portkey-admin-mcp 0.3.1 → 0.3.3

package/README.md

@@ -15,6 +15,8 @@ MCP server for the [Portkey](https://portkey.ai/) Admin API. Manage prompts, con
 <a href="https://github.com/s-b-e-n-s-o-n/portkey-admin-mcp/actions/workflows/ci.yml"><img src="https://github.com/s-b-e-n-s-o-n/portkey-admin-mcp/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
 <a href="https://nodejs.org/"><img src="https://img.shields.io/badge/node-%3E%3D20-brightgreen.svg" alt="Node.js"></a>
 <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+<a href="https://github.com/punkpeye/awesome-mcp-servers"><img src="https://awesome.re/mentioned-badge.svg" alt="Mentioned in Awesome MCP Servers"></a>
+<a href="https://lobehub.com/mcp/s-b-e-n-s-o-n-portkey-admin-mcp"><img src="https://lobehub.com/badge/mcp/s-b-e-n-s-o-n-portkey-admin-mcp?style=flat" alt="LobeHub MCP"></a>
 
 <a href="https://glama.ai/mcp/servers/s-b-e-n-s-o-n/portkey-admin-mcp"><img src="https://glama.ai/mcp/servers/s-b-e-n-s-o-n/portkey-admin-mcp/badges/card.svg" alt="portkey-admin-mcp MCP server"></a>
 
@@ -22,6 +24,9 @@ MCP server for the [Portkey](https://portkey.ai/) Admin API. Manage prompts, con
 
 ---
 
+> [!IMPORTANT]
+> **Maintenance mode.** Portkey was acquired by **Palo Alto Networks** (completed 2026‑05‑29) and is being folded into the Prisma AIRS platform. The Portkey Admin API this server targets is **live and unchanged as of June 2026**, and this project still works end‑to‑end — but it is now in **maintenance mode**: security and dependency patches only, no new features, pending Palo Alto's post‑acquisition API roadmap. If the hosted Admin API is ever deprecated, point `PORTKEY_BASE_URL` at a self‑hosted [Portkey gateway](https://github.com/Portkey-AI/gateway). See [docs/audit-2026-06.md](./docs/audit-2026-06.md) for the full assessment.
+
 ## Quick Start
 
 You need a **Portkey API key** with appropriate scopes. Get one from your [Portkey dashboard](https://app.portkey.ai/) under API Keys.
@@ -175,6 +180,8 @@ For local-only HTTP use, leave `MCP_HOST` at its default `127.0.0.1`. Set `MCP_H
 | Variable | Default | Description |
 |----------|---------|-------------|
 | `PORTKEY_API_KEY` | (required) | Your Portkey API key |
+| `PORTKEY_BASE_URL` | `https://api.portkey.ai/v1` | Portkey Admin API base URL. Point at a self-hosted Portkey gateway if needed. Loopback/private-network hosts are rejected unless `PORTKEY_ALLOW_PRIVATE_BASE_URL=true` |
+| `PORTKEY_ALLOW_PRIVATE_BASE_URL` | — | Set to `true` to allow a `PORTKEY_BASE_URL` on loopback or a private network (e.g. a self-hosted gateway at `http://localhost:8787`) |
 | `PORTKEY_TOOL_DOMAINS` | — | Optional comma-separated stdio/HTTP default tool subset, e.g. `prompts,analytics` |
 | `MCP_HOST` | `127.0.0.1` | Bind address |
 | `MCP_PORT` | `3000` | Port |
@@ -188,7 +195,7 @@ For local-only HTTP use, leave `MCP_HOST` at its default `127.0.0.1`. Set `MCP_H
 | `MCP_REDIS_URL` | — | Redis URL for shared event store |
 | `MCP_TLS_KEY_PATH` | — | TLS key for native HTTPS |
 | `MCP_TLS_CERT_PATH` | — | TLS cert for native HTTPS |
-| `ALLOWED_ORIGINS` | — | CORS allow-list |
+| `ALLOWED_ORIGINS` | — | CORS allow-list; also used to validate the `Host` header (DNS-rebinding protection) when `MCP_AUTH_MODE=none` |
 | `MCP_TRUST_PROXY` | `false` | Trust proxy headers (for reverse proxies) |
 | `RATE_LIMIT_MAX_BUCKETS` | `10000` | Maximum distinct in-memory rate-limit buckets before new clients share an overflow bucket |
 

