@postman/postman-mcp-server 2.7.0 → 2.7.1

package/README.md

@@ -590,6 +590,38 @@ To install the MCP server as a Gemini CLI extension, run the following command i
 gemini extensions install https://github.com/postmanlabs/postman-mcp-server
 ```
 
+### Install in Kiro
+
+To use the Postman MCP Server in Kiro, you can use one of the following methods:
+
+To set up the Postman MCP Server with one-click, see [API Testing with Postman](https://kiro.dev/powers/) on the Kiro Powers page. Click **Add to Kiro**.
+
+To install the Postman MCP Server manually, do the following:
+
+1. Launch Kiro and click the Kiro ghost icon in the left sidebar.
+1. Add an MCP Server and select either **User Config** or **Workspace Config** to install the Postman MCP server.
+1. Add the following JSON block to the `mcp.json` configuration file:
+
+    ```json wordWrap
+    {
+        "mcpServers": {
+            "postman": {
+            "command": "npx",
+                "args": [
+                    "@postman/postman-mcp-server"
+                ],
+                "env": {
+                    "POSTMAN_API_KEY": "postman-api-key"
+                },
+                "disabled": false,
+                "autoApprove": [
+                    "getAuthenticatedUser"
+                ]
+            }
+        }
+    }
+    ```
+
 ### Install in Docker
 
 For Docker set up and installation, see [DOCKER.md](./DOCKER.md).

package/dist/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@postman/postman-mcp-server",
-    "version": "2.7.0",
+    "version": "2.7.1",
     "description": "A simple MCP server to operate on the Postman API",
     "mcpName": "com.postman/postman-mcp-server",
     "main": "dist/src/index.js",
@@ -27,23 +27,23 @@
         "access": "public"
     },
     "dependencies": {
-        "@modelcontextprotocol/sdk": "^1.25.2",
-        "dotenv": "^17.2.3",
-        "newman": "^6.2.0",
+        "@modelcontextprotocol/sdk": "^1.27.1",
+        "dotenv": "^17.3.1",
+        "newman": "^6.2.2",
         "nunjucks": "^3.2.4",
         "uuid": "^13.0.0",
         "zod": "^3.25.76"
     },
     "devDependencies": {
-        "@eslint/js": "^9.39.1",
+        "@eslint/js": "^10.0.1",
         "@types/node": "^24",
-        "eslint": "^9.39.1",
+        "eslint": "^10.0.2",
         "eslint-config-prettier": "^10.1.8",
-        "eslint-plugin-unused-imports": "^4.3.0",
-        "prettier": "^3.6.2",
+        "eslint-plugin-unused-imports": "^4.4.1",
+        "prettier": "^3.8.1",
         "typescript": "^5.9.3",
-        "typescript-eslint": "^8.48.0",
-        "vitest": "^4.0.13"
+        "typescript-eslint": "^8.56.1",
+        "vitest": "^4.0.18"
     },
     "engines": {
         "node": ">=20.0.0"

package/dist/src/enabledResources.js

@@ -112,7 +112,8 @@ const full = [
     'deleteApiCollectionComment',
     'deleteSpecFile',
     'getEnabledTools',
-    'searchPostmanElements',
+    'searchPostmanElementsInPublicNetwork',
+    'searchPostmanElementsInPrivateNetwork',
 ];
 const minimal = [
     'createCollection',
@@ -152,7 +153,7 @@ const minimal = [
     'createCollectionRequest',
     'createCollectionResponse',
     'duplicateCollection',
-    'getStatusOfAnAsyncApiTask',
+    'getDuplicateCollectionTaskStatus',
     'runCollection',
     'getEnabledTools',
     'updateCollectionRequest',
@@ -161,7 +162,7 @@ const code = [
     'getCodeGenerationInstructions',
     'getWorkspace',
     'getWorkspaces',
-    'searchPostmanElements',
+    'searchPostmanElementsInPublicNetwork',
     'getCollectionRequest',
     'getCollectionResponse',
     'getCollectionFolder',
@@ -169,6 +170,7 @@ const code = [
     'getCollection',
     'getEnvironment',
     'getEnvironments',
+    'searchPostmanElementsInPrivateNetwork',
 ];
 const excludedFromGeneration = [
     'runCollection',
@@ -176,7 +178,8 @@ const excludedFromGeneration = [
     'getCodeGenerationInstructions',
     'getCollectionMap',
     'getCollection',
-    'searchPostmanElements',
+    'searchPostmanElementsInPublicNetwork',
+    'searchPostmanElementsInPrivateNetwork',
 ];
 const subtools = {
     getCollection: {

package/dist/src/tools/createCollectionRequest.js

@@ -10,7 +10,7 @@ export const parameters = z.object({
         .describe('The folder ID in which to create the request. By default, the system will create the request at the collection level.')
