agentstudio 0.1.20 → 0.1.21

package/routes/mcpAdmin.js

@@ -0,0 +1,308 @@
+"use strict";
+/**
+ * MCP Admin Routes
+ *
+ * HTTP endpoints for the MCP Admin Server.
+ * Implements MCP HTTP Streamable protocol with pure JSON responses.
+ *
+ * Endpoints:
+ * - POST /api/mcp-admin - Handle MCP JSON-RPC requests
+ * - GET /api/mcp-admin/keys - List admin API keys (requires existing admin auth)
+ * - POST /api/mcp-admin/keys - Create admin API key (requires existing admin auth)
+ * - DELETE /api/mcp-admin/keys/:keyId - Revoke admin API key
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = __importDefault(require("express"));
+const index_js_1 = require("../services/mcpAdmin/index.js");
+const types_js_1 = require("../services/mcpAdmin/types.js");
+const router = express_1.default.Router();
+// Initialize MCP Admin Server with all tools
+const mcpServer = (0, index_js_1.getMcpAdminServer)();
+mcpServer.registerTools(index_js_1.allTools);
+console.info(`[MCP Admin] Server initialized with ${mcpServer.getToolCount()} tools`);
+async function adminAuth(req, res, next) {
+    try {
+        const authHeader = req.headers.authorization;
+        if (!authHeader) {
+            res.status(401).json({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32001,
+                    message: 'Missing Authorization header',
+                    data: 'Include: Authorization: Bearer <admin-api-key>',
+                },
+            });
+            return;
+        }
+        if (!authHeader.startsWith('Bearer ')) {
+            res.status(401).json({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32001,
+                    message: 'Invalid Authorization header format',
+                    data: 'Use: Authorization: Bearer <admin-api-key>',
+                },
+            });
+            return;
+        }
+        const apiKey = authHeader.substring(7);
+        if (!apiKey) {
+            res.status(401).json({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32001,
+                    message: 'Empty API key',
+                },
+            });
+            return;
+        }
+        const validation = await (0, index_js_1.validateAdminApiKey)(apiKey);
+        if (!validation.valid) {
+            console.warn('[MCP Admin] Failed authentication attempt:', {
+                timestamp: new Date().toISOString(),
+                ip: req.ip,
+                disabled: validation.disabled,
+            });
+            res.status(401).json({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32001,
+                    message: validation.disabled ? 'API key is disabled' : 'Invalid or revoked API key',
+                },
+            });
+            return;
+        }
+        // Attach admin context to request
+        req.adminContext = {
+            apiKeyId: validation.keyId,
+            permissions: validation.permissions,
+            allowedTools: validation.allowedTools,
+        };
+        console.info('[MCP Admin] Authenticated request:', {
+            keyId: validation.keyId,
+            allowedTools: validation.allowedTools ? `${validation.allowedTools.length} tools` : 'all',
+            timestamp: new Date().toISOString(),
+        });
+        next();
+    }
+    catch (error) {
+        console.error('[MCP Admin] Authentication error:', error);
+        res.status(500).json({
+            jsonrpc: '2.0',
+            id: null,
+            error: {
+                code: types_js_1.JSON_RPC_ERRORS.INTERNAL_ERROR.code,
+                message: 'Authentication error',
+            },
+        });
+    }
+}
+// =============================================================================
+// POST /api/mcp-admin - Handle MCP JSON-RPC requests
+// =============================================================================
+router.post('/', adminAuth, async (req, res) => {
+    try {
+        const request = req.body;
+        // Validate basic JSON-RPC structure
+        if (!request || typeof request !== 'object') {
+            res.status(400).json({
+                jsonrpc: '2.0',
+                id: null,
+                error: types_js_1.JSON_RPC_ERRORS.PARSE_ERROR,
+            });
+            return;
+        }
+        if (!request.method) {
+            res.status(400).json({
+                jsonrpc: '2.0',
+                id: request.id ?? null,
+                error: {
+                    ...types_js_1.JSON_RPC_ERRORS.INVALID_REQUEST,
+                    data: 'Missing method',
+                },
+            });
+            return;
+        }
+        // Handle the request
+        const response = await mcpServer.handleRequest(request, req.adminContext);
+        // Return pure JSON response
+        res.setHeader('Content-Type', 'application/json');
+        res.json(response);
+    }
+    catch (error) {
+        console.error('[MCP Admin] Request handling error:', error);
+        res.status(500).json({
+            jsonrpc: '2.0',
+            id: null,
+            error: {
+                ...types_js_1.JSON_RPC_ERRORS.INTERNAL_ERROR,
+                data: error instanceof Error ? error.message : String(error),
+            },
+        });
+    }
+});
+// =============================================================================
