@sproobo/mcp 0.1.1 → 0.1.3

package/README.md

@@ -0,0 +1,129 @@
+# @sproobo/mcp
+
+[Model Context Protocol](https://modelcontextprotocol.io/) server for [Sproobo](https://sproobo.com) — deploy sites, manage servers, and configure infrastructure from AI agents like Claude Desktop, Cursor, Windsurf, and any MCP-compatible client.
+
+## Quick start
+
+### Claude Desktop
+
+Add to your Claude Desktop config (`~/Library/Application Support/Claude/claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "sproobo": {
+      "command": "npx",
+      "args": ["-y", "@sproobo/mcp"],
+      "env": {
+        "SPROOBO_API_KEY": "spb_your_key_here"
+      }
+    }
+  }
+}
+```
+
+### Cursor
+
+Add to `.cursor/mcp.json` in your project:
+
+```json
+{
+  "mcpServers": {
+    "sproobo": {
+      "command": "npx",
+      "args": ["-y", "@sproobo/mcp"],
+      "env": {
+        "SPROOBO_API_KEY": "spb_your_key_here"
+      }
+    }
+  }
+}
+```
+
+### Claude Code
+
+```bash
+claude mcp add sproobo -- npx -y @sproobo/mcp
+```
+
+Then set your API key in the environment:
+
+```bash
+export SPROOBO_API_KEY="spb_your_key_here"
+```
+
+## Authentication
+
+Create an API key in the Sproobo dashboard under **Settings > API Keys**. See the [API Keys docs](https://sproobo.com/docs/api-keys) for details.
+
+| Variable | Required | Description |
+| --- | --- | --- |
+| `SPROOBO_API_KEY` | Yes | Your API key (e.g. `spb_...`) |
+| `SPROOBO_API_URL` | No | Custom API base URL (defaults to `https://dashboard.sproobo.com`) |
+
+> **Never** commit API keys to source control or shared config files. Use your client's secret store or environment variables.
+
+## Available tools
+
+### Servers
+
+| Tool | Description |
+| --- | --- |
+| `list_servers` | List all servers with status, IP, and provider info |
+| `get_server` | Get detailed info about a specific server |
+| `get_server_metrics` | Get latest CPU, memory, disk, and network metrics |
+
+### Sites
+
+| Tool | Description |
+| --- | --- |
+| `list_sites` | List all sites deployed on a server |
+| `get_site` | Get site details including domains and deployment type |
+
+### Deployments
+
+| Tool | Description |
+| --- | --- |
+| `deploy_site` | Trigger a new deployment, optionally for a specific commit |
+| `list_deployments` | List deployment history, most recent first |
+| `get_deployment` | Get deployment details including status and timing |
+| `get_deployment_logs` | Stream build and deploy logs for a deployment |
+| `rollback_site` | Rollback to a previous deployment (fast or safe mode) |
+
+### Services
+
+| Tool | Description |
+| --- | --- |
+| `list_services` | List installed services (Redis, PostgreSQL, etc.) |
+
+### Nginx
+
+| Tool | Description |
+| --- | --- |
+| `list_nginx_templates` | List available nginx configuration templates |
+| `get_nginx_config_files` | Get nginx config files on a server |
+| `test_nginx_config` | Test nginx configuration for syntax errors |
+| `apply_nginx_template` | Apply an nginx template to a site |
+
+### Firewall
+
+| Tool | Description |
+| --- | --- |
+| `list_firewall_rules` | List all firewall rules on a server |
+| `create_firewall_rule` | Create a new firewall rule |
+| `delete_firewall_rule` | Delete a firewall rule |
+| `apply_firewall_rules` | Apply configured rules to the server |
+
+## Security
+
+- Sensitive fields (env vars, passwords, tokens, keys, credentials) are automatically redacted from all API responses
+- API keys are transmitted as Bearer tokens over HTTPS
+- The server never stores credentials — it reads `SPROOBO_API_KEY` from the environment at startup
+
+## Documentation
+
+Full documentation is available at [sproobo.com/docs/mcp](https://sproobo.com/docs/mcp).
+
+## License
+
+MIT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sproobo/mcp",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "private": false,
   "type": "module",
   "description": "Sproobo MCP server — deploy sites, manage servers, and configure infrastructure from AI agents",
@@ -15,6 +15,10 @@
       "default": "./dist/index.js"
     }
   },
+  "files": [
+    "dist",
+    "README.md"
+  ],
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.1",
     "zod": "^3.25.76"

package/dist/__tests__/client.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=client.test.d.ts.map

package/dist/__tests__/client.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/client.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/client.test.js

