mcp-creatio 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (353) hide show
  1. package/README.md +280 -156
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/cli.js +27 -10
  4. package/dist/cli.js.map +1 -1
  5. package/dist/config-builder.d.ts +8 -0
  6. package/dist/config-builder.d.ts.map +1 -1
  7. package/dist/config-builder.js +147 -43
  8. package/dist/config-builder.js.map +1 -1
  9. package/dist/consts.d.ts.map +1 -1
  10. package/dist/consts.js +2 -1
  11. package/dist/consts.js.map +1 -1
  12. package/dist/creatio/auth/auth-manager.d.ts.map +1 -1
  13. package/dist/creatio/auth/auth-manager.js +5 -2
  14. package/dist/creatio/auth/auth-manager.js.map +1 -1
  15. package/dist/creatio/auth/auth.d.ts +4 -31
  16. package/dist/creatio/auth/auth.d.ts.map +1 -1
  17. package/dist/creatio/auth/auth.js +20 -26
  18. package/dist/creatio/auth/auth.js.map +1 -1
  19. package/dist/creatio/auth/constants.d.ts +14 -0
  20. package/dist/creatio/auth/constants.d.ts.map +1 -0
  21. package/dist/creatio/auth/constants.js +20 -0
  22. package/dist/creatio/auth/constants.js.map +1 -0
  23. package/dist/creatio/auth/contracts.d.ts +15 -0
  24. package/dist/creatio/auth/contracts.d.ts.map +1 -0
  25. package/dist/creatio/auth/contracts.js +3 -0
  26. package/dist/creatio/auth/contracts.js.map +1 -0
  27. package/dist/creatio/auth/headers.d.ts +3 -0
  28. package/dist/creatio/auth/headers.d.ts.map +1 -0
  29. package/dist/creatio/auth/headers.js +15 -0
  30. package/dist/creatio/auth/headers.js.map +1 -0
  31. package/dist/creatio/auth/identity.d.ts +8 -0
  32. package/dist/creatio/auth/identity.d.ts.map +1 -0
  33. package/dist/creatio/auth/identity.js +18 -0
  34. package/dist/creatio/auth/identity.js.map +1 -0
  35. package/dist/creatio/auth/index.d.ts +4 -3
  36. package/dist/creatio/auth/index.d.ts.map +1 -1
  37. package/dist/creatio/auth/index.js +5 -3
  38. package/dist/creatio/auth/index.js.map +1 -1
  39. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +13 -7
  40. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -1
  41. package/dist/creatio/auth/providers/base-oauth2-provider.js +29 -19
  42. package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -1
  43. package/dist/creatio/auth/providers/base-provider.js +1 -1
  44. package/dist/creatio/auth/providers/base-provider.js.map +1 -1
  45. package/dist/creatio/auth/providers/broker-provider.d.ts +20 -0
  46. package/dist/creatio/auth/providers/broker-provider.d.ts.map +1 -0
  47. package/dist/creatio/auth/providers/broker-provider.js +72 -0
  48. package/dist/creatio/auth/providers/broker-provider.js.map +1 -0
  49. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts +27 -0
  50. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts.map +1 -0
  51. package/dist/creatio/auth/providers/creatio-oauth-client.js +122 -0
  52. package/dist/creatio/auth/providers/creatio-oauth-client.js.map +1 -0
  53. package/dist/creatio/auth/providers/index.d.ts +3 -1
  54. package/dist/creatio/auth/providers/index.d.ts.map +1 -1
  55. package/dist/creatio/auth/providers/index.js +3 -1
  56. package/dist/creatio/auth/providers/index.js.map +1 -1
  57. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts +17 -0
  58. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts.map +1 -0
  59. package/dist/creatio/auth/providers/oauth2-bearer-provider.js +33 -0
  60. package/dist/creatio/auth/providers/oauth2-bearer-provider.js.map +1 -0
  61. package/dist/creatio/auth/providers/oauth2-provider.d.ts +2 -2
  62. package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -1
  63. package/dist/creatio/auth/providers/oauth2-provider.js +4 -9
  64. package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -1
  65. package/dist/creatio/auth/providers/type.d.ts +20 -1
  66. package/dist/creatio/auth/providers/type.d.ts.map +1 -1
  67. package/dist/creatio/auth/providers/type.js +22 -2
  68. package/dist/creatio/auth/providers/type.js.map +1 -1
  69. package/dist/creatio/client-config.d.ts +26 -5
  70. package/dist/creatio/client-config.d.ts.map +1 -1
  71. package/dist/creatio/engines/admin-operation-engine.d.ts +1 -1
  72. package/dist/creatio/engines/admin-operation-engine.d.ts.map +1 -1
  73. package/dist/creatio/engines/admin-operation-engine.js +3 -3
  74. package/dist/creatio/engines/admin-operation-engine.js.map +1 -1
  75. package/dist/creatio/engines/configuration-engine.d.ts +1 -1
  76. package/dist/creatio/engines/configuration-engine.d.ts.map +1 -1
  77. package/dist/creatio/engines/configuration-engine.js +3 -3
  78. package/dist/creatio/engines/configuration-engine.js.map +1 -1
  79. package/dist/creatio/engines/crud-engine.d.ts +1 -1
  80. package/dist/creatio/engines/crud-engine.d.ts.map +1 -1
  81. package/dist/creatio/engines/crud-engine.js +4 -4
  82. package/dist/creatio/engines/crud-engine.js.map +1 -1
  83. package/dist/creatio/engines/engine-manager.d.ts +4 -2
  84. package/dist/creatio/engines/engine-manager.d.ts.map +1 -1
  85. package/dist/creatio/engines/engine-manager.js +9 -10
  86. package/dist/creatio/engines/engine-manager.js.map +1 -1
  87. package/dist/creatio/engines/engine.d.ts.map +1 -1
  88. package/dist/creatio/engines/engine.js +12 -1
  89. package/dist/creatio/engines/engine.js.map +1 -1
  90. package/dist/creatio/engines/feature-engine.d.ts +1 -1
  91. package/dist/creatio/engines/feature-engine.d.ts.map +1 -1
  92. package/dist/creatio/engines/feature-engine.js +3 -3
  93. package/dist/creatio/engines/feature-engine.js.map +1 -1
  94. package/dist/creatio/engines/process-engine.d.ts +1 -1
  95. package/dist/creatio/engines/process-engine.d.ts.map +1 -1
  96. package/dist/creatio/engines/process-engine.js +3 -3
  97. package/dist/creatio/engines/process-engine.js.map +1 -1
  98. package/dist/creatio/engines/sys-settings-engine.d.ts +1 -1
  99. package/dist/creatio/engines/sys-settings-engine.d.ts.map +1 -1
  100. package/dist/creatio/engines/sys-settings-engine.js +3 -3
  101. package/dist/creatio/engines/sys-settings-engine.js.map +1 -1
  102. package/dist/creatio/engines/user-engine.d.ts +1 -1
  103. package/dist/creatio/engines/user-engine.d.ts.map +1 -1
  104. package/dist/creatio/engines/user-engine.js +3 -3
  105. package/dist/creatio/engines/user-engine.js.map +1 -1
  106. package/dist/creatio/provider-context.d.ts +3 -0
  107. package/dist/creatio/provider-context.d.ts.map +1 -1
  108. package/dist/creatio/services/client-cache-hash-client.d.ts +22 -0
  109. package/dist/creatio/services/client-cache-hash-client.d.ts.map +1 -0
  110. package/dist/creatio/services/client-cache-hash-client.js +56 -0
  111. package/dist/creatio/services/client-cache-hash-client.js.map +1 -0
  112. package/dist/creatio/services/creatio-service-context.d.ts +6 -1
  113. package/dist/creatio/services/creatio-service-context.d.ts.map +1 -1
  114. package/dist/creatio/services/creatio-service-context.js +15 -1
  115. package/dist/creatio/services/creatio-service-context.js.map +1 -1
  116. package/dist/creatio/services/crud-provider-factory.d.ts +4 -0
  117. package/dist/creatio/services/crud-provider-factory.d.ts.map +1 -1
  118. package/dist/creatio/services/crud-provider-factory.js +1 -1
  119. package/dist/creatio/services/crud-provider-factory.js.map +1 -1
