```bash
 # Development setup with only core and project tools
-npx -y @octopusdeploy/mcp-server --toolsets core,projects --server-url https://your-octopus.com --api-key YOUR_API_KEY
+npx -y @octopusdeploy/mcp-server --toolsets core,projects --server-url https://your-octopus.com
 
-# Full production setup with all tools (read-only by default)
-npx -y @octopusdeploy/mcp-server --toolsets all --server-url https://your-octopus.com --api-key YOUR_API_KEY
+# Production setup with all tools and read-only enforcement
+npx -y @octopusdeploy/mcp-server --toolsets all --read-only --server-url https://your-octopus.com
 
-# Development setup with write operations enabled
-npx -y @octopusdeploy/mcp-server --no-read-only --server-url https://your-octopus.com --api-key YOUR_API_KEY
+# Default invocation - all tools and writes enabled
+npx -y @octopusdeploy/mcp-server --server-url https://your-octopus.com
 ```
 
 #### Other command line arguments
 
+* `--read-only` - Enable read-only mode: disable all curated write tools and block POST/PUT/PATCH/DELETE through `execute`. Writes are enabled by default; this flag turns them off. See [Read-Only Mode](#read-only-mode).
+* `--allow-deletes` - Permit DELETE requests through the `execute` tool. Has no effect when `--read-only` is set. Default `false`.
 * `--log-level <level>` - Minimum log level (info, error)
 * `--log-file <path>` - Log file path or filename. If not specified, logs are written to console only
 * `-q, --quiet` - Disable file logging, only log errors to console
@@ -191,10 +258,65 @@ npx -y @octopusdeploy/mcp-server --no-read-only --server-url https://your-octopu
 
 ## 🔨 Tools
 
+### URL-Based Tools
+
+**Quick start**: Paste Octopus URLs directly to investigate issues without manual ID extraction.
+
+- `get_deployment_from_url`: Get deployment details from deployment URL (returns taskId for follow-up)
+- `get_task_from_url`: Get task details and logs from task URL
+
+**Deployment investigation workflow:**
+```
+1. get_deployment_from_url with deployment URL
+   → Returns deployment context + taskResourceUri + grepTaskLogHint
+
+2a. Fetch the structured activity tree via resources/read (or read_resource)
+    octopus://spaces/{spaceName}/tasks/{taskId}/details
+
+2b. Or call grep_task_log with the taskId to search the raw log without
+    fetching the full body:
+       grep_task_log({ spaceName, taskId, pattern: "error|fail", caseInsensitive: true })
+```
+
+**Task investigation** (direct task URL):
+```
+get_task_from_url with task URL
+→ Returns task details and logs immediately
+```
+
+These tools eliminate manual ID extraction by:
+- Parsing URLs automatically
+- Resolving space IDs to space names
+- Validating ID formats
+- Providing clear error messages
+
+**Example URLs:**
+- Deployment: `https://your-octopus.com/app#/Spaces-1/projects/my-app/deployments/Deployments-123`
+- Task: `https://your-octopus.com/app#/Spaces-1/tasks/ServerTasks-456`
+
+See [Working with URLs](docs/working-with-urls.md) for detailed workflows, examples, and best practices.
+
 ### Core Tools
 - `list_spaces`: List all spaces in the Octopus Deploy instance
 - `list_environments`: List all environments in a given space
 