package/build/index.js

@@ -118,18 +118,73 @@ var Logger = {
 
 // src/services/base.service.ts
 var DEFAULT_BASE_URL = "https://api.portkey.ai/v1";
+var PRIVATE_BASE_URL_OVERRIDE_HINT = "Set PORTKEY_ALLOW_PRIVATE_BASE_URL=true to allow self-hosted gateways on loopback or private networks.";
+function isPrivateOrLocalHost(hostname) {
+  const host = hostname.trim().toLowerCase().replace(/^\[|\]$/g, "");
+  if (host === "localhost" || host.endsWith(".localhost")) {
+    return true;
+  }
+  let ipv4 = host;
+  if (host.includes(":")) {
+    if (host === "::1") {
+      return true;
+    }
+    if (host.startsWith("fe80:")) {
+      return true;
+    }
+    if (host.startsWith("fc") || host.startsWith("fd")) {
+      return true;
+    }
+    if (host.startsWith("::ffff:")) {
+      ipv4 = host.slice("::ffff:".length);
+    } else {
+      return false;
+    }
+  }
+  const match = ipv4.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+  if (!match) {
+    return false;
+  }
+  const a = Number(match[1]);
+  const b = Number(match[2]);
+  if (a === 0 || a === 10 || a === 127) {
+    return true;
+  }
+  if (a === 169 && b === 254) {
+    return true;
+  }
+  if (a === 172 && b >= 16 && b <= 31) {
+    return true;
+  }
+  if (a === 192 && b === 168) {
+    return true;
+  }
+  if (a === 100 && b >= 64 && b <= 127) {
+    return true;
+  }
+  return false;
+}
 function validateUrl(url) {
+  let parsed;
   try {
-    const parsed = new URL(url);
-    if (!["http:", "https:"].includes(parsed.protocol)) {
-      throw new Error(`Invalid URL protocol: ${parsed.protocol}`);
-    }
+    parsed = new URL(url);
   } catch (error) {
     if (error instanceof TypeError) {
       throw new Error(`Invalid base URL: ${url}`);
     }
     throw error;
   }
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new Error(`Invalid URL protocol: ${parsed.protocol}`);
+  }
+  const allowPrivate = /^(1|true|yes)$/i.test(
+    process.env.PORTKEY_ALLOW_PRIVATE_BASE_URL?.trim() ?? ""
+  );
+  if (!allowPrivate && isPrivateOrLocalHost(parsed.hostname)) {
+    throw new Error(
+      `Refusing to use a loopback or private-network PORTKEY_BASE_URL host: ${parsed.hostname}. ${PRIVATE_BASE_URL_OVERRIDE_HINT}`
+    );
+  }
 }
 var BaseService = class {
   apiKey;
@@ -2804,7 +2859,7 @@ function registerConfigsTools(server, service) {
   );
   server.tool(
     "create_config",
-    "Create a config that defines routing, cache, retry, and targets for requests. At least one of those settings is required; returns the new id and version_id.",
+    "Create a config that defines routing, cache, retry, and targets for requests; use update_config to modify an existing one and list_config_versions for history. At least one setting is required, new configs become active immediately once referenced by a key or prompt, and the call returns the new id and version_id.",
     CONFIGS_TOOL_SCHEMAS.createConfig,
     async (params) => {
       const config = buildConfigPayload(params);
@@ -3018,7 +3073,7 @@ function registerGuardrailsTools(server, service) {
   );
   server.tool(
     "get_guardrail",
-    "Fetch one guardrail with its full checks and actions. Use this before updating rules or when you need the exact enforcement policy.",
+    "Fetch one guardrail by id or slug with its full checks and actions; use list_guardrails to discover ids first. Use before update_guardrail or delete_guardrail when you need the exact enforcement policy, and returns the full check and action configuration alongside status and ownership.",
     GUARDRAILS_TOOL_SCHEMAS.getGuardrail,
     async (params) => {
       const guardrail = await service.guardrails.getGuardrail(
@@ -3084,7 +3139,7 @@ function registerGuardrailsTools(server, service) {
   );
   server.tool(
     "update_guardrail",
-    "Update a guardrail's name, checks, or actions. This creates a new version, so configs keep pointing at the latest policy after the change.",
+    "Update a guardrail's name, checks, or actions, unlike create_guardrail which registers a new one or delete_guardrail which removes it. This creates a new version that takes effect immediately for dependent configs, so review list_guardrails first; returns the updated id, slug, and version_id.",
