zitadel-mcp-server 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +127 -0
  3. package/build/auth/client.d.ts +28 -0
  4. package/build/auth/client.js +125 -0
  5. package/build/auth/client.js.map +1 -0
  6. package/build/index.d.ts +6 -0
  7. package/build/index.js +81 -0
  8. package/build/index.js.map +1 -0
  9. package/build/tools/applications.d.ts +7 -0
  10. package/build/tools/applications.js +189 -0
  11. package/build/tools/applications.js.map +1 -0
  12. package/build/tools/index.d.ts +8 -0
  13. package/build/tools/index.js +44 -0
  14. package/build/tools/index.js.map +1 -0
  15. package/build/tools/organizations.d.ts +7 -0
  16. package/build/tools/organizations.js +65 -0
  17. package/build/tools/organizations.js.map +1 -0
  18. package/build/tools/portal.d.ts +10 -0
  19. package/build/tools/portal.js +191 -0
  20. package/build/tools/portal.js.map +1 -0
  21. package/build/tools/projects.d.ts +7 -0
  22. package/build/tools/projects.js +109 -0
  23. package/build/tools/projects.js.map +1 -0
  24. package/build/tools/roles.d.ts +7 -0
  25. package/build/tools/roles.js +203 -0
  26. package/build/tools/roles.js.map +1 -0
  27. package/build/tools/service-accounts.d.ts +7 -0
  28. package/build/tools/service-accounts.js +122 -0
  29. package/build/tools/service-accounts.js.map +1 -0
  30. package/build/tools/users.d.ts +7 -0
  31. package/build/tools/users.js +183 -0
  32. package/build/tools/users.js.map +1 -0
  33. package/build/tools/utility.d.ts +7 -0
  34. package/build/tools/utility.js +51 -0
  35. package/build/tools/utility.js.map +1 -0
  36. package/build/types/tools.d.ts +43 -0
  37. package/build/types/tools.js +16 -0
  38. package/build/types/tools.js.map +1 -0
  39. package/build/types/zitadel.d.ts +232 -0
  40. package/build/types/zitadel.js +6 -0
  41. package/build/types/zitadel.js.map +1 -0
  42. package/build/utils/config.d.ts +36 -0
  43. package/build/utils/config.js +35 -0
  44. package/build/utils/config.js.map +1 -0
  45. package/build/utils/error-handler.d.ts +18 -0
  46. package/build/utils/error-handler.js +56 -0
  47. package/build/utils/error-handler.js.map +1 -0
  48. package/build/utils/logger.d.ts +20 -0
  49. package/build/utils/logger.js +46 -0
  50. package/build/utils/logger.js.map +1 -0
  51. package/package.json +54 -0
package/build/tools/roles.js ADDED
@@ -0,0 +1,203 @@
1
+ /**
2
+ * Role & grant management tools (5 tools)
3
+ * Project roles and user grants via Zitadel Management API v1
4
+ */
5
+ import { z } from 'zod';
6
+ import { textResponse, errorResponse, zitadelId } from '../types/tools.js';
7
+ import { logger } from '../utils/logger.js';
8
+ // ─── Tool Definitions ───────────────────────────────────────────────────────
9
+ export const ROLE_TOOLS = [
10
+ {
11
+ name: 'zitadel_list_project_roles',
12
+ description: 'List all roles defined in a Zitadel project (e.g., "admin", "app:finance").',
13
+ inputSchema: {
14
+ type: 'object',
15
+ properties: {
16
+ projectId: { type: 'string', description: 'The project ID (uses default project if omitted)' },
17
+ },
18
+ },
19
+ _meta: { readOnly: true, domain: 'roles' },
20
+ annotations: { title: 'List Project Roles', readOnlyHint: true, destructiveHint: false, idempotentHint: true },
21
+ },
22
+ {
23
+ name: 'zitadel_create_project_role',
24
+ description: 'Create a new role in a Zitadel project. Use key format "app:{slug}" for app-specific access roles.',
25
+ inputSchema: {
26
+ type: 'object',
27
+ properties: {
28
+ projectId: { type: 'string', description: 'The project ID (uses default project if omitted)' },
29
+ roleKey: { type: 'string', description: 'Role key (e.g., "admin", "app:finance", "app:timesheets")' },
30
+ displayName: { type: 'string', description: 'Human-readable role name' },
31
+ group: { type: 'string', description: 'Optional role group for organization' },
32
+ },
33
+ required: ['roleKey', 'displayName'],
34
+ },
35
+ _meta: { readOnly: false, domain: 'roles' },
36
+ annotations: { title: 'Create Project Role', readOnlyHint: false, destructiveHint: false, idempotentHint: true },
37
+ },
38
+ {
39
+ name: 'zitadel_list_user_grants',
40
+ description: 'List role grants for a specific user, showing which roles they have been assigned.',
41
+ inputSchema: {
42
+ type: 'object',
43
+ properties: {
44
+ userId: { type: 'string', description: 'The user ID to list grants for' },
45
+ projectId: { type: 'string', description: 'Filter by project ID (uses default project if omitted)' },
46
+ },
47
+ required: ['userId'],
48
+ },
49
+ _meta: { readOnly: true, domain: 'roles' },
50
+ annotations: { title: 'List User Grants', readOnlyHint: true, destructiveHint: false, idempotentHint: true },
51
+ },
52
+ {
53
+ name: 'zitadel_create_user_grant',
54
+ description: 'Assign roles to a user by creating a grant. Validates that the roles exist in the project before granting.',
55
+ inputSchema: {
56
+ type: 'object',
57
+ properties: {
58
+ userId: { type: 'string', description: 'The user ID to grant roles to' },
59
+ roleKeys: {
60
+ type: 'array',
61
+ items: { type: 'string' },
62
+ description: 'Array of role keys to assign (e.g., ["admin", "app:finance"])',
63
+ },
64
+ projectId: { type: 'string', description: 'The project ID (uses default project if omitted)' },
65
+ },
66
+ required: ['userId', 'roleKeys'],
67
+ },
68
+ _meta: { readOnly: false, domain: 'roles' },
69
+ annotations: { title: 'Create User Grant', readOnlyHint: false, destructiveHint: false, idempotentHint: false },
70
+ },
71
+ {
72
+ name: 'zitadel_remove_user_grant',
73
+ description: 'Remove a role grant from a user by grant ID.',
74
+ inputSchema: {
75
+ type: 'object',
76
+ properties: {
77
+ userId: { type: 'string', description: 'The user ID' },