         .optional(),
     name: z.string().describe('Name of the request').optional(),
-    description: z.string().nullable().optional(),
+    description: z.string().nullable().describe("The request's description.").optional(),
     method: z
         .enum([
         'GET',
@@ -30,55 +30,87 @@ export const parameters = z.object({
         'VIEW',
     ])
         .nullable()
+        .describe("The request's HTTP method.")
         .optional(),
-    url: z.string().nullable().optional(),
+    url: z.string().nullable().describe("The request's URL.").optional(),
     headerData: z
         .array(z.object({
-        key: z.string().optional(),
-        value: z.string().optional(),
-        description: z.string().nullable().optional(),
+        key: z.string().describe("The header's key.").optional(),
+        value: z.string().describe("The header's value.").optional(),
+        description: z.string().nullable().describe("The header's description.").optional(),
     }))
+        .describe("The request's headers.")
         .optional(),
     queryParams: z
         .array(z.object({
-        key: z.string().optional(),
-        value: z.string().optional(),
-        description: z.string().nullable().optional(),
-        enabled: z.boolean().optional(),
+        key: z.string().describe("The query parameter's key.").optional(),
+        value: z.string().describe("The query parameter's value.").optional(),
+        description: z
+            .string()
+            .nullable()
+            .describe("The query parameter's description.")
+            .optional(),
+        enabled: z.boolean().describe('If true, the query parameter is enabled.').optional(),
     }))
+        .describe("The request's query parameters.")
+        .optional(),
+    dataMode: z
+        .enum(['raw', 'urlencoded', 'formdata', 'binary', 'graphql'])
+        .nullable()
+        .describe("The request body's data mode.")
         .optional(),
-    dataMode: z.enum(['raw', 'urlencoded', 'formdata', 'binary', 'graphql']).nullable().optional(),
     data: z
         .array(z.object({
-        key: z.string().optional(),
-        value: z.string().optional(),
-        description: z.string().nullable().optional(),
-        enabled: z.boolean().optional(),
-        type: z.enum(['text', 'file']).optional(),
-        uuid: z.string().optional(),
+        key: z.string().describe("The form data's key.").optional(),
+        value: z.string().describe("The form data's value.").optional(),
+        description: z.string().nullable().describe("The form data's description.").optional(),
+        enabled: z.boolean().describe('If true, the form data entry is enabled.').optional(),
+        type: z.enum(['text', 'file']).describe("The form data's type.").optional(),
+        uuid: z.string().describe("The form data entry's unique identifier.").optional(),
     }))
         .nullable()
+        .describe("The request body's form data.")
         .optional(),
-    rawModeData: z.string().nullable().optional(),
+    rawModeData: z.string().nullable().describe("The request body's raw mode data.").optional(),
     graphqlModeData: z
-        .object({ query: z.string().optional(), variables: z.string().optional() })
+        .object({
+        query: z.string().describe('The GraphQL query.').optional(),
+        variables: z.string().describe('The GraphQL query variables, in JSON format.').optional(),
+    })
         .nullable()
+        .describe("The request body's GraphQL mode data.")
         .optional(),
     dataOptions: z
         .object({
-        raw: z.record(z.string(), z.unknown()).optional(),
-        urlencoded: z.record(z.string(), z.unknown()).optional(),
-        params: z.record(z.string(), z.unknown()).optional(),
-        binary: z.record(z.string(), z.unknown()).optional(),
-        graphql: z.record(z.string(), z.unknown()).optional(),
+        raw: z
+            .object({ language: z.string().describe("The raw mode data's language type.").optional() })
+            .catchall(z.unknown())
+            .describe('Options for the `raw` data mode.')
