Rebase and prepare for oauth scope.

Author: axiapubsub

apps/dns-analytic/src/index.ts

@@ -1,4 +1,4 @@
-# Model Context Protocol (MCP) Server + Cloudflare DNS API Endpoints
+# Model Context Protocol (MCP) Server + Cloudflare DNS Analytics
 
 This is a [Model Context Protocol (MCP)](https://modelcontextprotocol.io/introduction) server based on [MCP Server + Cloudflare OAuth](https://github.com/axiapubsub/mcp-server-cloudflare/tree/main/apps/workers-observability). In addition, this MCP server also introduces the tool functions to access DNS information from Cloudflare API Endpoints.
 

apps/dns-analytic/.dev.vars.example renamed to apps/dns-analytics/.dev.vars.example

@@ -1,5 +1,5 @@
 {
-	"name": "dns-analytic",
+	"name": "dns-analytics",
 	"version": "0.0.1",
 	"private": true,
 	"scripts": {
@@ -8,23 +8,22 @@
 		"deploy": "wrangler deploy",
 		"dev": "wrangler dev",
 		"start": "wrangler dev",
-		"cf-typegen": "wrangler types",
+		"types": "wrangler types --include-env=false",
 		"test": "vitest run"
 	},
 	"dependencies": {
-		"@cloudflare/workers-oauth-provider": "0.0.2",
+		"@cloudflare/workers-oauth-provider": "0.0.5",
 		"@hono/zod-validator": "0.4.3",
-		"@modelcontextprotocol/sdk": "1.9.0",
+		"@modelcontextprotocol/sdk": "1.10.2",
 		"@repo/mcp-common": "workspace:*",
 		"@repo/mcp-observability": "workspace:*",
-		"agents": "0.0.62",
+		"agents": "0.0.67",
 		"cloudflare": "4.2.0",
 		"hono": "4.7.6",
 		"zod": "3.24.2"
 	},
 	"devDependencies": {
 		"@cloudflare/vitest-pool-workers": "0.8.14",
-		"@cloudflare/workers-types": "4.20250414.0",
 		"@types/node": "22.14.1",
 		"prettier": "3.5.3",
 		"typescript": "5.5.4",

apps/dns-analytic/.eslintrc.cjs renamed to apps/dns-analytics/.eslintrc.cjs

@@ -0,0 +1,21 @@
+import type { UserDetails } from '@repo/mcp-common/src/durable-objects/user_details'
+import type { DNSAnalyticsMCP } from './index'
+
+export interface Env {
+	OAUTH_KV: KVNamespace
+	ENVIRONMENT: 'development' | 'staging' | 'production'
+	MCP_SERVER_NAME: string
+	MCP_SERVER_VERSION: string
+	CLOUDFLARE_CLIENT_ID: string
+	CLOUDFLARE_CLIENT_SECRET: string
+	MCP_OBJECT: DurableObjectNamespace<DNSAnalyticsMCP>
+	USER_DETAILS: DurableObjectNamespace<UserDetails>
+	MCP_METRICS: AnalyticsEngineDataset
+	SENTRY_ACCESS_CLIENT_ID: string
+	SENTRY_ACCESS_CLIENT_SECRET: string
+	GIT_HASH: string
+	SENTRY_DSN: string
+	DEV_DISABLE_OAUTH: string
+	DEV_CLOUDFLARE_API_TOKEN: string
+	DEV_CLOUDFLARE_EMAIL: string
+}

apps/dns-analytic/README.md renamed to apps/dns-analytics/README.md

@@ -0,0 +1,121 @@
+import OAuthProvider from '@cloudflare/workers-oauth-provider'
+import { McpAgent } from 'agents/mcp'
+
+import {
+	createAuthHandlers,
+	handleTokenExchangeCallback,
+} from '@repo/mcp-common/src/cloudflare-oauth-handler'
+import { CloudflareMCPServer } from '@repo/mcp-common/src/server'
+import { registerAccountTools } from '@repo/mcp-common/src/tools/account'
+import { getEnv } from '@repo/mcp-common/src/env'
+import { RequiredScopes } from '@repo/mcp-common/src/scopes'
+import { handleDevMode } from '@repo/mcp-common/src/dev-mode'
+
+import { MetricsTracker } from '../../../packages/mcp-observability/src'
+import { registerAnalyticTools } from './tools/analytics'
+
+import type { AuthProps } from '@repo/mcp-common/src/cloudflare-oauth-handler'
+import type { Env } from './context'
+import { getUserDetails } from '@repo/mcp-common/src/durable-objects/user_details'
+
+const env = getEnv<Env>()
+
+const metrics = new MetricsTracker(env.MCP_METRICS, {
+	name: env.MCP_SERVER_NAME,
+	version: env.MCP_SERVER_VERSION,
+})
+
+// Context from the auth process, encrypted & stored in the auth token
+// and provided to the DurableMCP as this.props
+export type Props = AuthProps
+
+export type State = { activeAccountId: string | null }
+
+export class DNSAnalyticsMCP extends McpAgent<Env, State, Props> {
+	_server: CloudflareMCPServer | undefined
+	set server(server: CloudflareMCPServer) {
+		this._server = server
+	}
+
+	get server(): CloudflareMCPServer {
+		if (!this._server) {
+			throw new Error('Tried to access server before it was initialized')
+		}
+
+		return this._server
+	}
+
+	constructor(ctx: DurableObjectState, env: Env) {
+		super(ctx, env)
+	}
+
+	async init() {
+		this.server = new CloudflareMCPServer({
+			userId: this.props.user.id,
+			wae: this.env.MCP_METRICS,
+			serverInfo: {
+				name: this.env.MCP_SERVER_NAME,
+				version: this.env.MCP_SERVER_VERSION,
+			},
+		})
+
+		registerAccountTools(this)
+
+		// Register Cloudflare DNS Analytic tools
+		registerAnalyticTools(this)
+	}
+
+	async getActiveAccountId() {
+		try {
+			// Get UserDetails Durable Object based off the userId and retrieve the activeAccountId from it
+			// we do this so we can persist activeAccountId across sessions
+			const userDetails = getUserDetails(env, this.props.user.id)
+			return await userDetails.getActiveAccountId()
+		} catch (e) {
+			this.server.recordError(e)
+			return null
+		}
+	}
+
+	async setActiveAccountId(accountId: string) {
+		try {
+			const userDetails = getUserDetails(env, this.props.user.id)
+			await userDetails.setActiveAccountId(accountId)
+		} catch (e) {
+			this.server.recordError(e)
+		}
+	}
+}
+
+const AnalyticsScopes = {
+	...RequiredScopes,
+	'account:read': 'See your account info such as account details, analytics, and memberships.',
+} as const
+
+export default {
+	fetch: async (req: Request, env: Env, ctx: ExecutionContext) => {
+		if (env.ENVIRONMENT === 'development' && env.DEV_DISABLE_OAUTH === 'true') {
+			return await handleDevMode(DNSAnalyticsMCP, req, env, ctx)
+		}
+
+		return new OAuthProvider({
+			apiHandlers: {
+				'/mcp': DNSAnalyticsMCP.serve('/mcp'),
+				'/sse': DNSAnalyticsMCP.serveSSE('/sse'),
+			},
+			// @ts-ignore
+			defaultHandler: createAuthHandlers({ scopes: AnalyticsScopes, metrics }),
+			authorizeEndpoint: '/oauth/authorize',
+			tokenEndpoint: '/token',
+			tokenExchangeCallback: (options) =>
+				handleTokenExchangeCallback(
+					options,
+					env.CLOUDFLARE_CLIENT_ID,
+					env.CLOUDFLARE_CLIENT_SECRET
+				),
+			// Cloudflare access token TTL
+			accessTokenTTL: 3600,
+			clientRegistrationEndpoint: '/register',
+		}).fetch(req, env, ctx)
+	},
+}

