[MCP] implement {get,set}_data and {validate,get}_rules for RTDB MCP

Author: oleina

src/mcp/tools/database/get_data.ts

@@ -0,0 +1,63 @@
+import { z } from "zod";
+import { tool } from "../../tool";
+import { mcpError, toContent } from "../../util";
+import * as url from "node:url";
+import { Client } from "../../../apiv2";
+import { text } from "node:stream/consumers";
+
+export const get_data = tool(
+  {
+    name: "get_data",
+    description: "Returns RTDB data from the specified location",
+    inputSchema: z.object({
+      databaseUrl: z
+        .string()
+        .optional()
+        .describe(
+          "connect to the database at url. If omitted, use default database instance <project>-default-rtdb.firebaseio.com. Can point to emulator URL (e.g. localhost:6000/<instance>)",
+        ),
+      path: z.string().describe("The path to the data to read. (ex: /my/cool/path)"),
+    }),
+    annotations: {
+      title: "Get Realtime Database data",
+      readOnlyHint: true,
+    },
+
+    _meta: {
+      // it's possible that a user attempts to query a database that they aren't
+      // authed into: we should let the rules evaluate as the author intended.
+      // If they have written rules to leave paths public, then having mcp
+      // grab their data is perfectly valid.
+      requiresAuth: false,
+      requiresProject: false,
+    },
+  },
+  async ({ path, databaseUrl }, { projectId, host }) => {
+    if (!path.startsWith("/")) {
+      return mcpError(`paths must start with '/' (you passed ''${path}')`);
+    }
+
+    const dbUrl = new url.URL(
+      databaseUrl
+        ? `${databaseUrl}/${path}.json`
+        : `https://${projectId}-default-rtdb.us-central1.firebasedatabase.app/${path}.json`,
+    );
+
+    const client = new Client({
+      urlPrefix: dbUrl.origin,
+      auth: true,
+    });
+
+    host.logger.debug(`sending read request to path '${path}' for url '${dbUrl.toString()}'`);
+
+    const res = await client.request<unknown, NodeJS.ReadableStream>({
+      method: "GET",
+      path: dbUrl.pathname,
+      responseType: "stream",
+      resolveOnHTTPError: true,
+    });
+
+    const content = await text(res.body);
+    return toContent(content);
+  },
+);

src/mcp/tools/database/get_rules.ts

@@ -0,0 +1,46 @@
+import { z } from "zod";
+import { Client } from "../../../apiv2";
+import { tool } from "../../tool";
+import { mcpError, toContent } from "../../util";
+
+export const get_rules = tool(
+  {
+    name: "get_rules",
+    description: "Get an RTDB database's rules",
+    inputSchema: z.object({
+      databaseUrl: z
+        .string()
+        .optional()
+        .describe(
+          "connect to the database at url. If omitted, use default database instance <project>-default-rtdb.firebaseio.com. Can point to emulator URL (e.g. localhost:6000/<instance>)",
+        ),
+    }),
+    annotations: {
+      title: "Get Realtime Database rules",
+      readOnlyHint: true,
+    },
+
+    _meta: {
+      requiresAuth: false,
+      requiresProject: false,
+    },
+  },
+  async ({ databaseUrl }, { projectId }) => {
+    const dbUrl =
+      databaseUrl ?? `https://${projectId}-default-rtdb.us-central1.firebasedatabase.app`;
+
+    const client = new Client({ urlPrefix: dbUrl });
+    const response = await client.request<void, NodeJS.ReadableStream>({
+      method: "GET",
+      path: "/.settings/rules.json",
+      responseType: "stream",
+      resolveOnHTTPError: true,
+    });
+    if (response.status !== 200) {
+      return mcpError(`Failed to fetch current rules. Code: ${response.status}`);
+    }
+
+    const rules = await response.response.text();
+    return toContent(rules);
+  },
+);

src/mcp/tools/database/index.ts

@@ -0,0 +1,7 @@
+import type { ServerTool } from "../../tool";
+import { get_rules } from "./get_rules";
+import { get_data } from "./get_data";
+import { set_data } from "./set_data";
+import { validate_rules } from "./validate_rules";
+
+export const realtimeDatabaseTools: ServerTool[] = [get_data, set_data, get_rules, validate_rules];