78
+ grantId: { type: 'string', description: 'The grant ID to remove' },
79
+ },
80
+ required: ['userId', 'grantId'],
81
+ },
82
+ _meta: { readOnly: false, domain: 'roles' },
83
+ annotations: { title: 'Remove User Grant', readOnlyHint: false, destructiveHint: true, idempotentHint: true },
84
+ },
85
+ ];
86
+ // ─── Helpers ─────────────────────────────────────────────────────────────────
87
+ function resolveProjectId(params, ctx) {
88
+ const projectId = params['projectId'] || ctx.config.projectId;
89
+ if (!projectId) {
90
+ throw new Error('projectId is required — either pass it as a parameter or set ZITADEL_PROJECT_ID');
91
+ }
92
+ return projectId;
93
+ }
94
+ async function getProjectRoleKeys(projectId, ctx) {
95
+ const response = await ctx.client.request(`/management/v1/projects/${projectId}/roles/_search`, {
96
+ method: 'POST',
97
+ body: JSON.stringify({ query: { offset: '0', limit: 100 } }),
98
+ });
99
+ return (response.result || []).map(r => r.key);
100
+ }
101
+ function formatGrant(g) {
102
+ const roles = g.roleKeys.join(', ');
103
+ const state = g.state?.replace('USER_GRANT_STATE_', '') || 'UNKNOWN';
104
+ return `- Grant ${g.id}: [${roles}] (${state}) Project: ${g.projectId}`;
105
+ }
106
+ // ─── Handlers ────────────────────────────────────────────────────────────────
107
+ const listProjectRolesHandler = async (params, ctx) => {
108
+ const projectId = resolveProjectId(params, ctx);
109
+ const response = await ctx.client.request(`/management/v1/projects/${projectId}/roles/_search`, {
110
+ method: 'POST',
111
+ body: JSON.stringify({ query: { offset: '0', limit: 100 } }),
112
+ });
113
+ const roles = response.result || [];
114
+ if (roles.length === 0) {
115
+ return textResponse(`No roles found in project ${projectId}.`);
116
+ }
117
+ const lines = roles.map(r => {
118
+ const group = r.group ? ` (group: ${r.group})` : '';
119
+ return `- ${r.key}: ${r.displayName}${group}`;
120
+ });
121
+ return textResponse(`Found ${roles.length} role(s) in project ${projectId}:\n\n${lines.join('\n')}`);
122
+ };
123
+ const createProjectRoleHandler = async (params, ctx) => {
124
+ const input = z.object({
125
+ roleKey: z.string().min(1),
126
+ displayName: z.string().min(1),
127
+ group: z.string().optional(),
128
+ }).parse(params);
129
+ const projectId = resolveProjectId(params, ctx);
130
+ logger.info('Creating project role', { projectId, roleKey: input.roleKey });
131
+ await ctx.client.request(`/management/v1/projects/${projectId}/roles`, {
132
+ method: 'POST',
133
+ body: JSON.stringify({
134
+ roleKey: input.roleKey,
135
+ displayName: input.displayName,
136
+ group: input.group,
137
+ }),
138
+ });
139
+ return textResponse(`Role created: ${input.roleKey} (${input.displayName}) in project ${projectId}`);
140
+ };
141
+ const listUserGrantsHandler = async (params, ctx) => {
142
+ const { userId } = z.object({ userId: zitadelId('userId') }).parse(params);
143
+ const projectId = params['projectId'] || ctx.config.projectId;
144
+ const queries = [{ userIdQuery: { userId } }];
145
+ if (projectId) {
146
+ queries.push({ projectIdQuery: { projectId } });
147
+ }
148
+ const response = await ctx.client.request('/management/v1/users/grants/_search', {
149
+ method: 'POST',
150
+ body: JSON.stringify({
151
+ query: { offset: '0', limit: 100 },
152
+ queries,
153
+ }),
154
+ });
155
+ const grants = response.result || [];
156
+ if (grants.length === 0) {
157
+ return textResponse(`No grants found for user ${userId}.`);
158
+ }
159
+ const lines = grants.map(formatGrant);
160
+ return textResponse(`Found ${grants.length} grant(s) for user ${userId}:\n\n${lines.join('\n')}`);
161
+ };
162
+ const createUserGrantHandler = async (params, ctx) => {
163
+ const input = z.object({
164
+ userId: zitadelId('userId'),
165
+ roleKeys: z.array(z.string().min(1)).min(1),
166
+ }).parse(params);
167
+ const projectId = resolveProjectId(params, ctx);
168
+ // Validate that roles exist before granting
169
+ const existingRoles = await getProjectRoleKeys(projectId, ctx);
170
+ const missingRoles = input.roleKeys.filter(r => !existingRoles.includes(r));
171
+ if (missingRoles.length > 0) {
172
+ return errorResponse(`Cannot grant access: role(s) not found in project ${projectId}: ${missingRoles.join(', ')}\n` +
173
+ `Available roles: ${existingRoles.join(', ') || 'none'}\n\n` +
174
+ `Create the missing roles first with zitadel_create_project_role.`);
175
+ }
176
+ logger.info('Creating user grant', { userId: input.userId, roleKeys: input.roleKeys, projectId });
177
+ const response = await ctx.client.request(`/management/v1/users/${input.userId}/grants`, {
178
+ method: 'POST',
179
+ body: JSON.stringify({ projectId, roleKeys: input.roleKeys }),
180
+ });
181
+ return textResponse(`Grant created successfully.\n` +
182
+ `Grant ID: ${response.userGrantId}\n` +
183
+ `User: ${input.userId}\n` +
184
+ `Roles: ${input.roleKeys.join(', ')}\n` +
185
+ `Project: ${projectId}`);
186
+ };
187
+ const removeUserGrantHandler = async (params, ctx) => {
188
+ const input = z.object({
189
+ userId: zitadelId('userId'),
190
+ grantId: zitadelId('grantId'),
191
+ }).parse(params);
192
+ await ctx.client.request(`/management/v1/users/${input.userId}/grants/${input.grantId}`, { method: 'DELETE' });
193
+ return textResponse(`Grant ${input.grantId} removed from user ${input.userId}.`);
194
+ };
195
+ // ─── Export ──────────────────────────────────────────────────────────────────
196
+ export const ROLE_HANDLERS = {
197
+ zitadel_list_project_roles: listProjectRolesHandler,
198
+ zitadel_create_project_role: createProjectRoleHandler,
199
+ zitadel_list_user_grants: listUserGrantsHandler,
200
