@postman/postman-mcp-server 2.5.4 → 2.6.0

package/README.md

@@ -39,11 +39,18 @@ The Postman MCP Server supports the EU region for remote and local servers:
   * [**VS Code**](#install-in-visual-studio-code)
   * [**Cursor**](#install-in-cursor)
   * [**Claude Code**](#install-in-claude-code)
+  * [**Codex**](#install-in-codex)
+  * [**Windsurf**](#install-in-windsurf)
+  * [**Antigravity**](#install-in-antigravity)
+  * [**GitHub Copilot CLI**](#install-in-github-copilot-cli)
 * [**Local server**](#local-server)
   * [**VS Code**](#install-in-visual-studio-code-1)
   * [**Cursor**](#install-in-cursor-1)
   * [**Claude**](#claude-integration)
   * [**Claude Code**](#install-in-claude-code-1)
+  * [**Windsurf**](#install-in-windsurf-1)
+  * [**Antigravity**](#install-in-antigravity-1)
+  * [**GitHub Copilot CLI**](#install-in-github-copilot-cli-1)
   * [**Gemini CLI**](#use-as-a-gemini-cli-extension)
   * [**Docker**](#install-in-docker)
 * [**Questions and support**](#questions-and-support)
@@ -129,6 +136,150 @@ For **Full** mode:
 claude mcp add --transport http postman https://mcp.postman.com/mcp --header "Authorization: Bearer <POSTMAN_API_KEY>"
 ```
 
+### Install in Codex
+
+To install the MCP server in Codex, run the following command in your terminal:
+
+For **Minimal** mode:
+
+```bash
+codex mcp add postman --env POSTMAN_API_KEY=<POSTMAN_API_KEY> -- npx @postman/postman-mcp-server --minimal
+```
+
+For **Code** mode:
+
+```bash
+codex mcp add postman --env POSTMAN_API_KEY=<POSTMAN_API_KEY> -- npx @postman/postman-mcp-server --code
+```
+
+For **Full** mode:
+
+```bash
+codex mcp add postman --env POSTMAN_API_KEY=<POSTMAN_API_KEY> -- npx @postman/postman-mcp-server --full
+```
+
+### Install in Windsurf
+
+To install the MCP server in Windsurf, copy the following JSON config into the `.codeium/windsurf/mcp_config.json` file:
+
+```json
+{
+    "mcpServers": {
+        "postman-api": {
+            "args": [
+                "mcp-remote",
+                "https://mcp.postman.com/mcp",
+                "--header",
+                "Authorization: Bearer XXX"
+            ],
+            "command": "npx",
+            "disabled": false,
+            "disabledTools": [],
+            "env": {}
+        },
+        "postman-api-code": {
+            "args": [
+                "mcp-remote",
+                "https://mcp.postman.com/code",
+                "--header",
+                "Authorization: Bearer XXX"
+            ],
+            "command": "npx",
+            "disabled": false,
+            "disabledTools": [],
+            "env": {}
+        },
+        "postman-api-minimal": {
+            "args": [
+                "mcp-remote",
+                "https://mcp.postman.com/minimal",
+                "--header",
+                "Authorization: Bearer XXX"
+            ],
+            "command": "npx",
+            "disabled": false,
+            "disabledTools": [],
+            "env": {}
+        }
+    }
+}
+```
+
+### Install in Antigravity
+
+To install the MCP server in Antigravity, click **Manage MCP servers > View raw config**. Then, copy the following JSON config into the `.codeium/windsurf/mcp_config.json` file:
+
+```json
+{
+    "mcpServers": {
+        "postman-api": {
+            "args": [
+                "mcp-remote",
+                "https://mcp.postman.com/mcp",
+                "--header",
+                "Authorization: Bearer XXX"
+            ],
+            "command": "npx",
+            "disabled": false,
+            "disabledTools": [],
+            "env": {}
+        },
+        "postman-api-code": {
+            "args": [
+                "mcp-remote",
+                "https://mcp.postman.com/code",
+                "--header",
+                "Authorization: Bearer XXX"
+            ],
+            "command": "npx",
+            "disabled": false,
+            "disabledTools": [],
+            "env": {}
+        },
+        "postman-api-minimal": {
+            "args": [
+                "mcp-remote",
+                "https://mcp.postman.com/minimal",
+                "--header",
+                "Authorization: Bearer XXX"
+            ],
+            "command": "npx",
+            "disabled": false,
+            "disabledTools": [],
+            "env": {}
+        }
+    }
+}
+```
+
+### Install in GitHub Copilot CLI
+
+Use the Copilot CLI to interactively add the MCP server:
+
+```bash
+/mcp add
+```
+
+Alternatively, create or edit the configuration file `~/.copilot/mcp-config.json` and add:
+
+```json
+{
+  "mcpServers": {
+    "postman-api-http-server": {
+      "type": "http",
+      "url": "https://mcp.postman.com/minimal",
+      "headers": {
+        "Authorization": "Bearer YOUR_API_KEY"
+      }
+    }
+  }
+}
+```
+
+By default, this uses **Minimal** mode. To access **Full** mode, change the `url` value to `https://mcp.postman.com/mcp`. To access **Code** mode, change the value to `https://mcp.postman.com/code`.
+
+For more information, see the [Copilot CLI documentation](https://docs.github.com/en/copilot/concepts/agents/about-copilot-cli).
+
 ---
 
 ## Local server
@@ -147,7 +298,6 @@ The local server supports the following tool configurations:
 
 **Note:** Use the `--region` flag to specify the Postman API region (`us` or `eu`), or set the `POSTMAN_API_BASE_URL` environment variable directly. By default, the server uses the `us` option.
 
-
 ### Install in Visual Studio Code
 
 [![Install with Node in VS Code](https://img.shields.io/badge/VS_Code-Install_Server-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect/mcp/install?name=postman-api-mcp&inputs=%5B%7B%22id%22%3A%22postman-api-key%22%2C%22type%22%3A%22promptString%22%2C%22description%22%3A%22Enter%20your%20Postman%20API%20key%22%7D%5D&config=%7B%22command%22%3A%22npx%22%2C%22args%22%3A%5B%22%40postman%2Fpostman-mcp-server%22%2C%22--full%22%5D%2C%22env%22%3A%7B%22POSTMAN_API_KEY%22%3A%22%24%7Binput%3Apostman-api-key%7D%22%7D%7D)
@@ -227,6 +377,87 @@ For **Full** mode:
 claude mcp add postman --env POSTMAN_API_KEY=YOUR_KEY -- npx @postman/postman-mcp-server@latest --full 
 ```
 
