npm - agentstudio - Versions diffs - 0.1.20 → 0.1.21 - Mend

agentstudio 0.1.20 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (164) hide show

package/services/mcpAdmin/adminApiKeyService.js ADDED Viewed

@@ -0,0 +1,270 @@
+"use strict";
+/**
+ * Admin API Key Service
+ *
+ * Manages API keys for MCP Admin Server authentication.
+ * Keys are stored globally (not per-project) with permission-based access control.
+ *
+ * Storage: ~/.claude-agent/admin-api-keys.json
+ * Key Format: ask_{32-hex-chars}
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateAdminApiKey = generateAdminApiKey;
+exports.validateAdminApiKey = validateAdminApiKey;
+exports.listAdminApiKeys = listAdminApiKeys;
+exports.revokeAdminApiKey = revokeAdminApiKey;
+exports.hasPermission = hasPermission;
+exports.deleteAdminApiKey = deleteAdminApiKey;
+exports.updateAdminApiKey = updateAdminApiKey;
+exports.toggleAdminApiKey = toggleAdminApiKey;
+const promises_1 = __importDefault(require("fs/promises"));
+const path_1 = __importDefault(require("path"));
+const crypto_1 = __importDefault(require("crypto"));
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const uuid_1 = require("uuid");
+const proper_lockfile_1 = __importDefault(require("proper-lockfile"));
+const SALT_ROUNDS = 10;
+const KEY_PREFIX = 'ask_'; // Admin Server Key
+// AES-256-GCM encryption key derived from a stable secret
+const ENCRYPTION_KEY = crypto_1.default
+    .createHash('sha256')
+    .update(process.env.ADMIN_API_KEY_SECRET || 'agentstudio-admin-api-key-secret-v1')
+    .digest();
+const LOCK_OPTIONS = {
+    retries: { retries: 5, minTimeout: 100, maxTimeout: 500 },
+};
+/**
+ * Get path to admin API keys file
+ */
+function getAdminApiKeysPath() {
+    const homeDir = process.env.HOME || process.cwd();
+    return path_1.default.join(homeDir, '.claude-agent', 'admin-api-keys.json');
+}
+/**
+ * Encrypt a plaintext API key using AES-256-GCM
+ */
+function encryptKey(plaintext) {
+    const iv = crypto_1.default.randomBytes(12);
+    const cipher = crypto_1.default.createCipheriv('aes-256-gcm', ENCRYPTION_KEY, iv);
+    let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    const authTag = cipher.getAuthTag();
+    return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
+}
+/**
+ * Decrypt an encrypted API key
+ */
+function decryptKey(encryptedData) {
+    try {
+        const [ivHex, authTagHex, encrypted] = encryptedData.split(':');
+        if (!ivHex || !authTagHex || !encrypted) {
+            return null;
+        }
+        const iv = Buffer.from(ivHex, 'hex');
+        const authTag = Buffer.from(authTagHex, 'hex');
+        const decipher = crypto_1.default.createDecipheriv('aes-256-gcm', ENCRYPTION_KEY, iv);
+        decipher.setAuthTag(authTag);
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Load admin API key registry
+ */
+async function loadRegistry() {
+    const filePath = getAdminApiKeysPath();
+    try {
+        const data = await promises_1.default.readFile(filePath, 'utf-8');
+        return JSON.parse(data);
+    }
+    catch (error) {
+        if (error.code === 'ENOENT') {
+            return { version: '1.0.0', keys: [] };
+        }
+        throw error;
+    }
+}
+/**
+ * Save admin API key registry with file locking
+ */
+async function saveRegistry(registry) {
+    const filePath = getAdminApiKeysPath();
+    const dir = path_1.default.dirname(filePath);
+    // Ensure directory exists
+    await promises_1.default.mkdir(dir, { recursive: true });
+    // Check if file exists for lockfile
+    let fileExists = true;
+    try {
+        await promises_1.default.access(filePath);
+    }
+    catch {
+        fileExists = false;
+        await promises_1.default.writeFile(filePath, JSON.stringify({ version: '1.0.0', keys: [] }, null, 2), 'utf-8');
+    }
+    const release = await proper_lockfile_1.default.lock(filePath, LOCK_OPTIONS);
+    try {
+        await promises_1.default.writeFile(filePath, JSON.stringify(registry, null, 2), 'utf-8');
+    }
+    finally {
+        await release();
+    }
+}
+/**
+ * Generate a new admin API key
+ * @param description - Human-readable description of the key
+ * @param permissions - Array of permission strings (default: ['admin:*'])
+ * @param allowedTools - Optional array of tool names this key can access. If undefined, all tools are accessible (based on permissions).
+ */
+async function generateAdminApiKey(description, permissions = ['admin:*'], allowedTools) {
