@scupit/mcp-ecosystem 0.1.0

package/dist/auth0/index.d.ts

@@ -0,0 +1,3 @@
+export { Auth0ManagementClient, Auth0ApiError, } from "./management-client.js";
+export type { Auth0ManagementClientOptions } from "./management-client.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth0/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth0/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,4BAA4B,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/auth0/index.js

@@ -0,0 +1,2 @@
+export { Auth0ManagementClient, Auth0ApiError, } from "./management-client.js";
+//# sourceMappingURL=index.js.map

package/dist/auth0/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth0/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,aAAa,GACd,MAAM,wBAAwB,CAAC"}

package/dist/auth0/management-client.d.ts

@@ -0,0 +1,78 @@
+import type { Auth0Application, Auth0Api, Auth0ApiScope, Auth0ClientGrant, Auth0TenantSettings } from "../types/index.js";
+export interface Auth0ManagementClientOptions {
+    tenantDomain: string;
+    managementAudience: string;
+    clientId: string;
+    clientSecret: string;
+}
+export declare class Auth0ManagementClient {
+    private readonly baseUrl;
+    private readonly tokenUrl;
+    private readonly audience;
+    private readonly clientId;
+    private readonly clientSecret;
+    private accessToken;
+    constructor(options: Auth0ManagementClientOptions);
+    authenticate(): Promise<void>;
+    private request;
+    getTenantSettings(): Promise<Auth0TenantSettings>;
+    patchTenantSettings(patch: Partial<Auth0TenantSettings>): Promise<Auth0TenantSettings>;
+    listApplications(params?: {
+        page?: number;
+        per_page?: number;
+        include_totals?: boolean;
+    }): Promise<Auth0Application[]>;
+    getApplication(clientId: string): Promise<Auth0Application>;
+    findApplicationByMetadata(metadataKey: string, metadataValue: string): Promise<Auth0Application | null>;
+    createApplication(payload: Partial<Auth0Application> & {
+        name: string;
+        app_type: string;
+    }): Promise<Auth0Application>;
+    updateApplication(clientId: string, payload: Partial<Auth0Application>): Promise<Auth0Application>;
+    listApis(params?: {
+        page?: number;
+        per_page?: number;
+    }): Promise<Auth0Api[]>;
+    findApiByIdentifier(identifier: string): Promise<Auth0Api | null>;
+    getApi(apiId: string): Promise<Auth0Api>;
+    createApi(payload: {
+        name: string;
+        identifier: string;
+        signing_alg?: string;
+        token_dialect?: string;
+        enforce_policies?: boolean;
+        scopes?: Auth0ApiScope[];
+    }): Promise<Auth0Api>;
+    updateApi(apiId: string, payload: Partial<{
+        name: string;
+        signing_alg: string;
+        token_dialect: string;
+        enforce_policies: boolean;
+        scopes: Auth0ApiScope[];
+    }>): Promise<Auth0Api>;
+    listClientGrants(params?: {
+        audience?: string;
+        client_id?: string;
+        page?: number;
+        per_page?: number;
+    }): Promise<Auth0ClientGrant[]>;
+    findClientGrant(clientId: string, audience: string, subjectType?: string): Promise<Auth0ClientGrant | null>;
+    createClientGrant(payload: {
+        client_id: string;
+        audience: string;
+        scope: string[];
+        subject_type?: string;
+    }): Promise<Auth0ClientGrant>;
+    updateClientGrant(grantId: string, payload: {
+        scope: string[];
+    }): Promise<Auth0ClientGrant>;
+    deleteClientGrant(grantId: string): Promise<void>;
+}
+export declare class Auth0ApiError extends Error {
+    readonly method: string;
+    readonly path: string;
+    readonly statusCode: number;
+    readonly responseBody: string;
+    constructor(method: string, path: string, statusCode: number, responseBody: string);
+}
+//# sourceMappingURL=management-client.d.ts.map

