op-mcp 0.1.0

MCP server providing LLM access to 1Password CLI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

//! Service account tools for 1Password

use rust_mcp_schema::schema_utils::CallToolError;
use rust_mcp_schema::CallToolResult;
use rust_mcp_sdk::macros::{mcp_tool, JsonSchema};
use serde::{Deserialize, Serialize};

use crate::op::OpClient;
use crate::tools::enums::TokenExpiry;
use crate::tools::{json_result, op_error_to_tool_error, text_result};

// ============================================================================
// service_account_create Tool
// ============================================================================

/// Create a new service account.
#[mcp_tool(
    name = "service_account_create",
    description = "Create a new 1Password service account. Service accounts are used for automated access to vaults without user interaction. Returns a token that must be saved securely."
)]
#[derive(Debug, Deserialize, Serialize, JsonSchema)]
pub struct ServiceAccountCreateTool {
    /// The name for the service account.
    pub name: String,

    /// Vaults to grant the service account access to (names or IDs).
    #[serde(default)]
    pub vaults: Option<Vec<String>>,

    /// Token expiration duration.
    #[serde(default)]
    pub expires_in: Option<TokenExpiry>,
}

impl ServiceAccountCreateTool {
    pub async fn call(&self, client: &OpClient) -> Result<CallToolResult, CallToolError> {
        let vaults_refs: Option<Vec<&str>> = self
            .vaults
            .as_ref()
            .map(|v| v.iter().map(|s| s.as_str()).collect());
        let expires_in_str = self.expires_in.as_ref().map(|e| e.to_string());

        let result = client
            .service_account_create(&self.name, vaults_refs.as_deref(), expires_in_str.as_deref())
            .await
            .map_err(op_error_to_tool_error)?;
        // Return as text since it contains the sensitive token value
        text_result(result)
    }
}

// ============================================================================
// service_account_ratelimit Tool
// ============================================================================

/// Check service account rate limit usage.
#[mcp_tool(
    name = "service_account_ratelimit",
    description = "Check the current rate limit status and usage for a service account. Shows requests made, limit, and reset time."
)]
#[derive(Debug, Deserialize, Serialize, JsonSchema)]
pub struct ServiceAccountRatelimitTool {}

impl ServiceAccountRatelimitTool {
    pub async fn call(&self, client: &OpClient) -> Result<CallToolResult, CallToolError> {
        let result = client
            .service_account_ratelimit()
            .await
            .map_err(op_error_to_tool_error)?;
        json_result(&result)
    }
}