npm - portkey-admin-mcp - Versions diffs - 0.3.2 → 0.3.4 - Mend

portkey-admin-mcp 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -15,6 +15,8 @@ MCP server for the [Portkey](https://portkey.ai/) Admin API. Manage prompts, con
 <a href="https://github.com/s-b-e-n-s-o-n/portkey-admin-mcp/actions/workflows/ci.yml"><img src="https://github.com/s-b-e-n-s-o-n/portkey-admin-mcp/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
 <a href="https://nodejs.org/"><img src="https://img.shields.io/badge/node-%3E%3D20-brightgreen.svg" alt="Node.js"></a>
 <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+<a href="https://github.com/punkpeye/awesome-mcp-servers"><img src="https://awesome.re/mentioned-badge.svg" alt="Mentioned in Awesome MCP Servers"></a>
+<a href="https://lobehub.com/mcp/s-b-e-n-s-o-n-portkey-admin-mcp"><img src="https://lobehub.com/badge/mcp/s-b-e-n-s-o-n-portkey-admin-mcp?style=flat" alt="LobeHub MCP"></a>
 <a href="https://glama.ai/mcp/servers/s-b-e-n-s-o-n/portkey-admin-mcp"><img src="https://glama.ai/mcp/servers/s-b-e-n-s-o-n/portkey-admin-mcp/badges/card.svg" alt="portkey-admin-mcp MCP server"></a>
@@ -22,6 +24,9 @@ MCP server for the [Portkey](https://portkey.ai/) Admin API. Manage prompts, con
 ---
+> [!IMPORTANT]
+> **Maintenance mode.** Portkey was acquired by **Palo Alto Networks** (completed 2026‑05‑29) and is being folded into the Prisma AIRS platform. The Portkey Admin API this server targets is **live and unchanged as of June 2026**, and this project still works end‑to‑end — but it is now in **maintenance mode**: security and dependency patches only, no new features, pending Palo Alto's post‑acquisition API roadmap. If the hosted Admin API is ever deprecated, point `PORTKEY_BASE_URL` at a self‑hosted [Portkey gateway](https://github.com/Portkey-AI/gateway). See [docs/audit-2026-06.md](./docs/audit-2026-06.md) for the full assessment.
 ## Quick Start
 You need a **Portkey API key** with appropriate scopes. Get one from your [Portkey dashboard](https://app.portkey.ai/) under API Keys.
@@ -175,6 +180,8 @@ For local-only HTTP use, leave `MCP_HOST` at its default `127.0.0.1`. Set `MCP_H
 | Variable | Default | Description |
 |----------|---------|-------------|
 | `PORTKEY_API_KEY` | (required) | Your Portkey API key |
+| `PORTKEY_BASE_URL` | `https://api.portkey.ai/v1` | Portkey Admin API base URL. Point at a self-hosted Portkey gateway if needed. Loopback/private-network hosts are rejected unless `PORTKEY_ALLOW_PRIVATE_BASE_URL=true` |
+| `PORTKEY_ALLOW_PRIVATE_BASE_URL` | — | Set to `true` to allow a `PORTKEY_BASE_URL` on loopback or a private network (e.g. a self-hosted gateway at `http://localhost:8787`) |
 | `PORTKEY_TOOL_DOMAINS` | — | Optional comma-separated stdio/HTTP default tool subset, e.g. `prompts,analytics` |
 | `MCP_HOST` | `127.0.0.1` | Bind address |
 | `MCP_PORT` | `3000` | Port |
@@ -188,7 +195,7 @@ For local-only HTTP use, leave `MCP_HOST` at its default `127.0.0.1`. Set `MCP_H
 | `MCP_REDIS_URL` | — | Redis URL for shared event store |
 | `MCP_TLS_KEY_PATH` | — | TLS key for native HTTPS |
 | `MCP_TLS_CERT_PATH` | — | TLS cert for native HTTPS |
-| `ALLOWED_ORIGINS` | — | CORS allow-list |
+| `ALLOWED_ORIGINS` | — | CORS allow-list; also used to validate the `Host` header (DNS-rebinding protection) when `MCP_AUTH_MODE=none` |
 | `MCP_TRUST_PROXY` | `false` | Trust proxy headers (for reverse proxies) |
 | `RATE_LIMIT_MAX_BUCKETS` | `10000` | Maximum distinct in-memory rate-limit buckets before new clients share an overflow bucket |