package/dist/auth0/management-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"management-client.d.ts","sourceRoot":"","sources":["../../src/auth0/management-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,QAAQ,EACR,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAE3B,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,WAAW,CAAuB;gBAE9B,OAAO,EAAE,4BAA4B;IAQ3C,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;YAuBrB,OAAO;IAmCf,iBAAiB,IAAI,OAAO,CAAC,mBAAmB,CAAC;IAIjD,mBAAmB,CACvB,KAAK,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAClC,OAAO,CAAC,mBAAmB,CAAC;IAUzB,gBAAgB,CAAC,MAAM,CAAC,EAAE;QAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAczB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAI3D,yBAAyB,CAC7B,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAgB7B,iBAAiB,CACrB,OAAO,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GACtE,OAAO,CAAC,gBAAgB,CAAC;IAItB,iBAAiB,CACrB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,OAAO,CAAC,gBAAgB,CAAC,GACjC,OAAO,CAAC,gBAAgB,CAAC;IAUtB,QAAQ,CAAC,MAAM,CAAC,EAAE;QACtB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAYjB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAcjE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIxC,SAAS,CAAC,OAAO,EAAE;QACvB,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,MAAM,CAAC,EAAE,aAAa,EAAE,CAAC;KAC1B,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIf,SAAS,CACb,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,OAAO,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,MAAM,EAAE,aAAa,EAAE,CAAC;KACzB,CAAC,GACD,OAAO,CAAC,QAAQ,CAAC;IAUd,gBAAgB,CAAC,MAAM,CAAC,EAAE;QAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAczB,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAY7B,iBAAiB,CAAC,OAAO,EAAE;QAC/B,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAIvB,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,GAC3B,OAAO,CAAC,gBAAgB,CAAC;IAQtB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGxD;AAED,qBAAa,aAAc,SAAQ,KAAK;aAEpB,MAAM,EAAE,MAAM;aACd,IAAI,EAAE,MAAM;aACZ,UAAU,EAAE,MAAM;aAClB,YAAY,EAAE,MAAM;gBAHpB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM;CAOvC"}

