zitadel-mcp-server 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +127 -0
- package/build/auth/client.d.ts +28 -0
- package/build/auth/client.js +125 -0
- package/build/auth/client.js.map +1 -0
- package/build/index.d.ts +6 -0
- package/build/index.js +81 -0
- package/build/index.js.map +1 -0
- package/build/tools/applications.d.ts +7 -0
- package/build/tools/applications.js +189 -0
- package/build/tools/applications.js.map +1 -0
- package/build/tools/index.d.ts +8 -0
- package/build/tools/index.js +44 -0
- package/build/tools/index.js.map +1 -0
- package/build/tools/organizations.d.ts +7 -0
- package/build/tools/organizations.js +65 -0
- package/build/tools/organizations.js.map +1 -0
- package/build/tools/portal.d.ts +10 -0
- package/build/tools/portal.js +191 -0
- package/build/tools/portal.js.map +1 -0
- package/build/tools/projects.d.ts +7 -0
- package/build/tools/projects.js +109 -0
- package/build/tools/projects.js.map +1 -0
- package/build/tools/roles.d.ts +7 -0
- package/build/tools/roles.js +203 -0
- package/build/tools/roles.js.map +1 -0
- package/build/tools/service-accounts.d.ts +7 -0
- package/build/tools/service-accounts.js +122 -0
- package/build/tools/service-accounts.js.map +1 -0
- package/build/tools/users.d.ts +7 -0
- package/build/tools/users.js +183 -0
- package/build/tools/users.js.map +1 -0
- package/build/tools/utility.d.ts +7 -0
- package/build/tools/utility.js +51 -0
- package/build/tools/utility.js.map +1 -0
- package/build/types/tools.d.ts +43 -0
- package/build/types/tools.js +16 -0
- package/build/types/tools.js.map +1 -0
- package/build/types/zitadel.d.ts +232 -0
- package/build/types/zitadel.js +6 -0
- package/build/types/zitadel.js.map +1 -0
- package/build/utils/config.d.ts +36 -0
- package/build/utils/config.js +35 -0
- package/build/utils/config.js.map +1 -0
- package/build/utils/error-handler.d.ts +18 -0
- package/build/utils/error-handler.js +56 -0
- package/build/utils/error-handler.js.map +1 -0
- package/build/utils/logger.d.ts +20 -0
- package/build/utils/logger.js +46 -0
- package/build/utils/logger.js.map +1 -0
- package/package.json +54 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2025 Jeff Takle
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
# Zitadel MCP Server
|
|
2
|
+
|
|
3
|
+
An [MCP (Model Context Protocol)](https://modelcontextprotocol.io/) server for [Zitadel](https://zitadel.com/) identity management. Manage users, projects, applications, roles, and service accounts through natural language from AI tools like Claude Code.
|
|
4
|
+
|
|
5
|
+
> *"Create a user for jane@example.com, assign her the app:finance role, and give me the auth config."*
|
|
6
|
+
> — That's three tool calls the AI handles for you.
|
|
7
|
+
|
|
8
|
+
## Tools (25)
|
|
9
|
+
|
|
10
|
+
| Category | Tool | Description |
|
|
11
|
+
|----------|------|-------------|
|
|
12
|
+
| **Users** | `zitadel_list_users` | List/search users |
|
|
13
|
+
| | `zitadel_get_user` | Get user details |
|
|
14
|
+
| | `zitadel_create_user` | Create user (sends invite email) |
|
|
15
|
+
| | `zitadel_deactivate_user` | Deactivate user |
|
|
16
|
+
| | `zitadel_reactivate_user` | Reactivate user |
|
|
17
|
+
| **Projects** | `zitadel_list_projects` | List projects |
|
|
18
|
+
| | `zitadel_get_project` | Get project details |
|
|
19
|
+
| | `zitadel_create_project` | Create project |
|
|
20
|
+
| **Applications** | `zitadel_list_apps` | List apps in a project |
|
|
21
|
+
| | `zitadel_get_app` | Get app details + Client ID |
|
|
22
|
+
| | `zitadel_create_oidc_app` | Create OIDC application |
|
|
23
|
+
| | `zitadel_update_app` | Update app (redirect URIs, etc.) |
|
|
24
|
+
| **Roles** | `zitadel_list_project_roles` | List roles in a project |
|
|
25
|
+
| | `zitadel_create_project_role` | Create a role (e.g., `app:finance`) |
|
|
26
|
+
| | `zitadel_list_user_grants` | List user's role grants |
|
|
27
|
+
| | `zitadel_create_user_grant` | Assign roles to user |
|
|
28
|
+
| | `zitadel_remove_user_grant` | Remove role grant |
|
|
29
|
+
| **Service Accounts** | `zitadel_create_service_user` | Create machine user |
|
|
30
|
+
| | `zitadel_create_service_user_key` | Generate key pair |
|
|
31
|
+
| | `zitadel_list_service_user_keys` | List keys (metadata only) |
|
|
32
|
+
| **Organizations** | `zitadel_get_org` | Get current org details |
|
|
33
|
+
| | `zitadel_list_orgs` | List organizations |
|
|
34
|
+
| **Utility** | `zitadel_get_auth_config` | Get .env.local template for an app |
|
|
35
|
+
| **Portal** | `portal_register_app` | Register app in portal DB |
|
|
36
|
+
| | `portal_setup_full_app` | One-click: Zitadel + portal setup |
|
|
37
|
+
|
|
38
|
+
Portal tools (`portal_*`) are only available when `PORTAL_DATABASE_URL` is configured.
