npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@baref00t/mcp-server

v0.6.2

Published

Hosted multi-tenant MCP (Model Context Protocol) server for the baref00t Partner + Distributor APIs

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

baref00t-aubaref00t-au

Keywords

baref00tmcpmodel-context-protocolaiclaudeanthropic

Readme

@baref00t/mcp-server

License: Apache-2.0

Hosted multi-tenant Model Context Protocol (MCP) server that exposes the baref00t Partner + Distributor APIs to AI assistants — Claude Desktop, Cursor, ChatGPT remote MCP, generic MCP clients.

Hosted endpoint

| Env | URL | |---|---| | Production | https://mcp.baref00t.io/mcp | | Staging | https://mcp.sandbox.baref00t.io/mcp |

Quick start — OAuth (recommended for AI clients)

Connect Claude Desktop, Claude.ai web Connectors, Cursor, or ChatGPT remote MCP using the standard OAuth flow — no API key to copy around.

Claude Desktop / Claude.ai / ChatGPT: Add a custom MCP server with URL https://mcp.baref00t.io/mcp. The client auto-discovers /.well-known/oauth-protected-resource, registers itself via Dynamic Client Registration (RFC 7591), and pops a browser window to sign in via Microsoft. After consent, you'll be signed in — no JSON, no token paste.

Manage authorized apps at https://www.baref00t.io/portal/developer/connected-apps. Revoke any app at any time; the affected session stops working immediately.

Quick start — API key (server-to-server)

For headless integrations (SDK, CI, your own backend) the long-standing API-key path is unchanged. ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "baref00t": {
      "url": "https://mcp.baref00t.io/mcp",
      "headers": {
        "Authorization": "Bearer pk_live_YOUR_PARTNER_KEY"
      }
    }
  }
}

Get an API key at https://www.baref00t.io/portal/developer/api-keys.

Authentication summary

| Path | Header | Best for | |---|---|---| | OAuth | Authorization: Bearer <JWT issued by mcp.baref00t.io> | Interactive AI clients with a human user (Claude Desktop, Cursor, ChatGPT) | | API key (Bearer) | Authorization: Bearer pk_live_… (or dk_live_…) | Server-to-server, CI, scripted integrations | | API key (X-header) | X-Partner-Key: pk_live_… / X-Distributor-Key: dk_live_… | Same as Bearer, alternative header form |

Key prefix routes to the right scope. Partner keys see partner tools; distributor keys see distributor tools. JWTs carry the scope in their claims and are similarly routed.

Product catalogue

31 products across 5 categories. The partner_trigger_assessment tool accepts any of these slugs (subject to your plan tier's allowedProducts).

| Category | Slugs | |---|---| | Compliance assessments (12) | e8, mcsb, cism365, copilot, cps234, ransomware, powerplatform, nist-csf, cmmc, nis2, cyber-essentials, mas-trm | | Security packs (7) | entra-hardening, email-security, sharepoint-oversharing, finance, legal, endpoint-intune, healthcare | | Intelligence reports (4) | cyber-insurance, board-risk, investor-ready, aicd-governance | | Productivity analytics (4) | licence-optimisation, adoption-usage, copilot-roi, tenant-health | | Copilot Assessments new in v2.4.0 | copilot-agent-inventory, copilot-interaction-compliance, copilot-meeting-insights (triggerable today); copilot-redteam-probe (Coming Soon — ships v2.4.1, delegated probe-user flow) |

Copilot Assessments target Microsoft's new Copilot APIs (Package Management, Interaction Export, Chat, Retrieval, Meeting AI Insights). They're scoped to professional + enterprise plans only — partner_trigger_assessment returns 400 when a starter-plan partner attempts one. Customer-side prerequisites vary per SKU (Microsoft Agent 365 licence for agent-inventory; all 6 Copilot service plans for interaction-compliance; etc.) — see the marketing detail pages for the full requirement matrix.

Tool catalogue

Full coverage of the Partner API + Distributor API. Destructive actions (delete, revoke, raw-secret reveals) include explicit warnings in the tool description so the AI assistant narrates the consequences before invoking.