+### Install in Windsurf
+
+To manually install the MCP server in Windsurf, do the following:
+
+1. Click **Open MCP Marketplace** in Windsurf.
+1. Type "Postman" in the search text box to filter the marketplace results.
+1. Click **Install**.
+1. When prompted, enter a valid Postman API key.
+1. Select the tools that you want to enable, or click **All Tools** to select all available tools.
+1. Turn on **Enabled** to enable the Postman MCP server.
+
+#### Manual installation
+
+Copy the following JSON config into the `.codeium/windsurf/mcp_config.json` file:
+
+```json
+{
+    "mcpServers": {
+        "postman_mcp_server_stdio": {
+            "args": [
+                "@postman/postman-mcp-server"
+            ],
+            "command": "npx",
+            "disabled": false,
+            "disabledTools": [],
+            "env": {
+                "POSTMAN_API_KEY": "XXXX"
+            }
+        }
+    }
+}
+```
+
+### Install in Antigravity
+
+To install the MCP server in Antigravity, click **Manage MCP servers > View raw config**. Then, copy the following JSON config into the `.codeium/windsurf/mcp_config.json` file:
+
+```json
+{
+    "mcpServers": {
+        "postman_mcp_server_stdio": {
+            "args": [
+                "@postman/postman-mcp-server"
+            ],
+            "command": "npx",
+            "disabled": false,
+            "disabledTools": [],
+            "env": {
+                "POSTMAN_API_KEY": "XXXX"
+            }
+        }
+    }
+}
+```
+
+### Install in GitHub Copilot CLI
+
+Use the Copilot CLI to interactively add the MCP server:
+
+```bash
+/mcp add
+```
+
+Alternatively, create or edit the configuration file `~/.copilot/mcp-config.json` and add:
+
+```json
+{
+  "mcpServers": {
+    "postman-api-mcp": {
+      "command": "npx",
+      "args": ["@postman/postman-mcp-server"],
+      "env": {
+        "POSTMAN_API_KEY": "YOUR_API_KEY"
+      }
+    }
+  }
+}
+```
+
+For more information, see the [Copilot CLI documentation](https://docs.github.com/en/copilot/concepts/agents/about-copilot-cli).
+
 ### Use as a Gemini CLI extension
 
 To install the MCP server as a Gemini CLI extension, run the following command in your terminal:

package/dist/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@postman/postman-mcp-server",
-    "version": "2.5.4",
+    "version": "2.6.0",
     "description": "A simple MCP server to operate on the Postman API",
     "mcpName": "com.postman/postman-mcp-server",
     "main": "dist/src/index.js",