package/build/index.js CHANGED Viewed

@@ -118,18 +118,73 @@ var Logger = {
 // src/services/base.service.ts
 var DEFAULT_BASE_URL = "https://api.portkey.ai/v1";
+var PRIVATE_BASE_URL_OVERRIDE_HINT = "Set PORTKEY_ALLOW_PRIVATE_BASE_URL=true to allow self-hosted gateways on loopback or private networks.";
+function isPrivateOrLocalHost(hostname) {
+  const host = hostname.trim().toLowerCase().replace(/^\[|\]$/g, "");
+  if (host === "localhost" || host.endsWith(".localhost")) {
+    return true;
+  }
+  let ipv4 = host;
+  if (host.includes(":")) {
+    if (host === "::1") {
+      return true;
+    }
+    if (host.startsWith("fe80:")) {
+      return true;
+    }
+    if (host.startsWith("fc") || host.startsWith("fd")) {
+      return true;
+    }
+    if (host.startsWith("::ffff:")) {
+      ipv4 = host.slice("::ffff:".length);
+    } else {
+      return false;
+    }
+  }
+  const match = ipv4.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+  if (!match) {
+    return false;
+  }
+  const a = Number(match[1]);
+  const b = Number(match[2]);
+  if (a === 0 || a === 10 || a === 127) {
+    return true;
+  }
+  if (a === 169 && b === 254) {
+    return true;
+  }
+  if (a === 172 && b >= 16 && b <= 31) {
+    return true;
+  }
+  if (a === 192 && b === 168) {
+    return true;
+  }
+  if (a === 100 && b >= 64 && b <= 127) {
+    return true;
+  }
+  return false;
+}
 function validateUrl(url) {
+  let parsed;
   try {
-    const parsed = new URL(url);
-    if (!["http:", "https:"].includes(parsed.protocol)) {
-      throw new Error(`Invalid URL protocol: ${parsed.protocol}`);
-    }
+    parsed = new URL(url);
   } catch (error) {
     if (error instanceof TypeError) {
       throw new Error(`Invalid base URL: ${url}`);
     }
     throw error;
   }
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new Error(`Invalid URL protocol: ${parsed.protocol}`);
+  }
+  const allowPrivate = /^(1|true|yes)$/i.test(
+    process.env.PORTKEY_ALLOW_PRIVATE_BASE_URL?.trim() ?? ""
+  );
+  if (!allowPrivate && isPrivateOrLocalHost(parsed.hostname)) {
+    throw new Error(
+      `Refusing to use a loopback or private-network PORTKEY_BASE_URL host: ${parsed.hostname}. ${PRIVATE_BASE_URL_OVERRIDE_HINT}`
+    );
+  }
 }
 var BaseService = class {
   apiKey;
@@ -172,7 +227,9 @@ var BaseService = class {
       requestId,
       method,
       path,
-      metadata: { url }
+      metadata: {
+        paramKeys: options.params ? Object.keys(options.params) : []
+      }
     });
     try {
       const response = await fetchWithTimeout(url, {
@@ -8000,7 +8057,6 @@ var READ_ONLY_IDEMPOTENT_TOOL_PREFIXES = [
   "render_",
   "download_"
 ];
-var READ_ONLY_NON_IDEMPOTENT_TOOL_PREFIXES = ["run_", "test_"];
 var DESTRUCTIVE_TOOL_PREFIXES = [
   "delete_",
   "remove_",
@@ -8061,16 +8117,6 @@ function inferToolAnnotations(toolName) {
       openWorldHint: true
     };
   }
-  if (READ_ONLY_NON_IDEMPOTENT_TOOL_PREFIXES.some(
-    (prefix) => toolName.startsWith(prefix)
-  )) {
-    return {
-      readOnlyHint: true,
-      destructiveHint: false,
-      idempotentHint: false,
-      openWorldHint: true
-    };
-  }
   if (DESTRUCTIVE_TOOL_PREFIXES.some((prefix) => toolName.startsWith(prefix))) {
     return {
       readOnlyHint: false,