Customers (6 tools, scope=pk_*)

| Tool | What it does | |---|---| | partner_list_customers | List all customers in the partner account. Returns customerId, name, email, tenantId, status and createdAt. Use when the user asks "show me my customers" or wants to look up a customer id. | | partner_get_customer | Fetch a single customer by id, including notification toggles + creation date. Use when the user asks for details about a specific customer. | | partner_create_customer | Create a new customer record. Requires the customer's display name and Microsoft Entra tenant id (GUID). Returns the new customerId. Use when the user asks to add or onboard a customer. | | partner_update_customer | Update whitelisted fields on an existing customer. Partial — only fields you pass are changed. Note: changing tenantId rebinds the customer to a different Microsoft Entra tenant; existing consents tied to the old tenant will not transfer. | | partner_delete_customer | Delete a customer. Idempotent — re-deleting returns 404. Past assessments + reports tied to the customer remain queryable through partner_list_assessments / partner_get_assessment_report until their own retention windows expire; only the customer record itself is removed. Granted consents on the Microsoft Entra tenant are NOT revoked here — the customer admin must remove the baref00t app from Enterprise Applications separately. | | partner_bulk_create_customers | Bulk-create up to 100 customers in one request. Per-row failures do NOT fail the whole call — inspect results[] for the per-customer outcome (status: "created" | "error", with customerId or error string). Returns total / succeeded / failed counts plus the per-row results array. Use partner_create_customer for one-offs; this is for onboarding spreadsheets / CSV imports. |

Consent (2 tools)

| Tool | What it does | |---|---| | partner_get_consent_url | Mint a consent URL the customer can visit to grant the baref00t app read-only Microsoft Graph access on their tenant. Required before the first assessment for any customer who hasn't already consented — partner_trigger_assessment will silently fail (orchestrator graph token-exchange 401s) without consent. Returns { consentUrl, assessmentId, product, customerId }. Hand the URL to the partner to share with the customer manually, or use partner_send_consent_email to email it on the partner's behalf. | | partner_send_consent_email | Send a partner-branded consent invitation email to the customer's configured consentRecipients (or primary email as fallback). The email contains a Grant Consent button linking to the consent URL. Returns { sent, skipped, recipients, failed, consentUrl, emailConsentEnabled, skipReason }. Honours the 2-stage email gate: if the partner's mail provider is 'off' OR the customer's emailConsentEnabled is false, no email is sent and emailConsentEnabled is returned as false with skipReason set; consentUrl is always returned so it can be shared manually. |

Assessments (6 tools)

| Tool | What it does | |---|---| | partner_list_assessments | List assessment runs for the partner. Filter by month (YYYY-MM), product, and/or customerId. Also returns runsUsed/runLimit so the LLM knows how much quota remains. Use when the user asks "show me recent runs" or wants to find a specific assessment. | | partner_get_assessment | Fetch one assessment run by id. Returns product, status, customer id, and timestamps. Use to check the live status of a previously triggered run. | | partner_get_assessment_report | Get a 30-day SAS URL for the rendered HTML report of a completed assessment. Returns { url, expiresAt }. Hand the URL to the user as a clickable link or fetch it in a browser. The assessment must be in completed status — call partner_get_assessment_status first to confirm. Only HTML format is supported today; PDF format returns NOT_IMPLEMENTED. | | partner_trigger_assessment | Start a new assessment for the given customer. The platform performs a live consent pre-flight (client-credentials token mint against the customer tenant) before accepting the run. Inspect the response's "status" field: "queued"/"completed"/"failed" means the run was accepted (assessmentId + runId populated, COSTS 1 CREDIT — poll via partner_get_assessment_status). "consent_required" means the per-product Entra app does NOT currently exist in the customer tenant (never consented OR the customer admin removed it from Enterprise Applications) — no credit was burned, assessmentId is null, but consentUrl is returned. In that case call partner_send_consent_email or share consentUrl directly with the customer, then re-trigger. | | partner_delete_assessment | Permanently delete one of your assessments. Removes the run record, any linked proposal / narrative rows, AND the rendered report (the customer’s report link stops working). Irreversible — there is no undo and no soft-delete. Ownership is enforced: deleting an assessment that is not yours returns 404. Use partner_list_assessments to find the id first. | | partner_get_assessment_status | Poll the status of a previously-triggered assessment. Returns the current status (queued, completed, failed) and the runAt timestamp. Use to wait for a triggered assessment to finish. |

