@sanity/cli 6.1.7 → 6.2.0

package/dist/services/mcp.js

@@ -1,23 +1,9 @@
 import { getGlobalCliClient, subdebug } from '@sanity/cli-core';
-import { createRequester } from '@sanity/cli-core/request';
+import { isHttpError } from '@sanity/client';
 export const MCP_API_VERSION = '2025-12-09';
 export const MCP_SERVER_URL = 'https://mcp.sanity.io';
 export const MCP_JOURNEY_API_VERSION = 'v2024-02-23';
 const debug = subdebug('mcp:service');
-let mcpRequester;
-function getMCPRequester() {
-    if (!mcpRequester) {
-        mcpRequester = createRequester({
-            middleware: {
-                httpErrors: false,
-                promise: {
-                    onlyBody: false
-                }
-            }
-        });
-    }
-    return mcpRequester;
-}
 /**
  * Create a child token for MCP usage
  * This token is tied to the parent CLI token and will be invalidated
@@ -48,42 +34,44 @@ function getMCPRequester() {
     return tokenResponse.token;
 }
 /**
- * Validate an MCP token against the MCP server.
+ * Validate an MCP token by checking it against the Sanity API.
  *
- * MCP tokens are scoped to mcp.sanity.io and are not valid against
- * api.sanity.io, so we validate against the MCP server itself.
+ * MCP tokens are standard Sanity session tokens (`sk…`), so we validate
+ * by calling `/users/me` on `api.sanity.io`. A 200 means the token is
+ * alive; a 401/403 means it is dead and the caller should prompt for
+ * re-configuration.
  *
- * Sends a minimal POST with just the Authorization header — the server
- * checks auth before content negotiation, so a valid token gets 406
- * (missing Accept header) while an invalid token gets 401. This avoids
- * the cost of a full initialize handshake.
+ * Transient errors (5xx, network failures, timeouts) are rethrown so the
+ * caller can decide how to handle them — typically by assuming the token
+ * is still valid rather than falsely marking it as expired.
+ *
+ * We intentionally do NOT probe `mcp.sanity.io` because the MCP server
+ * lets invalid bearer tokens through for protocol-compatibility reasons,
+ * which causes the CLI to falsely treat dead tokens as valid.
  *
  * @internal
  */ export async function validateMCPToken(token) {
-    const request = getMCPRequester();
-    // Use a 2500ms timeout — long enough for VPN/proxy/distant-region latency,
-    // short enough to not stall the init flow. If the request times out or the
-    // server returns an unexpected status, we assume the token is valid rather
-    // than falsely marking it as expired (see below).
-    const res = await request({
-        body: '{}',
-        headers: {
-            Authorization: `Bearer ${token}`,
-            'Content-Type': 'application/json'
-        },
-        method: 'POST',
-        timeout: 2500,
-        url: MCP_SERVER_URL
+    const client = await getGlobalCliClient({
+        apiVersion: MCP_API_VERSION,
+        requireUser: false,
+        token
     });
-    // 401/403 are the only responses that definitively mean "bad token".
-    // Everything else (406 = valid, 5xx = server issue, 2xx = unexpected)
-    // is treated as "assume valid" — we'd rather skip a re-auth prompt
-    // than force users to re-configure because of a transient server error.
-    if (res.statusCode === 401 || res.statusCode === 403) {
-        debug('MCP token validation failed with %d', res.statusCode);
-        return false;
+    try {
+        await client.request({
+            timeout: 2500,
+            uri: '/users/me'
+        });
+        return true;
+    } catch (err) {
+        // 401/403 definitively mean "dead token"
+        if (isHttpError(err) && (err.statusCode === 401 || err.statusCode === 403)) {
+            debug('MCP token validation failed with %d', err.statusCode);
+            return false;
+        }
+        // Everything else (5xx, network errors, timeouts) is rethrown so the
+        // caller can decide — typically assumes valid rather than forcing re-auth.