+// Admin API Key Management Endpoints
+// =============================================================================
+// GET /api/mcp-admin/keys - List admin API keys
+router.get('/keys', adminAuth, async (req, res) => {
+    try {
+        // Check permission
+        const hasAdminPerm = req.adminContext?.permissions.includes('admin:*');
+        if (!hasAdminPerm) {
+            res.status(403).json({
+                error: 'Permission denied',
+                message: 'admin:* permission required',
+            });
+            return;
+        }
+        const keys = await (0, index_js_1.listAdminApiKeys)();
+        // Sanitize keys for response
+        const sanitizedKeys = keys.map((key) => ({
+            id: key.id,
+            description: key.description,
+            permissions: key.permissions,
+            createdAt: key.createdAt,
+            lastUsedAt: key.lastUsedAt,
+            revokedAt: key.revokedAt,
+            // Only show decrypted key if not revoked
+            key: key.revokedAt ? null : key.decryptedKey,
+        }));
+        res.json({ keys: sanitizedKeys });
+    }
+    catch (error) {
+        console.error('[MCP Admin] Error listing keys:', error);
+        res.status(500).json({
+            error: 'Failed to list keys',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+// POST /api/mcp-admin/keys - Create admin API key
+router.post('/keys', adminAuth, async (req, res) => {
+    try {
+        // Check permission
+        const hasAdminPerm = req.adminContext?.permissions.includes('admin:*');
+        if (!hasAdminPerm) {
+            res.status(403).json({
+                error: 'Permission denied',
+                message: 'admin:* permission required',
+            });
+            return;
+        }
+        const { description, permissions } = req.body;
+        if (!description) {
+            res.status(400).json({
+                error: 'Description is required',
+            });
+            return;
+        }
+        const parsedPermissions = permissions || ['admin:*'];
+        const { key, keyData } = await (0, index_js_1.generateAdminApiKey)(description, parsedPermissions);
+        res.status(201).json({
+            id: keyData.id,
+            key, // Only shown once!
+            description: keyData.description,
+            permissions: keyData.permissions,
+            createdAt: keyData.createdAt,
+            message: 'Save this key now - it will not be shown again',
+        });
+    }
+    catch (error) {
+        console.error('[MCP Admin] Error creating key:', error);
+        res.status(500).json({
+            error: 'Failed to create key',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+// DELETE /api/mcp-admin/keys/:keyId - Revoke admin API key
+router.delete('/keys/:keyId', adminAuth, async (req, res) => {
+    try {
+        // Check permission
+        const hasAdminPerm = req.adminContext?.permissions.includes('admin:*');
+        if (!hasAdminPerm) {
+            res.status(403).json({
+                error: 'Permission denied',
+                message: 'admin:* permission required',
+            });
+            return;
+        }
+        const { keyId } = req.params;
+        // Prevent self-revocation
+        if (keyId === req.adminContext?.apiKeyId) {
+            res.status(400).json({
+                error: 'Cannot revoke your own API key',
+            });
+            return;
+        }
+        const success = await (0, index_js_1.revokeAdminApiKey)(keyId);
+        if (!success) {
+            res.status(404).json({
+                error: 'Key not found',
+            });
+            return;
+        }
+        res.json({
+            success: true,
+            message: 'API key revoked',
+        });
+    }
+    catch (error) {
+        console.error('[MCP Admin] Error revoking key:', error);
+        res.status(500).json({
+            error: 'Failed to revoke key',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+// =============================================================================
+// Bootstrap endpoint (no auth required) - Create first admin key
+// =============================================================================
+router.post('/bootstrap', async (req, res) => {
+    try {
+        // Check if any admin keys exist
+        const existingKeys = await (0, index_js_1.listAdminApiKeys)();
+        const activeKeys = existingKeys.filter((k) => !k.revokedAt);
+        if (activeKeys.length > 0) {
+            res.status(403).json({
+                error: 'Bootstrap not allowed',
+                message: 'Admin keys already exist. Use an existing key to create new ones.',
+            });
+            return;
+        }
+        const { description } = req.body;
+        if (!description) {
+            res.status(400).json({
+                error: 'Description is required',
+            });
+            return;
+        }
+        const { key, keyData } = await (0, index_js_1.generateAdminApiKey)(description, ['admin:*']);
+        console.info('[MCP Admin] Bootstrap: First admin key created');
+        res.status(201).json({
+            id: keyData.id,
+            key, // Only shown once!
