npm - @openziti/ziti-mcp-server - Versions diffs - 0.1.0 - Mend

@openziti/ziti-mcp-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/LICENSE +201 -0
package/README.md +868 -0
package/dist/auth/client-credentials-flow.d.ts +21 -0
package/dist/auth/client-credentials-flow.js +63 -0
package/dist/auth/client-credentials-flow.js.map +1 -0
package/dist/auth/device-auth-flow.d.ts +47 -0
package/dist/auth/device-auth-flow.js +291 -0
package/dist/auth/device-auth-flow.js.map +1 -0
package/dist/clients/base.d.ts +74 -0
package/dist/clients/base.js +109 -0
package/dist/clients/base.js.map +1 -0
package/dist/clients/claude.d.ts +22 -0
package/dist/clients/claude.js +40 -0
package/dist/clients/claude.js.map +1 -0
package/dist/clients/cursor.d.ts +22 -0
package/dist/clients/cursor.js +39 -0
package/dist/clients/cursor.js.map +1 -0
package/dist/clients/index.d.ts +33 -0
package/dist/clients/index.js +39 -0
package/dist/clients/index.js.map +1 -0
package/dist/clients/types.d.ts +70 -0
package/dist/clients/types.js +2 -0
package/dist/clients/types.js.map +1 -0
package/dist/clients/utils.d.ts +22 -0
package/dist/clients/utils.js +46 -0
package/dist/clients/utils.js.map +1 -0
package/dist/clients/vscode.d.ts +76 -0
package/dist/clients/vscode.js +159 -0
package/dist/clients/vscode.js.map +1 -0
package/dist/clients/windsurf.d.ts +22 -0
package/dist/clients/windsurf.js +39 -0
package/dist/clients/windsurf.js.map +1 -0
package/dist/commands/init.d.ts +45 -0
package/dist/commands/init.js +133 -0
package/dist/commands/init.js.map +1 -0
package/dist/commands/logout.d.ts +12 -0
package/dist/commands/logout.js +90 -0
package/dist/commands/logout.js.map +1 -0
package/dist/commands/run.d.ts +15 -0
package/dist/commands/run.js +94 -0
package/dist/commands/run.js.map +1 -0
package/dist/commands/session.d.ts +12 -0
package/dist/commands/session.js +99 -0
package/dist/commands/session.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.js +105 -0
package/dist/index.js.map +1 -0
package/dist/server.d.ts +67 -0
package/dist/server.js +171 -0
package/dist/server.js.map +1 -0
package/dist/tools/api-sessions.d.ts +3 -0
package/dist/tools/api-sessions.js +86 -0
package/dist/tools/api-sessions.js.map +1 -0
package/dist/tools/auth-policies.d.ts +3 -0
package/dist/tools/auth-policies.js +347 -0
package/dist/tools/auth-policies.js.map +1 -0
package/dist/tools/authenticators.d.ts +3 -0
package/dist/tools/authenticators.js +183 -0
package/dist/tools/authenticators.js.map +1 -0
package/dist/tools/certificate-authorities.d.ts +3 -0
package/dist/tools/certificate-authorities.js +288 -0
package/dist/tools/certificate-authorities.js.map +1 -0
package/dist/tools/config-types.d.ts +3 -0
package/dist/tools/config-types.js +194 -0
package/dist/tools/config-types.js.map +1 -0
package/dist/tools/configs.d.ts +3 -0
package/dist/tools/configs.js +203 -0
package/dist/tools/configs.js.map +1 -0
package/dist/tools/controller-settings.d.ts +3 -0
package/dist/tools/controller-settings.js +219 -0
package/dist/tools/controller-settings.js.map +1 -0
package/dist/tools/controllers.d.ts +3 -0
package/dist/tools/controllers.js +89 -0
package/dist/tools/controllers.js.map +1 -0
package/dist/tools/edge-router-policies.d.ts +3 -0
package/dist/tools/edge-router-policies.js +262 -0
package/dist/tools/edge-router-policies.js.map +1 -0
package/dist/tools/edge-routers.d.ts +3 -0
package/dist/tools/edge-routers.js +381 -0
package/dist/tools/edge-routers.js.map +1 -0
package/dist/tools/enrollments.d.ts +3 -0
package/dist/tools/enrollments.js +187 -0
package/dist/tools/enrollments.js.map +1 -0
package/dist/tools/external-jwt-signers.d.ts +3 -0
package/dist/tools/external-jwt-signers.js +242 -0
package/dist/tools/external-jwt-signers.js.map +1 -0
package/dist/tools/identities.d.ts +3 -0
package/dist/tools/identities.js +741 -0
package/dist/tools/identities.js.map +1 -0
package/dist/tools/identity-types.d.ts +3 -0
package/dist/tools/identity-types.js +58 -0
package/dist/tools/identity-types.js.map +1 -0
package/dist/tools/index.d.ts +3 -0
package/dist/tools/index.js +101 -0
package/dist/tools/index.js.map +1 -0
package/dist/tools/posture-checks.d.ts +3 -0
package/dist/tools/posture-checks.js +254 -0
package/dist/tools/posture-checks.js.map +1 -0
package/dist/tools/routers.d.ts +3 -0
package/dist/tools/routers.js +169 -0
package/dist/tools/routers.js.map +1 -0
package/dist/tools/service-edge-router-policies.d.ts +3 -0
package/dist/tools/service-edge-router-policies.js +282 -0
package/dist/tools/service-edge-router-policies.js.map +1 -0
package/dist/tools/service-policies.d.ts +3 -0
package/dist/tools/service-policies.js +311 -0
package/dist/tools/service-policies.js.map +1 -0
package/dist/tools/services.d.ts +3 -0