     GUARDRAILS_TOOL_SCHEMAS.updateGuardrail,
     async (params) => {
       const updateData = {};
@@ -3610,7 +3665,7 @@ function registerIntegrationsTools(server, service) {
   );
   server.tool(
     "update_integration_workspaces",
-    "Control which workspaces can use an integration and set per-workspace limits. Access changes and new limits apply to downstream usage immediately. Returns success and the number of workspaces updated.",
+    "Control which workspaces can use an integration and set per-workspace limits, unlike update_integration which edits the org-level connection. Call list_integration_workspaces first to review current state; access changes and new limits apply to downstream usage immediately, and the call returns success plus the number of workspaces updated.",
     INTEGRATIONS_TOOL_SCHEMAS.updateIntegrationWorkspaces,
     async (params) => {
       const result = await service.integrations.updateIntegrationWorkspaces(
@@ -4084,7 +4139,7 @@ function registerKeysTools(server, service) {
   );
   server.tool(
     "update_api_key",
-    "Update an API key's name, description, scopes, defaults, or limits. Changes affect what downstream callers can access; type and sub-type stay fixed after creation. Returns success after the update is applied.",
+    "Update an API key's name, description, scopes, defaults, or limits, unlike delete_api_key which revokes it or create_api_key which issues a new one. Changes take effect immediately for downstream callers, type and sub-type stay fixed after creation, and the call returns success without rotating the secret.",
     KEYS_TOOL_SCHEMAS.updateApiKey,
     async (params) => {
       const result = await service.keys.updateApiKey(params.id, {
@@ -4288,7 +4343,7 @@ function registerLabelsTools(server, service) {
   );
   server.tool(
     "update_prompt_label",
-    "Update a prompt label's name, description, or color only. This changes the label definition, not existing prompt-version assignments or history.",
+    "Update a prompt label's name, description, or color only, unlike update_prompt_version which changes which label a version carries. This takes effect immediately for all versions already tagged with the label, but does not reassign labels or touch history; use list_prompt_labels to find the label_id first.",
     LABELS_TOOL_SCHEMAS.updatePromptLabel,
     async (params) => {
       const { label_id, ...updateData } = params;
@@ -4657,7 +4712,7 @@ function registerLimitsTools(server, service) {
   );
   server.tool(
     "update_usage_limit",
-    "Update a usage limit's name, credit_limit, alert_threshold, reset schedule, or reset target by id. Conditions and group_by are immutable after creation.",
+    "Update a usage limit's name, credit_limit, alert_threshold, reset schedule, or reset target by id, unlike update_rate_limit which tunes request throttling. New values apply immediately to tracked usage, conditions and group_by are immutable after creation, and the call returns the updated id without clearing accumulated usage (use reset_usage_limit_entity for that).",
     LIMITS_TOOL_SCHEMAS.updateUsageLimit,
     async (params) => {
       const result = await service.limits.updateUsageLimit(params.id, {
@@ -5027,7 +5082,7 @@ function registerLoggingTools(server, service) {
   );
   server.tool(
     "cancel_log_export",
-    "Cancel a pending or running log export job. This permanently stops that export, so create a new log export if you need the same data again.",
+    "Cancel a pending or running log export job, unlike start_log_export which queues one or delete_integration which removes the source. This permanently stops that export, takes effect immediately, and does not roll back already-processed rows; call create_log_export and start_log_export again to retry.",
     LOGGING_TOOL_SCHEMAS.cancelLogExport,
     async (params) => {
       const result = await service.logging.cancelLogExport(params.export_id);
@@ -5880,7 +5935,7 @@ function registerPartialsTools(server, service) {
   );
   server.tool(
     "list_prompt_partials",
-    "List partials across collections, with optional collection filtering. Returns ids, slugs, names, collections, and status so you can choose a prompt_partial_id before get/update/delete.",
