mcp-multi-jira 0.1.0

package/dist/cli.js

@@ -0,0 +1,576 @@
+#!/usr/bin/env node
+import { existsSync } from "node:fs";
+import { confirm, select } from "@inquirer/prompts";
+import { Command } from "commander";
+import { runInstaller } from "./agents/install.js";
+import { plainTokenFilePath, tokenFilePath } from "./config/paths.js";
+import { loadConfig, removeAccount, setAccount, setTokenStore, } from "./config/store.js";
+import { RemoteSession } from "./mcp/remote-session.js";
+import { startLocalServer } from "./mcp/server.js";
+import { SessionManager } from "./mcp/session-manager.js";
+import { DEFAULT_SCOPES, getStaticClientInfoFromEnv, loginWithDynamicOAuth, } from "./oauth/atlassian.js";
+import { createTokenStore, getAuthStatusForAlias, } from "./security/token-store.js";
+import { info, setLogTarget, warn } from "./utils/log.js";
+import { PACKAGE_VERSION } from "./version.js";
+const SCOPE_SPLIT_RE = /[ ,]+/;
+const RESOURCE_ARRAY_KEYS = [
+    "resources",
+    "values",
+    "items",
+    "sites",
+    "data",
+];
+function parseScopes(scopes) {
+    if (!scopes) {
+        return DEFAULT_SCOPES;
+    }
+    return scopes
+        .split(SCOPE_SPLIT_RE)
+        .map((scope) => scope.trim())
+        .filter(Boolean);
+}
+function resolveScopes(scopes) {
+    return parseScopes(scopes || process.env.MCP_JIRA_SCOPES);
+}
+function normalizeTokenStore(value) {
+    if (!value) {
+        return null;
+    }
+    const normalized = value.toLowerCase();
+    if (normalized === "encrypted" ||
+        normalized === "plain" ||
+        normalized === "keychain") {
+        return normalized;
+    }
+    return null;
+}
+function resolveTokenStoreFromConfig(config) {
+    const envStore = normalizeTokenStore(process.env.MCP_JIRA_TOKEN_STORE);
+    if (envStore) {
+        return envStore;
+    }
+    const envUseKeychain = process.env.MCP_JIRA_USE_KEYCHAIN === "1" ||
+        process.env.MCP_JIRA_USE_KEYCHAIN === "true";
+    if (envUseKeychain) {
+        return "keychain";
+    }
+    if (config.tokenStore) {
+        return config.tokenStore;
+    }
+    const plainExists = existsSync(plainTokenFilePath());
+    const encryptedExists = existsSync(tokenFilePath());
+    if (plainExists && !encryptedExists) {
+        return "plain";
+    }
+    if (encryptedExists && !plainExists) {
+        return "encrypted";
+    }
+    if (plainExists && encryptedExists) {
+        return "plain";
+    }
+    return "plain";
+}
+function describeTokenStore(store) {
+    if (store === "encrypted") {
+        return "encrypted file";
+    }
+    if (store === "plain") {
+        return "plaintext file";
+    }
+    return "keychain";
+}
+async function migrateTokenStore(options) {
+    const fromStore = await createTokenStore({ store: options.from });
+    const toStore = await createTokenStore({ store: options.to });
+    let migrated = 0;
+    let alreadyPresent = 0;
+    let missing = 0;
+    for (const alias of options.aliases) {
+        const tokens = await fromStore.get(alias);
+        if (!tokens) {
+            const existing = await toStore.get(alias);
+            if (existing) {
+                alreadyPresent += 1;
+            }
+            else {
+                missing += 1;
+            }
+            continue;
+        }
+        await toStore.set(alias, tokens);
+        await fromStore.remove(alias);
+        migrated += 1;
+    }
+    return { migrated, alreadyPresent, missing };
+}
+function formatAccounts(accounts, statusMap) {
+    if (accounts.length === 0) {
+        return "No accounts configured.";
+    }
+    const headers = ["Alias", "Site", "User", "Auth"];
+    const rows = accounts.map((account) => [
+        account.alias,
+        account.site,
+        account.user ?? "",
+        statusMap.get(account.alias) ?? "unknown",
+    ]);
+    const widths = headers.map((header, index) => Math.max(header.length, ...rows.map((row) => row[index].length)));
+    const formatRow = (row) => row
+        .map((cell, index) => cell.padEnd(widths[index]))
+        .join("  ")
+        .trimEnd();
+    return [
+        formatRow(headers),
+        formatRow(widths.map((w) => "-".repeat(w))),
+        ...rows.map(formatRow),
+    ].join("\n");
+}
+function formatAuthStatus(status) {
+    switch (status.status) {
+        case "ok":
+            return "ok";
+        case "missing":
+            return "needs login";
+        case "expired":
+            return "expired";
+        case "locked":
+            return "locked";
+        default:
+            return "unknown";
+    }
+}
+function isRecord(value) {