|
|
39
|
+
|
|
40
|
+
## Prerequisites
|
|
41
|
+
|
|
42
|
+
1. A Zitadel instance (Cloud or self-hosted)
|
|
43
|
+
2. A service account with **Org Owner** or **IAM Admin** role
|
|
44
|
+
3. A JSON key for the service account
|
|
45
|
+
|
|
46
|
+
### Creating a Service Account
|
|
47
|
+
|
|
48
|
+
1. In the Zitadel Console, go to **Users** > **Service Users** > **New**
|
|
49
|
+
2. Give it a name (e.g., `mcp-admin`) and select **Bearer** token type
|
|
50
|
+
3. Go to the service user's **Keys** tab > **New** > **JSON**
|
|
51
|
+
4. Save the downloaded key file — you'll need the `userId`, `keyId`, and base64-encoded `key`
|
|
52
|
+
5. Grant the service account the **Org Owner** role under **Organization** > **Authorizations**
|
|
53
|
+
|
|
54
|
+
## Setup
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
git clone https://github.com/takleb3rry/zitadel-mcp.git
|
|
58
|
+
cd zitadel-mcp
|
|
59
|
+
npm install
|
|
60
|
+
npm run build
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
## Configuration
|
|
64
|
+
|
|
65
|
+
Add the server to your MCP client config. The JSON block below works for both options:
|
|
66
|
+
|
|
67
|
+
- **Global** (all projects): `~/.claude.json` under the `"mcpServers"` key
|
|
68
|
+
- **Per-project**: `.mcp.json` in the project root
|
|
69
|
+
|
|
70
|
+
```json
|
|
71
|
+
{
|
|
72
|
+
"mcpServers": {
|
|
73
|
+
"zitadel": {
|
|
74
|
+
"command": "node",
|
|
75
|
+
"args": ["/path/to/zitadel-mcp/build/index.js"],
|
|
76
|
+
"env": {
|
|
77
|
+
"ZITADEL_ISSUER": "https://your-instance.zitadel.cloud",
|
|
78
|
+
"ZITADEL_SERVICE_ACCOUNT_USER_ID": "...",
|
|
79
|
+
"ZITADEL_SERVICE_ACCOUNT_KEY_ID": "...",
|
|
80
|
+
"ZITADEL_SERVICE_ACCOUNT_PRIVATE_KEY": "...",
|
|
81
|
+
"ZITADEL_ORG_ID": "...",
|
|
82
|
+
"ZITADEL_PROJECT_ID": "..."
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
Restart Claude Code after adding the config. The Zitadel tools will appear automatically.
|
|
90
|
+
|
|
91
|
+
### Environment Variables
|
|
92
|
+
|
|
93
|
+
| Variable | Required | Description |
|
|
94
|
+
|----------|----------|-------------|
|
|
95
|
+
| `ZITADEL_ISSUER` | Yes | Zitadel instance URL |
|
|
96
|
+
| `ZITADEL_SERVICE_ACCOUNT_USER_ID` | Yes | Service account user ID |
|
|
97
|
+
| `ZITADEL_SERVICE_ACCOUNT_KEY_ID` | Yes | Key ID from the JSON key file |
|
|
98
|
+
| `ZITADEL_SERVICE_ACCOUNT_PRIVATE_KEY` | Yes | Base64-encoded RSA private key (the `key` field from the downloaded JSON) |
|
|
99
|
+
| `ZITADEL_ORG_ID` | Yes | Organization ID |
|
|
100
|
+
| `ZITADEL_PROJECT_ID` | No | Default project ID for role operations |
|
|
101
|
+
| `PORTAL_DATABASE_URL` | No | Postgres connection string (enables portal tools) |
|
|
102
|
+
| `LOG_LEVEL` | No | `DEBUG`, `INFO`, `WARN`, `ERROR` (default: `INFO`) |
|
|
103
|
+
|
|
104
|
+
## Security
|
|
105
|
+
|
|
106
|
+
**This server has admin-level access to your Zitadel instance.** Understand what that means before using it:
|
|
107
|
+
|
|
108
|
+
- The service account needs **Org Owner** (or **IAM Admin** for `zitadel_list_orgs`). It can create users, modify roles, and manage applications in your organization.
|
|
109
|
+
- When you create an OIDC app (`zitadel_create_oidc_app`), the **client secret** is returned in the tool response. It is only available at creation time. The AI assistant (and its conversation history) will see it — save it immediately and treat it as sensitive.
|
|
110
|
+
- When you generate a service account key (`zitadel_create_service_user_key`), the **full private key** is returned in the tool response. Same caveat: save it, and be aware it's visible in your MCP client's conversation.
|
|
111
|
+
- All tool arguments containing PII (email, name, URLs) are **redacted from debug logs**. IDs and tool names are still logged.
|
|
112
|
+
- All Zitadel IDs are validated against an alphanumeric format before being used in API paths.
|
|
113
|
+
|
|
114
|
+
> **Note for new users:** I've scanned all source files in this repo and found nothing notable, but I always recommend you have your own AI or tooling audit the code before installing any MCP server that gets access to your infrastructure. The full source is ~800 lines of TypeScript — a quick review shouldn't take long.