package/dist/src/clients/postman.js

@@ -1,5 +1,6 @@
 import { McpError, ErrorCode } from '@modelcontextprotocol/sdk/types.js';
 import { USER_AGENT } from '../constants.js';
+import { env } from '../env.js';
 export var ContentType;
 (function (ContentType) {
     ContentType["Json"] = "application/json";
@@ -10,7 +11,7 @@ export class PostmanAPIClient {
     apiKey;
     serverContext;
     static instance = null;
-    constructor(apiKey, baseUrl = process.env.POSTMAN_API_BASE_URL || 'https://api.postman.com', serverContext) {
+    constructor(apiKey, baseUrl = env.POSTMAN_API_BASE_URL, serverContext) {
         this.apiKey = apiKey;
         this.baseUrl = baseUrl;
         this.serverContext = serverContext;
@@ -40,7 +41,7 @@ export class PostmanAPIClient {
         return this.request(endpoint, { ...options, method: 'DELETE' });
     }
     async request(endpoint, options) {
-        const currentApiKey = this.apiKey || process.env.POSTMAN_API_KEY;
+        const currentApiKey = this.apiKey || env.POSTMAN_API_KEY;
         if (!currentApiKey) {
             throw new Error('API key is required for requests. Provide it via constructor parameter or set POSTMAN_API_KEY environment variable.');
         }

package/dist/src/enabledResources.js

@@ -155,6 +155,7 @@ const minimal = [
     'getStatusOfAnAsyncApiTask',
     'runCollection',
     'getEnabledTools',
+    'updateCollectionRequest',
 ];
 const code = [
     'getCodeGenerationInstructions',

package/dist/src/env.js

@@ -0,0 +1,12 @@
+import { z } from 'zod';
+const envSchema = z.object({
+    POSTMAN_API_KEY: z.string(),
+    POSTMAN_API_BASE_URL: z.string().url().default('https://api.postman.com'),
+    GIT_BRANCH: z.string().default('main'),
+});
+const parsedEnv = envSchema.safeParse(process.env);
+if (!parsedEnv.success) {
+    console.error('Invalid environment variables for Postman MCP server:', parsedEnv.error.format());
+    process.exit(1);
+}
+export const env = parsedEnv.data;

package/dist/src/index.js

@@ -1,14 +1,15 @@
 #!/usr/bin/env node
-import dotenv from 'dotenv';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { ErrorCode, isInitializeRequest, McpError, } from '@modelcontextprotocol/sdk/types.js';
 import { readdir } from 'node:fs/promises';
 import { join, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
+import dotenv from 'dotenv';
 import { enabledResources } from './enabledResources.js';
 import { PostmanAPIClient } from './clients/postman.js';
 import { SERVER_NAME, APP_VERSION } from './constants.js';
+import { env } from './env.js';
 const SUPPORTED_REGIONS = {
     us: 'https://api.postman.com',
     eu: 'https://api.eu.postman.com',
@@ -20,7 +21,7 @@ function setRegionEnvironment(region) {
     if (!isValidRegion(region)) {
         throw new Error(`Invalid region: ${region}. Supported regions: us, eu`);
     }
-    process.env.POSTMAN_API_BASE_URL = SUPPORTED_REGIONS[region];
+    env.POSTMAN_API_BASE_URL = SUPPORTED_REGIONS[region];
 }
 function log(level, message, context) {
     const timestamp = new Date().toISOString();
@@ -42,17 +43,17 @@ function logBoth(server, level, message, context) {
 async function loadAllTools() {
     const __filename = fileURLToPath(import.meta.url);
     const __dirname = dirname(__filename);
-    const toolsDir = join(__dirname, 'tools');
+    const generatedToolsDir = join(__dirname, './tools');
+    const isWindows = process.platform === 'win32';
+    const tools = [];
     try {
-        log('info', 'Loading tools from directory', { toolsDir });
-        const files = await readdir(toolsDir);
+        log('info', 'Loading tools from directory', { toolsDir: generatedToolsDir });
+        const files = await readdir(generatedToolsDir);
         const toolFiles = files.filter((file) => file.endsWith('.js'));
         log('debug', 'Discovered tool files', { count: toolFiles.length });
-        const tools = [];
         for (const file of toolFiles) {
             try {
-                const toolPath = join(toolsDir, file);
-                const isWindows = process.platform === 'win32';
+                const toolPath = join(generatedToolsDir, file);
                 const toolModule = await import(isWindows ? `file://${toolPath}` : toolPath);
                 if (toolModule.method &&
                     toolModule.description &&
@@ -72,16 +73,15 @@ async function loadAllTools() {
                 });
             }
         }
-        log('info', 'Tool loading completed', { totalLoaded: tools.length });
-        return tools;
     }
     catch (error) {
         log('error', 'Failed to read tools directory', {
-            toolsDir,
+            toolsDir: generatedToolsDir,
             error: String(error?.message || error),
         });
-        return [];
     }
+    log('info', 'Tool loading completed', { totalLoaded: tools.length });
+    return tools;
 }
 const dotEnvOutput = dotenv.config({ quiet: true });
 if (dotEnvOutput.error) {
@@ -105,7 +105,7 @@ async function run() {
             setRegionEnvironment(region);
             log('info', `Using region: ${region}`, {
                 region,
-                baseUrl: process.env.POSTMAN_API_BASE_URL,
+                baseUrl: env.POSTMAN_API_BASE_URL,
             });
         }
         else {
@@ -114,7 +114,7 @@ async function run() {
             process.exit(1);
         }
     }
-    const apiKey = process.env.POSTMAN_API_KEY;
+    const apiKey = env.POSTMAN_API_KEY;
     if (!apiKey) {
         log('error', 'POSTMAN_API_KEY environment variable is required for STDIO mode');
         process.exit(1);

