@vucinatim/agentic-devtools 0.1.0

package/src/tools/namecheap/mcp.mjs

@@ -0,0 +1,298 @@
+#!/usr/bin/env node
+
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import {
+  AUTH_CONFIG_PATH,
+  clearStoredAuthConfig,
+  getAuthStatus,
+  runBrowserAuthFlow,
+} from "./auth.mjs";
+import { createResolvedNamecheapClient } from "./client.mjs";
+
+const HELP_TEXT = `Usage: agentic-devtools mcp namecheap
+
+Namecheap MCP server
+
+Optional environment variables:
+  NAMECHEAP_API_USER
+  NAMECHEAP_API_KEY
+  NAMECHEAP_USERNAME
+  NAMECHEAP_CLIENT_IP
+  NAMECHEAP_API_BASE_URL
+  NAMECHEAP_API_SANDBOX=1
+
+If env vars are not provided, use the connectNamecheap tool to open the browser-based setup flow and save local plugin credentials.
+`;
+
+const recordSchema = z.object({
+  name: z.string().min(1),
+  type: z.enum([
+    "A",
+    "AAAA",
+    "ALIAS",
+    "CAA",
+    "CNAME",
+    "FRAME",
+    "MX",
+    "MXE",
+    "NS",
+    "TXT",
+    "URL",
+    "URL301",
+  ]),
+  address: z.string().min(1),
+  ttl: z.number().int().min(60).max(60000).optional(),
+  mxPref: z.number().int().min(0).max(65535).optional(),
+  emailType: z.enum(["FWD", "MX", "MXE", "OX"]).optional(),
+  flag: z.number().int().min(0).max(255).optional(),
+  tag: z.enum(["issue", "issuewild", "iodef"]).optional(),
+});
+
+const createToolResult = (value) => ({
+  content: [
+    {
+      type: "text",
+      text: JSON.stringify(value, null, 2),
+    },
+  ],
+  structuredContent: value,
+});
+
+const createServer = () => {
+  const server = new McpServer(
+    {
+      name: "namecheap",
+      version: "0.1.0",
+    },
+    {
+      instructions:
+        "Use these tools for Namecheap-managed domains and DNS. Prefer getDomainDns before mutating records because Namecheap setHosts replaces the full record set. Namecheap auth is API-key based, not OAuth.",
+    },
+  );
+
+  const withClient = async (callback) => {
+    const client = await createResolvedNamecheapClient();
+    return callback(client);
+  };
+
+  server.registerTool(
+    "getAuthStatus",
+    {
+      description:
+        "Show whether Namecheap credentials are configured through environment variables or the local plugin auth file.",
+    },
+    async () => createToolResult(await getAuthStatus()),
+  );
+
+  server.registerTool(
+    "connectNamecheap",
+    {
+      description:
+        "Open a browser-based setup flow for Namecheap API credentials. This stores credentials locally in the plugin auth file because Namecheap uses API keys and IP whitelisting rather than OAuth tokens.",
+      inputSchema: {
+        sandbox: z.boolean().optional(),
+      },
+    },
+    async ({ sandbox }) =>
+      createToolResult({
+        ...(await runBrowserAuthFlow({
+          defaultSandbox: sandbox ?? true,
+        })),
+        configPath: AUTH_CONFIG_PATH,
+      }),
+  );
+
+  server.registerTool(
+    "disconnectNamecheap",
+    {
+      description:
+        "Remove locally stored Namecheap credentials from the plugin auth file.",
+    },
+    async () => {
+      await clearStoredAuthConfig();
+      return createToolResult({
+        disconnected: true,
+        configPath: AUTH_CONFIG_PATH,
+      });
+    },
+  );
+
+  server.registerTool(
+    "testNamecheapConnection",
+    {
+      description:
+        "Verify that the configured Namecheap credentials can successfully call the API.",
+    },
+    async () =>
+      createToolResult(
+        await withClient(async (client) => {
+          const result = await client.listDomains({ page: 1, pageSize: 1 });
+          return {
+            ok: true,
+            domainCount: result.paging.totalItems,
+            sampleDomains: result.domains.slice(0, 1).map((domain) => domain.name),
+            baseUrl: client.baseUrl,
+          };
+        }),
+      ),
+  );
+
+  server.registerTool(
+    "listDomains",
+    {
+      description:
+        "List domains in the configured Namecheap account. Use searchTerm to narrow results.",