@@ -1,81 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import { SprooboClient } from "../client.js";
-describe("SprooboClient", () => {
-    let client;
-    beforeEach(() => {
-        client = new SprooboClient("spb_testapikey123", "https://test.sproobo.com");
-        vi.restoreAllMocks();
-    });
-    it("sends Authorization header with API key", async () => {
-        const mockFetch = vi.fn().mockResolvedValue({
-            ok: true,
-            json: () => Promise.resolve({ servers: [] }),
-        });
-        vi.stubGlobal("fetch", mockFetch);
-        await client.get("/api/servers");
-        expect(mockFetch).toHaveBeenCalledWith("https://test.sproobo.com/api/servers", expect.objectContaining({
-            headers: expect.objectContaining({
-                Authorization: "Bearer spb_testapikey123",
-            }),
-        }));
-    });
-    it("strips trailing slash from base URL", async () => {
-        const clientWithSlash = new SprooboClient("spb_key", "https://test.sproobo.com/");
-        const mockFetch = vi.fn().mockResolvedValue({
-            ok: true,
-            json: () => Promise.resolve({}),
-        });
-        vi.stubGlobal("fetch", mockFetch);
-        await clientWithSlash.get("/api/servers");
-        expect(mockFetch).toHaveBeenCalledWith("https://test.sproobo.com/api/servers", expect.anything());
-    });
-    it("throws on 401 with helpful message", async () => {
-        vi.stubGlobal("fetch", vi.fn().mockResolvedValue({
-            ok: false,
-            status: 401,
-            statusText: "Unauthorized",
-            json: () => Promise.resolve({ error: "Unauthorized" }),
-        }));
-        await expect(client.get("/api/servers")).rejects.toThrow("Invalid or revoked API key");
-    });
-    it("throws on 403 with permission message", async () => {
-        vi.stubGlobal("fetch", vi.fn().mockResolvedValue({
-            ok: false,
-            status: 403,
-            statusText: "Forbidden",
-            json: () => Promise.resolve({ error: "You don't have access to this server" }),
-        }));
-        await expect(client.get("/api/servers/abc")).rejects.toThrow("Insufficient permissions");
-    });
-    it("throws on 429 with retry-after", async () => {
-        vi.stubGlobal("fetch", vi.fn().mockResolvedValue({
-            ok: false,
-            status: 429,
-            statusText: "Too Many Requests",
-            headers: new Headers({ "Retry-After": "30" }),
-            json: () => Promise.resolve({ error: "Rate limited" }),
-        }));
-        await expect(client.get("/api/servers")).rejects.toThrow("Rate limit exceeded. Retry after 30 seconds");
-    });
-    it("sends POST body as JSON", async () => {
-        const mockFetch = vi.fn().mockResolvedValue({
-            ok: true,
-            json: () => Promise.resolve({ success: true }),
-        });
-        vi.stubGlobal("fetch", mockFetch);
-        await client.post("/api/sites/abc/deployments", { commitSha: "abc123" });
-        expect(mockFetch).toHaveBeenCalledWith("https://test.sproobo.com/api/sites/abc/deployments", expect.objectContaining({
-            method: "POST",
-            body: JSON.stringify({ commitSha: "abc123" }),
-        }));
-    });
-    it("handles 404 errors", async () => {
-        vi.stubGlobal("fetch", vi.fn().mockResolvedValue({
-            ok: false,
-            status: 404,
-            statusText: "Not Found",
-            json: () => Promise.resolve({ error: "Server not found" }),
-        }));
-        await expect(client.get("/api/servers/nonexistent")).rejects.toThrow("Not found: Server not found");
-    });
-});

package/dist/__tests__/redact.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=redact.test.d.ts.map

package/dist/__tests__/redact.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"redact.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/redact.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/redact.test.js