+        throw err;
     }
-    return true;
 }
 /**
  * Fetches the post-init MCP prompt from the Journey API and interpolates editor names.

package/dist/services/mcp.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/services/mcp.ts"],"sourcesContent":["import {getGlobalCliClient, subdebug} from '@sanity/cli-core'\nimport {createRequester, type Requester} from '@sanity/cli-core/request'\n\nexport const MCP_API_VERSION = '2025-12-09'\nexport const MCP_SERVER_URL = 'https://mcp.sanity.io'\nexport const MCP_JOURNEY_API_VERSION = 'v2024-02-23'\n\nconst debug = subdebug('mcp:service')\n\nlet mcpRequester: Requester | undefined\n\nfunction getMCPRequester(): Requester {\n  if (!mcpRequester) {\n    mcpRequester = createRequester({\n      middleware: {httpErrors: false, promise: {onlyBody: false}},\n    })\n  }\n  return mcpRequester\n}\n\ninterface PostInitPromptResponse {\n  message?: string\n}\n\n/**\n * Create a child token for MCP usage\n * This token is tied to the parent CLI token and will be invalidated\n * when the parent token is invalidated (e.g., on logout)\n *\n * @returns The MCP token string\n * @internal\n */\nexport async function createMCPToken(): Promise<string> {\n  const client = await getGlobalCliClient({\n    apiVersion: MCP_API_VERSION,\n    requireUser: true,\n  })\n\n  const sessionResponse = await client.request<{id: string; sid: string}>({\n    body: {\n      sourceId: 'sanity-mcp',\n      withStamp: false,\n    },\n    method: 'POST',\n    uri: '/auth/session/create',\n  })\n\n  const tokenResponse = await client.request<{label: string; token: string}>({\n    method: 'GET',\n    query: {sid: sessionResponse.sid},\n    uri: '/auth/fetch',\n  })\n\n  return tokenResponse.token\n}\n\n/**\n * Validate an MCP token against the MCP server.\n *\n * MCP tokens are scoped to mcp.sanity.io and are not valid against\n * api.sanity.io, so we validate against the MCP server itself.\n *\n * Sends a minimal POST with just the Authorization header — the server\n * checks auth before content negotiation, so a valid token gets 406\n * (missing Accept header) while an invalid token gets 401. This avoids\n * the cost of a full initialize handshake.\n *\n * @internal\n */\nexport async function validateMCPToken(token: string): Promise<boolean> {\n  const request = getMCPRequester()\n\n  // Use a 2500ms timeout — long enough for VPN/proxy/distant-region latency,\n  // short enough to not stall the init flow. If the request times out or the\n  // server returns an unexpected status, we assume the token is valid rather\n  // than falsely marking it as expired (see below).\n  const res = await request({\n    body: '{}',\n    headers: {\n      Authorization: `Bearer ${token}`,\n      'Content-Type': 'application/json',\n    },\n    method: 'POST',\n    timeout: 2500,\n    url: MCP_SERVER_URL,\n  })\n\n  // 401/403 are the only responses that definitively mean \"bad token\".