pulsemcp-cms-admin-mcp-server 0.9.26 → 0.9.28

package/build/shared/src/pulsemcp-admin-client/lib/create-api-key.js

@@ -24,7 +24,9 @@ export async function createApiKey(apiKey, baseUrl, params) {
             throw new Error('Invalid API key');
         }
         if (response.status === 403) {
-            throw new Error('User lacks write privileges');
+            const errorData = (await response.json().catch(() => ({})));
+            const message = errorData.errors?.join(', ') || errorData.error || `Forbidden: ${response.status}`;
+            throw new Error(message);
         }
         if (response.status === 404) {
             const errorData = (await response.json());

package/build/shared/src/pulsemcp-admin-client/lib/delete-api-key.js

@@ -13,7 +13,9 @@ export async function deleteApiKey(apiKey, baseUrl, id) {
             throw new Error('Invalid API key');
         }
         if (response.status === 403) {
-            throw new Error('User lacks write privileges');
+            const errorData = (await response.json().catch(() => ({})));
+            const message = errorData.errors?.join(', ') || errorData.error || `Forbidden: ${response.status}`;
+            throw new Error(message);
         }
         if (response.status === 422) {
             const errorData = (await response.json().catch(() => ({})));

package/build/shared/src/pulsemcp-admin-client/lib/delete-tenant.js

@@ -16,7 +16,9 @@ export async function deleteTenant(apiKey, baseUrl, params) {
             throw new Error('Invalid API key');
         }
         if (response.status === 403) {
-            throw new Error('User lacks write privileges');
+            const errorData = (await response.json().catch(() => ({})));
+            const message = errorData.errors?.join(', ') || errorData.error || `Forbidden: ${response.status}`;
+            throw new Error(message);
         }
         if (response.status === 404) {
             throw new Error(`Tenant ${params.id_or_slug} not found`);

package/build/shared/src/tools.js

@@ -185,13 +185,14 @@ const ALL_TOOLS = [
     { factory: getTenant, groups: ['tenants'], isWriteOperation: false },
     { factory: createTenant, groups: ['tenants'], isWriteOperation: true },
     { factory: createApiKey, groups: ['tenants'], isWriteOperation: true },
-    // revoke_api_key lives in the regular `tenants` group (not `tenants_destructive`) so
-    // it's exposed to read-write tenant management workflows like sub-registry credential
-    // re-issuance. The tool gates each call with MCP elicitation; if the connected client
-    // supports neither native elicitation nor an HTTP fallback, the elicitation library
-    // throws at runtime rather than silently destroying the key.
-    { factory: revokeApiKey, groups: ['tenants'], isWriteOperation: true },
-    // Destructive tenant tools — opt-in only, NOT in BASE_TOOL_GROUPS
+    // Destructive tenant tools — opt-in only, NOT in BASE_TOOL_GROUPS.
+    // revoke_api_key lives here (not in `tenants`) because it calls the same
+    // DELETE /api/api_keys/:id endpoint as delete_api_key and the Rails admin
+    // API gates that endpoint behind permission_level=all (full_access). The
+    // standard read-write admin credential cannot DELETE, so exposing
+    // revoke_api_key in the regular tenants group surfaced confusing 403s on
+    // workflows like sub-registry credential re-issuance.
+    { factory: revokeApiKey, groups: ['tenants_destructive'], isWriteOperation: true },
     { factory: deleteTenant, groups: ['tenants_destructive'], isWriteOperation: true },
     { factory: deleteApiKey, groups: ['tenants_destructive'], isWriteOperation: true },
     // Tenant -> recommended MCP server association tools
@@ -410,9 +411,9 @@ function shouldIncludeTool(toolDef, enabledGroups) {
  * - unofficial_mirrors: Unofficial mirror CRUD tools (read + write)
  * - unofficial_mirrors_readonly: Unofficial mirror tools (read only)
  * - official_mirrors_readonly: Official mirrors REST API tools (read only)
- * - tenants: Tenant management tools including API key provisioning + revoke_api_key (read + write). revoke_api_key is gated by MCP elicitation user approval before execution.
+ * - tenants: Tenant management tools including API key provisioning (read + write).
  * - tenants_readonly: Tenant tools (read only)
- * - tenants_destructive: Destructive tenant tools (delete_tenant, delete_api_key). NOT enabled by default; operators must opt in via TOOL_GROUPS. Each tool requires MCP elicitation user approval before execution.
+ * - tenants_destructive: Destructive tenant tools (delete_tenant, delete_api_key, revoke_api_key). NOT enabled by default; operators must opt in via TOOL_GROUPS. Each tool requires MCP elicitation user approval before execution.
  * - mcp_jsons: MCP JSON configuration tools (read + write)
  * - mcp_jsons_readonly: MCP JSON tools (read only)
  * - mcp_servers: Unified MCP server tools with abstracted interface (read + write)