+ zitadel_create_user_grant: createUserGrantHandler,
201
+ zitadel_remove_user_grant: removeUserGrantHandler,
202
+ };
203
+ //# sourceMappingURL=roles.js.map
package/build/tools/roles.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"roles.js","sourceRoot":"","sources":["../../src/tools/roles.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE3E,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,+EAA+E;AAE/E,MAAM,CAAC,MAAM,UAAU,GAAqB;IAC1C;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,6EAA6E;QAC1F,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kDAAkD,EAAE;aAC/F;SACF;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE;QAC1C,WAAW,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KAC/G;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,oGAAoG;QACjH,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kDAAkD,EAAE;gBAC9F,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2DAA2D,EAAE;gBACrG,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0BAA0B,EAAE;gBACxE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;aAC/E;YACD,QAAQ,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC;SACrC;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE;QAC3C,WAAW,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACjH;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,oFAAoF;QACjG,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gCAAgC,EAAE;gBACzE,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;aACrG;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE;QAC1C,WAAW,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KAC7G;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,WAAW,EAAE,4GAA4G;QACzH,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,+BAA+B,EAAE;gBACxE,QAAQ,EAAE;oBACR,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,+DAA+D;iBAC7E;gBACD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kDAAkD,EAAE;aAC/F;YACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC;SACjC;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE;QAC3C,WAAW,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KAChH;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,WAAW,EAAE,8CAA8C;QAC3D,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE;gBACtD,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wBAAwB,EAAE;aACnE;YACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;SAChC;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE;QAC3C,WAAW,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE;KAC9G;CACF,CAAC;AAEF,gFAAgF;AAEhF,SAAS,gBAAgB,CAAC,MAA+B,EAAE,GAAuC;IAChG,MAAM,SAAS,GAAI,MAAM,CAAC,WAAW,CAAY,IAAI,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC;IAC1E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;IACrG,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,SAAiB,EAAE,GAAoF;IACvI,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,2BAA2B,SAAS,gBAAgB,EACpD;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC;KAC7D,CACF,CAAC;IACF,OAAO,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,WAAW,CAAC,CAAY;IAC/B,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,IAAI,SAAS,CAAC;IACrE,OAAO,WAAW,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,KAAK,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC;AAC1E,CAAC;AAED,gFAAgF;AAEhF,MAAM,uBAAuB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IACjE,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,2BAA2B,SAAS,gBAAgB,EACpD;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC;KAC7D,CACF,CAAC;IAEF,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,YAAY,CAAC,6BAA6B,SAAS,GAAG,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAC1B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACpD,OAAO,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,WAAW,GAAG,KAAK,EAAE,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,OAAO,YAAY,CAAC,SAAS,KAAK,CAAC,MAAM,uBAAuB,SAAS,QAAQ,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACvG,CAAC,CAAC;AAEF,MAAM,wBAAwB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAClE,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC7B,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjB,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEhD,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAE5E,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACtB,2BAA2B,SAAS,QAAQ,EAC5C;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC;KACH,CACF,CAAC;IAEF,OAAO,YAAY,CAAC,iBAAiB,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC,WAAW,gBAAgB,SAAS,EAAE,CAAC,CAAC;AACvG,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAC/D,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAI,MAAM,CAAC,WAAW,CAAY,IAAI,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC;IAE1E,MAAM,OAAO,GAAc,CAAC,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,qCAAqC,EACrC;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;YAClC,OAAO;SACR,CAAC;KACH,CACF,CAAC;IAEF,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC;IACrC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,YAAY,CAAC,4BAA4B,MAAM,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,OAAO,YAAY,CAAC,SAAS,MAAM,CAAC,MAAM,sBAAsB,MAAM,QAAQ,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACpG,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAChE,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC;QAC3B,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;KAC5C,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjB,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEhD,4CAA4C;IAC5C,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,aAAa,CAClB,qDAAqD,SAAS,KAAK,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YAC9F,oBAAoB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,MAAM;YAC5D,kEAAkE,CACnE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