2323 tokenServers string
2424 tokenPermissions string
2525 tokenExpires string
26+ tokenProfilePin string
2627)
2728
2829// GetTokenCommand returns the token parent command.
@@ -73,6 +74,7 @@ Examples:
7374 cmd .Flags ().StringVar (& tokenServers , "servers" , "" , "Comma-separated list of allowed server names, or \" *\" for all (required)" )
7475 cmd .Flags ().StringVar (& tokenPermissions , "permissions" , "" , "Comma-separated permission tiers: read, write, destructive (required, must include read)" )
7576 cmd .Flags ().StringVar (& tokenExpires , "expires" , "30d" , "Token expiry duration (e.g., 7d, 30d, 90d, 365d)" )
77+ cmd .Flags ().StringVar (& tokenProfilePin , "profile-pin" , "" , "Pin this token to a profile; it can only operate in that profile (cannot switch via set_profile or /mcp/p/<other>)" )
7678 _ = cmd .MarkFlagRequired ("name" )
7779 _ = cmd .MarkFlagRequired ("servers" )
7880 _ = cmd .MarkFlagRequired ("permissions" )
@@ -160,6 +162,9 @@ func runTokenCreate(_ *cobra.Command, _ []string) error {
160162 "permissions" : permissions ,
161163 "expires_in" : tokenExpires ,
162164 }
165+ if tokenProfilePin != "" {
166+ body ["profile_pin" ] = tokenProfilePin
167+ }
163168
164169 bodyJSON , err := json .Marshal (body )
165170 if err != nil {
@@ -209,6 +214,9 @@ func runTokenCreate(_ *cobra.Command, _ []string) error {
209214 printField (" Name: " , result , "name" )
210215 printListField (" Servers: " , result , "allowed_servers" )
211216 printListField (" Permissions: " , result , "permissions" )
217+ if pin := getMapString (result , "profile_pin" ); pin != "" {
218+ fmt .Printf (" Profile Pin: %s\n " , pin )
219+ }
212220 printField (" Expires: " , result , "expires_at" )
213221
214222 return nil
@@ -257,9 +265,9 @@ func runTokenList(_ *cobra.Command, _ []string) error {
257265 }
258266
259267 // Table format
260- fmt .Printf ("%-20s %-14s %-25s %-20s %-8s %-25s\n " ,
261- "NAME" , "PREFIX" , "SERVERS" , "PERMISSIONS" , "REVOKED" , "EXPIRES" )
262- fmt .Println (strings .Repeat ("-" , 115 ))
268+ fmt .Printf ("%-20s %-14s %-25s %-20s %-8s %-12s %- 25s\n " ,
269+ "NAME" , "PREFIX" , "SERVERS" , "PERMISSIONS" , "REVOKED" , "PROFILE PIN" , " EXPIRES" )
270+ fmt .Println (strings .Repeat ("-" , 128 ))
263271
264272 for _ , t := range tokens {
265273 tok , ok := t .(map [string ]interface {})
@@ -276,15 +284,20 @@ func runTokenList(_ *cobra.Command, _ []string) error {
276284 serverList := joinInterfaceSlice (tok , "allowed_servers" , 23 )
277285 permList := joinInterfaceSlice (tok , "permissions" , 0 )
278286
287+ pin := getMapString (tok , "profile_pin" )
288+ if pin == "" {
289+ pin = "-"
290+ }
291+
279292 expiresAt := getMapString (tok , "expires_at" )
280293 if expiresAt != "" {
281294 if t , parseErr := time .Parse (time .RFC3339 , expiresAt ); parseErr == nil {
282295 expiresAt = t .Format ("2006-01-02 15:04" )
283296 }
284297 }
285298
286- fmt .Printf ("%-20s %-14s %-25s %-20s %-8s %-25s\n " ,
287- name , prefix , serverList , permList , revoked , expiresAt )
299+ fmt .Printf ("%-20s %-14s %-25s %-20s %-8s %-12s %- 25s\n " ,
300+ name , prefix , serverList , permList , revoked , pin , expiresAt )
288301 }
289302
290303 return nil
@@ -335,6 +348,9 @@ func runTokenShow(_ *cobra.Command, args []string) error {
335348 printField ("Token Prefix: " , result , "token_prefix" )
336349 printListField ("Servers: " , result , "allowed_servers" )
337350 printListField ("Permissions: " , result , "permissions" )
351+ if pin := getMapString (result , "profile_pin" ); pin != "" {
352+ fmt .Printf ("Profile Pin: %s\n " , pin )
353+ }
338354 if revoked , ok := result ["revoked" ].(bool ); ok {
339355 fmt .Printf ("Revoked: %v\n " , revoked )
340356 }
0 commit comments