\n  // Everything else (406 = valid, 5xx = server issue, 2xx = unexpected)\n  // is treated as \"assume valid\" — we'd rather skip a re-auth prompt\n  // than force users to re-configure because of a transient server error.\n  if (res.statusCode === 401 || res.statusCode === 403) {\n    debug('MCP token validation failed with %d', res.statusCode)\n    return false\n  }\n\n  return true\n}\n\n/**\n * Fetches the post-init MCP prompt from the Journey API and interpolates editor names.\n * Falls back to a hardcoded default if the API call fails, times out, or returns empty.\n * Text wrapped in **markers** will be formatted with cyan color.\n */\nexport async function getPostInitPrompt() {\n  const client = await getGlobalCliClient({apiVersion: MCP_JOURNEY_API_VERSION, requireUser: false})\n  return await client.request<PostInitPromptResponse | null>({\n    method: 'GET',\n    timeout: 1000,\n    uri: '/journey/mcp/post-init-prompt',\n  })\n}\n"],"names":["getGlobalCliClient","subdebug","createRequester","MCP_API_VERSION","MCP_SERVER_URL","MCP_JOURNEY_API_VERSION","debug","mcpRequester","getMCPRequester","middleware","httpErrors","promise","onlyBody","createMCPToken","client","apiVersion","requireUser","sessionResponse","request","body","sourceId","withStamp","method","uri","tokenResponse","query","sid","token","validateMCPToken","res","headers","Authorization","timeout","url","statusCode","getPostInitPrompt"],"mappings":"AAAA,SAAQA,kBAAkB,EAAEC,QAAQ,QAAO,mBAAkB;AAC7D,SAAQC,eAAe,QAAuB,2BAA0B;AAExE,OAAO,MAAMC,kBAAkB,aAAY;AAC3C,OAAO,MAAMC,iBAAiB,wBAAuB;AACrD,OAAO,MAAMC,0BAA0B,cAAa;AAEpD,MAAMC,QAAQL,SAAS;AAEvB,IAAIM;AAEJ,SAASC;IACP,IAAI,CAACD,cAAc;QACjBA,eAAeL,gBAAgB;YAC7BO,YAAY;gBAACC,YAAY;gBAAOC,SAAS;oBAACC,UAAU;gBAAK;YAAC;QAC5D;IACF;IACA,OAAOL;AACT;AAMA;;;;;;;CAOC,GACD,OAAO,eAAeM;IACpB,MAAMC,SAAS,MAAMd,mBAAmB;QACtCe,YAAYZ;QACZa,aAAa;IACf;IAEA,MAAMC,kBAAkB,MAAMH,OAAOI,OAAO,CAA4B;QACtEC,MAAM;YACJC,UAAU;YACVC,WAAW;QACb;QACAC,QAAQ;QACRC,KAAK;IACP;IAEA,MAAMC,gBAAgB,MAAMV,OAAOI,OAAO,CAAiC;QACzEI,QAAQ;QACRG,OAAO;YAACC,KAAKT,gBAAgBS,GAAG;QAAA;QAChCH,KAAK;IACP;IAEA,OAAOC,cAAcG,KAAK;AAC5B;AAEA;;;;;;;;;;;;CAYC,GACD,OAAO,eAAeC,iBAAiBD,KAAa;IAClD,MAAMT,UAAUV;IAEhB,2EAA2E;IAC3E,2EAA2E;IAC3E,2EAA2E;IAC3E,kDAAkD;IAClD,MAAMqB,MAAM,MAAMX,QAAQ;QACxBC,MAAM;QACNW,SAAS;YACPC,eAAe,CAAC,OAAO,EAAEJ,OAAO;YAChC,gBAAgB;QAClB;QACAL,QAAQ;QACRU,SAAS;QACTC,KAAK7B;IACP;IAEA,qEAAqE;IACrE,sEAAsE;IACtE,mEAAmE;IACnE,wEAAwE;IACxE,IAAIyB,IAAIK,UAAU,KAAK,OAAOL,IAAIK,UAAU,KAAK,KAAK;QACpD5B,MAAM,uCAAuCuB,IAAIK,UAAU;QAC3D,OAAO;IACT;IAEA,OAAO;AACT;AAEA;;;;CAIC,GACD,OAAO,eAAeC;IACpB,MAAMrB,SAAS,MAAMd,mBAAmB;QAACe,YAAYV;QAAyBW,aAAa;IAAK;IAChG,OAAO,MAAMF,OAAOI,OAAO,CAAgC;QACzDI,QAAQ;QACRU,SAAS;QACTT,KAAK;IACP;AACF"}