package/build/server.js CHANGED Viewed

@@ -133,18 +133,73 @@ var Logger = {
 // src/services/base.service.ts
 var DEFAULT_BASE_URL = "https://api.portkey.ai/v1";
+var PRIVATE_BASE_URL_OVERRIDE_HINT = "Set PORTKEY_ALLOW_PRIVATE_BASE_URL=true to allow self-hosted gateways on loopback or private networks.";
+function isPrivateOrLocalHost(hostname) {
+  const host = hostname.trim().toLowerCase().replace(/^\[|\]$/g, "");
+  if (host === "localhost" || host.endsWith(".localhost")) {
+    return true;
+  }
+  let ipv4 = host;
+  if (host.includes(":")) {
+    if (host === "::1") {
+      return true;
+    }
+    if (host.startsWith("fe80:")) {
+      return true;
+    }
+    if (host.startsWith("fc") || host.startsWith("fd")) {
+      return true;
+    }
+    if (host.startsWith("::ffff:")) {
+      ipv4 = host.slice("::ffff:".length);
+    } else {
+      return false;
+    }
+  }
+  const match = ipv4.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+  if (!match) {
+    return false;
+  }
+  const a = Number(match[1]);
+  const b = Number(match[2]);
+  if (a === 0 || a === 10 || a === 127) {
+    return true;
+  }
+  if (a === 169 && b === 254) {
+    return true;
+  }
+  if (a === 172 && b >= 16 && b <= 31) {
+    return true;
+  }
+  if (a === 192 && b === 168) {
+    return true;
+  }
+  if (a === 100 && b >= 64 && b <= 127) {
+    return true;
+  }
+  return false;
+}
 function validateUrl(url) {
+  let parsed;
   try {
-    const parsed = new URL(url);
-    if (!["http:", "https:"].includes(parsed.protocol)) {
-      throw new Error(`Invalid URL protocol: ${parsed.protocol}`);
-    }
+    parsed = new URL(url);
   } catch (error) {
     if (error instanceof TypeError) {
       throw new Error(`Invalid base URL: ${url}`);
     }
     throw error;
   }
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new Error(`Invalid URL protocol: ${parsed.protocol}`);
+  }
+  const allowPrivate = /^(1|true|yes)$/i.test(
+    process.env.PORTKEY_ALLOW_PRIVATE_BASE_URL?.trim() ?? ""
+  );
+  if (!allowPrivate && isPrivateOrLocalHost(parsed.hostname)) {
+    throw new Error(
+      `Refusing to use a loopback or private-network PORTKEY_BASE_URL host: ${parsed.hostname}. ${PRIVATE_BASE_URL_OVERRIDE_HINT}`
+    );
+  }
 }
 var BaseService = class {
   apiKey;
@@ -187,7 +242,9 @@ var BaseService = class {
       requestId,
       method,
       path,
-      metadata: { url }
+      metadata: {
+        paramKeys: options.params ? Object.keys(options.params) : []
+      }
     });
     try {
       const response = await fetchWithTimeout(url, {
@@ -8015,7 +8072,6 @@ var READ_ONLY_IDEMPOTENT_TOOL_PREFIXES = [
   "render_",
   "download_"
 ];
-var READ_ONLY_NON_IDEMPOTENT_TOOL_PREFIXES = ["run_", "test_"];
 var DESTRUCTIVE_TOOL_PREFIXES = [
   "delete_",
   "remove_",
@@ -8076,16 +8132,6 @@ function inferToolAnnotations(toolName) {
       openWorldHint: true
     };
   }
-  if (READ_ONLY_NON_IDEMPOTENT_TOOL_PREFIXES.some(
-    (prefix) => toolName.startsWith(prefix)
-  )) {
-    return {
-      readOnlyHint: true,
-      destructiveHint: false,
-      idempotentHint: false,
-      openWorldHint: true
-    };
-  }
   if (DESTRUCTIVE_TOOL_PREFIXES.some((prefix) => toolName.startsWith(prefix))) {
     return {
       readOnlyHint: false,
@@ -8593,6 +8639,15 @@ function getServerConfig() {
 // src/lib/event-store.ts
 import { createClient } from "redis";
 var EVENT_STORE_CLEANUP_INTERVAL_MS = 3e4;
+var SAFE_EVENT_ID_PATTERN = /^[\w-]{1,128}$/;
+function assertSafeRedisId(id, kind) {
+  if (!SAFE_EVENT_ID_PATTERN.test(id)) {
+    throw new Error(
+      `Invalid ${kind} for event store key: ${JSON.stringify(id)}`
+    );
+  }
+  return id;
+}
 var InMemoryEventStore = class {
   sequence = 0;
   ttlMs;
@@ -8719,10 +8774,10 @@ var RedisEventStore = class {
     return `${this.keyPrefix}:counter`;
   }
   eventKey(eventId) {
-    return `${this.keyPrefix}:event:${eventId}`;
+    return `${this.keyPrefix}:event:${assertSafeRedisId(eventId, "eventId")}`;
   }
   streamEventsKey(streamId) {
-    return `${this.keyPrefix}:stream:${streamId}:events`;
+    return `${this.keyPrefix}:stream:${assertSafeRedisId(streamId, "streamId")}:events`;
