DevHelm MCP Server

Official

by devhelmhq

Overview Schema Related Servers Score Discussions

Python

Hybrid

revoke_api_key

Disable an API key by its ID to revoke access without permanently deleting it.

Instructions

Revoke an API key (disables it without deleting).

Input Schema

TableJSON Schema

Name	Required	Description	Default
`key_id`	Yes

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

src/devhelm_mcp/tools/api_keys.py:40-47 (handler)

The `revoke_api_key` tool handler — decorated with @mcp.tool(), it calls the SDK's `api_keys.revoke(key_id)` and returns a success string or raises a ToolError on failure.

@mcp.tool()
def revoke_api_key(key_id: str, api_token: str | None = None) -> str:
    """Revoke an API key (disables it without deleting)."""
    try:
        get_client(api_token).api_keys.revoke(key_id)
        return "API key revoked successfully."
    except DevhelmError as e:
        raise_tool_error(e)

src/devhelm_mcp/server.py:109-110 (registration)
The `api_keys` module (containing `revoke_api_key`) is registered via `mod.register(mcp)` which calls the `register(mcp: FastMCP)` function in api_keys.py, decorating the function with `@mcp.tool()`.
```
for mod in ALL_TOOL_MODULES:
    mod.register(mcp)
```
src/devhelm_mcp/server.py:101-101 (registration)
The `api_keys` module is listed in `ALL_TOOL_MODULES` ensuring its `register()` function gets called.
```
api_keys,
```

src/devhelm_mcp/client.py:107-136 (helper)

The `get_client()` helper builds a Devhelm SDK client used by the handler to call `api_keys.revoke()`.

def get_client(api_token: str | None = None) -> Devhelm:
    """Build a Devhelm SDK client from the user's API token.

    Token resolution is delegated to :func:`resolve_api_token`, so callers
    can pass the value through from a tool argument *or* leave it ``None``
    and let the helper pick the token up from the active HTTP request's
    ``Authorization: Bearer …`` header (hosted ``/mcp``) or from the
    ``DEVHELM_API_TOKEN`` env var (stdio). This is the single seam every
    tool goes through, so a missing / mistyped token surfaces in exactly
    one place.

    Overrides the SDK's default surface (``sdk-py``) with ``mcp`` so the
    API attributes traffic to the MCP server rather than to bare-SDK use.
    The SDK's ``X-DevHelm-Sdk-Name`` header is preserved, so the API can
    still see *which* SDK version this MCP server release is built on for
    debugging client-version skew.

    Detecting the host MCP client (Cursor vs Claude Desktop vs ...) is a
    follow-up: ``fastmcp.Context.session.client_params.clientInfo`` carries
    that info, but threading Context through every tool would be a wide
    surgery against the no-callsite-changes goal of this PR. The wire
    contract already supports ``X-DevHelm-Mcp-Client`` via
    ``surface_metadata`` so we can layer it in later without an API change.
    """
    return Devhelm(
        token=resolve_api_token(api_token),
        base_url=API_BASE_URL,
        surface="mcp",
        surface_version=_server_version(),
    )

src/devhelm_mcp/client.py:205-222 (helper)

The `raise_tool_error()` helper converts SDK errors into FastMCP ToolError so the tool returns isError=true on failure.

def raise_tool_error(err: DevhelmError) -> NoReturn:
    """Convert an SDK error into a FastMCP ``ToolError`` so ``isError=true``.

    Per the MCP spec, upstream API failures must surface as
    ``CallToolResult.isError = true`` so the LLM can distinguish a tool that
    *ran but failed* from one that *succeeded with an error message in the
    response* — those have the same shape on the wire otherwise.

    The previous behavior returned ``format_error(err)`` as a regular tool
    return value (``isError = false``), which caused agents to confidently
    report success after a 4xx/5xx (silent-corruption bug from the round-3
    DevEx audit). FastMCP catches the ``ToolError`` raised here and
    serializes it into ``CallToolResult(isError=True, content=[...])``,
    preserving the human-readable formatted message for the LLM.

    See https://modelcontextprotocol.io/specification/server/tools#error-handling.
    """
    raise ToolError(format_error(err)) from err

Tool Definition Quality

A3.6/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries the full burden. It discloses the key behavioral trait (disables without deleting), but lacks details on reversibility, authentication needs, or consequences. The output schema exists but description doesn't clarify return behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single sentence of 8 words, highly concise and front-loaded. Every word adds value, no redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's low complexity (1 param, output schema present), the description provides the essential purpose but fails to compensate for missing parameter semantics and usage context. It is adequate but not complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The only parameter 'key_id' has no description in the schema (0% coverage). The tool description adds no information about its format, source, or constraints, leaving the agent with insufficient guidance to determine the correct value.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action 'Revoke' on 'API key' and adds the crucial distinction 'disables it without deleting', which differentiates it from the sibling tool 'delete_api_key'.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage when wanting to disable rather than delete, but it does not explicitly state when to use or not use this tool compared to alternatives like 'delete_api_key'. No explicit guidance on prerequisites or context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/devhelmhq/mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server