|
|
115
|
+
|
|
116
|
+
## Development
|
|
117
|
+
|
|
118
|
+
```bash
|
|
119
|
+
npm run dev # Run with tsx (hot reload)
|
|
120
|
+
npm run build # Compile TypeScript
|
|
121
|
+
npm start # Run compiled version
|
|
122
|
+
npm test # Run tests
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
## License
|
|
126
|
+
|
|
127
|
+
MIT
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Zitadel Management API Client
|
|
3
|
+
* JWT bearer token authentication via service account
|
|
4
|
+
*
|
|
5
|
+
* Ported from app-portal's Zitadel client with class-based config injection
|
|
6
|
+
*/
|
|
7
|
+
import type { ZitadelConfig } from '../utils/config.js';
|
|
8
|
+
export declare class ZitadelClient {
|
|
9
|
+
private config;
|
|
10
|
+
private cachedToken;
|
|
11
|
+
constructor(config: ZitadelConfig);
|
|
12
|
+
getConfig(): ZitadelConfig;
|
|
13
|
+
clearTokenCache(): void;
|
|
14
|
+
/**
|
|
15
|
+
* Generate a JWT assertion for the service account
|
|
16
|
+
* Zitadel provides keys in PKCS#1 format; jose expects PKCS#8
|
|
17
|
+
*/
|
|
18
|
+
private generateJwtAssertion;
|
|
19
|
+
/**
|
|
20
|
+
* Exchange JWT assertion for an access token (cached for ~1 hour)
|
|
21
|
+
*/
|
|
22
|
+
private getAccessToken;
|
|
23
|
+
/**
|
|
24
|
+
* Make an authenticated request to the Zitadel Management API
|
|
25
|
+
* Includes x-zitadel-orgid header, handles 401 cache clearing and empty responses
|
|
26
|
+
*/
|
|
27
|
+
request<T>(path: string, options?: RequestInit): Promise<T>;
|
|
28
|
+
}
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Zitadel Management API Client
|
|
3
|
+
* JWT bearer token authentication via service account
|
|
4
|
+
*
|
|
5
|
+
* Ported from app-portal's Zitadel client with class-based config injection
|
|
6
|
+
*/
|
|
7
|
+
import { SignJWT, importPKCS8 } from 'jose';
|
|
8
|
+
import { createPrivateKey } from 'crypto';
|
|
9
|
+
import { logger } from '../utils/logger.js';
|
|
10
|
+
export class ZitadelClient {
|
|
11
|
+
config;
|
|
12
|
+
cachedToken = null;
|
|
13
|
+
constructor(config) {
|
|
14
|
+
this.config = config;
|
|
15
|
+
}
|
|
16
|
+
getConfig() {
|
|
17
|
+
return this.config;
|
|
18
|
+
}
|
|
19
|
+
clearTokenCache() {
|
|
20
|
+
this.cachedToken = null;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Generate a JWT assertion for the service account
|
|
24
|
+
* Zitadel provides keys in PKCS#1 format; jose expects PKCS#8
|
|
25
|
+
*/
|
|
26
|
+
async generateJwtAssertion() {
|
|
27
|
+
const { serviceAccountUserId, serviceAccountKeyId, serviceAccountPrivateKey, issuer } = this.config;
|
|
28
|
+
// Decode the base64-encoded private key
|
|
29
|
+
let privateKeyPem;
|
|
30
|
+
try {
|
|
31
|
+
privateKeyPem = Buffer.from(serviceAccountPrivateKey, 'base64').toString('utf-8');
|
|
32
|
+
}
|
|
33
|
+
catch {
|
|
34
|
+
privateKeyPem = serviceAccountPrivateKey;
|
|
35
|
+
}
|
|
36
|
+
// Convert PKCS#1 to PKCS#8 if needed
|
|
37
|
+
let pkcs8Pem;
|
|
38
|
+
if (privateKeyPem.includes('BEGIN RSA PRIVATE KEY')) {
|
|
39
|
+
const keyObject = createPrivateKey(privateKeyPem);
|
|
40
|
+
pkcs8Pem = keyObject.export({ type: 'pkcs8', format: 'pem' });
|
|
41
|
+
}
|
|
42
|
+
else {
|
|
43
|
+
pkcs8Pem = privateKeyPem;
|
|
44
|
+
}
|
|
45
|
+
const privateKey = await importPKCS8(pkcs8Pem, 'RS256');
|
|
46
|
+
const now = Math.floor(Date.now() / 1000);
|
|
47
|
+
return new SignJWT({})
|
|
48
|
+
.setProtectedHeader({ alg: 'RS256', kid: serviceAccountKeyId })
|
|
49
|
+
.setIssuedAt(now)
|
|
50
|
+
.setExpirationTime(now + 3600)
|
|
51
|
+
.setIssuer(serviceAccountUserId)
|
|
52
|
+
.setSubject(serviceAccountUserId)
|
|
53
|
+
.setAudience(issuer)
|
|
54
|
+
.sign(privateKey);
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Exchange JWT assertion for an access token (cached for ~1 hour)
|
|
58
|
+
*/
|
|
59
|
+
async getAccessToken() {
|
|
60
|
+
// Return cached token if still valid (with 60s safety buffer)
|
|
61
|
+
if (this.cachedToken && Date.now() < this.cachedToken.expiresAt - 60000) {
|
|
62
|
+
return this.cachedToken.token;
|
|
63
|
+
}
|
|
64
|
+
const jwtAssertion = await this.generateJwtAssertion();
|
|
65
|
+
const tokenUrl = `${this.config.issuer}/oauth/v2/token`;
|
|
66
|
+
const response = await fetch(tokenUrl, {
|
|
67
|
+
method: 'POST',
|
|
68
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
69
|
+
body: new URLSearchParams({
|
|
70
|
+
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
|
|
71
|
+
assertion: jwtAssertion,
|
|
72
|
+
scope: 'openid urn:zitadel:iam:org:project:id:zitadel:aud',
|
|
73
|
+
}),
|
|
74
|
+
});
|
|
75
|
+
if (!response.ok) {
|
|
76
|
+
const errorText = await response.text();
|
|
77
|
+
logger.error('Token exchange failed', { status: response.status, error: errorText });
|
|
78
|
+
throw new Error(`Failed to get access token: ${response.status} ${errorText}`);
|
|
79
|
+
}
|
|
80
|
+
const data = await response.json();
|
|
81
|
+
this.cachedToken = {
|
|
82
|
+
token: data.access_token,
|
|
83
|
+
expiresAt: Date.now() + (data.expires_in || 3600) * 1000,
|
|
84
|
+
};
|
|
85
|
+
return data.access_token;
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* Make an authenticated request to the Zitadel Management API
|
|
89
|
+
* Includes x-zitadel-orgid header, handles 401 cache clearing and empty responses
|
|
90
|
+
*/
|
|
91
|
+
async request(path, options = {}) {
|
|
92
|
+
const token = await this.getAccessToken();
|
|
93
|
+
const url = `${this.config.issuer}${path}`;
|
|
94
|
+
const headers = {
|
|
95
|
+