+### API Catalog & Backstop
+
+These tools and resources let the agent reach Octopus REST endpoints that don't have a dedicated curated tool, with hard server-side gating between read, write, and delete operations.
+
+- `grep_llms_txt`: Search the Octopus API catalog (`octopus://api/llms.txt`) with grep-style semantics (minimum supported Octopus version: `2026.2.3916`). The catalog body is large (typically 300+ KB) — call this rather than reading the resource body directly. Parameters mirror GNU grep (`pattern`, `caseInsensitive`, `invertMatch`, `fixedString`, `beforeContext`, `afterContext`, `maxCount`). Useful for discovering endpoints (`POST /releases`), enumerating delete endpoints (`DELETE `), or finding the body type for a write operation (`Body: Create.*Command`).
+- `execute`: Structured REST backstop. Reaches any Octopus endpoint covered by the per-toolset path allowlist. The HTTP method is the authoritative read/write/delete classifier — never an `isWrite` flag the LLM can set. Method gating is hard-coded server-side:
+   - `GET` is always allowed (subject to the path allowlist + sensitive denylist).
+   - `POST`/`PUT`/`PATCH` are blocked when `--read-only` is set; otherwise they require user confirmation via elicitation.
+   - `DELETE` requires `--allow-deletes` (and is blocked when `--read-only` is set) plus a stronger "IRREVERSIBLE" elicitation message.
+   - The sensitive denylist (API-key endpoints, `DELETE /api/spaces/{id}`, `DELETE /api/users/{id}`) is enforced even with both flags on.
+   - The path allowlist is scoped per toolset — disabling a toolset (e.g. `certificates`) makes its paths unreachable through `execute`, even on GET.
+
+Catalog data is also exposed as MCP Resources:
+
+- `octopus://api/llms.txt` — markdown catalog of every Octopus REST endpoint (HTTP method, path, query params, request/response types). Requires Octopus Server `2026.2.3916` or later. 5-minute in-memory cache keyed on the configured server URL. **Prefer `grep_llms_txt` to reading the body directly.**
+- `octopus://api/capabilities` — JSON describing the running session: server version, enabled toolsets, available tools (with their `minimumOctopusVersion`), and whether `--read-only` / `--allow-deletes` is on. Useful for the agent to discover what's reachable in this session.
+
 ### Projects
 - `list_projects`: List all projects in a given space
 
@@ -204,13 +326,27 @@ npx -y @octopusdeploy/mcp-server --no-read-only --server-url https://your-octopu
 
 ### Releases
 - `create_release`: Create a new release for a project
-- `find_releases`: Find releases in a space (can get a specific release by ID or list all releases)
-- `list_releases_for_project`: List all releases for a specific project
+- `find_releases`: Find releases in a space (can get a specific release by ID, or list/filter releases by project)
+
+Release detail is also available as an MCP Resource at `octopus://spaces/{spaceName}/releases/{releaseId}` — fetch via `resources/read` (or the `read_resource` backstop tool) to get the full release body, including release notes and selected packages.
+
+### Runbooks
+- `find_runbooks`: Find runbooks in a project (can get a specific runbook by ID, or list/filter runbooks by partial name). Each summary includes the published snapshot ID, multi-tenancy mode, and environment scope so callers can pick valid targets before running.
+- `run_runbook`: Run a runbook against one or more environments. Supports tenanted runs (by tenant name or tenant tag), prompted variables, guided failure mode, scheduled run windows, and step or machine inclusion/exclusion. Defaults to the runbook's published snapshot if `runbookSnapshotId` is omitted.
+
+The full runbook body (including runtime policy fields) is available as an MCP Resource at `octopus://spaces/{spaceName}/runbooks/{runbookId}`.
 
 ### Tasks
-- `get_task_by_id`: Get details for a specific server task by its ID
-- `get_task_details`: Get detailed information for a specific server task
-- `get_task_raw`: Get raw details for a specific server task
+Task data is primarily exposed as MCP Resources. Use `resources/read` (or the `read_resource` backstop tool) with one of:
+
+- `octopus://spaces/{spaceName}/tasks/{taskId}` — lightweight metadata (state, timing, completion flags)
+- `octopus://spaces/{spaceName}/tasks/{taskId}/details` — full ServerTaskDetails (Progress, ActivityLogs tree, etc.)
+
+For log search, use the `grep_task_log` tool rather than a `/log` resource:
+
+- `grep_task_log`: Search a task's activity log without fetching the full body. Parameters mirror GNU grep (`pattern`, `caseInsensitive`, `invertMatch`, `fixedString`, `beforeContext`, `afterContext`, `maxCount`). Returns matching lines with 1-indexed `lineNumber`, optional before/after context arrays, and a `totalMatches` count across the whole log.
+
+There is intentionally no `/log` resource: activity logs can be multi-megabyte, and an addressable resource would tempt callers to fetch the entire body when grep is almost always the right primitive.
 