+      inputSchema: {
+        searchTerm: z.string().optional(),
+        page: z.number().int().min(1).optional(),
+        pageSize: z.number().int().min(1).max(100).optional(),
+        listType: z.enum(["ALL", "EXPIRING", "EXPIRED"]).optional(),
+        sortBy: z
+          .enum([
+            "NAME",
+            "NAME_DESC",
+            "EXPIREDATE",
+            "EXPIREDATE_DESC",
+            "CREATEDATE",
+            "CREATEDATE_DESC",
+          ])
+          .optional(),
+      },
+    },
+    async (args) =>
+      createToolResult(await withClient((client) => client.listDomains(args))),
+  );
+
+  server.registerTool(
+    "getDomainDns",
+    {
+      description:
+        "Get Namecheap DNS status, nameservers, and host records for a registered domain.",
+      inputSchema: {
+        domain: z.string().min(1),
+      },
+    },
+    async ({ domain }) =>
+      createToolResult(await withClient((client) => client.getDomainDns(domain))),
+  );
+
+  server.registerTool(
+    "replaceDomainDns",
+    {
+      description:
+        "Replace the full DNS host record set for a Namecheap-managed domain. This is destructive and should only be used with the complete intended record list.",
+      inputSchema: {
+        domain: z.string().min(1),
+        records: z.array(recordSchema).min(1),
+        emailType: z.enum(["FWD", "MX", "MXE", "OX"]).optional(),
+      },
+    },
+    async ({ domain, records, emailType }) =>
+      createToolResult(
+        await withClient((client) =>
+          client.replaceDomainDns({ domain, records, emailType }),
+        ),
+      ),
+  );
+
+  server.registerTool(
+    "addDomainDnsRecord",
+    {
+      description:
+        "Add a single DNS record while preserving the existing Namecheap DNS zone. No change is made if an identical record already exists.",
+      inputSchema: {
+        domain: z.string().min(1),
+        record: recordSchema,
+      },
+    },
+    async ({ domain, record }) =>
+      createToolResult(
+        await withClient((client) =>
+          client.addDomainDnsRecord({ domain, record }),
+        ),
+      ),
+  );
+
+  server.registerTool(
+    "removeDomainDnsRecord",
+    {
+      description:
+        "Remove a single DNS record by exact match while preserving the rest of the zone.",
+      inputSchema: {
+        domain: z.string().min(1),
+        record: recordSchema,
+      },
+    },
+    async ({ domain, record }) =>
+      createToolResult(
+        await withClient((client) =>
+          client.removeDomainDnsRecord({ domain, record }),
+        ),
+      ),
+  );
+
+  server.registerTool(
+    "updateDomainDnsRecord",
+    {
+      description:
+        "Update exactly one DNS record by explicit match while preserving the rest of the zone. Fails if zero or multiple records match.",
+      inputSchema: {
+        domain: z.string().min(1),
+        matchRecord: recordSchema,
+        newRecord: recordSchema,
+      },
+    },
+    async ({ domain, matchRecord, newRecord }) =>
+      createToolResult(
+        await withClient((client) =>
+          client.updateDomainDnsRecord({ domain, matchRecord, newRecord }),
+        ),
+      ),
+  );
+
+  return server;
+};
+
+const argv = process.argv.slice(2);
+
+if (argv.includes("--help") || argv.includes("-h")) {
+  process.stdout.write(HELP_TEXT);
+  process.exit(0);
+}
+
+if (argv.includes("--auth-status")) {
+  process.stdout.write(`${JSON.stringify(await getAuthStatus(), null, 2)}\n`);
+  process.exit(0);
+}
+
+if (argv.includes("--connect")) {
+  process.stdout.write("Opening Namecheap browser setup flow...\n");
+  const result = await runBrowserAuthFlow({ defaultSandbox: true });
+  process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
+  process.exit(0);
+}
+
+if (argv.includes("--test-connection")) {
+  const client = await createResolvedNamecheapClient();
+  const result = await client.listDomains({ page: 1, pageSize: 1 });
+  process.stdout.write(
+    `${JSON.stringify(