+            description: keyData.description,
+            permissions: keyData.permissions,
+            createdAt: keyData.createdAt,
+            message: 'IMPORTANT: Save this key now - it will NEVER be shown again!',
+        });
+    }
+    catch (error) {
+        console.error('[MCP Admin] Bootstrap error:', error);
+        res.status(500).json({
+            error: 'Bootstrap failed',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+exports.default = router;
+//# sourceMappingURL=mcpAdmin.js.map

package/routes/mcpAdmin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpAdmin.js","sourceRoot":"","sources":["../../src/routes/mcpAdmin.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;;;AAEH,sDAA2E;AAC3E,4DAOuC;AAMvC,4DAAgE;AAEhE,MAAM,MAAM,GAAW,iBAAO,CAAC,MAAM,EAAE,CAAC;AAExC,6CAA6C;AAC7C,MAAM,SAAS,GAAG,IAAA,4BAAiB,GAAE,CAAC;AACtC,SAAS,CAAC,aAAa,CAAC,mBAAQ,CAAC,CAAC;AAElC,OAAO,CAAC,IAAI,CAAC,uCAAuC,SAAS,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;AAUtF,KAAK,UAAU,SAAS,CACtB,GAAiB,EACjB,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAE7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,8BAA8B;oBACvC,IAAI,EAAE,gDAAgD;iBACvD;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,qCAAqC;oBAC9C,IAAI,EAAE,4CAA4C;iBACnD;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,eAAe;iBACzB;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAmB,EAAC,MAAM,CAAC,CAAC;QAErD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC,4CAA4C,EAAE;gBACzD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,EAAE,EAAE,GAAG,CAAC,EAAE;gBACV,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC,CAAC;YAEH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,4BAA4B;iBACpF;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,kCAAkC;QAClC,GAAG,CAAC,YAAY,GAAG;YACjB,QAAQ,EAAE,UAAU,CAAC,KAAM;YAC3B,WAAW,EAAE,UAAU,CAAC,WAAY;YACpC,YAAY,EAAE,UAAU,CAAC,YAAY;SACtC,CAAC;QAEF,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE;YACjD,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,YAAY,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,YAAY,CAAC,MAAM,QAAQ,CAAC,CAAC,CAAC,KAAK;YACzF,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;QAEH,IAAI,EAAE,CAAC;IACT,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;QAE1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,EAAE,EAAE,IAAI;YACR,KAAK,EAAE;gBACL,IAAI,EAAE,0BAAe,CAAC,cAAc,CAAC,IAAI;gBACzC,OAAO,EAAE,sBAAsB;aAChC;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,qDAAqD;AACrD,gFAAgF;AAEhF,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,GAAiB,EAAE,GAAa,EAAE,EAAE;IACrE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,IAAsB,CAAC;QAE3C,oCAAoC;QACpC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE,0BAAe,CAAC,WAAW;aACnC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,OAAO,CAAC,EAAE,IAAI,IAAI;gBACtB,KAAK,EAAE;oBACL,GAAG,0BAAe,CAAC,eAAe;oBAClC,IAAI,EAAE,gBAAgB;iBACvB;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,YAAa,CAAC,CAAC;QAE3E,4BAA4B;QAC5B,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAClD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;QAE5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,EAAE,EAAE,IAAI;YACR,KAAK,EAAE;gBACL,GAAG,0BAAe,CAAC,cAAc;gBACjC,IAAI,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC7D;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAChF,qCAAqC;AACrC,gFAAgF;AAEhF,gDAAgD;AAChD,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,GAAiB,EAAE,GAAa,EAAE,EAAE;IACxE,IAAI,CAAC;QACH,mBAAmB;QACnB,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,mBAAmB;gBAC1B,OAAO,EAAE,6BAA6B;aACvC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAA,2BAAgB,GAAE,CAAC;QAEtC,6BAA6B;QAC7B,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACvC,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,yCAAyC;YACzC,GAAG,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY;SAC7C,CAAC,CAAC,