npm - @askmesh/mcp - Versions diffs - 0.11.2 → 0.12.0 - Mend

@askmesh/mcp 0.11.2 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/agent/auto_responder.d.ts +13 -0
package/dist/agent/auto_responder.js +48 -9
package/dist/client/askmesh_client.d.ts +1 -0
package/dist/index.js +3 -2
package/dist/sse/sse_listener.d.ts +1 -0
package/dist/tools/askmesh.js +1 -1
package/package.json +1 -1

package/dist/agent/auto_responder.d.ts CHANGED Viewed

@@ -11,9 +11,22 @@ export declare class AutoResponder {
         agentType: string;
         allowedScopes: string[];
     }): void;
+    /**
+     * Filter scopes by the requester's role.
+     *
+     * Scopes can be encoded with a minimum-role prefix:
+     *   "code"            → all members
+     *   "lead:db-schema"  → lead, admin, owner only
+     *   "admin:db-data"   → admin, owner only
+     *   "owner:secrets"   → owner only
+     *
+     * Returns the bare scope names that this requester is allowed to use.
+     */
+    private filterScopesByRole;
     /**
      * Build a scope-aware extension to the system prompt.
      * Only applies for server agents — dev/ci agents are unrestricted.
+     * `requesterRole` is used to filter role-tiered scopes per request.
      */
     private scopePrompt;
     /**

package/dist/agent/auto_responder.js CHANGED Viewed

@@ -32,23 +32,62 @@ export class AutoResponder {
     setProfile(profile) {
         this.profile = profile;
     }
+    /**
+     * Filter scopes by the requester's role.
+     *
+     * Scopes can be encoded with a minimum-role prefix:
+     *   "code"            → all members
+     *   "lead:db-schema"  → lead, admin, owner only
+     *   "admin:db-data"   → admin, owner only
+     *   "owner:secrets"   → owner only
+     *
+     * Returns the bare scope names that this requester is allowed to use.
+     */
+    filterScopesByRole(rawScopes, requesterRole) {
+        const ROLE_RANK = { member: 1, lead: 2, admin: 3, owner: 4 };
+        const requesterRank = requesterRole ? (ROLE_RANK[requesterRole] || 0) : 0;
+        const result = [];
+        for (const raw of rawScopes) {
+            const idx = raw.indexOf(':');
+            if (idx === -1) {
+                // No prefix → available to everyone
+                result.push(raw);
+                continue;
+            }
+            const minRole = raw.slice(0, idx);
+            const scope = raw.slice(idx + 1);
+            const minRank = ROLE_RANK[minRole];
+            if (!minRank) {
+                // Unknown prefix → treat as plain scope (e.g. "http:something")
+                result.push(raw);
+                continue;
+            }
+            if (requesterRank >= minRank) {
+                result.push(scope);
+            }
+        }
+        return result;
+    }
     /**
      * Build a scope-aware extension to the system prompt.
      * Only applies for server agents — dev/ci agents are unrestricted.
+     * `requesterRole` is used to filter role-tiered scopes per request.
      */
-    scopePrompt() {
+    scopePrompt(requesterRole = null) {
         if (!this.profile || this.profile.agentType !== 'server')
             return '';
-        const scopes = this.profile.allowedScopes;
-        if (!scopes || scopes.length === 0) {
+        const allScopes = this.profile.allowedScopes || [];
+        const scopes = this.filterScopesByRole(allScopes, requesterRole);
+        const roleHint = requesterRole ? ` (requester role: ${requesterRole})` : ' (requester role: unknown)';
+        if (scopes.length === 0) {
             return [
                 '',
-                'SERVER AGENT — RESTRICTIVE MODE:',
-                'No allowed scopes have been declared. Refuse to share any project content.',
-                'Reply with: "This is a restricted server agent. Please ask the human owner directly."',
+                `SERVER AGENT — RESTRICTIVE MODE${roleHint}:`,
+                'No allowed scopes apply for this requester. Refuse to share any project content.',
+                'Reply with: "This server agent is not authorized to share information at your role level."',
             ].join('\n');
         }
-        const lines = ['', 'SERVER AGENT — ALLOWED SCOPES:'];
+        const lines = ['', `SERVER AGENT — ALLOWED SCOPES${roleHint}:`];
         lines.push('You are a restricted server agent. You may ONLY share information that falls within these scopes:');
         for (const s of scopes) {
             lines.push(`  • ${s}`);
@@ -102,7 +141,7 @@ export class AutoResponder {
         if (this.mcpServer) {
             try {
                 const context = readLocalContext();
-                const scopeRules = this.scopePrompt();
+                const scopeRules = this.scopePrompt(request.fromUserRole || null);
                 const result = (await this.mcpServer.request({
                     method: 'sampling/createMessage',
                     params: {
@@ -181,7 +220,7 @@ export class AutoResponder {
     }
     async callAnthropicAPI(apiKey, request, context) {
         const model = process.env.ANTHROPIC_MODEL || 'claude-sonnet-4-20250514';
-        const fullSystem = SYSTEM_PROMPT + this.scopePrompt();
+        const fullSystem = SYSTEM_PROMPT + this.scopePrompt(request.fromUserRole || null);
         const response = await fetch('https://api.anthropic.com/v1/messages', {
             method: 'POST',
             headers: {

package/dist/client/askmesh_client.d.ts CHANGED Viewed

@@ -29,6 +29,7 @@ export declare class AskMeshClient {
             id: number;
             fromAgentId: number;
             fromUsername: string;
+            fromUserRole?: string | null;
             question: string;
             context: string | null;
             status: string;

package/dist/index.js CHANGED Viewed

@@ -11,7 +11,7 @@ const TOKEN = process.env.ASKMESH_TOKEN;
 const URL = process.env.ASKMESH_URL || 'https://api.askmesh.dev';
 const server = new McpServer({
     name: 'askmesh',
-    version: '0.11.2',
+    version: '0.12.0',
 });
 if (!TOKEN) {
     // No token — start in setup-only mode
@@ -61,7 +61,8 @@ else {
                     await autoResponder.handleRequest({
                         id: req.id,
                         fromAgentId: req.fromAgentId,
-                        fromUsername: `agent#${req.fromAgentId}`,
+                        fromUsername: req.fromUsername || `agent#${req.fromAgentId}`,
+                        fromUserRole: req.fromUserRole || null,
                         question: req.question,
                         context: req.context,
                     });

package/dist/sse/sse_listener.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ export interface IncomingRequest {
     id: number;
     fromAgentId: number;
     fromUsername: string;
+    fromUserRole?: string | null;
     question: string;
     context: string | null;
 }

package/dist/tools/askmesh.js CHANGED Viewed

@@ -282,7 +282,7 @@ Si l'utilisateur n'a pas encore de compte, dirige-le vers https://askmesh.dev po
         return text('Action inconnue.');
     });
 }
-const CURRENT_VERSION = '0.11.2';
+const CURRENT_VERSION = '0.12.0';
 async function checkUpdateAndSetup() {
     const lines = [];
     lines.push(`Version actuelle : ${CURRENT_VERSION}`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@askmesh/mcp",
-  "version": "0.11.2",
+  "version": "0.12.0",
   "description": "AskMesh MCP server — connect your AI coding agent to your team's mesh network",
   "type": "module",
   "bin": {