@agentforge-io/core 2.0.3 → 2.0.4

package/dist/services/mcp-client.service.js

@@ -71,6 +71,10 @@ class McpClientService {
                 // Carry the MCP origin through to the registry so /tools can label
                 // and group these distinctly from built-ins / connector tools.
                 mcpServerName: config.name,
+                // Propagate the owning tenant when the host wired one; lets the
+                // catalog endpoint scope MCP rows per workspace so deepwiki@tenantA
+                // doesn't leak into tenantB's tools picker.
+                ...(config.tenantId ? { tenantId: config.tenantId } : {}),
             };
             this.registry.register(wrapped);
             handles.push({

package/dist/services/mcp-server.service.js

@@ -158,5 +158,9 @@ function toClientConfig(r) {
         transport: r.transport,
         url: r.url,
         headers: r.headers,
+        // Propagate the owning tenant so the registry can scope `/tools` by
+        // workspace; harmless on single-tenant deployments where it stays
+        // undefined.
+        tenantId: r.tenantId,
     };
 }

package/dist/services/tool-registry.service.d.ts

@@ -32,7 +32,15 @@ export declare class ToolRegistryService {
      * `execute` function (not serializable) and surfaces the per-tool agent
      * allowlist so a UI can show "this tool is only usable by agent X".
      */
-    describe(): ToolDescription[];
+    /**
+     * Public catalog. Pass `tenantId` to scope tenant-tagged tools (MCP rows
+     * registered per-tenant) to that tenant; built-ins and untagged tools are
+     * always returned. Omit `tenantId` to keep the legacy behavior of
+     * returning everything (used by tests and single-tenant deployments).
+     */
+    describe(opts?: {
+        tenantId?: string;
+    }): ToolDescription[];
 }
 export interface ToolDescription {
     name: string;
@@ -55,4 +63,11 @@ export interface ToolDescription {
      * from built-ins / connector tools.
      */
     mcpServerName?: string;
+    /**
+     * Owning tenant for tenant-scoped tools (MCP servers registered per
+     * tenant). When the catalog endpoint is called with a tenant the
+     * registry filters by this field so workspaces don't see each other's
+     * MCP rows. Built-ins and untagged tools omit it.
+     */
+    tenantId?: string;
 }

package/dist/services/tool-registry.service.js

@@ -89,8 +89,27 @@ class ToolRegistryService {
      * `execute` function (not serializable) and surfaces the per-tool agent
      * allowlist so a UI can show "this tool is only usable by agent X".
      */
-    describe() {
-        return Array.from(this.tools.values()).map((t) => ({
+    /**
+     * Public catalog. Pass `tenantId` to scope tenant-tagged tools (MCP rows
+     * registered per-tenant) to that tenant; built-ins and untagged tools are
+     * always returned. Omit `tenantId` to keep the legacy behavior of
+     * returning everything (used by tests and single-tenant deployments).
+     */
+    describe(opts) {
+        const callerTenant = opts?.tenantId;
+        return Array.from(this.tools.values())
+            .filter((t) => {
+            // Tools without a tenant tag are global (built-ins, untagged MCPs
+            // from older callers). Tools with a tenant tag only appear for the
+            // matching tenant; when no caller tenant was supplied we surface
+            // them all (backwards-compat).
+            if (!t.tenantId)
+                return true;
+            if (!callerTenant)
+                return true;
+            return t.tenantId === callerTenant;
+        })
+            .map((t) => ({
             name: t.name,
             description: t.description,
             inputSchema: t.inputSchema,
@@ -98,6 +117,7 @@ class ToolRegistryService {
             ...(t.connectorId ? { connectorId: t.connectorId } : {}),
             ...(t.connectorName ? { connectorName: t.connectorName } : {}),
             ...(t.mcpServerName ? { mcpServerName: t.mcpServerName } : {}),
+            ...(t.tenantId ? { tenantId: t.tenantId } : {}),
         }));
     }
 }

package/dist/types/agent.types.d.ts

@@ -97,6 +97,11 @@ export interface AgentToolDefinition {
     /** MCP server this tool was discovered from. Set by McpClientService when
      *  wrapping a remote tool; left undefined for built-ins and connector tools. */
     mcpServerName?: string;
+    /** Owning tenantId for tenant-scoped tools (MCP servers registered per
+     *  tenant). Used by `/tools` to filter results to the caller's tenant so
+     *  the catalog doesn't leak another workspace's rows. Built-ins leave
+     *  this unset and remain globally visible. */
+    tenantId?: string;
 }
 export interface ToolExecutionContext {
     userId: string;

package/dist/types/config.types.d.ts

@@ -133,4 +133,11 @@ export interface McpServerConfig {
      * secrets via the host's SecretsService before passing them here.
      */
     headers?: Record<string, string>;
+    /**
+     * When the host stores MCP server records per-tenant, pass the owning
+     * tenantId here so the registry can scope `/tools` results to the caller
+     * and avoid leaking another workspace's catalog rows. Optional — leave
+     * unset for hosts with a single global MCP catalog.
+     */
+    tenantId?: string;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentforge-io/core",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "description": "Framework-free AI runtime SDK. Owns: agent loop (Anthropic), conversations, tools, streaming, agent-job queue, SdkHooks. Identity, billing, infra (email/uploads/secrets) live in the host's modules — not here.",
   "license": "MIT",
   "main": "dist/index.js",