@zibby/mcp-cli 0.3.4 → 0.3.7

package/index.js

@@ -482,8 +482,20 @@ server.tool(
     name: z.string().min(1).optional().describe('Display name for the instance (shown as the dashboard header). ALWAYS pick a meaningful name based on WHAT is being installed and its purpose, NOT the install command. Good examples: `n8n-workflows`, `team-wiki`, `vaultwarden-secrets`, `rails-blog`. Bad examples: `test`, `goal-test`, `instance-1`, `install-n8n`. Max 80 chars, alphanumeric + dashes. Defaults to appType on catalog deploys; for goal deploys you MUST provide one or the server falls back to the first line of the goal text which is usually ugly.'),
     provider: z.enum(['claude', 'codex']).optional().describe('Agent provider. Default "claude" (Anthropic). "codex" runs the OpenAI Codex agent and requires an OpenAI API key in workspace-credentials.'),
     architecture: z.enum(['x86_64', 'arm64']).optional().describe('CPU architecture for the Fargate task. "arm64" runs on AWS Graviton — ~20% cheaper compute (same price to user). "x86_64" is the historical default + widest catalog compatibility. Omit to accept the catalog tile\'s preferred arch (first entry in its `architectures` array — usually arm64 for tiles that support it).'),
+    model: z.string().min(1).optional().describe('Claude model identifier (e.g. claude-sonnet-4-6). Overrides the agent-ops bootstrap default. Use a stronger model (Opus) for complex installs; cheaper (Haiku) for trivial.'),
+    anthropicToken: z.string().regex(/^sk-ant-(oat01|api03)-/, 'must be sk-ant-oat01-* or sk-ant-api03-*').optional().describe('Per-deploy Claude credential override. Defaults to the workspace-stored token. SENSITIVE — never log or persist.'),
+    maxTurns: z.number().int().min(1).max(200).optional().describe('Claude subprocess max turns. Default 25. Bump for heavy installs (n8n, OpenHands) that need background tool calls + retries.'),
+    timeoutMin: z.number().int().min(1).max(120).optional().describe('Bootstrap task wall-clock minutes. Default 30. Bump when npm install / docker pull / native compile dominates wall time.'),
+    // Optional Caddy auth sidecar — wraps the public URL with basic-auth
+    // or bearer-token validation. Apps like Grafana ship admin/admin and
+    // raw n8n/openhands ship with nothing, so gating the public URL is a
+    // common ask. Catalog never declares this — it's per-instance.
+    authType: z.enum(['basic', 'token', 'none']).optional().describe('Optional reverse-proxy auth in front of the public URL. "basic" = username + password (browser challenge), "token" = Authorization: Bearer header (machine-friendly), "none" = no gate (default, current behavior). Caddy sidecar adds ~30MB image / ~10MB RAM — no tier bump.'),
+    authUser: z.string().min(1).max(64).optional().describe('Username for authType=basic. Required when enabling basic. Printable ASCII, no spaces.'),
+    authPassword: z.string().min(8).max(256).optional().describe('Password for authType=basic. SENSITIVE — bcrypt-hashed server-side, plaintext never persisted. Required when enabling basic.'),
+    authToken: z.string().min(16).max(128).regex(/^[A-Za-z0-9_-]+$/, 'base64url alphabet only').optional().describe('Optional bearer token for authType=token. Omit to let the backend auto-generate a 32-byte token (returned ONCE in the deploy response — surface it to the user with a save-it warning). SENSITIVE.'),
   },
-  async ({ appType, goal, projectId, name, provider, architecture }) => {
+  async ({ appType, goal, projectId, name, provider, architecture, model, anthropicToken, maxTurns, timeoutMin, authType, authUser, authPassword, authToken }) => {
     // Enforce mutual exclusivity client-side so the agent gets a clear
     // error before we burn an HTTP round-trip. Backend enforces the
     // same invariant (apps.js::deployApp) but this gives a faster
@@ -507,7 +519,26 @@ server.tool(
     if (name) args.push('--name', name);
     if (provider) args.push('--provider', provider);
     if (architecture) args.push('--arch', architecture);
-    return cliResult(await runCli(args, { extraEnv: { ZIBBY_API_KEY: apiKey } }));
+    if (model) args.push('--model', model);
+    // --max-turns / --timeout-min are integer caps on the per-instance
+    // bootstrap. Both forwarded as argv — neither is sensitive. CLI
+    // re-validates the ranges (1..200, 1..120) so a malformed value 400s
+    // locally before hitting the backend.
+    if (maxTurns !== undefined) args.push('--max-turns', String(maxTurns));
+    if (timeoutMin !== undefined) args.push('--timeout-min', String(timeoutMin));
+    if (authType) args.push('--auth-type', authType);
+    if (authUser) args.push('--auth-user', authUser);
+    // anthropicToken is SENSITIVE. Forwarded to the @zibby/cli subprocess
+    // via ZIBBY_ANTHROPIC_TOKEN env (NOT argv) so the token never lands
+    // in /proc/<pid>/cmdline or argv-scraping ps tools. The CLI sees the
+    // env, applies the same regex check, and passes it as a body field.
+    // Same treatment for authPassword / authToken — both pulled by the
+    // CLI from env so the password / bearer never appears in argv.
+    const extraEnv = { ZIBBY_API_KEY: apiKey };
+    if (anthropicToken) extraEnv.ZIBBY_ANTHROPIC_TOKEN = anthropicToken;
+    if (authPassword)   extraEnv.ZIBBY_APP_AUTH_PASSWORD = authPassword;
+    if (authToken)      extraEnv.ZIBBY_APP_AUTH_TOKEN = authToken;
+    return cliResult(await runCli(args, { extraEnv }));
   }
 );
 
