@sirrlock/mcp 0.1.0 → 1.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024–2026 Sirr contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,5 +1,14 @@
 # @sirrlock/mcp — Sirr MCP Server
 
+[![npm version](https://img.shields.io/npm/v/@sirrlock/mcp)](https://www.npmjs.com/package/@sirrlock/mcp)
+[![npm downloads](https://img.shields.io/npm/dm/@sirrlock/mcp)](https://www.npmjs.com/package/@sirrlock/mcp)
+[![CI](https://github.com/sirrlock/mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/sirrlock/mcp/actions)
+[![TypeScript](https://img.shields.io/badge/TypeScript-5-blue)](https://www.typescriptlang.org/)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen)](https://nodejs.org)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/sirrlock/mcp/blob/main/LICENSE)
+[![GitHub stars](https://img.shields.io/github/stars/sirrlock/mcp)](https://github.com/sirrlock/mcp)
+[![Last commit](https://img.shields.io/github/last-commit/sirrlock/mcp)](https://github.com/sirrlock/mcp)
+
 Gives AI assistants like Claude direct access to your [Sirr](https://sirr.dev) secret vault. Push, read, and manage ephemeral secrets without leaving a conversation.
 
 ## Demo
@@ -50,7 +59,7 @@ Or use `npx` without a global install — see the configuration block below.
 ## Quick start
 
 1. **Start Sirr** — run the Sirr server and note the `SIRR_MASTER_KEY` you set (or the one it printed on first launch).
-2. **Set your token** — `SIRR_TOKEN` in your MCP config must equal that `SIRR_MASTER_KEY` value exactly.
+2. **Set your token** — `SIRR_TOKEN` in your MCP config must equal that `SIRR_MASTER_KEY` value (or a principal key for org-scoped access).
 3. **Add to `.mcp.json`** — paste the config block below, substituting your server URL and key.
 4. **Verify** — run `sirr-mcp --health` to confirm the connection before starting your AI session.
 
@@ -89,14 +98,15 @@ Using `npx` without a global install:
 }
 ```
 
-> **What is `SIRR_TOKEN`?** It is the value of `SIRR_MASTER_KEY` that you set (or that was generated) when you started the Sirr server. These two values must match exactly — a mismatch is the most common cause of 401 errors. See [sirr.dev/errors#401](https://sirr.dev/errors#401).
+> **What is `SIRR_TOKEN`?** For single-tenant usage, set it to `SIRR_MASTER_KEY` (full access). For multi-tenant org-scoped usage, set it to a principal key. A mismatch is the most common cause of 401 errors. See [sirr.dev/errors#401](https://sirr.dev/errors#401).
 
 ### Environment variables
 
 | Variable | Default | Description |
 |---|---|---|
 | `SIRR_SERVER` | `http://localhost:39999` | Sirr server URL |
-| `SIRR_TOKEN` | — | Bearer token — must equal `SIRR_MASTER_KEY` on the server |
+| `SIRR_TOKEN` | — | Bearer token — `SIRR_MASTER_KEY` for full access, or a principal key for org-scoped access |
+| `SIRR_ORG` | — | Organization ID for multi-tenant mode. When set, all secret/audit/webhook/prune paths are prefixed with `/orgs/{id}/`. Leave unset for single-tenant usage. |
 
 ## CLI flags
 
@@ -116,8 +126,10 @@ SIRR_SERVER=http://localhost:39999 SIRR_TOKEN=mykey sirr-mcp --health
 
 | Tool | Description |
 |---|---|
+| `check_secret(key)` | Check if a secret exists and inspect its metadata — **without consuming a read** |
 | `get_secret(key)` | Retrieve a secret value (increments read counter; burns if max_reads reached) |
-| `push_secret(key, value, ttl_seconds?, max_reads?)` | Store a secret with optional expiry and read limit |
+| `push_secret(key, value, ttl_seconds?, max_reads?, delete?)` | Store a secret with optional expiry, read limit, and seal behavior |
+| `patch_secret(key, value?, ttl_seconds?, max_reads?)` | Update an existing secret's value, TTL, or read limit |
