MCP auth and list_projects tool

Author: ericallam

packages/cli-v3/.mcp.log

@@ -79,7 +79,7 @@ try {
     // Add/update trigger.dev entry
     config.mcpServers['trigger'] = {
         command: nodePath,
-        args: [cliPath, 'mcp', '--log-file', logFile]
+        args: [cliPath, 'mcp', '--log-file', logFile, '--api-url', 'http://localhost:3030']
     };
 
     // Write back to file with proper formatting

packages/cli-v3/src/install-mcp.sh packages/cli-v3/install-mcp.shpackages/cli-v3/src/install-mcp.sh renamed to packages/cli-v3/install-mcp.sh

@@ -77,7 +77,7 @@
     "test:e2e": "vitest --run -c ./e2e/vitest.config.ts",
     "update-version": "tsx ../../scripts/updateVersion.ts",
     "install-mcp": "./install-mcp.sh",
-    "inspector": "npx @modelcontextprotocol/inspector dist/esm/index.js mcp --log-file .mcp.log"
+    "inspector": "npx @modelcontextprotocol/inspector dist/esm/index.js mcp --log-file .mcp.log --api-url http://localhost:3030"
   },
   "dependencies": {
     "@clack/prompts": "^0.10.0",

packages/cli-v3/package.json

@@ -346,7 +346,7 @@ export async function login(options?: LoginOptions): Promise<LoginResult> {
   });
 }
 
-async function getPersonalAccessToken(apiClient: CliApiClient, authorizationCode: string) {
+export async function getPersonalAccessToken(apiClient: CliApiClient, authorizationCode: string) {
   return await tracer.startActiveSpan("getPersonalAccessToken", async (span) => {
     try {
       const token = await apiClient.getPersonalAccessToken(authorizationCode);

packages/cli-v3/src/commands/login.ts

@@ -8,7 +8,8 @@ import { performSearch } from "../mcp/mintlifyClient.js";
 import { logger } from "../utilities/logger.js";
 import { FileLogger } from "../mcp/logger.js";
 import { McpContext } from "../mcp/context.js";
-import { registerGetProjectDetailsTool } from "../mcp/tools.js";
+import { registerGetProjectDetailsTool, registerListProjectsTool } from "../mcp/tools.js";
+import { CLOUD_API_URL } from "../consts.js";
 
 const McpCommandOptions = CommonCommandOptions.extend({
   projectRef: z.string().optional(),
@@ -34,18 +35,6 @@ export function configureMcpCommand(program: Command) {
 export async function mcpCommand(options: McpCommandOptions) {
   logger.loggerLevel = "none";
 
-  const authorization = await login({
-    embedded: true,
-    silent: true,
-    defaultApiUrl: options.apiUrl,
-    profile: options.profile,
-  });
-
-  if (!authorization.ok) {
-    process.exitCode = 1;
-    return;
-  }
-
   const server = new McpServer({
     name: "triggerdev",
     version: "1.0.0",
@@ -57,11 +46,14 @@ export async function mcpCommand(options: McpCommandOptions) {
     : undefined;
 
   const context = new McpContext(server, {
-    login: authorization,
     projectRef: options.projectRef,
     fileLogger,
+    apiUrl: options.apiUrl ?? CLOUD_API_URL,
+    profile: options.profile,
   });
 
+  fileLogger?.log("running mcp command", { options });
+
   server.registerTool(
     "search_docs",
     {
@@ -78,6 +70,7 @@ export async function mcpCommand(options: McpCommandOptions) {
   );
 
   registerGetProjectDetailsTool(context);
+  registerListProjectsTool(context);
 
   // Start receiving messages on stdin and sending messages on stdout
   const transport = new StdioServerTransport();