package/dist/tools/services.js +403 -0
package/dist/tools/services.js.map +1 -0
package/dist/tools/sessions.d.ts +3 -0
package/dist/tools/sessions.js +86 -0
package/dist/tools/sessions.js.map +1 -0
package/dist/tools/terminators.d.ts +3 -0
package/dist/tools/terminators.js +187 -0
package/dist/tools/terminators.js.map +1 -0
package/dist/tools/transit-routers.d.ts +3 -0
package/dist/tools/transit-routers.js +169 -0
package/dist/tools/transit-routers.js.map +1 -0
package/dist/utils/analytics.d.ts +75 -0
package/dist/utils/analytics.js +191 -0
package/dist/utils/analytics.js.map +1 -0
package/dist/utils/auth0-client.d.ts +27 -0
package/dist/utils/auth0-client.js +67 -0
package/dist/utils/auth0-client.js.map +1 -0
package/dist/utils/authenticated-client.d.ts +6 -0
package/dist/utils/authenticated-client.js +55 -0
package/dist/utils/authenticated-client.js.map +1 -0
package/dist/utils/config.d.ts +65 -0
package/dist/utils/config.js +80 -0
package/dist/utils/config.js.map +1 -0
package/dist/utils/constants.d.ts +15 -0
package/dist/utils/constants.js +17 -0
package/dist/utils/constants.js.map +1 -0
package/dist/utils/controller-client/client/client.gen.d.ts +2 -0
package/dist/utils/controller-client/client/client.gen.js +229 -0
package/dist/utils/controller-client/client/client.gen.js.map +1 -0
package/dist/utils/controller-client/client/index.d.ts +8 -0
package/dist/utils/controller-client/client/index.js +7 -0
package/dist/utils/controller-client/client/index.js.map +1 -0
package/dist/utils/controller-client/client/types.gen.d.ts +117 -0
package/dist/utils/controller-client/client/types.gen.js +3 -0
package/dist/utils/controller-client/client/types.gen.js.map +1 -0
package/dist/utils/controller-client/client/utils.gen.d.ts +33 -0
package/dist/utils/controller-client/client/utils.gen.js +232 -0
package/dist/utils/controller-client/client/utils.gen.js.map +1 -0
package/dist/utils/controller-client/client.gen.d.ts +12 -0
package/dist/utils/controller-client/client.gen.js +6 -0
package/dist/utils/controller-client/client.gen.js.map +1 -0
package/dist/utils/controller-client/core/auth.gen.d.ts +18 -0
package/dist/utils/controller-client/core/auth.gen.js +15 -0
package/dist/utils/controller-client/core/auth.gen.js.map +1 -0
package/dist/utils/controller-client/core/bodySerializer.gen.d.ts +25 -0
package/dist/utils/controller-client/core/bodySerializer.gen.js +58 -0
package/dist/utils/controller-client/core/bodySerializer.gen.js.map +1 -0
package/dist/utils/controller-client/core/params.gen.d.ts +43 -0
package/dist/utils/controller-client/core/params.gen.js +101 -0
package/dist/utils/controller-client/core/params.gen.js.map +1 -0
package/dist/utils/controller-client/core/pathSerializer.gen.d.ts +33 -0
package/dist/utils/controller-client/core/pathSerializer.gen.js +115 -0
package/dist/utils/controller-client/core/pathSerializer.gen.js.map +1 -0
package/dist/utils/controller-client/core/queryKeySerializer.gen.d.ts +18 -0
package/dist/utils/controller-client/core/queryKeySerializer.gen.js +100 -0
package/dist/utils/controller-client/core/queryKeySerializer.gen.js.map +1 -0
package/dist/utils/controller-client/core/serverSentEvents.gen.d.ts +71 -0
package/dist/utils/controller-client/core/serverSentEvents.gen.js +136 -0
package/dist/utils/controller-client/core/serverSentEvents.gen.js.map +1 -0
package/dist/utils/controller-client/core/types.gen.d.ts +78 -0
package/dist/utils/controller-client/core/types.gen.js +3 -0
package/dist/utils/controller-client/core/types.gen.js.map +1 -0
package/dist/utils/controller-client/core/utils.gen.d.ts +19 -0
package/dist/utils/controller-client/core/utils.gen.js +88 -0
package/dist/utils/controller-client/core/utils.gen.js.map +1 -0
package/dist/utils/controller-client/index.d.ts +2 -0
package/dist/utils/controller-client/index.js +3 -0
package/dist/utils/controller-client/index.js.map +1 -0
package/dist/utils/controller-client/sdk.gen.d.ts +1302 -0
package/dist/utils/controller-client/sdk.gen.js +4436 -0
package/dist/utils/controller-client/sdk.gen.js.map +1 -0
package/dist/utils/controller-client/types.gen.d.ts +9170 -0
package/dist/utils/controller-client/types.gen.js +3 -0
package/dist/utils/controller-client/types.gen.js.map +1 -0
package/dist/utils/glob.d.ts +75 -0
package/dist/utils/glob.js +110 -0
package/dist/utils/glob.js.map +1 -0
package/dist/utils/http-utility.d.ts +5 -0
package/dist/utils/http-utility.js +68 -0
package/dist/utils/http-utility.js.map +1 -0
package/dist/utils/keychain.d.ts +129 -0
package/dist/utils/keychain.js +193 -0
package/dist/utils/keychain.js.map +1 -0
package/dist/utils/logger.d.ts +4 -0
package/dist/utils/logger.js +28 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/package.d.ts +3 -0