  120. package/dist/creatio/services/dataservice/data-service-column-values.d.ts.map +1 -1
  121. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts +5 -3
  122. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts.map +1 -1
  123. package/dist/creatio/services/dataservice/data-service-crud-provider.js +8 -6
  124. package/dist/creatio/services/dataservice/data-service-crud-provider.js.map +1 -1
  125. package/dist/creatio/services/dataservice/data-service-filter-translator.d.ts.map +1 -1
  126. package/dist/creatio/services/dataservice/data-service-filter-translator.js +7 -2
  127. package/dist/creatio/services/dataservice/data-service-filter-translator.js.map +1 -1
  128. package/dist/creatio/services/dataservice/data-service-query-builder.d.ts.map +1 -1
  129. package/dist/creatio/services/dataservice/data-service-query-builder.js.map +1 -1
  130. package/dist/creatio/services/dataservice/data-service-schema.d.ts +6 -4
  131. package/dist/creatio/services/dataservice/data-service-schema.d.ts.map +1 -1
  132. package/dist/creatio/services/dataservice/data-service-schema.js +29 -18
  133. package/dist/creatio/services/dataservice/data-service-schema.js.map +1 -1
  134. package/dist/creatio/services/dataservice/data-service-transport.d.ts +4 -1
  135. package/dist/creatio/services/dataservice/data-service-transport.d.ts.map +1 -1
  136. package/dist/creatio/services/dataservice/data-service-transport.js +8 -3
  137. package/dist/creatio/services/dataservice/data-service-transport.js.map +1 -1
  138. package/dist/creatio/services/dataservice/data-service-types.d.ts +0 -19
  139. package/dist/creatio/services/dataservice/data-service-types.d.ts.map +1 -1
  140. package/dist/creatio/services/dataservice/data-service-value-type.d.ts +2 -1
  141. package/dist/creatio/services/dataservice/data-service-value-type.d.ts.map +1 -1
  142. package/dist/creatio/services/dataservice/data-service-value-type.js +20 -16
  143. package/dist/creatio/services/dataservice/data-service-value-type.js.map +1 -1
  144. package/dist/creatio/services/http-client.d.ts +13 -0
  145. package/dist/creatio/services/http-client.d.ts.map +1 -1
  146. package/dist/creatio/services/http-client.js +26 -2
  147. package/dist/creatio/services/http-client.js.map +1 -1
  148. package/dist/creatio/services/identifiers.d.ts +10 -0
  149. package/dist/creatio/services/identifiers.d.ts.map +1 -0
  150. package/dist/creatio/services/identifiers.js +20 -0
  151. package/dist/creatio/services/identifiers.js.map +1 -0
  152. package/dist/creatio/services/index.d.ts +2 -0
  153. package/dist/creatio/services/index.d.ts.map +1 -1
  154. package/dist/creatio/services/index.js +2 -0
  155. package/dist/creatio/services/index.js.map +1 -1
  156. package/dist/creatio/services/odata/metadata-store.d.ts +16 -3
  157. package/dist/creatio/services/odata/metadata-store.d.ts.map +1 -1
  158. package/dist/creatio/services/odata/metadata-store.js +65 -38
  159. package/dist/creatio/services/odata/metadata-store.js.map +1 -1
  160. package/dist/creatio/services/odata/odata-crud-provider.d.ts.map +1 -1
  161. package/dist/creatio/services/odata/odata-crud-provider.js +10 -25
  162. package/dist/creatio/services/odata/odata-crud-provider.js.map +1 -1
  163. package/dist/creatio/services/odata/odata-query-translator.d.ts +4 -5
  164. package/dist/creatio/services/odata/odata-query-translator.d.ts.map +1 -1
  165. package/dist/creatio/services/odata/odata-query-translator.js +32 -20
  166. package/dist/creatio/services/odata/odata-query-translator.js.map +1 -1
  167. package/dist/creatio/services/schema-freshness-gate.d.ts +26 -0
  168. package/dist/creatio/services/schema-freshness-gate.d.ts.map +1 -0
  169. package/dist/creatio/services/schema-freshness-gate.js +58 -0
  170. package/dist/creatio/services/schema-freshness-gate.js.map +1 -0
  171. package/dist/creatio/services/user-info-provider.d.ts.map +1 -1
  172. package/dist/creatio/services/user-info-provider.js +2 -2
  173. package/dist/creatio/services/user-info-provider.js.map +1 -1
  174. package/dist/index.js +35 -4
  175. package/dist/index.js.map +1 -1
  176. package/dist/log.d.ts +1 -1
  177. package/dist/log.d.ts.map +1 -1
  178. package/dist/log.js +6 -2
  179. package/dist/log.js.map +1 -1
  180. package/dist/server/bearer/base-url-guard.d.ts +20 -0
  181. package/dist/server/bearer/base-url-guard.d.ts.map +1 -0
  182. package/dist/server/bearer/base-url-guard.js +55 -0
  183. package/dist/server/bearer/base-url-guard.js.map +1 -0
  184. package/dist/server/bearer/bearer-edge.d.ts +42 -0
  185. package/dist/server/bearer/bearer-edge.d.ts.map +1 -0
  186. package/dist/server/bearer/bearer-edge.js +122 -0
  187. package/dist/server/bearer/bearer-edge.js.map +1 -0
  188. package/dist/server/bearer/bearer-token.d.ts +27 -0
  189. package/dist/server/bearer/bearer-token.d.ts.map +1 -0
  190. package/dist/server/bearer/bearer-token.js +50 -0
  191. package/dist/server/bearer/bearer-token.js.map +1 -0
  192. package/dist/server/bearer/index.d.ts +3 -0
  193. package/dist/server/bearer/index.d.ts.map +1 -0
  194. package/dist/server/bearer/index.js +19 -0
  195. package/dist/server/bearer/index.js.map +1 -0
  196. package/dist/server/http/auth-edge.d.ts +26 -0
  197. package/dist/server/http/auth-edge.d.ts.map +1 -0
  198. package/dist/server/http/auth-edge.js +75 -0
  199. package/dist/server/http/auth-edge.js.map +1 -0
  200. package/dist/server/http/broker-handlers.d.ts +45 -0
  201. package/dist/server/http/broker-handlers.d.ts.map +1 -0
  202. package/dist/server/http/broker-handlers.js +224 -0
  203. package/dist/server/http/broker-handlers.js.map +1 -0
  204. package/dist/server/http/{httpServer.d.ts → http-server.d.ts} +5 -13
  205. package/dist/server/http/http-server.d.ts.map +1 -0
  206. package/dist/server/http/{httpServer.js → http-server.js} +19 -53
  207. package/dist/server/http/http-server.js.map +1 -0
  208. package/dist/server/http/index.d.ts +1 -3
  209. package/dist/server/http/index.d.ts.map +1 -1
  210. package/dist/server/http/index.js +1 -3
  211. package/dist/server/http/index.js.map +1 -1
  212. package/dist/server/http/mcp-handlers.d.ts.map +1 -1
  213. package/dist/server/http/mcp-handlers.js +16 -3
  214. package/dist/server/http/mcp-handlers.js.map +1 -1
  215. package/dist/server/http/middleware.d.ts +3 -4
  216. package/dist/server/http/middleware.d.ts.map +1 -1
  217. package/dist/server/http/middleware.js +33 -23
  218. package/dist/server/http/middleware.js.map +1 -1
  219. package/dist/server/http/public-origin.d.ts +10 -0
  220. package/dist/server/http/public-origin.d.ts.map +1 -0
  221. package/dist/server/http/public-origin.js +19 -0
  222. package/dist/server/http/public-origin.js.map +1 -0
  223. package/dist/server/http/rate-limiter.d.ts +1 -1
  224. package/dist/server/http/rate-limiter.d.ts.map +1 -1
  225. package/dist/server/http/rate-limiter.js +11 -11
  226. package/dist/server/http/rate-limiter.js.map +1 -1
  227. package/dist/server/http-agent.d.ts +9 -0
  228. package/dist/server/http-agent.d.ts.map +1 -0
  229. package/dist/server/http-agent.js +35 -0
  230. package/dist/server/http-agent.js.map +1 -0
  231. package/dist/server/index.d.ts +2 -0