+{"version":3,"sources":["../../src/services/mcp.ts"],"sourcesContent":["import {getGlobalCliClient, subdebug} from '@sanity/cli-core'\nimport {isHttpError} from '@sanity/client'\n\nexport const MCP_API_VERSION = '2025-12-09'\nexport const MCP_SERVER_URL = 'https://mcp.sanity.io'\nexport const MCP_JOURNEY_API_VERSION = 'v2024-02-23'\n\nconst debug = subdebug('mcp:service')\n\ninterface PostInitPromptResponse {\n  message?: string\n}\n\n/**\n * Create a child token for MCP usage\n * This token is tied to the parent CLI token and will be invalidated\n * when the parent token is invalidated (e.g., on logout)\n *\n * @returns The MCP token string\n * @internal\n */\nexport async function createMCPToken(): Promise<string> {\n  const client = await getGlobalCliClient({\n    apiVersion: MCP_API_VERSION,\n    requireUser: true,\n  })\n\n  const sessionResponse = await client.request<{id: string; sid: string}>({\n    body: {\n      sourceId: 'sanity-mcp',\n      withStamp: false,\n    },\n    method: 'POST',\n    uri: '/auth/session/create',\n  })\n\n  const tokenResponse = await client.request<{label: string; token: string}>({\n    method: 'GET',\n    query: {sid: sessionResponse.sid},\n    uri: '/auth/fetch',\n  })\n\n  return tokenResponse.token\n}\n\n/**\n * Validate an MCP token by checking it against the Sanity API.\n *\n * MCP tokens are standard Sanity session tokens (`sk…`), so we validate\n * by calling `/users/me` on `api.sanity.io`. A 200 means the token is\n * alive; a 401/403 means it is dead and the caller should prompt for\n * re-configuration.\n *\n * Transient errors (5xx, network failures, timeouts) are rethrown so the\n * caller can decide how to handle them — typically by assuming the token\n * is still valid rather than falsely marking it as expired.\n *\n * We intentionally do NOT probe `mcp.sanity.io` because the MCP server\n * lets invalid bearer tokens through for protocol-compatibility reasons,\n * which causes the CLI to falsely treat dead tokens as valid.\n *\n * @internal\n */\nexport async function validateMCPToken(token: string): Promise<boolean> {\n  const client = await getGlobalCliClient({\n    apiVersion: MCP_API_VERSION,\n    requireUser: false,\n    token,\n  })\n\n  try {\n    await client.request({timeout: 2500, uri: '/users/me'})\n    return true\n  } catch (err) {\n    // 401/403 definitively mean \"dead token\"\n    if (isHttpError(err) && (err.statusCode === 401 || err.statusCode === 403)) {\n      debug('MCP token validation failed with %d', err.statusCode)\n      return false\n    }\n\n    // Everything else (5xx, network errors, timeouts) is rethrown so the\n    // caller can decide — typically assumes valid rather than forcing re-auth.\n    throw err\n  }\n}\n\n/**\n * Fetches the post-init MCP prompt from the Journey API and interpolates editor names.