refactor(mcp): remove Sombra REST client and all REST-backed tools

[TCJackwood]

Summary

• Removes TranscendRestClient and the entire Sombra REST client infrastructure from mcp-server-core, eliminating the TRANSCEND_API_URL environment variable and rest property from ToolClients.
• Deletes 18 REST-backed MCP tools across 4 domains that depend on Sombra encrypted endpoints: Preferences (6), DSR (8), Discovery (2), Consent (2).
• Updates all CLI bootstrapping, tests, and documentation to reflect a GraphQL-only client architecture. Total tool count drops from 71 to 52.

These tools cannot function without Sombra encrypted communications and will be re-evaluated once the broader Sombra integration strategy is finalized. All remaining 52 tools are GraphQL-only and unaffected.

Removed tools

Domain	Tools removed	Remaining
Preferences	preferences_query, preferences_upsert, preferences_delete, preferences_append_identifiers, preferences_update_identifiers, preferences_delete_identifiers	0
DSR	dsr_submit, dsr_employee_submit, dsr_poll_status, dsr_download_keys, dsr_list_identifiers, dsr_enrich_identifiers, dsr_respond_access, dsr_respond_erasure	4
Discovery	discovery_classify_text, discovery_ner_extract	4
Consent	consent_get_preferences, consent_set_preferences	9

Key file changes

• Deleted: mcp-server-core/src/clients/rest-client.ts (366 lines)
• Deleted: 18 tool definition files across 4 domain packages
• Modified: ToolClients interface, create-server.ts, all domain cli.ts files, registry.ts, umbrella cli.ts
• Updated: All READMEs, test files, and tool count assertions

Test plan

• All MCP packages build successfully (pnpm run --filter './packages/mcp/**' build)
• All MCP tests pass (pnpm run --filter './packages/mcp/**' test)
• Pre-commit hooks (format, lint, typecheck, test) pass
• Pre-push hooks pass
• Verify no runtime regressions with remaining GraphQL-only tools against live API

Made with Cursor

[pkg-pr-new]

Open in StackBlitz

@transcend-io/cli

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/cli@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/cli@83.tgz

@transcend-io/privacy-types

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/privacy-types@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/privacy-types@83.tgz

@transcend-io/sdk

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/sdk@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/sdk@83.tgz

@transcend-io/utils

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/utils@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/utils@83.tgz

@transcend-io/mcp-server

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server@83.tgz

@transcend-io/mcp-server-admin

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-admin@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-admin@83.tgz

@transcend-io/mcp-server-assessments

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-assessments@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-assessments@83.tgz

@transcend-io/mcp-server-consent

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-consent@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-consent@83.tgz

@transcend-io/mcp-server-core

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-core@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-core@83.tgz

@transcend-io/mcp-server-discovery

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-discovery@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-discovery@83.tgz

@transcend-io/mcp-server-dsr

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-dsr@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-dsr@83.tgz

@transcend-io/mcp-server-inventory

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-inventory@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-inventory@83.tgz

@transcend-io/mcp-server-preferences

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-preferences@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-preferences@83.tgz

@transcend-io/mcp-server-workflows

pnpm add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-workflows@83

yarn add https://pkg.pr.new/transcend-io/tools/@transcend-io/mcp-server-workflows@83.tgz

commit: 66ab4ad

[michaelfarrell76]

hm im not sure we actually want to delete these, we can still use these in the MCP it may be better to parameterize the mcp server with a flag that can determine whether or not sombra is available, if sombra is available it conditionally adds the set of mcp functions that use sombra, and the in-app agentic assist would not set this

[TCJackwood]

Yeah I floundered on whether we keep them and make them essentially stubs so, when the AI tries to call that tool, it immediately returns with a canned response about how this tool isn't available yet but will be in the future, then we can eventually add the Sombra encrytion logic back in to re-enable them properly in the future... But removing them entirely felt fine for now to stay unblocked and moving forward.

I'm not sure we really even have a concrete plan for how to manage multi-tenant customer STS instances, or MTS instances, or anything? Open to leaving them in if you have a good idea of how we can do that and keep unencrypted payloads out of our backend and the AI Agent implementation as a whole 🤷