 | `list_secrets()` | List all active secrets — metadata only, values never returned |
 | `delete_secret(key)` | Burn a secret immediately, regardless of TTL or read count |
 | `prune_secrets()` | Delete all expired secrets in one sweep |
@@ -127,7 +139,7 @@ SIRR_SERVER=http://localhost:39999 SIRR_TOKEN=mykey sirr-mcp --health
 
 | Tool | Description |
 |---|---|
-| `sirr_audit(since?, action?, limit?)` | Query the audit log — secret creates, reads, deletes, and key events |
+| `sirr_audit(since?, until?, action?, limit?)` | Query the audit log — secret creates, reads, deletes, and key events |
 
 ### Webhooks
 
@@ -137,13 +149,44 @@ SIRR_SERVER=http://localhost:39999 SIRR_TOKEN=mykey sirr-mcp --health
 | `sirr_webhook_list()` | List all registered webhooks (signing secrets redacted) |
 | `sirr_webhook_delete(id)` | Remove a webhook by ID |
 
-### API keys
+### Principal keys
+
+| Tool | Description |
+|---|---|
+| `sirr_key_list()` | List all API keys for the current principal |
+| `sirr_create_key(name, valid_for_seconds?, valid_before?)` | Create a new API key; raw key returned once — save it |
+| `sirr_delete_key(keyId)` | Revoke an API key by ID |
+
+### Account (principal-scoped)
+
+| Tool | Description |
+|---|---|
+| `sirr_me()` | Get the current principal's profile, role, and key list |
+| `sirr_update_me(metadata)` | Replace the current principal's metadata |
+
+### Organizations
+
+| Tool | Description |
+|---|---|
+| `sirr_org_create(name, metadata?)` | Create a new organization |
+| `sirr_org_list()` | List all organizations (master key only) |
+| `sirr_org_delete(org_id)` | Delete an organization — must have no principals |
+
+### Principals
+
+| Tool | Description |
+|---|---|
+| `sirr_principal_create(org_id, name, role, metadata?)` | Create a principal (user or service account) in an org |
+| `sirr_principal_list(org_id)` | List all principals in an org |
+| `sirr_principal_delete(org_id, principal_id)` | Delete a principal — must have no active keys |
+
+### Roles
 
 | Tool | Description |
 |---|---|
-| `sirr_key_create(label, permissions, prefix?)` | Create a scoped API key; raw key returned once — save it |
-| `sirr_key_list()` | List all scoped API keys (key hashes never returned) |
-| `sirr_key_delete(id)` | Delete an API key by ID |
+| `sirr_role_create(org_id, name, permissions)` | Create a custom role. Permissions: C=create R=read P=patch D=delete L=list M=manage A=admin |
+| `sirr_role_list(org_id)` | List all roles in an org (built-in and custom) |
+| `sirr_role_delete(org_id, role_name)` | Delete a custom role — must not be in use |
 
 ## Inline secret references
 
@@ -156,6 +199,19 @@ You can reference secrets inline in any prompt:
 
 The `sirr:KEYNAME` prefix tells Claude to fetch from the vault automatically.
 
+## Secret lifecycle
+
+Sirr secrets expire by design. The `push_secret` tool lets you control exactly how:
+
+| Option | Behavior |
+|---|---|
+| `ttl_seconds: 3600` | Secret expires after 1 hour, regardless of reads |
+| `max_reads: 1` | Secret is deleted after the first read |
+| `max_reads: 5, delete: false` | After 5 reads the secret is **sealed** (returns 410, stays in DB) instead of deleted |
+| No options | Secret persists until explicitly deleted |
+
+Use `check_secret` to inspect a secret's status without consuming a read — useful when you want to verify a secret is still available before fetching it.
+
 ## Security notes
 
 - Claude only sees secret **values** when you explicitly ask it to fetch via `get_secret`
@@ -169,9 +225,10 @@ The `sirr:KEYNAME` prefix tells Claude to fetch from the vault automatically.
