@bulwarkauth/mcp-admin

A 52-tool MCP stdio server that wraps the full Bulwark admin API. Enables AI assistants (Claude Code, Cursor, etc.) to manage and diagnose the auth platform.

Installation

npm install -g @bulwarkauth/mcp-admin

Claude Code Setup

Add to ~/.claude.json:

{
  "mcpServers": {
    "bulwark-admin": {
      "command": "npx",
      "args": ["@bulwarkauth/mcp-admin"],
      "env": {
        "BULWARK_API_URL": "https://api.bulwarkauth.com",
        "BULWARK_ADMIN_EMAIL": "[email protected]",
        "BULWARK_ADMIN_PASSWORD": "your-password",
        "BULWARK_TENANT_ID": "your-tenant-uuid"
      }
    }
  }
}

Tool Categories (52 tools)

| Category | Tools | Examples | |----------|-------|---------| | Diagnostics | 3 | health, info, stats | | Users | 3 | list, get, update | | Agents | 3 | list, get, register | | Sessions | 2 | list, revoke | | API Keys | 3 | list, create, revoke | | Audit | 1 | query events | | Settings | 2 | get, update | | Applications | 5 | list, create, keys, branding | | FGA | 3 | tuples, check | | CIBA | 4 | pending, list, approve, deny | | Token Vault | 3 | connections, services | | Credential Store | 2 | store, configure | | MCP Servers | 3 | list, register, delete | | Connected Apps | 3 | list, register, revoke | | Webhooks | 3 | list, create, delete | | Invites | 2 | invite, list collaborators |

Authentication

The server authenticates via email/password on startup. If the token expires (401), it automatically re-authenticates. All logging goes to stderr to preserve the MCP JSON-RPC protocol on stdout.