Plan & Billing (3 tools)

| Tool | What it does | |---|---| | partner_get_plan_billing | Fetch the partner's current plan, billing cycle, monthly assessment quota usage, and list of allowed products. Use when the user asks about their plan, quota, or available products before triggering an assessment. | | partner_get_billing | Read-only Stripe snapshot for the partner: active subscriptions, last 20 invoices, last 20 successful charges, plus a freshly-minted Stripe Customer Portal URL valid ~1 hour. When the partner has no Stripe customer linked yet, all arrays are empty and portal_url is null. For just the portal URL (or a guaranteed-fresh one) use partner_get_payment_portal_url. The platform owns the subscription lifecycle — plan changes still go through partner_get_plan_billing / the change-plan SDK call. | | partner_get_payment_portal_url | Mint a fresh, short-lived Stripe Customer Portal URL. The partner opens it in a new tab to manage payment methods, download invoices, and update billing details directly on Stripe — no card data ever touches baref00t.io. Use this when the cached portal_url from partner_get_billing has expired (or any time you want a guaranteed-fresh session). Errors 400 if the partner has no Stripe customer linked yet. |

Branding (2 tools)

| Tool | What it does | |---|---| | partner_get_branding | Fetch the partner-wide branding (company name, brand colour, footer text, contact email, and a 30-day SAS URL for the uploaded logo when present). Drives customer-facing emails + the report viewer chrome. Use when the user asks "what does our branding look like?" or before mutating a single field via partner_update_branding. | | partner_update_branding | Update one or more partner-branding text fields. All fields optional — provide only what you want to change. Affects customer-facing emails (consent invitation, report-ready, questionnaire) and the report viewer chrome. Logo upload is a separate multipart flow (POST /api/partner/branding/logo, MSAL only) and is not covered by this tool. |

Members (5 tools)

| Tool | What it does | |---|---| | partner_list_members | List all members on the partner account, with role (Admin / Member / Viewer), status (Pending / Active / Suspended), and lifecycle timestamps. Also returns the calling principal's effective role — for X-Partner-Key callers this is always "Admin". Each member row exposes an emailHash that downstream member tools (update / remove / resend) use as the path identifier. | | partner_invite_member | Invite a new member to the partner account. Sends an invitation email with a one-time accept link valid for 14 days. Returns the new (Pending) member record including the emailHash needed for downstream update/remove/resend calls. Errors 409 if the address is already a member or has an open invite. | | partner_update_member | Update a member's role and/or status (provide at least one). Suspending revokes their ability to sign in but retains the row for audit; reactivate by setting status="Active". Cannot demote the last Admin — errors 409 in that case. | | partner_remove_member | WARNING — permanent. Removes a member from the partner account; the row is deleted (audit history of past actions is retained on the audit log, but the member entry is gone — re-add via partner_invite_member). Cannot remove the last Admin (errors 409). Prefer partner_update_member with status="Suspended" if you might re-enable later. | | partner_resend_invite | Re-issue the invitation email and reset the 14-day accept window for a Pending member. Errors 409 if the member is not in Pending status (use partner_update_member to change role on already-Active members instead). |

Webhooks (6 tools)

| Tool | What it does | |---|---| | partner_list_webhooks | List all webhook endpoints configured on the partner account, plus the catalog of event types you can subscribe to (assessment.completed / failed, customer.created / updated / deleted, etc.). Each row includes lastSuccessAt, lastFailureAt, and failureCount — handy for spotting endpoints that are silently broken. | | partner_create_webhook | Create a new webhook endpoint. WARNING — the signing secret is returned ONCE in response.secret; store it immediately (e.g. in your secrets manager). It cannot be re-fetched. Use partner_update_webhook with rotateSecret=true to mint a fresh secret if lost. Verify incoming deliveries against X-Baref00t-Signature using verifyWebhookSignature() from @baref00t/sdk/webhooks. | | partner_update_webhook | Partial update for a webhook endpoint — change the URL, events, enabled flag, description, and/or rotate the signing secret. When rotateSecret=true, the new secret is returned ONCE in response.secret and the previous one stops working immediately. | | partner_delete_webhook | WARNING — permanent. Removes the webhook endpoint and STOPS any in-flight retries (events currently mid-backoff are abandoned). Historical delivery rows remain queryable until the retention window expires. If you only want to pause deliveries, prefer partner_update_webhook with enabled=false instead. | | partner_test_webhook | Fire a synthetic test.ping delivery to the endpoint with a real signed payload — useful while wiring up your handler. The 10-second response is returned inline so you can see exactly what your server replied (statusCode + first ~500 bytes of responseBody). Does NOT cost a credit and does NOT count toward retry backoff. | | partner_list_webhook_deliveries | Recent delivery attempts for a single webhook endpoint. Useful for debugging when a partner's receiver is silently failing — surfaces statusCode, durationMs, lastError, attemptCount (with v2.1.7+ retry-backoff schedule: 1m, 5m, 30m, 2h, 24h), and a 500-byte slice of the response body. Status can be Pending / Delivered / Failed / Abandoned. |

