michal/mcpctl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b34ea63d3debe581e11fc5ffa33f8cc33ea38a9e
mcpctl/src/cli/tests/commands/claude.test.ts

193 lines
6.9 KiB
TypeScript
Raw Normal View History

feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
import { writeFileSync, readFileSync, mkdtempSync, rmSync } from 'node:fs';
import { join } from 'node:path';
import { tmpdir } from 'node:os';
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
import { createConfigCommand } from '../../src/commands/config.js';
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
import type { ApiClient } from '../../src/api-client.js';
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
import { saveCredentials, loadCredentials } from '../../src/auth/index.js';
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
function mockClient(): ApiClient {
return {
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
get: vi.fn(async () => ({})),
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
post: vi.fn(async () => ({ token: 'impersonated-tok', user: { email: 'other@test.com' } })),
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
put: vi.fn(async () => ({})),
delete: vi.fn(async () => {}),
} as unknown as ApiClient;
}
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
describe('config claude', () => {
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
let client: ReturnType<typeof mockClient>;
let output: string[];
let tmpDir: string;
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
const log = (...args: string[]) => output.push(args.join(' '));
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
beforeEach(() => {
client = mockClient();
output = [];
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
tmpDir = mkdtempSync(join(tmpdir(), 'mcpctl-config-claude-'));
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
});
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
afterEach(() => {
rmSync(tmpDir, { recursive: true, force: true });
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
});
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
it('generates .mcp.json with mcpctl mcp bridge entry', async () => {
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
const outPath = join(tmpDir, '.mcp.json');
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
{ client, credentialsDeps: { configDir: tmpDir }, log },
);
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
await cmd.parseAsync(['claude', '--project', 'homeautomation', '-o', outPath], { from: 'user' });
// No API call should be made
expect(client.get).not.toHaveBeenCalled();
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
const written = JSON.parse(readFileSync(outPath, 'utf-8'));
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
expect(written.mcpServers['homeautomation']).toEqual({
command: 'mcpctl',
args: ['mcp', '-p', 'homeautomation'],
});
expect(output.join('\n')).toContain('1 server(s)');
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
});
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
it('prints to stdout with --stdout', async () => {
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
{ client, credentialsDeps: { configDir: tmpDir }, log },
);
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
await cmd.parseAsync(['claude', '--project', 'myproj', '--stdout'], { from: 'user' });
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
const parsed = JSON.parse(output[0]);
expect(parsed.mcpServers['myproj']).toEqual({
command: 'mcpctl',
args: ['mcp', '-p', 'myproj'],
});
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
});
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
it('merges with existing .mcp.json', async () => {
const outPath = join(tmpDir, '.mcp.json');
writeFileSync(outPath, JSON.stringify({
mcpServers: { 'existing--server': { command: 'echo', args: [] } },
}));
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
{ client, credentialsDeps: { configDir: tmpDir }, log },
);
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
await cmd.parseAsync(['claude', '--project', 'proj-1', '-o', outPath, '--merge'], { from: 'user' });
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
const written = JSON.parse(readFileSync(outPath, 'utf-8'));
expect(written.mcpServers['existing--server']).toBeDefined();
feat: add mcpctl mcp STDIO bridge, rework config claude - New `mcpctl mcp -p PROJECT` command: STDIO-to-StreamableHTTP bridge that reads JSON-RPC from stdin and forwards to mcplocal project endpoint - Rework `config claude` to write mcpctl mcp entry instead of fetching server configs from API (no secrets in .mcp.json) - Keep `config claude-generate` as backward-compat alias - Fix discovery.ts auth token not being forwarded to mcpd (RBAC bypass) - Update fish/bash completions for new commands - 10 new MCP bridge tests, updated claude tests, fixed project-discovery test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 00:52:05 +00:00
expect(written.mcpServers['proj-1']).toEqual({
command: 'mcpctl',
args: ['mcp', '-p', 'proj-1'],
});
expect(output.join('\n')).toContain('2 server(s)');
});
it('backward compat: claude-generate still works', async () => {