CAAC;QAEJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACxD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,qBAAqB;YAC5B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,kDAAkD;AAClD,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,GAAiB,EAAE,GAAa,EAAE,EAAE;IACzE,IAAI,CAAC;QACH,mBAAmB;QACnB,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,mBAAmB;gBAC1B,OAAO,EAAE,6BAA6B;aACvC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAE9C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,yBAAyB;aACjC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,iBAAiB,GAAI,WAAiC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE5E,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,8BAAmB,EAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;QAEnF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,GAAG,EAAE,mBAAmB;YACxB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACxD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,2DAA2D;AAC3D,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,EAAE,KAAK,EAAE,GAAiB,EAAE,GAAa,EAAE,EAAE;IAClF,IAAI,CAAC;QACH,mBAAmB;QACnB,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,mBAAmB;gBAC1B,OAAO,EAAE,6BAA6B;aACvC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAE7B,0BAA0B;QAC1B,IAAI,KAAK,KAAK,GAAG,CAAC,YAAY,EAAE,QAAQ,EAAE,CAAC;YACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,gCAAgC;aACxC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAiB,EAAC,KAAK,CAAC,CAAC;QAE/C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;aACvB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACxD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAChF,iEAAiE;AACjE,gFAAgF;AAEhF,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC9D,IAAI,CAAC;QACH,gCAAgC;QAChC,MAAM,YAAY,GAAG,MAAM,IAAA,2BAAgB,GAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAE5D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,uBAAuB;gBAC9B,OAAO,EAAE,mEAAmE;aAC7E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAEjC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,yBAAyB;aACjC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,8BAAmB,EAAC,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;QAE7E,OAAO,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAE/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,GAAG,EAAE,mBAAmB;YACxB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,kBAAkB;YACzB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,kBAAe,MAAM,CAAC"}

package/routes/mcpAdminManagement.d.ts

@@ -0,0 +1,17 @@
+/**
+ * MCP Admin Management Routes
+ *
+ * HTTP endpoints for managing MCP Admin Server settings and API keys.
+ * These routes use JWT authentication (regular user auth) instead of Admin API keys.
+ *
+ * Endpoints:
+ * - GET /api/mcp-admin-management/status - Get MCP Admin Server status
+ * - GET /api/mcp-admin-management/keys - List admin API keys
+ * - POST /api/mcp-admin-management/keys - Create admin API key
+ * - DELETE /api/mcp-admin-management/keys/:keyId - Revoke admin API key
+ * - GET /api/mcp-admin-management/config-snippet - Get config snippet for Cursor/Claude Desktop
+ */
+import { Router } from 'express';
+declare const router: Router;
+export default router;
+//# sourceMappingURL=mcpAdminManagement.d.ts.map

package/routes/mcpAdminManagement.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpAdminManagement.d.ts","sourceRoot":"","sources":["../../src/routes/mcpAdminManagement.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAgB,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AAW7D,QAAA,MAAM,MAAM,EAAE,MAAyB,CAAC;AAwTxC,eAAe,MAAM,CAAC"}

package/routes/mcpAdminManagement.js

@@ -0,0 +1,345 @@
+"use strict";
+/**
+ * MCP Admin Management Routes
+ *
+ * HTTP endpoints for managing MCP Admin Server settings and API keys.
+ * These routes use JWT authentication (regular user auth) instead of Admin API keys.