 
 | Symptom | Cause | Fix |
 |---|---|---|
-| `Error: Sirr 401` | `SIRR_TOKEN` doesn't match `SIRR_MASTER_KEY` | Verify both values match exactly — no extra spaces or newlines. [sirr.dev/errors#401](https://sirr.dev/errors#401) |
-| `Error: Sirr 402` | Free-tier limit of 100 secrets reached | Delete unused secrets or add a `SIRR_LICENSE_KEY`. [sirr.dev/errors#402](https://sirr.dev/errors#402) |
-| `Error: Sirr 403` | Scoped API key lacks the required permission | Re-create the key with the needed permissions. [sirr.dev/errors#403](https://sirr.dev/errors#403) |
+| `Error: Sirr 401` | `SIRR_TOKEN` doesn't match server key | Verify both values match exactly — no extra spaces or newlines. [sirr.dev/errors#401](https://sirr.dev/errors#401) |
+| `Error: Sirr 402` | Free-tier limit reached | Delete unused secrets or upgrade. [sirr.dev/errors#402](https://sirr.dev/errors#402) |
+| `Error: Sirr 403` | Token lacks the required permission | Use a token with the needed scope. [sirr.dev/errors#403](https://sirr.dev/errors#403) |
+| `Error: Sirr 409` | Resource has dependencies | Remove dependents first (e.g. delete principals before org). [sirr.dev/errors#409](https://sirr.dev/errors#409) |
 | `Secret '…' not found` | Secret expired, was burned, or key was mistyped | Re-push the secret if you still need it. [sirr.dev/errors#404](https://sirr.dev/errors#404) |
 | `did not respond within 10s` | Sirr server is unreachable | Check `SIRR_SERVER` URL and confirm Sirr is running (`sirr-mcp --health`). |
 | `[sirr-mcp] Warning: SIRR_TOKEN is not set` | Token missing from MCP config | Add `SIRR_TOKEN` to the `env` block in `.mcp.json`. |

package/dist/helpers.d.ts

@@ -8,6 +8,10 @@
  *   "KEYNAME"        → "KEYNAME"
  */
 export declare function parseKeyRef(ref: string): string;
+export declare function secretsPath(key?: string): string;
+export declare function auditPath(): string;
+export declare function webhooksPath(id?: string): string;
+export declare function prunePath(): string;
 /**
  * Format a Unix timestamp (seconds) as a human-readable TTL string
  * relative to now. Returns "no expiry" for null, "expired" for past timestamps.

package/dist/helpers.js

@@ -4,6 +4,10 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseKeyRef = parseKeyRef;
+exports.secretsPath = secretsPath;
+exports.auditPath = auditPath;
+exports.webhooksPath = webhooksPath;
+exports.prunePath = prunePath;
 exports.formatTtl = formatTtl;
 /**
  * Parse a secret key reference from natural language.
@@ -18,6 +22,25 @@ function parseKeyRef(ref) {
         return ref.split("#")[0];
     return ref.trim();
 }
+// ── Org-aware path helpers ────────────────────────────────────────────────────
+function secretsPath(key) {
+    const org = process.env.SIRR_ORG;
+    const base = org ? `/orgs/${org}/secrets` : '/secrets';
+    return key ? `${base}/${key}` : base;
+}
+function auditPath() {
+    const org = process.env.SIRR_ORG;
+    return org ? `/orgs/${org}/audit` : '/audit';
+}
+function webhooksPath(id) {
+    const org = process.env.SIRR_ORG;
+    const base = org ? `/orgs/${org}/webhooks` : '/webhooks';
+    return id ? `${base}/${id}` : base;
+}
+function prunePath() {
+    const org = process.env.SIRR_ORG;
+    return org ? `/orgs/${org}/prune` : '/prune';
+}
 /**
  * Format a Unix timestamp (seconds) as a human-readable TTL string
  * relative to now. Returns "no expiry" for null, "expired" for past timestamps.