+    const registry = await loadRegistry();
+    // Generate key: ask_{32-hex-chars}
+    const keyBytes = crypto_1.default.randomBytes(16);
+    const plainKey = `${KEY_PREFIX}${keyBytes.toString('hex')}`;
+    // Hash the key for storage
+    const keyHash = await bcryptjs_1.default.hash(plainKey, SALT_ROUNDS);
+    // Encrypt the key for display purposes
+    const encryptedKey = encryptKey(plainKey);
+    const keyData = {
+        id: (0, uuid_1.v4)(),
+        keyHash,
+        encryptedKey,
+        description,
+        createdAt: new Date().toISOString(),
+        permissions,
+        allowedTools: allowedTools && allowedTools.length > 0 ? allowedTools : undefined,
+    };
+    registry.keys.push(keyData);
+    await saveRegistry(registry);
+    return { key: plainKey, keyData };
+}
+/**
+ * Validate an admin API key
+ */
+async function validateAdminApiKey(apiKey) {
+    if (!apiKey || !apiKey.startsWith(KEY_PREFIX)) {
+        return { valid: false };
+    }
+    const registry = await loadRegistry();
+    for (const keyData of registry.keys) {
+        // Skip revoked keys
+        if (keyData.revokedAt) {
+            continue;
+        }
+        // Compare key hash
+        const isMatch = await bcryptjs_1.default.compare(apiKey, keyData.keyHash);
+        if (isMatch) {
+            // Check if key is disabled
+            if (keyData.enabled === false) {
+                return { valid: false, disabled: true };
+            }
+            // Update last used timestamp
+            keyData.lastUsedAt = new Date().toISOString();
+            await saveRegistry(registry);
+            return {
+                valid: true,
+                keyId: keyData.id,
+                permissions: keyData.permissions,
+                allowedTools: keyData.allowedTools,
+            };
+        }
+    }
+    return { valid: false };
+}
+/**
+ * List all admin API keys (with decrypted keys for display)
+ */
+async function listAdminApiKeys() {
+    const registry = await loadRegistry();
+    return registry.keys.map((key) => ({
+        ...key,
+        decryptedKey: decryptKey(key.encryptedKey) || undefined,
+    }));
+}
+/**
+ * Revoke an admin API key
+ */
+async function revokeAdminApiKey(keyId) {
+    const registry = await loadRegistry();
+    const key = registry.keys.find((k) => k.id === keyId);
+    if (!key) {
+        return false;
+    }
+    key.revokedAt = new Date().toISOString();
+    await saveRegistry(registry);
+    return true;
+}
+/**
+ * Check if a permission is granted
+ */
+function hasPermission(userPermissions, requiredPermission) {
+    // admin:* grants all permissions
+    if (userPermissions.includes('admin:*')) {
+        return true;
+    }
+    // Check for exact match
+    if (userPermissions.includes(requiredPermission)) {
+        return true;
+    }
+    // Check for wildcard (e.g., 'projects:write' implies 'projects:read')
+    const [category, action] = requiredPermission.split(':');
+    if (action === 'read' && userPermissions.includes(`${category}:write`)) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Delete an admin API key permanently
+ */
+async function deleteAdminApiKey(keyId) {
+    const registry = await loadRegistry();
+    const index = registry.keys.findIndex((k) => k.id === keyId);
+    if (index === -1) {
+        return false;
+    }
+    registry.keys.splice(index, 1);
+    await saveRegistry(registry);
+    return true;
+}
+/**
+ * Update an admin API key
+ */
+async function updateAdminApiKey(keyId, updates) {
+    const registry = await loadRegistry();
+    const key = registry.keys.find((k) => k.id === keyId);
+    if (!key) {
+        return null;
+    }
+    // Apply updates
+    if (updates.description !== undefined) {
+        key.description = updates.description;
+    }
+    if (updates.allowedTools !== undefined) {
+        key.allowedTools = updates.allowedTools.length > 0 ? updates.allowedTools : undefined;
+    }
+    if (updates.enabled !== undefined) {
+        key.enabled = updates.enabled;
+    }
+    await saveRegistry(registry);
+    return key;
+}
+/**
+ * Toggle admin API key enabled status
+ */
+async function toggleAdminApiKey(keyId, enabled) {
+    const registry = await loadRegistry();
+    const key = registry.keys.find((k) => k.id === keyId);
+    if (!key) {
+        return false;
+    }
+    key.enabled = enabled;
+    await saveRegistry(registry);
+    return true;
+}
+//# sourceMappingURL=adminApiKeyService.js.map