 ### Tenants
 - `find_tenants`: Find tenants in a space (can get a specific tenant by ID or list/search tenants with filters)
@@ -229,8 +365,20 @@ npx -y @octopusdeploy/mcp-server --no-read-only --server-url https://your-octopu
 ### Accounts
 - `find_accounts`: Find accounts in a space (can get a specific account by ID or list/search accounts with filters)
 
+### Interruptions
+- `find_interruptions`: Find pending or historical interruptions (manual interventions, approvals, guided-failure prompts) in a space, optionally filtered by task, project, environment, regarding document, responsibility, or pending state. Returns slim summaries; dereference the `octopus://spaces/{spaceName}/interruptions/{interruptionId}` resource for the full Form definition (control types, Markdown instructions, button options, submitted Form.Values).
+
+### Feature Toggles
+- `find_feature_toggles`: List customer feature toggles in a project. Each summary includes per-environment state (`isEnabled`, `rolloutPercentage`, `clientRolloutPercentage`) plus a `resourceUri` so "where is X turned on" is answerable from the list response.
+- `update_feature_toggle`: Adjust an existing toggle. Narrow surface — flip an environment on/off, change rollout percentages, or update the toggle-level description / default state. Internally fetches the current toggle, applies your patches in memory, and PUTs the merged body, so unmentioned environments and unmentioned fields are preserved. Patches that reference an environment not already configured on the toggle are rejected.
+
+The full toggle body (description, tenants, segments, minimum versions) is available as an MCP Resource at `octopus://spaces/{spaceName}/projects/{projectId}/featuretoggles/{slug}`. Rollout group bodies are addressable at `octopus://spaces/{spaceName}/projects/{projectId}/rolloutgroups/{rolloutGroupId}` for read-only inspection.
+
+**Out of scope (use the Octopus UI):** creating new feature toggles, deleting toggles, renaming or retagging, attaching/detaching rollout groups, tenant targeting, segments, minimum-version filters, and rollout-group / SDK client-identifier management.
+
 ### Additional Tools
 - `get_deployment_process`: Get deployment process by ID for projects or releases
+- `get_variables`: Get all project variables and library variable set variables for a project (supports config-as-code projects via `gitRef`)
 - `get_branches`: Get Git branches for a version-controlled project (minimum supported version: `2021.2`)
 - `get_current_user`: Get information about the current authenticated user
 
@@ -244,16 +392,23 @@ The Octopus MCP Server includes both read and write operations. Important securi
 - Exercise caution when connecting to tools and models you do not fully trust
 
 ### Write Operations
-When read-only mode is disabled (`--no-read-only`), the following write operations are available:
+By default, the following write operations are available:
 - **Creating releases**: Can create new releases for projects
 - **Deploying releases**: Can trigger deployments to environments (including production)
+- **Running runbooks**: Can execute runbooks against environments and tenants
+- **Updating feature toggles**: Can flip per-environment state and change rollout percentages on existing toggles
+- **Arbitrary POST/PUT/PATCH via the `execute` backstop**: Subject to the per-toolset path allowlist and a sensitive denylist that's always-on.
+
+Pass `--read-only` to disable all of the above. DELETE requests through `execute` require an additional `--allow-deletes` flag — a deliberate opt-in for irreversible operations — and remain blocked when `--read-only` is set.
 
