flfeders/FEDEO
2
1
Fork 0
Code Issues 96 Pull Requests Actions Packages Projects 22 Releases Wiki Activity

MCP-Server für Buchhaltung und Organisation ergänzen

Browse Source 
Fügt einen geschützten MCP-JSON-RPC-Endpunkt mit Buchhaltungs-Tools und Aufgaben-Tools hinzu. Berechtigungen werden rollenbasiert pro Mandant geprüft und die Auth-Logik berücksichtigt nun alle Rollen eines Nutzers.
This commit is contained in:
florianfederspiel
2026-05-11 12:43:58 +02:00
parent 0f5275b870
commit a8450fc0c6
9 changed files with 703 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
backend/src/mcp/tools/accounting.ts Normal file
View File

@@ -0,0 +1,194 @@
import { and, desc, eq, ilike, or } from "drizzle-orm"
import {
accounts,
bankstatements,
incominginvoices,
statementallocations,
} from "../../../db/schema"
import { McpTool } from "../types"
const limitFromArgs = (args: Record<string, unknown>, fallback = 25) => {
const raw = Number(args.limit ?? fallback)
if (!Number.isFinite(raw)) return fallback
return Math.min(Math.max(Math.trunc(raw), 1), 100)
}
const stringArg = (args: Record<string, unknown>, key: string) => {
const value = args[key]
return typeof value === "string" && value.trim() ? value.trim() : null
}
const numberArg = (args: Record<string, unknown>, key: string) => {
const value = Number(args[key])
return Number.isFinite(value) ? value : null
}
export const accountingTools: McpTool[] = [
{
name: "accounting.accounts.search",
title: "Konten suchen",
description: "Sucht Sachkonten im aktiven Kontenrahmen des Mandanten.",
requiredPermissions: ["accounting.accounts.read"],
inputSchema: {
type: "object",
properties: {
query: { type: "string", description: "Suchtext für Kontonummer, Bezeichnung oder Beschreibung." },
limit: { type: "number", minimum: 1, maximum: 100 },
},
},
async handler(context, args) {
const tenantRows = await context.server.db.query.tenants.findMany({
where: (tenant, { eq }) => eq(tenant.id, context.tenantId),
columns: {
accountChart: true,
},
limit: 1,
})
const accountChart = tenantRows[0]?.accountChart || "skr03"
const query = stringArg(args, "query")
const limit = limitFromArgs(args)
const whereCond = query
? and(
eq(accounts.accountChart, accountChart),
or(
ilike(accounts.number, `%${query}%`),
ilike(accounts.label, `%${query}%`),
ilike(accounts.description, `%${query}%`)
)
)
: eq(accounts.accountChart, accountChart)
const rows = await context.server.db
.select()
.from(accounts)
.where(whereCond)
.orderBy(accounts.number)
.limit(limit)
return { accountChart, rows }
},
},
{
name: "accounting.incoming_invoices.list",
title: "Eingangsrechnungen auflisten",
description: "Listet Eingangsrechnungen des aktiven Mandanten.",
requiredPermissions: ["accounting.incoming_invoices.read"],
inputSchema: {
type: "object",
properties: {
state: { type: "string", description: "Optionaler Statusfilter." },
paid: { type: "boolean", description: "Optionaler Zahlungsstatus." },
includeArchived: { type: "boolean", default: false },
limit: { type: "number", minimum: 1, maximum: 100 },
},
},
async handler(context, args) {
const conditions = [eq(incominginvoices.tenant, context.tenantId)]
const state = stringArg(args, "state")
