@harness-fe/mcp-server 3.4.1 → 4.0.0-next.2

package/dist/mcp.js

@@ -9,6 +9,7 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
 import { COMMAND, PROTOCOL_VERSION, clickArgsSchema, evaluateArgsSchema, navigateArgsSchema, reloadArgsSchema, screenshotArgsSchema, scrollArgsSchema, setHtmlArgsSchema, setStyleArgsSchema, selectorSchema, typeArgsSchema, waitForArgsSchema, } from '@harness-fe/protocol';
+import { canSee, identifyPrincipal } from './identity.js';
 import { RemoteBridge } from './remoteBridge.js';
 import { buildVisitorTimeline } from './visitorTimeline.js';
 import { createReplayExport } from './replayCreate.js';
@@ -47,7 +48,7 @@ export function createMcpServer(bridge, options = {}) {
         name: SERVER_NAME,
         version: PROTOCOL_VERSION,
     });
-    registerTools(server, bridge);
+    registerTools(server, bridge, options.auth);
     // Experimental tools are on by default. They only get gated when the host
     // supplies an env-var name to key off; see experimentalEnabled().
     if (experimentalEnabled(options.experimentalEnvVar)) {
@@ -58,7 +59,7 @@ export function createMcpServer(bridge, options = {}) {
     const leaderStore = bridge.store;
     if (leaderStore != null) {
         const memoryStore = bridge.getMemoryStore();
-        registerStoreTools(server, leaderStore, memoryStore, bridge);
+        registerStoreTools(server, leaderStore, memoryStore, bridge, options.auth);
     }
     else if (bridge instanceof RemoteBridge) {
         registerRemoteStoreTools(server, bridge);
@@ -87,7 +88,7 @@ function err(message) {
         isError: true,
     };
 }
-function registerTools(server, bridge) {
+function registerTools(server, bridge, auth) {
     server.registerTool(COMMAND.PAGE_CLICK, {
         description: 'Click on a DOM element resolved by the selector.',
         inputSchema: {
@@ -452,83 +453,81 @@ function registerTools(server, bridge) {
         return ok(out);
     });
     // ─── tasks.* tools (user annotations submitted from page) ─────────────
-    // TODO: temporarily hidden — re-enable when the report feature is ready.
-    // To re-enable: remove the `if (false)` wrapper below and restore the block.
-    /* eslint-disable no-constant-condition */
-    if (false) {
-        const taskStatusEnum = z.enum(['pending', 'claimed', 'resolved', 'all']);
-        server.registerTool(COMMAND.TASKS_PENDING, {
-            description: 'List user-submitted annotation tasks. Default `status="pending"`. Returns id/question/selector/url — call tasks.claim to fetch full element payload.',
-            inputSchema: {
-                status: taskStatusEnum.optional(),
-                limit: z.number().int().positive().optional(),
-            },
-        }, async ({ status, limit }) => {
-            const tasks = await bridge.listTasks({ status: status ?? 'pending', limit });
-            const summary = tasks.map((t) => ({
-                id: t.id,
-                status: t.status,
-                question: t.question,
-                selector: t.selector,
-                url: t.url,
-                tabId: t.tabId,
-                createdAt: t.createdAt,
-                claimedAt: t.claimedAt,
-                resolvedAt: t.resolvedAt,
-                note: t.note,
-            }));
-            return ok({ count: summary.length, tasks: summary });
-        });
-        server.registerTool(COMMAND.TASKS_CLAIM, {
-            description: 'Claim a task by id. Marks it claimed, returns full payload (selector + element outerHTML + rect).',
-            inputSchema: {
-                taskId: z.string(),
-            },
-        }, async ({ taskId }) => {
-            const task = await bridge.claimTask(taskId);
-            if (!task) {
-                throw new Error(`tasks.claim: no task with id "${taskId}"`);
-            }
-            return ok(task);
-        });
-        server.registerTool(COMMAND.TASKS_RESOLVE, {
-            description: 'Mark a task as resolved with an optional note. Use after addressing the user request.',
-            inputSchema: {
-                taskId: z.string(),
-                note: z.string().optional(),
-            },
-        }, async ({ taskId, note }) => {
-            const task = await bridge.resolveTask(taskId, note);
-            if (!task) {
-                throw new Error(`tasks.resolve: no task with id "${taskId}"`);
-            }
-            return ok({ ok: true, task });
-        });
