CC-3677: account-create tool + owner-token stash#811
Draft
joaodaher wants to merge 1 commit into
Draft
Conversation
Phase 0 (MCP side) of agent-driven onboarding. Adds the low-level `dbt_admin_account_create(name, owner_email, created_via?)` tool that calls the public dbt-cloud POST /api/v3/accounts/ endpoint via a token-less, host-only client (account creation happens before any account or token exists, so it must not trigger the OAuth login flow). On success it stashes the returned account_id + owner token into the shared CredentialsProvider, so the existing account-scoped admin/onboarding tools authenticate automatically for the rest of the session. Gated under the admin_api toolset; billable so destructive-confirm applies. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
joaodaher
force-pushed
the
cc3677-mcp-account-create
branch
from
1821966 to
0b8e8a8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this does
Adds one low-level MCP tool,
dbt_admin_account_create, so an AI assistant can bootstrap a brand-new dbt platform account for a user who doesn't have one yet.The chicken-and-egg problem it solves: every other admin/onboarding tool needs an account id + token, but a brand-new user has neither. This tool calls the public dbt-cloud endpoint (
POST /api/v3/accounts/, see dbt-labs/dbt-cloud#17982) with just the host — no token — and gets back{ account_id, owner_token }.The clever bit: token stash
After creating the account, it stashes the
account_id+ owner token into the shared credentials provider. So the moment the account exists, every following account-scoped tool (dbt_admin_onboarding_get/validate/apply, etc.) authenticates automatically — the user never has to paste a token.Because account creation happens before any token exists, the client deliberately does not call
get_credentials()(which would kick off the OAuth login flow); it reads the host straight off settings.Notes
admin_apitoolset (so it only appears when admin tools are enabled).DBT_HOSTat the dbt-cloudpersistent-envPR environment, call this tool, then drive the onboarding tools against the freshly-created account.🤖 Generated with Claude Code