+      {
+        ok: true,
+        domainCount: result.paging.totalItems,
+        sampleDomains: result.domains.slice(0, 1).map((domain) => domain.name),
+        baseUrl: client.baseUrl,
+      },
+      null,
+      2,
+    )}\n`,
+  );
+  process.exit(0);
+}
+
+const server = createServer();
+const transport = new StdioServerTransport();
+
+await server.connect(transport);

package/src/tools/npm/auth.mjs

@@ -0,0 +1,367 @@
+import { createServer } from "node:http";
+import { randomUUID } from "node:crypto";
+import { readFile } from "node:fs/promises";
+import { readFileSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import {
+  escapeHtml,
+  openBrowser,
+  parseFormBody,
+  pickString,
+  readJsonConfig,
+  readJsonConfigSync,
+  removeJsonConfig,
+  resolveConfigPath,
+  writeJsonConfig,
+} from "../../core/config-store.mjs";
+
+export const DEFAULT_NPM_REGISTRY = "https://registry.npmjs.org";
+export const NPM_AUTH_CONFIG_PATH = resolveConfigPath({
+  env: process.env,
+  envVar: "AGENTIC_DEVTOOLS_NPM_AUTH_CONFIG_PATH",
+  fileName: "npm.json",
+});
+
+const DEFAULT_TIMEOUT_MS = 10 * 60 * 1000;
+
+const normalizeRegistry = (registry = DEFAULT_NPM_REGISTRY) =>
+  String(registry || DEFAULT_NPM_REGISTRY).replace(/\/+$/, "");
+
+const npmrcPaths = (env = process.env) => [
+  pickString(env.NPM_CONFIG_USERCONFIG),
+  path.join(os.homedir(), ".npmrc"),
+].filter(Boolean);
+
+const npmrcTokenKeyForRegistry = (registry) => {
+  const url = new URL(normalizeRegistry(registry));
+  return `//${url.host}${url.pathname === "/" ? "" : url.pathname}/:_authToken`;
+};
+
+const parseNpmrc = (content, registry) => {
+  const expectedKey = npmrcTokenKeyForRegistry(registry);
+  const lines = content.split(/\r?\n/);
+
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith(";")) {
+      continue;
+    }
+    const separatorIndex = trimmed.indexOf("=");
+    if (separatorIndex < 0) {
+      continue;
+    }
+    const key = trimmed.slice(0, separatorIndex).trim();
+    const value = trimmed.slice(separatorIndex + 1).trim();
+    if (key === expectedKey && value) {
+      return value.replace(/^["']|["']$/g, "");
+    }
+  }
+
+  return null;
+};
+
+const readNpmrcToken = async (env = process.env, registry = DEFAULT_NPM_REGISTRY) => {
+  if (env !== process.env && !env.NPM_CONFIG_USERCONFIG) {
+    return null;
+  }
+
+  for (const filePath of npmrcPaths(env)) {
+    try {
+      const token = parseNpmrc(await readFile(filePath, "utf8"), registry);
+      if (token) {
+        return { token, source: `npmrc:${filePath}` };
+      }
+    } catch (error) {
+      if (error && typeof error === "object" && error.code === "ENOENT") {
+        continue;
+      }
+      throw error;
+    }
+  }
+
+  return null;
+};
+
+const readNpmrcTokenSync = (env = process.env, registry = DEFAULT_NPM_REGISTRY) => {
+  if (env !== process.env && !env.NPM_CONFIG_USERCONFIG) {
+    return null;
+  }
+
+  for (const filePath of npmrcPaths(env)) {
+    try {
+      const token = parseNpmrc(readFileSync(filePath, "utf8"), registry);
+      if (token) {
+        return { token, source: `npmrc:${filePath}` };
+      }
+    } catch (error) {
+      if (error && typeof error === "object" && error.code === "ENOENT") {
+        continue;
+      }
+      throw error;
+    }
+  }
+
+  return null;
+};
+
+const shouldReadStoredConfig = (env) =>
+  env === process.env ||
+  typeof env.AGENTIC_DEVTOOLS_NPM_AUTH_CONFIG_PATH === "string";
+
+const configPathForEnv = (env = process.env) =>
+  resolveConfigPath({
+    env,
+    envVar: "AGENTIC_DEVTOOLS_NPM_AUTH_CONFIG_PATH",
+    fileName: "npm.json",
+  });
+
+const readStoredNpmAuthConfig = (env = process.env) => {
+  if (!shouldReadStoredConfig(env)) {
+    return null;
+  }
+  return readJsonConfigSync(configPathForEnv(env));
+};
+
+export const saveNpmAuthConfig = async ({
+  token,
+  registry = DEFAULT_NPM_REGISTRY,
+} = {}) => {
+  const config = {
+    token: String(token ?? "").trim(),