  232. package/dist/server/index.d.ts.map +1 -1
  233. package/dist/server/index.js +2 -0
  234. package/dist/server/index.js.map +1 -1
  235. package/dist/server/keepalive.d.ts +26 -0
  236. package/dist/server/keepalive.d.ts.map +1 -0
  237. package/dist/server/keepalive.js +64 -0
  238. package/dist/server/keepalive.js.map +1 -0
  239. package/dist/server/mcp/creatio-rest.d.ts +6 -0
  240. package/dist/server/mcp/creatio-rest.d.ts.map +1 -1
  241. package/dist/server/mcp/creatio-rest.js +21 -3
  242. package/dist/server/mcp/creatio-rest.js.map +1 -1
  243. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts +1 -1
  244. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts.map +1 -1
  245. package/dist/server/mcp/crtmcp/crt-mcp-client.js +16 -13
  246. package/dist/server/mcp/crtmcp/crt-mcp-client.js.map +1 -1
  247. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts +2 -2
  248. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts.map +1 -1
  249. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js +17 -17
  250. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js.map +1 -1
  251. package/dist/server/mcp/dataforge/dataforge-client.d.ts +12 -12
  252. package/dist/server/mcp/dataforge/dataforge-client.d.ts.map +1 -1
  253. package/dist/server/mcp/dataforge/dataforge-client.js +40 -47
  254. package/dist/server/mcp/dataforge/dataforge-client.js.map +1 -1
  255. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts +2 -2
  256. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts.map +1 -1
  257. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js +9 -9
  258. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js.map +1 -1
  259. package/dist/server/mcp/filters.d.ts.map +1 -1
  260. package/dist/server/mcp/filters.js +4 -1
  261. package/dist/server/mcp/filters.js.map +1 -1
  262. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts +4 -4
  263. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts.map +1 -1
  264. package/dist/server/mcp/globalsearch/globalsearch-client.js +39 -50
  265. package/dist/server/mcp/globalsearch/globalsearch-client.js.map +1 -1
  266. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts +1 -1
  267. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts.map +1 -1
  268. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js +1 -1
  269. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js.map +1 -1
  270. package/dist/server/mcp/server.d.ts +35 -8
  271. package/dist/server/mcp/server.d.ts.map +1 -1
  272. package/dist/server/mcp/server.js +113 -45
  273. package/dist/server/mcp/server.js.map +1 -1
  274. package/dist/server/mcp/tools-data.d.ts +2 -2
  275. package/dist/server/mcp/tools-data.d.ts.map +1 -1
  276. package/dist/server/mcp/tools-data.js +1 -1
  277. package/dist/server/mcp/tools-data.js.map +1 -1
  278. package/dist/server/oauth/oauth-server.d.ts +41 -10
  279. package/dist/server/oauth/oauth-server.d.ts.map +1 -1
  280. package/dist/server/oauth/oauth-server.js +82 -48
  281. package/dist/server/oauth/oauth-server.js.map +1 -1
  282. package/dist/server/oauth/storage.d.ts +42 -5
  283. package/dist/server/oauth/storage.d.ts.map +1 -1
  284. package/dist/server/oauth/storage.js +81 -18
  285. package/dist/server/oauth/storage.js.map +1 -1
  286. package/dist/server/oauth/token-manager.d.ts +21 -4
  287. package/dist/server/oauth/token-manager.d.ts.map +1 -1
  288. package/dist/server/oauth/token-manager.js +18 -19
  289. package/dist/server/oauth/token-manager.js.map +1 -1
  290. package/dist/server/oauth/types.d.ts +0 -12
  291. package/dist/server/oauth/types.d.ts.map +1 -1
  292. package/dist/server/oauth/validators.d.ts.map +1 -1
  293. package/dist/server/oauth/validators.js +14 -5
  294. package/dist/server/oauth/validators.js.map +1 -1
  295. package/dist/sessions/index.d.ts +1 -1
  296. package/dist/sessions/index.d.ts.map +1 -1
  297. package/dist/sessions/index.js +1 -1
  298. package/dist/sessions/index.js.map +1 -1
  299. package/dist/sessions/redis-token-store.d.ts +22 -0
  300. package/dist/sessions/redis-token-store.d.ts.map +1 -0
  301. package/dist/sessions/redis-token-store.js +70 -0
  302. package/dist/sessions/redis-token-store.js.map +1 -0
  303. package/dist/sessions/session-context.d.ts +21 -40
  304. package/dist/sessions/session-context.d.ts.map +1 -1
  305. package/dist/sessions/session-context.js +25 -105
  306. package/dist/sessions/session-context.js.map +1 -1
  307. package/dist/sessions/token-crypto.d.ts +8 -0
  308. package/dist/sessions/token-crypto.d.ts.map +1 -0
  309. package/dist/sessions/token-crypto.js +43 -0
  310. package/dist/sessions/token-crypto.js.map +1 -0
  311. package/dist/sessions/token-store.d.ts +42 -0
  312. package/dist/sessions/token-store.d.ts.map +1 -0
  313. package/dist/sessions/token-store.js +66 -0
  314. package/dist/sessions/token-store.js.map +1 -0
  315. package/dist/utils/context.d.ts +12 -0
  316. package/dist/utils/context.d.ts.map +1 -1
  317. package/dist/utils/context.js +16 -0
  318. package/dist/utils/context.js.map +1 -1
  319. package/dist/utils/env-aliases.d.ts +9 -0
  320. package/dist/utils/env-aliases.d.ts.map +1 -0
  321. package/dist/utils/env-aliases.js +61 -0
  322. package/dist/utils/env-aliases.js.map +1 -0
  323. package/dist/utils/env.d.ts +5 -0
  324. package/dist/utils/env.d.ts.map +1 -1
  325. package/dist/utils/env.js +10 -1
  326. package/dist/utils/env.js.map +1 -1
  327. package/dist/utils/index.d.ts +1 -0
  328. package/dist/utils/index.d.ts.map +1 -1
  329. package/dist/utils/index.js +1 -0
  330. package/dist/utils/index.js.map +1 -1
  331. package/dist/utils/redact.d.ts +25 -0
  332. package/dist/utils/redact.d.ts.map +1 -0
  333. package/dist/utils/redact.js +64 -0
  334. package/dist/utils/redact.js.map +1 -0
  335. package/package.json +78 -76
  336. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +0 -21
  337. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +0 -1
  338. package/dist/creatio/auth/providers/oauth2-code-provider.js +0 -251
  339. package/dist/creatio/auth/providers/oauth2-code-provider.js.map +0 -1
  340. package/dist/server/http/creatio-oauth-handlers.d.ts +0 -13
  341. package/dist/server/http/creatio-oauth-handlers.d.ts.map +0 -1
  342. package/dist/server/http/creatio-oauth-handlers.js +0 -160
  343. package/dist/server/http/creatio-oauth-handlers.js.map +0 -1
  344. package/dist/server/http/httpServer.d.ts.map +0 -1
  345. package/dist/server/http/httpServer.js.map +0 -1
  346. package/dist/server/http/mcp-oauth-handlers.d.ts +0 -11
  347. package/dist/server/http/mcp-oauth-handlers.d.ts.map +0 -1
  348. package/dist/server/http/mcp-oauth-handlers.js +0 -118
  349. package/dist/server/http/mcp-oauth-handlers.js.map +0 -1
  350. package/dist/sessions/token-refresh-scheduler.d.ts +0 -16
  351. package/dist/sessions/token-refresh-scheduler.d.ts.map +0 -1
  352. package/dist/sessions/token-refresh-scheduler.js +0 -66
  353. package/dist/sessions/token-refresh-scheduler.js.map +0 -1
package/README.md CHANGED
@@ -4,62 +4,63 @@
4
4
  [![Docker pulls](https://img.shields.io/docker/pulls/crackish/mcp-creatio)](https://hub.docker.com/r/crackish/mcp-creatio)
5
5
  [![License](https://img.shields.io/github/license/CRACKISH/mcp-creatio)](LICENSE)
6
6
 