;IAElG,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,wBAAwB,KAAK,CAAC,MAAM,SAAS,EAC7C;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC;KAC9D,CACF,CAAC;IAEF,OAAO,YAAY,CACjB,+BAA+B;QAC/B,aAAa,QAAQ,CAAC,WAAW,IAAI;QACrC,SAAS,KAAK,CAAC,MAAM,IAAI;QACzB,UAAU,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;QACvC,YAAY,SAAS,EAAE,CACxB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAChE,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC;QAC3B,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC;KAC9B,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACtB,wBAAwB,KAAK,CAAC,MAAM,WAAW,KAAK,CAAC,OAAO,EAAE,EAC9D,EAAE,MAAM,EAAE,QAAQ,EAAE,CACrB,CAAC;IAEF,OAAO,YAAY,CAAC,SAAS,KAAK,CAAC,OAAO,sBAAsB,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;AACnF,CAAC,CAAC;AAEF,gFAAgF;AAEhF,MAAM,CAAC,MAAM,aAAa,GAAgC;IACxD,0BAA0B,EAAE,uBAAuB;IACnD,2BAA2B,EAAE,wBAAwB;IACrD,wBAAwB,EAAE,qBAAqB;IAC/C,yBAAyB,EAAE,sBAAsB;IACjD,yBAAyB,EAAE,sBAAsB;CAClD,CAAC"}
package/build/tools/service-accounts.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Service account (machine user) tools (3 tools)
3
+ * Create machine users and manage their keys via Management API v1
4
+ */
5
+ import type { ToolDefinition, ToolHandler } from '../types/tools.js';
6
+ export declare const SERVICE_ACCOUNT_TOOLS: ToolDefinition[];
7
+ export declare const SERVICE_ACCOUNT_HANDLERS: Record<string, ToolHandler>;
package/build/tools/service-accounts.js ADDED
@@ -0,0 +1,122 @@
1
+ /**
2
+ * Service account (machine user) tools (3 tools)
3
+ * Create machine users and manage their keys via Management API v1
4
+ */
5
+ import { z } from 'zod';
6
+ import { textResponse, zitadelId } from '../types/tools.js';
7
+ import { logger } from '../utils/logger.js';
8
+ // ─── Tool Definitions ───────────────────────────────────────────────────────
9
+ export const SERVICE_ACCOUNT_TOOLS = [
10
+ {
11
+ name: 'zitadel_create_service_user',
12
+ description: 'Create a new service account (machine user) for API access. Service accounts authenticate via JWT keys, not passwords.',
13
+ inputSchema: {
14
+ type: 'object',
15
+ properties: {
16
+ userName: { type: 'string', description: 'Unique username for the service account' },
17
+ name: { type: 'string', description: 'Display name' },
18
+ description: { type: 'string', description: 'Optional description of what this service account is used for' },
19
+ accessTokenType: {
20
+ type: 'string',
21
+ enum: ['ACCESS_TOKEN_TYPE_BEARER', 'ACCESS_TOKEN_TYPE_JWT'],
22
+ description: 'Token type (default: ACCESS_TOKEN_TYPE_BEARER)',
23
+ },
24
+ },
25
+ required: ['userName', 'name'],
26
+ },
27
+ _meta: { readOnly: false, domain: 'service-accounts' },
28
+ annotations: { title: 'Create Service User', readOnlyHint: false, destructiveHint: false, idempotentHint: false },
29
+ },
30
+ {
31
+ name: 'zitadel_create_service_user_key',
32
+ description: 'Generate a new key pair for a service account. The private key is returned ONLY at creation time — save it immediately.',
33
+ inputSchema: {
34
+ type: 'object',
35
+ properties: {
36
+ userId: { type: 'string', description: 'The service account user ID' },
37
+ expirationDate: { type: 'string', description: 'Optional expiration date (ISO 8601 format)' },
38
+ },
39
+ required: ['userId'],
40
+ },
41
+ _meta: { readOnly: false, domain: 'service-accounts' },
42
+ annotations: { title: 'Create Service User Key', readOnlyHint: false, destructiveHint: false, idempotentHint: false },
43
+ },
44
+ {
45
+ name: 'zitadel_list_service_user_keys',
46
+ description: 'List existing keys for a service account. Shows key metadata only (not private keys).',
47
+ inputSchema: {
48
+ type: 'object',
49
+ properties: {
50
+ userId: { type: 'string', description: 'The service account user ID' },
51
+ },
52
+ required: ['userId'],
53
+ },
54
+ _meta: { readOnly: true, domain: 'service-accounts' },
55
+ annotations: { title: 'List Service User Keys', readOnlyHint: true, destructiveHint: false, idempotentHint: true },
56
+ },
57
+ ];
58
+ // ─── Handlers ────────────────────────────────────────────────────────────────
59
+ const createServiceUserHandler = async (params, ctx) => {
60
+ const input = z.object({
61
+ userName: z.string().min(1),
62
+ name: z.string().min(1),
63
+ description: z.string().optional(),
64
+ accessTokenType: z.string().default('ACCESS_TOKEN_TYPE_BEARER'),
65
+ }).parse(params);
66
+ logger.info('Creating service user', { userName: input.userName });
67
+ const response = await ctx.client.request('/management/v1/users/machine', {
68
+ method: 'POST',
69
+ body: JSON.stringify({
70
+ userName: input.userName,
71
+ name: input.name,
72
+ description: input.description || '',
73
+ accessTokenType: input.accessTokenType,
74
+ }),
75
+ });
76
+ return textResponse(`Service account created successfully.\n` +
77
+ `User ID: ${response.userId}\n` +
78
+ `Username: ${input.userName}\n` +
79
+ `Name: ${input.name}\n\n` +
80
+ `Next step: Generate a key with zitadel_create_service_user_key using this User ID.`);
81
+ };
82
+ const createServiceUserKeyHandler = async (params, ctx) => {
83
+ const input = z.object({
84
+ userId: zitadelId('userId'),
85
+ expirationDate: z.string().optional(),
86
+ }).parse(params);
87
+ logger.info('Creating service user key', { userId: input.userId });
88
+ const body = { type: 'KEY_TYPE_JSON' };
89
+ if (input.expirationDate) {
90
+ body['expirationDate'] = input.expirationDate;
91
+ }
92
+ const response = await ctx.client.request(`/management/v1/users/${input.userId}/keys`, { method: 'POST', body: JSON.stringify(body) });
93
+ return textResponse(`Service account key created.\n` +
94
+ `Key ID: ${response.keyId}\n\n` +
95