package/dist/helpers.js.map

@@ -1 +1 @@
-{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../src/helpers.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAQH,kCAIC;AAMD,8BASC;AAzBD;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,GAAW;IACrC,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;IACjD,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,SAAgB,SAAS,CAAC,SAAwB;IAChD,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,WAAW,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,SAAS,GAAG,GAAG,CAAC;IAC7B,IAAI,IAAI,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAChC,IAAI,IAAI,GAAG,EAAE;QAAE,OAAO,GAAG,IAAI,GAAG,CAAC;IACjC,IAAI,IAAI,GAAG,IAAI;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC;IACpD,IAAI,IAAI,GAAG,KAAK;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC;IACvD,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC;AACxC,CAAC"}
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../src/helpers.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAQH,kCAIC;AAID,kCAIC;AAED,8BAGC;AAED,oCAIC;AAED,8BAGC;AAMD,8BASC;AAjDD;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,GAAW;IACrC,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;IACjD,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED,iFAAiF;AAEjF,SAAgB,WAAW,CAAC,GAAY;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IACjC,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;IACvD,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAgB,SAAS;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IACjC,OAAO,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC/C,CAAC;AAED,SAAgB,YAAY,CAAC,EAAW;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IACjC,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACrC,CAAC;AAED,SAAgB,SAAS;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IACjC,OAAO,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,SAAgB,SAAS,CAAC,SAAwB;IAChD,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,WAAW,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,SAAS,GAAG,GAAG,CAAC;IAC7B,IAAI,IAAI,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAChC,IAAI,IAAI,GAAG,EAAE;QAAE,OAAO,GAAG,IAAI,GAAG,CAAC;IACjC,IAAI,IAAI,GAAG,IAAI;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC;IACpD,IAAI,IAAI,GAAG,KAAK;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC;IACvD,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC;AACxC,CAAC"}

package/dist/helpers.test.js

@@ -22,6 +22,74 @@ const helpers_1 = require("./helpers");
         (0, globals_1.expect)((0, helpers_1.parseKeyRef)("KEY#a#b")).toBe("KEY");
     });
 });
+(0, globals_1.describe)("secretsPath", () => {
+    (0, globals_1.afterEach)(() => {
+        delete process.env.SIRR_ORG;
+    });
+    (0, globals_1.it)("returns /secrets without SIRR_ORG", () => {
+        delete process.env.SIRR_ORG;
+        (0, globals_1.expect)((0, helpers_1.secretsPath)()).toBe("/secrets");
+    });
+    (0, globals_1.it)("returns /secrets/{key} without SIRR_ORG", () => {
+        delete process.env.SIRR_ORG;
+        (0, globals_1.expect)((0, helpers_1.secretsPath)("MY_KEY")).toBe("/secrets/MY_KEY");
+    });
+    (0, globals_1.it)("returns /orgs/{org}/secrets with SIRR_ORG", () => {
+        process.env.SIRR_ORG = "acme";
+        (0, globals_1.expect)((0, helpers_1.secretsPath)()).toBe("/orgs/acme/secrets");
+    });
+    (0, globals_1.it)("returns /orgs/{org}/secrets/{key} with SIRR_ORG", () => {
+        process.env.SIRR_ORG = "acme";
+        (0, globals_1.expect)((0, helpers_1.secretsPath)("MY_KEY")).toBe("/orgs/acme/secrets/MY_KEY");
+    });
+});
+(0, globals_1.describe)("auditPath", () => {
+    (0, globals_1.afterEach)(() => {
+        delete process.env.SIRR_ORG;
+    });
+    (0, globals_1.it)("returns /audit without SIRR_ORG", () => {
+        delete process.env.SIRR_ORG;
+        (0, globals_1.expect)((0, helpers_1.auditPath)()).toBe("/audit");
+    });
+    (0, globals_1.it)("returns /orgs/{org}/audit with SIRR_ORG", () => {
+        process.env.SIRR_ORG = "acme";
+        (0, globals_1.expect)((0, helpers_1.auditPath)()).toBe("/orgs/acme/audit");
+    });
+});
+(0, globals_1.describe)("webhooksPath", () => {
+    (0, globals_1.afterEach)(() => {
+        delete process.env.SIRR_ORG;
+    });
+    (0, globals_1.it)("returns /webhooks without SIRR_ORG", () => {
+        delete process.env.SIRR_ORG;
+        (0, globals_1.expect)((0, helpers_1.webhooksPath)()).toBe("/webhooks");
+    });
+    (0, globals_1.it)("returns /webhooks/{id} without SIRR_ORG", () => {
+        delete process.env.SIRR_ORG;
+        (0, globals_1.expect)((0, helpers_1.webhooksPath)("wh_123")).toBe("/webhooks/wh_123");
