npm - @ateam-ai/mcp - Versions diffs - 0.3.49 → 0.3.51 - Mend

@ateam-ai/mcp 0.3.49 → 0.3.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/tools.js +158 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ateam-ai/mcp",
-  "version": "0.3.49",
+  "version": "0.3.51",
   "mcpName": "io.github.ariekogan/ateam-mcp",
   "description": "A-Team MCP Server — build, validate, and deploy multi-agent solutions from any AI environment",
   "type": "module",

package/src/tools.js CHANGED Viewed

@@ -271,6 +271,53 @@ export const tools = [
       required: ["solution_id", "skill_id", "message"],
     },
   },
+  {
+    name: "ateam_test_notification",
+    core: true,
+    description:
+      "Fire a REAL notification at an existing actor in a deployed solution — for end-to-end testing of the system-initiated notification path (telegram/push/app channels).\n\n" +
+      "Unlike ateam_test_skill (synthetic test actor with no channels) and ateam_conversation (user-initiated thread), this calls the /api/internal/notify-user path that PCM and other sibling services use — so the actor's real enabled channels actually receive the message.\n\n" +
+      "Use for:\n" +
+      "  • Channel fan-out smoke (does telegram/push/app actually receive it?)\n" +
+      "  • Delivery-result verification (per-channel ok/failed in the response).\n\n" +
+      "⚠️ SAFETY (v1):\n" +
+      "  • The text is prefixed with [TEST] in the actual notification — visible to the user, anti-phishing.\n" +
+      "  • Rate-limited: 10 calls/min per session.\n" +
+      "  • Every call is audited (caller, tenant, actor, content hash) regardless of outcome.\n" +
+      "  • actor_id is scoped to your tenant — cross-tenant targeting is rejected by Core.\n" +
+      "  • reply_handler is INTENTIONALLY NOT SUPPORTED in v1. Routing the user's next reply to an arbitrary skill is a privilege-escalation surface (caller-supplied skill + context). v2 will add a tenant skill allowlist + context schema validation. Until then, use ateam_test_skill for routing/engagement tests.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        solution_id: {
+          type: "string",
+          description: "The solution ID (required for tenant scoping + audit context).",
+        },
+        actor_id: {
+          type: "string",
+          description: "Target actor ID in your tenant (e.g. 'usr_arie_admin_0001'). Must exist; Core rejects if not found in your tenant.",
+        },
+        content: {
+          type: "string",
+          description: "Notification text. Will be sent to all of the actor's enabled channels, prefixed with [TEST] for the recipient.",
+        },
+        urgency: {
+          type: "string",
+          enum: ["low", "normal", "high"],
+          description: "Notification urgency. Default 'normal'.",
+        },
+        source: {
+          type: "string",
+          description: "Audit label for message.source. Default 'ateam-test'.",
+        },
+        metadata: {
+          type: "object",
+          description: "Optional metadata merged into message.metadata. Useful for correlation IDs.",
+        },
+      },
+      required: ["solution_id", "actor_id", "content"],
+    },
+  },
   {
     name: "ateam_conversation",
     core: true,
@@ -1439,6 +1486,7 @@ const TENANT_TOOLS = new Set([
   "ateam_get_execution_logs",
   "ateam_conversation",
   "ateam_test_skill",
+  "ateam_test_notification",
   "ateam_test_pipeline",
   "ateam_test_voice",
   "ateam_test_status",
@@ -2751,6 +2799,116 @@ const handlers = {
     return post(`/deploy/solutions/${solution_id}/skills/${skill_id}/test`, body, sid, { timeoutMs });
   },
+  ateam_test_notification: async ({ solution_id, actor_id, content, urgency, source, metadata, reply_handler, ...rest }, sid) => {
+    if (!solution_id) throw new Error("solution_id required");
+    if (!actor_id) throw new Error("actor_id required");
+    if (!content || typeof content !== "string") throw new Error("content required (string)");
+    // v1: reply_handler is intentionally NOT supported (privilege-escalation
+    // surface — caller could route user's next reply to any skill with
+    // arbitrary context). Reject the field rather than silently dropping it,
+    // so callers know to stop relying on it. v2 will add allowlist + schema.
+    if (reply_handler !== undefined) {