+ *
+ * Endpoints:
+ * - GET /api/mcp-admin-management/status - Get MCP Admin Server status
+ * - GET /api/mcp-admin-management/keys - List admin API keys
+ * - POST /api/mcp-admin-management/keys - Create admin API key
+ * - DELETE /api/mcp-admin-management/keys/:keyId - Revoke admin API key
+ * - GET /api/mcp-admin-management/config-snippet - Get config snippet for Cursor/Claude Desktop
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = __importDefault(require("express"));
+const index_js_1 = require("../services/mcpAdmin/index.js");
+const mcpAdminServer_js_1 = require("../services/mcpAdmin/mcpAdminServer.js");
+const router = express_1.default.Router();
+/**
+ * GET /api/mcp-admin-management/status
+ * Get MCP Admin Server status and info
+ */
+router.get('/status', async (req, res) => {
+    try {
+        const server = (0, mcpAdminServer_js_1.getMcpAdminServer)();
+        const toolCount = server.getToolCount();
+        const keys = await (0, index_js_1.listAdminApiKeys)();
+        const activeKeys = keys.filter((k) => !k.revokedAt);
+        res.json({
+            enabled: true,
+            version: '1.0.0',
+            endpoint: '/api/mcp-admin',
+            toolCount,
+            activeKeyCount: activeKeys.length,
+            totalKeyCount: keys.length,
+        });
+    }
+    catch (error) {
+        console.error('[MCP Admin Management] Error getting status:', error);
+        res.status(500).json({
+            error: 'Failed to get status',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+/**
+ * GET /api/mcp-admin-management/keys
+ * List all admin API keys
+ */
+router.get('/keys', async (req, res) => {
+    try {
+        const keys = await (0, index_js_1.listAdminApiKeys)();
+        // Return keys with both masked and full key (full key only for non-revoked)
+        const sanitizedKeys = keys.map((key) => ({
+            id: key.id,
+            description: key.description,
+            permissions: key.permissions,
+            allowedTools: key.allowedTools,
+            enabled: key.enabled !== false, // Default to true if not specified
+            createdAt: key.createdAt,
+            lastUsedAt: key.lastUsedAt,
+            revokedAt: key.revokedAt,
+            // Mask the key - show first 8 chars + ... + last 4 chars
+            maskedKey: key.decryptedKey
+                ? `${key.decryptedKey.substring(0, 8)}...${key.decryptedKey.substring(key.decryptedKey.length - 4)}`
+                : null,
+            // Full key is only available for non-revoked keys
+            fullKey: !key.revokedAt ? key.decryptedKey : null,
+            isRevoked: !!key.revokedAt,
+        }));
+        res.json({ keys: sanitizedKeys });
+    }
+    catch (error) {
+        console.error('[MCP Admin Management] Error listing keys:', error);
+        res.status(500).json({
+            error: 'Failed to list keys',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+/**
+ * POST /api/mcp-admin-management/keys
+ * Create a new admin API key
+ */
+router.post('/keys', async (req, res) => {
+    try {
+        const { description, permissions, allowedTools } = req.body;
+        if (!description) {
+            res.status(400).json({
+                error: 'Description is required',
+            });
+            return;
+        }
+        const parsedPermissions = permissions || ['admin:*'];
+        const parsedAllowedTools = allowedTools || undefined;
+        const { key, keyData } = await (0, index_js_1.generateAdminApiKey)(description, parsedPermissions, parsedAllowedTools);
+        res.status(201).json({
+            id: keyData.id,
+            key, // Only shown once!
+            description: keyData.description,
+            permissions: keyData.permissions,
+            allowedTools: keyData.allowedTools,
+            createdAt: keyData.createdAt,
+            message: 'Save this key now - it will not be shown again',
+        });
+    }
+    catch (error) {
+        console.error('[MCP Admin Management] Error creating key:', error);
+        res.status(500).json({
+            error: 'Failed to create key',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+/**
+ * PUT /api/mcp-admin-management/keys/:keyId
+ * Update an admin API key (description, allowedTools)
+ */
+router.put('/keys/:keyId', async (req, res) => {
+    try {
+        const { keyId } = req.params;
+        const { description, allowedTools } = req.body;
+        const updatedKey = await (0, index_js_1.updateAdminApiKey)(keyId, { description, allowedTools });
+        if (!updatedKey) {
+            res.status(404).json({
+                error: 'Key not found',
+            });
+            return;
+        }
+        res.json({
+            success: true,
+            key: {
+                id: updatedKey.id,
+                description: updatedKey.description,
+                allowedTools: updatedKey.allowedTools,
+            },
+        });
+    }
+    catch (error) {
+        console.error('[MCP Admin Management] Error updating key:', error);
+        res.status(500).json({
+            error: 'Failed to update key',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+/**
+ * POST /api/mcp-admin-management/keys/:keyId/toggle
+ * Enable or disable an admin API key
+ */