src/mcp/tools/database/set_data.ts

@@ -0,0 +1,67 @@
+import { z } from "zod";
+import { tool } from "../../tool";
+import { mcpError, toContent } from "../../util";
+import * as url from "node:url";
+import { stringToStream } from "../../../utils";
+import { Client } from "../../../apiv2";
+import { getErrMsg } from "../../../error";
+
+export const set_data = tool(
+  {
+    name: "set_data",
+    description: "Writes RTDB data to the specified location",
+    inputSchema: z.object({
+      databaseUrl: z
+        .string()
+        .optional()
+        .describe(
+          "connect to the database at url. If omitted, use default database instance <project>-default-rtdb.firebaseio.com. Can point to emulator URL (e.g. localhost:6000/<instance>)",
+        ),
+      path: z.string().describe("The path to the data to read. (ex: /my/cool/path)"),
+      data: z.string().describe('The JSON to write. (ex: {"alphabet": ["a", "b", "c"]})'),
+    }),
+    annotations: {
+      title: "Set Realtime Database data",
+      readOnlyHint: false,
+      idempotentHint: true,
+    },
+
+    _meta: {
+      requiresAuth: false,
+      requiresProject: false,
+    },
+  },
+  async ({ path, databaseUrl, data }, { projectId, host }) => {
+    if (!path.startsWith("/")) {
+      return mcpError(`paths must start with '/' (you passed ''${path}')`);
+    }
+
+    const dbUrl = new url.URL(
+      databaseUrl
+        ? `${databaseUrl}/${path}.json`
+        : `https://${projectId}-default-rtdb.us-central1.firebasedatabase.app/${path}.json`,
+    );
+
+    const client = new Client({
+      urlPrefix: dbUrl.origin,
+      auth: true,
+    });
+
+    const inStream = stringToStream(data);
+
+    host.logger.debug(`sending write request to path '${path}' for url '${dbUrl.toString()}'`);
+
+    try {
+      await client.request({
+        method: "PUT",
+        path: dbUrl.pathname,
+        body: inStream,
+      });
+    } catch (err: unknown) {
+      host.logger.debug(getErrMsg(err));
+      return mcpError(`Unexpected error while setting data: ${getErrMsg(err)}`);
+    }
+
+    return toContent("write successful!");
+  },
+);

src/mcp/tools/database/set_rules.ts

@@ -0,0 +1,48 @@
+import { z } from "zod";
+import { Client } from "../../../apiv2";
+import { tool } from "../../tool";
+import { mcpError, toContent } from "../../util";
+import { updateRulesWithClient } from "../../../rtdb";
+import { getErrMsg } from "../../../error";
+
+export const validate_rules = tool(
+  {
+    name: "validate_rules",
+    description: "Validates an RTDB database's rules",
+    inputSchema: z.object({
+      databaseUrl: z
+        .string()
+        .optional()
+        .describe(
+          "connect to the database at url. If omitted, use default database instance <project>-default-rtdb.firebaseio.com. Can point to emulator URL (e.g. localhost:6000/<instance>)",
+        ),
+      rules: z
+        .string()
+        .describe('The rules object, as a string (ex: {".read": false, ".write": false})'),
+    }),
+    annotations: {
+      title: "Validate Realtime Database rules",
+      idempotentHint: true,
+    },
+
+    _meta: {
+      requiresAuth: true,
+      requiresProject: false,
+    },
+  },
+  async ({ databaseUrl, rules }, { projectId, host }) => {
+    const dbUrl =
+      databaseUrl ?? `https://${projectId}-default-rtdb.us-central1.firebasedatabase.app`;
+
+    const client = new Client({ urlPrefix: dbUrl });
+
+    try {
+      await updateRulesWithClient(client, rules, { dryRun: true });
+    } catch (e: unknown) {
+      host.logger.debug(`failed to update rules at url ${dbUrl}`);
+      return mcpError(getErrMsg(e));
+    }
+
+    return toContent("the inputted rules are valid!");
+  },
+);

