PROD RELEASE

.circleci/config.yml

@@ -0,0 +1,95 @@
+version: 2.1
+defaults: &defaults
+  docker:
+  - image: cimg/python:3.13.5-browsers
+install_dependency: &install_dependency
+  name: Installation of build and deployment dependencies.
+  command: |
+    pip3 install awscli --upgrade
+install_deploysuite: &install_deploysuite
+  name: Installation of install_deploysuite.
+  command: |
+    git clone --branch v1.4.17 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript
+    cp ./../buildscript/master_deploy.sh .
+    cp ./../buildscript/buildenv.sh .
+    cp ./../buildscript/awsconfiguration.sh .
+    cp ./../buildscript/psvar-processor.sh .
+
+restore_cache_settings_for_build: &restore_cache_settings_for_build
+  key: docker-node-modules-{{ checksum "pnpm-lock.yaml" }}
+
+save_cache_settings: &save_cache_settings
+  key: docker-node-modules-{{ checksum "pnpm-lock.yaml" }}
+  paths:
+  - node_modules
+
+
+builddeploy_steps: &builddeploy_steps
+- checkout
+- setup_remote_docker
+- run: *install_dependency
+- run: *install_deploysuite
+- restore_cache: *restore_cache_settings_for_build
+- run:
+    name: "Build docker image"
+    command: |
+      ./build.sh
+- save_cache: *save_cache_settings
+- deploy:
+    name: Running MasterScript.
+    command: |
+      ./awsconfiguration.sh $DEPLOY_ENV
+      source awsenvconf
+      ./psvar-processor.sh -t appenv -p /config/${APPNAME}/deployvar
+      source deployvar_env
+      ./master_deploy.sh -d ECS -e $DEPLOY_ENV -t latest -j /config/${APPNAME}/appvar -i ${APPNAME} -p FARGATE
+jobs:
+  # Build & Deploy against development backend
+  "build-dev":
+    !!merge <<: *defaults
+    environment:
+      DEPLOY_ENV: "DEV"
+      LOGICAL_ENV: "dev"
+      APPNAME: "tc-mcp"
+    steps: *builddeploy_steps
+
+  "build-qa":
+    !!merge <<: *defaults
+    environment:
+      DEPLOY_ENV: "QA"
+      LOGICAL_ENV: "qa"
+      APPNAME: "tc-mcp"
+    steps: *builddeploy_steps
+
+  "build-prod":
+    !!merge <<: *defaults
+    environment:
+      DEPLOY_ENV: "PROD"
+      LOGICAL_ENV: "prod"
+      APPNAME: "tc-mcp"
+    steps: *builddeploy_steps
+
+workflows:
+  version: 2
+  build:
+    jobs:
+    # Development builds are executed on "develop" branch only.
+    - "build-dev":
+        context: org-global
+        filters:
+          branches:
+            only:
+            - dev
+
+    - "build-qa":
+        context: org-global
+        filters:
+          branches:
+            only:
+            - qa
+
+    - "build-prod":
+        context: org-global
+        filters:
+          branches:
+            only: master

.github/workflows/tc_agent.yml

@@ -0,0 +1,24 @@
+name: TC Action Agent - Do It
+
+on: issue_comment
+
+jobs:
+  pr_commented:
+    # This job only runs for pull request comments
+    name: '[PR Comment] - Use TC AI Agent'
+    if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '@tc-ai') }}
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          echo A comment on PR $NUMBER
+        env:
+          NUMBER: ${{ github.event.issue.number }}
+
+  tc_agent_tagged_in_issue_comment:
+    # This job only runs for issue comments where the agent is tagged with @tc-ai
+    name: '[Issue Comment] - Use TC AI Agent'
+    if: ${{ !github.event.issue.pull_request && contains(github.event.comment.body, '@tc-ai') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Call TC AI Agent
+        uses: topcoder-platform/tc-action-agent@master

README.md

@@ -1 +1,56 @@
 # Topcoder Model Context Protocol (MCP) Server
+
+## Authentication Based Access via Guards
+
+Tools/Resources/Prompts support authentication via TC JWT and/or M2M JWT. Providing JWT in the requests to the MCP server will result in specific listings and bahavior based on JWT access level/roles/permissions.
+
+#### Using `authGuard` - requires TC jwt presence for access
+
+```ts
+  @Tool({
+    name: 'query-tc-challenges-private',
+    description:
+      'Returns a list of Topcoder challenges based on the query parameters.',
+    parameters: QUERY_CHALLENGES_TOOL_PARAMETERS,
+    outputSchema: QUERY_CHALLENGES_TOOL_OUTPUT_SCHEMA,
+    annotations: {
+      title: 'Query Public Topcoder Challenges',
+      readOnlyHint: true,
+    },
+    canActivate: authGuard,
+  })
+```
+
+#### Using `checkHasUserRole(Role.Admin)` - TC Role based guard
+
+```ts
+  @Tool({
+    name: 'query-tc-challenges-protected',
+    description:
+      'Returns a list of Topcoder challenges based on the query parameters.',
+    parameters: QUERY_CHALLENGES_TOOL_PARAMETERS,
+    outputSchema: QUERY_CHALLENGES_TOOL_OUTPUT_SCHEMA,
+    annotations: {
+      title: 'Query Public Topcoder Challenges',
+      readOnlyHint: true,
+    },
+    canActivate: checkHasUserRole(Role.Admin),
+  })
+```
+
+#### Using `canActivate: checkM2MScope(M2mScope.QueryPublicChallenges)` - M2M based access via scopes
+
+```ts
+  @Tool({
+    name: 'query-tc-challenges-m2m',
+    description:
+      'Returns a list of Topcoder challenges based on the query parameters.',
+    parameters: QUERY_CHALLENGES_TOOL_PARAMETERS,
+    outputSchema: QUERY_CHALLENGES_TOOL_OUTPUT_SCHEMA,
+    annotations: {
+      title: 'Query Public Topcoder Challenges',
+      readOnlyHint: true,
+    },
+    canActivate: checkM2MScope(M2mScope.QueryPublicChallenges),
+  })
+```

build.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 set -eo pipefail
-docker buildx build --no-cache=true -t ${APPNAME}}:latest .
+docker buildx build --no-cache=true -t ${APPNAME}:latest .

package.json

@@ -24,14 +24,14 @@
     "@nestjs/common": "^11.0.1",
     "@nestjs/core": "^11.0.1",
     "@nestjs/platform-express": "^11.0.1",
-    "@rekog/mcp-nest": "^1.6.2",
+    "@tc/mcp-nest": "topcoder-platform/MCP-Nest.git",
+    "axios": "^1.10.0",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.2",
     "dotenv": "^16.5.0",
     "json-stringify-safe": "^5.0.1",
     "jsonwebtoken": "^9.0.2",
     "jwks-rsa": "^3.2.0",
-    "nanoid": "^5.1.5",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.1",
     "zod": "^3.25.67"