7
- Model Context Protocol (MCP) server for Creatio (https://www.creatio.com/) to connect Claude Desktop, ChatGPT, GitHub Copilot, and other AI tools to Creatio data.
7
+ Model Context Protocol (MCP) server for [Creatio](https://www.creatio.com/) connect Claude
8
+ Desktop, ChatGPT, GitHub Copilot, and other AI tools to your Creatio data, schema, and processes.
8
9
 
9
- Also discoverable as:
10
+ > Also discoverable as: _Creatio MCP server_ · _MCP server for Creatio CRM_ · _Model Context
11
+ > Protocol for Creatio_.
10
12
 
11
- - Creatio MCP server
12
- - MCP server for Creatio CRM
13
- - Model Context Protocol for Creatio
13
+ ---
14
14
 
15
- ## Overview
15
+ ## Contents
16
16
 
17
- - Exposes Creatio data as MCP tools for MCP-compatible clients (Claude Desktop, ChatGPT Connectors, GitHub Copilot)
18
- - Supports reading, creating, updating, deleting records and inspecting schema
19
- - Execute Creatio business processes with parameters
20
- - Selectable data backend: Creatio DataService (default) or OData v4 (`CREATIO_CRUD_BACKEND`)
17
+ - [What it does](#what-it-does)
18
+ - [Quick start](#quick-start)
19
+ - [Authentication](#authentication)
20
+ - [Configuration](#configuration)
21
+ - [CRUD backend](#crud-backend)
22
+ - [Tools](#tools)
23
+ - [Docker](#docker)
21
24
 
22
- ## Features
25
+ ---
23
26
 
24
- - **CRUD operations**: read, create, update, delete Creatio records
25
- - **Schema discovery**: list entity sets and inspect entity schemas
26
- - **Business processes**: run Creatio workflows with parameters
27
- - **System settings**: read, write, and manage system setting metadata
28
- - **Feature toggles**: manage `Feature` / `AdminUnitFeatureState` and refresh the feature cache. ⚠️ Only DB-backed features are reachable — features defined exclusively in `web.config` or other non-DB providers are invisible to MCP.
29
- - **System operations**: manage `SysAdminOperation` and per-user/role grants (Creatio blocks these tables for OData modifications, so dedicated tools are provided)
30
- - **Custom services**: invoke any configuration-package REST service (`/0/rest/<service>/<method>`) when no dedicated tool fits
31
- - **AI assistant compatibility**: Claude Desktop, ChatGPT Connectors, GitHub Copilot
32
- - **Three authentication modes**: Legacy login/password, OAuth2 client credentials, OAuth2 authorization code
33
- - **Built-in OAuth server**: Automatic MCP client authentication
34
- - **Docker ready**: Multi-arch images available
27
+ ## What it does
35
28
 
36
- ## Run Modes
29
+ - **CRUD + schema** — read, create, update, delete records; list entity sets; inspect schemas.
30
+ - **Business processes** — run Creatio workflows with parameters.
31
+ - **System settings** — read, write, and manage system-setting metadata.
32
+ - **Feature toggles** — manage `Feature` / `AdminUnitFeatureState` and refresh the feature cache.
33
+ ⚠️ Only DB-backed features are reachable (those defined solely in `web.config` are invisible).
34
+ - **System operations** — manage `SysAdminOperation` and per-user/role grants (OData blocks these
35
+ tables, so dedicated tools are provided).
36
+ - **Custom services** — invoke any configuration-package REST service (`/0/rest/<service>/<method>`)
37
+ when no dedicated tool fits.
38
+ - **Selectable data backend** — Creatio DataService (default) or OData v4 (`CREATIO_MCP_CRUD_BACKEND`).
39
+ - **Optional semantic layers** — DataForge and Global Search tools auto-register when the instance
40
+ supports them.
37
41
 
38
- This project supports two runtime modes:
42
+ Works with Claude Desktop, ChatGPT Connectors, GitHub Copilot, and any MCP-compatible client.
39
43
 
40
- ### 1. CLI Mode (`stdio`)
44
+ ---
41
45
 
42
- Use this mode for MCP clients that launch a command directly (VS Code MCP, Claude Desktop, etc.).
46
+ ## Quick start
43
47
 
44
- - No HTTP endpoint needed
45
- - Easiest local setup
46
- - Supports Legacy auth and OAuth2 Client Credentials
47
- - OAuth2 Authorization Code is **not** supported in `stdio` mode
48
+ The server runs in one of two transports. **Pick by how your client connects**, then pick an
49
+ [authentication](#authentication) method.
48
50
 
49
- Run directly from npm:
51
+ ### stdio (single-user, local)
52
+
53
+ For clients that launch a command directly (VS Code MCP, Claude Desktop). Single Creatio identity
54
+ per process; authenticate with **client credentials** or **legacy** login.
50
55
 
51
56
  ```bash
52
57
  npx -y mcp-creatio@latest \
53
58
  --base-url https://your-creatio.com \
54
- --login your_login \
55
- --password your_password
59
+ --login your_login --password your_password
56
60
  ```
57
61
 