Authorization: `Bearer ${token}`,
|
|
96
|
+
'Content-Type': 'application/json',
|
|
97
|
+
'x-zitadel-orgid': this.config.orgId,
|
|
98
|
+
...(options.headers || {}),
|
|
99
|
+
};
|
|
100
|
+
const response = await fetch(url, { ...options, headers });
|
|
101
|
+
if (!response.ok) {
|
|
102
|
+
let errorData = null;
|
|
103
|
+
try {
|
|
104
|
+
errorData = await response.json();
|
|
105
|
+
}
|
|
106
|
+
catch {
|
|
107
|
+
// Ignore JSON parse errors
|
|
108
|
+
}
|
|
109
|
+
const errorMessage = errorData?.message || `HTTP ${response.status}`;
|
|
110
|
+
logger.error('Zitadel API error', { status: response.status, path, error: errorData });
|
|
111
|
+
// Clear token cache on auth failures
|
|
112
|
+
if (response.status === 401) {
|
|
113
|
+
this.clearTokenCache();
|
|
114
|
+
}
|
|
115
|
+
throw new Error(`Zitadel API error: ${errorMessage}`);
|
|
116
|
+
}
|
|
117
|
+
// Handle empty responses (e.g. DELETE operations)
|
|
118
|
+
const text = await response.text();
|
|
119
|
+
if (!text) {
|
|
120
|
+
return {};
|
|
121
|
+
}
|
|
122
|
+
return JSON.parse(text);
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
//# sourceMappingURL=client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/auth/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAG1C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,OAAO,aAAa;IAChB,MAAM,CAAgB;IACtB,WAAW,GAAgD,IAAI,CAAC;IAExE,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,eAAe;QACb,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,oBAAoB;QAChC,MAAM,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAEpG,wCAAwC;QACxC,IAAI,aAAqB,CAAC;QAC1B,IAAI,CAAC;YACH,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpF,CAAC;QAAC,MAAM,CAAC;YACP,aAAa,GAAG,wBAAwB,CAAC;QAC3C,CAAC;QAED,qCAAqC;QACrC,IAAI,QAAgB,CAAC;QACrB,IAAI,aAAa,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;YACpD,MAAM,SAAS,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;YAClD,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,aAAa,CAAC;QAC3B,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,OAAO,IAAI,OAAO,CAAC,EAAE,CAAC;aACnB,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,mBAAmB,EAAE,CAAC;aAC9D,WAAW,CAAC,GAAG,CAAC;aAChB,iBAAiB,CAAC,GAAG,GAAG,IAAI,CAAC;aAC7B,SAAS,CAAC,oBAAoB,CAAC;aAC/B,UAAU,CAAC,oBAAoB,CAAC;aAChC,WAAW,CAAC,MAAM,CAAC;aACnB,IAAI,CAAC,UAAU,CAAC,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc;QAC1B,8DAA8D;QAC9D,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,GAAG,KAAK,EAAE,CAAC;YACxE,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;QAChC,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACvD,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,iBAAiB,CAAC;QAExD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,6CAA6C;gBACzD,SAAS,EAAE,YAAY;gBACvB,KAAK,EAAE,mDAAmD;aAC3D,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;YACrF,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAmD,CAAC;QAEpF,IAAI,CAAC,WAAW,GAAG;YACjB,KAAK,EAAE,IAAI,CAAC,YAAY;YACxB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,IAAI;SACzD,CAAC;QAEF,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAI,IAAY,EAAE,UAAuB,EAAE;QACtD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QAE3C,MAAM,OAAO,GAA2B;YACtC,aAAa,EAAE,UAAU,KAAK,EAAE;YAChC,cAAc,EAAE,kBAAkB;YAClC,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACpC,GAAG,CAAC,OAAO,CAAC,OAAiC,IAAI,EAAE,CAAC;SACrD,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAE3D,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,SAAS,GAAwB,IAAI,CAAC;YAC1C,IAAI,CAAC;gBACH,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAkB,CAAC;YACpD,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;YAC7B,CAAC;YAED,MAAM,YAAY,GAAG,SAAS,EAAE,OAAO,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;YACrE,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;YAEvF,qCAAqC;YACrC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,sBAAsB,YAAY,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,kDAAkD;QAClD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAO,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;IAC/B,CAAC;CACF"}
|
package/build/index.d.ts
ADDED
package/build/index.js
ADDED
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* Zitadel MCP Server
|
|
4
|
+
* Manage users, projects, apps, roles, and service accounts via the Model Context Protocol
|
|
5
|
+
*/
|
|
6
|
+
import 'dotenv/config';
|
|
7
|
+
import { Server } from '@modelcontextprotocol/sdk/server/index.js';
|
|
8
|
+
import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
|
|
9
|
+
import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprotocol/sdk/types.js';
|
|
10
|
+
import { loadConfig } from './utils/config.js';
|
|
11
|
+
import { ZitadelClient } from './auth/client.js';
|
|
12
|
+
import { getTools, getHandlers } from './tools/index.js';
|
|
13
|
+
import { logger } from './utils/logger.js';
|
|
14
|
+
import { setupErrorHandlers } from './utils/error-handler.js';
|
|
15
|
+
async function main() {
|
|
16
|
+
setupErrorHandlers();
|
|
17
|
+
logger.info('Starting Zitadel MCP Server...');
|
|
18
|
+
// Load and validate configuration
|
|
19
|
+
const config = loadConfig();
|
|
20
|
+
const client = new ZitadelClient(config);
|
|
21
|
+
const ctx = { client, config };
|
|
22
|
+
// Get tools and handlers (portal tools included conditionally)
|
|
23
|
+
const tools = getTools(config);
|
|
24
|
+
const handlers = getHandlers(config);
|
|
25
|
+
const server = new Server({ name: 'zitadel-mcp-server', version: '1.0.0' }, { capabilities: { tools: {} } });
|
|
26
|
+
