Skip to content

v0.1.8: add logout MCP tool#6

Merged
hculap merged 1 commit into
mainfrom
feat/v0.1.8-mcp-logout
May 19, 2026
Merged

v0.1.8: add logout MCP tool#6
hculap merged 1 commit into
mainfrom
feat/v0.1.8-mcp-logout

Conversation

@hculap
Copy link
Copy Markdown
Owner

@hculap hculap commented May 19, 2026

Why

Claude Desktop user noted the agent couldn't log them out — the MCP surface had `login_browser` + `whoami` + reads/writes on heating state, but no logout. The CLI already had `emodul auth logout` (clears token) and `emodul auth forget-password` (clears keychain), so this just exposes them.

What

New MCP tool:

```
logout(clear_keychain: bool = False)
```

  • `clear_keychain=False` (default): drop `token` + `user_id` from `config.json`, KEEP the keychain password. `login_browser` can re-auth without retyping the password.
  • `clear_keychain=True`: also delete the keychain entry. Auto-refresh on next 401 will fail until `login_browser` runs again.

`destructiveHint=true` so well-behaved clients prompt for confirmation. `idempotentHint=true` because re-running has no extra effect.

Updated

  • Server `instructions` now lists `logout` under AUTH tools (17 tools total: 9 read + 5 write + 3 auth).

Verified

  • `list_tools` returns 17 entries with `logout` present
  • Tool schema includes `clear_keychain: bool`
  • Ruff clean

Release

After merge: tag v0.1.8 → OIDC publish.

@hculap
feat(mcp): add logout tool (clear token, optionally keychain)
2a2197e 
Claude Desktop user noted the agent couldn't log them out because the MCP
surface had no logout tool — only login_browser + whoami + reads/writes
on heating state. The CLI already had `emodul auth logout` (clears token)
and `emodul auth forget-password` (clears keychain). Expose them as a
single MCP tool.

  logout(clear_keychain=False)

- clear_keychain=False (default): drop token + user_id from config.json,
  KEEP the keychain password. login_browser can then re-auth without
  the user typing the password again.
- clear_keychain=True: also delete the keychain entry. Auto-refresh
  on next 401 will fail until login_browser runs again.

destructiveHint=true so well-behaved clients prompt for confirmation;
idempotentHint=true because re-running has no extra effect.

Server instructions updated to list `logout` under AUTH tools (17 total
now: 9 read + 5 write + 3 auth).
@hculap hculap merged commit 5c06be6 into main May 19, 2026
9 checks passed
@hculap hculap deleted the feat/v0.1.8-mcp-logout branch May 19, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hculap