+            .optional(),
+        urlencoded: z
+            .record(z.string(), z.unknown())
+            .describe('Options for the `urlencoded` data mode.')
+            .optional(),
+        params: z
+            .record(z.string(), z.unknown())
+            .describe('Options for the `params` data mode.')
+            .optional(),
+        binary: z
+            .record(z.string(), z.unknown())
+            .describe('Options for the `binary` data mode.')
+            .optional(),
+        graphql: z
+            .record(z.string(), z.unknown())
+            .describe('Options for the `graphql` data mode.')
+            .optional(),
     })
         .nullable()
+        .describe("Additional configurations and options set for the request body's various data modes.")
         .optional(),
     auth: z
         .object({
         type: z
             .enum([
-            'noauth',
             'basic',
             'bearer',
             'apikey',
@@ -91,94 +123,224 @@ export const parameters = z.object({
             'edgegrid',
             'jwt',
             'asap',
+            'noauth',
         ])
-            .optional(),
+            .describe('The authorization type.'),
         apikey: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe("The API key's authentication information.")
             .optional(),
-        bearer: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+        awsv4: z
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for AWS Signature authentication.')
             .optional(),
         basic: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for Basic Auth.')
             .optional(),
-        digest: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+        bearer: z
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for Bearer Token authentication.')
             .optional(),
-        oauth1: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+        digest: z
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for Digest access authentication.')
             .optional(),
-        oauth2: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+        edgegrid: z
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for Akamai Edgegrid authentication.')
             .optional(),
         hawk: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
-            .optional(),
-        awsv4: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for Hawk authentication.')
             .optional(),
         ntlm: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for NTLM authentication.')
             .optional(),
-        edgegrid: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+        oauth1: z
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for OAuth1 authentication.')
+            .optional(),
+        oauth2: z
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for OAuth2 authentication.')
             .optional(),
         jwt: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for JWT authentication.')
             .optional(),
         asap: z
-            .array(z.object({
-            key: z.string().optional(),
-            value: z.unknown().optional(),
-            type: z.enum(['string', 'boolean', 'number', 'array', 'object', 'any']).optional(),
-        }))
+            .array(z
+            .object({
+            key: z.string().describe("The auth method's key value."),
+            value: z
+                .union([z.string(), z.array(z.record(z.string(), z.unknown()))])
+                .describe("The key's value.")
+                .optional(),
+            type: z
+                .enum(['string', 'boolean', 'number', 'array', 'object', 'any'])
+                .describe("The value's type.")
+                .optional(),
+        })
+            .describe('Information about the supported Postman [authorization type](https://learning.postman.com/docs/sending-requests/authorization/authorization-types/).'))
+            .describe('The attributes for ASAP authentication.')
             .optional(),
     })
         .nullable()
+        .describe("The request's authentication information.")
+        .optional(),
+    events: z
+        .array(z.object({
+        listen: z.enum(['test', 'prerequest']).describe('The event type.'),
+        script: z
+            .object({
+            id: z.string().describe("The script's ID.").optional(),
+            type: z
+                .string()
+                .describe('The type of script. For example, `text/javascript`.')
+                .optional(),
+            exec: z
+                .array(z.string().nullable())
+                .describe('A list of script strings, where each line represents a line of code. Separate lines makes it easy to track script changes.')
+                .optional(),
+        })
+            .describe('Information about the Javascript code that can be used to to perform setup or teardown operations in a response.')
+            .optional(),
+    }))
+        .describe('A list of scripts configured to run when specific events occur.')
         .optional(),
 });
 export const annotations = {
@@ -219,6 +381,8 @@ export async function handler(args, extra) {
             bodyPayload.dataOptions = args.dataOptions;
         if (args.auth !== undefined)
             bodyPayload.auth = args.auth;
+        if (args.events !== undefined)
+            bodyPayload.events = args.events;
         const options = {
             body: JSON.stringify(bodyPayload),
             contentType: ContentType.Json,