+    return Boolean(value) && typeof value === "object";
+}
+function extractStructuredContent(result) {
+    if ("structuredContent" in result && result.structuredContent) {
+        return result.structuredContent;
+    }
+    return null;
+}
+function extractToolResult(result) {
+    if ("toolResult" in result) {
+        return result.toolResult;
+    }
+    return null;
+}
+function extractTextItems(result) {
+    const raw = result.content;
+    if (!Array.isArray(raw)) {
+        return [];
+    }
+    const items = [];
+    for (const entry of raw) {
+        if (!isRecord(entry)) {
+            continue;
+        }
+        const type = typeof entry.type === "string" ? entry.type : "";
+        const text = typeof entry.text === "string" ? entry.text : "";
+        if (type === "text" && text) {
+            items.push({ type, text });
+        }
+    }
+    return items;
+}
+function parseJsonPayload(text) {
+    const trimmed = text.trim();
+    if (!(trimmed.startsWith("{") || trimmed.startsWith("["))) {
+        return null;
+    }
+    try {
+        return JSON.parse(trimmed);
+    }
+    catch {
+        return null;
+    }
+}
+function extractStructuredResult(result) {
+    if (!isRecord(result)) {
+        return null;
+    }
+    const structured = extractStructuredContent(result);
+    if (structured) {
+        return structured;
+    }
+    const toolResult = extractToolResult(result);
+    if (toolResult) {
+        return toolResult;
+    }
+    for (const item of extractTextItems(result)) {
+        const parsed = parseJsonPayload(item.text);
+        if (parsed !== null) {
+            return parsed;
+        }
+    }
+    return null;
+}
+function pickResourceArray(payload) {
+    if (Array.isArray(payload)) {
+        return payload;
+    }
+    if (!isRecord(payload)) {
+        return null;
+    }
+    for (const key of RESOURCE_ARRAY_KEYS) {
+        const value = payload[key];
+        if (Array.isArray(value)) {
+            return value;
+        }
+    }
+    return null;
+}
+function toStringValue(value) {
+    if (typeof value === "string") {
+        return value;
+    }
+    if (typeof value === "number" || typeof value === "boolean") {
+        return String(value);
+    }
+    return null;
+}
+function normalizeResource(raw) {
+    if (!isRecord(raw)) {
+        return null;
+    }
+    const cloudId = toStringValue(raw.id) ??
+        toStringValue(raw.cloudId) ??
+        toStringValue(raw.cloud_id) ??
+        toStringValue(raw.resourceId) ??
+        toStringValue(raw.resource_id);
+    const url = toStringValue(raw.url) ??
+        toStringValue(raw.baseUrl) ??
+        toStringValue(raw.base_url) ??
+        toStringValue(raw.siteUrl);
+    const name = toStringValue(raw.name) ??
+        toStringValue(raw.label) ??
+        toStringValue(raw.displayName);
+    if (!(cloudId && url)) {
+        return null;
+    }
+    return {
+        id: cloudId,
+        url,
+        name: name ?? url,
+    };
+}
+function dedupeResources(resources) {
+    const unique = new Map();
+    for (const item of resources) {
+        const key = `${item.id}|${item.url}`;
+        if (!unique.has(key)) {
+            unique.set(key, item);
+        }
+    }
+    return Array.from(unique.values());
+}
+function toolNameSet(tools) {
+    return new Set(tools.map((tool) => tool.name));
+}
+async function fetchAccessibleResources(session, toolNames) {
+    if (!toolNames.has("getAccessibleAtlassianResources")) {
+        warn("MCP tool getAccessibleAtlassianResources not available. Storing account without site metadata.");
+        return [];
+    }
+    const result = await session.callTool("getAccessibleAtlassianResources", {});
+    const payload = extractStructuredResult(result);
+    const resources = pickResourceArray(payload) ?? [];
+    const normalized = resources
+        .map(normalizeResource)
+        .filter((item) => Boolean(item));
+    return dedupeResources(normalized);
+}
+async function selectResource(resources) {
+    if (resources.length === 0) {
+        return null;
+    }
+    if (resources.length === 1) {
+        return resources[0];
+    }
+    const selected = await select({
+        message: "Select the Jira site to link:",
+        choices: resources.map((item) => ({
+            name: `${item.name} (${item.url})`,
+            value: item.id,
+        })),
+    });
+    return resources.find((item) => item.id === selected) ?? resources[0];
+}
+function extractUserEmail(payload) {
+    if (!isRecord(payload)) {
+        return;
+    }
+    return (toStringValue(payload.email) ??