package/dist/auth0/management-client.js

@@ -0,0 +1,183 @@
+export class Auth0ManagementClient {
+    baseUrl;
+    tokenUrl;
+    audience;
+    clientId;
+    clientSecret;
+    accessToken = null;
+    constructor(options) {
+        this.baseUrl = `https://${options.tenantDomain}/api/v2`;
+        this.tokenUrl = `https://${options.tenantDomain}/oauth/token`;
+        this.audience = options.managementAudience;
+        this.clientId = options.clientId;
+        this.clientSecret = options.clientSecret;
+    }
+    async authenticate() {
+        const response = await fetch(this.tokenUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                grant_type: "client_credentials",
+                client_id: this.clientId,
+                client_secret: this.clientSecret,
+                audience: this.audience,
+            }),
+        });
+        if (!response.ok) {
+            const body = await response.text();
+            throw new Error(`Failed to obtain Management API token (${response.status}): ${body}`);
+        }
+        const data = (await response.json());
+        this.accessToken = data.access_token;
+    }
+    async request(method, path, body) {
+        if (!this.accessToken) {
+            throw new Error("Not authenticated. Call authenticate() before making API requests.");
+        }
+        const url = `${this.baseUrl}${path}`;
+        const headers = {
+            Authorization: `Bearer ${this.accessToken}`,
+            "Content-Type": "application/json",
+        };
+        const response = await fetch(url, {
+            method,
+            headers,
+            body: body ? JSON.stringify(body) : undefined,
+        });
+        if (!response.ok) {
+            const responseBody = await response.text();
+            throw new Auth0ApiError(method, path, response.status, responseBody);
+        }
+        if (response.status === 204)
+            return undefined;
+        return response.json();
+    }
+    // ── Tenant Settings ──
+    async getTenantSettings() {
+        return this.request("GET", "/tenants/settings");
+    }
+    async patchTenantSettings(patch) {
+        return this.request("PATCH", "/tenants/settings", patch);
+    }
+    // ── Applications (Clients) ──
+    async listApplications(params) {
+        const query = new URLSearchParams();
+        if (params?.page !== undefined)
+            query.set("page", String(params.page));
+        if (params?.per_page !== undefined)
+            query.set("per_page", String(params.per_page));
+        if (params?.include_totals !== undefined)
+            query.set("include_totals", String(params.include_totals));
+        const qs = query.toString();
+        return this.request("GET", `/clients${qs ? `?${qs}` : ""}`);
+    }
+    async getApplication(clientId) {
+        return this.request("GET", `/clients/${clientId}`);
+    }
+    async findApplicationByMetadata(metadataKey, metadataValue) {
+        let page = 0;
+        const perPage = 100;
+        while (true) {
+            const apps = await this.listApplications({ page, per_page: perPage });
+            for (const app of apps) {
+                if (app.client_metadata?.[metadataKey] === metadataValue) {
+                    return app;
+                }
+            }
+            if (apps.length < perPage)
+                break;
+            page++;
+        }
+        return null;
+    }
+    async createApplication(payload) {
+        return this.request("POST", "/clients", payload);
+    }
+    async updateApplication(clientId, payload) {
+        return this.request("PATCH", `/clients/${clientId}`, payload);
+    }
+    // ── Resource Servers (APIs) ──
+    async listApis(params) {
+        const query = new URLSearchParams();
+        if (params?.page !== undefined)
+            query.set("page", String(params.page));
+        if (params?.per_page !== undefined)
+            query.set("per_page", String(params.per_page));
+        const qs = query.toString();
+        return this.request("GET", `/resource-servers${qs ? `?${qs}` : ""}`);
+    }
+    async findApiByIdentifier(identifier) {
+        let page = 0;
+        const perPage = 100;
+        while (true) {
+            const apis = await this.listApis({ page, per_page: perPage });
+            for (const api of apis) {
+                if (api.identifier === identifier)
+                    return api;
+            }
+            if (apis.length < perPage)
+                break;
+            page++;
+        }
+        return null;
+    }
+    async getApi(apiId) {
+        return this.request("GET", `/resource-servers/${apiId}`);
+    }
+    async createApi(payload) {
+        return this.request("POST", "/resource-servers", payload);
+    }
+    async updateApi(apiId, payload) {
+        return this.request("PATCH", `/resource-servers/${apiId}`, payload);
+    }
+    // ── Client Grants ──
+    async listClientGrants(params) {
+        const query = new URLSearchParams();
+        if (params?.audience)
+            query.set("audience", params.audience);
+        if (params?.client_id)
+            query.set("client_id", params.client_id);
+        if (params?.page !== undefined)
+            query.set("page", String(params.page));
+        if (params?.per_page !== undefined)
+            query.set("per_page", String(params.per_page));
+        const qs = query.toString();
+        return this.request("GET", `/client-grants${qs ? `?${qs}` : ""}`);
+    }
+    async findClientGrant(clientId, audience, subjectType) {
+        const grants = await this.listClientGrants({
+            client_id: clientId,
+            audience,
+        });
+        for (const grant of grants) {
+            if (subjectType && grant.subject_type !== subjectType)
+                continue;
+            return grant;
+        }
+        return null;
+    }
+    async createClientGrant(payload) {
+        return this.request("POST", "/client-grants", payload);
+    }
+    async updateClientGrant(grantId, payload) {
+        return this.request("PATCH", `/client-grants/${grantId}`, payload);
+    }
+    async deleteClientGrant(grantId) {
+        await this.request("DELETE", `/client-grants/${grantId}`);
+    }
+}
+export class Auth0ApiError extends Error {
+    method;
+    path;
+    statusCode;
+    responseBody;
+    constructor(method, path, statusCode, responseBody) {
+        super(`Auth0 API error: ${method} ${path} returned ${statusCode}: ${responseBody}`);
+        this.method = method;
+        this.path = path;
+        this.statusCode = statusCode;
+        this.responseBody = responseBody;
+        this.name = "Auth0ApiError";
+    }
+}
+//# sourceMappingURL=management-client.js.map