const outPath = join(tmpDir, '.mcp.json');
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
{ client, credentialsDeps: { configDir: tmpDir }, log },
);
await cmd.parseAsync(['claude-generate', '--project', 'proj-1', '-o', outPath], { from: 'user' });
const written = JSON.parse(readFileSync(outPath, 'utf-8'));
expect(written.mcpServers['proj-1']).toEqual({
command: 'mcpctl',
args: ['mcp', '-p', 'proj-1'],
});
});
it('uses project name as the server key', async () => {
const outPath = join(tmpDir, '.mcp.json');
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
);
await cmd.parseAsync(['claude', '--project', 'my-fancy-project', '-o', outPath], { from: 'user' });
const written = JSON.parse(readFileSync(outPath, 'utf-8'));
expect(Object.keys(written.mcpServers)).toEqual(['my-fancy-project']);
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
});
});
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
describe('config impersonate', () => {
let client: ReturnType<typeof mockClient>;
let output: string[];
let tmpDir: string;
const log = (...args: string[]) => output.push(args.join(' '));
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
beforeEach(() => {
client = mockClient();
output = [];
tmpDir = mkdtempSync(join(tmpdir(), 'mcpctl-config-impersonate-'));
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
});
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
afterEach(() => {
rmSync(tmpDir, { recursive: true, force: true });
});
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
it('impersonates a user and saves backup', async () => {
saveCredentials({ token: 'admin-tok', mcpdUrl: 'http://localhost:3100', user: 'admin@test.com' }, { configDir: tmpDir });
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
{ client, credentialsDeps: { configDir: tmpDir }, log },
);
await cmd.parseAsync(['impersonate', 'other@test.com'], { from: 'user' });
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
expect(client.post).toHaveBeenCalledWith('/api/v1/auth/impersonate', { email: 'other@test.com' });
expect(output.join('\n')).toContain('Impersonating other@test.com');
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
const creds = loadCredentials({ configDir: tmpDir });
expect(creds!.user).toBe('other@test.com');
expect(creds!.token).toBe('impersonated-tok');
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
// Backup exists
const backup = JSON.parse(readFileSync(join(tmpDir, 'credentials-backup'), 'utf-8'));
expect(backup.user).toBe('admin@test.com');
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
});
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
it('quits impersonation and restores backup', async () => {
// Set up current (impersonated) credentials
saveCredentials({ token: 'impersonated-tok', mcpdUrl: 'http://localhost:3100', user: 'other@test.com' }, { configDir: tmpDir });
// Set up backup (original) credentials
writeFileSync(join(tmpDir, 'credentials-backup'), JSON.stringify({
token: 'admin-tok', mcpdUrl: 'http://localhost:3100', user: 'admin@test.com',
}));
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
{ client, credentialsDeps: { configDir: tmpDir }, log },
);
await cmd.parseAsync(['impersonate', '--quit'], { from: 'user' });
expect(output.join('\n')).toContain('Returned to admin@test.com');
const creds = loadCredentials({ configDir: tmpDir });
expect(creds!.user).toBe('admin@test.com');
expect(creds!.token).toBe('admin-tok');
});
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
it('errors when not logged in', async () => {
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
{ client, credentialsDeps: { configDir: tmpDir }, log },
);
await cmd.parseAsync(['impersonate', 'other@test.com'], { from: 'user' });
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
expect(output.join('\n')).toContain('Not logged in');
});
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
it('errors when quitting with no backup', async () => {
const cmd = createConfigCommand(
{ configDeps: { configDir: tmpDir }, log },
{ client, credentialsDeps: { configDir: tmpDir }, log },
);
await cmd.parseAsync(['impersonate', '--quit'], { from: 'user' });
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
feat: granular RBAC with resource/operation bindings, users, groups - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource bindings (role+resource+optional name) and operation bindings (role:run + action like backup, logs, impersonate) - Name-scoped resource bindings for per-instance access control - Remove role from project members (all permissions via RBAC) - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - Full test coverage for all new functionality Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:05:19 +00:00
expect(output.join('\n')).toContain('No impersonation session to quit');
feat: add claude and project CLI commands Claude command manages .mcp.json files (generate from project, show, add, remove entries). Project command provides CRUD for projects with profile assignment management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 05:16:57 +00:00
});
});
Reference in New Issue Copy Permalink