mcvsphere

MCP/mcvsphere

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Malloy	cda49f2912	implement OAuth authentication with Authentik support Core OAuth infrastructure: - permissions.py: 5-level permission model (read_only → full_admin) Maps all 94 tools to permission levels Maps OAuth groups to permission sets - audit.py: Centralized logging with OAuth user identity - auth.py: OIDCProxy configuration for Authentik/OIDC providers - middleware.py: Permission checking decorator and tool wrapper Server integration: - config.py: Add OAuth settings (oauth_enabled, oauth_issuer_url, etc.) Validate OAuth config completeness, require HTTP transport - server.py: Integrate auth provider, add HTTP transport support Show OAuth status in startup banner Deployment: - docker-compose.oauth.yml: Authentik stack (server, worker, postgres, redis) - .env.example: Document all OAuth and Authentik environment variables Permission model: - vsphere-readers: READ_ONLY (32 tools) - vsphere-operators: + POWER_OPS (14 tools) - vsphere-admins: + VM_LIFECYCLE (33 tools) - vsphere-host-admins: + HOST_ADMIN (6 tools) - vsphere-super-admins: + FULL_ADMIN (9 tools)	2025-12-27 01:12:58 -07:00
Ryan Malloy	eb59cd5e9a	rename project: esxi-mcp-server → mcvsphere mcvsphere = Model Control for vSphere Updates: - Package renamed from esxi_mcp_server to mcvsphere - CLI entry point: mcvsphere (was esxi-mcp-server) - All imports and references updated - Docker configs updated - Test suites updated	2025-12-26 20:58:48 -07:00
Ryan Malloy	9e39c1c678	Refactor to modular mixin architecture with 74 tools Major refactoring from monolithic server.py to modular MCPMixin pattern: Architecture: - src/esxi_mcp_server/ package with proper src-layout - FastMCP MCPMixin pattern for tool organization - Separate mixins for each functional area - Shared VMwareConnection class with lazy datastore/network lookup New Mixins Added: - DiskManagementMixin: add_disk, remove_disk, extend_disk, list_disks, attach_iso, detach_iso - NICManagementMixin: add_nic, remove_nic, change_nic_network, connect_nic, set_nic_mac, list_nics - HostManagementMixin: get_host_info, enter/exit_maintenance_mode, list_services, start/stop_service, set_service_policy, get/configure_ntp, reboot_host, shutdown_host, get_host_hardware, get_host_networking - OVFManagementMixin: deploy_ovf, export_vm_ovf, list_ovf_networks - ResourcesMixin: Added move_datastore_file, copy_datastore_file Streaming Support: - Generator-based streaming for datastore downloads - Memory-efficient large file handling with save_to parameter - Chunked uploads from disk Testing: - test_client.py: MCP SDK-based test client - Validates all 74 tools against real ESXi host Build System: - pyproject.toml with uv, ruff configuration - Docker dev/prod modes with hot-reload - Updated Makefile for uv-based workflow	2025-12-26 05:53:51 -07:00

Author

SHA1

Message

Date

Ryan Malloy

cda49f2912

implement OAuth authentication with Authentik support

Core OAuth infrastructure:
- permissions.py: 5-level permission model (read_only → full_admin)
  Maps all 94 tools to permission levels
  Maps OAuth groups to permission sets
- audit.py: Centralized logging with OAuth user identity
- auth.py: OIDCProxy configuration for Authentik/OIDC providers
- middleware.py: Permission checking decorator and tool wrapper

Server integration:
- config.py: Add OAuth settings (oauth_enabled, oauth_issuer_url, etc.)
  Validate OAuth config completeness, require HTTP transport
- server.py: Integrate auth provider, add HTTP transport support
  Show OAuth status in startup banner

Deployment:
- docker-compose.oauth.yml: Authentik stack (server, worker, postgres, redis)
- .env.example: Document all OAuth and Authentik environment variables

Permission model:
- vsphere-readers: READ_ONLY (32 tools)
- vsphere-operators: + POWER_OPS (14 tools)
- vsphere-admins: + VM_LIFECYCLE (33 tools)
- vsphere-host-admins: + HOST_ADMIN (6 tools)
- vsphere-super-admins: + FULL_ADMIN (9 tools)

2025-12-27 01:12:58 -07:00

Ryan Malloy

eb59cd5e9a

rename project: esxi-mcp-server → mcvsphere

mcvsphere = Model Control for vSphere

Updates:
- Package renamed from esxi_mcp_server to mcvsphere
- CLI entry point: mcvsphere (was esxi-mcp-server)
- All imports and references updated
- Docker configs updated
- Test suites updated

2025-12-26 20:58:48 -07:00

Ryan Malloy

9e39c1c678

Refactor to modular mixin architecture with 74 tools

Major refactoring from monolithic server.py to modular MCPMixin pattern:

Architecture:
- src/esxi_mcp_server/ package with proper src-layout
- FastMCP MCPMixin pattern for tool organization
- Separate mixins for each functional area
- Shared VMwareConnection class with lazy datastore/network lookup

New Mixins Added:
- DiskManagementMixin: add_disk, remove_disk, extend_disk, list_disks,
  attach_iso, detach_iso
- NICManagementMixin: add_nic, remove_nic, change_nic_network,
  connect_nic, set_nic_mac, list_nics
- HostManagementMixin: get_host_info, enter/exit_maintenance_mode,
  list_services, start/stop_service, set_service_policy,
  get/configure_ntp, reboot_host, shutdown_host, get_host_hardware,
  get_host_networking
- OVFManagementMixin: deploy_ovf, export_vm_ovf, list_ovf_networks
- ResourcesMixin: Added move_datastore_file, copy_datastore_file

Streaming Support:
- Generator-based streaming for datastore downloads
- Memory-efficient large file handling with save_to parameter
- Chunked uploads from disk

Testing:
- test_client.py: MCP SDK-based test client
- Validates all 74 tools against real ESXi host

Build System:
- pyproject.toml with uv, ruff configuration
- Docker dev/prod modes with hot-reload
- Updated Makefile for uv-based workflow

2025-12-26 05:53:51 -07:00

3 Commits