Mail (6 tools)

| Tool | What it does | |---|---| | partner_mail_status | Fetch the current partner-mail configuration: provider ("resend" / "microsoft" / "off"), connected Microsoft mailbox UPN (when provider="microsoft"), shared-mailbox UPN, whether the cached refresh token can still mint a Graph access token, and the access-token expiry. Use to check status before mode/sharedMailbox changes or to decide whether to re-run partner_mail_start_connect. | | partner_mail_set_mode | Set the partner-wide mail provider. Switching to "microsoft" before completing partner_mail_start_connect errors 412 NO_CONNECTION (no refresh token on file). "off" is the recommended kill-switch — flipping it back to "resend" or "microsoft" resumes sending immediately. | | partner_mail_disconnect | Revoke the cached Microsoft refresh token and revert the provider to Resend. Use when the connected mailbox is compromised or the partner admin wants to re-consent under a different account. After disconnect, partner_mail_start_connect must be run again before partner_mail_set_mode can flip back to "microsoft". | | partner_mail_send_test | Send a one-off test email via Microsoft Graph using the connected mailbox (or sharedMailbox if set). Recipient is always the calling user's own email — no body to specify. Use to confirm the OAuth flow + Graph permissions are wired correctly. Errors 412 NOT_CONNECTED if the partner hasn't connected a Microsoft mailbox yet, or 502 GRAPH_ if Graph rejects the send (typically a missing Send-As permission on the shared mailbox). | | partner_mail_set_shared_mailbox | Set or clear the shared-mailbox UPN that customer-facing emails are sent FROM. When unset (null), mail is sent from the connected user's own mailbox. Confirm permission is wired correctly afterwards via partner_mail_send_test — Graph errors 502 if Send-As permission is missing on the shared mailbox. | | partner_mail_start_connect | Returns the Microsoft authorize URL for the partner admin to navigate to. The OAuth callback handles token persistence on the platform; no further MCP calls are needed for the consent step itself. After the callback bounces back to returnTo with ?mailConnected=1, call partner_mail_set_mode with mode="microsoft" to switch the provider on. Errors 503 MAIL_APP_NOT_CONFIGURED if the platform's Partner Mail Sender Entra app isn't configured server-side. |

API Keys (3 tools)

| Tool | What it does | |---|---| | partner_list_keys | List the active API key slots (1 and 2) for the partner. Each slot exposes its number + a 4-char suffix of the raw key for visual identification — the raw key itself is never re-fetchable. Returned as part of the partner profile (the same shape partner_get_plan_billing already exposes). Use to confirm which slot is in use before partner_create_key (max 2) or partner_revoke_key. | | partner_create_key | WARNING — raw key returned ONCE in response.key. Store immediately (e.g. in a secrets manager); it cannot be re-fetched. Costs an active slot (max 2). Throws MAX_KEYS if both slots are already in use — call partner_revoke_key on the unused slot first. Recommended rotation flow: create slot 2, deploy with new key, verify, then revoke slot 1. | | partner_revoke_key | WARNING — irreversible. Revoke the API key in the given slot (1 or 2). The key is invalidated immediately; any caller still using it gets 401 on the next request. Foot- gun: revoking the slot the SDK / MCP server is currently using locks subsequent calls out of the platform. Always rotate (partner_create_key) and verify the new key works before revoking the old one. |

Pipeline / Leads (10 tools)

Requires the partner record to have prospecting in enabledFeatures (admin-granted only — no plan tier auto-includes it).