package/dist/src/tools/createCollectionRequest.js

@@ -9,9 +9,176 @@ export const parameters = z.object({
         .string()
         .describe('The folder ID in which to create the request. By default, the system will create the request at the collection level.')
         .optional(),
-    name: z
-        .string()
-        .describe("The request's name. It is recommended that you pass the `name` property in the request body. If you do not, the system uses a null value. As a result, this creates a request with a blank name.")
+    name: z.string().describe('Name of the request').optional(),
+    description: z.string().nullable().optional(),
+    method: z
+        .enum([
+        'GET',
+        'PUT',
+        'POST',
+        'PATCH',
+        'DELETE',
+        'COPY',
+        'HEAD',
+        'OPTIONS',
+        'LINK',
+        'UNLINK',
+        'PURGE',
+        'LOCK',
+        'UNLOCK',
+        'PROPFIND',
+        'VIEW',
+    ])
+        .nullable()
+        .optional(),
+    url: z.string().nullable().optional(),
+    headerData: z
+        .array(z.object({
+        key: z.string().optional(),
+        value: z.string().optional(),
+        description: z.string().nullable().optional(),
+    }))
+        .optional(),
+    queryParams: z
+        .array(z.object({
+        key: z.string().optional(),
+        value: z.string().optional(),
+        description: z.string().nullable().optional(),
+        enabled: z.boolean().optional(),
+    }))
+        .optional(),
+    dataMode: z.enum(['raw', 'urlencoded', 'formdata', 'binary', 'graphql']).nullable().optional(),
+    data: z
+        .array(z.object({
+        key: z.string().optional(),
+        value: z.string().optional(),
+        description: z.string().nullable().optional(),
+        enabled: z.boolean().optional(),
+        type: z.enum(['text', 'file']).optional(),
+        uuid: z.string().optional(),
+    }))
+        .nullable()
+        .optional(),
+    rawModeData: z.string().nullable().optional(),
+    graphqlModeData: z
+        .object({ query: z.string().optional(), variables: z.string().optional() })
+        .nullable()
+        .optional(),
+    dataOptions: z
+        .object({
+        raw: z.record(z.string(), z.unknown()).optional(),
+        urlencoded: z.record(z.string(), z.unknown()).optional(),
+        params: z.record(z.string(), z.unknown()).optional(),
+        binary: z.record(z.string(), z.unknown()).optional(),
+        graphql: z.record(z.string(), z.unknown()).optional(),
+    })
+        .nullable()
+        .optional(),
+    auth: z
+        .object({
+        type: z
+            .enum([
+            'noauth',
+            'basic',
+            'bearer',
+            'apikey',
+            'digest',
+            'oauth1',
+            'oauth2',
+            'hawk',
+            'awsv4',
+            'ntlm',
+            'edgegrid',
+            'jwt',
+            'asap',
+        ])
+            .optional(),
+        apikey: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        bearer: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        basic: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        digest: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        oauth1: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        oauth2: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        hawk: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        awsv4: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        ntlm: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        edgegrid: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        jwt: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        asap: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+    })
+        .nullable()
         .optional(),
 });
 export const annotations = {
@@ -30,6 +197,28 @@ export async function handler(args, extra) {
         const bodyPayload = {};
         if (args.name !== undefined)
             bodyPayload.name = args.name;
+        if (args.description !== undefined)
+            bodyPayload.description = args.description;
+        if (args.method !== undefined)
+            bodyPayload.method = args.method;
+        if (args.url !== undefined)
+            bodyPayload.url = args.url;
+        if (args.headerData !== undefined)
+            bodyPayload.headerData = args.headerData;
+        if (args.queryParams !== undefined)
+            bodyPayload.queryParams = args.queryParams;
+        if (args.dataMode !== undefined)
+            bodyPayload.dataMode = args.dataMode;
+        if (args.data !== undefined)
+            bodyPayload.data = args.data;
+        if (args.rawModeData !== undefined)
+            bodyPayload.rawModeData = args.rawModeData;
+        if (args.graphqlModeData !== undefined)
+            bodyPayload.graphqlModeData = args.graphqlModeData;
+        if (args.dataOptions !== undefined)
+            bodyPayload.dataOptions = args.dataOptions;
+        if (args.auth !== undefined)
+            bodyPayload.auth = args.auth;
         const options = {
             body: JSON.stringify(bodyPayload),
             contentType: ContentType.Json,