packages/cli-v3/src/commands/mcp.ts

@@ -0,0 +1,179 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { env } from "std-env";
+import { CliApiClient } from "../apiClient.js";
+import { CLOUD_API_URL } from "../consts.js";
+import { readAuthConfigProfile, writeAuthConfigProfile } from "../utilities/configFiles.js";
+import {
+  isPersonalAccessToken,
+  NotPersonalAccessTokenError,
+} from "../utilities/isPersonalAccessToken.js";
+import { LoginResult } from "../utilities/session.js";
+import { getPersonalAccessToken } from "../commands/login.js";
+import open from "open";
+import pRetry from "p-retry";
+import { McpContext } from "./context.js";
+
+export type McpAuthOptions = {
+  server: McpServer;
+  context: McpContext;
+  defaultApiUrl?: string;
+  profile?: string;
+};
+
+export async function mcpAuth(options: McpAuthOptions): Promise<LoginResult> {
+  const opts = {
+    defaultApiUrl: CLOUD_API_URL,
+    ...options,
+  };
+
+  const accessTokenFromEnv = env.TRIGGER_ACCESS_TOKEN;
+
+  if (accessTokenFromEnv) {
+    if (!isPersonalAccessToken(accessTokenFromEnv)) {
+      throw new NotPersonalAccessTokenError(
+        "Your TRIGGER_ACCESS_TOKEN is not a Personal Access Token, they start with 'tr_pat_'. You can generate one here: https://cloud.trigger.dev/account/tokens"
+      );
+    }
+
+    const auth = {
+      accessToken: accessTokenFromEnv,
+      apiUrl: env.TRIGGER_API_URL ?? opts.defaultApiUrl ?? CLOUD_API_URL,
+    };
+
+    const apiClient = new CliApiClient(auth.apiUrl, auth.accessToken);
+    const userData = await apiClient.whoAmI();
+
+    if (!userData.success) {
+      throw new Error(userData.error);
+    }
+
+    return {
+      ok: true as const,
+      profile: options?.profile ?? "default",
+      userId: userData.data.userId,
+      email: userData.data.email,
+      dashboardUrl: userData.data.dashboardUrl,
+      auth: {
+        accessToken: auth.accessToken,
+        apiUrl: auth.apiUrl,
+      },
+    };
+  }
+
+  const authConfig = readAuthConfigProfile(options?.profile);
+
+  if (authConfig && authConfig.accessToken) {
+    const apiClient = new CliApiClient(
+      authConfig.apiUrl ?? opts.defaultApiUrl,
+      authConfig.accessToken
+    );
+    const userData = await apiClient.whoAmI();
+
+    if (!userData.success) {
+      throw new Error(userData.error);
+    }
+
+    return {
+      ok: true as const,
+      profile: options?.profile ?? "default",
+      userId: userData.data.userId,
+      email: userData.data.email,
+      dashboardUrl: userData.data.dashboardUrl,
+      auth: {
+        accessToken: authConfig.accessToken,
+        apiUrl: authConfig.apiUrl ?? opts.defaultApiUrl,
+      },
+    };
+  }
+
+  const apiClient = new CliApiClient(authConfig?.apiUrl ?? opts.defaultApiUrl);
+
+  //generate authorization code
+  const authorizationCodeResult = await createAuthorizationCode(apiClient);
+
+  // Only elicitInput if the client has the elicitation capability
+
+  // Elicit the user to visit the authorization code URL
+  const allowLogin = await askForLoginPermission(opts.server, authorizationCodeResult.url);
+
+  if (!allowLogin) {
+    return {
+      ok: false as const,
+      error: "User did not allow login",
+    };
+  }
+
+  // Open the authorization code URL in the browser
+  await open(authorizationCodeResult.url);
+
+  // Poll for the personal access token
+  const indexResult = await pRetry(
+    () => getPersonalAccessToken(apiClient, authorizationCodeResult.authorizationCode),
+    {
+      //this means we're polling, same distance between each attempt
+      factor: 1,
+      retries: 60,
+      minTimeout: 1000,
+    }
+  );
+
+  writeAuthConfigProfile(
+    { accessToken: indexResult.token, apiUrl: opts.defaultApiUrl },
+    options?.profile
+  );
+
+  const client = new CliApiClient(opts.defaultApiUrl, indexResult.token);
+  const userData = await client.whoAmI();
+
+  if (!userData.success) {
+    throw new Error(userData.error);
+  }
+
+  return {
+    ok: true as const,
+    profile: options?.profile ?? "default",
+    userId: userData.data.userId,
+    email: userData.data.email,
+    dashboardUrl: userData.data.dashboardUrl,
+    auth: {
+      accessToken: indexResult.token,
+      apiUrl: opts.defaultApiUrl,
+    },
+  };
+}
+
+async function createAuthorizationCode(apiClient: CliApiClient) {
+  const authorizationCodeResult = await apiClient.createAuthorizationCode();
+
+  if (!authorizationCodeResult.success) {
+    throw new Error(`Failed to create authorization code\n${authorizationCodeResult.error}`);
+  }
+
+  return authorizationCodeResult.data;
+}
+
+async function askForLoginPermission(server: McpServer, authorizationCodeUrl: string) {
+  const capabilities = server.server.getClientCapabilities();
+
+  if (typeof capabilities?.elicitation !== "object") {
+    return true;
+  }
+
+  const result = await server.server.elicitInput({
+    message: `You are not currently logged in. Would you like to login now? We'll automatically open the authorization code URL (${authorizationCodeUrl}) in your browser.`,
+    requestedSchema: {
+      type: "object",
+      properties: {
+        allowLogin: {
+          type: "boolean",
+          default: false,
+          title: "Allow Login",
+          description: "Whether to allow the user to login",
+        },
+      },
+      required: ["allowLogin"],
+    },
+  });
+
+  return result.action === "accept" && result.content?.allowLogin;
+}