 **Critical Security Measures:**
 1. **Least Privilege**: Use API keys with the minimum permissions needed for your use case
-2. **Read-Only by Default**: The server defaults to read-only mode - you must explicitly opt-in to write operations
-3. **Prompt Injection Risk**: Running agents in fully automated fashion could make you vulnerable to prompt-injection attacks
+2. **Opt In to Read-Only Mode**: Writes are enabled by default. For production, pass `--read-only` unless you have a specific, controlled use case for write operations. DELETE always requires the additional `--allow-deletes` opt-in.
+3. **Method gating is server-side and hard-coded**: The HTTP method passed to `execute` is the authoritative classifier. The agent cannot bypass the gate by misrepresenting what the call does — POST/PUT/PATCH/DELETE requests get tier-specific gating regardless of the prose in the request body.
+4. **Toolset filtering doubles as a kill switch**: Disabling a toolset removes both its curated tools and its paths from the `execute` allowlist.
+5. **Prompt Injection Risk**: Running agents in fully automated fashion could make you vulnerable to prompt-injection attacks
 
-**Recommendation**: For production environments, use read-only mode unless you have a specific, controlled use case for write operations.
+**Recommendation**: For production environments, pass `--read-only` unless you have a specific, controlled use case for write operations. Leave `--allow-deletes` off unless you specifically need DELETE semantics through `execute`.
 
 ## ⚠️ Limitations
 

package/dist/helpers/activeToolsetConfig.d.ts

@@ -0,0 +1,4 @@
+import { type ToolsetConfig } from "../types/toolConfig.js";
+export declare function setActiveToolsetConfig(config: ToolsetConfig): void;
+export declare function getActiveToolsetConfig(): ToolsetConfig;
+//# sourceMappingURL=activeToolsetConfig.d.ts.map

package/dist/helpers/activeToolsetConfig.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"activeToolsetConfig.d.ts","sourceRoot":"","sources":["../../src/helpers/activeToolsetConfig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAc5D,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAElE;AAED,wBAAgB,sBAAsB,IAAI,aAAa,CAEtD"}

package/dist/helpers/activeToolsetConfig.js

@@ -0,0 +1,18 @@
+import {} from "../types/toolConfig.js";
+/**
+ * Per-session ToolsetConfig holder.
+ *
+ * Resource handlers and the `execute` tool both register eagerly via
+ * side-effect imports, so they don't have access to the per-session config
+ * at module-eval time. registerResources writes the active config here at
+ * startup; the catalog/capabilities resource and execute tool read it on
+ * demand.
+ */
+let activeConfig = {};
+export function setActiveToolsetConfig(config) {
+    activeConfig = config;
+}
+export function getActiveToolsetConfig() {
+    return activeConfig;
+}
+//# sourceMappingURL=activeToolsetConfig.js.map

package/dist/helpers/activeToolsetConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"activeToolsetConfig.js","sourceRoot":"","sources":["../../src/helpers/activeToolsetConfig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,MAAM,wBAAwB,CAAC;AAE5D;;;;;;;;GAQG;AAEH,IAAI,YAAY,GAAkB,EAAE,CAAC;AAErC,MAAM,UAAU,sBAAsB,CAAC,MAAqB;IAC1D,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,OAAO,YAAY,CAAC;AACtB,CAAC"}

package/dist/helpers/errorHandling.d.ts

@@ -27,9 +27,12 @@ export declare const ENTITY_PREFIXES: {
     readonly environment: "Environments-";
     readonly tenant: "Tenants-";
     readonly release: "Releases-";
+    readonly runbook: "Runbooks-";
     readonly machine: "Machines-";
     readonly certificate: "Certificates-";
     readonly account: "Accounts-";
+    readonly deployment: "Deployments-";
     readonly deploymentProcess: "DeploymentProcesses-";
+    readonly interruption: "Interruptions-";
 };
 //# sourceMappingURL=errorHandling.d.ts.map

