npm - @robinmordasiewicz/f5xc-api-mcp - Versions diffs - 3.0.0 - Mend

@robinmordasiewicz/f5xc-api-mcp 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/CHANGELOG.md +74 -0
package/README.md +234 -0
package/dist/auth/credential-manager.d.ts +116 -0
package/dist/auth/credential-manager.d.ts.map +1 -0
package/dist/auth/credential-manager.js +208 -0
package/dist/auth/credential-manager.js.map +1 -0
package/dist/auth/http-client.d.ts +81 -0
package/dist/auth/http-client.d.ts.map +1 -0
package/dist/auth/http-client.js +197 -0
package/dist/auth/http-client.js.map +1 -0
package/dist/auth/index.d.ts +8 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +6 -0
package/dist/auth/index.js.map +1 -0
package/dist/generator/index.d.ts +7 -0
package/dist/generator/index.d.ts.map +1 -0
package/dist/generator/index.js +7 -0
package/dist/generator/index.js.map +1 -0
package/dist/generator/naming/acronyms.d.ts +81 -0
package/dist/generator/naming/acronyms.d.ts.map +1 -0
package/dist/generator/naming/acronyms.js +253 -0
package/dist/generator/naming/acronyms.js.map +1 -0
package/dist/generator/naming/index.d.ts +6 -0
package/dist/generator/naming/index.d.ts.map +1 -0
package/dist/generator/naming/index.js +6 -0
package/dist/generator/naming/index.js.map +1 -0
package/dist/generator/naming/volterra-mapping.d.ts +102 -0
package/dist/generator/naming/volterra-mapping.d.ts.map +1 -0
package/dist/generator/naming/volterra-mapping.js +259 -0
package/dist/generator/naming/volterra-mapping.js.map +1 -0
package/dist/generator/openapi-parser.d.ts +339 -0
package/dist/generator/openapi-parser.d.ts.map +1 -0
package/dist/generator/openapi-parser.js +463 -0
package/dist/generator/openapi-parser.js.map +1 -0
package/dist/generator/tool-generator.d.ts +74 -0
package/dist/generator/tool-generator.d.ts.map +1 -0
package/dist/generator/tool-generator.js +387 -0
package/dist/generator/tool-generator.js.map +1 -0
package/dist/generator/transformers/index.d.ts +7 -0
package/dist/generator/transformers/index.d.ts.map +1 -0
package/dist/generator/transformers/index.js +7 -0
package/dist/generator/transformers/index.js.map +1 -0
package/dist/generator/transformers/normalize-examples.d.ts +48 -0
package/dist/generator/transformers/normalize-examples.d.ts.map +1 -0
package/dist/generator/transformers/normalize-examples.js +66 -0
package/dist/generator/transformers/normalize-examples.js.map +1 -0
package/dist/index.d.ts +21 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +70 -0
package/dist/index.js.map +1 -0
package/dist/prompts/index.d.ts +6 -0
package/dist/prompts/index.d.ts.map +1 -0
package/dist/prompts/index.js +5 -0
package/dist/prompts/index.js.map +1 -0
package/dist/prompts/workflows.d.ts +59 -0
package/dist/prompts/workflows.d.ts.map +1 -0
package/dist/prompts/workflows.js +585 -0
package/dist/prompts/workflows.js.map +1 -0
package/dist/resources/handlers.d.ts +72 -0
package/dist/resources/handlers.d.ts.map +1 -0
package/dist/resources/handlers.js +279 -0
package/dist/resources/handlers.js.map +1 -0
package/dist/resources/index.d.ts +8 -0
package/dist/resources/index.d.ts.map +1 -0
package/dist/resources/index.js +6 -0
package/dist/resources/index.js.map +1 -0
package/dist/resources/templates.d.ts +86 -0
package/dist/resources/templates.d.ts.map +1 -0
package/dist/resources/templates.js +248 -0
package/dist/resources/templates.js.map +1 -0
package/dist/server.d.ts +78 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +426 -0
package/dist/server.js.map +1 -0
package/dist/tools/discovery/consolidate.d.ts +97 -0
package/dist/tools/discovery/consolidate.d.ts.map +1 -0
package/dist/tools/discovery/consolidate.js +200 -0
package/dist/tools/discovery/consolidate.js.map +1 -0
package/dist/tools/discovery/describe.d.ts +132 -0
package/dist/tools/discovery/describe.d.ts.map +1 -0
package/dist/tools/discovery/describe.js +206 -0
package/dist/tools/discovery/describe.js.map +1 -0
package/dist/tools/discovery/execute.d.ts +98 -0
package/dist/tools/discovery/execute.d.ts.map +1 -0
package/dist/tools/discovery/execute.js +251 -0
package/dist/tools/discovery/execute.js.map +1 -0
package/dist/tools/discovery/index-loader.d.ts +28 -0
package/dist/tools/discovery/index-loader.d.ts.map +1 -0
package/dist/tools/discovery/index-loader.js +69 -0
package/dist/tools/discovery/index-loader.js.map +1 -0
package/dist/tools/discovery/index.d.ts +185 -0
package/dist/tools/discovery/index.d.ts.map +1 -0
package/dist/tools/discovery/index.js +177 -0
package/dist/tools/discovery/index.js.map +1 -0
package/dist/tools/discovery/search.d.ts +41 -0
package/dist/tools/discovery/search.d.ts.map +1 -0
package/dist/tools/discovery/search.js +155 -0
package/dist/tools/discovery/search.js.map +1 -0