+ `=== KEY DETAILS (save immediately — cannot be retrieved again) ===\n` +
96
+ `${response.keyDetails}\n` +
97
+ `=================================================================\n\n` +
98
+ `Use this key to configure ZITADEL_SERVICE_ACCOUNT_KEY_ID and ZITADEL_SERVICE_ACCOUNT_PRIVATE_KEY.`);
99
+ };
100
+ const listServiceUserKeysHandler = async (params, ctx) => {
101
+ const { userId } = z.object({ userId: zitadelId('userId') }).parse(params);
102
+ const response = await ctx.client.request(`/management/v1/users/${userId}/keys/_search`, {
103
+ method: 'POST',
104
+ body: JSON.stringify({ query: { offset: '0', limit: 100 } }),
105
+ });
106
+ const keys = response.result || [];
107
+ if (keys.length === 0) {
108
+ return textResponse(`No keys found for service account ${userId}.`);
109
+ }
110
+ const lines = keys.map(k => {
111
+ const expiry = k.expirationDate || 'never';
112
+ return `- Key ${k.id}: type=${k.type}, expires=${expiry}, created=${k.details?.creationDate || 'N/A'}`;
113
+ });
114
+ return textResponse(`Found ${keys.length} key(s) for service account ${userId}:\n\n${lines.join('\n')}`);
115
+ };
116
+ // ─── Export ──────────────────────────────────────────────────────────────────
117
+ export const SERVICE_ACCOUNT_HANDLERS = {
118
+ zitadel_create_service_user: createServiceUserHandler,
119
+ zitadel_create_service_user_key: createServiceUserKeyHandler,
120
+ zitadel_list_service_user_keys: listServiceUserKeysHandler,
121
+ };
122
+ //# sourceMappingURL=service-accounts.js.map
package/build/tools/service-accounts.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"service-accounts.js","sourceRoot":"","sources":["../../src/tools/service-accounts.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE5D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,+EAA+E;AAE/E,MAAM,CAAC,MAAM,qBAAqB,GAAqB;IACrD;QACE,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,wHAAwH;QACrI,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE;gBACpF,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE;gBACrD,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,+DAA+D,EAAE;gBAC7G,eAAe,EAAE;oBACf,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,0BAA0B,EAAE,uBAAuB,CAAC;oBAC3D,WAAW,EAAE,gDAAgD;iBAC9D;aACF;YACD,QAAQ,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC;SAC/B;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE;QACtD,WAAW,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KAClH;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,yHAAyH;QACtI,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6BAA6B,EAAE;gBACtE,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;aAC9F;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE;QACtD,WAAW,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACtH;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,uFAAuF;QACpG,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6BAA6B,EAAE;aACvE;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE;QACrD,WAAW,EAAE,EAAE,KAAK,EAAE,wBAAwB,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACnH;CACF,CAAC;AAEF,gFAAgF;AAEhF,MAAM,wBAAwB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAClE,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,0BAA0B,CAAC;KAChE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEnE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,8BAA8B,EAC9B;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,EAAE;YACpC,eAAe,EAAE,KAAK,CAAC,eAAe;SACvC,CAAC;KACH,CACF,CAAC;IAEF,OAAO,YAAY,CACjB,yCAAyC;QACzC,YAAY,QAAQ,CAAC,MAAM,IAAI;QAC/B,aAAa,KAAK,CAAC,QAAQ,IAAI;QAC/B,SAAS,KAAK,CAAC,IAAI,MAAM;QACzB,oFAAoF,CACrF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,2BAA2B,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IACrE,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC;QAC3B,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACtC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAEnE,MAAM,IAAI,GAA4B,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAChE,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,IAAI,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,wBAAwB,KAAK,CAAC,MAAM,OAAO,EAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAC/C,CAAC;IAEF,OAAO,YAAY,CACjB,gCAAgC;QAChC,WAAW,QAAQ,CAAC,KAAK,MAAM;QAC/B,sEAAsE;QACtE,GAAG,QAAQ,CAAC,UAAU,IAAI;QAC1B,uEAAuE;QACvE,mGAAmG,CACpG,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,0BAA0B,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IACpE,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAE3E,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CACvC,wBAAwB,MAAM,eAAe,EAC7C;QACE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC;KAC7D,CACF,CAAC;IAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC;IACnC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,YAAY,CAAC,qCAAqC,MAAM,GAAG,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACzB,MAAM,MAAM,GAAG,CAAC,CAAC,cAAc,IAAI,OAAO,CAAC;QAC3C,OAAO,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,aAAa,MAAM,aAAa,CAAC,CAAC,OAAO,EAAE,YAAY,IAAI,KAAK,EAAE,CAAC;IACzG,CAAC,CAAC,CAAC;IAEH,OAAO,YAAY,CAAC,SAAS,IAAI,CAAC,MAAM,+BAA+B,MAAM,QAAQ,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC3G,CAAC,CAAC;AAEF,gFAAgF;AAEhF,MAAM,CAAC,MAAM,wBAAwB,GAAgC;IACnE,2BAA2B,EAAE,wBAAwB;IACrD,+BAA+B,EAAE,2BAA2B;IAC5D,8BAA8B,EAAE,0BAA0B;CAC3D,CAAC"}
package/build/tools/users.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ /**
2
+ * User management tools (5 tools)
3
+ * CRUD operations for human users via Zitadel v2 API
4
+ */
5
+ import type { ToolDefinition, ToolHandler } from '../types/tools.js';
6
+ export declare const USER_TOOLS: ToolDefinition[];
7
+ export declare const USER_HANDLERS: Record<string, ToolHandler>;
package/build/tools/users.js ADDED
@@ -0,0 +1,183 @@
