Merge remote-tracking branch 'origin/main' into telemetry

Author: blva

README.md

@@ -109,6 +109,8 @@ You may experiment asking `Can you connect to my mongodb instance?`.
 - `atlas-list-db-users` - List MongoDB Atlas database users
 - `atlas-create-db-user` - List MongoDB Atlas database users
 
+NOTE: atlas tools are only available when you set credentials on [configuration](#configuration) section.
+
 #### MongoDB Database Tools
 
 - `connect` - Connect to a MongoDB instance

src/common/atlas/apiClient.ts

@@ -10,11 +10,13 @@ import logger from "../../logger.js";
 
 const ATLAS_API_VERSION = "2025-03-12";
 
+export interface ApiClientCredentials {
+    clientId: string;
+    clientSecret: string;
+}
+
 export interface ApiClientOptions {
-    credentials?: {
-        clientId: string;
-        clientSecret: string;
-    };
+    credentials?: ApiClientCredentials;
     baseUrl?: string;
     userAgent?: string;
 }

src/session.ts

@@ -1,15 +1,7 @@
 import { NodeDriverServiceProvider } from "@mongosh/service-provider-node-driver";
-import { ApiClient } from "./common/atlas/apiClient.js";
-import defaultConfig from "./config.js";
+import { ApiClient, ApiClientCredentials } from "./common/atlas/apiClient.js";
 import { Implementation } from "@modelcontextprotocol/sdk/types.js";
-
-// Define the type for configuration used by Session
-interface SessionConfig {
-    apiBaseUrl?: string;
-    apiClientId?: string;
-    apiClientSecret?: string;
-    [key: string]: unknown;
-}
+import config from "./config.js";
 
 export class Session {
     sessionId?: string;
@@ -19,59 +11,31 @@ export class Session {
         name: string;
         version: string;
     };
-    private credentials?: { clientId: string; clientSecret: string };
-    private baseUrl: string;
-    private readonly config: SessionConfig;
-
-    constructor(config: SessionConfig = defaultConfig as SessionConfig) {
-        this.config = config;
-        this.baseUrl = this.config.apiBaseUrl ?? "https://cloud.mongodb.com/";
-
-        // Store credentials if available
-        if (this.config.apiClientId && this.config.apiClientSecret) {
-            this.credentials = {
-                clientId: this.config.apiClientId,
-                clientSecret: this.config.apiClientSecret,
-            };
-
-            // Initialize API client with credentials
-            this.apiClient = new ApiClient({
-                baseUrl: this.baseUrl,
-                credentials: this.credentials,
-            });
-            return;
-        }
 
-        // Initialize API client without credentials
-        this.apiClient = new ApiClient({ baseUrl: this.baseUrl });
+    constructor() {
+        const credentials: ApiClientCredentials | undefined =
+            config.apiClientId && config.apiClientSecret
+                ? {
+                      clientId: config.apiClientId,
+                      clientSecret: config.apiClientSecret,
+                  }
+                : undefined;
+
+        this.apiClient = new ApiClient({
+            baseUrl: config.apiBaseUrl,
+            credentials,
+        });
     }
 
-    setAgentRunner(agentClient: Implementation | undefined) {
-        if (agentClient?.name && agentClient?.version) {
+    setAgentRunner(agentRunner: Implementation | undefined) {
+        if (agentRunner?.name && agentRunner?.version) {
             this.agentRunner = {
-                name: agentClient.name,
-                version: agentClient.version,
+                name: agentRunner.name,
+                version: agentRunner.version,
             };
         }
     }
 
-    ensureAuthenticated(): asserts this is { apiClient: ApiClient } {
-        if (!this.apiClient.hasCredentials()) {
-            if (!this.credentials) {
-                throw new Error(
-                    "Not authenticated make sure to configure MCP server with MDB_MCP_API_CLIENT_ID and MDB_MCP_API_CLIENT_SECRET environment variables."
-                );
-            }
-
-            // Reinitialize API client with the stored credentials
-            // This can happen if the server was configured without credentials but the env variables are later set
-            this.apiClient = new ApiClient({
-                baseUrl: this.baseUrl,
-                credentials: this.credentials,
-            });
-        }
-    }
-
     async close(): Promise<void> {
         if (this.serviceProvider) {
             try {

src/tools/atlas/atlasTool.ts

@@ -1,10 +1,18 @@
 import { ToolBase, ToolCategory } from "../tool.js";
 import { Session } from "../../session.js";
+import config from "../../config.js";
 
 export abstract class AtlasToolBase extends ToolBase {
     constructor(protected readonly session: Session) {
         super(session);
     }
 
     protected category: ToolCategory = "atlas";
+
+    protected verifyAllowed(): boolean {
+        if (!config.apiClientId || !config.apiClientSecret) {
+            return false;
+        }
+        return super.verifyAllowed();
+    }
 }

src/tools/atlas/createAccessList.ts

@@ -27,8 +27,6 @@ export class CreateAccessListTool extends AtlasToolBase {
         comment,
         currentIpAddress,
     }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
-        this.session.ensureAuthenticated();
-
         if (!ipAddresses?.length && !cidrBlocks?.length && !currentIpAddress) {
             throw new Error("One of  ipAddresses, cidrBlocks, currentIpAddress must be provided.");
         }

src/tools/atlas/createDBUser.ts

@@ -34,8 +34,6 @@ export class CreateDBUserTool extends AtlasToolBase {
         roles,
         clusters,
     }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
-        this.session.ensureAuthenticated();
-
         const input = {
             groupId: projectId,
             awsIAMType: "NONE",

src/tools/atlas/createFreeCluster.ts

@@ -15,8 +15,6 @@ export class CreateFreeClusterTool extends AtlasToolBase {
     };
 
     protected async execute({ projectId, name, region }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
-        this.session.ensureAuthenticated();
-
         const input = {
             groupId: projectId,
             name,

src/tools/atlas/createProject.ts

@@ -14,7 +14,6 @@ export class CreateProjectTool extends AtlasToolBase {
     };
 
     protected async execute({ projectName, organizationId }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
-        this.session.ensureAuthenticated();
         let assumedOrg = false;
 
         if (!projectName) {

src/tools/atlas/inspectAccessList.ts

@@ -12,8 +12,6 @@ export class InspectAccessListTool extends AtlasToolBase {
     };
 
     protected async execute({ projectId }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
-        this.session.ensureAuthenticated();
-
         const accessList = await this.session.apiClient.listProjectIpAccessLists({
             params: {
                 path: {

src/tools/atlas/inspectCluster.ts

@@ -14,8 +14,6 @@ export class InspectClusterTool extends AtlasToolBase {
     };
 
     protected async execute({ projectId, clusterName }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
-        this.session.ensureAuthenticated();
-
         const cluster = await this.session.apiClient.getCluster({
             params: {
                 path: {