npm - @dashclaw/mcp-server - Versions diffs - 1.0.1 → 1.0.2 - Mend

@dashclaw/mcp-server 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/server.js CHANGED Viewed

@@ -54,7 +54,7 @@ export function createServer(config = {}) {
   const server = new McpServer(
     {
       name: '@dashclaw/mcp-server',
-      version: '1.0.1',
+      version: '1.0.2',
     },
     {
       capabilities: {

package/lib/tools.js CHANGED Viewed

@@ -397,7 +397,15 @@ export const TOOL_DEFINITIONS = [
  * @returns {Object<string, function>}
  */
 export function createToolHandlers(client) {
-  const agentId = (input) => input.agent_id || client.agentId;
+  // Priority: server-configured agent_id (DASHCLAW_AGENT_ID / --agent-id /
+  // auto-derived from MCP clientInfo) wins over anything the LLM passes in the
+  // tool call. This is deliberate: agent identity is a governance primitive,
+  // and letting the LLM pick its own agent_id based on prompt context (e.g.
+  // it sees "smoke test" and picks "claude-mcp-smoketest") breaks attribution
+  // and lets a single misbehaving prompt impersonate a different agent. The
+  // input.agent_id field is preserved only as a last-resort fallback for
+  // configurations that intentionally run without a server-level default.
+  const agentId = (input) => client.agentId || input.agent_id;
   return {
     async dashclaw_optimal_files_preview(input) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dashclaw/mcp-server",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "MCP server for DashClaw governance — guard, record, invoke, and discover capabilities.",
   "type": "module",
   "bin": {