+        toStringValue(payload.emailAddress) ??
+        toStringValue(payload.userEmail) ??
+        toStringValue(payload.username) ??
+        undefined);
+}
+async function fetchUserEmail(session, toolNames) {
+    if (!toolNames.has("atlassianUserInfo")) {
+        return;
+    }
+    try {
+        const result = await session.callTool("atlassianUserInfo", {});
+        const payload = extractStructuredResult(result);
+        return extractUserEmail(payload);
+    }
+    catch {
+        return;
+    }
+}
+async function handleLogin(alias, options) {
+    const config = await loadConfig();
+    if (config.accounts[alias]) {
+        const overwrite = await confirm({
+            message: `Account alias "${alias}" already exists. Re-authenticate and overwrite?`,
+            default: false,
+        });
+        if (!overwrite) {
+            info("Login cancelled.");
+            return;
+        }
+    }
+    const scopes = resolveScopes(options.scopes);
+    const tokenStoreKind = resolveTokenStoreFromConfig(config);
+    const tokenStore = await createTokenStore({
+        store: tokenStoreKind,
+    });
+    const staticClientInfo = getStaticClientInfoFromEnv(options);
+    await loginWithDynamicOAuth({
+        alias,
+        tokenStore,
+        scopes,
+        staticClientInfo,
+    });
+    const tokens = await tokenStore.get(alias);
+    if (!tokens) {
+        throw new Error("Login failed: no tokens stored.");
+    }
+    const tempAccount = {
+        alias,
+        site: "",
+        cloudId: "",
+    };
+    const session = new RemoteSession(tempAccount, tokenStore, scopes, staticClientInfo);
+    let resource = null;
+    let user;
+    try {
+        const tools = await session.listTools();
+        const toolNames = toolNameSet(tools);
+        const resources = await fetchAccessibleResources(session, toolNames);
+        if (resources.length === 0) {
+            warn("No accessible Jira resources found via MCP.");
+        }
+        resource = await selectResource(resources);
+        user = await fetchUserEmail(session, toolNames);
+    }
+    finally {
+        await session.close();
+    }
+    const account = {
+        alias,
+        site: resource?.url ?? "unknown",
+        cloudId: resource?.id ?? "unknown",
+        user,
+        default: options.default ?? Object.keys(config.accounts).length === 0,
+    };
+    await setAccount(account);
+    info(`Account "${alias}" connected to ${account.site}.`);
+}
+async function handleListAccounts() {
+    const config = await loadConfig();
+    const accounts = Object.values(config.accounts);
+    if (accounts.length === 0) {
+        info(formatAccounts(accounts, new Map()));
+        return;
+    }
+    const storeKind = resolveTokenStoreFromConfig(config);
+    const tokenStore = await createTokenStore({ store: storeKind });
+    const statusMap = new Map();
+    for (const account of accounts) {
+        try {
+            const status = await getAuthStatusForAlias({
+                alias: account.alias,
+                tokenStore,
+                storeKind,
+                allowPrompt: process.stdin.isTTY,
+            });
+            statusMap.set(account.alias, formatAuthStatus(status));
+        }
+        catch (err) {
+            statusMap.set(account.alias, "unknown");
+            warn(`Failed to resolve auth status for ${account.alias}: ${String(err)}`);
+        }
+    }
+    info(formatAccounts(accounts, statusMap));
+}
+async function handleRemove(alias) {
+    const config = await loadConfig();
+    if (!config.accounts[alias]) {
+        warn(`No account found for alias "${alias}".`);
+        return;
+    }
+    const confirmed = await confirm({
+        message: `Remove account "${alias}" and delete stored tokens?`,
+        default: false,
+    });
+    if (!confirmed) {
+        info("Remove cancelled.");
+        return;
+    }
+    const tokenStore = await createTokenStore({
+        store: resolveTokenStoreFromConfig(config),
+    });
+    await tokenStore.remove(alias);
+    await removeAccount(alias);
+    info(`Removed account "${alias}".`);
+}
+async function handleServe(options) {
+    setLogTarget("stderr");
+    const config = await loadConfig();
+    const scopes = resolveScopes(options.scopes);
+    const tokenStoreKind = resolveTokenStoreFromConfig(config);
+    const tokenStore = await createTokenStore({
+        store: tokenStoreKind,
+    });
+    const manager = new SessionManager(tokenStore, scopes, getStaticClientInfoFromEnv(options), tokenStoreKind);
+    await manager.loadAll();
+    if (manager.listAccounts().length === 0) {
+        warn("No accounts configured. Run `mcp-multi-jira login <alias>` first.");
+        return;
+    }
+    await manager.connectAll();
+    await startLocalServer(manager, PACKAGE_VERSION);
