@grackle-ai/mcp 0.133.0 → 0.134.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -327,7 +327,7 @@ Scoped tokens also enforce workspace isolation — agents can only see tasks wit
|
|
|
327
327
|
|
|
328
328
|
### Cross-Task / Cross-Session Authorization
|
|
329
329
|
|
|
330
|
-
Beyond the per-persona allowlist, tools that target a specific task or session are authorized centrally and **fail closed** for scoped (agent) callers: a non-root agent may only act on its **own descendant** tasks/sessions. This covers the mutating tools (`task_update`, `task_delete`, `task_resume`, `task_complete`, `task_start`, `session_kill`, `session_resume`, `session_attach`, `session_send_input`) — an agent cannot delete a sibling's task or kill another agent's session even if it learns the ID. Read tools that resolve a record by ID (`task_show`, `schedule_show`) are gated by workspace membership; a caller with no workspace may read only workspaceless records. The root/system task (the central orchestrator) is exempt. When a task
|
|
330
|
+
Beyond the per-persona allowlist, tools that target a specific task or session are authorized centrally and **fail closed** for scoped (agent) callers: a non-root agent may only act on its **own descendant** tasks/sessions. This covers the mutating tools (`task_update`, `task_delete`, `task_resume`, `task_complete`, `task_start`, `session_kill`, `session_resume`, `session_attach`, `session_send_input`) — an agent cannot delete a sibling's task or kill another agent's session even if it learns the ID. Read tools that resolve a record by ID (`task_show`, `schedule_show`) are gated by workspace membership; a caller with no workspace may read only workspaceless records. The root/system task (the central orchestrator) is exempt. When a task is **deleted**, its scoped tokens are revoked; complete/stop do not revoke (the task can be resumed and resume reuses the original token), so those tokens expire via their TTL.
|
|
331
331
|
|
|
332
332
|
## Requirements
|
|
333
333
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@grackle-ai/mcp",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.134.0",
|
|
4
4
|
"description": "MCP (Model Context Protocol) server for Grackle — translates MCP tool calls to ConnectRPC",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"repository": {
|
|
@@ -38,8 +38,8 @@
|
|
|
38
38
|
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
39
39
|
"pino": "^10.3.1",
|
|
40
40
|
"zod": "^4.3.0",
|
|
41
|
-
"@grackle-ai/auth": "0.
|
|
42
|
-
"@grackle-ai/common": "0.
|
|
41
|
+
"@grackle-ai/auth": "0.134.0",
|
|
42
|
+
"@grackle-ai/common": "0.134.0"
|
|
43
43
|
},
|
|
44
44
|
"devDependencies": {
|
|
45
45
|
"@rushstack/heft": "1.2.7",
|