Generate Access Token

Instructions

Implementation Reference

• src/tools/accessTokens.ts:27-43 (handler)

  Handler function that executes the generate_access_token tool logic: sends a GraphQL mutation to create a personal access token with a name (required) and expiresAt (optional), then returns the token data.

  const generateAccessTokenHandler = async (parsed: { name: string; expiresAt?: string }) => {
    const mutation = `mutation($input: GenerateAccessTokenInput!){ generateUserAccessToken(input:$input){ id name createdAt expiresAt token } }`;
    const data = await gql.request<{ generateUserAccessToken: any }>(mutation, { input: { name: parsed.name, expiresAt: parsed.expiresAt ?? null } });
    return text(data.generateUserAccessToken);
  };
  server.registerTool(
    "generate_access_token",
    {
      title: "Generate Access Token",
      description: "Generate a personal access token (returns token).",
      inputSchema: {
        name: z.string(),
        expiresAt: z.string().optional()
      }
    },
    generateAccessTokenHandler as any
  );

• src/tools/accessTokens.ts:6-61 (registration)

  Registration function that registers the generate_access_token tool on the MCP server via server.registerTool().

  export function registerAccessTokenTools(server: McpServer, gql: GraphQLClient) {
    const listAccessTokensHandler = async () => {
      try {
        const query = `query { currentUser { accessTokens { id name createdAt expiresAt } } }`;
        const data = await gql.request<{ currentUser: { accessTokens: any[] } }>(query);
        return text(data.currentUser?.accessTokens || []);
      } catch (error: any) {
        console.error("List access tokens error:", error.message);
        return text({ error: error.message });
      }
    };
    server.registerTool(
      "list_access_tokens",
      {
        title: "List Access Tokens",
        description: "List personal access tokens (metadata).",
        inputSchema: {}
      },
      listAccessTokensHandler as any
    );
  
    const generateAccessTokenHandler = async (parsed: { name: string; expiresAt?: string }) => {
      const mutation = `mutation($input: GenerateAccessTokenInput!){ generateUserAccessToken(input:$input){ id name createdAt expiresAt token } }`;
      const data = await gql.request<{ generateUserAccessToken: any }>(mutation, { input: { name: parsed.name, expiresAt: parsed.expiresAt ?? null } });
      return text(data.generateUserAccessToken);
    };
    server.registerTool(
      "generate_access_token",
      {
        title: "Generate Access Token",
        description: "Generate a personal access token (returns token).",
        inputSchema: {
          name: z.string(),
          expiresAt: z.string().optional()
        }
      },
      generateAccessTokenHandler as any
    );
  
    const revokeAccessTokenHandler = async (parsed: { id: string }) => {
      const mutation = `mutation($id:String!){ revokeUserAccessToken(id:$id) }`;
      const data = await gql.request<{ revokeUserAccessToken: boolean }>(mutation, { id: parsed.id });
      return text({ success: data.revokeUserAccessToken });
    };
    server.registerTool(
      "revoke_access_token",
      {
        title: "Revoke Access Token",
        description: "Revoke a personal access token by id.",
        inputSchema: {
          id: z.string()
        }
      },
      revokeAccessTokenHandler as any
    );
  }

• src/index.ts:189-189 (registration)

  Where registerAccessTokenTools is called during server initialization in the main index.ts file.

  registerAccessTokenTools(server, gql);

• src/tools/accessTokens.ts:37-40 (schema)

  Input schema (Zod) for the generate_access_token tool: name (required string) and expiresAt (optional string).

  inputSchema: {
    name: z.string(),
    expiresAt: z.string().optional()
  }

• src/toolSurface.ts:126-126 (helper)

  Tool surface configuration defining permission groups for generate_access_token: access_tokens, access_tokens.write, admin, write.

  generate_access_token: ["access_tokens", "access_tokens.write", "admin", "write"],