+    "List partials across collections, with optional collection filtering. Returns ids, slugs, names, collections, and status so you can choose a prompt_partial_id before get_prompt_partial, update_prompt_partial, delete_prompt_partial, or publish_partial.",
     PARTIALS_TOOL_SCHEMAS.listPromptPartials,
     async (params) => {
       const partials = await service.partials.listPromptPartials(params);
@@ -6030,7 +6085,7 @@ function registerPartialsTools(server, service) {
   );
   server.tool(
     "publish_partial",
-    "Publish a specific partial version as the default version. This changes which content {{> partial_name}} resolves to and replaces the previously active version.",
+    "Publish a specific partial version as the default, unlike update_prompt_partial which creates a new draft without activating it. Use after list_partial_versions to pick a version_id; this immediately changes what {{> partial_name}} resolves to for all prompts and replaces the previously active version without a rollback path.",
     PARTIALS_TOOL_SCHEMAS.publishPartial,
     async (params) => {
       await service.partials.publishPartial(params.prompt_partial_id, {
@@ -6612,7 +6667,7 @@ function registerPromptsTools(server, service) {
   );
   server.tool(
     "publish_prompt",
-    "Publish a specific version of a prompt as the active default. Use list_prompt_versions to choose the version and update_prompt when you need to create new content before promoting it.",
+    "Publish a specific version of a prompt as the active default, unlike promote_prompt which copies across environments or update_prompt which creates a new draft. This immediately routes all callers using the slug to that version and there is no rollback, so use list_prompt_versions to pick the version and update_prompt first if you need to create new content before promoting it.",
     PROMPTS_TOOL_SCHEMAS.publishPrompt,
     async (params) => {
       await service.prompts.publishPrompt(params.prompt_id, {
@@ -7569,7 +7624,7 @@ function registerUsersTools(server, service) {
   );
   server.tool(
     "resend_user_invite",
-    "Resend the email for a pending invite that has not been accepted. The invite must still exist; use get_user_invite first if you are unsure.",
+    "Resend the email for a pending invite that has not been accepted, unlike invite_user which creates a new invite. This sends a fresh email without modifying the invite record, expiry, or role; use get_user_invite first if you are unsure whether the invite still exists and list_user_invites to discover invite_ids.",
     USERS_TOOL_SCHEMAS.resendUserInvite,
     async (params) => {
       await service.users.resendUserInvite(params.invite_id);
@@ -7771,7 +7826,7 @@ function registerWorkspacesTools(server, service) {
   );
   server.tool(
     "update_workspace",
-    "Update a workspace's name, slug, description, default flag, or metadata by id. Only provided fields change; changing the slug can break URLs and other references.",
+    "Update a workspace's name, slug, description, default flag, or metadata by id, unlike update_workspace_member which changes role assignments within a workspace. Only provided fields change and updates take effect immediately; changing the slug can break URLs, API key references, and other external links, so confirm no dependencies first.",
     WORKSPACES_TOOL_SCHEMAS.updateWorkspace,
     async (params) => {
       const { workspace_id, is_default, metadata, ...rest } = params;
@@ -8000,7 +8055,6 @@ var READ_ONLY_IDEMPOTENT_TOOL_PREFIXES = [
   "render_",
   "download_"
 ];
-var READ_ONLY_NON_IDEMPOTENT_TOOL_PREFIXES = ["run_", "test_"];
 var DESTRUCTIVE_TOOL_PREFIXES = [
   "delete_",
   "remove_",
@@ -8061,16 +8115,6 @@ function inferToolAnnotations(toolName) {
       openWorldHint: true
     };
   }
-  if (READ_ONLY_NON_IDEMPOTENT_TOOL_PREFIXES.some(
-    (prefix) => toolName.startsWith(prefix)
-  )) {
-    return {
-      readOnlyHint: true,
-      destructiveHint: false,
-      idempotentHint: false,
-      openWorldHint: true
-    };
-  }
   if (DESTRUCTIVE_TOOL_PREFIXES.some((prefix) => toolName.startsWith(prefix))) {
     return {
       readOnlyHint: false,