   }
   async ensureConnected() {
     if (this.client.isOpen) {
@@ -8756,6 +8811,9 @@ var RedisEventStore = class {
     return eventId;
   }
   async getStreamIdForEventId(eventId) {
+    if (!SAFE_EVENT_ID_PATTERN.test(eventId)) {
+      return void 0;
+    }
     await this.ensureConnected();
     const streamId = await this.client.hGet(this.eventKey(eventId), "streamId");
     return streamId || void 0;
@@ -8920,6 +8978,9 @@ function parseOriginParts(value) {
     return null;
   }
 }
+function normalizeHostWithoutPort(value) {
+  return value.trim().toLowerCase().split(":")[0];
+}
 function isOriginMatch(origin, allowedOrigin) {
   const originParts = parseOriginParts(origin);
   const allowedParts = parseOriginParts(allowedOrigin);
@@ -8958,6 +9019,20 @@ function validateOrigin(origin) {
   }
   return allowedOrigins.some((allowed) => isOriginMatch(origin, allowed));
 }
+function isAllowedHost(host) {
+  const allowedOrigins = getAllowedOrigins();
+  if (allowedOrigins.includes("*")) {
+    return true;
+  }
+  const hostWithoutPort = normalizeHostWithoutPort(host);
+  return allowedOrigins.some((allowed) => {
+    const allowedParts = parseOriginParts(allowed);
+    if (allowedParts) {
+      return allowedParts.hostname === hostWithoutPort;
+    }
+    return normalizeHostWithoutPort(allowed) === hostWithoutPort;
+  });
+}
 function originValidationMiddleware(req, res, next) {
   if (req.path === "/health" || req.path === "/ready") {
     next();
@@ -8975,6 +9050,23 @@ function originValidationMiddleware(req, res, next) {
   }
   next();
 }
+function hostValidationMiddleware(req, res, next) {
+  if (req.path === "/health" || req.path === "/ready") {
+    next();
+    return;
+  }
+  const host = req.headers.host;
+  if (host && !isAllowedHost(host)) {
+    Logger.warn("Host validation failed", {
+      path: req.path,
+      method: req.method,
+      metadata: { host, ip: req.ip }
+    });
+    res.status(403).json({ error: "Forbidden: Host not allowed" });
+    return;
+  }
+  next();
+}
 function parsePositiveIntegerEnv(name, fallback) {
   const raw = process.env[name];
   if (raw === void 0) {
@@ -9500,6 +9592,9 @@ function createHttpAppRuntime() {
     })
   );
   app.use(express.json({ limit: requestBodyLimit }));
+  if (authConfig.mode === "none") {
+    app.use(hostValidationMiddleware);
+  }
   app.use(originValidationMiddleware);
   app.use(rateLimitMiddleware);
   app.use(mcpAuthMiddleware);
@@ -9784,7 +9879,7 @@ function createHttpAppRuntime() {
         return;
       }
     } else if (!transport) {
-      res.status(400).json({
+      res.status(sessionId ? 404 : 400).json({
         jsonrpc: "2.0",
         error: {
           code: -32e3,
@@ -9865,11 +9960,11 @@ function createHttpAppRuntime() {
       sessionStore.touch(sessionId);
       await transport.handleRequest(req, res);
     } else {
-      res.status(400).json({
+      res.status(404).json({
         jsonrpc: "2.0",
         error: {
           code: -32e3,
-          message: "Invalid session ID"
+          message: "Session not found"
         },
         id: null
       });
@@ -9913,11 +10008,11 @@ function createHttpAppRuntime() {
       }
       await transport.handleRequest(req, res);
     } else {
-      res.status(400).json({
+      res.status(404).json({
         jsonrpc: "2.0",
         error: {
           code: -32e3,
-          message: "Invalid session ID"
+          message: "Session not found"
         },
         id: null
       });

package/package.json CHANGED Viewed

@@ -22,7 +22,7 @@
 		"knip": "knip",
 		"ci": "npm run lint && npm run knip && npm run typecheck && npm run test && npm run build && npm run test:e2e && npm run verify:readme-tools",
 		"start:http": "node build/server.js",
-		"prepare": "lefthook install",
+		"prepare": "[ -n \"$CI\" ] || [ -f /.dockerenv ] || [ ! -d .git ] || lefthook install",
 		"prepublishOnly": "npm run ci"
 	},
 	"engines": {
@@ -42,7 +42,7 @@
 	},
 	"name": "portkey-admin-mcp",
 	"mcpName": "io.github.s-b-e-n-s-o-n/portkey-admin-mcp",
-	"version": "0.3.2",
+	"version": "0.3.4",
 	"main": "build/index.js",
 	"keywords": [
 		"mcp",