+}
+function warnTokenStoreOverride(config) {
+    const envOverride = normalizeTokenStore(process.env.MCP_JIRA_TOKEN_STORE);
+    if (envOverride && envOverride !== config.tokenStore) {
+        warn(`MCP_JIRA_TOKEN_STORE is set to ${envOverride}. This overrides the configured default (${config.tokenStore ?? "plain"}).`);
+    }
+}
+async function showTokenStoreStatus() {
+    const config = await loadConfig();
+    warnTokenStoreOverride(config);
+    const effective = resolveTokenStoreFromConfig(config);
+    info(`Current token store: ${effective}.`);
+    info("Available token stores: encrypted, plain, keychain.");
+    info("Set with: mcp-multi-jira token-store <store>");
+}
+async function migrateTokenStoreIfConfirmed(fromStore, toStore, aliases) {
+    if (aliases.length === 0) {
+        return false;
+    }
+    if (!process.stdin.isTTY) {
+        warn("Accounts exist but no TTY available to prompt for migration. Tokens will remain in the previous store.");
+        return false;
+    }
+    const shouldMigrate = await confirm({
+        message: `Migrate ${aliases.length} account token(s) from ${describeTokenStore(fromStore)} to ${describeTokenStore(toStore)}? This will move tokens to the new backend.`,
+        default: true,
+    });
+    if (!shouldMigrate) {
+        return false;
+    }
+    const result = await migrateTokenStore({
+        from: fromStore,
+        to: toStore,
+        aliases,
+    });
+    info(`Migrated ${result.migrated} account(s) to ${toStore}.`);
+    if (result.alreadyPresent > 0) {
+        info(`${result.alreadyPresent} account(s) already had tokens in ${toStore}.`);
+    }
+    if (result.missing > 0) {
+        warn(`${result.missing} account(s) had no tokens in the previous store.`);
+    }
+    return true;
+}
+async function setTokenStoreWithMigration(store) {
+    const config = await loadConfig();
+    warnTokenStoreOverride(config);
+    const currentStore = config.tokenStore ?? "plain";
+    if (currentStore === store) {
+        info(`Token store already set to ${store}.`);
+        return;
+    }
+    const aliases = Object.keys(config.accounts);
+    const migrated = await migrateTokenStoreIfConfirmed(currentStore, store, aliases);
+    await setTokenStore(store);
+    info(`Default token store set to ${store}.`);
+    if (!migrated && aliases.length > 0) {
+        warn("Tokens remain in the previous store. Run the token-store command again to migrate, or re-login.");
+    }
+}
+async function handleTokenStore(storeValue) {
+    if (!storeValue) {
+        await showTokenStoreStatus();
+        return;
+    }
+    const normalized = normalizeTokenStore(storeValue);
+    if (!normalized) {
+        throw new Error("Invalid token store. Use one of: encrypted, plain, keychain.");
+    }
+    await setTokenStoreWithMigration(normalized);
+}
+async function main() {
+    const program = new Command();
+    program
+        .name("mcp-multi-jira")
+        .description("Multi-account Jira MCP server and CLI")
+        .version(PACKAGE_VERSION)
+        .option("--client-id <clientId>", "Atlassian OAuth client ID")
+        .option("--client-secret <clientSecret>", "Atlassian OAuth client secret")
+        .option("--scopes <scopes>", "OAuth scopes (space or comma separated)");
+    program
+        .command("login")
+        .argument("<alias>", "Account alias to store")
+        .option("--default", "Mark this account as default")
+        .action(async (alias, options) => {
+        const opts = program.opts();
+        await handleLogin(alias, { ...opts, ...options });
+    });
+    program
+        .command("list")
+        .description("List configured Jira accounts")
+        .action(handleListAccounts);
+    program
+        .command("remove")
+        .argument("<alias>", "Account alias to remove")
+        .description("Remove a Jira account and delete stored tokens")
+        .action(async (alias) => {
+        await handleRemove(alias);
+    });
+    program
+        .command("serve")
+        .description("Start the local MCP server")
+        .action(async (options) => {
+        const opts = program.opts();
+        await handleServe({ ...opts, ...options });
+    });
+    program
+        .command("token-store")
+        .argument("[store]", "Token store backend (encrypted|plain|keychain)")
+        .description("Set the default token storage backend")
+        .action(async (store) => {
+        await handleTokenStore(store);
+    });
+    program
+        .command("install")
+        .description("Install MCP configuration into supported agents")
+        .action(async () => {
+        const config = await loadConfig();
+        await runInstaller({
+            tokenStore: normalizeTokenStore(process.env.MCP_JIRA_TOKEN_STORE) ??