package/dist/auth0/management-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"management-client.js","sourceRoot":"","sources":["../../src/auth0/management-client.ts"],"names":[],"mappings":"AAeA,MAAM,OAAO,qBAAqB;IACf,OAAO,CAAS;IAChB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IACjB,YAAY,CAAS;IAC9B,WAAW,GAAkB,IAAI,CAAC;IAE1C,YAAY,OAAqC;QAC/C,IAAI,CAAC,OAAO,GAAG,WAAW,OAAO,CAAC,YAAY,SAAS,CAAC;QACxD,IAAI,CAAC,QAAQ,GAAG,WAAW,OAAO,CAAC,YAAY,cAAc,CAAC;QAC9D,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC;QAC3C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;gBAChC,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACxB,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,0CAA0C,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACtE,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA6B,CAAC;QACjE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,MAAc,EACd,IAAY,EACZ,IAAc;QAEd,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QACrC,MAAM,OAAO,GAA2B;YACtC,aAAa,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;YAC3C,cAAc,EAAE,kBAAkB;SACnC,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM;YACN,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SAC9C,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,IAAI,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,SAAc,CAAC;QAEnD,OAAO,QAAQ,CAAC,IAAI,EAAgB,CAAC;IACvC,CAAC;IAED,wBAAwB;IAExB,KAAK,CAAC,iBAAiB;QACrB,OAAO,IAAI,CAAC,OAAO,CAAsB,KAAK,EAAE,mBAAmB,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,KAAmC;QAEnC,OAAO,IAAI,CAAC,OAAO,CACjB,OAAO,EACP,mBAAmB,EACnB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,+BAA+B;IAE/B,KAAK,CAAC,gBAAgB,CAAC,MAItB;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,IAAI,KAAK,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QACvE,IAAI,MAAM,EAAE,QAAQ,KAAK,SAAS;YAChC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,IAAI,MAAM,EAAE,cAAc,KAAK,SAAS;YACtC,KAAK,CAAC,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QAC7D,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAChC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB;QACnC,OAAO,IAAI,CAAC,OAAO,CAAmB,KAAK,EAAE,YAAY,QAAQ,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,yBAAyB,CAC7B,WAAmB,EACnB,aAAqB;QAErB,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,CAAC;QACpB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACtE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC,WAAW,CAAC,KAAK,aAAa,EAAE,CAAC;oBACzD,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,GAAG,OAAO;gBAAE,MAAM;YACjC,IAAI,EAAE,CAAC;QACT,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAAuE;QAEvE,OAAO,IAAI,CAAC,OAAO,CAAmB,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,QAAgB,EAChB,OAAkC;QAElC,OAAO,IAAI,CAAC,OAAO,CACjB,OAAO,EACP,YAAY,QAAQ,EAAE,EACtB,OAAO,CACR,CAAC;IACJ,CAAC;IAED,gCAAgC;IAEhC,KAAK,CAAC,QAAQ,CAAC,MAGd;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,IAAI,KAAK,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QACvE,IAAI,MAAM,EAAE,QAAQ,KAAK,SAAS;YAChC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,oBAAoB,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,UAAkB;QAC1C,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,CAAC;QACpB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9D,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,IAAI,GAAG,CAAC,UAAU,KAAK,UAAU;oBAAE,OAAO,GAAG,CAAC;YAChD,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,GAAG,OAAO;gBAAE,MAAM;YACjC,IAAI,EAAE,CAAC;QACT,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,OAAO,IAAI,CAAC,OAAO,CAAW,KAAK,EAAE,qBAAqB,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAOf;QACC,OAAO,IAAI,CAAC,OAAO,CAAW,MAAM,EAAE,mBAAmB,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,SAAS,CACb,KAAa,EACb,OAME;QAEF,OAAO,IAAI,CAAC,OAAO,CACjB,OAAO,EACP,qBAAqB,KAAK,EAAE,EAC5B,OAAO,CACR,CAAC;IACJ,CAAC;IAED,sBAAsB;IAEtB,KAAK,CAAC,gBAAgB,CAAC,MAKtB;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,QAAQ;YAAE,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC7D,IAAI,MAAM,EAAE,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,MAAM,EAAE,IAAI,KAAK,