// List tools — strip internal _meta before returning
|
|
27
|
+
server.setRequestHandler(ListToolsRequestSchema, async () => {
|
|
28
|
+
const sanitizedTools = tools.map(({ _meta, ...rest }) => rest);
|
|
29
|
+
return { tools: sanitizedTools };
|
|
30
|
+
});
|
|
31
|
+
// Fields that should never appear in debug logs
|
|
32
|
+
const REDACTED_FIELDS = new Set([
|
|
33
|
+
'email', 'firstName', 'lastName', 'userName',
|
|
34
|
+
'redirectUris', 'postLogoutRedirectUris',
|
|
35
|
+
'appUrl', 'iconUrl',
|
|
36
|
+
]);
|
|
37
|
+
function redactArgs(args) {
|
|
38
|
+
const safe = {};
|
|
39
|
+
for (const [key, value] of Object.entries(args)) {
|
|
40
|
+
safe[key] = REDACTED_FIELDS.has(key) ? '[REDACTED]' : value;
|
|
41
|
+
}
|
|
42
|
+
return safe;
|
|
43
|
+
}
|
|
44
|
+
// Call tool
|
|
45
|
+
server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
46
|
+
const toolName = request.params.name;
|
|
47
|
+
const rawArgs = (request.params.arguments ?? {});
|
|
48
|
+
logger.debug(`Tool call: ${toolName}`, { args: redactArgs(rawArgs) });
|
|
49
|
+
try {
|
|
50
|
+
const handler = handlers[toolName];
|
|
51
|
+
if (!handler) {
|
|
52
|
+
return {
|
|
53
|
+
content: [{ type: 'text', text: `Unknown tool: ${toolName}` }],
|
|
54
|
+
isError: true,
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
const result = await handler(rawArgs, ctx);
|
|
58
|
+
return { content: result.content, isError: result.isError || false };
|
|
59
|
+
}
|
|
60
|
+
catch (error) {
|
|
61
|
+
logger.error(`Error in ${toolName}`, { error: error instanceof Error ? error.message : error });
|
|
62
|
+
return {
|
|
63
|
+
content: [{ type: 'text', text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
|
|
64
|
+
isError: true,
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
});
|
|
68
|
+
// Connect to stdio transport
|
|
69
|
+
const transport = new StdioServerTransport();
|
|
70
|
+
await server.connect(transport);
|
|
71
|
+
const portalStatus = config.portalDatabaseUrl ? ' (portal extension enabled)' : '';
|
|
72
|
+
logger.info(`Zitadel MCP Server running with ${tools.length} tools${portalStatus}`);
|
|
73
|
+
}
|
|
74
|
+
// Graceful shutdown
|
|
75
|
+
process.on('SIGINT', () => process.exit(0));
|
|
76
|
+
process.on('SIGTERM', () => process.exit(0));
|
|
77
|
+
main().catch((error) => {
|
|
78
|
+
logger.error('Fatal error', { error: error instanceof Error ? error.message : error });
|
|
79
|
+
process.exit(1);
|
|
80
|
+
});
|
|
81
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;GAGG;AAEH,OAAO,eAAe,CAAC;AACvB,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AACnG,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAG9D,KAAK,UAAU,IAAI;IACjB,kBAAkB,EAAE,CAAC;IACrB,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAE9C,kCAAkC;IAClC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,GAAG,GAAmB,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAE/C,+DAA+D;IAC/D,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAErC,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,EAChD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,qDAAqD;IACrD,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QAC/D,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,gDAAgD;IAChD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;QAC9B,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU;QAC5C,cAAc,EAAE,wBAAwB;QACxC,QAAQ,EAAE,SAAS;KACpB,CAAC,CAAC;IAEH,SAAS,UAAU,CAAC,IAA6B;QAC/C,MAAM,IAAI,GAA4B,EAAE,CAAC;QACzC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,IAAI,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC;QAC9D,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY;IACZ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC;QACrC,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAA4B,CAAC;QAC5E,MAAM,CAAC,KAAK,CAAC,cAAc,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAEtE,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,iBAAiB,QAAQ,EAAE,EAAE,CAAC;oBACvE,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,KAAK,EAAE,CAAC;QACvE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,YAAY,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAChG,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;gBAC9G,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,MAAM,YAAY,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC,CAAC,EAAE,CAAC;IACnF,MAAM,CAAC,IAAI,CAAC,mCAAmC,KAAK,CAAC,MAAM,SAAS,YAAY,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,oBAAoB;AACpB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5C,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAE7C,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IACvF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Application management tools (4 tools)
|
|
3
|
+
* OIDC app CRUD via Zitadel Management API v1
|
|
4
|
+
*/
|
|
5
|
+
import type { ToolDefinition, ToolHandler } from '../types/tools.js';
|
|
6
|
+
export declare const APPLICATION_TOOLS: ToolDefinition[];
|
|
7
|
+
export declare const APPLICATION_HANDLERS: Record<string, ToolHandler>;
|
|
@@ -0,0 +1,189 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Application management tools (4 tools)
|
|
3
|
+
* OIDC app CRUD via Zitadel Management API v1
|
|
4
|
+
*/
|
|
5
|
+
import { z } from 'zod';
|
|
6
|
+
import { textResponse, zitadelId } from '../types/tools.js';
|
|
7
|
+
import { logger } from '../utils/logger.js';
|
|
8
|
+
// ─── Tool Definitions ───────────────────────────────────────────────────────
|
|
9
|
+
export const APPLICATION_TOOLS = [
|
|
10
|
+
{
|
|
11
|
+
name: 'zitadel_list_apps',