58
- `stdio` logs are disabled by default. To enable them, set `MCP_CREATIO_LOG_LEVEL` or pass `--log-level info`.
59
-
60
- VS Code MCP config (command-based):
61
-
62
- ```json
62
+ ```jsonc
63
+ // VS Code / Claude Desktop (command-based)
63
64
  {
64
65
  "creatio": {
65
66
  "command": "npx",
@@ -71,162 +72,252 @@ VS Code MCP config (command-based):
71
72
  "--login",
72
73
  "your_login",
73
74
  "--password",
74
- "your_password"
75
- ]
76
- }
75
+ "your_password",
76
+ ],
77
+ },
77
78
  }
78
79
  ```
79
80
 
80
- Local repo command (without publishing):
81
+ > stdio logs are silent by default — enable with `--log-level info` or `CREATIO_MCP_LOG_LEVEL`.
82
+
83
+ ### HTTP (multi-user, hosted)
84
+
85
+ For clients that connect by URL, and for multi-user / hosted deployments. This transport serves the
86
+ `broker`, `delegated`, and `gateway` auth modes (see [Authentication](#authentication)).
81
87
 
82
88
  ```bash
83
- npm run start:stdio -- --base-url https://your-creatio.com --login your_login --password your_password
89
+ npm start # serves http://localhost:3000/mcp
84
90
  ```
85
91
 
86
- ### 2. Server Mode (`http`)
92
+ ```jsonc
93
+ { "creatio": { "type": "http", "url": "http://localhost:3000/mcp" } }
94
+ ```
95
+
96
+ ---
97
+
98
+ ## Authentication
99
+
100
+ One unified selector — `CREATIO_MCP_AUTH_MODE` — picks how a request proves its Creatio identity.
101
+ When unset it is inferred from the credentials you provide. The HTTP modes are multi-user; stdio is
102
+ single-user.
87
103
 
88
- Use this mode when your client connects by URL (for example `http://localhost:3000/mcp`).
104
+ | Mode | Transport | How identity is established | When to use |
105
+ | ------------------------ | ------------ | ----------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
106
+ | **`broker`** | HTTP | The MCP is its own OAuth server: it walks the user through Creatio login and holds their tokens | **Standalone direct clients** (Claude Desktop / ChatGPT) — connect → authorize → work as you |
107
+ | **`delegated`** | HTTP | The client brings a Creatio token; the MCP validates expiry and passes it through | Clients that obtain a Creatio token themselves / behind an external AS |
108
+ | **`gateway`** | HTTP | A trusted Control-Plane injects the token per request | Behind the Creatio.ai Control-Plane (multi-tenant) |
109
+ | **`client_credentials`** | stdio / HTTP | One service account (`client_id` / `secret`) | M2M / single service identity |
110
+ | **`legacy`** | stdio / HTTP | One user (login / password) | Local / legacy instances |
89
111
 
90
- - Exposes HTTP endpoint: `/mcp`
91
- - Required for OAuth2 Authorization Code flow
92
- - Works well with Docker and remote deployments
112
+ > The MCP issues Creatio tokens of its own only in `broker` mode (where it must, to drive the
113
+ > login). `delegated`/`gateway` pass tokens through; `client_credentials`/`legacy` use a single
114
+ > server-side identity.
93
115
 
94
- Start server:
116
+ > **Trust model.** `delegated` and `gateway` are **fully-trusted-environment** modes: the MCP does
117
+ > NOT cryptographically verify the incoming Bearer — Creatio remains the authority and rejects bad
118
+ > tokens on the API call — so the request's `userKey` is an unverified, logging-only identity. Run
119
+ > them only where the caller is trusted (`gateway`: behind the Creatio.ai Control-Plane;
120
+ > `delegated`: a trusted client on a trusted network / your own proxy). For an **untrusted direct
121
+ > external client** that needs the MCP itself to verify identity, use `broker` — there the MCP
122
+ > issues and verifies its own audience-bound (`aud`/`iss`) tokens.
123
+
124
+ ### `broker` — the "connect & authorize" UX for direct clients
125
+
126
+ The MCP acts as an OAuth 2.1 authorization server for its clients (dynamic registration, authorize,
127
+ token) and brokers the actual login to Creatio via authorization_code with PKCE. The client only
128
+ ever talks to the MCP, so this works even though Creatio offers no dynamic client registration — and
129
+ the client never needs to reach Creatio's TLS endpoint directly.
130
+
131
+ The tokens the MCP issues to clients are **audience-bound** (`aud` = this deployment's `/mcp`
132
+ resource, `iss` = its origin), so a token minted by one deployment is rejected by another even when
133
+ they share a secret. The MCP also supports the **`refresh_token` grant** (rotating), so a client
134
+ gets a fresh access token without re-running the browser flow every hour — for as long as the MCP
135
+ still holds that user's Creatio tokens.
95
136
 
96
137
  ```bash
97
- npm start
138
+ CREATIO_MCP_AUTH_MODE=broker
139
+ CREATIO_CLIENT_ID=your_creatio_oauth_app_client_id # the Creatio "On behalf of a user" app
140
+ CREATIO_MCP_JWT_SECRET=a-long-random-secret-min-32 # signs the tokens the MCP issues to clients
141
+ # CREATIO_CLIENT_SECRET=... # only for a confidential Creatio app (omit for public/PKCE)
98
142
  ```
99
143
 
100
- Then connect using URL:
144
+ > **`CREATIO_MCP_JWT_SECRET`** must be **at least 32 characters** (HS256 security rests entirely on
145
+ > its entropy — a shorter value is rejected at startup). In **production** (`NODE_ENV=production`) it
146
+ > is **required** (the server fails closed if unset). Outside production an unset secret yields a
147
+ > random one so a local run needs no setup — but the tokens the MCP issues are then invalidated on
148
+ > every restart and are not valid across multiple instances, so **set a stable secret for production
149
+ > or any horizontally-scaled deployment.**
150
+
151
+ **Persistence / horizontal scaling (broker holds users' Creatio tokens).** By default those tokens
152
+ live in-process — fine for a single instance, but lost on restart and not shared across replicas.
153
+ For production set a **Redis** token store: tokens are encrypted at rest (AES-256-GCM) and survive
154
+ restarts, so the broker becomes stateless and horizontally scalable.
155
+
156
+ ```bash
157
+ CREATIO_MCP_TOKEN_STORE=redis
158
+ CREATIO_MCP_REDIS_URL=redis://your-redis:6379
159
+ # CREATIO_MCP_TOKEN_ENC_KEY=... # optional; encryption key, else derived from CREATIO_MCP_JWT_SECRET
160
+ ```
161
+
162
+ **Logout / revocation.** The broker exposes an **RFC 7009** `POST /revoke` endpoint (advertised as
163
+ `revocation_endpoint` in the AS metadata): presenting an issued token revokes the user's Creatio
164
+ token upstream (`/connect/revocation`, best-effort) and purges the server-side Creatio tokens and
165
+ issued refresh tokens. It always answers `200` (no token-validity oracle).
166
+
167
+ Register the Creatio app in System Designer → _OAuth 2.0 applications_ → _On behalf of a user_, and
168
+ add the MCP callback (`http://localhost:3000/oauth/callback` for a local run) to its redirect URIs.
101
169
 
102
- ```json
170
+ ### `delegated` (default when nothing else is set)
171
+
172
+ Pure resource server: each `/mcp` request must carry a Creatio access token; the MCP advertises the
173
+ authorization server (Creatio Identity) via **RFC 9728** and challenges unauthenticated requests, so
174
+ the client logs in directly against Creatio. Needs no server-side credentials. The token is passed
175
+ through unverified (Creatio is the authority) — a **trusted-environment** mode (see the trust note
176
+ above).
177
+
178
+ **What the client sends.** The MCP **client** attaches the Creatio access token as a Bearer header
179
+ on every `/mcp` request. In a client that supports static headers:
180
+
181
+ ```jsonc
103
182
  {
104
183
  "creatio": {
105
184
  "type": "http",
106
- "url": "http://localhost:3000/mcp"
107
- }
185
+ "url": "http://localhost:3000/mcp",
186
+ "headers": { "Authorization": "Bearer <CREATIO_ACCESS_TOKEN>" },
187
+ },
108
188
  }
109
189
  ```
110
190
 
111
- ## Configuration
191
+ Server side, just select the mode (no credentials needed):
112
192
 
113
- | Variable | Description |
114
- | ---------------------------- | -------------------------------------------------------------------- |
115
- | `CREATIO_BASE_URL` | **Required**. Creatio instance URL (e.g. `https://your-creatio.com`) |
116
- | `CREATIO_LOGIN` | Username for legacy auth |
117
- | `CREATIO_PASSWORD` | Password for legacy auth |
118
- | `CREATIO_CLIENT_ID` | OAuth2 client credentials ID |
119
- | `CREATIO_CLIENT_SECRET` | OAuth2 client credentials secret |
120
- | `CREATIO_ID_BASE_URL` | Identity Service URL (if separate from main Creatio instance) |
121
- | `CREATIO_CODE_CLIENT_ID` | OAuth2 authorization code client ID |
122
- | `CREATIO_CODE_CLIENT_SECRET` | OAuth2 authorization code client secret |
123
- | `CREATIO_CODE_REDIRECT_URI` | OAuth2 redirect URI (e.g. `http://localhost:3000/oauth/callback`) |
124
- | `CREATIO_CODE_SCOPE` | OAuth2 scope (e.g. `offline_access ApplicationAccess_yourappguid`) |
125
- | `CREATIO_CRUD_BACKEND` | CRUD data API: `dataservice` (default) or `odata` |
126
- | `READONLY_MODE` | Set `true` to disable create/update/delete operations |
127
- | `DISABLE_DATAFORGE` | Set `true` to never probe/register DataForge tools (even if available) |
128
- | `DISABLE_GLOBAL_SEARCH` | Set `true` to never probe/register the Global Search tool |
129
- | `MCP_TRANSPORT` | Docker only: `http` (default) or `stdio` — selects the run mode |
130
- | `PORT` | HTTP mode listen port (default `3000`) |
131
- | `MCP_CREATIO_LOG_LEVEL` | Log verbosity: `silent` (default), `error`, `warn`, `info` |
132
-
133
- > **Disabling optional capabilities.** DataForge and Global Search are auto-detected at
134
- > startup and their tools registered only when the environment supports them. Set
135
- > `DISABLE_DATAFORGE=true` / `DISABLE_GLOBAL_SEARCH=true` to skip the probe **and** the tools
136
- > entirely — useful when a capability exists on the instance but you don't want to expose it
137
- > (e.g. to keep the tool surface small / avoid spending tokens on it).
138
-
139
- ### CRUD backend
193
+ ```bash
194
+ CREATIO_MCP_AUTH_MODE=delegated
195
+ CREATIO_BASE_URL=https://your-creatio.com
196
+ ```
140
197
 
141
- CRUD tools (`read`, `create`, `update`, `delete`, `list-entities`, `describe-entity`) run on a
142
- selectable data API, chosen once per deployment via `CREATIO_CRUD_BACKEND`:
198
+ A request with **no** `Authorization` header gets `401` with a `WWW-Authenticate` challenge pointing
199
+ at Creatio Identity (RFC 9728), so a compliant client knows where to log in.
143
200
 
