@vantageos/vantage-registry-mcp 1.6.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +45 -2
  2. package/package.json +2 -2
  3. package/server.js +1714 -1515
  4. package/server.ts +448 -133
package/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  MCP server exposing [VantageRegistry](https://github.com/elpiarthera/vantage-registry) Convex functions as Claude Code tools via stdio transport.
4
4
 
5
- **Version:** 1.1.1
5
+ **Version:** 1.7.0
6
6
  **Backend:** Convex (vibrant-ibex-858)
7
7
  **Transport:** stdio (Claude Code MCP protocol)
8
8
 
@@ -229,10 +229,53 @@ Added optional `template_type` discriminator field:
229
229
 
230
230
  ---
231
231
 
232
+ ## ADMIN mode vs read-only mode (new in 1.7.0)
233
+
234
+ The MCP server operates in one of two modes depending on token configuration:
235
+
236
+ ### ADMIN mode (write operations enabled)
237
+
238
+ Requires **both** environment variables:
239
+
240
+ ```
241
+ MCP_BEARER_TOKEN=<admin-token> # HTTP transport only — identifies admin callers
242
+ VR_ADMIN_WRITE_SECRET=<secret> # backend write guard secret (from PR #93)
243
+ ```
244
+
245
+ Write tools (`upsert_*`, `delete_*`, `register_component`, `update_component`,
246
+ `link_runbook_template`, `unlink_runbook_template`) inject `adminSecret` into every Convex
247
+ mutation call server-side. `adminSecret` is **never** exposed in tool input schemas — clients
248
+ do not provide it.
249
+
250
+ ### Read-only mode (write operations refused)
251
+
252
+ When the server is configured with `MCP_BEARER_TOKEN_READONLY` only (no admin token), all
253
+ write tool calls are refused:
254
+ - HTTP transport: returns `403 Forbidden` before the handler executes.
255
+ - stdio transport: `adminWriteArgs()` throws immediately — zero mutations fired.
256
+
257
+ A read-only instance cannot be made to write even if `VR_ADMIN_WRITE_SECRET` is present in
258
+ its environment. The ADMIN mode gate is checked before the secret is injected.
259
+
260
+ ### Write tool list (all require ADMIN mode + VR_ADMIN_WRITE_SECRET)
261
+
262
+ `upsert_team`, `upsert_agent`, `upsert_skill`, `upsert_skill_content`,
263
+ `upsert_agent_content`, `upsert_plugin_content`, `upsert_hook_content`,
264
+ `upsert_command_content`, `upsert_plugin`, `upsert_hook`, `upsert_prompt`,
265
+ `upsert_template`, `upsert_test_run`, `upsert_skill_eval_corpus`,
266
+ `upsert_runbook`, `delete_runbook`, `link_runbook_template`,
267
+ `unlink_runbook_template`, `register_component`, `update_component`, `delete_component`
268
+
269
+ ### Read tool list (work in both modes, no secret required)
270
+
271
+ All `list_*`, `get_*`, `detect_*`, `search_components`, `get_stats`.
272
+
273
+ ---
274
+
232
275
  ## Changelog
233
276
 
234
277
  See [CHANGELOG.md](../CHANGELOG.md) at the repo root.
235
278
 
236
279
  ---
237
280
 
238
- Orchestrator: Omega — VantageOS Team | 2026-05-19
281
+ Orchestrator: Omega — VantageOS Team | 2026-06-14
package/package.json CHANGED
@@ -1,10 +1,10 @@
1
1
  {
2
2
  "name": "@vantageos/vantage-registry-mcp",
3
- "version": "1.6.0",
3
+ "version": "1.7.0",
4
4
  "description": "MCP server exposing VantageRegistry Convex functions as Claude Code tools",
5
5
  "type": "module",
6
6
  "bin": {
7
- "vantage-registry": "./server.ts"
7
+ "vantage-registry": "./server.js"
8
8
  },
9
9
  "scripts": {
10
10
  "build": "esbuild server.ts --bundle --platform=node --format=esm --outfile=server.js --external:convex --external:@modelcontextprotocol/sdk --external:zod --external:dotenv",