1
+ /**
2
+ * User management tools (5 tools)
3
+ * CRUD operations for human users via Zitadel v2 API
4
+ */
5
+ import { z } from 'zod';
6
+ import { textResponse, zitadelId } from '../types/tools.js';
7
+ import { logger } from '../utils/logger.js';
8
+ // ─── Tool Definitions ───────────────────────────────────────────────────────
9
+ export const USER_TOOLS = [
10
+ {
11
+ name: 'zitadel_list_users',
12
+ description: 'List or search users in the Zitadel instance. Returns user details including name, email, status, and login names.',
13
+ inputSchema: {
14
+ type: 'object',
15
+ properties: {
16
+ query: {
17
+ type: 'string',
18
+ description: 'Optional search query to filter users by email, name, or username',
19
+ },
20
+ limit: {
21
+ type: 'number',
22
+ description: 'Maximum number of users to return (default: 50)',
23
+ },
24
+ },
25
+ },
26
+ _meta: { readOnly: true, domain: 'users' },
27
+ annotations: { title: 'List Users', readOnlyHint: true, destructiveHint: false, idempotentHint: true },
28
+ },
29
+ {
30
+ name: 'zitadel_get_user',
31
+ description: 'Get detailed information about a specific user by their user ID.',
32
+ inputSchema: {
33
+ type: 'object',
34
+ properties: {
35
+ userId: { type: 'string', description: 'The Zitadel user ID' },
36
+ },
37
+ required: ['userId'],
38
+ },
39
+ _meta: { readOnly: true, domain: 'users' },
40
+ annotations: { title: 'Get User', readOnlyHint: true, destructiveHint: false, idempotentHint: true },
41
+ },
42
+ {
43
+ name: 'zitadel_create_user',
44
+ description: 'Create a new human user in Zitadel. An invitation email will be sent automatically so the user can set their password.',
45
+ inputSchema: {
46
+ type: 'object',
47
+ properties: {
48
+ email: { type: 'string', description: 'Email address for the new user' },
49
+ firstName: { type: 'string', description: 'First name' },
50
+ lastName: { type: 'string', description: 'Last name' },
51
+ },
52
+ required: ['email', 'firstName', 'lastName'],
53
+ },
54
+ _meta: { readOnly: false, domain: 'users' },
55
+ annotations: { title: 'Create User', readOnlyHint: false, destructiveHint: false, idempotentHint: false },
56
+ },
57
+ {
58
+ name: 'zitadel_deactivate_user',
59
+ description: 'Deactivate a user account. The user will no longer be able to log in.',
60
+ inputSchema: {
61
+ type: 'object',
62
+ properties: {
63
+ userId: { type: 'string', description: 'The Zitadel user ID to deactivate' },
64
+ },
65
+ required: ['userId'],
66
+ },
67
+ _meta: { readOnly: false, domain: 'users' },
68
+ annotations: { title: 'Deactivate User', readOnlyHint: false, destructiveHint: true, idempotentHint: true },
69
+ },
70
+ {
71
+ name: 'zitadel_reactivate_user',
72
+ description: 'Reactivate a previously deactivated user account.',
73
+ inputSchema: {
74
+ type: 'object',
75
+ properties: {
76
+ userId: { type: 'string', description: 'The Zitadel user ID to reactivate' },
77
+ },
78
+ required: ['userId'],
79
+ },
80
+ _meta: { readOnly: false, domain: 'users' },
81
+ annotations: { title: 'Reactivate User', readOnlyHint: false, destructiveHint: false, idempotentHint: true },
82
+ },
83
+ ];
84
+ // ─── Handlers ────────────────────────────────────────────────────────────────
85
+ function formatUser(u) {
86
+ const name = u.human?.profile
87
+ ? `${u.human.profile.givenName} ${u.human.profile.familyName}`.trim()
88
+ : u.username;
89
+ const email = u.human?.email?.email || 'N/A';
90
+ const state = u.state.replace('USER_STATE_', '');
91
+ return `- ${name} (${email}) [${state}] ID: ${u.userId}`;
92
+ }
93
+ const listUsersHandler = async (params, ctx) => {
94
+ const input = z.object({
95
+ query: z.string().optional(),
96
+ limit: z.number().min(1).max(500).default(50),
97
+ }).parse(params);
98
+ const queries = [];
99
+ if (input.query) {
100
+ queries.push({
101
+ emailQuery: { emailAddress: input.query, method: 'TEXT_QUERY_METHOD_CONTAINS_IGNORE_CASE' },
102
+ });
103
+ }
104
+ const response = await ctx.client.request('/v2/users', {
105
+ method: 'POST',
106
+ body: JSON.stringify({
107
+ query: { offset: '0', limit: input.limit },
108
+ ...(queries.length > 0 ? { queries } : {}),
109
+ }),
110
+ });
111
+ const users = response.result || [];
112
+ if (users.length === 0) {
113
+ return textResponse('No users found.');
114
+ }
115
+ const total = response.details?.totalResult || users.length;
116
+ const lines = users.map(formatUser);
117
+ return textResponse(`Found ${total} user(s):\n\n${lines.join('\n')}`);
118
+ };
119
+ const getUserHandler = async (params, ctx) => {
120
+ const { userId } = z.object({ userId: zitadelId('userId') }).parse(params);
121
+ const response = await ctx.client.request(`/v2/users/${userId}`);
122
+ // v2 GET returns user fields directly (not nested under .user)
123
+ const u = response;
124
+ const name = u.human?.profile
125
+ ? `${u.human.profile.givenName} ${u.human.profile.familyName}`.trim()
126
+ : u.username;
127
+ const lines = [
128
+ `User: ${name}`,
129
+ `ID: ${u.userId}`,
130
+ `Email: ${u.human?.email?.email || 'N/A'}`,
131
+ `Email Verified: ${u.human?.email?.isEmailVerified ?? 'N/A'}`,
132
+ `State: ${u.state.replace('USER_STATE_', '')}`,
133
+ `Username: ${u.username}`,
134
+ `Login Names: ${(u.loginNames || []).join(', ')}`,
135
+ `Created: ${u.details?.creationDate || 'N/A'}`,
136
+ ];
137
+ return textResponse(lines.join('\n'));
138
+ };
139
+ const createUserHandler = async (params, ctx) => {
140
+ const input = z.object({
141
+ email: z.string().email(),
142
+ firstName: z.string().min(1),
143
+ lastName: z.string().min(1),
144
+ }).parse(params);
145
+ logger.info('Creating user', { email: input.email });
146
+ const response = await ctx.client.request('/v2/users/human', {