package/dist/src/tools/createSpec.js

@@ -2,11 +2,13 @@ import { z } from 'zod';
 import { ContentType } from '../clients/postman.js';
 import { asMcpError, McpError } from './utils/toolHelpers.js';
 export const method = 'createSpec';
-export const description = "Creates an API specification in Postman's [Spec Hub](https://learning.postman.com/docs/design-apis/specifications/overview/). Specifications can be single or multi-file.\n\n**Note:**\n- Postman supports OpenAPI 3.0 and AsyncAPI 2.0 specifications.\n- If the file path contains a \\`/\\` (forward slash) character, then a folder is created. For example, if the path is the \\`components/schemas.json\\` value, then a \\`components\\` folder is created with the \\`schemas.json\\` file inside.\n- Multi-file specifications can only have one root file.\n- Files cannot exceed a maximum of 10 MB in size.\n";
+export const description = "Creates an API specification in Postman's [Spec Hub](https://learning.postman.com/docs/design-apis/specifications/overview/). Specifications can be single or multi-file.\n\n**Note:**\n- Postman supports OpenAPI 2.0, OpenAPI 3.0, OpenAPI 3.1, and AsyncAPI 2.0 specifications.\n- If the file path contains a \\`/\\` (forward slash) character, then a folder is created. For example, if the path is the \\`components/schemas.json\\` value, then a \\`components\\` folder is created with the \\`schemas.json\\` file inside.\n- Multi-file specifications can only have one root file.\n- Files cannot exceed a maximum of 10 MB in size.\n";
 export const parameters = z.object({
     workspaceId: z.string().describe("The workspace's ID."),
     name: z.string().describe("The specification's name."),
-    type: z.enum(['OPENAPI:3.0', 'ASYNCAPI:2.0']).describe("The specification's type."),
+    type: z
+        .enum(['OPENAPI:2.0', 'OPENAPI:3.0', 'OPENAPI:3.1', 'ASYNCAPI:2.0'])
+        .describe("The specification's type."),
     files: z
         .array(z.union([
         z.object({
@@ -24,7 +26,7 @@ export const parameters = z.object({
         .describe("A list of the specification's files and their contents."),
 });
 export const annotations = {
-    title: "Creates an API specification in Postman's [Spec Hub](https://learning.postman.com/docs/design-apis/specifications/overview/). Specifications can be single or multi-file.\n\n**Note:**\n- Postman supports OpenAPI 3.0 and AsyncAPI 2.0 specifications.\n- If the file path contains a \\`/\\` (forward slash) character, then a folder is created. For example, if the path is the \\`components/schemas.json\\` value, then a \\`components\\` folder is created with the \\`schemas.json\\` file inside.\n- Multi-file specifications can only have one root file.\n- Files cannot exceed a maximum of 10 MB in size.\n",
+    title: "Creates an API specification in Postman's [Spec Hub](https://learning.postman.com/docs/design-apis/specifications/overview/). Specifications can be single or multi-file.\n\n**Note:**\n- Postman supports OpenAPI 2.0, OpenAPI 3.0, OpenAPI 3.1, and AsyncAPI 2.0 specifications.\n- If the file path contains a \\`/\\` (forward slash) character, then a folder is created. For example, if the path is the \\`components/schemas.json\\` value, then a \\`components\\` folder is created with the \\`schemas.json\\` file inside.\n- Multi-file specifications can only have one root file.\n- Files cannot exceed a maximum of 10 MB in size.\n",
     readOnlyHint: false,
     destructiveHint: false,
     idempotentHint: false,

package/dist/src/tools/getMonitors.js

@@ -22,6 +22,7 @@ export const parameters = z.object({
     limit: z
         .number()
         .int()
+        .lte(25)
         .describe('The maximum number of rows to return in the response, up to a maximum value of 25. Any value greater than 25 returns a 400 Bad Request response.')
         .default(25),
 });

