Module: LocalVault::MCP::Tools

Defined in:
lib/localvault/mcp/tools.rb

Constant Summary collapse

VAULT_PARAM = 
{
  "vault" => {
    "type" => "string",
    "description" => "Vault name to use (uses default vault if omitted)"
  }
}.freeze
DEFINITIONS =

MCP tool definitions conforming to the MCP tools/list schema. Each entry specifies a tool name, description, and JSON Schema for input.

[
  {
    "name" => "get_secret",
    "description" => "Retrieve a secret value by key from a localvault vault",
    "inputSchema" => {
      "type" => "object",
      "properties" => {
        "key"   => { "type" => "string", "description" => "The secret key to retrieve" },
        **VAULT_PARAM
      },
      "required" => ["key"]
    }
  },
  {
    "name" => "list_secrets",
    "description" => "List all secret keys in a localvault vault",
    "inputSchema" => {
      "type" => "object",
      "properties" => { **VAULT_PARAM },
      "required" => []
    }
  },
  {
    "name" => "set_secret",
    "description" => "Store a secret key-value pair in a localvault vault. Use dot-notation (project.KEY) for namespaced secrets.",
    "inputSchema" => {
      "type" => "object",
      "properties" => {
        "key"   => { "type" => "string", "description" => "The secret key (supports dot-notation: project.KEY)" },
        "value" => { "type" => "string", "description" => "The secret value" },
        **VAULT_PARAM
      },
      "required" => ["key", "value"]
    }
  },
  {
    "name" => "delete_secret",
    "description" => "Delete a secret by key from a localvault vault",
    "inputSchema" => {
      "type" => "object",
      "properties" => {
        "key"   => { "type" => "string", "description" => "The secret key to delete" },
        **VAULT_PARAM
      },
      "required" => ["key"]
    }
  }
].freeze

Class Method Summary collapse

Class Method Details

.call(name, arguments, vault_resolver) ⇒ Hash

Dispatch an MCP tool call by name.

Resolves the target vault via the provided callable, then executes the requested tool (get_secret, list_secrets, set_secret, or delete_secret).

Parameters:

  • name (String)

    tool name (must match a DEFINITIONS entry)

  • arguments (Hash)

    tool arguments (e.g. => “API_KEY”, “vault” => “prod”)

  • vault_resolver (#call)

    callable that accepts a vault name (String or nil) and returns a Vault instance or nil

Returns:

  • (Hash)

    MCP content result with “content” array and optional “isError”

Raises:

  • (ArgumentError)

    if the tool name is unknown



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/localvault/mcp/tools.rb', line 75

def self.call(name, arguments, vault_resolver)
  unless DEFINITIONS.any? { |t| t["name"] == name }
    raise ArgumentError, "Unknown tool: #{name}"
  end

  vault_name = arguments["vault"]
  vault = vault_resolver.call(vault_name)

  unless vault
    hint = vault_name ? "localvault show -v #{vault_name}" : "localvault show"
    return error_result("No unlocked vault session. Run: #{hint}")
  end

  case name
  when "get_secret"    then get_secret(arguments["key"], vault)
  when "list_secrets"  then list_secrets(vault)
  when "set_secret"    then set_secret(arguments["key"], arguments["value"], vault)
  when "delete_secret" then delete_secret(arguments["key"], vault)
  end
end