| Tool | What it does | |---|---| | partner_list_leads | List partner prospecting leads with optional stage / search filters and stage-count rollup. Requires the partner record to have prospecting in enabledFeatures (admin-granted only — no plan tier auto-includes it). Returns leads with domain, company, contact info, stage, and timestamps. Use when the user asks "show me my pipeline", "leads in stage X", or wants to look up a leadId. | | partner_get_lead | Fetch one lead with its full contact list, partner overrides, lifecycle timestamps, and the most recent 50 activity log entries. Requires prospecting feature flag. Use when the user wants details on a specific lead (by id) or to inspect activity / enrichment results. | | partner_create_lead | Create a single lead from a domain. Requires prospecting feature flag. By default runs enrichment synchronously: Apollo + Hunter populate company/contact fields, and an OIDC probe against login.microsoftonline.com fills tenantId/isOnM365 when the domain is on Entra. Returns 409 with existingLeadId if a lead for the same domain already exists for this partner. | | partner_bulk_create_leads | Bulk-create up to 50 leads from a list of domains. Requires prospecting feature flag. Returns created (lead rows) + skipped (duplicates / invalid domains with reasons). Enrichment runs in the background — partner_get_lead will return enriched data once Apollo / Hunter / M365 finish (typically <30s per lead). | | partner_update_lead | Update whitelisted lead fields. Requires prospecting feature flag. Stage cannot be set via this tool — use partner_set_lead_stage for terminal Won/Lost transitions; other stages are server-managed by the assessment lifecycle. Identity links (customerId, assessmentId) are also server-managed and not partner-settable. | | partner_delete_lead | Soft-delete a lead. Requires prospecting feature flag. Cancels any in-flight outreach cadence. The row stays in Postgres for audit; re-creating the same domain after deletion creates a fresh lead row with a new id. Idempotent — re-deleting an already-deleted lead returns 404. | | partner_enrich_lead | Re-run enrichment for a lead: Apollo people search + Hunter domain search + Microsoft 365 OIDC tenant discovery (login.microsoftonline.com/{domain}/.well-known/openid-configuration). Requires prospecting feature flag. Returns the updated lead, the contributing sources (apollo, hunter, m365), and fromCache: true when results were served from the freshness cache. On successful enrichment the lead auto-advances from New to Enriched. | | partner_set_lead_stage | Mark a lead Won or Lost — the two terminal states. Requires prospecting feature flag. Other stages (Enriched / OutreachSent / Consented / ReportDelivered) are server-managed via the assessment lifecycle and cannot be set explicitly. Setting Won or Lost cancels any in-flight outreach cadence for the lead. WON SIDE-EFFECTS: fires the lead.won webhook event. If the partner has the lead-deferred-customer feature flag AND the lead has no customer attached yet, also materialises a partner_customer row from the lead's primary contact + tenant, backfills any orphan partner_runs rows with the new customerId, and fires customer.created once. Idempotent — re-Winning a lead that already has a customer is a no-op (no second customer, no duplicate events). | | partner_list_lead_activity | Read the activity log for a lead — created, enriched, email_sent, email_delivered, email_opened, email_clicked, consented, report_ready, stage_changed, note, etc. Each entry has type / detail / metadata / actorEmail / createdAt. Requires prospecting feature flag. Use when the user asks "what happened to this lead" or to debug an outreach sequence. | | partner_send_lead_consent | Kick off the partner-branded outreach cadence for a lead. Mints an assessment + run row (COSTS 1 CREDIT), sends touch-1 of the consent email to each recipient, advances the lead to OutreachSent, and fires the lead.outreach_sent webhook event. Touches 2 + 3 fire from the background cadence worker on day 3 + 7. Suppressed addresses are skipped silently with skipped: "suppressed" in the per-recipient result. CUSTOMER CREATION: depends on the partner's lead-deferred-customer feature flag. OFF (default): a partner_customer row is created (or attached by email match) at this call and returned as customerId. ON (#369): no customer is created here — customerId in the response is null, the run row carries lead_id, and a customer is materialised only when the partner later marks the lead Won via partner_set_lead_stage. Dispatch is routed by the partner's mail mode (mailProvider): resend (default — baref00t Resend with partner From-name + Reply-To), microsoft (partner's connected Graph mailbox), or off (call fails with MAIL_DISABLED unless skipEmail: true). Each per-recipient result reports via: "resend" \| "microsoft" so the caller can confirm which channel ran. Pass skipEmail: true to bypass the email send entirely — the response still carries the per-recipient consentUrl strings so the partner can dispatch via their own channel. Requires the prospecting feature flag. Reject if the lead is in a terminal stage (Won / Lost). |