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QACvE,IAAI,MAAM,EAAE,QAAQ,KAAK,SAAS;YAChC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,iBAAiB,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACtC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,QAAgB,EAChB,WAAoB;QAEpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC;YACzC,SAAS,EAAE,QAAQ;YACnB,QAAQ;SACT,CAAC,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,WAAW,IAAI,KAAK,CAAC,YAAY,KAAK,WAAW;gBAAE,SAAS;YAChE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAKvB;QACC,OAAO,IAAI,CAAC,OAAO,CAAmB,MAAM,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAAe,EACf,OAA4B;QAE5B,OAAO,IAAI,CAAC,OAAO,CACjB,OAAO,EACP,kBAAkB,OAAO,EAAE,EAC3B,OAAO,CACR,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAe;QACrC,MAAM,IAAI,CAAC,OAAO,CAAO,QAAQ,EAAE,kBAAkB,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,KAAK;IAEpB;IACA;IACA;IACA;IAJlB,YACkB,MAAc,EACd,IAAY,EACZ,UAAkB,EAClB,YAAoB;QAEpC,KAAK,CACH,oBAAoB,MAAM,IAAI,IAAI,aAAa,UAAU,KAAK,YAAY,EAAE,CAC7E,CAAC;QAPc,WAAM,GAAN,MAAM,CAAQ;QACd,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAQ;QAClB,iBAAY,GAAZ,YAAY,CAAQ;QAKpC,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,150 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { resolve } from "node:path";
+import { loadAllConfig } from "./config/index.js";
+import { createLazyAuth0Context, logger, setVerbose } from "./utils/index.js";
+import { verifyTenant, reconcileClient, reconcileServer, reconcileAll, addScope, grantClient, generateArtifacts, } from "./commands/index.js";
+const program = new Command();
+program
+    .name("mcp-ecosystem")
+    .description("Provisioning and runtime tooling for a personal MCP ecosystem backed by Auth0")
+    .version("0.1.0")
+    .option("-d, --dir <path>", "Root directory of the ecosystem", ".")
+    .option("--dry-run", "Preview changes without modifying Auth0 or local files", false)
+    .option("--verbose", "Enable verbose/debug output", false)
+    .option("--json", "Output results as JSON", false);
+async function buildContext(opts) {
+    if (opts.verbose)
+        setVerbose(true);
+    const rootDir = resolve(opts.dir);
+    logger.debug(`Root directory: ${rootDir}`);
+    logger.info("Loading ecosystem configuration...");
+    const config = await loadAllConfig(rootDir);
+    logger.success(`Loaded: ${config.clientConfigs.size} client(s), ${config.serverConfigs.size} server(s), ${config.clientDescriptors.size} descriptor(s)`);
+    const lazy = createLazyAuth0Context(config.ecosystem);
+    return {
+        rootDir,
+        config,
+        get auth0() {
+            return lazy.auth0;
+        },
+        dryRun: opts.dryRun,
+    };
+}
+function output(json, data) {
+    if (json) {
+        console.log(JSON.stringify(data, null, 2));
+    }
+}
+program
+    .command("verify-tenant")
+    .description("Verify Auth0 tenant prerequisites for MCP compatibility")
+    .action(async () => {
+    const opts = program.opts();
+    try {
+        const ctx = await buildContext(opts);
+        await ctx.auth0.authenticate();
+        const result = await verifyTenant(ctx);
+        output(opts.json, result);
+    }
+    catch (err) {
+        logger.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
+program
+    .command("reconcile-client <client-key>")
+    .description("Create or reuse an Auth0 Application for a specific client")
+    .action(async (clientKey) => {
+    const opts = program.opts();
+    try {
+        const ctx = await buildContext(opts);
+        await ctx.auth0.authenticate();
+        const result = await reconcileClient(ctx, clientKey);
+        output(opts.json, result);
+    }
+    catch (err) {
+        logger.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
+program
+    .command("reconcile-server <server-slug>")
+    .description("Reconcile Auth0 API, scopes, access policy, and grants for an MCP server")
+    .action(async (serverSlug) => {
+    const opts = program.opts();
+    try {
+        const ctx = await buildContext(opts);
+        await ctx.auth0.authenticate();