package/dist/helpers/errorHandling.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errorHandling.d.ts","sourceRoot":"","sources":["../../src/helpers/errorHandling.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,OAAO,EACd,eAAe,EAAE,MAAM,GACtB,KAAK,IAAI,KAAK,CAIhB;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,OAAO,EACd,OAAO,EAAE;IACP,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACA,KAAK,CAmDP;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,EAAE,EAAE,MAAM,GAAG,SAAS,EACtB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,IAAI,CAeN;AAED;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;CAUlB,CAAC"}
+{"version":3,"file":"errorHandling.d.ts","sourceRoot":"","sources":["../../src/helpers/errorHandling.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,OAAO,EACd,eAAe,EAAE,MAAM,GACtB,KAAK,IAAI,KAAK,CAIhB;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,OAAO,EACd,OAAO,EAAE;IACP,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACA,KAAK,CAmDP;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,EAAE,EAAE,MAAM,GAAG,SAAS,EACtB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,IAAI,CAeN;AAED;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;CAalB,CAAC"}

package/dist/helpers/errorHandling.js

@@ -29,7 +29,7 @@ export function handleOctopusApiError(error, context) {
         isErrorWithMessage(error, "401") ||
         isErrorWithMessage(error, "You must be logged in to request this resource") ||
         isErrorWithMessage(error, "provide a valid API key")) {
-        throw new Error("Authentication failed. Ensure OCTOPUS_API_KEY environment variable is set with a valid API key. " +
+        throw new Error("Authentication failed. Ensure a valid API key (OCTOPUS_API_KEY) or access token (OCTOPUS_ACCESS_TOKEN) is provided. " +
             "You can generate an API key from your Octopus Deploy user profile.");
     }
     // Handle connection errors
@@ -64,9 +64,12 @@ export const ENTITY_PREFIXES = {
     environment: "Environments-",
     tenant: "Tenants-",
     release: "Releases-",
+    runbook: "Runbooks-",
     machine: "Machines-",
     certificate: "Certificates-",
     account: "Accounts-",
+    deployment: "Deployments-",
     deploymentProcess: "DeploymentProcesses-",
+    interruption: "Interruptions-",
 };
 //# sourceMappingURL=errorHandling.js.map