147
+ method: 'POST',
148
+ body: JSON.stringify({
149
+ profile: {
150
+ givenName: input.firstName,
151
+ familyName: input.lastName,
152
+ },
153
+ email: {
154
+ email: input.email,
155
+ isVerified: false,
156
+ },
157
+ }),
158
+ });
159
+ return textResponse(`User created successfully.\n` +
160
+ `User ID: ${response.userId}\n` +
161
+ `Email: ${input.email}\n` +
162
+ `Name: ${input.firstName} ${input.lastName}\n\n` +
163
+ `An invitation email has been sent to ${input.email} to complete registration.`);
164
+ };
165
+ const deactivateUserHandler = async (params, ctx) => {
166
+ const { userId } = z.object({ userId: zitadelId('userId') }).parse(params);
167
+ await ctx.client.request(`/v2/users/${userId}/deactivate`, { method: 'POST' });
168
+ return textResponse(`User ${userId} has been deactivated.`);
169
+ };
170
+ const reactivateUserHandler = async (params, ctx) => {
171
+ const { userId } = z.object({ userId: zitadelId('userId') }).parse(params);
172
+ await ctx.client.request(`/v2/users/${userId}/reactivate`, { method: 'POST' });
173
+ return textResponse(`User ${userId} has been reactivated.`);
174
+ };
175
+ // ─── Export ──────────────────────────────────────────────────────────────────
176
+ export const USER_HANDLERS = {
177
+ zitadel_list_users: listUsersHandler,
178
+ zitadel_get_user: getUserHandler,
179
+ zitadel_create_user: createUserHandler,
180
+ zitadel_deactivate_user: deactivateUserHandler,
181
+ zitadel_reactivate_user: reactivateUserHandler,
182
+ };
183
+ //# sourceMappingURL=users.js.map
package/build/tools/users.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"users.js","sourceRoot":"","sources":["../../src/tools/users.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,YAAY,EAAiB,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE3E,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,+EAA+E;AAE/E,MAAM,CAAC,MAAM,UAAU,GAAqB;IAC1C;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,oHAAoH;QACjI,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,mEAAmE;iBACjF;gBACD,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iDAAiD;iBAC/D;aACF;SACF;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE;QAC1C,WAAW,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACvG;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,kEAAkE;QAC/E,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;aAC/D;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE;QAC1C,WAAW,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KACrG;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,wHAAwH;QACrI,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gCAAgC,EAAE;gBACxE,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE;gBACxD,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;aACvD;YACD,QAAQ,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,CAAC;SAC7C;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE;QAC3C,WAAW,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KAC1G;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,uEAAuE;QACpF,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mCAAmC,EAAE;aAC7E;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE;QAC3C,WAAW,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE;KAC5G;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,mDAAmD;QAChE,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mCAAmC,EAAE;aAC7E;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE;QAC3C,WAAW,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KAC7G;CACF,CAAC;AAEF,gFAAgF;AAEhF,SAAS,UAAU,CAAC,CAAqB;IACvC,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,OAAO;QAC3B,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE;QACrE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IACf,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,IAAI,KAAK,CAAC;IAC7C,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IACjD,OAAO,KAAK,IAAI,KAAK,KAAK,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;AAC3D,CAAC;AAED,MAAM,gBAAgB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAC1D,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC5B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;KAC9C,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,OAAO,GAAc,EAAE,CAAC;IAC9B,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC;YACX,UAAU,EAAE,EAAE,YAAY,EAAE,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,wCAAwC,EAAE;SAC5F,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAoB,WAAW,EAAE;QACxE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE;YAC1C,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3C,CAAC;KACH,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,YAAY,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAE,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;IAC5D,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACpC,OAAO,YAAY,CAAC,SAAS,KAAK,gBAAgB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACxE,CAAC,CAAC;AAEF,MAAM,cAAc,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IACxD,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAE3E,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAqB,aAAa,MAAM,EAAE,CAAC,CAAC;IAErF,+DAA+D;IAC/D,MAAM,CAAC,GAAG,QAAQ,CAAC;IACnB,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,OAAO;QAC3B,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE;QACrE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEf,MAAM,KAAK,GAAG;QACZ,SAAS,IAAI,EAAE;QACf,OAAO,CAAC,CAAC,MAAM,EAAE;QACjB,UAAU,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,IAAI,KAAK,EAAE;QAC1C,mBAAmB,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,eAAe,IAAI,KAAK,EAAE;QAC7D,UAAU,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,EAAE;QAC9C,aAAa,CAAC,CAAC,QAAQ,EAAE;QACzB,gBAAgB,CAAC,