+        const result = await reconcileServer(ctx, serverSlug);
+        output(opts.json, result);
+    }
+    catch (err) {
+        logger.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
+program
+    .command("reconcile-all")
+    .description("Full ecosystem reconciliation: tenant, clients, servers, grants")
+    .action(async () => {
+    const opts = program.opts();
+    try {
+        const ctx = await buildContext(opts);
+        const result = await reconcileAll(ctx);
+        output(opts.json, result);
+    }
+    catch (err) {
+        logger.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
+program
+    .command("add-scope <server-slug> <scope>")
+    .description("Add a scope to a server and reconcile it into Auth0")
+    .action(async (serverSlug, scope) => {
+    const opts = program.opts();
+    try {
+        const ctx = await buildContext(opts);
+        await ctx.auth0.authenticate();
+        const result = await addScope(ctx, serverSlug, scope);
+        output(opts.json, result);
+    }
+    catch (err) {
+        logger.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
+program
+    .command("grant-client <server-slug> <client-key> [scopes...]")
+    .description("Create or update a client grant for a server/client pair")
+    .action(async (serverSlug, clientKey, scopes) => {
+    const opts = program.opts();
+    try {
+        const ctx = await buildContext(opts);
+        await ctx.auth0.authenticate();
+        const result = await grantClient(ctx, serverSlug, clientKey, scopes);
+        output(opts.json, result);
+    }
+    catch (err) {
+        logger.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
+program
+    .command("generate-artifacts")
+    .description("Generate .env.example and per-server runtime config files")
+    .action(async () => {
+    const opts = program.opts();
+    try {
+        const ctx = await buildContext(opts);
+        const result = await generateArtifacts(ctx);
+        output(opts.json, result);
+    }
+    catch (err) {
+        logger.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9E,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAE7B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,eAAe,CAAC;KACrB,WAAW,CACV,+EAA+E,CAChF;KACA,OAAO,CAAC,OAAO,CAAC;KAChB,MAAM,CAAC,kBAAkB,EAAE,iCAAiC,EAAE,GAAG,CAAC;KAClE,MAAM,CAAC,WAAW,EAAE,wDAAwD,EAAE,KAAK,CAAC;KACpF,MAAM,CAAC,WAAW,EAAE,6BAA6B,EAAE,KAAK,CAAC;KACzD,MAAM,CAAC,QAAQ,EAAE,wBAAwB,EAAE,KAAK,CAAC,CAAC;AAErD,KAAK,UAAU,YAAY,CAAC,IAI3B;IACC,IAAI,IAAI,CAAC,OAAO;QAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,CAAC,KAAK,CAAC,mBAAmB,OAAO,EAAE,CAAC,CAAC;IAE3C,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,CAAC,OAAO,CACZ,WAAW,MAAM,CAAC,aAAa,CAAC,IAAI,eAAe,MAAM,CAAC,aAAa,CAAC,IAAI,eAAe,MAAM,CAAC,iBAAiB,CAAC,IAAI,gBAAgB,CACzI,CAAC;IAEF,MAAM,IAAI,GAAG,sBAAsB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEtD,OAAO;QACL,OAAO;QACP,MAAM;QACN,IAAI,KAAK;YACP,OAAO,IAAI,CAAC,KAAK,CAAC;QACpB,CAAC;QACD,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;AACJ,CAAC;AAED,SAAS,MAAM,CAAC,IAAa,EAAE,IAAa;IAC1C,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,yDAAyD,CAAC;KACtE,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,+BAA+B,CAAC;KACxC,WAAW,CAAC,4DAA4D,CAAC;KACzE,MAAM,CAAC,KAAK,EAAE,SAAiB,EAAE,EAAE;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,gCAAgC,CAAC;KACzC,WAAW,CACV,0EAA0E,CAC3E;KACA,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,EAAE;IACnC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,iEAAiE,CAAC;KAC9E,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,iCAAiC,CAAC;KAC1C,WAAW,CAAC,qDAAqD,CAAC;KAClE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,KAAa,EAAE,EAAE;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,qDAAqD,CAAC;KAC9D,WAAW,CAAC,0DAA0D,CAAC;KACvE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,SAAiB,EAAE,MAAgB,EAAE,EAAE;IACxE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QACrE,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,oBAAoB,CAAC;KAC7B,WAAW,CACV,2DAA2D,CAC5D;KACA,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/commands/add-scope.d.ts

