Metadata-Version: 2.4
Name: anthropic-admin-mcp
Version: 0.1.0
Summary: MCP server for the Anthropic Admin API — manage your Claude org from any MCP-compatible client.
Project-URL: Homepage, https://github.com/Trushtonfactory/anthropic-admin-mcp
Project-URL: Repository, https://github.com/Trushtonfactory/anthropic-admin-mcp
Author: Tyler Rushton
License: MIT
License-File: LICENSE
Keywords: admin,anthropic,claude,mcp,model-context-protocol
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.10
Requires-Dist: fastmcp>=2.0
Requires-Dist: httpx>=0.27
Requires-Dist: pydantic>=2.0
Requires-Dist: python-dotenv>=1.0
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.21; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Description-Content-Type: text/markdown

# anthropic-admin-mcp

> The MCP server Anthropic hasn't shipped yet — full coverage of the Anthropic Admin API and the Usage & Cost API, properly typed, properly tooled, and properly safety-scoped.

Manage your Anthropic organization from any MCP-compatible client (Claude Desktop, Cursor, Windsurf, ChatGPT, etc.) using natural language:

- *"What did my organization spend last week, grouped by workspace?"*
- *"Which API key burned through the most Opus tokens yesterday?"*
- *"Show me Pre-Mortem's usage day-by-day for the last 14 days."*
- *"Invite contractor@example.com as a developer to the Sandbox workspace."*
- *"Deactivate the API key named 'old-laptop'."*

10 read tools, 10 write tools, audit logging, optional workspace scoping, read-only mode, role-escalation guard.

## Why this exists

Anthropic ships an excellent Admin API with ~22 endpoints across organization management, workspaces, members, API keys, usage reporting, and cost reporting. Existing MCP wrappers from third parties cover a tiny slice of it through commercial integration platforms. This server is **native, free, open-source, and complete** — installable in two minutes against your own Admin key.

## Install

```bash
pip install git+https://github.com/Trushtonfactory/anthropic-admin-mcp.git
```

Or for local development:

```bash
git clone https://github.com/Trushtonfactory/anthropic-admin-mcp.git
cd anthropic-admin-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
```

## Configure

1. Get an Admin API key at **console.anthropic.com → Settings → Admin Keys**.
   *Requires an Organization plan (Team / Pro+ / Enterprise) and the admin role. Individual accounts cannot create Admin keys.*

2. Copy `.env.example` to `.env` and fill in your key:

   ```bash
   cp .env.example .env
   # edit .env: ANTHROPIC_ADMIN_KEY=sk-ant-admin-...
   ```

3. Wire it into your MCP client. For Claude Desktop, add to `~/Library/Application Support/Claude/claude_desktop_config.json`:

   ```json
   {
     "mcpServers": {
       "anthropic-admin": {
         "command": "anthropic-admin-mcp",
         "env": {
           "ANTHROPIC_ADMIN_KEY": "sk-ant-admin-..."
         }
       }
     }
   }
   ```

   See `examples/claude_desktop_config.json` for more options (read-only mode, workspace scoping).

## Tools

### Read (10)

| Tool                        | Purpose                                      |
| --------------------------- | -------------------------------------------- |
| `get_org_info`              | Smoke-test the key; return org id + name     |
| `list_members`              | List org members and roles                   |
| `list_invites`              | List pending and historical invites          |
| `list_workspaces`           | List active (and optionally archived) workspaces |
| `get_workspace`             | Resolve a workspace ID to its full record    |
| `list_workspace_members`    | List members of a specific workspace         |
| `list_api_keys`             | List keys with filters by status / workspace |
| `get_usage_report`          | Token usage, grouped by workspace/api_key/model/etc. |
| `get_cost_report`           | Dollar costs, grouped by workspace / description |
| `get_claude_code_usage`     | Claude Code-specific usage data              |

### Write (10) — all require `confirm=True`

| Tool                            | Action                                          |
| ------------------------------- | ----------------------------------------------- |
| `invite_member`                 | Send an invite (cannot grant admin)             |
| `delete_invite`                 | Cancel a pending invite                         |
| `update_member_role`            | Change a member's org role (cannot touch admin) |
| `remove_member`                 | Remove a non-admin member                       |
| `create_workspace`              | Create a new workspace                          |
| `update_workspace`              | Rename or recolor a workspace                   |
| `archive_workspace`             | Archive a workspace                             |
| `add_workspace_member`          | Grant workspace access                          |
| `update_workspace_member_role`  | Change a workspace role                         |
| `remove_workspace_member`       | Revoke workspace access                         |
| `update_api_key`                | Rename or deactivate an API key                 |

## Running

```bash
# Full mode (read + write), stdio transport
anthropic-admin-mcp

# Read-only — recommended for first-time setup
anthropic-admin-mcp --read-only

# Streamable HTTP (for remote MCP clients)
anthropic-admin-mcp --http --port 8000

# Restrict writes to specific workspaces (set in .env or shell)
ALLOWED_WORKSPACES=wrkspc_abc,wrkspc_xyz anthropic-admin-mcp
```

## Safety

See [SECURITY.md](./SECURITY.md) for the full threat model and design notes. The short version:

- **Reads are open.** Anything the Admin API exposes with your key, this server exposes.
- **Writes are guarded.** Every mutation requires `confirm=True`, gets audit-logged to JSONL, and respects optional workspace scoping.
- **Role escalation is blocked client-side** even though the API itself blocks it server-side — clearer error messages for Claude.
- **No credential exfiltration paths.** The Admin API never returns key values, and this server never logs the Admin key itself.

## Status

v0.1.0 — read + write tool surface complete. Pagination, error messages, and audit logging tested manually. No usage limits implemented yet. Pydantic response models are minimal (tools return raw dicts).

Issues and PRs welcome.

## License

MIT — see [LICENSE](./LICENSE).