|
|
12
|
+
description: 'List all applications in a Zitadel project.',
|
|
13
|
+
inputSchema: {
|
|
14
|
+
type: 'object',
|
|
15
|
+
properties: {
|
|
16
|
+
projectId: { type: 'string', description: 'The project ID to list apps for' },
|
|
17
|
+
},
|
|
18
|
+
required: ['projectId'],
|
|
19
|
+
},
|
|
20
|
+
_meta: { readOnly: true, domain: 'applications' },
|
|
21
|
+
annotations: { title: 'List Apps', readOnlyHint: true, destructiveHint: false, idempotentHint: true },
|
|
22
|
+
},
|
|
23
|
+
{
|
|
24
|
+
name: 'zitadel_get_app',
|
|
25
|
+
description: 'Get details of a specific application including its Client ID and OIDC configuration.',
|
|
26
|
+
inputSchema: {
|
|
27
|
+
type: 'object',
|
|
28
|
+
properties: {
|
|
29
|
+
projectId: { type: 'string', description: 'The project ID' },
|
|
30
|
+
appId: { type: 'string', description: 'The application ID' },
|
|
31
|
+
},
|
|
32
|
+
required: ['projectId', 'appId'],
|
|
33
|
+
},
|
|
34
|
+
_meta: { readOnly: true, domain: 'applications' },
|
|
35
|
+
annotations: { title: 'Get App', readOnlyHint: true, destructiveHint: false, idempotentHint: true },
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
name: 'zitadel_create_oidc_app',
|
|
39
|
+
description: 'Create a new OIDC application in a Zitadel project. Returns the Client ID (and Client Secret for confidential clients). Configure redirect URIs, response types, and grant types.',
|
|
40
|
+
inputSchema: {
|
|
41
|
+
type: 'object',
|
|
42
|
+
properties: {
|
|
43
|
+
projectId: { type: 'string', description: 'The project ID to create the app in' },
|
|
44
|
+
name: { type: 'string', description: 'Application name' },
|
|
45
|
+
redirectUris: {
|
|
46
|
+
type: 'array',
|
|
47
|
+
items: { type: 'string' },
|
|
48
|
+
description: 'OAuth redirect URIs (e.g., ["https://myapp.example.com/api/auth/callback/zitadel"])',
|
|
49
|
+
},
|
|
50
|
+
postLogoutRedirectUris: {
|
|
51
|
+
type: 'array',
|
|
52
|
+
items: { type: 'string' },
|
|
53
|
+
description: 'Post-logout redirect URIs (optional)',
|
|
54
|
+
},
|
|
55
|
+
appType: {
|
|
56
|
+
type: 'string',
|
|
57
|
+
enum: ['OIDC_APP_TYPE_WEB', 'OIDC_APP_TYPE_USER_AGENT', 'OIDC_APP_TYPE_NATIVE'],
|
|
58
|
+
description: 'Application type (default: OIDC_APP_TYPE_WEB)',
|
|
59
|
+
},
|
|
60
|
+
authMethodType: {
|
|
61
|
+
type: 'string',
|
|
62
|
+
enum: ['OIDC_AUTH_METHOD_TYPE_BASIC', 'OIDC_AUTH_METHOD_TYPE_POST', 'OIDC_AUTH_METHOD_TYPE_NONE', 'OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT'],
|
|
63
|
+
description: 'Auth method. Use NONE for PKCE public clients (default: OIDC_AUTH_METHOD_TYPE_NONE)',
|
|
64
|
+
},
|
|
65
|
+
devMode: {
|
|
66
|
+
type: 'boolean',
|
|
67
|
+
description: 'Enable dev mode to allow http:// redirect URIs (default: false)',
|
|
68
|
+
},
|
|
69
|
+
},
|
|
70
|
+
required: ['projectId', 'name', 'redirectUris'],
|
|
71
|
+
},
|
|
72
|
+
_meta: { readOnly: false, domain: 'applications' },
|
|
73
|
+
annotations: { title: 'Create OIDC App', readOnlyHint: false, destructiveHint: false, idempotentHint: false },
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
name: 'zitadel_update_app',
|
|
77
|
+
description: 'Update an OIDC application\'s configuration (redirect URIs, auth method, etc.).',
|
|
78
|
+
inputSchema: {
|
|
79
|
+
type: 'object',
|
|
80
|
+
properties: {
|
|
81
|
+
projectId: { type: 'string', description: 'The project ID' },
|
|
82
|
+
appId: { type: 'string', description: 'The application ID to update' },
|
|
83
|
+
redirectUris: { type: 'array', items: { type: 'string' }, description: 'Updated redirect URIs' },
|
|
84
|
+
postLogoutRedirectUris: { type: 'array', items: { type: 'string' }, description: 'Updated post-logout URIs' },
|
|
85
|
+
devMode: { type: 'boolean', description: 'Enable/disable dev mode' },
|
|
86
|
+
},
|
|
87
|
+
required: ['projectId', 'appId'],
|
|
88
|
+
},
|
|
89
|
+
_meta: { readOnly: false, domain: 'applications' },
|
|
90
|
+
annotations: { title: 'Update App', readOnlyHint: false, destructiveHint: false, idempotentHint: true },
|
|
91
|
+
},
|
|
92
|
+
];
|
|
93
|
+
// ─── Handlers ────────────────────────────────────────────────────────────────
|
|
94
|
+
function formatApp(a) {
|
|
95
|
+
const state = a.state?.replace('APP_STATE_', '') || 'UNKNOWN';
|
|
96
|
+
const clientId = a.oidcConfig?.clientId || 'N/A';
|
|
97
|
+
return `- ${a.name} [${state}] Client ID: ${clientId} | App ID: ${a.id}`;
|
|
98
|
+
}
|
|
99
|
+
const listAppsHandler = async (params, ctx) => {
|
|
100
|
+
const { projectId } = z.object({ projectId: zitadelId('projectId') }).parse(params);
|
|
101
|
+
const response = await ctx.client.request(`/management/v1/projects/${projectId}/apps/_search`, {
|
|
102
|
+
method: 'POST',
|
|
103
|
+
body: JSON.stringify({ query: { offset: '0', limit: 100 } }),
|
|
104
|
+
});
|
|
105
|
+
const apps = response.result || [];
|
|
106
|
+
if (apps.length === 0) {
|
|
107
|
+
return textResponse('No applications found in this project.');
|
|
108
|
+
}
|
|
109
|
+
const lines = apps.map(formatApp);
|
|
110
|
+
return textResponse(`Found ${apps.length} application(s):\n\n${lines.join('\n')}`);
|
|
111
|
+
};
|
|
112
|
+
const getAppHandler = async (params, ctx) => {
|
|
113
|
+
const input = z.object({
|
|
114
|
+
projectId: zitadelId('projectId'),
|
|
115
|
+
appId: zitadelId('appId'),
|
|
116
|
+
}).parse(params);
|
|
117
|
+
const app = await ctx.client.request(`/management/v1/projects/${input.projectId}/apps/${input.appId}`);
|
|
118
|
+
const lines = [
|
|
119
|
+