@@ -1,74 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { redact, safeJson } from "../redact.js";
-describe("redact", () => {
-    it("redacts known sensitive keys", () => {
-        const input = {
-            name: "my-site",
-            envVars: { DB_URL: "postgres://...", API_KEY: "secret" },
-            status: "healthy",
-        };
-        const result = redact(input);
-        expect(result.name).toBe("my-site");
-        expect(result.envVars).toBe("[REDACTED]");
-        expect(result.status).toBe("healthy");
-    });
-    it("redacts keys ending with _KEY, _SECRET, _TOKEN, _PASSWORD", () => {
-        const input = {
-            STRIPE_SECRET_KEY: "sk_test_xxx",
-            database_password: "hunter2",
-            auth_token: "tok_xxx",
-            slack_credentials: "xoxb-xxx",
-        };
-        const result = redact(input);
-        expect(result.STRIPE_SECRET_KEY).toBe("[REDACTED]");
-        expect(result.database_password).toBe("[REDACTED]");
-        expect(result.auth_token).toBe("[REDACTED]");
-        expect(result.slack_credentials).toBe("[REDACTED]");
-    });
-    it("redacts nested objects", () => {
-        const input = {
-            site: {
-                name: "app",
-                envVars: { SECRET: "xxx" },
-                config: {
-                    password: "hunter2",
-                    port: 3000,
-                },
-            },
-        };
-        const result = redact(input);
-        expect(result.site.name).toBe("app");
-        expect(result.site.envVars).toBe("[REDACTED]");
-        const config = result.site.config;
-        expect(config.password).toBe("[REDACTED]");
-        expect(config.port).toBe(3000);
-    });
-    it("redacts items in arrays", () => {
-        const input = [
-            { name: "site-a", envVars: { KEY: "val" } },
-            { name: "site-b", token: "xxx" },
-        ];
-        const result = redact(input);
-        expect(result[0].name).toBe("site-a");
-        expect(result[0].envVars).toBe("[REDACTED]");
-        expect(result[1].token).toBe("[REDACTED]");
-    });
-    it("leaves non-sensitive data untouched", () => {
-        const input = { id: "abc", name: "test", status: "healthy", port: 3000 };
-        expect(redact(input)).toEqual(input);
-    });
-    it("handles null and primitives", () => {
-        expect(redact(null)).toBeNull();
-        expect(redact(undefined)).toBeUndefined();
-        expect(redact("hello")).toBe("hello");
-        expect(redact(42)).toBe(42);
-    });
-});
-describe("safeJson", () => {
-    it("returns redacted JSON string", () => {
-        const input = { name: "site", envVars: { SECRET: "xxx" } };
-        const result = JSON.parse(safeJson(input));
-        expect(result.name).toBe("site");
-        expect(result.envVars).toBe("[REDACTED]");
-    });
-});

package/dist/__tests__/startup.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=startup.test.d.ts.map

package/dist/__tests__/startup.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"startup.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/startup.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/startup.test.js

@@ -1,29 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import { execFile } from "child_process";
-import { resolve } from "path";
-describe("MCP server startup", () => {
-    const originalEnv = process.env;
-    beforeEach(() => {
-        process.env = { ...originalEnv };
-    });
-    afterEach(() => {
-        process.env = originalEnv;
-        vi.restoreAllMocks();
-    });
-    it("exits with error when SPROOBO_API_KEY is missing", async () => {
-        const entryPoint = resolve(__dirname, "../../dist/index.js");
-        const result = await new Promise((resolve) => {
-            const child = execFile("node", [entryPoint], {
-                env: { ...process.env, SPROOBO_API_KEY: "" },
-                timeout: 5000,
-            }, (error, _stdout, stderr) => {
-                resolve({
-                    code: error?.code !== undefined ? Number(error.code) : child.exitCode,
-                    stderr,
-                });
-            });
-        });
-        expect(result.code).toBe(1);
-        expect(result.stderr).toContain("SPROOBO_API_KEY");
-    });
-});