package/dist/tools/discovery/types.d.ts +70 -0
package/dist/tools/discovery/types.d.ts.map +1 -0
package/dist/tools/discovery/types.js +9 -0
package/dist/tools/discovery/types.js.map +1 -0
package/dist/tools/generated/ai_intelligence/index.d.ts +8 -0
package/dist/tools/generated/ai_intelligence/index.d.ts.map +1 -0
package/dist/tools/generated/ai_intelligence/index.js +282 -0
package/dist/tools/generated/ai_intelligence/index.js.map +1 -0
package/dist/tools/generated/api_security/index.d.ts +8 -0
package/dist/tools/generated/api_security/index.d.ts.map +1 -0
package/dist/tools/generated/api_security/index.js +1852 -0
package/dist/tools/generated/api_security/index.js.map +1 -0
package/dist/tools/generated/applications/index.d.ts +8 -0
package/dist/tools/generated/applications/index.d.ts.map +1 -0
package/dist/tools/generated/applications/index.js +1589 -0
package/dist/tools/generated/applications/index.js.map +1 -0
package/dist/tools/generated/bigip/index.d.ts +8 -0
package/dist/tools/generated/bigip/index.d.ts.map +1 -0
package/dist/tools/generated/bigip/index.js +1173 -0
package/dist/tools/generated/bigip/index.js.map +1 -0
package/dist/tools/generated/billing/index.d.ts +8 -0
package/dist/tools/generated/billing/index.d.ts.map +1 -0
package/dist/tools/generated/billing/index.js +759 -0
package/dist/tools/generated/billing/index.js.map +1 -0
package/dist/tools/generated/cdn/index.d.ts +8 -0
package/dist/tools/generated/cdn/index.d.ts.map +1 -0
package/dist/tools/generated/cdn/index.js +841 -0
package/dist/tools/generated/cdn/index.js.map +1 -0
package/dist/tools/generated/config/index.d.ts +8 -0
package/dist/tools/generated/config/index.d.ts.map +1 -0
package/dist/tools/generated/config/index.js +316 -0
package/dist/tools/generated/config/index.js.map +1 -0
package/dist/tools/generated/identity/index.d.ts +8 -0
package/dist/tools/generated/identity/index.d.ts.map +1 -0
package/dist/tools/generated/identity/index.js +5371 -0
package/dist/tools/generated/identity/index.js.map +1 -0
package/dist/tools/generated/infrastructure/index.d.ts +8 -0
package/dist/tools/generated/infrastructure/index.d.ts.map +1 -0
package/dist/tools/generated/infrastructure/index.js +5342 -0
package/dist/tools/generated/infrastructure/index.js.map +1 -0
package/dist/tools/generated/infrastructure_protection/index.d.ts +8 -0
package/dist/tools/generated/infrastructure_protection/index.d.ts.map +1 -0
package/dist/tools/generated/infrastructure_protection/index.js +2919 -0
package/dist/tools/generated/infrastructure_protection/index.js.map +1 -0
package/dist/tools/generated/integrations/index.d.ts +8 -0
package/dist/tools/generated/integrations/index.d.ts.map +1 -0
package/dist/tools/generated/integrations/index.js +1995 -0
package/dist/tools/generated/integrations/index.js.map +1 -0
package/dist/tools/generated/load_balancer/index.d.ts +8 -0
package/dist/tools/generated/load_balancer/index.d.ts.map +1 -0
package/dist/tools/generated/load_balancer/index.js +2269 -0
package/dist/tools/generated/load_balancer/index.js.map +1 -0
package/dist/tools/generated/networking/index.d.ts +8 -0
package/dist/tools/generated/networking/index.d.ts.map +1 -0
package/dist/tools/generated/networking/index.js +11289 -0
package/dist/tools/generated/networking/index.js.map +1 -0
package/dist/tools/generated/nginx/index.d.ts +8 -0
package/dist/tools/generated/nginx/index.d.ts.map +1 -0
package/dist/tools/generated/nginx/index.js +680 -0
package/dist/tools/generated/nginx/index.js.map +1 -0
package/dist/tools/generated/observability/index.d.ts +8 -0
package/dist/tools/generated/observability/index.d.ts.map +1 -0
package/dist/tools/generated/observability/index.js +6140 -0
package/dist/tools/generated/observability/index.js.map +1 -0
package/dist/tools/generated/operations/index.d.ts +8 -0
package/dist/tools/generated/operations/index.d.ts.map +1 -0
package/dist/tools/generated/operations/index.js +1759 -0
package/dist/tools/generated/operations/index.js.map +1 -0
package/dist/tools/generated/security/index.d.ts +8 -0
package/dist/tools/generated/security/index.d.ts.map +1 -0
package/dist/tools/generated/security/index.js +9111 -0
package/dist/tools/generated/security/index.js.map +1 -0
package/dist/tools/generated/service_mesh/index.d.ts +8 -0
package/dist/tools/generated/service_mesh/index.d.ts.map +1 -0
package/dist/tools/generated/service_mesh/index.js +1628 -0
package/dist/tools/generated/service_mesh/index.js.map +1 -0
package/dist/tools/generated/shape_security/index.d.ts +8 -0
package/dist/tools/generated/shape_security/index.d.ts.map +1 -0
package/dist/tools/generated/shape_security/index.js +4121 -0
package/dist/tools/generated/shape_security/index.js.map +1 -0
package/dist/tools/generated/subscriptions/index.d.ts +8 -0
package/dist/tools/generated/subscriptions/index.d.ts.map +1 -0
package/dist/tools/generated/subscriptions/index.js +778 -0
package/dist/tools/generated/subscriptions/index.js.map +1 -0
package/dist/tools/generated/tenant_management/index.d.ts +8 -0
package/dist/tools/generated/tenant_management/index.d.ts.map +1 -0
package/dist/tools/generated/tenant_management/index.js +2292 -0
package/dist/tools/generated/tenant_management/index.js.map +1 -0
package/dist/tools/generated/vpn/index.d.ts +8 -0
package/dist/tools/generated/vpn/index.d.ts.map +1 -0
package/dist/tools/generated/vpn/index.js +1183 -0
package/dist/tools/generated/vpn/index.js.map +1 -0
package/dist/tools/index.d.ts +7 -0
package/dist/tools/index.d.ts.map +1 -0
package/dist/tools/index.js +6 -0
package/dist/tools/index.js.map +1 -0
package/dist/tools/registry.d.ts +27 -0
package/dist/tools/registry.d.ts.map +1 -0
package/dist/tools/registry.js +83 -0
package/dist/tools/registry.js.map +1 -0
package/dist/utils/error-handling.d.ts +109 -0
package/dist/utils/error-handling.d.ts.map +1 -0
package/dist/utils/error-handling.js +239 -0
package/dist/utils/error-handling.js.map +1 -0
package/dist/utils/index.d.ts +7 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +6 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logging.d.ts +75 -0
package/dist/utils/logging.d.ts.map +1 -0
package/dist/utils/logging.js +131 -0
package/dist/utils/logging.js.map +1 -0
package/manifest.json +143 -0
package/package.json +95 -0

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,74 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [Unreleased]
+### Breaking Changes
+- **BREAKING**: Package name changed from `f5xc-api-mcp` to `@robinmordasiewicz/f5xc-api-mcp` for scoped npm packaging
+  - Installation command changes: `npm install -g @robinmordasiewicz/f5xc-api-mcp`
+  - npx command changes: `npx @robinmordasiewicz/f5xc-api-mcp`
+  - Binary name remains unchanged: `f5xc-api-mcp`
+  - This aligns with organizational package naming convention for consistency
+### Added
+- Initial release of F5 Distributed Cloud API MCP Server
+- 270+ API tools auto-generated from OpenAPI specifications
+- Dual-mode operation: documentation mode (unauthenticated) and execution mode (authenticated)
+- API token authentication support
+- P12 certificate (mTLS) authentication support
+- Automatic URL normalization for various F5XC URL formats
+- f5xcctl CLI command equivalents in every response
+- Terraform HCL examples in every response
+- MCP Resources for F5XC configuration objects via URI scheme
+- Workflow prompts for common operations:
+  - `deploy-http-loadbalancer` - Deploy HTTP Load Balancer with origin pool
+  - `configure-waf` - Configure Web Application Firewall
+  - `create-multicloud-site` - Deploy F5XC site in AWS/Azure/GCP
+  - `generate-terraform` - Export resources as Terraform HCL
+- Subscription tier awareness (NO_TIER, STANDARD, ADVANCED)
+- Comprehensive documentation site with MkDocs
+- Docker container distribution via GHCR
+- npm package distribution
+- GitHub Actions CI/CD pipeline:
+  - Automated OpenAPI spec synchronization
+  - Code generation workflow
+  - Security scanning (Trivy, TruffleHog, CodeQL)
+  - Multi-platform Docker builds
+  - Automated npm publishing
+  - Documentation deployment to GitHub Pages
+### API Domains
+- `waap` - HTTP/TCP load balancers, origin pools, app firewalls, rate limiters
+- `dns` - DNS zones, DNS load balancers, DNS LB pools
+- `network` - Network connectors, firewalls, enhanced firewall policies
+- `site` - AWS VPC sites, Azure VNET sites, GCP VPC sites, customer edge
+- `appstack` - K8s clusters, virtual K8s, workloads
+- `security` - Service policies, WAF, malicious user detection
+- `core` - Namespaces, certificates, cloud credentials
+### Technical
+- TypeScript 5.x with strict mode
+- Node.js 20+ LTS runtime
+- @modelcontextprotocol/sdk for MCP implementation
+- Zod for runtime validation
+- Axios with mTLS support for HTTP client
+- Vitest for testing framework
+- ESLint + Prettier for code quality
+- Material for MkDocs for documentation
+## [0.1.0] - TBD
+### Added
+- Initial public release
+[Unreleased]: https://github.com/robinmordasiewicz/f5xc-api-mcp/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/robinmordasiewicz/f5xc-api-mcp/releases/tag/v0.1.0

package/README.md ADDED Viewed

@@ -0,0 +1,234 @@
+# F5 Distributed Cloud API MCP Server
+[![npm version](https://badge.fury.io/js/%40robinmordasiewicz%2Ff5xc-api-mcp.svg)](https://www.npmjs.com/package/@robinmordasiewicz/f5xc-api-mcp)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+An MCP (Model Context Protocol) server that exposes F5 Distributed Cloud APIs to AI assistants.