package/build/server.js

@@ -133,18 +133,73 @@ var Logger = {
 
 // src/services/base.service.ts
 var DEFAULT_BASE_URL = "https://api.portkey.ai/v1";
+var PRIVATE_BASE_URL_OVERRIDE_HINT = "Set PORTKEY_ALLOW_PRIVATE_BASE_URL=true to allow self-hosted gateways on loopback or private networks.";
+function isPrivateOrLocalHost(hostname) {
+  const host = hostname.trim().toLowerCase().replace(/^\[|\]$/g, "");
+  if (host === "localhost" || host.endsWith(".localhost")) {
+    return true;
+  }
+  let ipv4 = host;
+  if (host.includes(":")) {
+    if (host === "::1") {
+      return true;
+    }
+    if (host.startsWith("fe80:")) {
+      return true;
+    }
+    if (host.startsWith("fc") || host.startsWith("fd")) {
+      return true;
+    }
+    if (host.startsWith("::ffff:")) {
+      ipv4 = host.slice("::ffff:".length);
+    } else {
+      return false;
+    }
+  }
+  const match = ipv4.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+  if (!match) {
+    return false;
+  }
+  const a = Number(match[1]);
+  const b = Number(match[2]);
+  if (a === 0 || a === 10 || a === 127) {
+    return true;
+  }
+  if (a === 169 && b === 254) {
+    return true;
+  }
+  if (a === 172 && b >= 16 && b <= 31) {
+    return true;
+  }
+  if (a === 192 && b === 168) {
+    return true;
+  }
+  if (a === 100 && b >= 64 && b <= 127) {
+    return true;
+  }
+  return false;
+}
 function validateUrl(url) {
+  let parsed;
   try {
-    const parsed = new URL(url);
-    if (!["http:", "https:"].includes(parsed.protocol)) {
-      throw new Error(`Invalid URL protocol: ${parsed.protocol}`);
-    }
+    parsed = new URL(url);
   } catch (error) {
     if (error instanceof TypeError) {
       throw new Error(`Invalid base URL: ${url}`);
     }
     throw error;
   }
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new Error(`Invalid URL protocol: ${parsed.protocol}`);
+  }
+  const allowPrivate = /^(1|true|yes)$/i.test(
+    process.env.PORTKEY_ALLOW_PRIVATE_BASE_URL?.trim() ?? ""
+  );
+  if (!allowPrivate && isPrivateOrLocalHost(parsed.hostname)) {
+    throw new Error(
+      `Refusing to use a loopback or private-network PORTKEY_BASE_URL host: ${parsed.hostname}. ${PRIVATE_BASE_URL_OVERRIDE_HINT}`
+    );
+  }
 }
 var BaseService = class {
   apiKey;
@@ -2819,7 +2874,7 @@ function registerConfigsTools(server, service) {
   );
   server.tool(
     "create_config",
-    "Create a config that defines routing, cache, retry, and targets for requests. At least one of those settings is required; returns the new id and version_id.",
+    "Create a config that defines routing, cache, retry, and targets for requests; use update_config to modify an existing one and list_config_versions for history. At least one setting is required, new configs become active immediately once referenced by a key or prompt, and the call returns the new id and version_id.",
     CONFIGS_TOOL_SCHEMAS.createConfig,
     async (params) => {
       const config = buildConfigPayload(params);
@@ -3033,7 +3088,7 @@ function registerGuardrailsTools(server, service) {
   );
   server.tool(
     "get_guardrail",
-    "Fetch one guardrail with its full checks and actions. Use this before updating rules or when you need the exact enforcement policy.",
+    "Fetch one guardrail by id or slug with its full checks and actions; use list_guardrails to discover ids first. Use before update_guardrail or delete_guardrail when you need the exact enforcement policy, and returns the full check and action configuration alongside status and ownership.",
     GUARDRAILS_TOOL_SCHEMAS.getGuardrail,
     async (params) => {
       const guardrail = await service.guardrails.getGuardrail(
@@ -3099,7 +3154,7 @@ function registerGuardrailsTools(server, service) {
   );
   server.tool(
     "update_guardrail",
-    "Update a guardrail's name, checks, or actions. This creates a new version, so configs keep pointing at the latest policy after the change.",
+    "Update a guardrail's name, checks, or actions, unlike create_guardrail which registers a new one or delete_guardrail which removes it. This creates a new version that takes effect immediately for dependent configs, so review list_guardrails first; returns the updated id, slug, and version_id.",