package/dist/src/tools/getWorkspace.js

@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import { asMcpError, McpError } from './utils/toolHelpers.js';
 export const method = 'getWorkspace';
-export const description = "Gets information about a workspace.\n\n**Note:**\n\nThis endpoint's response contains the \\`visibility\\` field. [Visibility](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/managing-workspaces/#changing-workspace-visibility) determines who can access the workspace:\n- \\`personal\\` — Only you can access the workspace.\n- \\`team\\` — All team members can access the workspace.\n- \\`private\\` — Only invited team members can access the workspace ([**Professional** and **Enterprise** plans only](https://www.postman.com/pricing)).\n- \\`public\\` — Everyone can access the workspace.\n- \\`partner\\` — Only invited team members and [partners](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/partner-workspaces/) can access the workspace ([**Professional** and **Enterprise** plans only](https://www.postman.com/pricing)).\n\n### Important\n\nWe have deprecated the \\`name\\` and \\`uid\\` responses in the following array of objects:\n- \\`collections\\`\n- \\`environments\\`\n- \\`mocks\\`\n- \\`monitors\\`\n- \\`apis\\`\n";
+export const description = "Gets information about a workspace.\n\n**Note:**\n\nThis endpoint's response contains the \\`visibility\\` field. [Visibility](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/managing-workspaces/#changing-workspace-visibility) determines who can access the workspace:\n- \\`personal\\` — Only you can access the workspace.\n- \\`team\\` — All team members can access the workspace.\n- \\`private\\` — Only invited team members can access the workspace ([**Professional** and **Enterprise** plans only](https://www.postman.com/pricing)).\n- \\`public\\` — Everyone can access the workspace.\n- \\`partner\\` — Only invited team members and [partners](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/partner-workspaces/) can access the workspace ([**Professional** and **Enterprise** plans only](https://www.postman.com/pricing)).\n";
 export const parameters = z.object({
     workspaceId: z.string().describe("The workspace's ID."),
     include: z
@@ -10,7 +10,7 @@ export const parameters = z.object({
         .optional(),
 });
 export const annotations = {
-    title: "Gets information about a workspace.\n\n**Note:**\n\nThis endpoint's response contains the \\`visibility\\` field. [Visibility](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/managing-workspaces/#changing-workspace-visibility) determines who can access the workspace:\n- \\`personal\\` — Only you can access the workspace.\n- \\`team\\` — All team members can access the workspace.\n- \\`private\\` — Only invited team members can access the workspace ([**Professional** and **Enterprise** plans only](https://www.postman.com/pricing)).\n- \\`public\\` — Everyone can access the workspace.\n- \\`partner\\` — Only invited team members and [partners](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/partner-workspaces/) can access the workspace ([**Professional** and **Enterprise** plans only](https://www.postman.com/pricing)).\n\n### Important\n\nWe have deprecated the \\`name\\` and \\`uid\\` responses in the following array of objects:\n- \\`collections\\`\n- \\`environments\\`\n- \\`mocks\\`\n- \\`monitors\\`\n- \\`apis\\`\n",
+    title: "Gets information about a workspace.\n\n**Note:**\n\nThis endpoint's response contains the \\`visibility\\` field. [Visibility](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/managing-workspaces/#changing-workspace-visibility) determines who can access the workspace:\n- \\`personal\\` — Only you can access the workspace.\n- \\`team\\` — All team members can access the workspace.\n- \\`private\\` — Only invited team members can access the workspace ([**Professional** and **Enterprise** plans only](https://www.postman.com/pricing)).\n- \\`public\\` — Everyone can access the workspace.\n- \\`partner\\` — Only invited team members and [partners](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/partner-workspaces/) can access the workspace ([**Professional** and **Enterprise** plans only](https://www.postman.com/pricing)).\n",
     readOnlyHint: true,
     destructiveHint: false,
     idempotentHint: true,

package/dist/src/tools/runner/telemetry.js

@@ -1,4 +1,5 @@
 import { RUNNER_ACCEPT_HEADER } from '../../constants.js';
+import { env } from '../../env.js';
 import { v4 as uuidv4 } from 'uuid';
 export function buildTelemetryPayload(collectionId, collectionName, result) {
     const durationMs = result.durationMs;
@@ -98,7 +99,7 @@ export function buildTelemetryPayload(collectionId, collectionName, result) {
             startedAt: result.startTime,
             createdAt: result.endTime,
             branchSource: 'local',
-            branch: process.env.GIT_BRANCH || 'main',
+            branch: env.GIT_BRANCH,
         },
         runOverview: {
             collectionName: collectionName,