@@ -667,6 +698,49 @@ server.tool(
   }
 );
 
+// ── Tool: enable / rotate / disable the Caddy auth sidecar on a running
+// instance. Per-instance opt-in reverse-proxy that gates the public URL
+// with basic-auth (username + bcrypt'd password) or bearer-token
+// validation. Use cases:
+//   - User says "lock down my Grafana with admin / hunter2"
+//     → authType:'basic', authUser:'admin', authPassword:'hunter2-strong'
+//   - User says "give me a token for my n8n public URL"
+//     → authType:'token' (backend auto-generates; agent prints once + warns)
+//   - User says "rotate the password to <new>" on an existing basic-auth
+//     → authPassword:'<new>' (omit authType; PATCH preserves it)
+//   - User says "remove auth from my app"
+//     → authType:'none'
+server.tool(
+  'zibby_set_app_auth',
+  'Enable, rotate, or disable the optional Caddy reverse-proxy auth sidecar on a running app instance. The sidecar fronts the public URL with basic-auth or bearer-token validation, useful for apps that ship with weak / no built-in auth (Grafana=admin/admin, raw n8n / openhands = none). PATCH semantics: omitted fields preserve current state, so e.g. passing just authPassword on a basic-auth instance rotates the password without re-specifying the user. For token mode WITHOUT an explicit authToken, the backend generates a fresh 32-byte token and returns it ONCE in the response — surface it to the user with a save-this-now warning since it can never be retrieved again. Triggers a rolling ECS task replace (~30s); EFS data preserved.',
+  {
+    instanceId: z.string().min(1).describe('Instance ID to update auth on'),
+    projectId: z.string().min(1).optional().describe('Project the instance belongs to (picks the right cached API token)'),
+    authType: z.enum(['basic', 'token', 'none']).optional().describe('"basic" | "token" | "none". Omit to preserve current type (e.g. rotate just the password). "none" disables the sidecar — public URL exposes the app port directly again.'),
+    authUser: z.string().min(1).max(64).optional().describe('Username for basic auth. Required when SWITCHING TO basic; preserved on subsequent rotations.'),
+    authPassword: z.string().min(8).max(256).optional().describe('Password for basic auth. SENSITIVE — bcrypt-hashed server-side. Pass to rotate; omit to preserve current.'),
+    authToken: z.string().min(16).max(128).regex(/^[A-Za-z0-9_-]+$/, 'base64url alphabet only').optional().describe('Optional explicit bearer token for token auth. Omit on token-mode to let the backend regenerate (returned ONCE — print + warn user). SENSITIVE.'),
+    off: z.boolean().optional().describe('Operator-friendly alias for authType:"none". When true, disables the auth sidecar entirely.'),
+  },
+  async ({ instanceId, projectId, authType, authUser, authPassword, authToken, off }) => {
+    const extraEnv = {};
+    if (projectId) {
+      const apiKey = getProjectApiToken(projectId);
+      if (apiKey) extraEnv.ZIBBY_API_KEY = apiKey;
+    }
+    const args = ['app', 'set-auth', instanceId];
+    if (off) args.push('--off');
+    if (authType) args.push('--auth-type', authType);
+    if (authUser) args.push('--auth-user', authUser);
+    // Sensitive args via env (NOT argv) so password / token never lands in
+    // /proc/<pid>/cmdline or argv-scraping ps tools — same pattern as
+    // anthropicToken on zibby_deploy_app.
+    if (authPassword) extraEnv.ZIBBY_APP_AUTH_PASSWORD = authPassword;
+    if (authToken)    extraEnv.ZIBBY_APP_AUTH_TOKEN = authToken;
+    return cliResult(await runCli(args, { extraEnv }));
+  }
+);
+
 // ── Connect ─────────────────────────────────────────────────────────────
 
 await server.connect(new StdioServerTransport());

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zibby/mcp-cli",
-  "version": "0.3.4",
+  "version": "0.3.7",
   "description": "Zibby local-essential MCP Server — local workflow scaffold/validate/run + deploy/download (bundles local files). Pure-API tools live in the Zibby Remote MCP (api-prod.zibby.app/mcp).",
   "type": "module",
   "main": "index.js",