package/services/mcpAdmin/adminApiKeyService.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"adminApiKeyService.js","sourceRoot":"","sources":["../../../src/services/mcpAdmin/adminApiKeyService.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;AAyHH,kDA+BC;AAKD,kDAsCC;AAKD,4CASC;AAKD,8CAYC;AAKD,sCAqBC;AAKD,8CAYC;AAKD,8CA6BC;AAKD,8CAYC;AA9TD,2DAA6B;AAC7B,gDAAwB;AACxB,oDAA4B;AAC5B,wDAA8B;AAC9B,+BAAoC;AACpC,sEAAuC;AAGvC,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,mBAAmB;AAE9C,0DAA0D;AAC1D,MAAM,cAAc,GAAG,gBAAM;KAC1B,UAAU,CAAC,QAAQ,CAAC;KACpB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,qCAAqC,CAAC;KACjF,MAAM,EAAE,CAAC;AAEZ,MAAM,YAAY,GAAG;IACnB,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE;CAC1D,CAAC;AAEF;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAClD,OAAO,cAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,qBAAqB,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,SAAiB;IACnC,MAAM,EAAE,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,gBAAM,CAAC,cAAc,CAAC,aAAa,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;IAExE,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACxD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IACpC,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,aAAqB;IACvC,IAAI,CAAC;QACH,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEhE,IAAI,CAAC,KAAK,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,gBAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;QAC5E,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY;IACzB,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACxC,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CAAC,QAA6B;IACvD,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IACvC,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEnC,0BAA0B;IAC1B,MAAM,kBAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzC,oCAAoC;IACpC,IAAI,UAAU,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,kBAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,UAAU,GAAG,KAAK,CAAC;QACnB,MAAM,kBAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,yBAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,kBAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC3E,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,EAAE,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,mBAAmB,CACvC,WAAmB,EACnB,cAAiC,CAAC,SAAS,CAAC,EAC5C,YAAuB;IAEvB,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IAEtC,mCAAmC;IACnC,MAAM,QAAQ,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,GAAG,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;IAE5D,2BAA2B;IAC3B,MAAM,OAAO,GAAG,MAAM,kBAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAEzD,uCAAuC;IACvC,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1C,MAAM,OAAO,GAAgB;QAC3B,EAAE,EAAE,IAAA,SAAM,GAAE;QACZ,OAAO;QACP,YAAY;QACZ,WAAW;QACX,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,WAAW;QACX,YAAY,EAAE,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;KACjF,CAAC;IAEF,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5B,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE7B,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACpC,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,MAAc;IAEd,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IAEtC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,oBAAoB;QACpB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,SAAS;QACX,CAAC;QAED,mBAAmB;QACnB,MAAM,OAAO,GAAG,MAAM,kBAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAE9D,IAAI,OAAO,EAAE,CAAC;YACZ,2BAA2B;YAC3B,IAAI,OAAO,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YAC1C,CAAC;YAED,6BAA6B;YAC7B,OAAO,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC9C,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;YAE7B,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,OAAO,CAAC,EAAE;gBACjB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,YAAY,EAAE,OAAO,CAAC,YAAY;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,gBAAgB;IAGpC,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IAEtC,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjC,GAAG,GAAG;QACN,YAAY,EAAE,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,SAAS;KACxD,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CAAC,KAAa;IACnD,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IAEtC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;IACtD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,KAAK,CAAC;IACf,CAAC;IAED,GAAG,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACzC,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE7B,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAC3B,eAAkC,EAClC,kBAAmC;IAEnC,iCAAiC;IACjC,IAAI,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,IAAI,eAAe,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sEAAsE;IACtE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzD,IAAI,MAAM,KAAK,MAAM,IAAI,eAAe,CAAC,QAAQ,CAAC,GAAG,QAAQ,QAA2B,CAAC,EAAE,CAAC;QAC1F,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CAAC,KAAa;IACnD,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IAEtC,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;IAC7D,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC/B,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE7B,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CACrC,KAAa,EACb,OAIC;IAED,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IAEtC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;IACtD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QACtC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IACxC,CAAC;IACD,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACvC,GAAG,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;IACxF,CAAC;IACD,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAClC,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAChC,CAAC;IAED,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE7B,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CAAC,KAAa,EAAE,OAAgB;IACrE,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IAEtC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;IACtD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,KAAK,CAAC;IACf,CAAC;IAED,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC;IACtB,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE7B,OAAO,IAAI,CAAC;AACd,CAAC"}