@@ -0,0 +1,9 @@
+import type { CommandContext } from "../utils/index.js";
+export interface AddScopeResult {
+    slug: string;
+    scope: string;
+    action: "added" | "already_present" | "dry_run";
+    finalScopes: string[];
+}
+export declare function addScope(ctx: CommandContext, serverSlug: string, scope: string): Promise<AddScopeResult>;
+//# sourceMappingURL=add-scope.d.ts.map

package/dist/commands/add-scope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"add-scope.d.ts","sourceRoot":"","sources":["../../src/commands/add-scope.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAQxD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,GAAG,iBAAiB,GAAG,SAAS,CAAC;IAChD,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,wBAAsB,QAAQ,CAC5B,GAAG,EAAE,cAAc,EACnB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,cAAc,CAAC,CA8DzB"}

package/dist/commands/add-scope.js

@@ -0,0 +1,55 @@
+import { readFile, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { logger } from "../utils/index.js";
+import { deriveCanonicalResourceUri, resolveScopes, } from "../config/index.js";
+export async function addScope(ctx, serverSlug, scope) {
+    const { config, auth0, dryRun, rootDir } = ctx;
+    const serverConfig = config.serverConfigs.get(serverSlug);
+    if (!serverConfig) {
+        throw new Error(`Unknown server slug: "${serverSlug}"`);
+    }
+    const currentScopes = resolveScopes(config.ecosystem, serverConfig);
+    if (currentScopes.includes(scope)) {
+        logger.info(`Scope "${scope}" is already present on server "${serverSlug}".`);
+        return {
+            slug: serverSlug,
+            scope,
+            action: "already_present",
+            finalScopes: currentScopes,
+        };
+    }
+    const newExtraScopes = [...(serverConfig.extra_scopes ?? []), scope];
+    const fullDesiredScopes = [...new Set([...currentScopes, scope])];
+    logger.info(`Adding scope "${scope}" to server "${serverSlug}".`);
+    logger.debug(`  Full scope set: ${fullDesiredScopes.join(", ")}`);
+    if (dryRun) {
+        logger.info("[DRY RUN] Would update local config and Auth0 API scopes.");
+        return { slug: serverSlug, scope, action: "dry_run", finalScopes: fullDesiredScopes };
+    }
+    // Update local config file
+    const serverDir = findServerDir(rootDir, serverSlug, serverConfig);
+    const configPath = join(serverDir, "mcp-configuration.json");
+    const raw = JSON.parse(await readFile(configPath, "utf-8"));
+    raw["extra_scopes"] = newExtraScopes;
+    await writeFile(configPath, JSON.stringify(raw, null, 2) + "\n", "utf-8");
+    logger.success(`  Local config updated: ${configPath}`);
+    // Update Auth0 API scopes (full replacement)
+    const identifier = deriveCanonicalResourceUri(config.ecosystem, serverConfig.slug);
+    const existingApi = await auth0.findApiByIdentifier(identifier);
+    if (existingApi) {
+        const scopePayload = fullDesiredScopes.map((s) => ({
+            value: s,
+            description: `Scope: ${s}`,
+        }));
+        await auth0.updateApi(existingApi.id, { scopes: scopePayload });
+        logger.success("  Auth0 API scopes updated.");
+    }
+    else {
+        logger.warn("  Auth0 API not found for this server. Run reconcile-server to create it.");
+    }
+    return { slug: serverSlug, scope, action: "added", finalScopes: fullDesiredScopes };
+}
+function findServerDir(rootDir, slug, _server) {
+    return join(rootDir, "mcps", slug);
+}
+//# sourceMappingURL=add-scope.js.map

package/dist/commands/add-scope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"add-scope.js","sourceRoot":"","sources":["../../src/commands/add-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EACL,0BAA0B,EAC1B,aAAa,GACd,MAAM,oBAAoB,CAAC;AAU5B,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,GAAmB,EACnB,UAAkB,EAClB,KAAa;IAEb,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,yBAAyB,UAAU,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAEpE,IAAI,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CACT,UAAU,KAAK,mCAAmC,UAAU,IAAI,CACjE,CAAC;QACF,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,KAAK;YACL,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,aAAa;SAC3B,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IACrE,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;IAElE,MAAM,CAAC,IAAI,CACT,iBAAiB,KAAK,gBAAgB,UAAU,IAAI,CACrD,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,qBAAqB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAElE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QACzE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;IACxF,CAAC;IAED,2BAA2B;IAC3B,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;IACvF,GAAG,CAAC,cAAc,CAAC,GAAG,cAAc,CAAC;IACrC,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1E,MAAM,CAAC,OAAO,CAAC,2BAA2B,UAAU,EAAE,CAAC,CAAC;IAExD,6CAA6C;IAC7C,MAAM,UAAU,GAAG,0BAA0B,CAC3C,MAAM,CAAC,SAAS,EAChB,YAAY,CAAC,IAAI,CAClB,CAAC;IACF,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAChE,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,YAAY,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjD,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,UAAU,CAAC,EAAE;SAC3B,CAAC,CAAC,CAAC;QACJ,MAAM,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;QAChE,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CACT,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;AACtF,CAAC;AAED,SAAS,aAAa,CACpB,OAAe,EACf,IAAY,EACZ,OAAqB;IAErB,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC"}

package/dist/commands/generate-artifacts.d.ts

@@ -0,0 +1,10 @@
+import type { CommandContext } from "../utils/index.js";
+export interface GenerateArtifactsResult {
+    filesWritten: string[];
+}
+/**
+ * Generates or refreshes the .env.example and per-server runtime config files.
+ * Never writes live secrets.
+ */
+export declare function generateArtifacts(ctx: CommandContext): Promise<GenerateArtifactsResult>;
+//# sourceMappingURL=generate-artifacts.d.ts.map

package/dist/commands/generate-artifacts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-artifacts.d.ts","sourceRoot":"","sources":["../../src/commands/generate-artifacts.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAUxD,MAAM,WAAW,uBAAuB;IACtC,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,uBAAuB,CAAC,CAiGlC"}