package/src/__tests__/client.test.ts

@@ -1,133 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import { SprooboClient } from "../client.js";
-
-describe("SprooboClient", () => {
-  let client: SprooboClient;
-
-  beforeEach(() => {
-    client = new SprooboClient("spb_testapikey123", "https://test.sproobo.com");
-    vi.restoreAllMocks();
-  });
-
-  it("sends Authorization header with API key", async () => {
-    const mockFetch = vi.fn().mockResolvedValue({
-      ok: true,
-      json: () => Promise.resolve({ servers: [] }),
-    });
-    vi.stubGlobal("fetch", mockFetch);
-
-    await client.get("/api/servers");
-
-    expect(mockFetch).toHaveBeenCalledWith(
-      "https://test.sproobo.com/api/servers",
-      expect.objectContaining({
-        headers: expect.objectContaining({
-          Authorization: "Bearer spb_testapikey123",
-        }),
-      }),
-    );
-  });
-
-  it("strips trailing slash from base URL", async () => {
-    const clientWithSlash = new SprooboClient(
-      "spb_key",
-      "https://test.sproobo.com/",
-    );
-    const mockFetch = vi.fn().mockResolvedValue({
-      ok: true,
-      json: () => Promise.resolve({}),
-    });
-    vi.stubGlobal("fetch", mockFetch);
-
-    await clientWithSlash.get("/api/servers");
-
-    expect(mockFetch).toHaveBeenCalledWith(
-      "https://test.sproobo.com/api/servers",
-      expect.anything(),
-    );
-  });
-
-  it("throws on 401 with helpful message", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue({
-        ok: false,
-        status: 401,
-        statusText: "Unauthorized",
-        json: () => Promise.resolve({ error: "Unauthorized" }),
-      }),
-    );
-
-    await expect(client.get("/api/servers")).rejects.toThrow(
-      "Invalid or revoked API key",
-    );
-  });
-
-  it("throws on 403 with permission message", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue({
-        ok: false,
-        status: 403,
-        statusText: "Forbidden",
-        json: () =>
-          Promise.resolve({ error: "You don't have access to this server" }),
-      }),
-    );
-
-    await expect(client.get("/api/servers/abc")).rejects.toThrow(
-      "Insufficient permissions",
-    );
-  });
-
-  it("throws on 429 with retry-after", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue({
-        ok: false,
-        status: 429,
-        statusText: "Too Many Requests",
-        headers: new Headers({ "Retry-After": "30" }),
-        json: () => Promise.resolve({ error: "Rate limited" }),
-      }),
-    );
-
-    await expect(client.get("/api/servers")).rejects.toThrow(
-      "Rate limit exceeded. Retry after 30 seconds",
-    );
-  });
-
-  it("sends POST body as JSON", async () => {
-    const mockFetch = vi.fn().mockResolvedValue({
-      ok: true,
-      json: () => Promise.resolve({ success: true }),
-    });
-    vi.stubGlobal("fetch", mockFetch);
-
-    await client.post("/api/sites/abc/deployments", { commitSha: "abc123" });
-
-    expect(mockFetch).toHaveBeenCalledWith(
-      "https://test.sproobo.com/api/sites/abc/deployments",
-      expect.objectContaining({
-        method: "POST",
-        body: JSON.stringify({ commitSha: "abc123" }),
-      }),
-    );
-  });
-
-  it("handles 404 errors", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue({
-        ok: false,
-        status: 404,
-        statusText: "Not Found",
-        json: () => Promise.resolve({ error: "Server not found" }),
-      }),
-    );
-
-    await expect(client.get("/api/servers/nonexistent")).rejects.toThrow(
-      "Not found: Server not found",
-    );
-  });
-});

package/src/__tests__/redact.test.ts

@@ -1,81 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { redact, safeJson } from "../redact.js";
-
-describe("redact", () => {
-  it("redacts known sensitive keys", () => {
-    const input = {
-      name: "my-site",
-      envVars: { DB_URL: "postgres://...", API_KEY: "secret" },
-      status: "healthy",
-    };
-    const result = redact(input) as Record<string, unknown>;
-    expect(result.name).toBe("my-site");
-    expect(result.envVars).toBe("[REDACTED]");
-    expect(result.status).toBe("healthy");
-  });
-
-  it("redacts keys ending with _KEY, _SECRET, _TOKEN, _PASSWORD", () => {
-    const input = {
-      STRIPE_SECRET_KEY: "sk_test_xxx",
-      database_password: "hunter2",
-      auth_token: "tok_xxx",
-      slack_credentials: "xoxb-xxx",
-    };
-    const result = redact(input) as Record<string, unknown>;
-    expect(result.STRIPE_SECRET_KEY).toBe("[REDACTED]");
-    expect(result.database_password).toBe("[REDACTED]");
-    expect(result.auth_token).toBe("[REDACTED]");
-    expect(result.slack_credentials).toBe("[REDACTED]");
-  });
-
-  it("redacts nested objects", () => {
-    const input = {
-      site: {
-        name: "app",
-        envVars: { SECRET: "xxx" },
-        config: {
-          password: "hunter2",
-          port: 3000,
-        },
-      },
-    };
-    const result = redact(input) as { site: Record<string, unknown> };
-    expect(result.site.name).toBe("app");
-    expect(result.site.envVars).toBe("[REDACTED]");
-    const config = result.site.config as Record<string, unknown>;
-    expect(config.password).toBe("[REDACTED]");
-    expect(config.port).toBe(3000);
-  });
-
-  it("redacts items in arrays", () => {
-    const input = [
-      { name: "site-a", envVars: { KEY: "val" } },
-      { name: "site-b", token: "xxx" },
-    ];
-    const result = redact(input) as Array<Record<string, unknown>>;
-    expect(result[0].name).toBe("site-a");
-    expect(result[0].envVars).toBe("[REDACTED]");
-    expect(result[1].token).toBe("[REDACTED]");
-  });
-
-  it("leaves non-sensitive data untouched", () => {
-    const input = { id: "abc", name: "test", status: "healthy", port: 3000 };
-    expect(redact(input)).toEqual(input);
-  });
-
-  it("handles null and primitives", () => {
-    expect(redact(null)).toBeNull();
-    expect(redact(undefined)).toBeUndefined();
-    expect(redact("hello")).toBe("hello");
-    expect(redact(42)).toBe(42);
-  });
-});
-
-describe("safeJson", () => {
-  it("returns redacted JSON string", () => {
-    const input = { name: "site", envVars: { SECRET: "xxx" } };
-    const result = JSON.parse(safeJson(input));
-    expect(result.name).toBe("site");
-    expect(result.envVars).toBe("[REDACTED]");
-  });
-});

package/src/__tests__/startup.test.ts

@@ -1,42 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import { execFile } from "child_process";
-import { resolve } from "path";
-
-describe("MCP server startup", () => {
-  const originalEnv = process.env;
-
-  beforeEach(() => {
-    process.env = { ...originalEnv };
-  });
-
-  afterEach(() => {
-    process.env = originalEnv;
-    vi.restoreAllMocks();
-  });
-
-  it("exits with error when SPROOBO_API_KEY is missing", async () => {
-    const entryPoint = resolve(__dirname, "../../dist/index.js");
-
-    const result = await new Promise<{ code: number | null; stderr: string }>(
-      (resolve) => {
-        const child = execFile(
-          "node",
-          [entryPoint],
-          {
-            env: { ...process.env, SPROOBO_API_KEY: "" },
-            timeout: 5000,
-          },
-          (error, _stdout, stderr) => {
-            resolve({
-              code: error?.code !== undefined ? Number(error.code) : child.exitCode,
-              stderr,
-            });
-          },
-        );
-      },
-    );
-
-    expect(result.code).toBe(1);
-    expect(result.stderr).toContain("SPROOBO_API_KEY");
-  });
-});

package/src/client.ts

@@ -1,146 +0,0 @@
-/**
- * HTTP client for the Sproobo REST API.
- * Wraps fetch with base URL, auth header, and error mapping.
- */
-
-export class SprooboClient {
-  private baseUrl: string;
-  private apiKey: string;
-
-  constructor(apiKey: string, baseUrl?: string) {
-    this.apiKey = apiKey;
-    this.baseUrl = (baseUrl || "https://dashboard.sproobo.com").replace(
-      /\/$/,
-      "",
-    );
-  }
-
-  private headers(): Record<string, string> {
-    return {
-      Authorization: `Bearer ${this.apiKey}`,
-      "Content-Type": "application/json",
-    };
-  }
-
-  async get<T = unknown>(path: string): Promise<T> {
-    const res = await fetch(`${this.baseUrl}${path}`, {
-      method: "GET",
-      headers: this.headers(),
-    });
-    return this.handleResponse<T>(res);
-  }
-
-  async post<T = unknown>(path: string, body?: unknown): Promise<T> {
-    const res = await fetch(`${this.baseUrl}${path}`, {
-      method: "POST",
-      headers: this.headers(),
-      body: body !== undefined ? JSON.stringify(body) : undefined,
-    });
-    return this.handleResponse<T>(res);
-  }
-
-  async delete<T = unknown>(path: string): Promise<T> {
-    const res = await fetch(`${this.baseUrl}${path}`, {
-      method: "DELETE",
-      headers: this.headers(),
-    });
-    return this.handleResponse<T>(res);
-  }
-
-  /**
-   * Consume an SSE stream endpoint and return all event data as concatenated text.
-   */
-  async getStream(path: string, timeoutMs = 30000): Promise<string> {
-    const controller = new AbortController();
-    const timeout = setTimeout(() => controller.abort(), timeoutMs);
-
-    try {
-      const res = await fetch(`${this.baseUrl}${path}`, {
-        method: "GET",
-        headers: {
-          Authorization: `Bearer ${this.apiKey}`,
-          Accept: "text/event-stream",
-        },
-        signal: controller.signal,
-      });
-
-      if (!res.ok) {
-        await this.handleErrorResponse(res);
-      }
-
-      const reader = res.body?.getReader();
-      if (!reader) {
-        return "";
-      }
-
-      const decoder = new TextDecoder();
-      const lines: string[] = [];
-
-      while (true) {
-        const { done, value } = await reader.read();
-        if (done) break;
-
-        const chunk = decoder.decode(value, { stream: true });
-        for (const line of chunk.split("\n")) {
-          if (line.startsWith("data: ")) {
-            const data = line.slice(6);
-            if (data === "[DONE]") continue;
-            try {
-              const parsed = JSON.parse(data);
-              if (parsed.message || parsed.log || parsed.data) {
-                lines.push(parsed.message || parsed.log || parsed.data);
-              } else if (typeof parsed === "string") {
-                lines.push(parsed);
-              } else {
-                lines.push(JSON.stringify(parsed));
-              }
-            } catch {
-              lines.push(data);
-            }
-          }
-        }
-      }
-
-      return lines.join("\n");
-    } finally {
-      clearTimeout(timeout);
-    }
-  }
-
-  private async handleResponse<T>(res: Response): Promise<T> {
-    if (!res.ok) {
-      await this.handleErrorResponse(res);
-    }
-    return (await res.json()) as T;
-  }
-
-  private async handleErrorResponse(res: Response): Promise<never> {
-    let message: string;
-    try {
-      const body = (await res.json()) as Record<string, string>;
-      message =
-        body.error || body.message || `HTTP ${res.status}: ${res.statusText}`;
-    } catch {
-      message = `HTTP ${res.status}: ${res.statusText}`;
-    }
-
-    switch (res.status) {
-      case 401:
-        throw new Error(
-          "Invalid or revoked API key. Create one at your Sproobo dashboard under Settings > API Keys.",
-        );
-      case 403:
-        throw new Error(`Insufficient permissions: ${message}`);
-      case 404:
-        throw new Error(`Not found: ${message}`);
-      case 429: {
-        const retryAfter = res.headers.get("Retry-After") || "60";
-        throw new Error(
-          `Rate limit exceeded. Retry after ${retryAfter} seconds.`,
-        );
-      }
-      default:
-        throw new Error(message);
-    }
-  }
-}