package/services/mcpAdmin/index.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * MCP Admin Server Module
+ *
+ * Provides management APIs via MCP HTTP Streamable protocol.
+ */
+export { McpAdminServer, getMcpAdminServer, resetMcpAdminServer } from './mcpAdminServer.js';
+export { generateAdminApiKey, validateAdminApiKey, listAdminApiKeys, revokeAdminApiKey, deleteAdminApiKey, updateAdminApiKey, toggleAdminApiKey, hasPermission, } from './adminApiKeyService.js';
+export { allTools, projectTools, agentTools, mcpServerTools, systemTools } from './tools/index.js';
+export * from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/services/mcpAdmin/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/mcpAdmin/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC7F,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,aAAa,GACd,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACnG,cAAc,YAAY,CAAC"}

package/services/mcpAdmin/index.js ADDED Viewed

@@ -0,0 +1,43 @@
+"use strict";
+/**
+ * MCP Admin Server Module
+ *
+ * Provides management APIs via MCP HTTP Streamable protocol.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.systemTools = exports.mcpServerTools = exports.agentTools = exports.projectTools = exports.allTools = exports.hasPermission = exports.toggleAdminApiKey = exports.updateAdminApiKey = exports.deleteAdminApiKey = exports.revokeAdminApiKey = exports.listAdminApiKeys = exports.validateAdminApiKey = exports.generateAdminApiKey = exports.resetMcpAdminServer = exports.getMcpAdminServer = exports.McpAdminServer = void 0;
+var mcpAdminServer_js_1 = require("./mcpAdminServer.js");
+Object.defineProperty(exports, "McpAdminServer", { enumerable: true, get: function () { return mcpAdminServer_js_1.McpAdminServer; } });
+Object.defineProperty(exports, "getMcpAdminServer", { enumerable: true, get: function () { return mcpAdminServer_js_1.getMcpAdminServer; } });
+Object.defineProperty(exports, "resetMcpAdminServer", { enumerable: true, get: function () { return mcpAdminServer_js_1.resetMcpAdminServer; } });
+var adminApiKeyService_js_1 = require("./adminApiKeyService.js");
+Object.defineProperty(exports, "generateAdminApiKey", { enumerable: true, get: function () { return adminApiKeyService_js_1.generateAdminApiKey; } });
+Object.defineProperty(exports, "validateAdminApiKey", { enumerable: true, get: function () { return adminApiKeyService_js_1.validateAdminApiKey; } });
+Object.defineProperty(exports, "listAdminApiKeys", { enumerable: true, get: function () { return adminApiKeyService_js_1.listAdminApiKeys; } });
+Object.defineProperty(exports, "revokeAdminApiKey", { enumerable: true, get: function () { return adminApiKeyService_js_1.revokeAdminApiKey; } });
+Object.defineProperty(exports, "deleteAdminApiKey", { enumerable: true, get: function () { return adminApiKeyService_js_1.deleteAdminApiKey; } });
+Object.defineProperty(exports, "updateAdminApiKey", { enumerable: true, get: function () { return adminApiKeyService_js_1.updateAdminApiKey; } });
+Object.defineProperty(exports, "toggleAdminApiKey", { enumerable: true, get: function () { return adminApiKeyService_js_1.toggleAdminApiKey; } });
+Object.defineProperty(exports, "hasPermission", { enumerable: true, get: function () { return adminApiKeyService_js_1.hasPermission; } });
+var index_js_1 = require("./tools/index.js");
+Object.defineProperty(exports, "allTools", { enumerable: true, get: function () { return index_js_1.allTools; } });
+Object.defineProperty(exports, "projectTools", { enumerable: true, get: function () { return index_js_1.projectTools; } });
+Object.defineProperty(exports, "agentTools", { enumerable: true, get: function () { return index_js_1.agentTools; } });
+Object.defineProperty(exports, "mcpServerTools", { enumerable: true, get: function () { return index_js_1.mcpServerTools; } });
+Object.defineProperty(exports, "systemTools", { enumerable: true, get: function () { return index_js_1.systemTools; } });
+__exportStar(require("./types.js"), exports);
+//# sourceMappingURL=index.js.map