     GUARDRAILS_TOOL_SCHEMAS.updateGuardrail,
     async (params) => {
       const updateData = {};
@@ -3625,7 +3680,7 @@ function registerIntegrationsTools(server, service) {
   );
   server.tool(
     "update_integration_workspaces",
-    "Control which workspaces can use an integration and set per-workspace limits. Access changes and new limits apply to downstream usage immediately. Returns success and the number of workspaces updated.",
+    "Control which workspaces can use an integration and set per-workspace limits, unlike update_integration which edits the org-level connection. Call list_integration_workspaces first to review current state; access changes and new limits apply to downstream usage immediately, and the call returns success plus the number of workspaces updated.",
     INTEGRATIONS_TOOL_SCHEMAS.updateIntegrationWorkspaces,
     async (params) => {
       const result = await service.integrations.updateIntegrationWorkspaces(
@@ -4099,7 +4154,7 @@ function registerKeysTools(server, service) {
   );
   server.tool(
     "update_api_key",
-    "Update an API key's name, description, scopes, defaults, or limits. Changes affect what downstream callers can access; type and sub-type stay fixed after creation. Returns success after the update is applied.",
+    "Update an API key's name, description, scopes, defaults, or limits, unlike delete_api_key which revokes it or create_api_key which issues a new one. Changes take effect immediately for downstream callers, type and sub-type stay fixed after creation, and the call returns success without rotating the secret.",
     KEYS_TOOL_SCHEMAS.updateApiKey,
     async (params) => {
       const result = await service.keys.updateApiKey(params.id, {
@@ -4303,7 +4358,7 @@ function registerLabelsTools(server, service) {
   );
   server.tool(
     "update_prompt_label",
-    "Update a prompt label's name, description, or color only. This changes the label definition, not existing prompt-version assignments or history.",
+    "Update a prompt label's name, description, or color only, unlike update_prompt_version which changes which label a version carries. This takes effect immediately for all versions already tagged with the label, but does not reassign labels or touch history; use list_prompt_labels to find the label_id first.",
     LABELS_TOOL_SCHEMAS.updatePromptLabel,
     async (params) => {
       const { label_id, ...updateData } = params;
@@ -4672,7 +4727,7 @@ function registerLimitsTools(server, service) {
   );
   server.tool(
     "update_usage_limit",
-    "Update a usage limit's name, credit_limit, alert_threshold, reset schedule, or reset target by id. Conditions and group_by are immutable after creation.",
+    "Update a usage limit's name, credit_limit, alert_threshold, reset schedule, or reset target by id, unlike update_rate_limit which tunes request throttling. New values apply immediately to tracked usage, conditions and group_by are immutable after creation, and the call returns the updated id without clearing accumulated usage (use reset_usage_limit_entity for that).",
     LIMITS_TOOL_SCHEMAS.updateUsageLimit,
     async (params) => {
       const result = await service.limits.updateUsageLimit(params.id, {
@@ -5042,7 +5097,7 @@ function registerLoggingTools(server, service) {
   );
   server.tool(
     "cancel_log_export",
-    "Cancel a pending or running log export job. This permanently stops that export, so create a new log export if you need the same data again.",
+    "Cancel a pending or running log export job, unlike start_log_export which queues one or delete_integration which removes the source. This permanently stops that export, takes effect immediately, and does not roll back already-processed rows; call create_log_export and start_log_export again to retry.",
     LOGGING_TOOL_SCHEMAS.cancelLogExport,
     async (params) => {
       const result = await service.logging.cancelLogExport(params.export_id);