+    });
+    (0, globals_1.it)("returns /orgs/{org}/webhooks with SIRR_ORG", () => {
+        process.env.SIRR_ORG = "acme";
+        (0, globals_1.expect)((0, helpers_1.webhooksPath)()).toBe("/orgs/acme/webhooks");
+    });
+    (0, globals_1.it)("returns /orgs/{org}/webhooks/{id} with SIRR_ORG", () => {
+        process.env.SIRR_ORG = "acme";
+        (0, globals_1.expect)((0, helpers_1.webhooksPath)("wh_123")).toBe("/orgs/acme/webhooks/wh_123");
+    });
+});
+(0, globals_1.describe)("prunePath", () => {
+    (0, globals_1.afterEach)(() => {
+        delete process.env.SIRR_ORG;
+    });
+    (0, globals_1.it)("returns /prune without SIRR_ORG", () => {
+        delete process.env.SIRR_ORG;
+        (0, globals_1.expect)((0, helpers_1.prunePath)()).toBe("/prune");
+    });
+    (0, globals_1.it)("returns /orgs/{org}/prune with SIRR_ORG", () => {
+        process.env.SIRR_ORG = "acme";
+        (0, globals_1.expect)((0, helpers_1.prunePath)()).toBe("/orgs/acme/prune");
+    });
+});
 (0, globals_1.describe)("formatTtl", () => {
     const realDateNow = Date.now;
     (0, globals_1.beforeEach)(() => {

package/dist/helpers.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"helpers.test.js","sourceRoot":"","sources":["../src/helpers.test.ts"],"names":[],"mappings":";;AAAA,2CAAkF;AAClF,uCAAmD;AAEnD,IAAA,kBAAQ,EAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAA,YAAE,EAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,kBAAQ,EAAC,WAAW,EAAE,GAAG,EAAE;IACzB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC;IAE7B,IAAA,oBAAU,EAAC,GAAG,EAAE;QACd,0DAA0D;QAC1D,cAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,eAAe,CAAC,OAAS,GAAG,IAAI,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,IAAA,mBAAS,EAAC,GAAG,EAAE;QACb,cAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,MAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"helpers.test.js","sourceRoot":"","sources":["../src/helpers.test.ts"],"names":[],"mappings":";;AAAA,2CAAkF;AAClF,uCAAoG;AAEpG,IAAA,kBAAQ,EAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAA,YAAE,EAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,kBAAQ,EAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAA,mBAAS,EAAC,GAAG,EAAE;QACb,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC5B,IAAA,gBAAM,EAAC,IAAA,qBAAW,GAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC5B,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;QAC9B,IAAA,gBAAM,EAAC,IAAA,qBAAW,GAAE,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;QAC9B,IAAA,gBAAM,EAAC,IAAA,qBAAW,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,kBAAQ,EAAC,WAAW,EAAE,GAAG,EAAE;IACzB,IAAA,mBAAS,EAAC,GAAG,EAAE;QACb,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC5B,IAAA,gBAAM,EAAC,IAAA,mBAAS,GAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;QAC9B,IAAA,gBAAM,EAAC,IAAA,mBAAS,GAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,kBAAQ,EAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,IAAA,mBAAS,EAAC,GAAG,EAAE;QACb,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC5B,IAAA,gBAAM,EAAC,IAAA,sBAAY,GAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC5B,IAAA,gBAAM,EAAC,IAAA,sBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;QAC9B,IAAA,gBAAM,EAAC,IAAA,sBAAY,GAAE,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;QAC9B,IAAA,gBAAM,EAAC,IAAA,sBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,kBAAQ,EAAC,WAAW,EAAE,GAAG,EAAE;IACzB,IAAA,mBAAS,EAAC,GAAG,EAAE;QACb,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC5B,IAAA,gBAAM,EAAC,IAAA,mBAAS,GAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;QAC9B,IAAA,gBAAM,EAAC,IAAA,mBAAS,GAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,kBAAQ,EAAC,WAAW,EAAE,GAAG,EAAE;IACzB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC;IAE7B,IAAA,oBAAU,EAAC,GAAG,EAAE;QACd,0DAA0D;QAC1D,cAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,eAAe,CAAC,OAAS,GAAG,IAAI,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,IAAA,mBAAS,EAAC,GAAG,EAAE;QACb,cAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,MAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,IAAA,YAAE,EAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,IAAA,gBAAM,EAAC,IAAA,mBAAS,EAAC,OAAS,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/index.d.ts

@@ -6,7 +6,7 @@
  *
  * Configuration (env vars):
  *   SIRR_SERVER  — Sirr server URL (default: http://localhost:39999)
- *   SIRR_TOKEN   — Bearer token (SIRR_MASTER_KEY on the server)
+ *   SIRR_TOKEN   — Bearer token: SIRR_MASTER_KEY for full access, or a principal key for org-scoped access
  *
  * Install:  npm install -g @sirrlock/mcp
  * Configure in .mcp.json: