@jupiterone/jupiterone-mcp
Version:
Model Context Protocol server for JupiterOne account rules and rule details
75 lines • 3.85 kB
TypeScript
import { z } from 'zod';
import type { ToolAnnotations } from '@modelcontextprotocol/sdk/types.js';
import type { JupiterOneClient } from '../../client/jupiterone-client.js';
import type { J1QLValidator } from '../../utils/j1ql-validator.js';
/** A tool result envelope. Structurally compatible with the MCP SDK's CallToolResult. */
export interface ToolResult {
content: Array<{
type: 'text';
text: string;
}>;
isError?: boolean;
/** Typed payload (P1). The SDK validates it against the tool's outputSchema on success. */
structuredContent?: Record<string, unknown> | unknown[];
}
/** A JupiterOne account the caller can access, surfaced by account-discovery tools. */
export interface AccountSummary {
accountId: string;
displayName: string;
}
/**
* Resolves the accounts the caller can access. Supplied by the host (the remote proxy) because the
* list comes from a host-only source (a private iam endpoint), not the GraphQL/bearer client.
*/
export type AccountResolver = () => Promise<AccountSummary[]>;
/**
* Per-call capabilities the chokepoint provides to handlers. Most tools ignore it; the account-discovery
* tool uses `resolveAccounts`.
*/
export interface ToolContext {
/** Resolve the caller's accounts. Present only when the host supplies a resolver (multi-tenant remote). */
resolveAccounts?: AccountResolver;
}
/** Handler for a tool. Receives request-scoped, account-resolved dependencies and call context. */
export type ToolHandler<T extends z.ZodRawShape> = (params: z.infer<z.ZodObject<T>>, client: JupiterOneClient, validator: J1QLValidator, context: ToolContext) => Promise<ToolResult>;
/**
* Declarative description of a tool. Modules export arrays of these; the server registers
* them through one chokepoint that applies account scoping, error wrapping, and telemetry.
*/
export interface ToolDefinition<T extends z.ZodRawShape = z.ZodRawShape> {
name: string;
/** Human-friendly display title (MCP `title`, required for the connector directory). */
title: string;
description: string;
inputSchema: T;
/** Output schema (P1). When set, the SDK requires conforming structuredContent on success results. */
outputSchema?: z.ZodRawShape;
/**
* When true, the multi-tenant chokepoint neither injects nor requires an `accountId`, and the tool
* runs against the unscoped (token-only) client. Used by account-discovery tools like `list-accounts`.
*/
accountAgnostic?: boolean;
/**
* When true, the tool is registered only when the host supplies an account resolver (the
* multi-tenant remote). `list-accounts` uses this — a fixed-account connector and the stdio client
* have nothing to list.
*/
requiresAccountResolver?: boolean;
/** Behavior hints. `readOnlyHint`/`destructiveHint` are required by the directory review. */
annotations: ToolAnnotations;
handler: ToolHandler<T>;
/** Prefix for the generic error envelope when the handler throws (e.g. "Error listing rules"). */
errorContext: string;
/** Optional validator-aware error formatter (J1QL uses this for actionable suggestions). */
formatError?: (error: unknown, params: z.infer<z.ZodObject<T>>, validator: J1QLValidator) => ToolResult;
}
/**
* Identity helper that preserves per-tool input-schema inference inside a tool literal while
* widening the result so heterogeneous tools collect into one `ToolDefinition[]`.
*/
export declare function defineTool<T extends z.ZodRawShape>(def: ToolDefinition<T>): ToolDefinition;
/** Annotation presets. A read tool, a pure create, and a state-mutating call (update/evaluate). */
export declare const READ_ONLY: ToolAnnotations;
export declare const CREATE: ToolAnnotations;
export declare const MUTATE: ToolAnnotations;
//# sourceMappingURL=types.d.ts.map