`Application: ${app.name}`,
|
|
120
|
+
`App ID: ${app.id}`,
|
|
121
|
+
`State: ${app.state?.replace('APP_STATE_', '') || 'UNKNOWN'}`,
|
|
122
|
+
];
|
|
123
|
+
if (app.oidcConfig) {
|
|
124
|
+
const oidc = app.oidcConfig;
|
|
125
|
+
lines.push(`Client ID: ${oidc.clientId}`, `App Type: ${oidc.appType}`, `Auth Method: ${oidc.authMethodType}`, `Redirect URIs: ${(oidc.redirectUris || []).join(', ') || 'none'}`, `Post-Logout URIs: ${(oidc.postLogoutRedirectUris || []).join(', ') || 'none'}`, `Response Types: ${(oidc.responseTypes || []).join(', ')}`, `Grant Types: ${(oidc.grantTypes || []).join(', ')}`, `Dev Mode: ${oidc.devMode ?? false}`);
|
|
126
|
+
}
|
|
127
|
+
lines.push(`Created: ${app.details?.creationDate || 'N/A'}`);
|
|
128
|
+
return textResponse(lines.join('\n'));
|
|
129
|
+
};
|
|
130
|
+
const createOIDCAppHandler = async (params, ctx) => {
|
|
131
|
+
const input = z.object({
|
|
132
|
+
projectId: zitadelId('projectId'),
|
|
133
|
+
name: z.string().min(1),
|
|
134
|
+
redirectUris: z.array(z.string().url()).min(1),
|
|
135
|
+
postLogoutRedirectUris: z.array(z.string().url()).optional(),
|
|
136
|
+
appType: z.string().default('OIDC_APP_TYPE_WEB'),
|
|
137
|
+
authMethodType: z.string().default('OIDC_AUTH_METHOD_TYPE_NONE'),
|
|
138
|
+
devMode: z.boolean().default(false),
|
|
139
|
+
}).parse(params);
|
|
140
|
+
logger.info('Creating OIDC app', { name: input.name, projectId: input.projectId });
|
|
141
|
+
const response = await ctx.client.request(`/management/v1/projects/${input.projectId}/apps/oidc`, {
|
|
142
|
+
method: 'POST',
|
|
143
|
+
body: JSON.stringify({
|
|
144
|
+
name: input.name,
|
|
145
|
+
redirectUris: input.redirectUris,
|
|
146
|
+
responseTypes: ['OIDC_RESPONSE_TYPE_CODE'],
|
|
147
|
+
grantTypes: ['OIDC_GRANT_TYPE_AUTHORIZATION_CODE'],
|
|
148
|
+
appType: input.appType,
|
|
149
|
+
authMethodType: input.authMethodType,
|
|
150
|
+
postLogoutRedirectUris: input.postLogoutRedirectUris,
|
|
151
|
+
devMode: input.devMode,
|
|
152
|
+
}),
|
|
153
|
+
});
|
|
154
|
+
const lines = [
|
|
155
|
+
`OIDC Application created successfully.`,
|
|
156
|
+
`App ID: ${response.appId}`,
|
|
157
|
+
`Client ID: ${response.clientId}`,
|
|
158
|
+
];
|
|
159
|
+
if (response.clientSecret) {
|
|
160
|
+
lines.push(`Client Secret: ${response.clientSecret}`, ``, `WARNING: Save the Client Secret now — it cannot be retrieved again.`);
|
|
161
|
+
}
|
|
162
|
+
return textResponse(lines.join('\n'));
|
|
163
|
+
};
|
|
164
|
+
const updateAppHandler = async (params, ctx) => {
|
|
165
|
+
const input = z.object({
|
|
166
|
+
projectId: zitadelId('projectId'),
|
|
167
|
+
appId: zitadelId('appId'),
|
|
168
|
+
redirectUris: z.array(z.string()).optional(),
|
|
169
|
+
postLogoutRedirectUris: z.array(z.string()).optional(),
|
|
170
|
+
devMode: z.boolean().optional(),
|
|
171
|
+
}).parse(params);
|
|
172
|
+
const body = {};
|
|
173
|
+
if (input.redirectUris)
|
|
174
|
+
body['redirectUris'] = input.redirectUris;
|
|
175
|
+
if (input.postLogoutRedirectUris)
|
|
176
|
+
body['postLogoutRedirectUris'] = input.postLogoutRedirectUris;
|
|
177
|
+
if (input.devMode !== undefined)
|
|
178
|
+
body['devMode'] = input.devMode;
|
|
179
|
+
await ctx.client.request(`/management/v1/projects/${input.projectId}/apps/${input.appId}/oidc`, { method: 'PUT', body: JSON.stringify(body) });
|
|
180
|
+
return textResponse(`Application ${input.appId} updated successfully.`);
|
|
181
|
+
};
|
|
182
|
+
// ─── Export ──────────────────────────────────────────────────────────────────
|
|
183
|
+
export const APPLICATION_HANDLERS = {
|
|
184
|
+
zitadel_list_apps: listAppsHandler,
|
|
185
|
+
zitadel_get_app: getAppHandler,
|
|
186
|
+
zitadel_create_oidc_app: createOIDCAppHandler,
|
|
187
|
+
zitadel_update_app: updateAppHandler,
|
|
188
|
+
};
|
|
189
|
+
//# sourceMappingURL=applications.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"applications.js","sourceRoot":"","sources":["../../src/tools/applications.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE5D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,+EAA+E;AAE/E,MAAM,CAAC,MAAM,iBAAiB,GAAqB;IACjD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iCAAiC,EAAE;aAC9E;YACD,QAAQ,EAAE,CAAC,WAAW,CAAC;SACxB;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE;QACjD,WAAW,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACtG;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,uFAAuF;QACpG,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE;gBAC5D,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE;aAC7D;YACD,QAAQ,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC;SACjC;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE;QACjD,WAAW,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACpG;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,mLAAmL;QAChM,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qCAAqC,EAAE;gBACjF,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;gBACzD,YAAY,EAAE;oBACZ,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,qFAAqF;iBACnG;gBACD,sBAAsB,EAAE;oBACtB,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,sCAAsC;iBACpD;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,mBAAmB,EAAE,0BAA0B,EAAE,sBAAsB,CAAC;oBAC/E,WAAW,EAAE,+CAA+C;iBAC7D;gBACD,cAAc,EAAE;oBACd,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,6BAA6B,EAAE,4BAA4B,EAAE,4BAA4B,EAAE,uCAAuC,CAAC;oBAC1I,WAAW,EAAE,qFAAqF;iBACnG;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,iEAAiE;iBAC/E;aACF;YACD,QAAQ,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