package/dist/helpers/errorHandling.js.map

@@ -1 +1 @@
-{"version":3,"file":"errorHandling.js","sourceRoot":"","sources":["../../src/helpers/errorHandling.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAc,EACd,eAAuB;IAEvB,OAAO,CACL,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,eAAe,CAAC,KAAK,IAAI,CAC5E,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAc,EACd,OAKC;IAED,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE9D,8BAA8B;IAC9B,IACE,kBAAkB,CAAC,KAAK,EAAE,WAAW,CAAC;QACtC,kBAAkB,CAAC,KAAK,EAAE,KAAK,CAAC,EAChC,CAAC;QACD,IAAI,UAAU,IAAI,QAAQ,IAAI,SAAS,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,yBAAyB,SAAS,KAAK;gBAC7G,CAAC,QAAQ;oBACP,cAAc,UAAU,6BAA6B,UAAU,IAAI,CAAC,CACzE,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CACb,UAAU,SAAS,uFAAuF,CAC3G,CAAC;QACJ,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IACE,kBAAkB,CAAC,KAAK,EAAE,gBAAgB,CAAC;QAC3C,kBAAkB,CAAC,KAAK,EAAE,KAAK,CAAC;QAChC,kBAAkB,CAChB,KAAK,EACL,gDAAgD,CACjD;QACD,kBAAkB,CAAC,KAAK,EAAE,yBAAyB,CAAC,EACpD,CAAC;QACD,MAAM,IAAI,KAAK,CACb,kGAAkG;YAChG,oEAAoE,CACvE,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IACE,kBAAkB,CAAC,KAAK,EAAE,SAAS,CAAC;QACpC,kBAAkB,CAAC,KAAK,EAAE,SAAS,CAAC,EACpC,CAAC;QACD,MAAM,IAAI,KAAK,CACb,iHAAiH;YAC/G,kFAAkF,CACrF,CAAC;IACJ,CAAC;IAED,8DAA8D;IAC9D,MAAM,KAAK,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,EAAsB,EACtB,UAAkB,EAClB,MAAc;IAEd,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,mEAAmE;QACnE,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,mBAAmB;YAC5E,YAAY,UAAU,aAAa,UAAU,OAAO,CACvD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,eAAe,EAAE,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,2BAA2B,MAAM,yBAAyB;YAC5J,YAAY,UAAU,mBAAmB,UAAU,OAAO,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,WAAW;IACpB,WAAW,EAAE,eAAe;IAC5B,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE,WAAW;IACpB,WAAW,EAAE,eAAe;IAC5B,OAAO,EAAE,WAAW;IACpB,iBAAiB,EAAE,sBAAsB;CACjC,CAAC"}
+{"version":3,"file":"errorHandling.js","sourceRoot":"","sources":["../../src/helpers/errorHandling.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAc,EACd,eAAuB;IAEvB,OAAO,CACL,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,eAAe,CAAC,KAAK,IAAI,CAC5E,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAc,EACd,OAKC;IAED,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE9D,8BAA8B;IAC9B,IACE,kBAAkB,CAAC,KAAK,EAAE,WAAW,CAAC;QACtC,kBAAkB,CAAC,KAAK,EAAE,KAAK,CAAC,EAChC,CAAC;QACD,IAAI,UAAU,IAAI,QAAQ,IAAI,SAAS,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,yBAAyB,SAAS,KAAK;gBAC7G,CAAC,QAAQ;oBACP,cAAc,UAAU,6BAA6B,UAAU,IAAI,CAAC,CACzE,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CACb,UAAU,SAAS,uFAAuF,CAC3G,CAAC;QACJ,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IACE,kBAAkB,CAAC,KAAK,EAAE,gBAAgB,CAAC;QAC3C,kBAAkB,CAAC,KAAK,EAAE,KAAK,CAAC;QAChC,kBAAkB,CAChB,KAAK,EACL,gDAAgD,CACjD;QACD,kBAAkB,CAAC,KAAK,EAAE,yBAAyB,CAAC,EACpD,CAAC;QACD,MAAM,IAAI,KAAK,CACb,sHAAsH;YACpH,oEAAoE,CACvE,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IACE,kBAAkB,CAAC,KAAK,EAAE,SAAS,CAAC;QACpC,kBAAkB,CAAC,KAAK,EAAE,SAAS,CAAC,EACpC,CAAC;QACD,MAAM,IAAI,KAAK,CACb,iHAAiH;YAC/G,kFAAkF,CACrF,CAAC;IACJ,CAAC;IAED,8DAA8D;IAC9D,MAAM,KAAK,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,EAAsB,EACtB,UAAkB,EAClB,MAAc;IAEd,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,mEAAmE;QACnE,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,mBAAmB;YAC5E,YAAY,UAAU,aAAa,UAAU,OAAO,CACvD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,eAAe,EAAE,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,2BAA2B,MAAM,yBAAyB;YAC5J,YAAY,UAAU,mBAAmB,UAAU,OAAO,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,WAAW;IACpB,WAAW,EAAE,eAAe;IAC5B,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE,WAAW;IACpB,WAAW,EAAE,eAAe;IAC5B,OAAO,EAAE,WAAW;IACpB,UAAU,EAAE,cAAc;IAC1B,iBAAiB,EAAE,sBAAsB;IACzC,YAAY,EAAE,gBAAgB;CACtB,CAAC"}

package/dist/helpers/getClientConfigurationFromEnvironment.d.ts

@@ -2,6 +2,8 @@ import { type ClientConfiguration } from "@octopusdeploy/api-client";
 export interface ConfigurationOptions {
     instanceURL?: string;
     apiKey?: string;
+    accessToken?: string;
 }
+export declare function getClientConfiguration(options?: ConfigurationOptions): ClientConfiguration;
 export declare function getClientConfigurationFromEnvironment(): ClientConfiguration;
 //# sourceMappingURL=getClientConfigurationFromEnvironment.d.ts.map