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "pulsemcp-cms-admin-mcp-server",
-  "version": "0.9.26",
+  "version": "0.9.28",
   "description": "Local implementation of PulseMCP CMS Admin MCP server",
-  "mcpName": "com.pulsemcp.servers/pulsemcp-cms-admin",
+  "mcpName": "com.pulsemcp/pulsemcp-cms-admin",
   "main": "build/index.js",
   "type": "module",
   "bin": {

package/shared/elicitation-config.d.ts

@@ -8,13 +8,13 @@ import { type ElicitationConfig } from '@pulsemcp/mcp-elicitation';
  * 3. Per-action override: PULSEMCP_CMS_ADMIN_ELICITATION_DESTRUCTIVE
  *
  * Destructive elicitation gates the `tenants_destructive` tool group only
- * (delete_tenant, delete_api_key). All other write tools in the server are
- * not gated by elicitation.
+ * (delete_tenant, delete_api_key, revoke_api_key). All other write tools in
+ * the server are not gated by elicitation.
  */
 export interface CmsAdminElicitationConfig {
     /** Base elicitation config from the shared library */
     base: ElicitationConfig;
-    /** Whether to elicit confirmation for destructive operations (delete_tenant, delete_api_key) */
+    /** Whether to elicit confirmation for destructive operations (delete_tenant, delete_api_key, revoke_api_key) */
     destructiveElicitationEnabled: boolean;
 }
 /**

package/shared/pulsemcp-admin-client/lib/create-api-key.js

@@ -24,7 +24,9 @@ export async function createApiKey(apiKey, baseUrl, params) {
             throw new Error('Invalid API key');
         }
         if (response.status === 403) {
-            throw new Error('User lacks write privileges');
+            const errorData = (await response.json().catch(() => ({})));
+            const message = errorData.errors?.join(', ') || errorData.error || `Forbidden: ${response.status}`;
+            throw new Error(message);
         }
         if (response.status === 404) {
             const errorData = (await response.json());

package/shared/pulsemcp-admin-client/lib/delete-api-key.js

@@ -13,7 +13,9 @@ export async function deleteApiKey(apiKey, baseUrl, id) {
             throw new Error('Invalid API key');
         }
         if (response.status === 403) {
-            throw new Error('User lacks write privileges');
+            const errorData = (await response.json().catch(() => ({})));
+            const message = errorData.errors?.join(', ') || errorData.error || `Forbidden: ${response.status}`;
+            throw new Error(message);
         }
         if (response.status === 422) {
             const errorData = (await response.json().catch(() => ({})));

package/shared/pulsemcp-admin-client/lib/delete-tenant.js

@@ -16,7 +16,9 @@ export async function deleteTenant(apiKey, baseUrl, params) {
             throw new Error('Invalid API key');
         }
         if (response.status === 403) {
-            throw new Error('User lacks write privileges');
+            const errorData = (await response.json().catch(() => ({})));
+            const message = errorData.errors?.join(', ') || errorData.error || `Forbidden: ${response.status}`;
+            throw new Error(message);
         }
         if (response.status === 404) {
             throw new Error(`Tenant ${params.id_or_slug} not found`);

