npm - venafi-connector-ca - Versions diffs - 1.0.0 - Mend

venafi-connector-ca 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,95 @@
+# venafi-connector-ca
+An MCP (Model Context Protocol) server that provides CA connector-specific knowledge, templates, and tools for building **Venafi TLS Protect Cloud CA connectors**.
+Use this with Claude Code or any MCP-compatible AI assistant to get expert guidance on Certificate Authority integrations — issuance flows, certificate import, revocation, and all the gotchas.
+## What's Inside
+| Tool | Description |
+|---|---|
+| `get_ca_manifest` | Complete CA connector manifest.json template with all domain schemas |
+| `get_ca_domain_types` | Go domain types: Connection, Product, Order, Certificate, Import, Revocation |
+| `get_ca_endpoints` | Handler and service interface templates for all 8 endpoints |
+| `get_ca_best_practices` | Lessons learned from building the DigiCert ONE CA connector |
+| `get_rest_client_pattern` | REST client with auth header, retry on 429, URL normalization |
+| `get_cert_issuance_pattern` | Synchronous and asynchronous issuance flows |
+| `get_cert_import_pattern` | Paginated certificate import with string cursors |
+| `get_csr_parsing_pattern` | CSR attribute extraction and certificate parsing utilities |
+### 8 CA Connector Endpoints
+| Endpoint | Purpose |
+|---|---|
+| `testConnection` | Validate API credentials against the CA |
+| `getOptions` | List available certificate profiles/products |
+| `validateProduct` | Validate product configuration before issuance |
+| `requestCertificate` | Submit CSR to the CA for certificate issuance |
+| `checkOrder` | Poll status of pending certificate request |
+| `checkCertificate` | Retrieve issued certificate by identifier |
+| `importCertificates` | Paginated import of existing certificates |
+| `revokeCertificate` | Revoke a certificate |
+### Key Patterns
+- **Synchronous issuance**: Certificate returned immediately (auto-approved CAs)
+- **Asynchronous issuance**: Return pending status, poll via checkOrder/checkCertificate
+- **Paginated import**: Offset-based pagination with string cursors, expired cert filtering
+- **Rate limiting**: HTTP 429 retry with Retry-After header handling
+- **CSR parsing**: Subject DN + SAN extraction from PKCS#10 requests
+- **Certificate output**: Base64-encoded DER (no PEM headers) for Venafi
+## Setup
+### Claude Code
+Add to your project's `.claude/settings.json`:
+```json
+{
+  "mcpServers": {
+    "venafi-connector-ca": {
+      "command": "npx",
+      "args": ["-y", "venafi-connector-ca"]
+    }
+  }
+}
+```
+Best used alongside the core MCP:
+```json
+{
+  "mcpServers": {
+    "venafi-connector-core": {
+      "command": "npx",
+      "args": ["-y", "venafi-connector-core"]
+    },
+    "venafi-connector-ca": {
+      "command": "npx",
+      "args": ["-y", "venafi-connector-ca"]
+    }
+  }
+}
+```
+## Built From Experience
+Knowledge extracted from building the **DigiCert ONE CA connector**, covering:
+- REST API client with `x-api-key` authentication
+- Synchronous certificate issuance (auto-approve)
+- Paginated certificate import with offset/limit
+- Certificate revocation with reason code mapping
+- CSR format handling (PEM with headers)
+- Rate limit handling and retry logic
+- Product options mapping from CA profiles
+## Related Packages
+- [`venafi-connector-core`](https://www.npmjs.com/package/venafi-connector-core) — Shared architecture, templates, deployment, troubleshooting
+- [`venafi-connector-machine`](https://www.npmjs.com/package/venafi-connector-machine) — Machine connector endpoints, SSH/REST client patterns
+## License
+Apache-2.0