package/src/index.ts

@@ -1,46 +0,0 @@
-#!/usr/bin/env node
-
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { SprooboClient } from "./client.js";
-import { registerServerTools } from "./tools/servers.js";
-import { registerSiteTools } from "./tools/sites.js";
-import { registerDeploymentTools } from "./tools/deployments.js";
-import { registerNginxTools } from "./tools/nginx.js";
-import { registerFirewallTools } from "./tools/firewall.js";
-import { registerServiceTools } from "./tools/services.js";
-
-const apiKey = process.env.SPROOBO_API_KEY;
-if (!apiKey) {
-  console.error(
-    "Error: SPROOBO_API_KEY environment variable is required.\n" +
-      "Create an API key at your Sproobo dashboard under Settings > API Keys,\n" +
-      'then set it: SPROOBO_API_KEY="spb_xxx"',
-  );
-  process.exit(1);
-}
-
-const apiUrl = process.env.SPROOBO_API_URL;
-const client = new SprooboClient(apiKey, apiUrl);
-
-const server = new McpServer({
-  name: "sproobo",
-  version: "0.1.0",
-});
-
-registerServerTools(server, client);
-registerSiteTools(server, client);
-registerDeploymentTools(server, client);
-registerNginxTools(server, client);
-registerFirewallTools(server, client);
-registerServiceTools(server, client);
-
-async function main() {
-  const transport = new StdioServerTransport();
-  await server.connect(transport);
-}
-
-main().catch((error) => {
-  console.error("Fatal error:", error);
-  process.exit(1);
-});

package/src/redact.ts

@@ -1,76 +0,0 @@
-/**
- * Redact sensitive fields from API responses before returning to MCP clients.
- * Prevents credentials, env vars, and tokens from leaking into agent context.
- */
-
-const SENSITIVE_KEYS = new Set([
-  "envVars",
-  "env_vars",
-  "environmentVariables",
-  "environment_variables",
-  "envTemplate",
-  "env_template",
-  "password",
-  "secret",
-  "token",
-  "apiKey",
-  "api_key",
-  "accessToken",
-  "access_token",
-  "refreshToken",
-  "refresh_token",
-  "privateKey",
-  "private_key",
-  "credentials",
-  "connectionString",
-  "connection_string",
-  "databaseUrl",
-  "database_url",
-]);
-
-/**
- * Whether a key looks like it holds a secret value.
- * Matches exact keys in SENSITIVE_KEYS, plus any key ending with
- * _KEY, _SECRET, _TOKEN, _PASSWORD, or _CREDENTIALS (case-insensitive).
- */
-function isSensitiveKey(key: string): boolean {
-  if (SENSITIVE_KEYS.has(key)) return true;
-
-  const upper = key.toUpperCase();
-  return (
-    upper.endsWith("_KEY") ||
-    upper.endsWith("_SECRET") ||
-    upper.endsWith("_TOKEN") ||
-    upper.endsWith("_PASSWORD") ||
-    upper.endsWith("_CREDENTIALS")
-  );
-}
-
-/**
- * Deep-clone a value, replacing sensitive fields with "[REDACTED]".
- */
-export function redact(value: unknown): unknown {
-  if (value === null || value === undefined) return value;
-  if (typeof value !== "object") return value;
-
-  if (Array.isArray(value)) {
-    return value.map((item) => redact(item));
-  }
-
-  const result: Record<string, unknown> = {};
-  for (const [key, val] of Object.entries(value as Record<string, unknown>)) {
-    if (isSensitiveKey(key)) {
-      result[key] = "[REDACTED]";
-    } else {
-      result[key] = redact(val);
-    }
-  }
-  return result;
-}
-
-/**
- * Redact and stringify for MCP tool responses.
- */
-export function safeJson(data: unknown): string {
-  return JSON.stringify(redact(data), null, 2);
-}