+Enables natural language interaction with F5XC infrastructure through Claude, VS Code, and
+other MCP-compatible tools.
+## Features
+- **1500+ API Tools** - Complete coverage of F5XC API operations across 22 domains
+- **Dual-Mode Operation** - Works without authentication (documentation mode) AND with authentication (execution mode)
+- **f5xcctl Integration** - Every response includes equivalent CLI commands
+- **Terraform Examples** - Every response includes Terraform HCL examples
+- **Multiple Auth Methods** - API token and P12 certificate (mTLS) support
+- **URL Normalization** - Automatically handles various F5XC URL formats
+- **Pre-enriched Specs** - Uses optimized OpenAPI 3.0.3 specifications from upstream
+## Quick Start
+### Using npx (Recommended)
+```bash
+npx @robinmordasiewicz/f5xc-api-mcp
+```
+### Using npm
+```bash
+npm install -g @robinmordasiewicz/f5xc-api-mcp
+f5xc-api-mcp
+```
+### Using Docker
+```bash
+docker run -i --rm ghcr.io/robinmordasiewicz/f5xc-api-mcp
+```
+## Configuration
+### Claude Desktop
+Add to your Claude Desktop configuration (`~/Library/Application Support/Claude/claude_desktop_config.json` on macOS):
+```json
+{
+  "mcpServers": {
+    "f5xc-api": {
+      "command": "npx",
+      "args": ["@robinmordasiewicz/f5xc-api-mcp"],
+      "env": {
+        "F5XC_API_URL": "https://your-tenant.console.ves.volterra.io",
+        "F5XC_API_TOKEN": "your-api-token"
+      }
+    }
+  }
+}
+```
+### Claude Code CLI
+```bash
+claude mcp add f5xc-api -- npx @robinmordasiewicz/f5xc-api-mcp
+```
+### VS Code (with Cline/Continue)
+Add to your MCP settings:
+```json
+{
+  "mcpServers": {
+    "f5xc-api": {
+      "command": "npx",
+      "args": ["@robinmordasiewicz/f5xc-api-mcp"]
+    }
+  }
+}
+```
+## Environment Variables
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `F5XC_API_URL` | For execution | Tenant URL (auto-normalized) |
+| `F5XC_API_TOKEN` | For token auth | API token from XC Console |
+| `F5XC_P12_FILE` | For cert auth | Path to P12 certificate file |
+| `F5XC_P12_PASSWORD` | For cert auth | Password for P12 certificate |
+| `LOG_LEVEL` | No | Logging verbosity (debug, info, warn, error) |
+## Dual-Mode Operation
+### Documentation Mode (No Authentication)
+When no credentials are provided, the server provides:
+- OpenAPI specification documentation
+- API operation explanations
+- Parameter descriptions and validation
+- f5xcctl command equivalents
+- Terraform HCL examples
+- JSON request templates
+This mode is ideal for users who authenticate via f5xcctl or Terraform.