@@ -5895,7 +5950,7 @@ function registerPartialsTools(server, service) {
   );
   server.tool(
     "list_prompt_partials",
-    "List partials across collections, with optional collection filtering. Returns ids, slugs, names, collections, and status so you can choose a prompt_partial_id before get/update/delete.",
+    "List partials across collections, with optional collection filtering. Returns ids, slugs, names, collections, and status so you can choose a prompt_partial_id before get_prompt_partial, update_prompt_partial, delete_prompt_partial, or publish_partial.",
     PARTIALS_TOOL_SCHEMAS.listPromptPartials,
     async (params) => {
       const partials = await service.partials.listPromptPartials(params);
@@ -6045,7 +6100,7 @@ function registerPartialsTools(server, service) {
   );
   server.tool(
     "publish_partial",
-    "Publish a specific partial version as the default version. This changes which content {{> partial_name}} resolves to and replaces the previously active version.",
+    "Publish a specific partial version as the default, unlike update_prompt_partial which creates a new draft without activating it. Use after list_partial_versions to pick a version_id; this immediately changes what {{> partial_name}} resolves to for all prompts and replaces the previously active version without a rollback path.",
     PARTIALS_TOOL_SCHEMAS.publishPartial,
     async (params) => {
       await service.partials.publishPartial(params.prompt_partial_id, {
@@ -6627,7 +6682,7 @@ function registerPromptsTools(server, service) {
   );
   server.tool(
     "publish_prompt",
-    "Publish a specific version of a prompt as the active default. Use list_prompt_versions to choose the version and update_prompt when you need to create new content before promoting it.",
+    "Publish a specific version of a prompt as the active default, unlike promote_prompt which copies across environments or update_prompt which creates a new draft. This immediately routes all callers using the slug to that version and there is no rollback, so use list_prompt_versions to pick the version and update_prompt first if you need to create new content before promoting it.",
     PROMPTS_TOOL_SCHEMAS.publishPrompt,
     async (params) => {
       await service.prompts.publishPrompt(params.prompt_id, {
@@ -7584,7 +7639,7 @@ function registerUsersTools(server, service) {
   );
   server.tool(
     "resend_user_invite",
-    "Resend the email for a pending invite that has not been accepted. The invite must still exist; use get_user_invite first if you are unsure.",
+    "Resend the email for a pending invite that has not been accepted, unlike invite_user which creates a new invite. This sends a fresh email without modifying the invite record, expiry, or role; use get_user_invite first if you are unsure whether the invite still exists and list_user_invites to discover invite_ids.",
     USERS_TOOL_SCHEMAS.resendUserInvite,
     async (params) => {
       await service.users.resendUserInvite(params.invite_id);
@@ -7786,7 +7841,7 @@ function registerWorkspacesTools(server, service) {
   );
   server.tool(
     "update_workspace",
-    "Update a workspace's name, slug, description, default flag, or metadata by id. Only provided fields change; changing the slug can break URLs and other references.",
+    "Update a workspace's name, slug, description, default flag, or metadata by id, unlike update_workspace_member which changes role assignments within a workspace. Only provided fields change and updates take effect immediately; changing the slug can break URLs, API key references, and other external links, so confirm no dependencies first.",
     WORKSPACES_TOOL_SCHEMAS.updateWorkspace,
     async (params) => {
       const { workspace_id, is_default, metadata, ...rest } = params;
@@ -8015,7 +8070,6 @@ var READ_ONLY_IDEMPOTENT_TOOL_PREFIXES = [
   "render_",
   "download_"
 ];
-var READ_ONLY_NON_IDEMPOTENT_TOOL_PREFIXES = ["run_", "test_"];
 var DESTRUCTIVE_TOOL_PREFIXES = [
   "delete_",
   "remove_",
@@ -8076,16 +8130,6 @@ function inferToolAnnotations(toolName) {
       openWorldHint: true