apps/dns-analytic/package.json renamed to apps/dns-analytics/package.json

@@ -1,13 +1,16 @@
-import { env } from 'cloudflare:workers'
 import { AccountGetParams } from 'cloudflare/resources/accounts/accounts.mjs'
 import { ReportGetParams } from 'cloudflare/resources/dns/analytics.mjs'
 import { ZoneGetParams } from 'cloudflare/resources/dns/settings.mjs'
 import { ZoneListParams } from 'cloudflare/resources/zones/zones.mjs'
 import { z } from 'zod'
 
 import { getCloudflareClient } from '@repo/mcp-common/src/cloudflare-api'
+import { getEnv } from '@repo/mcp-common/src/env'
 
-import type { AnalyticMCP } from '../index'
+import type { DNSAnalyticsMCP } from '../index'
+import type { Env } from '../context'
+
+const env = getEnv<Env>()
 
 function getStartDate(days: number) {
 	const today = new Date()
@@ -21,7 +24,7 @@ function getStartDate(days: number) {
  * @param accountId Cloudflare account ID
  * @param apiToken Cloudflare API token
  */
-export function registerAnalyticTools(agent: AnalyticMCP) {
+export function registerAnalyticTools(agent: DNSAnalyticsMCP) {
 	// Register DNS Report tool
 	agent.server.tool(
 		'dns-report',
@@ -33,7 +36,7 @@ export function registerAnalyticTools(agent: AnalyticMCP) {
 		async ({ zone, days }) => {
 			try {
 				console.log('fetching DNS record')
-				const client = getCloudflareClient(env.CLOUDFLARE_API_TOKEN)
+				const client = getCloudflareClient(env.DEV_CLOUDFLARE_API_TOKEN)
 				const start_date = getStartDate(days)
 				console.log(start_date)
 				const params: ReportGetParams = {
@@ -73,7 +76,7 @@ export function registerAnalyticTools(agent: AnalyticMCP) {
 		async () => {
 			try {
 				console.log('Show Account DNS settings')
-				const accountId = agent.getActiveAccountId()
+				const accountId = await agent.getActiveAccountId()
 				if (!accountId) {
 					return {
 						content: [
@@ -84,7 +87,7 @@ export function registerAnalyticTools(agent: AnalyticMCP) {
 						],
 					}
 				}
-				const client = getCloudflareClient(env.CLOUDFLARE_API_TOKEN)
+				const client = getCloudflareClient(env.DEV_CLOUDFLARE_API_TOKEN)
 				const params: AccountGetParams = {
 					account_id: accountId,
 				}
@@ -121,7 +124,7 @@ export function registerAnalyticTools(agent: AnalyticMCP) {
 		async ({ zone }) => {
 			try {
 				console.log('Show Zone DNS settings')
-				const client = getCloudflareClient(env.CLOUDFLARE_API_TOKEN)
+				const client = getCloudflareClient(env.DEV_CLOUDFLARE_API_TOKEN)
 				const params: ZoneGetParams = {
 					zone_id: zone,
 				}
@@ -157,8 +160,8 @@ export function registerAnalyticTools(agent: AnalyticMCP) {
 		async () => {
 			try {
 				console.log('List zones under the current active account')
-				const client = getCloudflareClient(env.CLOUDFLARE_API_TOKEN)
-				const accountId = agent.getActiveAccountId()
+				const client = getCloudflareClient(env.DEV_CLOUDFLARE_API_TOKEN)
+				const accountId = await agent.getActiveAccountId()
 				if (!accountId) {
 					return {
 						content: [