+### Execution Mode (With Authentication)
+When credentials are provided, the server additionally:
+- Executes actual API calls against your tenant
+- Lists and retrieves resources
+- Creates, updates, and deletes configurations
+- Returns real-time resource status
+## Available Tools
+Tools follow the naming pattern: `f5xc-api-{domain}-{resource}-{operation}`
+### Domains (22 Total)
+| Domain | Description |
+|--------|-------------|
+| `load_balancer` | HTTP/TCP/UDP load balancers, origin pools, forward proxy |
+| `networking` | Network connectors, firewalls, interfaces, policies |
+| `security` | Service policies, WAF, malicious user mitigation |
+| `infrastructure` | AWS/Azure/GCP VPC sites, customer edge sites |
+| `api_security` | API discovery, protection, definitions |
+| `cdn` | CDN load balancers, cache rules |
+| `dns` | DNS zones, DNS load balancers, DNS pools |
+| `identity` | Authentication, users, roles, RBAC |
+| `observability` | Alerts, logs, synthetic monitors |
+| `config` | Namespaces, certificates, credentials |
+| `nginx` | NGINX One instances, servers, service discovery |
+| `bigip` | BIG-IP virtual servers, iRules, APM |
+| `vpn` | VPN tunnels, IKE profiles |
+| `service_mesh` | Virtual K8s, workloads, K8s clusters |
+| `shape_security` | Bot defense, client-side defense |
+| `tenant_management` | Multi-tenant management, profiles |
+| `billing` | Invoices, payment methods, subscriptions |
+| `integrations` | Third-party apps, ticket systems |
+| `operations` | Debug, DHCP, ping, traceroute |
+| `ai_intelligence` | AI assistant, BFDP |
+| `infrastructure_protection` | DDoS protection, firewall rules |
+| `subscriptions` | Feature subscriptions, plans |
+### Example Tools
+- `f5xc-api-loadbalancer-http-loadbalancer-create`
+- `f5xc-api-loadbalancer-origin-pool-list`
+- `f5xc-api-networking-network-interface-get`
+- `f5xc-api-server-info`
+## Workflow Prompts
+The server includes guided workflow prompts:
+- `deploy-http-loadbalancer` - Deploy HTTP LB with origin pool
+- `configure-waf` - Configure Web Application Firewall
+- `create-multicloud-site` - Deploy F5XC site in AWS/Azure/GCP
+- `generate-terraform` - Export resources as Terraform
+## Resource URIs
+Access F5XC resources via URI scheme:
+```text
+f5xc://{tenant}/{namespace}/{resource-type}/{name}
+```
+Examples:
+- `f5xc://mytenant/production/http_loadbalancer/my-app`
+- `f5xc://mytenant/system/namespace/default`
+## URL Normalization
+The server automatically normalizes various URL formats:
+| User Input | Normalized |
+|------------|------------|
+| `tenant.volterra.us` | `tenant.console.ves.volterra.io/api` |
+| `tenant.console.ves.volterra.io` | `tenant.console.ves.volterra.io/api` |
+| `https://tenant.volterra.us/` | `https://tenant.console.ves.volterra.io/api` |
+## Development
+### Prerequisites
+- Node.js 20+
+- npm 9+
+### Setup
+```bash
+git clone https://github.com/robinmordasiewicz/f5xc-api-mcp.git
+cd f5xc-api-mcp
+npm install
+npm run build
+```
+### Testing
+```bash
+npm test              # Run tests
+npm run test:watch    # Watch mode
+npm run test:coverage # Coverage report
+```
+### Linting
+```bash
+npm run lint          # Check linting
+npm run lint:fix      # Fix linting issues
+npm run format        # Format code
+```
+## Documentation
+Full documentation is available at: <https://robinmordasiewicz.github.io/f5xc-api-mcp>
+## Contributing
+Contributions are welcome! Please read our contributing guidelines and submit pull requests.
+## License
+MIT License - see [LICENSE](LICENSE) for details.
+## Support
+- [GitHub Issues](https://github.com/robinmordasiewicz/f5xc-api-mcp/issues)
+- [GitHub Discussions](https://github.com/robinmordasiewicz/f5xc-api-mcp/discussions)

package/dist/auth/credential-manager.d.ts ADDED Viewed

@@ -0,0 +1,116 @@
+/**
+ * Credential Manager for F5 Distributed Cloud API
+ *
+ * Handles authentication configuration and URL normalization.
+ * Supports dual-mode operation:
+ * - Documentation mode: No credentials required
+ * - Execution mode: API token or P12 certificate authentication
+ */
+/**
+ * Authentication modes supported by the server
+ */
+export declare enum AuthMode {
+    /** No authentication - documentation mode only */
+    NONE = "none",
+    /** API token authentication */
+    TOKEN = "token",
+    /** P12 certificate authentication (mTLS) */
+    CERTIFICATE = "certificate"
+}
+/**
+ * Environment variable names for authentication
+ */
+export declare const AUTH_ENV_VARS: {
+    readonly API_URL: "F5XC_API_URL";
+    readonly API_TOKEN: "F5XC_API_TOKEN";
+    readonly P12_FILE: "F5XC_P12_FILE";
+    readonly P12_PASSWORD: "F5XC_P12_PASSWORD";
+};
+/**
+ * Credential configuration for API access
+ */
+export interface Credentials {
+    /** Authentication mode */
+    mode: AuthMode;
+    /** Normalized API URL */
+    apiUrl: string | null;
+    /** API token (for token auth) */
+    token: string | null;
+    /** P12 certificate buffer (for cert auth) */
+    p12Certificate: Buffer | null;
+    /** P12 certificate password */
+    p12Password: string | null;
+}
+/**
+ * Normalize F5XC tenant URL to standard API endpoint format
+ *
+ * Handles various input formats:
+ * - tenant.volterra.us -> tenant.console.ves.volterra.io/api
+ * - tenant.staging.volterra.us -> tenant.staging.console.ves.volterra.io/api
+ * - tenant.console.ves.volterra.io -> tenant.console.ves.volterra.io/api
+ * - Any of the above with trailing slashes or /api suffix
+ *
+ * @param input - Raw URL from user configuration
+ * @returns Normalized API URL
+ */
+export declare function normalizeApiUrl(input: string): string;
+/**
+ * Extract tenant name from a normalized URL
+ *
+ * @param url - Normalized API URL
+ * @returns Tenant name or null if not parseable
+ */
+export declare function extractTenantFromUrl(url: string): string | null;
+/**
+ * Credential Manager
+ *
+ * Manages authentication credentials for F5 Distributed Cloud API.
+ * Reads configuration from environment variables and provides
+ * normalized credentials for API access.
+ */
+export declare class CredentialManager {
+    private credentials;
+    constructor();
+    /**
+     * Load credentials from environment variables
+     */
+    private loadCredentials;
+    /**
+     * Get the current authentication mode
+     */
+    getAuthMode(): AuthMode;
+    /**
+     * Check if the server is in authenticated mode
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Get the normalized API URL
+     */
+    getApiUrl(): string | null;
+    /**
+     * Get the tenant name
+     */
+    getTenant(): string | null;
+    /**
+     * Get API token (for token authentication)
+     */
+    getToken(): string | null;
+    /**
+     * Get P12 certificate buffer (for certificate authentication)
+     */
+    getP12Certificate(): Buffer | null;
+    /**
+     * Get P12 certificate password
+     */
+    getP12Password(): string | null;
+    /**
+     * Get full credentials object
+     */
+    getCredentials(): Readonly<Credentials>;
+    /**
+     * Reload credentials from environment
+     * Useful for testing or when credentials change
+     */
+    reload(): void;
+}
+//# sourceMappingURL=credential-manager.d.ts.map

package/dist/auth/credential-manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"credential-manager.d.ts","sourceRoot":"","sources":["../../src/auth/credential-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH;;GAEG;AACH,oBAAY,QAAQ;IAClB,kDAAkD;IAClD,IAAI,SAAS;IACb,+BAA+B;IAC/B,KAAK,UAAU;IACf,4CAA4C;IAC5C,WAAW,gBAAgB;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;CAKhB,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,0BAA0B;IAC1B,IAAI,EAAE,QAAQ,CAAC;IACf,yBAAyB;IACzB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,iCAAiC;IACjC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,6CAA6C;IAC7C,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,+BAA+B;IAC/B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAcD;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAsBrD;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAG/D;AAED;;;;;;GAMG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,WAAW,CAAc;;IAMjC;;OAEG;IACH,OAAO,CAAC,eAAe;IAwDvB;;OAEG;IACH,WAAW,IAAI,QAAQ;IAIvB;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,SAAS,IAAI,MAAM,GAAG,IAAI;IAI1B;;OAEG;IACH,SAAS,IAAI,MAAM,GAAG,IAAI;IAI1B;;OAEG;IACH,QAAQ,IAAI,MAAM,GAAG,IAAI;IAIzB;;OAEG;IACH,iBAAiB,IAAI,MAAM,GAAG,IAAI;IAIlC;;OAEG;IACH,cAAc,IAAI,MAAM,GAAG,IAAI;IAI/B;;OAEG;IACH,cAAc,IAAI,QAAQ,CAAC,WAAW,CAAC;IAIvC;;;OAGG;IACH,MAAM,IAAI,IAAI;CAGf"}

package/dist/auth/credential-manager.js ADDED Viewed

@@ -0,0 +1,208 @@
+/**
+ * Credential Manager for F5 Distributed Cloud API
+ *
+ * Handles authentication configuration and URL normalization.