144
- - **`dataservice`** (default) — Creatio's native DataService.
145
- - **`odata`** — Creatio OData v4. Also enables the OData-only `read` extras (`filter` raw
146
- `$filter` string, `expand`).
201
+ ### `gateway`
147
202
 
148
- Either way you query through the same tool surface: prefer the structured `filters` parameter
149
- it works unchanged on both backends.
203
+ A trusted fronting service (Creatio.ai Control-Plane) injects the Bearer; the MCP trusts and uses
204
+ it. The optional `X-Creatio-Base-Url` header routes a request to a specific Creatio instance
205
+ (multi-tenant) — honored only in this mode. Because that override decides where the request's Bearer
206
+ is sent, it is validated: set **`CREATIO_MCP_ALLOWED_BASE_URLS`** (comma-separated origins) to
207
+ restrict it to your tenants. When unset, any `http(s)` host is accepted (trusting the gateway) except
208
+ the cloud-metadata link-local address, which is always blocked (SSRF guard).
150
209
 
151
- ## Authentication Modes
210
+ **Who sends what.** Unlike `delegated`, the end client talks to the **gateway**, not to the MCP — so
211
+ the **gateway** is what injects the per-request headers. On each forwarded `/mcp` call it sends:
152
212
 
153
- Choose one of three ways to authenticate with Creatio:
213
+ ```http
214
+ POST /mcp HTTP/1.1
215
+ Authorization: Bearer <CREATIO_ACCESS_TOKEN> # required — the tenant's Creatio token
216
+ X-Creatio-Base-Url: https://tenant-a.creatio.com # optional — pick the tenant's instance (multi-tenant)
217
+ ```
154
218
 
155
- ### 1. Legacy (Username/Password)
219
+ Server side:
156
220
 
157
221
  ```bash
158
- CREATIO_LOGIN=YourLogin
159
- CREATIO_PASSWORD=YourPassword
222
+ CREATIO_MCP_AUTH_MODE=gateway
223
+ CREATIO_BASE_URL=https://default-creatio.com # fallback when no X-Creatio-Base-Url
224
+ CREATIO_MCP_ALLOWED_BASE_URLS=https://tenant-a.creatio.com,https://tenant-b.creatio.com # SSRF allowlist
160
225
  ```
161
226
 
162
- ### 2. OAuth2 Client Credentials
163
-
164
- For server-to-server authentication. [Setup guide →](https://academy.creatio.com/docs/8.x/dev/development-on-creatio-platform/integrations-and-api/authentication/oauth-2-0-authorization/identity-service-overview)
227
+ Smoke-test it directly with `curl` (mint a token out-of-band first):
165
228
 
166
229
  ```bash
167
- CREATIO_CLIENT_ID=your_client_id
168
- CREATIO_CLIENT_SECRET=your_client_secret
230
+ curl -sS http://localhost:3000/mcp \
231
+ -H "Authorization: Bearer $CREATIO_ACCESS_TOKEN" \
232
+ -H "X-Creatio-Base-Url: https://tenant-a.creatio.com" \
233
+ -H 'Content-Type: application/json' -H 'Accept: application/json, text/event-stream' \
234
+ -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get-current-user-info","arguments":{}}}'
169
235
  ```
170
236
 
171
- ### 3. OAuth2 Authorization Code
237
+ > **Only the Bearer token is injected** — not arbitrary credentials. The gateway owns auth: it should
238
+ > exchange whatever it holds (SSO, cookie, etc.) into a Creatio OAuth access token **before** calling
239
+ > the MCP. (Injecting other credential shapes, e.g. cookie/basic per tenant, is intentionally out of
240
+ > scope for now.)
172
241
 
173
- For user-delegated access with web authorization. [Setup guide →](https://academy.creatio.com/docs/8.x/dev/development-on-creatio-platform/integrations-and-api/authentication/oauth-2-0-authorization/authorization-code-grant)
242
+ ### `client_credentials` / `legacy`
174
243
 
175
244
  ```bash
176
- CREATIO_CODE_CLIENT_ID=your_client_id
177
- CREATIO_CODE_CLIENT_SECRET=your_client_secret
178
- CREATIO_CODE_REDIRECT_URI=http://localhost:3000/oauth/callback
179
- CREATIO_CODE_SCOPE="offline_access ApplicationAccess_yourappguid"
245
+ CREATIO_CLIENT_ID=your_client_id # client_credentials
246
+ CREATIO_CLIENT_SECRET=your_client_secret
247
+
248
+ CREATIO_LOGIN=YourLogin # legacy
249
+ CREATIO_PASSWORD=YourPassword
180
250
  ```
181
251
 
182
- **Note**: Currently uses in-memory storage for OAuth tokens. Tokens will be lost on server restart.
252
+ > **Precedence:** an explicit `CREATIO_MCP_AUTH_MODE` always wins. When unset, the mode is inferred:
253
+ > legacy (login+password) → client_credentials (id+secret) → delegated. `broker`, `delegated` and
254
+ > `gateway` require HTTP transport (stdio has no incoming web request to authenticate).
183
255
 
184
- **Important**: OAuth2 Authorization Code requires **Server Mode (`http`)**.
256
+ ---
185
257
 
186
- **Priority**: Authorization Code > Client Credentials > Legacy
258
+ ## Configuration
187
259
 
188
- ## MCP Client Authentication (HTTP Mode)
260
+ Grouped from essential to optional. **`CREATIO_BASE_URL` is the only always-required value** —
261
+ nothing works without it; the rest depend on the auth method and the features you enable.
189
262
 
190
- The server includes OAuth 2.1 Authorization Server for MCP clients (Claude Desktop, etc.). No additional setup required - clients authenticate automatically through standard OAuth flow.
263
+ ### Connection (required)
191
264
 
192
- ## Examples
265
+ | Variable | Description |
266
+ | ------------------ | -------------------------------------------------------------------- |
267
+ | `CREATIO_BASE_URL` | **Required.** Creatio instance URL (e.g. `https://your-creatio.com`) |
193
268
 
194
- ### Node.js (Legacy Auth)
269
+ ### Authentication (pick one method — see [Authentication](#authentication))
195
270
 
196
- ```bash
197
- export CREATIO_BASE_URL="https://your-creatio.com"
198
- export CREATIO_LOGIN="YourLogin"
199
- export CREATIO_PASSWORD="YourPassword"
200
- npm start
201
- ```
271
+ | Variable | Mode | Description |
272
+ | ------------------------------------ | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
273
+ | `CREATIO_MCP_AUTH_MODE` | any | `broker` \| `delegated` \| `gateway` \| `client_credentials` \| `legacy`. Unset ⇒ inferred (legacy → client_credentials → delegated) |
274
+ | `CREATIO_CLIENT_ID` | broker / M2M | Creatio OAuth app client id (the brokered app, or the M2M account) |
275
+ | `CREATIO_CLIENT_SECRET` | broker? / M2M | Required for client_credentials; optional for a confidential broker app (omit for public/PKCE) |
276
+ | `CREATIO_MCP_JWT_SECRET` | broker | Secret signing the tokens the MCP issues to clients. **Min 32 chars; required in production.** Random if unset outside prod (set a stable value for prod / multi-instance) |
277
+ | `CREATIO_MCP_ALLOWED_BASE_URLS` | gateway | _Optional_ — comma-separated allowlist of Creatio origins the `X-Creatio-Base-Url` override may target (SSRF guard). Unset ⇒ any http(s) host except cloud-metadata |
278
+ | `CREATIO_LOGIN` / `CREATIO_PASSWORD` | legacy | Username / password |
279
+ | `CREATIO_ID_BASE_URL` | any | _Optional_ — Identity Service URL; defaults to deriving from `CREATIO_BASE_URL` |
202
280
 