+    registry: normalizeRegistry(registry),
+    savedAt: new Date().toISOString(),
+  };
+
+  if (!config.token) {
+    throw new Error("Missing token in npm auth config.");
+  }
+
+  await writeJsonConfig(NPM_AUTH_CONFIG_PATH, config);
+
+  return {
+    configPath: NPM_AUTH_CONFIG_PATH,
+    registry: config.registry,
+  };
+};
+
+export const resolveNpmAuthConfig = (env = process.env) => {
+  const registry =
+    pickString(env.NPM_CONFIG_REGISTRY) ||
+    pickString(env.npm_config_registry) ||
+    DEFAULT_NPM_REGISTRY;
+
+  const envToken = pickString(env.NPM_TOKEN) || pickString(env.NODE_AUTH_TOKEN);
+  if (envToken) {
+    return {
+      token: envToken,
+      registry: normalizeRegistry(registry),
+      source: pickString(env.NPM_TOKEN) ? "env:NPM_TOKEN" : "env:NODE_AUTH_TOKEN",
+    };
+  }
+
+  const stored = readStoredNpmAuthConfig(env);
+  if (stored?.token) {
+    return {
+      token: stored.token,
+      registry: normalizeRegistry(stored.registry || registry),
+      source: "file",
+    };
+  }
+
+  const npmrc = readNpmrcTokenSync(env, registry);
+  if (npmrc?.token) {
+    return {
+      token: npmrc.token,
+      registry: normalizeRegistry(registry),
+      source: npmrc.source,
+    };
+  }
+
+  return {
+    token: null,
+    registry: normalizeRegistry(registry),
+    source: null,
+  };
+};
+
+export const getNpmAuthStatus = (env = process.env) => {
+  const auth = resolveNpmAuthConfig(env);
+  return {
+    configured: Boolean(auth.token),
+    source: auth.source,
+    registry: auth.registry,
+    configPath: configPathForEnv(env),
+  };
+};
+
+export const clearStoredNpmAuthConfig = async () => {
+  await removeJsonConfig(NPM_AUTH_CONFIG_PATH);
+};
+
+export const disconnectNpm = async () => {
+  await clearStoredNpmAuthConfig();
+  return {
+    disconnected: true,
+    configPath: NPM_AUTH_CONFIG_PATH,
+  };
+};
+
+/* v8 ignore start */
+const renderNpmPage = ({ csrfToken, message = "", defaults = {} }) => `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>npm Setup</title>
+    <style>
+      body { margin: 0; font-family: ui-sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; background: #f7f7f8; color: #191919; }
+      .wrap { max-width: 760px; margin: 32px auto; padding: 24px; }
+      .panel { background: white; border: 1px solid #dedee3; border-radius: 16px; padding: 24px; }
+      h1 { margin-top: 0; font-size: 28px; }
+      p, li { line-height: 1.5; color: #5f6068; }
+      a { color: #cb3837; }
+      form { display: grid; gap: 16px; margin-top: 24px; }
+      label { display: grid; gap: 6px; font-weight: 600; }
+      input { padding: 12px 14px; border-radius: 10px; border: 1px solid #dedee3; font: inherit; background: white; }
+      .message { margin-top: 16px; padding: 12px 14px; border-radius: 10px; background: #fff1ec; color: #8f2719; }
+      button { border: 0; border-radius: 999px; padding: 12px 18px; font: inherit; font-weight: 700; color: white; background: #cb3837; cursor: pointer; width: fit-content; }
+      code { background: #eeeeef; padding: 2px 6px; border-radius: 6px; }
+    </style>
+  </head>
+  <body>
+    <div class="wrap">
+      <div class="panel">
+        <h1>Connect npm</h1>
+        <p>npm does not provide a normal third-party OAuth login for local tools. Create a granular token, paste it here, and Agentic Devtools will store it locally.</p>
+        <ol>
+          <li>Open <a href="https://www.npmjs.com/settings/-/tokens" target="_blank" rel="noreferrer">npm access tokens</a>.</li>
+          <li>Create the narrowest granular token that matches your task.</li>
+          <li>For publishing, prefer GitHub Actions Trusted Publishing instead of long-lived write tokens.</li>
+        </ol>
+        ${message ? `<div class="message">${escapeHtml(message)}</div>` : ""}
+        <form method="post" action="/save">
+          <input type="hidden" name="csrfToken" value="${escapeHtml(csrfToken)}" />
+          <label>
+            npm Token