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACjD,YAAY,CAAC,CAAC,OAAO,EAAE,YAAY,IAAI,KAAK,EAAE;KAC/C,CAAC;IAEF,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAC3D,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;QACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KAC5B,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IAErD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAqB,iBAAiB,EAAE;QAC/E,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE;gBACP,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,UAAU,EAAE,KAAK,CAAC,QAAQ;aAC3B;YACD,KAAK,EAAE;gBACL,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,UAAU,EAAE,KAAK;aAClB;SACF,CAAC;KACH,CAAC,CAAC;IAEH,OAAO,YAAY,CACjB,8BAA8B;QAC9B,YAAY,QAAQ,CAAC,MAAM,IAAI;QAC/B,UAAU,KAAK,CAAC,KAAK,IAAI;QACzB,SAAS,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,QAAQ,MAAM;QAChD,wCAAwC,KAAK,CAAC,KAAK,4BAA4B,CAChF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAC/D,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAE3E,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,MAAM,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/E,OAAO,YAAY,CAAC,QAAQ,MAAM,wBAAwB,CAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAC/D,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAE3E,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,MAAM,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/E,OAAO,YAAY,CAAC,QAAQ,MAAM,wBAAwB,CAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,gFAAgF;AAEhF,MAAM,CAAC,MAAM,aAAa,GAAgC;IACxD,kBAAkB,EAAE,gBAAgB;IACpC,gBAAgB,EAAE,cAAc;IAChC,mBAAmB,EAAE,iBAAiB;IACtC,uBAAuB,EAAE,qBAAqB;IAC9C,uBAAuB,EAAE,qBAAqB;CAC/C,CAAC"}
package/build/tools/utility.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Utility tools (1 tool)
3
+ * Helper tools for developer workflow
4
+ */
5
+ import type { ToolDefinition, ToolHandler } from '../types/tools.js';
6
+ export declare const UTILITY_TOOLS: ToolDefinition[];
7
+ export declare const UTILITY_HANDLERS: Record<string, ToolHandler>;
package/build/tools/utility.js ADDED
@@ -0,0 +1,51 @@
1
+ /**
2
+ * Utility tools (1 tool)
3
+ * Helper tools for developer workflow
4
+ */
5
+ import { z } from 'zod';
6
+ import { textResponse, zitadelId } from '../types/tools.js';
7
+ // ─── Tool Definitions ───────────────────────────────────────────────────────
8
+ export const UTILITY_TOOLS = [
9
+ {
10
+ name: 'zitadel_get_auth_config',
11
+ description: 'Get the environment variables needed for a new application\'s .env.local file. Fetches the app details and formats them as ready-to-paste configuration.',
12
+ inputSchema: {
13
+ type: 'object',
14
+ properties: {
15
+ projectId: { type: 'string', description: 'The project ID' },
16
+ appId: { type: 'string', description: 'The application ID' },
17
+ },
18
+ required: ['projectId', 'appId'],
19
+ },
20
+ _meta: { readOnly: true, domain: 'utility' },
21
+ annotations: { title: 'Get Auth Config', readOnlyHint: true, destructiveHint: false, idempotentHint: true },
22
+ },
23
+ ];
24
+ // ─── Handlers ────────────────────────────────────────────────────────────────
25
+ const getAuthConfigHandler = async (params, ctx) => {
26
+ const input = z.object({
27
+ projectId: zitadelId('projectId'),
28
+ appId: zitadelId('appId'),
29
+ }).parse(params);
30
+ const app = await ctx.client.request(`/management/v1/projects/${input.projectId}/apps/${input.appId}`);
31
+ const clientId = app.oidcConfig?.clientId || 'UNKNOWN';
32
+ const config = ctx.client.getConfig();
33
+ const envVars = [
34
+ `# Zitadel OIDC Configuration for "${app.name}"`,
35
+ `# Generated by zitadel-mcp-server`,
36
+ ``,
37
+ `AUTH_ZITADEL_ISSUER=${config.issuer}`,
38
+ `AUTH_ZITADEL_CLIENT_ID=${clientId}`,
39
+ ``,
40
+ `# Additional context (for reference)`,
41
+ `# ZITADEL_PROJECT_ID=${input.projectId}`,
42
+ `# ZITADEL_ORG_ID=${config.orgId}`,
43
+ `# ZITADEL_APP_ID=${input.appId}`,
44
+ ];
45
+ return textResponse(envVars.join('\n'));
46
+ };
47
+ // ─── Export ──────────────────────────────────────────────────────────────────
48
+ export const UTILITY_HANDLERS = {
49
+ zitadel_get_auth_config: getAuthConfigHandler,
50
+ };
51
+ //# sourceMappingURL=utility.js.map
package/build/tools/utility.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"utility.js","sourceRoot":"","sources":["../../src/tools/utility.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAG5D,+EAA+E;AAE/E,MAAM,CAAC,MAAM,aAAa,GAAqB;IAC7C;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,0JAA0J;QACvK,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE;gBAC5D,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE;aAC7D;YACD,QAAQ,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC;SACjC;QACD,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE;QAC5C,WAAW,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE;KAC5G;CACF,CAAC;AAEF,gFAAgF;AAEhF,MAAM,oBAAoB,GAAgB,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;IAC9D,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,SAAS,CAAC,WAAW,CAAC;QACjC,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC;KAC1B,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAClC,2BAA2B,KAAK,CAAC,SAAS,SAAS,KAAK,CAAC,KAAK,EAAE,CACjE,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,EAAE,QAAQ,IAAI,SAAS,CAAC;IACvD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;IAEtC,MAAM,OAAO,GAAG;QACd,qCAAqC,GAAG,CAAC,IAAI,GAAG;QAChD,mCAAmC;QACnC,EAAE;QACF,uBAAuB,MAAM,CAAC,MAAM,EAAE;QACtC,0BAA0B,QAAQ,EAAE;QACpC,EAAE;QACF,sCAAsC;QACtC,wBAAwB,KAAK,CAAC,SAAS,EAAE;QACzC,oBAAoB,MAAM,CAAC,KAAK,EAAE;QAClC,oBAAoB,KAAK,CAAC,KAAK,EAAE;KAClC,CAAC;IAEF,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,gFAAgF;AAEhF,MAAM,CAAC,MAAM,gBAAgB,GAAgC;IAC3D,uBAAuB,EAAE,oBAAoB;CAC9C,CAAC"}