package/services/mcpAdmin/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/mcpAdmin/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;AAEH,yDAA6F;AAApF,mHAAA,cAAc,OAAA;AAAE,sHAAA,iBAAiB,OAAA;AAAE,wHAAA,mBAAmB,OAAA;AAC/D,iEASiC;AAR/B,4HAAA,mBAAmB,OAAA;AACnB,4HAAA,mBAAmB,OAAA;AACnB,yHAAA,gBAAgB,OAAA;AAChB,0HAAA,iBAAiB,OAAA;AACjB,0HAAA,iBAAiB,OAAA;AACjB,0HAAA,iBAAiB,OAAA;AACjB,0HAAA,iBAAiB,OAAA;AACjB,sHAAA,aAAa,OAAA;AAEf,6CAAmG;AAA1F,oGAAA,QAAQ,OAAA;AAAE,wGAAA,YAAY,OAAA;AAAE,sGAAA,UAAU,OAAA;AAAE,0GAAA,cAAc,OAAA;AAAE,uGAAA,WAAW,OAAA;AACxE,6CAA2B"}

package/services/mcpAdmin/mcpAdminServer.d.ts ADDED Viewed

@@ -0,0 +1,76 @@
+/**
+ * MCP Admin Server
+ *
+ * Core MCP Server implementation for management APIs.
+ * Handles JSON-RPC 2.0 requests and dispatches to registered tools.
+ *
+ * Supports pure JSON responses (no SSE streaming) for stateless operation.
+ */
+import type { JsonRpcRequest, JsonRpcResponse, McpToolsListResult, ToolDefinition, ToolContext, AdminPermission } from './types.js';
+/**
+ * MCP Admin Server class
+ *
+ * Manages tool registration and handles MCP JSON-RPC requests.
+ */
+export declare class McpAdminServer {
+    private tools;
+    private initialized;
+    constructor();
+    /**
+     * Register a tool with the server
+     */
+    registerTool(definition: ToolDefinition): void;
+    /**
+     * Register multiple tools at once
+     */
+    registerTools(definitions: ToolDefinition[]): void;
+    /**
+     * Get all registered tools (filtered by permissions and allowedTools)
+     */
+    getTools(permissions: AdminPermission[], allowedTools?: string[]): McpToolsListResult;
+    /**
+     * Handle a JSON-RPC request
+     */
+    handleRequest(request: JsonRpcRequest, context: ToolContext): Promise<JsonRpcResponse>;
+    /**
+     * Handle initialize request
+     */
+    private handleInitialize;
+    /**
+     * Handle tools/list request
+     */
+    private handleToolsList;
+    /**
+     * Handle tools/call request
+     */
+    private handleToolCall;
+    /**
+     * Create a success response
+     */
+    private successResponse;
+    /**
+     * Create an error response
+     */
+    private errorResponse;
+    /**
+     * Check if server is initialized
+     */
+    isInitialized(): boolean;
+    /**
+     * Reset server state (for testing)
+     */
+    reset(): void;
+    /**
+     * Get tool count
+     */
+    getToolCount(): number;
+}
+/**
+ * Get the MCP Admin Server singleton instance
+ */
+export declare function getMcpAdminServer(): McpAdminServer;
+/**
+ * Reset the server instance (for testing)
+ */
+export declare function resetMcpAdminServer(): void;
+//# sourceMappingURL=mcpAdminServer.d.ts.map