package/dist/helpers/getClientConfigurationFromEnvironment.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"getClientConfigurationFromEnvironment.d.ts","sourceRoot":"","sources":["../../src/helpers/getClientConfigurationFromEnvironment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAOrE,MAAM,WAAW,oBAAoB;IACnC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AA6BD,wBAAgB,qCAAqC,IAAI,mBAAmB,CAK3E"}
+{"version":3,"file":"getClientConfigurationFromEnvironment.d.ts","sourceRoot":"","sources":["../../src/helpers/getClientConfigurationFromEnvironment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAQrE,MAAM,WAAW,oBAAoB;IACnC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAaD,wBAAgB,sBAAsB,CAAC,OAAO,GAAE,oBAAyB,GAAG,mBAAmB,CAiC9F;AAED,wBAAgB,qCAAqC,IAAI,mBAAmB,CAM3E"}

package/dist/helpers/getClientConfigurationFromEnvironment.js

@@ -2,6 +2,7 @@ import {} from "@octopusdeploy/api-client";
 import { env } from "process";
 import { SEMVER_VERSION } from "../utils/version.js";
 import { getClientInfo } from "../utils/clientInfo.js";
+import { logger } from "../utils/logger.js";
 const USER_AGENT_NAME = "octopus-mcp-server";
 function isEmpty(value) {
     return !value || value.trim().length === 0;
@@ -11,11 +12,25 @@ function constructUserAgent() {
     const userAgent = `${USER_AGENT_NAME}/${SEMVER_VERSION} (${clientInfo.name}/${clientInfo.version})`;
     return userAgent;
 }
-function getClientConfiguration(options = {}) {
-    if (isEmpty(options.instanceURL) || isEmpty(options.apiKey)) {
-        throw new Error("Octopus server URL and API key must be provided either via command line arguments (--server-url, --api-key) or environment variables (OCTOPUS_SERVER_URL, OCTOPUS_API_KEY).");
+export function getClientConfiguration(options = {}) {
+    const hasApiKey = !isEmpty(options.apiKey);
+    const hasAccessToken = !isEmpty(options.accessToken);
+    if (isEmpty(options.instanceURL)) {
+        throw new Error("Octopus server URL must be provided either via command line argument (--server-url) or environment variable (OCTOPUS_SERVER_URL).");
+    }
+    if (!hasApiKey && !hasAccessToken) {
+        throw new Error("Octopus authentication must be provided via OCTOPUS_API_KEY or OCTOPUS_ACCESS_TOKEN environment variable.");
     }
     const userAgent = constructUserAgent();
+    if (hasAccessToken) {
+        logger.info("Authenticating with access token (Bearer)");
+        return {
+            userAgentApp: userAgent,
+            instanceURL: options.instanceURL,
+            accessToken: options.accessToken,
+        };
+    }
+    logger.info("Authenticating with API key");
     return {
         userAgentApp: userAgent,
         instanceURL: options.instanceURL,
@@ -25,7 +40,8 @@ function getClientConfiguration(options = {}) {
 export function getClientConfigurationFromEnvironment() {
     return getClientConfiguration({
         instanceURL: env["CLI_SERVER_URL"] || env["OCTOPUS_SERVER_URL"],
-        apiKey: env["CLI_API_KEY"] || env["OCTOPUS_API_KEY"],
+        apiKey: env["OCTOPUS_API_KEY"],
+        accessToken: env["OCTOPUS_ACCESS_TOKEN"],
     });
 }
 //# sourceMappingURL=getClientConfigurationFromEnvironment.js.map