+            <input name="token" type="password" required />
+          </label>
+          <label>
+            Registry
+            <input name="registry" type="text" value="${escapeHtml(defaults.registry ?? DEFAULT_NPM_REGISTRY)}" />
+          </label>
+          <button type="submit">Save npm Token</button>
+        </form>
+      </div>
+    </div>
+  </body>
+</html>`;
+
+export const runNpmBrowserAuthFlow = async ({
+  onReady,
+  validateConnection = true,
+  timeoutMs = DEFAULT_TIMEOUT_MS,
+} = {}) => {
+  const existing = await readJsonConfig(NPM_AUTH_CONFIG_PATH);
+  const csrfToken = randomUUID();
+
+  return await new Promise((resolve, reject) => {
+    let closed = false;
+    let timeoutId;
+
+    const finish = (callback) => {
+      if (closed) {
+        return;
+      }
+      closed = true;
+      clearTimeout(timeoutId);
+      server.close(() => callback());
+    };
+
+    const server = createServer(async (request, response) => {
+      const requestUrl = new URL(request.url ?? "/", "http://127.0.0.1");
+
+      if (request.method === "GET" && requestUrl.pathname === "/") {
+        response.writeHead(200, { "content-type": "text/html; charset=utf-8" });
+        response.end(
+          renderNpmPage({
+            csrfToken,
+            defaults: { registry: existing?.registry ?? DEFAULT_NPM_REGISTRY },
+          }),
+        );
+        return;
+      }
+
+      if (request.method === "POST" && requestUrl.pathname === "/save") {
+        let body = {};
+        try {
+          body = await parseFormBody(request);
+          if (body.csrfToken !== csrfToken) {
+            response.writeHead(403, { "content-type": "text/html; charset=utf-8" });
+            response.end("Invalid CSRF token.");
+            return;
+          }
+
+          if (validateConnection) {
+            const { createNpmClient } = await import("./client.mjs");
+            const client = createNpmClient({
+              env: {
+                NPM_TOKEN: String(body.token ?? ""),
+                NPM_CONFIG_REGISTRY: String(body.registry ?? DEFAULT_NPM_REGISTRY),
+              },
+            });
+            await client.getCurrentUser();
+          }
+
+          const saved = await saveNpmAuthConfig({
+            token: body.token,
+            registry: body.registry,
+          });
+
+          response.writeHead(200, { "content-type": "text/html; charset=utf-8" });
+          response.end(`<!doctype html><html><body style="font-family: sans-serif; padding: 24px;"><h1>npm connected</h1><p>Token was saved to <code>${escapeHtml(saved.configPath)}</code>. You can close this tab.</p></body></html>`);
+          finish(() => resolve(saved));
+        } catch (error) {
+          response.writeHead(400, { "content-type": "text/html; charset=utf-8" });
+          response.end(
+            renderNpmPage({
+              csrfToken,
+              message: error instanceof Error ? error.message : String(error),
+              defaults: { registry: body.registry ?? DEFAULT_NPM_REGISTRY },
+            }),
+          );
+        }
+        return;
+      }
+
+      response.writeHead(404);
+      response.end("Not found");
+    });
+
+    server.listen(0, "127.0.0.1", async () => {
+      try {
+        const address = server.address();
+        if (!address || typeof address === "string") {
+          throw new Error("Failed to bind local npm auth server.");
+        }
+
+        const url = `http://127.0.0.1:${address.port}/`;
+        if (typeof onReady === "function") {
+          onReady({ url });
+        }
+        await openBrowser(url, {
+          skipEnvVar: "NPM_SKIP_BROWSER_OPEN",
+        });
+      } catch (error) {
+        finish(() => reject(error));
+      }
+    });
+
+    timeoutId = setTimeout(() => {
+      finish(() => reject(new Error("Timed out waiting for npm browser setup to complete.")));
+    }, timeoutMs);
+  });
+};
+/* v8 ignore stop */
+
+export const connectNpm = runNpmBrowserAuthFlow;