package/services/mcpAdmin/mcpAdminServer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mcpAdminServer.d.ts","sourceRoot":"","sources":["../../../src/services/mcpAdmin/mcpAdminServer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,eAAe,EAIf,kBAAkB,EAGlB,cAAc,EACd,WAAW,EACX,eAAe,EAChB,MAAM,YAAY,CAAC;AAapB;;;;GAIG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAA0C;IACvD,OAAO,CAAC,WAAW,CAAkB;;IAMrC;;OAEG;IACH,YAAY,CAAC,UAAU,EAAE,cAAc,GAAG,IAAI;IAI9C;;OAEG;IACH,aAAa,CAAC,WAAW,EAAE,cAAc,EAAE,GAAG,IAAI;IAMlD;;OAEG;IACH,QAAQ,CAAC,WAAW,EAAE,eAAe,EAAE,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE,GAAG,kBAAkB;IA0BrF;;OAEG;IACG,aAAa,CACjB,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,eAAe,CAAC;IAqC3B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAkBxB;;OAEG;IACH,OAAO,CAAC,eAAe;IAgBvB;;OAEG;YACW,cAAc;IAoE5B;;OAEG;IACH,OAAO,CAAC,eAAe;IAWvB;;OAEG;IACH,OAAO,CAAC,aAAa;IAWrB;;OAEG;IACH,aAAa,IAAI,OAAO;IAIxB;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,YAAY,IAAI,MAAM;CAGvB;AAKD;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,CAKlD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAK1C"}