Recurring Schedules (7 tools)

| Tool | What it does | |---|---| | partner_create_schedule | Create a recurring (scheduled) assessment for a customer + product. One schedule per (customer, product) — a duplicate returns a conflict. The platform scheduler then triggers the assessment automatically on the chosen cadence (Weekly/Monthly/Quarterly/Custom). | | partner_list_schedules | List every recurring assessment schedule for the partner, with next run time, last status, and consecutive failure count. Use to review or audit all scheduled jobs. | | partner_list_customer_schedules | List the recurring assessment schedules for one specific customer. | | partner_update_schedule | Update a recurring schedule — change its cadence, maturity target, or pause/resume it via enabled. Partial: only the fields you pass are changed. | | partner_delete_schedule | Delete a recurring schedule. Stops all future runs for that (customer, product). Past runs are unaffected. Use partner_update_schedule with enabled=false to pause instead of permanently delete. | | partner_run_schedule_now | Trigger a scheduled assessment immediately (out of cadence) and reset its next-run clock from now. Runs even if the partner is over their monthly quota — the response overQuota flag indicates that. Fails if the customer is inactive or their tenant consent is no longer valid. | | partner_get_quota_forecast | Forecast this billing month's run usage against the plan quota: returns runs already used, projected scheduled runs still to fire, the total, the quota, and overBy (projected overage). Use to warn a partner before scheduled runs push them past their limit and suggest an upgrade. |

Distributor (2 tools, scope=dk_*)

| Tool | What it does | |---|---| | distributor_list_partners | List all sub-partners owned by this distributor. Optionally filter by status. Returns each partner's id, company, email, plan, billing, and status. | | distributor_get_usage | Aggregated assessment usage across all sub-partners for a billing month. Returns totalPartners, activePartners, totalRuns, and per-partner breakdown (runs vs limit). Use to answer "how much have my sub-partners used this month?". |

Versioning

See CHANGELOG.md for per-release notes. Major SDK pins:

| MCP version | SDK pin | Highlights | |---|---|---| | 0.4.x | @baref00t/sdk@^0.7.0 | Customer CRUD parity (update/delete/bulk_create); /docs + this README autogenerated from the registry. | | 0.3.x | @baref00t/sdk@^0.7.0 | Lead pipeline (10 tools, prospecting feature flag); consent URL + email tooling. | | 0.2.x | @baref00t/sdk@^0.6.0 | Full partner-portal surface coverage. 21 net new tools across branding, members, billing, webhooks, mail, keys. | | 0.1.x | @baref00t/sdk@^0.4.0 | Initial release: customers + assessments + plan/billing read. |

Local self-host

npm install -g @baref00t/mcp-server
BAREF00T_API_BASE=https://api.baref00t.io baref00t-mcp-server
# Listens on :8080

Then configure your MCP client to point at http://localhost:8080/mcp instead of the hosted URL. (The server itself is stateless multi-tenant — your API key still travels per-request.)

Or via Docker:

docker run -d -p 8080:8080 \
  -e BAREF00T_API_BASE=https://api.baref00t.io \
  ghcr.io/becloudsmart-com/baref00t-mcp:latest

Operational config (KV-backed)

When deployed to our hosted ACA, the following config lives in Key Vault and can be rotated without redeploying (server picks up changes within 30s):

| Secret | Default | Purpose | |---|---|---| | MCPLogLevel | info | Pino log level | | MCPToolConcurrency | 8 | Per-key in-flight cap (protects partner's upstream quota) | | MCPAllowedKeyPrefixes | pk_live_,dk_live_ (prod) | Security knob — emergency-revoke a key class | | MCPEnabledTools | `` (all) | Per-tool kill-switch | | MCPFeatureFlags | {} | Future toggles (OAuth shim, write tools, streaming) |

Local dev reads these from env vars (e.g. MCP_LOG_LEVEL=debug).

Privacy notice

When you use this server with an AI assistant, the assistant's provider (Anthropic / OpenAI / etc.) sees the tool call inputs + outputs you ask the AI to make — including customer email addresses, assessment scores, and other Partner-API data. baref00t doesn't control how the AI provider stores those interactions. Confirm your contractual basis with your AI provider before connecting a partner key that has access to real customer data.

License

Apache-2.0.