if (state) conditions.push(eq(incominginvoices.state, state))
if (typeof args.paid === "boolean") conditions.push(eq(incominginvoices.paid, args.paid))
if (args.includeArchived !== true) conditions.push(eq(incominginvoices.archived, false))
const rows = await context.server.db
.select()
.from(incominginvoices)
.where(and(...conditions))
.orderBy(desc(incominginvoices.createdAt))
.limit(limitFromArgs(args))
return { rows }
},
},
{
name: "accounting.incoming_invoices.get",
title: "Eingangsrechnung laden",
description: "Lädt eine Eingangsrechnung des aktiven Mandanten anhand ihrer ID.",
requiredPermissions: ["accounting.incoming_invoices.read"],
inputSchema: {
type: "object",
required: ["id"],
properties: {
id: { type: "number" },
},
},
async handler(context, args) {
const id = numberArg(args, "id")
if (!id) throw new Error("id ist erforderlich")
const rows = await context.server.db
.select()
.from(incominginvoices)
.where(and(eq(incominginvoices.id, id), eq(incominginvoices.tenant, context.tenantId)))
.limit(1)
if (!rows[0]) throw new Error("Eingangsrechnung nicht gefunden")
return { invoice: rows[0] }
},
},
{
name: "accounting.bank_statements.list",
title: "Bankumsätze auflisten",
description: "Listet Bankumsätze des aktiven Mandanten.",
requiredPermissions: ["accounting.bank.read"],
inputSchema: {
type: "object",
properties: {
account: { type: "number", description: "Optionale Bankkonto-ID." },
includeArchived: { type: "boolean", default: false },
limit: { type: "number", minimum: 1, maximum: 100 },
},
},
async handler(context, args) {
const conditions = [eq(bankstatements.tenant, context.tenantId)]
const account = numberArg(args, "account")
if (account) conditions.push(eq(bankstatements.account, account))
if (args.includeArchived !== true) conditions.push(eq(bankstatements.archived, false))
const rows = await context.server.db
.select()
.from(bankstatements)
.where(and(...conditions))
.orderBy(desc(bankstatements.date), desc(bankstatements.id))
.limit(limitFromArgs(args))
return { rows }
},
},
{
name: "accounting.statement_allocations.list",
title: "Buchungszuordnungen auflisten",
description: "Listet Buchungszuordnungen des aktiven Mandanten.",
requiredPermissions: ["accounting.statement_allocations.read"],
inputSchema: {
type: "object",
properties: {
bankstatement: { type: "number" },
incominginvoice: { type: "number" },
includeArchived: { type: "boolean", default: false },
limit: { type: "number", minimum: 1, maximum: 100 },
},
},
async handler(context, args) {
const conditions = [eq(statementallocations.tenant, context.tenantId)]
const bankstatement = numberArg(args, "bankstatement")
const incominginvoice = numberArg(args, "incominginvoice")
if (bankstatement) conditions.push(eq(statementallocations.bankstatement, bankstatement))
if (incominginvoice) conditions.push(eq(statementallocations.incominginvoice, incominginvoice))
if (args.includeArchived !== true) conditions.push(eq(statementallocations.archived, false))
const rows = await context.server.db
.select()
.from(statementallocations)
.where(and(...conditions))
.orderBy(desc(statementallocations.created_at))
.limit(limitFromArgs(args))
return { rows }
},
},
]