\n * Falls back to a hardcoded default if the API call fails, times out, or returns empty.\n * Text wrapped in **markers** will be formatted with cyan color.\n */\nexport async function getPostInitPrompt() {\n  const client = await getGlobalCliClient({apiVersion: MCP_JOURNEY_API_VERSION, requireUser: false})\n  return await client.request<PostInitPromptResponse | null>({\n    method: 'GET',\n    timeout: 1000,\n    uri: '/journey/mcp/post-init-prompt',\n  })\n}\n"],"names":["getGlobalCliClient","subdebug","isHttpError","MCP_API_VERSION","MCP_SERVER_URL","MCP_JOURNEY_API_VERSION","debug","createMCPToken","client","apiVersion","requireUser","sessionResponse","request","body","sourceId","withStamp","method","uri","tokenResponse","query","sid","token","validateMCPToken","timeout","err","statusCode","getPostInitPrompt"],"mappings":"AAAA,SAAQA,kBAAkB,EAAEC,QAAQ,QAAO,mBAAkB;AAC7D,SAAQC,WAAW,QAAO,iBAAgB;AAE1C,OAAO,MAAMC,kBAAkB,aAAY;AAC3C,OAAO,MAAMC,iBAAiB,wBAAuB;AACrD,OAAO,MAAMC,0BAA0B,cAAa;AAEpD,MAAMC,QAAQL,SAAS;AAMvB;;;;;;;CAOC,GACD,OAAO,eAAeM;IACpB,MAAMC,SAAS,MAAMR,mBAAmB;QACtCS,YAAYN;QACZO,aAAa;IACf;IAEA,MAAMC,kBAAkB,MAAMH,OAAOI,OAAO,CAA4B;QACtEC,MAAM;YACJC,UAAU;YACVC,WAAW;QACb;QACAC,QAAQ;QACRC,KAAK;IACP;IAEA,MAAMC,gBAAgB,MAAMV,OAAOI,OAAO,CAAiC;QACzEI,QAAQ;QACRG,OAAO;YAACC,KAAKT,gBAAgBS,GAAG;QAAA;QAChCH,KAAK;IACP;IAEA,OAAOC,cAAcG,KAAK;AAC5B;AAEA;;;;;;;;;;;;;;;;;CAiBC,GACD,OAAO,eAAeC,iBAAiBD,KAAa;IAClD,MAAMb,SAAS,MAAMR,mBAAmB;QACtCS,YAAYN;QACZO,aAAa;QACbW;IACF;IAEA,IAAI;QACF,MAAMb,OAAOI,OAAO,CAAC;YAACW,SAAS;YAAMN,KAAK;QAAW;QACrD,OAAO;IACT,EAAE,OAAOO,KAAK;QACZ,yCAAyC;QACzC,IAAItB,YAAYsB,QAASA,CAAAA,IAAIC,UAAU,KAAK,OAAOD,IAAIC,UAAU,KAAK,GAAE,GAAI;YAC1EnB,MAAM,uCAAuCkB,IAAIC,UAAU;YAC3D,OAAO;QACT;QAEA,qEAAqE;QACrE,2EAA2E;QAC3E,MAAMD;IACR;AACF;AAEA;;;;CAIC,GACD,OAAO,eAAeE;IACpB,MAAMlB,SAAS,MAAMR,mBAAmB;QAACS,YAAYJ;QAAyBK,aAAa;IAAK;IAChG,OAAO,MAAMF,OAAOI,OAAO,CAAgC;QACzDI,QAAQ;QACRO,SAAS;QACTN,KAAK;IACP;AACF"}

package/dist/topicAliases.js

@@ -0,0 +1,51 @@
+/**
+ * Topic Alias Configuration
+ *
+ * Maps canonical topic names to their aliases. Used by:
+ * - The command_not_found hook (runtime alias resolution)
+ * - The check-topic-aliases script (build-time validation)
+ *
+ * Every topic with aliases must be listed here. The key is the canonical
+ * topic name (the actual directory under commands/), and values are
+ * alternative names that should resolve to it.
+ *
+ * Convention: prefer plural canonical names with singular aliases.
+ *   datasets: ['dataset']     - "sanity dataset create" works
+ *   cors: []                  - no alias needed (no natural singular/plural pair)
+ *
+ * While the config technically supports any direction, keeping it consistent
+ * (plural to singular) makes the CLI predictable for users.