package/dist/utils/package.js +9 -0
package/dist/utils/package.js.map +1 -0
package/dist/utils/scopes.d.ts +12 -0
package/dist/utils/scopes.js +19 -0
package/dist/utils/scopes.js.map +1 -0
package/dist/utils/terminal.d.ts +35 -0
package/dist/utils/terminal.js +409 -0
package/dist/utils/terminal.js.map +1 -0
package/dist/utils/tools.d.ts +63 -0
package/dist/utils/tools.js +149 -0
package/dist/utils/tools.js.map +1 -0
package/dist/utils/types.d.ts +55 -0
package/dist/utils/types.js +3 -0
package/dist/utils/types.js.map +1 -0
package/package.json +89 -0

package/dist/tools/identities.js ADDED Viewed

@@ -0,0 +1,741 @@
+import { createErrorResponse } from '../utils/http-utility.js';
+import { withAuthenticatedClient } from '../utils/authenticated-client.js';
+import { listIdentities, detailIdentity, createIdentity, deleteIdentity, patchIdentity, listIdentityRoleAttributes, listIdentityServices, listIdentityEdgeRouters, listIdentityServicePolicies, listIdentitysEdgeRouterPolicies, listIdentitysServiceConfigs, getIdentityPolicyAdvice, disableIdentity, enableIdentity, getIdentityAuthenticators, getIdentityEnrollments, getIdentityFailedServiceRequests, getIdentityPostureData, removeIdentityMfa, updateIdentityTracing, associateIdentitysServiceConfigs, disassociateIdentitysServiceConfigs, } from '../utils/controller-client/sdk.gen.js';
+// Define all available Identity tools
+export const IDENTITY_TOOLS = [
+    {
+        name: 'listIdentities',
+        description: 'List all Identities in the Ziti network',
+        inputSchema: {
+            type: 'object',
+            properties: {},
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'List all Identities defined in the Ziti network.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'listIdentity',
+        description: 'Get details about a specific Ziti identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity to retrieve' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'Get Ziti Identity Details',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'createIdentity',
+        description: 'Create a new Ziti Identity.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                name: { type: 'string', description: 'Name of the identity to create' },
+                admin: { type: 'boolean', description: 'Make an Admin or not.', default: false },
+                authPolicy: {
+                    type: 'string',
+                    description: 'The name or id of the auth policy to assign to the identity (default "default")',
+                    default: 'default',
+                },
+                externalId: { type: 'string', description: 'An external id to give to the identity' },
+                roleAttributes: {
+                    type: 'string',
+                    description: 'Comma-separated role attributes for the new identity',
+                },
+            },
+            required: ['name'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'Create a new Identity in the Ziti network.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'deleteIdentity',
+        description: 'Delete a Ziti Identity.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity to delete' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'Delete an Identity from the Ziti network.',
+            readOnlyHint: true,
+            destructiveHint: true,
+            idempotentHint: false,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'updateIdentity',
+        description: 'Update an existing Ziti Identity.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity to update' },
+                name: { type: 'string', description: 'Name to give the identity' },
+                admin: { type: 'boolean', description: 'Make an Admin or not.' },
+                authPolicy: {
+                    type: 'string',
+                    description: 'The name or id of the auth policy to assign to the identity',
+                },
+                externalId: { type: 'string', description: 'An external id to give to the identity' },
+                roleAttributes: {
+                    type: 'string',
+                    description: 'Comma-separated role attributes for the new identity',
+                },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: false,
+        },
+        annotations: {
+            title: 'Update an existing Identity in the Ziti network.',
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'listIdentityServices',
+        description: 'List all Services accessible by a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'List Services for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'listIdentityEdgeRouters',