203
- ### Docker
281
+ ### Data & behavior (optional)
204
282
 
205
- The image supports both transports, selected by `MCP_TRANSPORT` (default `http`).
283
+ | Variable | Description |
284
+ | ----------------------------------- | ------------------------------------------------- |
285
+ | `CREATIO_MCP_CRUD_BACKEND` | CRUD data API: `dataservice` (default) or `odata` |
286
+ | `CREATIO_MCP_READONLY` | `true` disables create/update/delete operations |
287
+ | `CREATIO_MCP_DISABLE_DATAFORGE` | `true` skips the DataForge probe **and** tools |
288
+ | `CREATIO_MCP_DISABLE_GLOBAL_SEARCH` | `true` skips the Global Search probe **and** tool |
206
289
 
207
- **HTTP web service** (default — for remote/hosted/multi-client; required for the OAuth2
208
- authorization-code flow):
290
+ ### Transport & runtime (optional)
209
291
 
210
- ```bash
211
- docker run --rm -p 3000:3000 \
212
- -e CREATIO_BASE_URL="https://your-creatio.com" \
213
- -e CREATIO_LOGIN="YourLogin" \
214
- -e CREATIO_PASSWORD="YourPassword" \
215
- crackish/mcp-creatio
216
- ```
292
+ | Variable | Description |
293
+ | ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
294
+ | `CREATIO_MCP_TRANSPORT` | Docker only: `http` (default) or `stdio` |
295
+ | `CREATIO_MCP_PORT` | HTTP listen port (default `3000`; `PORT` also accepted) |
296
+ | `CREATIO_MCP_LOG_LEVEL` | Log verbosity: `silent` (default), `error`, `warn`, `info` |
297
+ | `CREATIO_MCP_KEEPALIVE_SECONDS` | _Optional_ — proactive session keep-alive interval (seconds) for `legacy` / `client_credentials`, to avoid first-call re-login latency after an idle period. **Defaults to `300` (5 min)**; set `0` to disable. Keep it below the Creatio idle-session timeout |
298
+ | `CREATIO_MCP_PUBLIC_URL` | _Optional_ — the deployment's public origin (e.g. `https://mcp.example.com`). Set it when behind a TLS-terminating proxy/ingress so the broker's issuer/audience, redirect URIs, and discovery metadata use the external URL (not the internal `http://host:port`). Defaults to the request origin |
217
299
 
218
- **stdio** (for a local client like Claude Desktop that spawns the process — note `-i`):
300
+ > **Disabling optional capabilities.** DataForge and Global Search are auto-detected at startup and
301
+ > registered only when supported. Set `CREATIO_MCP_DISABLE_DATAFORGE=true` /
302
+ > `CREATIO_MCP_DISABLE_GLOBAL_SEARCH=true` to skip the probe and the tools — useful to keep the tool
303
+ > surface small even when the capability exists.
219
304
 
220
- ```bash
221
- docker run -i --rm \
222
- -e MCP_TRANSPORT=stdio \
223
- -e CREATIO_BASE_URL="https://your-creatio.com" \
224
- -e CREATIO_LOGIN="YourLogin" \
225
- -e CREATIO_PASSWORD="YourPassword" \
226
- crackish/mcp-creatio
227
- ```
305
+ ---
306
+
307
+ ## CRUD backend
228
308
 
229
- ## Available Tools
309
+ CRUD tools (`read`, `create`, `update`, `delete`, `list-entities`, `describe-entity`) run on a
310
+ selectable data API, chosen once per deployment via `CREATIO_MCP_CRUD_BACKEND`:
311
+
312
+ - **`dataservice`** (default) — Creatio's native DataService.
313
+ - **`odata`** — Creatio OData v4. Also enables the OData-only `read` extras (raw `$filter`, `expand`).
314
+
315
+ Either way you query through the same tool surface: prefer the structured `filters` parameter — it
316
+ works unchanged on both backends.
317
+
318
+ ---
319
+
320
+ ## Tools
230
321
 
231
322
  | Tool | Description |
232
323
  | -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -249,22 +340,22 @@ docker run -i --rm \
249
340
  | `delete-admin-operation-grantee` | Remove specific grant rows by Id. Prefer `set-admin-operation-grantee` to flip allow ↔ deny |
250
341
  | `call-configuration-service` | Escape hatch: invoke any configuration-package REST service method by name. Use only when no dedicated tool covers the operation |
251
342
 
252
- > **Note**: Previously documented `search`/`fetch` helper tools (for a specific connector workflow) have been removed as they are no longer required.
253
-
254
343
  ### Querying data with `read`
255
344
 
256
345
  Ask for exactly the data you need — the AI doesn't have to know OData:
257
346
 
258
- - **Filter any way** — equals / not-equals, ranges (`>`, `>=`, `<`, `<=`), text match (`contains`, `starts/ends with`), `AND` / `OR` groups, and "in this list".
259
- - **Filter by related records naturally** — by name (`Contact/Name = "Andrew Baker"`) or by id; lookups just work, no special syntax to remember.
260
- - **Sort** by any column, ascending or descending.
261
- - **Paginate** with page size + offset, so large datasets come back in clean pages.
262
- - **Count** get the total number of matches in one call (e.g. "how many open cases does this account have?"), with or without the rows.
263
- - **Pull in related data** in a single request (e.g. an order together with its account and contact).
347
+ - **Filter any way** — equals / not-equals, ranges, text match (`contains`, `starts/ends with`),
348
+ `AND` / `OR` groups, and "in this list".
349
+ - **Filter by related records naturally** by name (`Contact/Name = "Andrew Baker"`) or by id.
350
+ - **Sort**, **paginate** (page size + offset), and **count** matches in one call.
351
+ - **Pull in related data** in a single request (e.g. an order with its account and contact).
264
352
 
265
353
  ### DataForge tools (registered only when DataForge is enabled)
266
354
 
267
- DataForge is Creatio's AI-oriented semantic layer over the data model. These tools are **probed once at startup** and registered **only when the environment has DataForge configured** (a non-empty `DataForgeServiceUrl` system setting). When DataForge is absent the tools are not exposed at all, and `describe-entity` silently uses OData metadata — no wasted remote calls.
355
+ DataForge is Creatio's AI-oriented semantic layer over the data model. These tools are **probed once**
356
+ and registered **only when the environment has DataForge configured** (a non-empty
357
+ `DataForgeServiceUrl` system setting). When DataForge is absent the tools are not exposed, and
358
+ `describe-entity` silently uses OData metadata.
268
359
 
269
360
  | Tool | Description |
270
361
  | ------------------------------- | ------------------------------------------------------------------------------------------------- |
@@ -274,18 +365,51 @@ DataForge is Creatio's AI-oriented semantic layer over the data model. These too
274
365
  | `dataforge-lookup-values` | Fuzzy/semantic search for lookup values (resolve a phrase to the right lookup record Id) |
275
366
  | `dataforge-status` | Report whether DataForge is online and whether the data model / lookups are synced |
276
367
 
277
- **Discovery → confirm → act:** use `dataforge-similar-tables` to find the right entity, then `describe-entity` for the authoritative field list, then `read`/`create`.
368
+ **Discovery → confirm → act:** use `dataforge-similar-tables` to find the right entity, then
369
+ `describe-entity` for the authoritative field list, then `read`/`create`.
278
370
 
279
- **Enabling DataForge** requires (on the Creatio side): the `DataForgeServiceUrl` system setting plus IdentityServer settings (`IdentityServerUrl`, `IdentityServerClientId`/`Secret`), the `DataForge*` feature toggles, and the `CanReadDataStructureColumnDetails` operation granted to the MCP user. Restart the app pool (or run the `DataStructureTransferFromCreatio` / `LookupsTransferFromCreatio` processes) to sync the model.
371
+ **Enabling DataForge** (Creatio side): the `DataForgeServiceUrl` system setting plus IdentityServer
372
+ settings (`IdentityServerUrl`, `IdentityServerClientId`/`Secret`), the `DataForge*` feature toggles,
373
+ and the `CanReadDataStructureColumnDetails` operation granted to the MCP user. Restart the app pool
374
+ (or run `DataStructureTransferFromCreatio` / `LookupsTransferFromCreatio`) to sync the model.
280
375
 
281
376
  ### Global Search tool (registered only when Global Search is enabled)
282
377
 