     };
   }
-  if (READ_ONLY_NON_IDEMPOTENT_TOOL_PREFIXES.some(
-    (prefix) => toolName.startsWith(prefix)
-  )) {
-    return {
-      readOnlyHint: true,
-      destructiveHint: false,
-      idempotentHint: false,
-      openWorldHint: true
-    };
-  }
   if (DESTRUCTIVE_TOOL_PREFIXES.some((prefix) => toolName.startsWith(prefix))) {
     return {
       readOnlyHint: false,
@@ -8920,6 +8964,9 @@ function parseOriginParts(value) {
     return null;
   }
 }
+function normalizeHostWithoutPort(value) {
+  return value.trim().toLowerCase().split(":")[0];
+}
 function isOriginMatch(origin, allowedOrigin) {
   const originParts = parseOriginParts(origin);
   const allowedParts = parseOriginParts(allowedOrigin);
@@ -8958,6 +9005,20 @@ function validateOrigin(origin) {
   }
   return allowedOrigins.some((allowed) => isOriginMatch(origin, allowed));
 }
+function isAllowedHost(host) {
+  const allowedOrigins = getAllowedOrigins();
+  if (allowedOrigins.includes("*")) {
+    return true;
+  }
+  const hostWithoutPort = normalizeHostWithoutPort(host);
+  return allowedOrigins.some((allowed) => {
+    const allowedParts = parseOriginParts(allowed);
+    if (allowedParts) {
+      return allowedParts.hostname === hostWithoutPort;
+    }
+    return normalizeHostWithoutPort(allowed) === hostWithoutPort;
+  });
+}
 function originValidationMiddleware(req, res, next) {
   if (req.path === "/health" || req.path === "/ready") {
     next();
@@ -8975,6 +9036,23 @@ function originValidationMiddleware(req, res, next) {
   }
   next();
 }
+function hostValidationMiddleware(req, res, next) {
+  if (req.path === "/health" || req.path === "/ready") {
+    next();
+    return;
+  }
+  const host = req.headers.host;
+  if (host && !isAllowedHost(host)) {
+    Logger.warn("Host validation failed", {
+      path: req.path,
+      method: req.method,
+      metadata: { host, ip: req.ip }
+    });
+    res.status(403).json({ error: "Forbidden: Host not allowed" });
+    return;
+  }
+  next();
+}
 function parsePositiveIntegerEnv(name, fallback) {
   const raw = process.env[name];
   if (raw === void 0) {
@@ -9500,6 +9578,9 @@ function createHttpAppRuntime() {
     })
   );
   app.use(express.json({ limit: requestBodyLimit }));
+  if (authConfig.mode === "none") {
+    app.use(hostValidationMiddleware);
+  }
   app.use(originValidationMiddleware);
   app.use(rateLimitMiddleware);
   app.use(mcpAuthMiddleware);
@@ -9784,7 +9865,7 @@ function createHttpAppRuntime() {
         return;
       }
     } else if (!transport) {
-      res.status(400).json({
+      res.status(sessionId ? 404 : 400).json({
         jsonrpc: "2.0",
         error: {
           code: -32e3,
@@ -9865,11 +9946,11 @@ function createHttpAppRuntime() {
       sessionStore.touch(sessionId);
       await transport.handleRequest(req, res);
     } else {
-      res.status(400).json({
+      res.status(404).json({
         jsonrpc: "2.0",
         error: {
           code: -32e3,
-          message: "Invalid session ID"
+          message: "Session not found"
         },
         id: null
       });
@@ -9913,11 +9994,11 @@ function createHttpAppRuntime() {
       }
       await transport.handleRequest(req, res);
     } else {
-      res.status(400).json({
+      res.status(404).json({
         jsonrpc: "2.0",
         error: {
           code: -32e3,
-          message: "Invalid session ID"
+          message: "Session not found"
         },
         id: null
       });

package/package.json

@@ -22,7 +22,7 @@
 		"knip": "knip",
 		"ci": "npm run lint && npm run knip && npm run typecheck && npm run test && npm run build && npm run test:e2e && npm run verify:readme-tools",
 		"start:http": "node build/server.js",
-		"prepare": "lefthook install",
+		"prepare": "[ -n \"$CI\" ] || [ -f /.dockerenv ] || [ ! -d .git ] || lefthook install",
 		"prepublishOnly": "npm run ci"
 	},
 	"engines": {
@@ -42,7 +42,7 @@
 	},
 	"name": "portkey-admin-mcp",
 	"mcpName": "io.github.s-b-e-n-s-o-n/portkey-admin-mcp",
-	"version": "0.3.1",
+	"version": "0.3.3",
 	"main": "build/index.js",
 	"keywords": [
 		"mcp",