+        description: 'List all Edge Routers accessible by a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'List Edge Routers for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'listIdentityServicePolicies',
+        description: 'List all Service Policies that apply to a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'List Service Policies for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'listIdentityEdgeRouterPolicies',
+        description: 'List all Edge Router Policies that apply to a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'List Edge Router Policies for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'listIdentityServiceConfigs',
+        description: 'List all Service Configs associated with a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'List Service Configs for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'getIdentityPolicyAdvice',
+        description: 'Check whether an Identity can dial or bind a specific Service and get policy advice explaining why or why not',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+                serviceId: { type: 'string', description: 'ID of the service to check access for' },
+            },
+            required: ['id', 'serviceId'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'Get policy advice for an Identity and Service.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'listIdentityRoleAttributes',
+        description: 'List all role attributes in use by Identities in the Ziti network',
+        inputSchema: {
+            type: 'object',
+            properties: {},
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'List all Identity role attributes.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'disableIdentity',
+        description: 'Temporarily disable a Ziti Identity for a specified duration',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity to disable' },
+                durationMinutes: {
+                    type: 'number',
+                    description: 'Number of minutes to disable the identity for',
+                },
+            },
+            required: ['id', 'durationMinutes'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: false,
+        },
+        annotations: {
+            title: 'Disable a Ziti Identity.',
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'enableIdentity',
+        description: 'Re-enable a previously disabled Ziti Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity to enable' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: false,
+        },
+        annotations: {
+            title: 'Enable a Ziti Identity.',
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'getIdentityAuthenticators',
+        description: 'List all Authenticators for a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'Get Authenticators for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'getIdentityEnrollments',
+        description: 'List all Enrollments for a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'Get Enrollments for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'getIdentityFailedServiceRequests',
+        description: 'List failed service requests for a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'Get failed service requests for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'getIdentityPostureData',
+        description: 'Get posture data for a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['read:identities'],
+            readOnly: true,
+        },
+        annotations: {
+            title: 'Get posture data for an Identity.',
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'removeIdentityMfa',
+        description: 'Remove MFA from a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: false,
+        },
+        annotations: {
+            title: 'Remove MFA from an Identity.',
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'updateIdentityTracing',
+        description: 'Update tracing configuration for a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+                enabled: { type: 'boolean', description: 'Whether tracing is enabled' },
+                duration: { type: 'string', description: 'Duration for tracing (e.g. "5m", "1h")' },
+                traceId: { type: 'string', description: 'Trace ID to use' },
+                channels: {
+                    type: 'string',
+                    description: 'Comma-separated list of channels to trace',
+                },
+            },
+            required: ['id'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: false,
+        },
+        annotations: {
+            title: 'Update tracing for an Identity.',
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'associateIdentityServiceConfigs',