183
backend/src/mcp/tools/organisation.ts Normal file
View File

@@ -0,0 +1,183 @@
import { and, desc, eq, ilike, or } from "drizzle-orm"
import { tasks } from "../../../db/schema"
import { McpTool } from "../types"
const limitFromArgs = (args: Record<string, unknown>, fallback = 25) => {
const raw = Number(args.limit ?? fallback)
if (!Number.isFinite(raw)) return fallback
return Math.min(Math.max(Math.trunc(raw), 1), 100)
}
const stringArg = (args: Record<string, unknown>, key: string) => {
const value = args[key]
return typeof value === "string" && value.trim() ? value.trim() : null
}
const numberArg = (args: Record<string, unknown>, key: string) => {
const value = Number(args[key])
return Number.isFinite(value) ? value : null
}
export const organisationTools: McpTool[] = [
{
name: "organisation.tasks.list",
title: "Aufgaben auflisten",
description: "Listet Aufgaben des aktiven Mandanten mit optionalen Filtern.",
requiredPermissions: ["organisation.tasks.read"],
inputSchema: {
type: "object",
properties: {
query: { type: "string", description: "Suchtext für Name, Beschreibung oder Kategorie." },
project: { type: "number" },
customer: { type: "number" },
includeArchived: { type: "boolean", default: false },
limit: { type: "number", minimum: 1, maximum: 100 },
},
},
async handler(context, args) {
const conditions = [eq(tasks.tenant, context.tenantId)]
const query = stringArg(args, "query")
const project = numberArg(args, "project")
const customer = numberArg(args, "customer")
if (query) {
conditions.push(or(
ilike(tasks.name, `%${query}%`),
ilike(tasks.description, `%${query}%`),
ilike(tasks.categorie, `%${query}%`)
))
}
if (project) conditions.push(eq(tasks.project, project))
if (customer) conditions.push(eq(tasks.customer, customer))
if (args.includeArchived !== true) conditions.push(eq(tasks.archived, false))
const rows = await context.server.db
.select()
.from(tasks)
.where(and(...conditions))
.orderBy(desc(tasks.createdAt))
.limit(limitFromArgs(args))
return { rows }
},
},
{
name: "organisation.tasks.get",
title: "Aufgabe laden",
description: "Lädt eine Aufgabe des aktiven Mandanten anhand ihrer ID.",
requiredPermissions: ["organisation.tasks.read"],
inputSchema: {
type: "object",
required: ["id"],
properties: {
id: { type: "number" },
},
},
async handler(context, args) {
const id = numberArg(args, "id")
if (!id) throw new Error("id ist erforderlich")
const rows = await context.server.db
.select()
.from(tasks)
.where(and(eq(tasks.id, id), eq(tasks.tenant, context.tenantId)))
.limit(1)
if (!rows[0]) throw new Error("Aufgabe nicht gefunden")
return { task: rows[0] }
},
},
{
name: "organisation.tasks.create",
title: "Aufgabe erstellen",
description: "Erstellt eine neue Aufgabe im aktiven Mandanten.",
requiredPermissions: ["organisation.tasks.write"],
inputSchema: {
type: "object",
required: ["name"],
properties: {
name: { type: "string" },
description: { type: "string" },
categorie: { type: "string" },
project: { type: "number" },
plant: { type: "number" },
customer: { type: "number" },
userId: { type: "string" },
profiles: { type: "array", items: { type: "string" } },
},
},
async handler(context, args) {
const name = stringArg(args, "name")
if (!name) throw new Error("name ist erforderlich")
const [created] = await context.server.db
.insert(tasks)
.values({
name,
description: stringArg(args, "description"),
categorie: stringArg(args, "categorie"),
tenant: context.tenantId,
userId: stringArg(args, "userId") || context.userId,
project: numberArg(args, "project"),
plant: numberArg(args, "plant"),
customer: numberArg(args, "customer"),
profiles: Array.isArray(args.profiles) ? args.profiles : [],
updatedAt: new Date(),
updatedBy: context.userId,
})
.returning()
return { task: created }
},
},
{
name: "organisation.tasks.update",
title: "Aufgabe aktualisieren",
description: "Aktualisiert Felder einer Aufgabe im aktiven Mandanten.",
requiredPermissions: ["organisation.tasks.write"],
inputSchema: {
type: "object",
required: ["id"],
properties: {
id: { type: "number" },
name: { type: "string" },
description: { type: "string" },
categorie: { type: "string" },
project: { type: "number" },
plant: { type: "number" },
customer: { type: "number" },
userId: { type: "string" },
profiles: { type: "array", items: { type: "string" } },
archived: { type: "boolean" },
},
},
async handler(context, args) {
const id = numberArg(args, "id")
if (!id) throw new Error("id ist erforderlich")
const update: Record<string, unknown> = {
updatedAt: new Date(),
updatedBy: context.userId,
}
for (const key of ["name", "description", "categorie", "userId"] as const) {
if (args[key] !== undefined) update[key] = stringArg(args, key)
}
for (const key of ["project", "plant", "customer"] as const) {
if (args[key] !== undefined) update[key] = numberArg(args, key)
}
if (Array.isArray(args.profiles)) update.profiles = args.profiles
if (typeof args.archived === "boolean") update.archived = args.archived
const [updated] = await context.server.db
.update(tasks)
.set(update)
.where(and(eq(tasks.id, id), eq(tasks.tenant, context.tenantId)))
.returning()
if (!updated) throw new Error("Aufgabe nicht gefunden")
return { task: updated }
},
},
]