npm - @dashclaw/mcp-server - Versions diffs - 1.0.0 → 1.0.2 - Mend

@dashclaw/mcp-server 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -7,7 +7,7 @@ MCP server for [DashClaw](https://github.com/ucsandman/DashClaw) governance. Exp
 ### Claude Desktop / Claude Code (stdio)
 ```bash
-npx @dashclaw/mcp-server --url https://your-dashclaw.vercel.app --key oc_live_xxx
+npx -y @dashclaw/mcp-server --url https://your-dashclaw.vercel.app --key oc_live_xxx --agent-id claude-desktop
 ```
 Or add to `claude_desktop_config.json`:
@@ -17,16 +17,19 @@ Or add to `claude_desktop_config.json`:
   "mcpServers": {
     "dashclaw": {
       "command": "npx",
-      "args": ["@dashclaw/mcp-server"],
+      "args": ["-y", "@dashclaw/mcp-server"],
       "env": {
         "DASHCLAW_URL": "https://your-dashclaw.vercel.app",
-        "DASHCLAW_API_KEY": "oc_live_xxx"
+        "DASHCLAW_API_KEY": "oc_live_xxx",
+        "DASHCLAW_AGENT_ID": "claude-desktop"
       }
     }
   }
 }
 ```
+**About `DASHCLAW_AGENT_ID`:** this is the name that shows up on `/fleet`, `/decisions`, and every other governance surface. If you omit it, the server auto-derives an `agent_id` from the MCP protocol's `clientInfo.name` (e.g. `claude-ai` for Claude Desktop, `cursor-vscode` for Cursor) so calls don't silently commingle with other agents — but a human-friendly name like `claude-desktop` is what you actually want for dashboard readability. Explicit configuration always wins over auto-derivation.
 ### Claude Managed Agents (Streamable HTTP)
 If you're running DashClaw, the MCP endpoint is built in at `/api/mcp`:

package/bin/dashclaw-mcp.js CHANGED Viewed

@@ -45,7 +45,31 @@ config.url = config.url || process.env.DASHCLAW_URL;
 config.apiKey = config.apiKey || process.env.DASHCLAW_API_KEY;
 config.agentId = config.agentId || process.env.DASHCLAW_AGENT_ID;
-const server = createServer(config);
+const { server, client } = createServer(config);
 const transport = new StdioServerTransport();
 await server.connect(transport);
+// Auto-derive agent_id from the MCP `initialize` clientInfo when the user
+// hasn't supplied --agent-id or DASHCLAW_AGENT_ID. Without this, every call
+// from Claude Desktop, MCP Inspector, etc. arrives with an empty agent_id and
+// silently commingles with whatever default the server falls back to (almost
+// always `claude-code`). The MCP protocol's clientInfo.name identifies the
+// connecting client (e.g. "claude-ai" for Claude Desktop, "cursor-vscode" for
+// Cursor) so we use it as a sensible default — explicit configuration still
+// wins, because we only set it when client.agentId is empty.
+const originalOnMessage = transport.onmessage;
+if (typeof originalOnMessage === 'function') {
+  transport.onmessage = (message) => {
+    if (
+      message?.method === 'initialize' &&
+      !client.agentId &&
+      message.params?.clientInfo?.name
+    ) {
+      client.agentId = String(message.params.clientInfo.name);
+      console.error(`[dashclaw] auto-derived agent_id from MCP clientInfo: ${client.agentId}`);
+    }
+    return originalOnMessage(message);
+  };
+}
 console.error('@dashclaw/mcp-server running on stdio');

package/lib/server.js CHANGED Viewed

@@ -33,7 +33,10 @@ function jsonSchemaToInputSchema(jsonSchema) {
  * @param {string} [config.url] - DashClaw instance URL (default: http://localhost:3000)
  * @param {string} [config.apiKey] - API key (oc_live_ prefix)
  * @param {string} [config.agentId] - Default agent ID for tool calls
- * @returns {McpServer} Configured MCP server ready to connect
+ * @returns {{ server: McpServer, client: DashClawClient }} Configured MCP server
+ *   ready to connect, plus the DashClawClient so callers (the stdio bin) can
+ *   auto-derive `agentId` from the MCP initialize handshake when no
+ *   --agent-id / DASHCLAW_AGENT_ID was provided.
  */
 export function createServer(config = {}) {
   // 1. Create DashClawClient
@@ -51,7 +54,7 @@ export function createServer(config = {}) {
   const server = new McpServer(
     {
       name: '@dashclaw/mcp-server',
-      version: '1.0.0',
+      version: '1.0.2',
     },
     {
       capabilities: {
@@ -128,5 +131,5 @@ export function createServer(config = {}) {
     }
   }
-  return server;
+  return { server, client };
 }

package/lib/tools.js CHANGED Viewed

@@ -397,7 +397,15 @@ export const TOOL_DEFINITIONS = [
  * @returns {Object<string, function>}
  */
 export function createToolHandlers(client) {
-  const agentId = (input) => input.agent_id || client.agentId;
+  // Priority: server-configured agent_id (DASHCLAW_AGENT_ID / --agent-id /
+  // auto-derived from MCP clientInfo) wins over anything the LLM passes in the
+  // tool call. This is deliberate: agent identity is a governance primitive,
+  // and letting the LLM pick its own agent_id based on prompt context (e.g.
+  // it sees "smoke test" and picks "claude-mcp-smoketest") breaks attribution
+  // and lets a single misbehaving prompt impersonate a different agent. The
+  // input.agent_id field is preserved only as a last-resort fallback for
+  // configurations that intentionally run without a server-level default.
+  const agentId = (input) => client.agentId || input.agent_id;
   return {
     async dashclaw_optimal_files_preview(input) {

package/package.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "name": "@dashclaw/mcp-server",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "MCP server for DashClaw governance — guard, record, invoke, and discover capabilities.",
   "type": "module",
   "bin": {
-    "dashclaw-mcp": "./bin/dashclaw-mcp.js"
+    "dashclaw-mcp": "bin/dashclaw-mcp.js"
   },
   "main": "./lib/server.js",
   "exports": {