package/src/tools/deployments.ts

@@ -1,98 +0,0 @@
-import { z } from "zod";
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import type { SprooboClient } from "../client.js";
-import { safeJson } from "../redact.js";
-
-export function registerDeploymentTools(
-  server: McpServer,
-  client: SprooboClient,
-) {
-  server.tool(
-    "deploy_site",
-    "Trigger a new deployment for a site. Optionally specify a commit SHA to deploy a specific version.",
-    {
-      siteId: z.string().describe("The site ID"),
-      commitSha: z
-        .string()
-        .optional()
-        .describe("Specific commit SHA to deploy (optional, defaults to latest)"),
-    },
-    async ({ siteId, commitSha }) => {
-      const body: Record<string, string> = {};
-      if (commitSha) body.commitSha = commitSha;
-      const data = await client.post(`/api/sites/${siteId}/deployments`, body);
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "list_deployments",
-    "List deployment history for a site, ordered by most recent first",
-    { siteId: z.string().describe("The site ID") },
-    async ({ siteId }) => {
-      const data = await client.get(`/api/sites/${siteId}/deployments`);
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "get_deployment",
-    "Get detailed information about a specific deployment including status, commit, and timing",
-    {
-      siteId: z.string().describe("The site ID"),
-      deploymentId: z.string().describe("The deployment ID"),
-    },
-    async ({ siteId, deploymentId }) => {
-      const data = await client.get(
-        `/api/sites/${siteId}/deployments/${deploymentId}`,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "get_deployment_logs",
-    "Get the build and deploy logs for a specific deployment",
-    {
-      siteId: z.string().describe("The site ID"),
-      deploymentId: z.string().describe("The deployment ID"),
-    },
-    async ({ siteId, deploymentId }) => {
-      const logs = await client.getStream(
-        `/api/sites/${siteId}/deployments/${deploymentId}/stream`,
-      );
-      return {
-        content: [{ type: "text", text: logs || "(No logs available)" }],
-      };
-    },
-  );
-
-  server.tool(
-    "rollback_site",
-    "Rollback a site to a previous deployment. Use 'fast' mode for instant symlink switch or 'safe' mode for a full rebuild.",
-    {
-      siteId: z.string().describe("The site ID"),
-      mode: z
-        .enum(["fast", "safe"])
-        .optional()
-        .describe("Rollback mode: 'fast' (symlink switch) or 'safe' (full rebuild). Defaults to 'safe'."),
-    },
-    async ({ siteId, mode }) => {
-      const body: Record<string, string> = {};
-      if (mode) body.mode = mode;
-      const data = await client.post(
-        `/api/sites/${siteId}/deployments/rollback`,
-        body,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-}

package/src/tools/firewall.ts

@@ -1,82 +0,0 @@
-import { z } from "zod";
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import type { SprooboClient } from "../client.js";
-import { safeJson } from "../redact.js";
-
-export function registerFirewallTools(
-  server: McpServer,
-  client: SprooboClient,
-) {
-  server.tool(
-    "list_firewall_rules",
-    "List all firewall rules configured on a server",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.get(`/api/servers/${serverId}/firewall`);
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "create_firewall_rule",
-    "Create a new firewall rule on a server (does not apply it automatically — use apply_firewall_rules after)",
-    {
-      serverId: z.string().describe("The server ID"),
-      port: z.string().describe("Port or port range (e.g. '80', '8000:8100')"),
-      protocol: z
-        .enum(["tcp", "udp"])
-        .describe("Protocol: 'tcp' or 'udp'"),
-      source: z
-        .string()
-        .optional()
-        .describe("Source CIDR (e.g. '0.0.0.0/0' for any). Defaults to any."),
-      action: z
-        .enum(["allow", "deny"])
-        .describe("Action: 'allow' or 'deny'"),
-    },
-    async ({ serverId, port, protocol, source, action }) => {
-      const body: Record<string, string> = { port, protocol, action };
-      if (source) body.source = source;
-      const data = await client.post(
-        `/api/servers/${serverId}/firewall`,
-        body,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "delete_firewall_rule",
-    "Delete a firewall rule from a server",
-    {
-      serverId: z.string().describe("The server ID"),
-      ruleId: z.string().describe("The firewall rule ID to delete"),
-    },
-    async ({ serverId, ruleId }) => {
-      const data = await client.delete(
-        `/api/servers/${serverId}/firewall/${ruleId}`,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "apply_firewall_rules",
-    "Apply all configured firewall rules to the server (syncs UFW with the database rules)",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.post(
-        `/api/servers/${serverId}/firewall/apply-to-server`,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-}