+                config.tokenStore,
+        });
+    });
+    if (process.argv.length <= 2) {
+        program.outputHelp();
+        return;
+    }
+    await program.parseAsync(process.argv);
+}
+main().catch((err) => {
+    console.error(err instanceof Error ? err.message : err);
+    process.exitCode = 1;
+});

package/dist/config/paths.js

@@ -0,0 +1,14 @@
+import os from "node:os";
+import path from "node:path";
+export function configDir() {
+    return path.join(os.homedir(), ".mcp-jira");
+}
+export function configFilePath() {
+    return path.join(configDir(), "config.json");
+}
+export function tokenFilePath() {
+    return path.join(configDir(), "tokens.enc.json");
+}
+export function plainTokenFilePath() {
+    return path.join(configDir(), "tokens.json");
+}

package/dist/config/store.js

@@ -0,0 +1,54 @@
+import { promises as fs } from "node:fs";
+import { atomicWrite, ensureDir } from "../utils/fs.js";
+import { configDir, configFilePath } from "./paths.js";
+const emptyConfig = { accounts: {} };
+export async function loadConfig() {
+    const filePath = configFilePath();
+    try {
+        const raw = await fs.readFile(filePath, "utf8");
+        const parsed = JSON.parse(raw);
+        if (!parsed.accounts) {
+            return { ...emptyConfig };
+        }
+        return parsed;
+    }
+    catch (err) {
+        if (err.code === "ENOENT") {
+            return { ...emptyConfig };
+        }
+        throw err;
+    }
+}
+export async function saveConfig(config) {
+    await ensureDir(configDir());
+    await atomicWrite(configFilePath(), JSON.stringify(config, null, 2));
+}
+export async function setAccount(account) {
+    const config = await loadConfig();
+    config.accounts[account.alias] = account;
+    await saveConfig(config);
+}
+export async function removeAccount(alias) {
+    const config = await loadConfig();
+    if (config.accounts[alias]) {
+        delete config.accounts[alias];
+        await saveConfig(config);
+    }
+}
+export async function getAccount(alias) {
+    const config = await loadConfig();
+    return config.accounts[alias] ?? null;
+}
+export async function listAccounts() {
+    const config = await loadConfig();
+    return Object.values(config.accounts);
+}
+export async function getTokenStore() {
+    const config = await loadConfig();
+    return config.tokenStore ?? null;
+}
+export async function setTokenStore(tokenStore) {
+    const config = await loadConfig();
+    config.tokenStore = tokenStore;
+    await saveConfig(config);
+}

package/dist/mcp/mock.js

@@ -0,0 +1,63 @@
+const account = {
+    alias: "mock",
+    site: "mock://jira",
+    cloudId: "mock",
+};
+const tools = [
+    {
+        name: "mockEcho",
+        description: "Echoes arguments back as JSON.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                cloudId: { type: "string" },
+                jql: { type: "string" },
+            },
+            required: ["cloudId", "jql"],
+        },
+    },
+    {
+        name: "mockSecondTool",
+        description: "Second tool for pass-through tests.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                cloudId: { type: "string" },
+                query: { type: "string" },
+            },
+            required: ["cloudId", "query"],
+        },
+    },
+];
+const session = {
+    async listTools() {
+        return tools;
+    },
+    async callTool(_name, args) {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify(args),
+                },
+            ],
+            structuredContent: args,
+        };
+    },
+};
+export function createMockSessionManager() {
+    return {
+        listAccounts() {
+            return [account];
+        },
+        getSession(alias) {
+            if (alias === account.alias) {
+                return session;
+            }
+            return null;
+        },
+        async getAccountAuthStatus() {
+            return { status: "ok" };
+        },
+    };
+}