+        description: 'Associate service configs with a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+                serviceConfigs: {
+                    type: 'string',
+                    description: 'JSON array of objects with serviceId and configId, e.g. [{"serviceId":"abc","configId":"def"}]',
+                },
+            },
+            required: ['id', 'serviceConfigs'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: false,
+        },
+        annotations: {
+            title: 'Associate service configs with an Identity.',
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: 'disassociateIdentityServiceConfigs',
+        description: 'Remove service config associations from a specific Identity',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: { type: 'string', description: 'ID of the identity' },
+                serviceConfigs: {
+                    type: 'string',
+                    description: 'JSON array of objects with serviceId and configId, e.g. [{"serviceId":"abc","configId":"def"}]',
+                },
+            },
+            required: ['id', 'serviceConfigs'],
+        },
+        _meta: {
+            requiredScopes: ['write:identities'],
+            readOnly: false,
+        },
+        annotations: {
+            title: 'Disassociate service configs from an Identity.',
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+];
+// Define handlers for each Identity tool
+export const IDENTITY_HANDLERS = {
+    listIdentities: (request, config) => withAuthenticatedClient(request, config, 'list identities', (client, ztSession) => listIdentities({ client, headers: { 'zt-session': ztSession } })),
+    listIdentity: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'get identity', (client, ztSession) => detailIdentity({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    createIdentity: (request, config) => {
+        const { name, admin = false, authPolicy = 'default', externalId, roleAttributes, } = request.parameters;
+        if (!name)
+            return Promise.resolve(createErrorResponse('Error: name is required'));
+        return withAuthenticatedClient(request, config, 'create identity', (client, ztSession) => createIdentity({
+            body: {
+                authPolicyId: authPolicy,
+                externalId,
+                isAdmin: admin,
+                name,
+                roleAttributes: roleAttributes
+                    ? roleAttributes.split(',').map((attr) => attr.trim())
+                    : undefined,
+                type: 'User',
+            },
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    deleteIdentity: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'delete identity', (client, ztSession) => deleteIdentity({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    listIdentityServices: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'list identity services', (client, ztSession) => listIdentityServices({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    listIdentityEdgeRouters: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'list identity edge routers', (client, ztSession) => listIdentityEdgeRouters({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    listIdentityServicePolicies: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'list identity service policies', (client, ztSession) => listIdentityServicePolicies({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    listIdentityEdgeRouterPolicies: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'list identity edge router policies', (client, ztSession) => listIdentitysEdgeRouterPolicies({
+            path: { id },
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    listIdentityServiceConfigs: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'list identity service configs', (client, ztSession) => listIdentitysServiceConfigs({
+            path: { id },
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    getIdentityPolicyAdvice: (request, config) => {
+        const { id, serviceId } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        if (!serviceId)
+            return Promise.resolve(createErrorResponse('Error: serviceId is required'));
+        return withAuthenticatedClient(request, config, 'get identity policy advice', (client, ztSession) => getIdentityPolicyAdvice({
+            path: { id, serviceId },
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    listIdentityRoleAttributes: (request, config) => withAuthenticatedClient(request, config, 'list identity role attributes', (client, ztSession) => listIdentityRoleAttributes({ client, headers: { 'zt-session': ztSession } })),
+    updateIdentity: (request, config) => {