package/src/tools/nginx.ts

@@ -1,65 +0,0 @@
-import { z } from "zod";
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import type { SprooboClient } from "../client.js";
-import { safeJson } from "../redact.js";
-
-export function registerNginxTools(server: McpServer, client: SprooboClient) {
-  server.tool(
-    "list_nginx_templates",
-    "List nginx configuration templates available on a server",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.get(
-        `/api/servers/${serverId}/nginx-templates`,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "get_nginx_config_files",
-    "Get the nginx configuration files on a server (sites-available, sites-enabled, etc.)",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.get(
-        `/api/servers/${serverId}/nginx-config/files`,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "test_nginx_config",
-    "Test the nginx configuration on a server for syntax errors (runs nginx -t)",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.post(
-        `/api/servers/${serverId}/nginx-config/test`,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-
-  server.tool(
-    "apply_nginx_template",
-    "Apply an nginx configuration template to a site on the server",
-    {
-      serverId: z.string().describe("The server ID"),
-      templateId: z.string().describe("The nginx template ID to apply"),
-    },
-    async ({ serverId, templateId }) => {
-      const data = await client.post(
-        `/api/servers/${serverId}/nginx-templates/${templateId}/apply`,
-      );
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-}

package/src/tools/servers.ts

@@ -1,36 +0,0 @@
-import { z } from "zod";
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import type { SprooboClient } from "../client.js";
-import { safeJson } from "../redact.js";
-
-export function registerServerTools(server: McpServer, client: SprooboClient) {
-  server.tool(
-    "list_servers",
-    "List all servers you have access to, with their status, IP, and provider info",
-    {},
-    async () => {
-      const data = await client.get("/api/servers");
-      return { content: [{ type: "text", text: safeJson(data) }] };
-    },
-  );
-
-  server.tool(
-    "get_server",
-    "Get detailed information about a specific server including status, IP, OS, and installed services",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.get(`/api/servers/${serverId}`);
-      return { content: [{ type: "text", text: safeJson(data) }] };
-    },
-  );
-
-  server.tool(
-    "get_server_metrics",
-    "Get the latest CPU, memory, disk, and network metrics for a server",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.get(`/api/servers/${serverId}/metrics/latest`);
-      return { content: [{ type: "text", text: safeJson(data) }] };
-    },
-  );
-}

package/src/tools/services.ts

@@ -1,21 +0,0 @@
-import { z } from "zod";
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import type { SprooboClient } from "../client.js";
-import { safeJson } from "../redact.js";
-
-export function registerServiceTools(
-  server: McpServer,
-  client: SprooboClient,
-) {
-  server.tool(
-    "list_services",
-    "List all installed services on a server (e.g. Redis, PostgreSQL, WordPress, Nginx)",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.get(`/api/servers/${serverId}/services`);
-      return {
-        content: [{ type: "text", text: safeJson(data) }],
-      };
-    },
-  );
-}

package/src/tools/sites.ts

@@ -1,26 +0,0 @@
-import { z } from "zod";
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import type { SprooboClient } from "../client.js";
-import { safeJson } from "../redact.js";
-
-export function registerSiteTools(server: McpServer, client: SprooboClient) {
-  server.tool(
-    "list_sites",
-    "List all sites deployed on a specific server",
-    { serverId: z.string().describe("The server ID") },
-    async ({ serverId }) => {
-      const data = await client.get(`/api/servers/${serverId}/sites`);
-      return { content: [{ type: "text", text: safeJson(data) }] };
-    },
-  );
-
-  server.tool(
-    "get_site",
-    "Get detailed information about a site including domains, deployment type, and status",
-    { siteId: z.string().describe("The site ID") },
-    async ({ siteId }) => {
-      const data = await client.get(`/api/sites/${siteId}`);
-      return { content: [{ type: "text", text: safeJson(data) }] };
-    },
-  );
-}

package/tsconfig.json

@@ -1,15 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2022",
-    "module": "NodeNext",
-    "lib": ["ES2022"],
-    "moduleResolution": "NodeNext",
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "declaration": true,
-    "declarationMap": true,
-    "strict": true,
-    "skipLibCheck": true
-  },
-  "include": ["src/**/*"]
-}

package/vitest.config.ts

@@ -1,7 +0,0 @@
-import { defineConfig } from "vitest/config";
-
-export default defineConfig({
-  test: {
-    include: ["src/**/*.test.ts"],
-  },
-});