+ * Supports dual-mode operation:
+ * - Documentation mode: No credentials required
+ * - Execution mode: API token or P12 certificate authentication
+ */
+import { readFileSync } from "fs";
+import { logger } from "../utils/logging.js";
+/**
+ * Authentication modes supported by the server
+ */
+export var AuthMode;
+(function (AuthMode) {
+    /** No authentication - documentation mode only */
+    AuthMode["NONE"] = "none";
+    /** API token authentication */
+    AuthMode["TOKEN"] = "token";
+    /** P12 certificate authentication (mTLS) */
+    AuthMode["CERTIFICATE"] = "certificate";
+})(AuthMode || (AuthMode = {}));
+/**
+ * Environment variable names for authentication
+ */
+export const AUTH_ENV_VARS = {
+    API_URL: "F5XC_API_URL",
+    API_TOKEN: "F5XC_API_TOKEN",
+    P12_FILE: "F5XC_P12_FILE",
+    P12_PASSWORD: "F5XC_P12_PASSWORD",
+};
+/**
+ * URL normalization patterns
+ */
+const URL_PATTERNS = {
+    // Match short-form URLs: tenant.volterra.us or tenant.staging.volterra.us
+    SHORT_FORM: /^https?:\/\/([^./]+)\.(staging\.)?volterra\.us\/?/i,
+    // Match console URLs: tenant.console.ves.volterra.io
+    CONSOLE_FORM: /^https?:\/\/([^./]+)\.(staging\.)?console\.ves\.volterra\.io\/?/i,
+    // Trailing slashes and /api suffix
+    TRAILING_CLEANUP: /\/+$|\/api\/?$/gi,
+};
+/**
+ * Normalize F5XC tenant URL to standard API endpoint format
+ *
+ * Handles various input formats:
+ * - tenant.volterra.us -> tenant.console.ves.volterra.io/api
+ * - tenant.staging.volterra.us -> tenant.staging.console.ves.volterra.io/api
+ * - tenant.console.ves.volterra.io -> tenant.console.ves.volterra.io/api
+ * - Any of the above with trailing slashes or /api suffix
+ *
+ * @param input - Raw URL from user configuration
+ * @returns Normalized API URL
+ */
+export function normalizeApiUrl(input) {
+    // Remove trailing slashes and existing /api suffix
+    let url = input.replace(URL_PATTERNS.TRAILING_CLEANUP, "");
+    // Handle short-form URLs (tenant.volterra.us)
+    const shortFormMatch = url.match(URL_PATTERNS.SHORT_FORM);
+    if (shortFormMatch) {
+        const tenant = shortFormMatch[1];
+        const staging = shortFormMatch[2] ?? "";
+        url = `https://${tenant}.${staging}console.ves.volterra.io`;
+    }
+    // Handle console URLs - ensure https
+    const consoleMatch = url.match(URL_PATTERNS.CONSOLE_FORM);
+    if (consoleMatch) {
+        const tenant = consoleMatch[1];
+        const staging = consoleMatch[2] ?? "";
+        url = `https://${tenant}.${staging}console.ves.volterra.io`;
+    }
+    // Ensure /api suffix
+    return `${url}/api`;
+}
+/**
+ * Extract tenant name from a normalized URL
+ *
+ * @param url - Normalized API URL
+ * @returns Tenant name or null if not parseable
+ */
+export function extractTenantFromUrl(url) {
+    const match = url.match(/https?:\/\/([^./]+)\./);
+    return match?.[1] ?? null;
+}
+/**
+ * Credential Manager
+ *
+ * Manages authentication credentials for F5 Distributed Cloud API.
+ * Reads configuration from environment variables and provides
+ * normalized credentials for API access.
+ */
+export class CredentialManager {
+    credentials;
+    constructor() {
+        this.credentials = this.loadCredentials();
+    }
+    /**
+     * Load credentials from environment variables
+     */
+    loadCredentials() {
+        const apiUrl = process.env[AUTH_ENV_VARS.API_URL];
+        const token = process.env[AUTH_ENV_VARS.API_TOKEN];
+        const p12File = process.env[AUTH_ENV_VARS.P12_FILE];
+        const p12Password = process.env[AUTH_ENV_VARS.P12_PASSWORD];
+        // Determine authentication mode
+        let mode = AuthMode.NONE;
+        let normalizedUrl = null;
+        let p12Certificate = null;
+        if (apiUrl) {
+            normalizedUrl = normalizeApiUrl(apiUrl);
+            if (p12File) {
+                // Certificate authentication takes precedence
+                mode = AuthMode.CERTIFICATE;
+                try {
+                    p12Certificate = readFileSync(p12File);
+                    logger.info("Loaded P12 certificate", { file: p12File });
+                }
+                catch (error) {
+                    logger.error("Failed to load P12 certificate", {
+                        file: p12File,
+                        error: error instanceof Error ? error.message : String(error),
+                    });
+                    // Fall back to token auth if certificate load fails
+                    if (token) {
+                        mode = AuthMode.TOKEN;
+                        logger.info("Falling back to token authentication");
+                    }
+                    else {
+                        mode = AuthMode.NONE;
+                    }
+                }
+            }
+            else if (token) {
+                mode = AuthMode.TOKEN;