package/dist/commands/generate-artifacts.js

@@ -0,0 +1,91 @@
+import { writeFile, mkdir } from "node:fs/promises";
+import { join } from "node:path";
+import { logger } from "../utils/index.js";
+import { deriveCanonicalResourceUri, deriveHostname, deriveMcpEndpoint, deriveProtectedResourceMetadataUrl, resolveScopes, } from "../config/index.js";
+/**
+ * Generates or refreshes the .env.example and per-server runtime config files.
+ * Never writes live secrets.
+ */
+export async function generateArtifacts(ctx) {
+    const { config, rootDir, dryRun } = ctx;
+    const ecosystem = config.ecosystem;
+    const written = [];
+    // ── .env.example ──
+    const envLines = [
+        "# Auth0 Management API credentials (required)",
+        `${ecosystem.auth0.management_client_id_env}=__REQUIRED__`,
+        `${ecosystem.auth0.management_client_secret_env}=__REQUIRED__`,
+        `AUTH0_TENANT_DOMAIN=${ecosystem.auth0.tenant_domain}`,
+        "",
+    ];
+    for (const [key, client] of config.clientConfigs) {
+        const envPrefix = `AUTH0_${key.toUpperCase().replace(/-/g, "_")}`;
+        envLines.push(`# Client: ${client.display_name}`);
+        envLines.push(`${envPrefix}_CLIENT_ID=__GENERATED_OR_EXISTING__`);
+        const isPublic = client.profile === "native_interactive" ||
+            client.profile === "spa_interactive";
+        if (client.credentials?.client_secret_env) {
+            envLines.push(`${client.credentials.client_secret_env}=__FILL_SECRET__`);
+        }
+        else if (!isPublic) {
+            envLines.push(`${envPrefix}_CLIENT_SECRET=__GENERATED__`);
+        }
+        else {
+            envLines.push(`# ${envPrefix}_CLIENT_SECRET=__ONLY_IF_CONFIDENTIAL__`);
+        }
+        envLines.push("");
+    }
+    for (const [slug, server] of config.serverConfigs) {
+        const identifier = deriveCanonicalResourceUri(ecosystem, slug);
+        const envPrefix = `AUTH0_${slug.toUpperCase().replace(/-/g, "_")}_MCP`;
+        envLines.push(`# Server: ${server.name}`);
+        envLines.push(`${envPrefix}_AUDIENCE=${identifier}`);
+        envLines.push("");
+    }
+    const envExamplePath = join(rootDir, ".env.example");
+    if (!dryRun) {
+        await writeFile(envExamplePath, envLines.join("\n"), "utf-8");
+        written.push(envExamplePath);
+        logger.success(`Generated: ${envExamplePath}`);
+    }
+    else {
+        logger.info(`[DRY RUN] Would generate: ${envExamplePath}`);
+    }
+    // ── Per-server runtime config ──
+    for (const [slug, server] of config.serverConfigs) {
+        const hostname = deriveHostname(ecosystem, slug);
+        const resourceUri = deriveCanonicalResourceUri(ecosystem, slug);
+        const mcpEndpoint = deriveMcpEndpoint(ecosystem, slug);
+        const metadataUrl = deriveProtectedResourceMetadataUrl(ecosystem, slug);
+        const scopes = resolveScopes(ecosystem, server);
+        const runtimeConfig = {
+            server: {
+                name: server.name,
+                slug: server.slug,
+                hostname,
+                resource_uri: resourceUri,
+                mcp_endpoint: mcpEndpoint,
+            },
+            auth: {
+                issuer: `https://${ecosystem.auth0.tenant_domain}/`,
+                audience: resourceUri,
+                jwks_uri: `https://${ecosystem.auth0.tenant_domain}/.well-known/jwks.json`,
+                protected_resource_metadata_url: metadataUrl,
+            },
+            scopes,
+        };
+        const serverDir = join(rootDir, "mcps", slug);
+        await mkdir(serverDir, { recursive: true });
+        const runtimeConfigPath = join(serverDir, "runtime-config.generated.json");
+        if (!dryRun) {
+            await writeFile(runtimeConfigPath, JSON.stringify(runtimeConfig, null, 2) + "\n", "utf-8");
+            written.push(runtimeConfigPath);
+            logger.success(`Generated: ${runtimeConfigPath}`);
+        }
+        else {
+            logger.info(`[DRY RUN] Would generate: ${runtimeConfigPath}`);
+        }
+    }
+    return { filesWritten: written };
+}
+//# sourceMappingURL=generate-artifacts.js.map