package/dist/helpers/getClientConfigurationFromEnvironment.js.map

@@ -1 +1 @@
-{"version":3,"file":"getClientConfigurationFromEnvironment.js","sourceRoot":"","sources":["../../src/helpers/getClientConfigurationFromEnvironment.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4B,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,GAAG,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAEvD,MAAM,eAAe,GAAG,oBAAoB,CAAC;AAO7C,SAAS,OAAO,CAAC,KAAyB;IACxC,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,SAAS,GAAG,GAAG,eAAe,IAAI,cAAc,KAAK,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,GAAG,CAAC;IAEpG,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,sBAAsB,CAAC,UAAgC,EAAE;IAChE,IAAI,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CACb,6KAA6K,CAC9K,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;IAEvC,OAAO;QACL,YAAY,EAAE,SAAS;QACvB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qCAAqC;IACnD,OAAO,sBAAsB,CAAC;QAC5B,WAAW,EAAE,GAAG,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC,oBAAoB,CAAC;QAC/D,MAAM,EAAE,GAAG,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,iBAAiB,CAAC;KACrD,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"getClientConfigurationFromEnvironment.js","sourceRoot":"","sources":["../../src/helpers/getClientConfigurationFromEnvironment.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4B,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,GAAG,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,eAAe,GAAG,oBAAoB,CAAC;AAQ7C,SAAS,OAAO,CAAC,KAAyB;IACxC,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,SAAS,GAAG,GAAG,eAAe,IAAI,cAAc,KAAK,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,GAAG,CAAC;IAEpG,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,UAAgC,EAAE;IACvE,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErD,IAAI,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,mIAAmI,CACpI,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,IAAI,CAAC,cAAc,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CACb,2GAA2G,CAC5G,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;IAEvC,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACzD,OAAO;YACL,YAAY,EAAE,SAAS;YACvB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC3C,OAAO;QACL,YAAY,EAAE,SAAS;QACvB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qCAAqC;IACnD,OAAO,sBAAsB,CAAC;QAC5B,WAAW,EAAE,GAAG,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC,oBAAoB,CAAC;QAC/D,MAAM,EAAE,GAAG,CAAC,iBAAiB,CAAC;QAC9B,WAAW,EAAE,GAAG,CAAC,sBAAsB,CAAC;KACzC,CAAC,CAAC;AACL,CAAC"}

package/dist/helpers/grepLines.d.ts

@@ -0,0 +1,38 @@
+/**
+ * GNU-grep-shaped line search over a multi-line string. Pure function, used by
+ * grep_task_log (task activity logs) and grep_llms_txt (catalog markdown). Each
+ * line is tested independently; matching lines are emitted with optional
+ * symmetric context windows. Overlapping context between adjacent matches is
+ * NOT deduplicated — each match carries its own complete context window so the
+ * consumer can reason about each match in isolation. This is a deliberate
+ * departure from GNU grep's `--`-separated output but it is the right shape
+ * for a JSON tool response.
+ */
+export interface GrepLinesParams {
+    pattern: string;
+    caseInsensitive?: boolean;
+    invertMatch?: boolean;
+    fixedString?: boolean;
+    beforeContext?: number;
+    afterContext?: number;
+    maxCount?: number;
+}
+export interface ContextLine {
+    lineNumber: number;
+    line: string;
+}
+export interface GrepMatch {
+    lineNumber: number;
+    line: string;
+    before?: ContextLine[];
+    after?: ContextLine[];
+}
+export interface GrepLinesResult {
+    totalLines: number;
+    totalMatches: number;
+    matches: GrepMatch[];
+}
+export declare const MAX_CONTEXT = 50;
+export declare const MAX_COUNT_HARD_CAP = 500;
+export declare function grepLines(rawText: string, params: GrepLinesParams): GrepLinesResult;
+//# sourceMappingURL=grepLines.d.ts.map

package/dist/helpers/grepLines.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grepLines.d.ts","sourceRoot":"","sources":["../../src/helpers/grepLines.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC;IACvB,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,SAAS,EAAE,CAAC;CACtB;AAED,eAAO,MAAM,WAAW,KAAK,CAAC;AAC9B,eAAO,MAAM,kBAAkB,MAAM,CAAC;AAuBtC,wBAAgB,SAAS,CACvB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,eAAe,GACtB,eAAe,CAoDjB"}