+            }
+        }
+        const tenant = normalizedUrl ? extractTenantFromUrl(normalizedUrl) : null;
+        logger.info("Credentials loaded", {
+            mode,
+            tenant,
+            hasToken: Boolean(token),
+            hasP12: Boolean(p12Certificate),
+        });
+        return {
+            mode,
+            apiUrl: normalizedUrl,
+            token: token ?? null,
+            p12Certificate,
+            p12Password: p12Password ?? null,
+        };
+    }
+    /**
+     * Get the current authentication mode
+     */
+    getAuthMode() {
+        return this.credentials.mode;
+    }
+    /**
+     * Check if the server is in authenticated mode
+     */
+    isAuthenticated() {
+        return this.credentials.mode !== AuthMode.NONE;
+    }
+    /**
+     * Get the normalized API URL
+     */
+    getApiUrl() {
+        return this.credentials.apiUrl;
+    }
+    /**
+     * Get the tenant name
+     */
+    getTenant() {
+        return this.credentials.apiUrl ? extractTenantFromUrl(this.credentials.apiUrl) : null;
+    }
+    /**
+     * Get API token (for token authentication)
+     */
+    getToken() {
+        return this.credentials.token;
+    }
+    /**
+     * Get P12 certificate buffer (for certificate authentication)
+     */
+    getP12Certificate() {
+        return this.credentials.p12Certificate;
+    }
+    /**
+     * Get P12 certificate password
+     */
+    getP12Password() {
+        return this.credentials.p12Password;
+    }
+    /**
+     * Get full credentials object
+     */
+    getCredentials() {
+        return Object.freeze({ ...this.credentials });
+    }
+    /**
+     * Reload credentials from environment
+     * Useful for testing or when credentials change
+     */
+    reload() {
+        this.credentials = this.loadCredentials();
+    }
+}
+//# sourceMappingURL=credential-manager.js.map

package/dist/auth/credential-manager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"credential-manager.js","sourceRoot":"","sources":["../../src/auth/credential-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C;;GAEG;AACH,MAAM,CAAN,IAAY,QAOX;AAPD,WAAY,QAAQ;IAClB,kDAAkD;IAClD,yBAAa,CAAA;IACb,+BAA+B;IAC/B,2BAAe,CAAA;IACf,4CAA4C;IAC5C,uCAA2B,CAAA;AAC7B,CAAC,EAPW,QAAQ,KAAR,QAAQ,QAOnB;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,OAAO,EAAE,cAAc;IACvB,SAAS,EAAE,gBAAgB;IAC3B,QAAQ,EAAE,eAAe;IACzB,YAAY,EAAE,mBAAmB;CACzB,CAAC;AAkBX;;GAEG;AACH,MAAM,YAAY,GAAG;IACnB,0EAA0E;IAC1E,UAAU,EAAE,oDAAoD;IAChE,qDAAqD;IACrD,YAAY,EAAE,kEAAkE;IAChF,mCAAmC;IACnC,gBAAgB,EAAE,kBAAkB;CACrC,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,mDAAmD;IACnD,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;IAE3D,8CAA8C;IAC9C,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAC1D,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACxC,GAAG,GAAG,WAAW,MAAM,IAAI,OAAO,yBAAyB,CAAC;IAC9D,CAAC;IAED,qCAAqC;IACrC,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,GAAG,GAAG,WAAW,MAAM,IAAI,OAAO,yBAAyB,CAAC;IAC9D,CAAC;IAED,qBAAqB;IACrB,OAAO,GAAG,GAAG,MAAM,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACjD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,iBAAiB;IACpB,WAAW,CAAc;IAEjC;QACE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QAE5D,gCAAgC;QAChC,IAAI,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QACzB,IAAI,aAAa,GAAkB,IAAI,CAAC;QACxC,IAAI,cAAc,GAAkB,IAAI,CAAC;QAEzC,IAAI,MAAM,EAAE,CAAC;YACX,aAAa,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;YAExC,IAAI,OAAO,EAAE,CAAC;gBACZ,8CAA8C;gBAC9C,IAAI,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAC5B,IAAI,CAAC;oBACH,cAAc,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;oBACvC,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC3D,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;wBAC7C,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC,CAAC;oBACH,oDAAoD;oBACpD,IAAI,KAAK,EAAE,CAAC;wBACV,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC;wBACtB,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;oBACtD,CAAC;yBAAM,CAAC;wBACN,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;oBACvB,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,KAAK,EAAE,CAAC;gBACjB,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC;YACxB,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE1E,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAChC,IAAI;YACJ,MAAM;YACN,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC;YACxB,MAAM,EAAE,OAAO,CAAC,cAAc,CAAC;SAChC,CAAC,CAAC;QAEH,OAAO;YACL,IAAI;YACJ,MAAM,EAAE,aAAa;YACrB,KAAK,EAAE,KAAK,IAAI,IAAI;YACpB,cAAc;YACd,WAAW,EAAE,WAAW,IAAI,IAAI;SACjC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,QAAQ,CAAC,IAAI,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAChD,CAAC;IAED;;;OAGG;IACH,MAAM;QACJ,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IAC5C,CAAC;CACF"}