+      throw new Error("reply_handler is not supported in v1 of ateam_test_notification (security: caller-supplied skill + context = privilege escalation). v2 will add a tenant skill allowlist + context schema. For routing/engagement tests, use ateam_test_skill instead.");
+    }
+    // Defense-in-depth: also reject any unknown field that might smuggle a
+    // reply_handler via case variants or aliases.
+    for (const k of Object.keys(rest || {})) {
+      if (/reply/i.test(k) || /handler/i.test(k)) {
+        throw new Error(`Unsupported field "${k}" in ateam_test_notification (likely a reply_handler alias — see v1 safety note).`);
+      }
+    }
+    // Rate limit: 10 calls / minute / session. In-memory; bounded leak fine
+    // for a test tool. Survives until process restart, which is acceptable
+    // (the bound is per-session, not per-tenant).
+    const RATE_LIMIT = 10;
+    const RATE_WINDOW_MS = 60_000;
+    if (!globalThis.__notifyRateLimit) globalThis.__notifyRateLimit = new Map();
+    const bucket = globalThis.__notifyRateLimit;
+    const now = Date.now();
+    const entry = bucket.get(sid) || { times: [] };
+    entry.times = entry.times.filter(t => now - t < RATE_WINDOW_MS);
+    if (entry.times.length >= RATE_LIMIT) {
+      const waitMs = RATE_WINDOW_MS - (now - entry.times[0]);
+      throw new Error(`Rate limited: max ${RATE_LIMIT} ateam_test_notification calls per minute per session. Retry in ${Math.ceil(waitMs / 1000)}s.`);
+    }
+    entry.times.push(now);
+    bucket.set(sid, entry);
+    // Get the authed tenant — used for X-ADAS-TENANT header (Core scopes
+    // the actor lookup by tenant, so cross-tenant targeting is rejected at
+    // Core regardless of what we pass).
+    const creds = getCredentials(sid);
+    const tenant = creds?.tenant;
+    if (!tenant) throw new Error("No tenant in session — call ateam_auth first.");
+    const coreUrl = process.env.ADAS_CORE_URL || "http://adas-backend:4000";
+    const coreSecret = process.env.CORE_MCP_SECRET;
+    if (!coreSecret) {
+      throw new Error("Server config error: CORE_MCP_SECRET not set. ateam_test_notification requires the platform shared secret (sibling-service auth). Contact platform admin.");
+    }
+    // Force [TEST] prefix on the user-visible content. Anti-phishing rail:
+    // even if a tenant admin api key were misused, the recipient sees
+    // [TEST] on the actual message — they can't be fooled into thinking
+    // it's a system-initiated production notification.
+    const safeContent = content.startsWith("[TEST]") ? content : `[TEST] ${content}`;
+    // Audit log (cheap — console). Replace with structured audit when one exists.
+    const contentHash = (await import("node:crypto")).createHash("sha256").update(content).digest("hex").slice(0, 12);
+    console.log(JSON.stringify({
+      audit: "ateam_test_notification",
+      tenant,
+      solution_id,
+      actor_id,
+      caller_session: sid?.slice(0, 8),
+      content_preview: content.slice(0, 60),
+      content_hash: contentHash,
+      urgency: urgency || "normal",
+      at: new Date().toISOString(),
+    }));
+    const body = {
+      actorId: actor_id,
+      content: safeContent,
+      urgency: urgency || "normal",
+      metadata: { ...(metadata || {}), source: source || "ateam-test", _test: true },
+    };
+    const res = await fetch(`${coreUrl}/api/internal/notify-user`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-ADAS-TOKEN": coreSecret,
+        "X-ADAS-TENANT": tenant,
+        "X-ADAS-SERVICE": "ateam-mcp.test_notification",
+      },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(15_000),
+    });
+    const text = await res.text();
+    let data;
+    try { data = JSON.parse(text); } catch { data = { ok: false, error: text.slice(0, 400) }; }
+    if (!res.ok) {
+      // Surface Core's actual reason — "actor not found in tenant" is the
+      // most common (caller mistyped the actor_id), 502 = notif-router down.
+      throw new Error(`Core /api/internal/notify-user returned ${res.status}: ${data.error || JSON.stringify(data).slice(0, 200)}`);
+    }
+    return {
+      ok: true,
+      tenant,
+      actor_id,
+      dispatchId: data.dispatchId || null,
+      notification_id: data.dispatchId || null, // alias matching the spec
+      results: data.results || [],
+      content_preview: safeContent.slice(0, 80),
+    };
+  },
   ateam_test_pipeline: async ({ solution_id, skill_id, message }, sid) =>
     post(`/deploy/solutions/${solution_id}/skills/${skill_id}/test-pipeline`, { message }, sid, { timeoutMs: 30_000 }),