,CAAC;SAChD;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE;QAClD,WAAW,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KAC9G;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,iFAAiF;QAC9F,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE;gBAC5D,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8BAA8B,EAAE;gBACtE,YAAY,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE;gBAChG,sBAAsB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;gBAC7G,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yBAAyB,EAAE;aACrE;YACD,QAAQ,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC;SACjC;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE;QAClD,WAAW,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACxG;CACF,CAAC;AAEF,gFAAgF;AAEhF,SAAS,SAAS,CAAC,CAAa;IAC9B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,IAAI,SAAS,CAAC;IAC9D,MAAM,QAAQ,GAAG,CAAC,CAAC,UAAU,EAAE,QAAQ,IAAI,KAAK,CAAC;IACjD,OAAO,KAAK,CAAC,CAAC,IAAI,KAAK,KAAK,gBAAgB,QAAQ,cAAc,CAAC,CAAC,EAAE,EAAE,CAAC;AAC3E,CAAC;AAED,MAAM,eAAe,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IACzD,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEpF,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,2BAA2B,SAAS,eAAe,EACnD;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC;KAC7D,CACF,CAAC;IAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC;IACnC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,YAAY,CAAC,wCAAwC,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAClC,OAAO,YAAY,CAAC,SAAS,IAAI,CAAC,MAAM,uBAAuB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACrF,CAAC,CAAC;AAEF,MAAM,aAAa,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IACvD,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,SAAS,CAAC,WAAW,CAAC;QACjC,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC;KAC1B,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAClC,2BAA2B,KAAK,CAAC,SAAS,SAAS,KAAK,CAAC,KAAK,EAAE,CACjE,CAAC;IAEF,MAAM,KAAK,GAAG;QACZ,gBAAgB,GAAG,CAAC,IAAI,EAAE;QAC1B,WAAW,GAAG,CAAC,EAAE,EAAE;QACnB,UAAU,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,IAAI,SAAS,EAAE;KAC9D,CAAC;IAEF,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;QACnB,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;QAC5B,KAAK,CAAC,IAAI,CACR,cAAc,IAAI,CAAC,QAAQ,EAAE,EAC7B,aAAa,IAAI,CAAC,OAAO,EAAE,EAC3B,gBAAgB,IAAI,CAAC,cAAc,EAAE,EACrC,kBAAkB,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE,EAClE,qBAAqB,CAAC,IAAI,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE,EAC/E,mBAAmB,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAC1D,gBAAgB,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACpD,aAAa,IAAI,CAAC,OAAO,IAAI,KAAK,EAAE,CACrC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,YAAY,GAAG,CAAC,OAAO,EAAE,YAAY,IAAI,KAAK,EAAE,CAAC,CAAC;IAE7D,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAC9D,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,SAAS,CAAC,WAAW,CAAC;QACjC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvB,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9C,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC5D,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,mBAAmB,CAAC;QAChD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,4BAA4B,CAAC;QAChE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;KACpC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IAEnF,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,2BAA2B,KAAK,CAAC,SAAS,YAAY,EACtD;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,aAAa,EAAE,CAAC,yBAAyB,CAAC;YAC1C,UAAU,EAAE,CAAC,oCAAoC,CAAC;YAClD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;YACpD,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC;KACH,CACF,CAAC;IAEF,MAAM,KAAK,GAAG;QACZ,wCAAwC;QACxC,WAAW,QAAQ,CAAC,KAAK,EAAE;QAC3B,cAAc,QAAQ,CAAC,QAAQ,EAAE;KAClC,CAAC;IAEF,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CACR,kBAAkB,QAAQ,CAAC,YAAY,EAAE,EACzC,EAAE,EACF,qEAAqE,CACtE,CAAC;IACJ,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAC1D,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,SAAS,CAAC,WAAW,CAAC;QACjC,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC;QACzB,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC5C,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACtD,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAChC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,IAAI,GAA4B,EAAE,CAAC;IACzC,IAAI,KAAK,CAAC,YAAY;QAAE,IAAI,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,YAAY,CAAC;IAClE,IAAI,KAAK,CAAC,sBAAsB;QAAE,IAAI,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,sBAAsB,CAAC;IAChG,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC;IAEjE,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACtB,2BAA2B,KAAK,CAAC,SAAS,SAAS,KAAK,CAAC,KAAK,OAAO,EACrE,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAC9C,CAAC;IAEF,OAAO,YAAY,CAAC,eAAe,KAAK,CAAC,KAAK,wBAAwB,CAAC,CAAC;AAC1E,CAAC,CAAC;AAEF,gFAAgF;AAEhF,MAAM,CAAC,MAAM,oBAAoB,GAAgC;IAC/D,iBAAiB,EAAE,eAAe;IAClC,eAAe,EAAE,aAAa;IAC9B,uBAAuB,EAAE,oBAAoB;IAC7C,kBAAkB,EAAE,gBAAgB;CACrC,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tool registry — aggregates all tools and handlers
|
|
3
|
+
* Portal tools conditionally included based on config
|
|
4
|
+
*/
|
|
5
|
+
import type { ToolDefinition, ToolHandler } from '../types/tools.js';
|
|
6
|
+
import type { ZitadelConfig } from '../utils/config.js';
|
|
7
|
+
export declare function getTools(config: ZitadelConfig): ToolDefinition[];
|
|
8
|
+
export declare function getHandlers(config: ZitadelConfig): Record<string, ToolHandler>;
|