package/shared/tools.d.ts

@@ -18,8 +18,8 @@ import { ClientFactory } from './server.js';
  * - official_queue / official_queue_readonly: Official mirror queue tools (list, get, approve, reject, unlink)
  * - unofficial_mirrors / unofficial_mirrors_readonly: Unofficial mirror CRUD tools
  * - official_mirrors_readonly: Official mirrors read-only tools (REST API)
- * - tenants / tenants_readonly: Tenant management tools (CRUD + API key provisioning, including revoke_api_key for rolling keys after re-issuance)
- * - tenants_destructive: Destructive tenant tools (delete_tenant, delete_api_key). NOT enabled by default — operators must opt in via TOOL_GROUPS. Each tool requires MCP elicitation user approval before execution.
+ * - tenants / tenants_readonly: Tenant management tools (CRUD + API key provisioning)
+ * - tenants_destructive: Destructive tenant tools (delete_tenant, delete_api_key, revoke_api_key). NOT enabled by default — operators must opt in via TOOL_GROUPS. Each tool requires MCP elicitation user approval before execution. revoke_api_key lives here (not in `tenants`) because it calls the same DELETE /api/api_keys/:id endpoint as delete_api_key, which the Rails admin API gates behind permission_level=all.
  * - mcp_jsons / mcp_jsons_readonly: MCP JSON configuration tools
  * - mcp_servers / mcp_servers_readonly: Unified MCP server tools (abstracted interface)
  * - redirects / redirects_readonly: URL redirect management tools
@@ -61,9 +61,9 @@ export declare function parseEnabledToolGroups(enabledGroupsParam?: string): Too
  * - unofficial_mirrors: Unofficial mirror CRUD tools (read + write)
  * - unofficial_mirrors_readonly: Unofficial mirror tools (read only)
  * - official_mirrors_readonly: Official mirrors REST API tools (read only)
- * - tenants: Tenant management tools including API key provisioning + revoke_api_key (read + write). revoke_api_key is gated by MCP elicitation user approval before execution.
+ * - tenants: Tenant management tools including API key provisioning (read + write).
  * - tenants_readonly: Tenant tools (read only)
- * - tenants_destructive: Destructive tenant tools (delete_tenant, delete_api_key). NOT enabled by default; operators must opt in via TOOL_GROUPS. Each tool requires MCP elicitation user approval before execution.
+ * - tenants_destructive: Destructive tenant tools (delete_tenant, delete_api_key, revoke_api_key). NOT enabled by default; operators must opt in via TOOL_GROUPS. Each tool requires MCP elicitation user approval before execution.
  * - mcp_jsons: MCP JSON configuration tools (read + write)
  * - mcp_jsons_readonly: MCP JSON tools (read only)
  * - mcp_servers: Unified MCP server tools with abstracted interface (read + write)

package/shared/tools.js

@@ -185,13 +185,14 @@ const ALL_TOOLS = [
     { factory: getTenant, groups: ['tenants'], isWriteOperation: false },
     { factory: createTenant, groups: ['tenants'], isWriteOperation: true },
     { factory: createApiKey, groups: ['tenants'], isWriteOperation: true },
-    // revoke_api_key lives in the regular `tenants` group (not `tenants_destructive`) so
-    // it's exposed to read-write tenant management workflows like sub-registry credential
-    // re-issuance. The tool gates each call with MCP elicitation; if the connected client
-    // supports neither native elicitation nor an HTTP fallback, the elicitation library
-    // throws at runtime rather than silently destroying the key.
-    { factory: revokeApiKey, groups: ['tenants'], isWriteOperation: true },
-    // Destructive tenant tools — opt-in only, NOT in BASE_TOOL_GROUPS
+    // Destructive tenant tools — opt-in only, NOT in BASE_TOOL_GROUPS.
+    // revoke_api_key lives here (not in `tenants`) because it calls the same
+    // DELETE /api/api_keys/:id endpoint as delete_api_key and the Rails admin
+    // API gates that endpoint behind permission_level=all (full_access). The
+    // standard read-write admin credential cannot DELETE, so exposing
+    // revoke_api_key in the regular tenants group surfaced confusing 403s on
+    // workflows like sub-registry credential re-issuance.
+    { factory: revokeApiKey, groups: ['tenants_destructive'], isWriteOperation: true },
     { factory: deleteTenant, groups: ['tenants_destructive'], isWriteOperation: true },
     { factory: deleteApiKey, groups: ['tenants_destructive'], isWriteOperation: true },
     // Tenant -> recommended MCP server association tools
@@ -410,9 +411,9 @@ function shouldIncludeTool(toolDef, enabledGroups) {
  * - unofficial_mirrors: Unofficial mirror CRUD tools (read + write)
  * - unofficial_mirrors_readonly: Unofficial mirror tools (read only)
  * - official_mirrors_readonly: Official mirrors REST API tools (read only)
- * - tenants: Tenant management tools including API key provisioning + revoke_api_key (read + write). revoke_api_key is gated by MCP elicitation user approval before execution.
+ * - tenants: Tenant management tools including API key provisioning (read + write).
  * - tenants_readonly: Tenant tools (read only)
- * - tenants_destructive: Destructive tenant tools (delete_tenant, delete_api_key). NOT enabled by default; operators must opt in via TOOL_GROUPS. Each tool requires MCP elicitation user approval before execution.
+ * - tenants_destructive: Destructive tenant tools (delete_tenant, delete_api_key, revoke_api_key). NOT enabled by default; operators must opt in via TOOL_GROUPS. Each tool requires MCP elicitation user approval before execution.
  * - mcp_jsons: MCP JSON configuration tools (read + write)
  * - mcp_jsons_readonly: MCP JSON tools (read only)
  * - mcp_servers: Unified MCP server tools with abstracted interface (read + write)