src/mcp/tools/database/validate_rules.ts

@@ -0,0 +1,50 @@
+import { z } from "zod";
+import { Client } from "../../../apiv2";
+import { tool } from "../../tool";
+import { mcpError, toContent } from "../../util";
+import { updateRulesWithClient } from "../../../rtdb";
+import { getErrMsg } from "../../../error";
+
+export const validate_rules = tool(
+  {
+    name: "validate_rules",
+    description: "Validates an RTDB database's rules",
+    inputSchema: z.object({
+      databaseUrl: z
+        .string()
+        .optional()
+        .describe(
+          "connect to the database at url. If omitted, use default database instance <project>-default-rtdb.firebaseio.com. Can point to emulator URL (e.g. localhost:6000/<instance>)",
+        ),
+      rules: z
+        .string()
+        .describe(
+          'The rules object, as a string (ex: {"rules": {".read": false, ".write": false}})',
+        ),
+    }),
+    annotations: {
+      title: "Validate Realtime Database rules",
+      idempotentHint: true,
+    },
+
+    _meta: {
+      requiresAuth: true,
+      requiresProject: false,
+    },
+  },
+  async ({ databaseUrl, rules }, { projectId, host }) => {
+    const dbUrl =
+      databaseUrl ?? `https://${projectId}-default-rtdb.us-central1.firebasedatabase.app`;
+
+    const client = new Client({ urlPrefix: dbUrl });
+
+    try {
+      await updateRulesWithClient(client, rules, { dryRun: true });
+    } catch (e: unknown) {
+      host.logger.debug(`failed to update rules at url ${dbUrl}`);
+      return mcpError(getErrMsg(e));
+    }
+
+    return toContent("the inputted rules are valid!");
+  },
+);

src/mcp/tools/index.ts

@@ -9,6 +9,7 @@ import { messagingTools } from "./messaging/index.js";
 import { remoteConfigTools } from "./remoteconfig/index.js";
 import { crashlyticsTools } from "./crashlytics/index.js";
 import { appHostingTools } from "./apphosting/index.js";
+import { realtimeDatabaseTools } from "./database/index.js";
 
 /** availableTools returns the list of MCP tools available given the server flags */
 export function availableTools(activeFeatures?: ServerFeature[]): ServerTool[] {
@@ -32,6 +33,7 @@ const tools: Record<ServerFeature, ServerTool[]> = {
   remoteconfig: addFeaturePrefix("remoteconfig", remoteConfigTools),
   crashlytics: addFeaturePrefix("crashlytics", crashlyticsTools),
   apphosting: addFeaturePrefix("apphosting", appHostingTools),
+  database: addFeaturePrefix("database", realtimeDatabaseTools),
 };
 
 function addFeaturePrefix(feature: string, tools: ServerTool[]): ServerTool[] {

src/mcp/tools/rules/get_rules.ts

@@ -21,7 +21,7 @@ export function getRulesTool(productName: string, releaseName: string) {
     async (_, { projectId }) => {
       const rulesetName = await getLatestRulesetName(projectId, releaseName);
       if (!rulesetName)
-        return mcpError(`No active Firestore rules were found in project '${projectId}'`);
+        return mcpError(`No active ${productName} rules were found in project '${projectId}'`);
       const rules = await getRulesetContent(rulesetName);
       return toContent(rules[0].content);
     },

src/mcp/types.ts

@@ -7,6 +7,7 @@ export const SERVER_FEATURES = [
   "remoteconfig",
   "crashlytics",
   "apphosting",
+  "database",
 ] as const;
 export type ServerFeature = (typeof SERVER_FEATURES)[number];
 

src/mcp/util.ts

@@ -12,6 +12,7 @@ import {
   remoteConfigApiOrigin,
   storageOrigin,
   crashlyticsApiOrigin,
+  realtimeOrigin,
 } from "../api";
 import { check } from "../ensureApiEnabled";
 
@@ -58,6 +59,10 @@ export function mcpError(message: Error | string | unknown, code?: string): Call
   };
 }
 
+/*
+ * Wraps a throwing function with a safe conversion to mcpError.
+ */
+
 /**
  * Checks if a command exists in the system.
  */
@@ -89,6 +94,7 @@ const SERVER_FEATURE_APIS: Record<ServerFeature, string> = {
   remoteconfig: remoteConfigApiOrigin(),
   crashlytics: crashlyticsApiOrigin(),
   apphosting: apphostingOrigin(),
+  database: realtimeOrigin(),
 };
 
 /**