packages/cli-v3/src/mcp/auth.ts

@@ -1,11 +1,11 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { FileLogger } from "./logger.js";
-import { LoginResult } from "../utilities/session.js";
 
 export type McpContextOptions = {
-  login: LoginResult;
   projectRef?: string;
   fileLogger?: FileLogger;
+  apiUrl?: string;
+  profile?: string;
 };
 
 export class McpContext {

packages/cli-v3/src/mcp/context.ts

@@ -0,0 +1,8 @@
+import { z } from "zod";
+
+export const ProjectRefSchema = z
+  .string()
+  .describe(
+    "The trigger.dev project ref, starts with proj_. We will attempt to automatically detect the project ref if running inside a directory that includes a trigger.config.ts file, or if you pass the --project-ref option to the MCP server."
+  )
+  .optional();

packages/cli-v3/src/mcp/schemas.ts

@@ -1,23 +1,90 @@
-import z from "zod";
+import { GetProjectsResponseBody } from "@trigger.dev/core/v3/schemas";
+import { CliApiClient } from "../apiClient.js";
+import { mcpAuth } from "./auth.js";
 import { McpContext } from "./context.js";
+import { ProjectRefSchema } from "./schemas.js";
+import { respondWithError } from "./utils.js";
 
 export function registerGetProjectDetailsTool(context: McpContext) {
   context.server.registerTool(
     "get_project_details",
     {
       description: "Get the details of the project",
       inputSchema: {
-        projectRef: z.string().optional(),
+        projectRef: ProjectRefSchema,
       },
     },
     async ({ projectRef }, extra) => {
+      const auth = await mcpAuth({
+        server: context.server,
+        defaultApiUrl: context.options.apiUrl,
+        profile: context.options.profile,
+        context,
+      });
+
+      if (!auth.ok) {
+        throw new Error(auth.error);
+      }
+
       const roots = await context.server.server.listRoots();
 
-      context.logger?.log("get_project_details", { roots, projectRef, extra });
+      context.logger?.log("get_project_details", { roots, projectRef, extra, auth });
 
       return {
         content: [{ type: "text", text: "Not implemented" }],
       };
     }
   );
 }
+
+export function registerListProjectsTool(context: McpContext) {
+  context.server.registerTool(
+    "list_projects",
+    {
+      description: "List all projects",
+      outputSchema: {
+        projects: GetProjectsResponseBody,
+      },
+    },
+    async (_, extra) => {
+      context.logger?.log("calling list_projects", { extra });
+
+      const auth = await mcpAuth({
+        server: context.server,
+        defaultApiUrl: context.options.apiUrl,
+        profile: context.options.profile,
+        context,
+      });
+
+      if (!auth.ok) {
+        return respondWithError(auth.error);
+      }
+
+      const roots = await context.server.server.listRoots();
+
+      context.logger?.log("list_projects", { roots, extra, auth });
+
+      const cliApiClient = new CliApiClient(auth.auth.apiUrl, auth.auth.accessToken);
+
+      const projects = await cliApiClient.getProjects();
+
+      if (!projects.success) {
+        return respondWithError(projects.error);
+      }
+
+      context.logger?.log("list_projects", { projects: projects.data });
+
+      return {
+        structuredContent: {
+          projects: projects.data,
+        },
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(projects.data, null, 2),
+          },
+        ],
+      };
+    }
+  );
+}