+router.post('/keys/:keyId/toggle', async (req, res) => {
+    try {
+        const { keyId } = req.params;
+        const { enabled } = req.body;
+        if (typeof enabled !== 'boolean') {
+            res.status(400).json({
+                error: 'enabled must be a boolean',
+            });
+            return;
+        }
+        const success = await (0, index_js_1.toggleAdminApiKey)(keyId, enabled);
+        if (!success) {
+            res.status(404).json({
+                error: 'Key not found',
+            });
+            return;
+        }
+        res.json({
+            success: true,
+            enabled,
+            message: enabled ? 'API key enabled' : 'API key disabled',
+        });
+    }
+    catch (error) {
+        console.error('[MCP Admin Management] Error toggling key:', error);
+        res.status(500).json({
+            error: 'Failed to toggle key',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+/**
+ * DELETE /api/mcp-admin-management/keys/:keyId
+ * Revoke an admin API key
+ */
+router.delete('/keys/:keyId', async (req, res) => {
+    try {
+        const { keyId } = req.params;
+        const success = await (0, index_js_1.revokeAdminApiKey)(keyId);
+        if (!success) {
+            res.status(404).json({
+                error: 'Key not found',
+            });
+            return;
+        }
+        res.json({
+            success: true,
+            message: 'API key revoked',
+        });
+    }
+    catch (error) {
+        console.error('[MCP Admin Management] Error revoking key:', error);
+        res.status(500).json({
+            error: 'Failed to revoke key',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+/**
+ * GET /api/mcp-admin-management/config-snippet
+ * Get configuration snippet for Cursor or Claude Desktop
+ */
+router.get('/config-snippet', async (req, res) => {
+    try {
+        const { platform, apiKey, serverUrl } = req.query;
+        if (!apiKey) {
+            res.status(400).json({
+                error: 'API key is required',
+            });
+            return;
+        }
+        // Get the base URL from the request or use provided serverUrl
+        const baseUrl = serverUrl || `${req.protocol}://${req.get('host')}`;
+        const mcpEndpoint = `${baseUrl}/api/mcp-admin`;
+        const cursorConfig = {
+            mcpServers: {
+                'agentstudio-admin': {
+                    url: mcpEndpoint,
+                    headers: {
+                        Authorization: `Bearer ${apiKey}`,
+                    },
+                },
+            },
+        };
+        const claudeDesktopConfig = {
+            mcpServers: {
+                'agentstudio-admin': {
+                    url: mcpEndpoint,
+                    headers: {
+                        Authorization: `Bearer ${apiKey}`,
+                    },
+                },
+            },
+        };
+        if (platform === 'cursor') {
+            res.json({
+                platform: 'cursor',
+                configPath: '~/.cursor/mcp.json',
+                config: cursorConfig,
+                configString: JSON.stringify(cursorConfig, null, 2),
+            });
+        }
+        else if (platform === 'claude-desktop') {
+            res.json({
+                platform: 'claude-desktop',
+                configPath: '~/Library/Application Support/Claude/claude_desktop_config.json',
+                config: claudeDesktopConfig,
+                configString: JSON.stringify(claudeDesktopConfig, null, 2),
+            });
+        }
+        else {
+            res.json({
+                cursor: {
+                    configPath: '~/.cursor/mcp.json',
+                    config: cursorConfig,
+                    configString: JSON.stringify(cursorConfig, null, 2),
+                },
+                claudeDesktop: {
+                    configPath: '~/Library/Application Support/Claude/claude_desktop_config.json',
+                    config: claudeDesktopConfig,
+                    configString: JSON.stringify(claudeDesktopConfig, null, 2),
+                },
+            });
+        }
+    }
+    catch (error) {
+        console.error('[MCP Admin Management] Error generating config:', error);
+        res.status(500).json({
+            error: 'Failed to generate config',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+/**
+ * GET /api/mcp-admin-management/tools
+ * List available MCP Admin tools
+ */
+router.get('/tools', async (req, res) => {
+    try {
+        const { allTools } = await Promise.resolve().then(() => __importStar(require('../services/mcpAdmin/tools/index.js')));
+        const tools = allTools.map((tool) => ({
+            name: tool.tool.name,
+            description: tool.tool.description,
+            requiredPermissions: tool.requiredPermissions,
+            inputSchema: tool.tool.inputSchema,
+        }));
+        res.json({ tools });
+    }
+    catch (error) {
+        console.error('[MCP Admin Management] Error listing tools:', error);
+        res.status(500).json({
+            error: 'Failed to list tools',
+            details: error instanceof Error ? error.message : String(error),
+        });
+    }
+});
+exports.default = router;
+//# sourceMappingURL=mcpAdminManagement.js.map