package/dist/src/tools/updateCollectionRequest.js

@@ -2,11 +2,11 @@ import { z } from 'zod';
 import { ContentType } from '../clients/postman.js';
 import { asMcpError, McpError } from './utils/toolHelpers.js';
 export const method = 'updateCollectionRequest';
-export const description = 'Updates a request in a collection. For a complete list of properties, refer to the **Request** entry in the [Postman Collection Format documentation](https://schema.postman.com/collection/json/v2.1.0/draft-07/docs/index.html).\n\n**Note:**\n\n- You must pass a collection ID (\\`12ece9e1-2abf-4edc-8e34-de66e74114d2\\`), not a collection(\\`12345678-12ece9e1-2abf-4edc-8e34-de66e74114d2\\`), in this endpoint.\n- This endpoint does not support changing the folder of a request.\n';
+export const description = 'Updates a request in a collection. For a complete list of properties, refer to the **Request** entry in the [Postman Collection Format documentation](https://schema.postman.com/collection/json/v2.1.0/draft-07/docs/index.html).\n\n**Note:**\n\n- You must pass a collection ID (\\`12ece9e1-2abf-4edc-8e34-de66e74114d2\\`), not a collection(\\`12345678-12ece9e1-2abf-4edc-8e34-de66e74114d2\\`), in this endpoint.\n- This endpoint does not support changing the folder of a request.\n- This endpoint acts like a PATCH method. It only updates the values that you pass in the request body.';
 export const parameters = z.object({
     requestId: z.string().describe("The request's ID."),
     collectionId: z.string().describe("The collection's ID."),
-    name: z.string().describe("The request's name.").optional(),
+    name: z.string().describe('Name of the request. Only provided fields are updated.').optional(),
     method: z
         .enum([
         'GET',
@@ -25,11 +25,162 @@ export const parameters = z.object({
         'PROPFIND',
         'VIEW',
     ])
+        .nullable()
         .describe("The request's method.")
         .optional(),
+    description: z.string().nullable().optional(),
+    url: z.string().nullable().optional(),
+    headerData: z
+        .array(z.object({
+        key: z.string().optional(),
+        value: z.string().optional(),
+        description: z.string().nullable().optional(),
+    }))
+        .optional(),
+    queryParams: z
+        .array(z.object({
+        key: z.string().optional(),
+        value: z.string().optional(),
+        description: z.string().nullable().optional(),
+        enabled: z.boolean().optional(),
+    }))
+        .optional(),
+    dataMode: z.enum(['raw', 'urlencoded', 'formdata', 'binary', 'graphql']).nullable().optional(),
+    data: z
+        .array(z.object({
+        key: z.string().optional(),
+        value: z.string().optional(),
+        description: z.string().nullable().optional(),
+        enabled: z.boolean().optional(),
+        type: z.enum(['text', 'file']).optional(),
+        uuid: z.string().optional(),
+    }))
+        .nullable()
+        .optional(),
+    rawModeData: z.string().nullable().optional(),
+    graphqlModeData: z
+        .object({ query: z.string().optional(), variables: z.string().optional() })
+        .nullable()
+        .optional(),
+    dataOptions: z
+        .object({
+        raw: z.record(z.string(), z.unknown()).optional(),
+        urlencoded: z.record(z.string(), z.unknown()).optional(),
+        params: z.record(z.string(), z.unknown()).optional(),
+        binary: z.record(z.string(), z.unknown()).optional(),
+        graphql: z.record(z.string(), z.unknown()).optional(),
+    })
+        .nullable()
+        .optional(),
+    auth: z
+        .object({
+        type: z
+            .enum([
+            'noauth',
+            'basic',
+            'bearer',
+            'apikey',
+            'digest',
+            'oauth1',
+            'oauth2',
+            'hawk',
+            'awsv4',
+            'ntlm',
+            'edgegrid',
+            'jwt',
+            'asap',
+        ])
+            .optional(),
+        apikey: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        bearer: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        basic: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        digest: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        oauth1: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        oauth2: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        hawk: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        awsv4: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        ntlm: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        edgegrid: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        jwt: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+        asap: z
+            .array(z.object({
+            key: z.string().optional(),
+            value: z.unknown().optional(),
+            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
+        }))
+            .optional(),
+    })
+        .nullable()
+        .optional(),
 });
 export const annotations = {
-    title: 'Updates a request in a collection. For a complete list of properties, refer to the **Request** entry in the [Postman Collection Format documentation](https://schema.postman.com/collection/json/v2.1.0/draft-07/docs/index.html).\n\n**Note:**\n\n- You must pass a collection ID (\\`12ece9e1-2abf-4edc-8e34-de66e74114d2\\`), not a collection(\\`12345678-12ece9e1-2abf-4edc-8e34-de66e74114d2\\`), in this endpoint.\n- This endpoint does not support changing the folder of a request.\n',
+    title: 'Updates a request in a collection. For a complete list of properties, refer to the **Request** entry in the [Postman Collection Format documentation](https://schema.postman.com/collection/json/v2.1.0/draft-07/docs/index.html).\n\n**Note:**\n\n- You must pass a collection ID (\\`12ece9e1-2abf-4edc-8e34-de66e74114d2\\`), not a collection(\\`12345678-12ece9e1-2abf-4edc-8e34-de66e74114d2\\`), in this endpoint.\n- This endpoint does not support changing the folder of a request.\n- This endpoint acts like a PATCH method. It only updates the values that you pass in the request body.',
     readOnlyHint: false,
     destructiveHint: false,
     idempotentHint: true,
@@ -44,6 +195,26 @@ export async function handler(args, extra) {
             bodyPayload.name = args.name;
         if (args.method !== undefined)
             bodyPayload.method = args.method;
+        if (args.description !== undefined)
+            bodyPayload.description = args.description;
+        if (args.url !== undefined)
+            bodyPayload.url = args.url;
+        if (args.headerData !== undefined)
+            bodyPayload.headerData = args.headerData;
+        if (args.queryParams !== undefined)
+            bodyPayload.queryParams = args.queryParams;
+        if (args.dataMode !== undefined)
+            bodyPayload.dataMode = args.dataMode;
+        if (args.data !== undefined)
+            bodyPayload.data = args.data;
+        if (args.rawModeData !== undefined)
+            bodyPayload.rawModeData = args.rawModeData;
+        if (args.graphqlModeData !== undefined)
+            bodyPayload.graphqlModeData = args.graphqlModeData;
+        if (args.dataOptions !== undefined)
+            bodyPayload.dataOptions = args.dataOptions;
+        if (args.auth !== undefined)
+            bodyPayload.auth = args.auth;
         const options = {
             body: JSON.stringify(bodyPayload),
             contentType: ContentType.Json,