283
- Global Search is Creatio's cross-entity, Elasticsearch-backed record search — the engine behind the UI search box. The tool is **probed once at startup** and registered **only when the environment has Global Search configured** (a non-empty `GlobalSearchUrl` system setting).
378
+ Global Search is Creatio's cross-entity, Elasticsearch-backed record search — the engine behind the
379
+ UI search box. Probed once, registered only when `GlobalSearchUrl` is configured.
284
380
 
285
- | Tool | Description |
286
- | --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
287
- | `global-search` | Full-text search across all indexed entities (like the UI search). Input: `query`, optional `entities[]`/`limit`/`from`. Returns matched records with `entityName`, `id`, `columnValues`, highlighted `foundColumns`, plus `total`/`nextFrom` |
381
+ | Tool | Description |
382
+ | --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
383
+ | `global-search` | Full-text search across all indexed entities. Input: `query`, optional `entities[]`/`limit`/`from`. Returns matched records with `entityName`, `id`, `columnValues`, `total`/`nextFrom` |
288
384
 
289
- Differs from `read`: `read` needs an exact entity + OData filter; `global-search` is fuzzy and cross-entity — use it to locate a record when you don't know the entity. Calls `GlobalSearchService.Search`.
385
+ Differs from `read`: `read` needs an exact entity + filter; `global-search` is fuzzy and
386
+ cross-entity — use it to locate a record when you don't know the entity.
290
387
 
291
- **Enabling Global Search** requires the `GlobalSearchUrl` (+ `GlobalSearchConfigServiceUrl`, `GlobalSearchIndexingApiUrl`) system settings and the `GlobalSearch` / `GlobalSearch_V2` feature toggles, with the section index built (Elasticsearch reachable).
388
+ **Enabling Global Search** requires the `GlobalSearchUrl` (+ `GlobalSearchConfigServiceUrl`,
389
+ `GlobalSearchIndexingApiUrl`) system settings and the `GlobalSearch` / `GlobalSearch_V2` feature
390
+ toggles, with the section index built (Elasticsearch reachable).
391
+
392
+ ---
393
+
394
+ ## Docker
395
+
396
+ The image supports both transports, selected by `CREATIO_MCP_TRANSPORT` (default `http`).
397
+
398
+ **HTTP** (remote / hosted / multi-client — defaults to delegated Bearer auth):
399
+
400
+ ```bash
401
+ docker run --rm -p 3000:3000 \
402
+ -e CREATIO_BASE_URL="https://your-creatio.com" \
403
+ -e CREATIO_MCP_AUTH_MODE=delegated \
404
+ crackish/mcp-creatio
405
+ ```
406
+
407
+ **stdio** (local client that spawns the process — note `-i`; use client-credentials or legacy auth):
408
+
409
+ ```bash
410
+ docker run -i --rm \
411
+ -e CREATIO_MCP_TRANSPORT=stdio \
412
+ -e CREATIO_BASE_URL="https://your-creatio.com" \
413
+ -e CREATIO_LOGIN="YourLogin" -e CREATIO_PASSWORD="YourPassword" \
414
+ crackish/mcp-creatio
415
+ ```
package/dist/cli.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAUA,KAAK,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAMzC,wBAAgB,SAAS,IAAI,IAAI,CAwBhC;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAoCpD;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAIlE;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,CASlD"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAUA,KAAK,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAOzC,wBAAgB,SAAS,IAAI,IAAI,CAwBhC;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAoCpD;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAIlE;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,CASlD"}
package/dist/cli.js CHANGED
@@ -83,13 +83,16 @@ function applyCliEnv(opts) {
83
83
  setEnvIfDefined('CREATIO_CLIENT_ID', opts['client-id']);
84
84
  setEnvIfDefined('CREATIO_CLIENT_SECRET', opts['client-secret']);
85
85
  setEnvIfDefined('CREATIO_ID_BASE_URL', opts['id-base-url']);
86
- setEnvIfDefined('READONLY_MODE', opts.readonly);
87
- setEnvIfDefined('MCP_CREATIO_LOG_LEVEL', opts['log-level']);
86
+ setEnvIfDefined('CREATIO_MCP_READONLY', opts.readonly);
87
+ setEnvIfDefined('CREATIO_MCP_LOG_LEVEL', opts['log-level']);
88
88
  }
89
89
  async function startStdio(server) {
90
- const mcp = await server.startMcp();
90
+ const mcp = server.createSessionServer();
91
91
  const transport = new stdio_js_1.StdioServerTransport();
92
92
  await mcp.connect(transport);
93
+ // stdio uses a single-user provider (legacy/client_credentials) that carries its own
94
+ // credentials, so the probe needs no request context here.
95
+ server.ensureCapabilitiesProbed();
93
96
  log_1.default.info('stdio.server.start');
94
97
  }
95
98
  let shuttingDown = false;
@@ -100,7 +103,8 @@ async function shutdown(signal, state) {
100
103
  shuttingDown = true;
101
104
  log_1.default.appStop({ reason: signal || 'shutdown' });
102
105
  try {
103
- await state.server?.stopMcp();
106
+ state.keepAlive?.stop();
107
+ await state.server?.stopAll();
104
108
  }
105
109
  catch (err) {
106
110
  log_1.default.error('shutdown.error', { error: String(err) });
@@ -113,20 +117,33 @@ async function main() {
113
117
  return;
114
118
  }
115
119
  log_1.default.useStderrOnlyLogs();
120
+ (0, server_1.installHttpAgent)();
116
121
  applyCliEnv(opts);
117
122
  const cfg = (0, config_builder_1.getCreatioClientConfig)();
118
- if (cfg.auth.kind === creatio_1.AuthProviderType.OAuth2Code) {
119
- throw new Error('oauth2_code_requires_http_server: use "npm start" (HTTP /mcp mode) for OAuth2 authorization-code flow');
123
+ // stdio is a single-process, single-user transport. The multi-user HTTP auth modes
124
+ // (delegated/gateway/broker) have no incoming web request to authenticate here.
125
+ if (cfg.auth.kind === creatio_1.AuthProviderType.OAuth2Bearer ||
126
+ cfg.auth.kind === creatio_1.AuthProviderType.Broker) {
127
+ throw new Error(`auth_mode_requires_http_server: CREATIO_MCP_AUTH_MODE=${cfg.auth.kind === creatio_1.AuthProviderType.Broker ? 'broker' : 'delegated/gateway'} needs the HTTP /mcp server — use "npm start". stdio supports client-credentials or legacy auth.`);
120
128
  }
121
129
  const provider = new creatio_1.CreatioServiceContext(cfg);
122
- const readonlyMode = (0, utils_1.envBool)('READONLY_MODE', false);
130
+ const readonlyMode = (0, utils_1.envBool)('CREATIO_MCP_READONLY', false);
123
131
  const engines = new creatio_1.CreatioEngineManager(provider, { readonly: readonlyMode });
124
132
  const server = new server_1.Server(engines, {
125
133
  readonlyMode,
126
- disableDataForge: (0, utils_1.envBool)('DISABLE_DATAFORGE', false),
127
- disableGlobalSearch: (0, utils_1.envBool)('DISABLE_GLOBAL_SEARCH', false),
134
+ disableDataForge: (0, utils_1.envBool)('CREATIO_MCP_DISABLE_DATAFORGE', false),
135
+ disableGlobalSearch: (0, utils_1.envBool)('CREATIO_MCP_DISABLE_GLOBAL_SEARCH', false),
128
136
  });
129
- const state = { server };
137
+ // Proactive keep-alive applies only to the single-session modes (legacy / client_credentials),
138
+ // which is exactly what stdio runs; it is opt-in via CREATIO_MCP_KEEPALIVE_SECONDS.
139
+ const keepAlive = new server_1.SessionKeepAlive((0, server_1.keepAliveIntervalMs)(), async () => {
140
+ await engines.user.getCurrentUserInfo();
141
+ // Reuse the periodic ping to also refresh the schema-freshness snapshot, so it isn't a
142
+ // wasted round-trip — the next schema read starts from a warm, validated cache.
143
+ await engines.warmSchemaCache();
144
+ });
145
+ keepAlive.start();
146
+ const state = { server, keepAlive };
130
147
  process.on('SIGINT', () => {
131
148
  void shutdown('SIGINT', state).finally(() => process.exit(0));
132
149
  });