package/services/mcpAdmin/mcpAdminServer.js ADDED Viewed

@@ -0,0 +1,243 @@
+"use strict";
+/**
+ * MCP Admin Server
+ *
+ * Core MCP Server implementation for management APIs.
+ * Handles JSON-RPC 2.0 requests and dispatches to registered tools.
+ *
+ * Supports pure JSON responses (no SSE streaming) for stateless operation.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpAdminServer = void 0;
+exports.getMcpAdminServer = getMcpAdminServer;
+exports.resetMcpAdminServer = resetMcpAdminServer;
+const types_js_1 = require("./types.js");
+const adminApiKeyService_js_1 = require("./adminApiKeyService.js");
+// MCP Protocol version
+const PROTOCOL_VERSION = '2024-11-05';
+// Server info
+const SERVER_INFO = {
+    name: 'agentstudio-admin',
+    version: '1.0.0',
+};
+/**
+ * MCP Admin Server class
+ *
+ * Manages tool registration and handles MCP JSON-RPC requests.
+ */
+class McpAdminServer {
+    tools = new Map();
+    initialized = false;
+    constructor() {
+        // Server starts uninitialized
+    }
+    /**
+     * Register a tool with the server
+     */
+    registerTool(definition) {
+        this.tools.set(definition.tool.name, definition);
+    }
+    /**
+     * Register multiple tools at once
+     */
+    registerTools(definitions) {
+        for (const def of definitions) {
+            this.registerTool(def);
+        }
+    }
+    /**
+     * Get all registered tools (filtered by permissions and allowedTools)
+     */
+    getTools(permissions, allowedTools) {
+        const visibleTools = [];
+        for (const [, def] of this.tools) {
+            // Check if user has any of the required permissions
+            const hasAccess = def.requiredPermissions.some((perm) => (0, adminApiKeyService_js_1.hasPermission)(permissions, perm));
+            if (!hasAccess) {
+                continue;
+            }
+            // If allowedTools is specified, filter by it
+            if (allowedTools && allowedTools.length > 0) {
+                if (!allowedTools.includes(def.tool.name)) {
+                    continue;
+                }
+            }
+            visibleTools.push(def.tool);
+        }
+        return { tools: visibleTools };
+    }
+    /**
+     * Handle a JSON-RPC request
+     */
+    async handleRequest(request, context) {
+        try {
+            // Validate JSON-RPC structure
+            if (request.jsonrpc !== '2.0') {
+                return this.errorResponse(request.id, types_js_1.JSON_RPC_ERRORS.INVALID_REQUEST);
+            }
+            // Route by method
+            switch (request.method) {
+                case 'initialize':
+                    return this.handleInitialize(request);
+                case 'initialized':
+                    // Client notification that initialization is complete
+                    return this.successResponse(request.id, {});
+                case 'tools/list':
+                    return this.handleToolsList(request, context);
+                case 'tools/call':
+                    return this.handleToolCall(request, context);
+                case 'ping':
+                    return this.successResponse(request.id, {});
+                default:
+                    return this.errorResponse(request.id, types_js_1.JSON_RPC_ERRORS.METHOD_NOT_FOUND);
+            }
+        }
+        catch (error) {
+            console.error('[MCP Admin] Request handling error:', error);
+            return this.errorResponse(request.id, {
+                ...types_js_1.JSON_RPC_ERRORS.INTERNAL_ERROR,
+                data: error instanceof Error ? error.message : String(error),
+            });
+        }
+    }
+    /**
+     * Handle initialize request
+     */
+    handleInitialize(request) {
+        const params = request.params;
+        console.info('[MCP Admin] Initialize request from:', params?.clientInfo?.name);
+        const result = {
+            protocolVersion: PROTOCOL_VERSION,
+            capabilities: {
+                tools: {},
+            },
+            serverInfo: SERVER_INFO,
+        };
+        this.initialized = true;
+        return this.successResponse(request.id, result);
+    }
+    /**
+     * Handle tools/list request
+     */
+    handleToolsList(request, context) {
+        const toolsList = this.getTools(context.permissions, context.allowedTools);
+        console.info('[MCP Admin] Tools list request, returning', toolsList.tools.length, 'tools', context.allowedTools ? `(filtered by ${context.allowedTools.length} allowed tools)` : '');
+        return this.successResponse(request.id, toolsList);
+    }
+    /**
+     * Handle tools/call request
+     */
+    async handleToolCall(request, context) {
+        const params = request.params;
+        if (!params?.name) {
+            return this.errorResponse(request.id, {
+                ...types_js_1.JSON_RPC_ERRORS.INVALID_PARAMS,
+                data: 'Tool name is required',
+            });
+        }
+        const toolDef = this.tools.get(params.name);
+        if (!toolDef) {
+            return this.errorResponse(request.id, {
+                ...types_js_1.JSON_RPC_ERRORS.METHOD_NOT_FOUND,
+                data: `Tool not found: ${params.name}`,
+            });
+        }
+        // Check permissions
+        const hasAccess = toolDef.requiredPermissions.some((perm) => (0, adminApiKeyService_js_1.hasPermission)(context.permissions, perm));
+        if (!hasAccess) {
+            return this.errorResponse(request.id, {
+                code: -32001,
+                message: 'Permission denied',
+                data: `Insufficient permissions for tool: ${params.name}`,
+            });
+        }
+        // Check allowedTools filter
+        if (context.allowedTools && context.allowedTools.length > 0) {
+            if (!context.allowedTools.includes(params.name)) {
+                return this.errorResponse(request.id, {
+                    code: -32002,
+                    message: 'Tool not allowed',
+                    data: `This API key does not have access to tool: ${params.name}`,
+                });
+            }
+        }
+        console.info('[MCP Admin] Tool call:', params.name);
+        try {
+            const result = await toolDef.handler(params.arguments || {}, context);
+            return this.successResponse(request.id, result);
+        }
+        catch (error) {
+            console.error('[MCP Admin] Tool execution error:', error);
+            const errorResult = {
+                content: [
+                    {
+                        type: 'text',
+                        text: error instanceof Error ? error.message : String(error),
+                    },
+                ],
+                isError: true,
+            };
+            return this.successResponse(request.id, errorResult);
+        }
+    }
+    /**
+     * Create a success response
+     */
+    successResponse(id, result) {
+        return {
+            jsonrpc: '2.0',
+            id,
+            result,
+        };
+    }
+    /**
+     * Create an error response
+     */
+    errorResponse(id, error) {
+        return {
+            jsonrpc: '2.0',
+            id,
+            error,
+        };
+    }
+    /**
+     * Check if server is initialized
+     */
+    isInitialized() {
+        return this.initialized;
+    }
+    /**
+     * Reset server state (for testing)
+     */
+    reset() {
+        this.initialized = false;
+    }
+    /**
+     * Get tool count
+     */
+    getToolCount() {
+        return this.tools.size;
+    }
+}
+exports.McpAdminServer = McpAdminServer;
+// Singleton instance
+let serverInstance = null;
+/**
+ * Get the MCP Admin Server singleton instance
+ */
+function getMcpAdminServer() {
+    if (!serverInstance) {
+        serverInstance = new McpAdminServer();
+    }
+    return serverInstance;
+}
+/**
+ * Reset the server instance (for testing)
+ */
+function resetMcpAdminServer() {
+    if (serverInstance) {
+        serverInstance.reset();
+    }
+    serverInstance = null;
+}
+//# sourceMappingURL=mcpAdminServer.js.map