package/dist/src/tools/updateMock.js

@@ -15,6 +15,9 @@ export const parameters = z.object({
             .describe('If true, the mock server is set private. By default, mock servers are public and can receive requests from anyone and anywhere.')
             .default(false),
         versionTag: z.string().describe("The API's version tag ID.").optional(),
+        collection: z
+            .string()
+            .describe("The associated collection's unique ID. This is a mandatory parameter."),
         config: z
             .object({
             serverResponseId: z
@@ -25,9 +28,6 @@ export const parameters = z.object({
         })
             .describe("The mock server's configuration settings.")
             .optional(),
-        collection: z
-            .string()
-            .describe("The associated collection's unique ID. This is a mandatory parameter."),
     })
         .optional(),
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@postman/postman-mcp-server",
-  "version": "2.5.4",
+  "version": "2.6.0",
   "description": "A simple MCP server to operate on the Postman API",
   "mcpName": "com.postman/postman-mcp-server",
   "main": "dist/src/index.js",

package/dist/src/tools/getCollectionMap.js

@@ -1,101 +0,0 @@
-import { z } from 'zod';
-import { asMcpError, McpError } from './utils/toolHelpers.js';
-export const method = 'getCollectionMap';
-export const description = `Get a Postman collection map with metadata and a complete recursive index of all folders and requests. Response includes collection metadata and description. Response includes itemRefs property (name and id only) instead of the full item array. After calling, present the collection summary and ask the user where they\'d like to explore next, calling getCollectionFolder and/or getCollectionRequest tools in parallel to get more data quickly.
-  Once you've called this tool, DO NOT call searchPostmanElements to find items in or related to this collection. Instead, use the map in itemRefs.
-  Only use searchPostmanElements to find the collection where a request may be. Then, stay in the collection and don't use the search.
-  When using the getCollectionRequest tool to look up request data, omit the populate parameter to avoid getting all response examples
-  back at once (can be very large). Instead, use the response ids from the return value and call getCollectionResponse for each one.
-  Prepend the collection's ownerId to the front of each response id when passing it to getCollectionResponse. This is the first part of the collection uid.
-  Infer the response schema from that information and remember it. Omit the raw response examples from the conversation going forward.`;
-export const parameters = z.object({
-    collectionId: z
-        .string()
-        .describe('The collection ID must be in the form <OWNER_ID>-<UUID> (e.g. 12345-33823532ab9e41c9b6fd12d0fd459b8b).'),
-    access_key: z
-        .string()
-        .describe("A collection's read-only access key. Using this query parameter does not require an API key to call the endpoint.")
-        .optional(),
-});
-export const annotations = {
-    title: 'Get Postman Collection Map',
-    readOnlyHint: true,
-    destructiveHint: false,
-    idempotentHint: true,
-};
-function buildItemRefs(items) {
-    if (!Array.isArray(items) || items.length === 0) {
-        return undefined;
-    }
-    return items.map((item) => {
-        const itemId = item.uid || item.id || '';
-        const itemRef = {
-            name: item.name || '',
-            id: itemId,
-        };
-        if (item.item && Array.isArray(item.item)) {
-            const nestedRefs = buildItemRefs(item.item);
-            if (nestedRefs) {
-                itemRef.itemRefs = nestedRefs;
-            }
-        }
-        return itemRef;
-    });
-}
-export async function handler(args, extra) {
-    try {
-        const endpoint = `/collections/${args.collectionId}`;
-        const query = new URLSearchParams();
-        if (args.access_key !== undefined)
-            query.set('access_key', String(args.access_key));
-        const url = query.toString() ? `${endpoint}?${query.toString()}` : endpoint;
-        const options = {
-            headers: extra.headers,
-        };
-        const result = await extra.client.get(url, options);
-        if (typeof result === 'string') {
-            return {
-                content: [
-                    {
-                        type: 'text',
-                        text: result,
-                    },
-                ],
-            };
-        }
-        const response = result;
-        if (response.collection) {
-            const { item, ...collectionWithoutItems } = response.collection;
-            const itemRefs = buildItemRefs(item);
-            const processedResponse = {
-                ...response,
-                collection: {
-                    ...collectionWithoutItems,
-                    ...(itemRefs && { itemRefs }),
-                },
-            };
-            return {
-                content: [
-                    {
-                        type: 'text',
-                        text: JSON.stringify(processedResponse, null, 2),
-                    },
-                ],
-            };
-        }
-        return {
-            content: [
-                {
-                    type: 'text',
-                    text: JSON.stringify(result, null, 2),
-                },
-            ],
-        };
-    }
-    catch (e) {
-        if (e instanceof McpError) {
-            throw e;
-        }
-        throw asMcpError(e);
-    }
-}