+        const { id, name, admin, authPolicy, externalId, roleAttributes } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'update identity', (client, ztSession) => patchIdentity({
+            path: { id },
+            body: {
+                authPolicyId: authPolicy,
+                externalId,
+                isAdmin: admin,
+                name,
+                roleAttributes: roleAttributes
+                    ? roleAttributes.split(',').map((attr) => attr.trim())
+                    : undefined,
+            },
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    disableIdentity: (request, config) => {
+        const { id, durationMinutes } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        if (durationMinutes === undefined)
+            return Promise.resolve(createErrorResponse('Error: durationMinutes is required'));
+        return withAuthenticatedClient(request, config, 'disable identity', (client, ztSession) => disableIdentity({
+            path: { id },
+            body: { durationMinutes },
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    enableIdentity: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'enable identity', (client, ztSession) => enableIdentity({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    getIdentityAuthenticators: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'get identity authenticators', (client, ztSession) => getIdentityAuthenticators({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    getIdentityEnrollments: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'get identity enrollments', (client, ztSession) => getIdentityEnrollments({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    getIdentityFailedServiceRequests: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'get identity failed service requests', (client, ztSession) => getIdentityFailedServiceRequests({
+            path: { id },
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    getIdentityPostureData: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'get identity posture data', (client, ztSession) => getIdentityPostureData({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    removeIdentityMfa: (request, config) => {
+        const { id } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'remove identity mfa', (client, ztSession) => removeIdentityMfa({ path: { id }, client, headers: { 'zt-session': ztSession } }));
+    },
+    updateIdentityTracing: (request, config) => {
+        const { id, enabled, duration, traceId, channels } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        return withAuthenticatedClient(request, config, 'update identity tracing', (client, ztSession) => updateIdentityTracing({
+            path: { id },
+            body: {
+                enabled,
+                duration,
+                traceId,
+                channels: channels ? channels.split(',').map((c) => c.trim()) : undefined,
+            },
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    associateIdentityServiceConfigs: (request, config) => {
+        const { id, serviceConfigs } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        if (!serviceConfigs)
+            return Promise.resolve(createErrorResponse('Error: serviceConfigs is required'));
+        let parsed;
+        try {
+            parsed = JSON.parse(serviceConfigs);
+        }
+        catch {
+            return Promise.resolve(createErrorResponse('Error: serviceConfigs must be valid JSON array'));
+        }
+        return withAuthenticatedClient(request, config, 'associate identity service configs', (client, ztSession) => associateIdentitysServiceConfigs({
+            path: { id },
+            body: parsed,
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+    disassociateIdentityServiceConfigs: (request, config) => {
+        const { id, serviceConfigs } = request.parameters;
+        if (!id)
+            return Promise.resolve(createErrorResponse('Error: id is required'));
+        if (!serviceConfigs)
+            return Promise.resolve(createErrorResponse('Error: serviceConfigs is required'));
+        let parsed;
+        try {
+            parsed = JSON.parse(serviceConfigs);
+        }
+        catch {
+            return Promise.resolve(createErrorResponse('Error: serviceConfigs must be valid JSON array'));
+        }
+        return withAuthenticatedClient(request, config, 'disassociate identity service configs', (client, ztSession) => disassociateIdentitysServiceConfigs({
+            path: { id },
+            body: parsed,
+            client,
+            headers: { 'zt-session': ztSession },
+        }));
+    },
+};
+//# sourceMappingURL=identities.js.map