+ */ export const topicAliases = {
+    backups: [
+        'backup'
+    ],
+    blueprints: [
+        'blueprint'
+    ],
+    datasets: [
+        'dataset'
+    ],
+    documents: [
+        'document'
+    ],
+    functions: [
+        'function'
+    ],
+    hooks: [
+        'hook'
+    ],
+    projects: [
+        'project'
+    ],
+    schemas: [
+        'schema'
+    ],
+    tokens: [
+        'token'
+    ],
+    users: [
+        'user'
+    ]
+};
+
+//# sourceMappingURL=topicAliases.js.map

package/dist/topicAliases.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/topicAliases.ts"],"sourcesContent":["/**\n * Topic Alias Configuration\n *\n * Maps canonical topic names to their aliases. Used by:\n * - The command_not_found hook (runtime alias resolution)\n * - The check-topic-aliases script (build-time validation)\n *\n * Every topic with aliases must be listed here. The key is the canonical\n * topic name (the actual directory under commands/), and values are\n * alternative names that should resolve to it.\n *\n * Convention: prefer plural canonical names with singular aliases.\n *   datasets: ['dataset']     - \"sanity dataset create\" works\n *   cors: []                  - no alias needed (no natural singular/plural pair)\n *\n * While the config technically supports any direction, keeping it consistent\n * (plural to singular) makes the CLI predictable for users.\n */\nexport const topicAliases: Record<string, string[]> = {\n  backups: ['backup'],\n  blueprints: ['blueprint'],\n  datasets: ['dataset'],\n  documents: ['document'],\n  functions: ['function'],\n  hooks: ['hook'],\n  projects: ['project'],\n  schemas: ['schema'],\n  tokens: ['token'],\n  users: ['user'],\n}\n"],"names":["topicAliases","backups","blueprints","datasets","documents","functions","hooks","projects","schemas","tokens","users"],"mappings":"AAAA;;;;;;;;;;;;;;;;;CAiBC,GACD,OAAO,MAAMA,eAAyC;IACpDC,SAAS;QAAC;KAAS;IACnBC,YAAY;QAAC;KAAY;IACzBC,UAAU;QAAC;KAAU;IACrBC,WAAW;QAAC;KAAW;IACvBC,WAAW;QAAC;KAAW;IACvBC,OAAO;QAAC;KAAO;IACfC,UAAU;QAAC;KAAU;IACrBC,SAAS;QAAC;KAAS;IACnBC,QAAQ;QAAC;KAAQ;IACjBC,OAAO;QAAC;KAAO;AACjB,EAAC"}

package/oclif.config.js

@@ -4,6 +4,7 @@ export default {
   dirname: 'sanity',
   helpClass: './dist/SanityHelp',
   hooks: {
+    command_not_found: ['./dist/hooks/commandNotFound/topicAliases.js'],
     init: ['./dist/hooks/init/checkForUpdates.js'],
     prerun: [
       './dist/hooks/prerun/injectEnvVariables.js',
@@ -11,12 +12,24 @@ export default {
       './dist/hooks/prerun/warnings.js',
     ],
   },
-  plugins: [
-    '@oclif/plugin-help',
-    '@oclif/plugin-not-found',
-    '@sanity/runtime-cli',
-    '@sanity/migrate',
-    '@sanity/codegen',
-  ],
+  plugins: ['@oclif/plugin-help', '@sanity/runtime-cli', '@sanity/migrate', '@sanity/codegen'],
+  topics: {
+    backups: {description: 'Manage dataset backups'},
+    cors: {description: 'Manage CORS origins for your project'},
+    datasets: {description: 'Manage datasets in your project'},
+    docs: {description: 'Browse and search Sanity documentation'},
+    documents: {description: 'Manage documents in a dataset'},
+    graphql: {description: 'Manage GraphQL APIs for your project'},
+    hooks: {description: 'Manage webhooks for your project'},
+    manifest: {description: 'Extract studio configuration as JSON manifests'},
+    mcp: {description: 'Configure Sanity MCP server for AI editors'},
+    media: {description: 'Manage media assets and aspect definitions'},
+    openapi: {description: 'Manage OpenAPI specifications'},
+    projects: {description: 'Manage Sanity projects'},
+    schemas: {description: 'Manage and validate schemas'},
+    telemetry: {description: 'Manage telemetry consent'},
+    tokens: {description: 'Manage API tokens for your project'},
+    users: {description: 'Manage project users and invitations'},
+  },
   topicSeparator: ' ',
 }