-        server.registerTool('tasks.get_attachment', {
-            description: 'Return a task screenshot attachment as a vision-ready image block. ' +
-                'Call after tasks.claim when the task summary includes an attachment pointer. ' +
-                'Compatible with Claude vision and GPT-4V.',
-            inputSchema: {
-                taskId: z.string().describe('Task id (from tasks.pending or tasks.claim).'),
-                attachmentId: z.string().describe('Attachment id (from task.attachments[].id).'),
-            },
-        }, async ({ taskId, attachmentId }) => {
-            const base64 = await bridge.getTaskAttachmentData(taskId, attachmentId);
-            if (!base64) {
-                throw new Error(`tasks.get_attachment: attachment not found (taskId=${taskId}, attachmentId=${attachmentId})`);
-            }
-            return {
-                content: [
-                    {
-                        type: 'image',
-                        mimeType: 'image/png',
-                        data: base64,
-                    },
-                ],
-            };
-        });
-    }
-    /* eslint-enable no-constant-condition */
+    const taskStatusEnum = z.enum(['pending', 'claimed', 'resolved', 'all']);
+    server.registerTool(COMMAND.TASKS_PENDING, {
+        description: 'List user-submitted annotation tasks. Default `status="pending"`. Returns id/question/selector/url — call tasks.claim to fetch full element payload.',
+        inputSchema: {
+            status: taskStatusEnum.optional(),
+            limit: z.number().int().positive().optional(),
+        },
+    }, async ({ status, limit }, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const tasks = (await bridge.listTasks({ status: status ?? 'pending', limit }))
+            .filter((t) => canSee(principal, t.createdBy));
+        const summary = tasks.map((t) => ({
+            id: t.id,
+            status: t.status,
+            question: t.question,
+            selector: t.selector,
+            url: t.url,
+            tabId: t.tabId,
+            createdAt: t.createdAt,
+            claimedAt: t.claimedAt,
+            resolvedAt: t.resolvedAt,
+            note: t.note,
+        }));
+        return ok({ count: summary.length, tasks: summary });
+    });
+    server.registerTool(COMMAND.TASKS_CLAIM, {
+        description: 'Claim a task by id. Marks it claimed, returns full payload (selector + element outerHTML + rect).',
+        inputSchema: {
+            taskId: z.string(),
+        },
+    }, async ({ taskId }, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const task = await bridge.claimTask(taskId, principal);
+        if (!task) {
+            throw new Error(`tasks.claim: no task with id "${taskId}"`);
+        }
+        return ok(task);
+    });
+    server.registerTool(COMMAND.TASKS_RESOLVE, {
+        description: 'Mark a task as resolved with an optional note. Use after addressing the user request.',
+        inputSchema: {
+            taskId: z.string(),
+            note: z.string().optional(),
+        },
+    }, async ({ taskId, note }, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const task = await bridge.resolveTask(taskId, note, principal);
+        if (!task) {
+            throw new Error(`tasks.resolve: no task with id "${taskId}"`);
+        }
+        return ok({ ok: true, task });
+    });
+    server.registerTool('tasks.get_attachment', {
+        description: 'Return a task screenshot attachment as a vision-ready image block. ' +
+            'Call after tasks.claim when the task summary includes an attachment pointer. ' +
+            'Compatible with Claude vision and GPT-4V.',
+        inputSchema: {
+            taskId: z.string().describe('Task id (from tasks.pending or tasks.claim).'),
+            attachmentId: z.string().describe('Attachment id (from task.attachments[].id).'),
+        },
+    }, async ({ taskId, attachmentId }) => {
+        const base64 = await bridge.getTaskAttachmentData(taskId, attachmentId);
+        if (!base64) {
+            throw new Error(`tasks.get_attachment: attachment not found (taskId=${taskId}, attachmentId=${attachmentId})`);
+        }
+        return {
+            content: [
+                {
+                    type: 'image',
+                    mimeType: 'image/png',
+                    data: base64,
+                },
+            ],
+        };
+    });
 }
 // ─── Experimental tools (gated by HARNESS_FE_EXPERIMENTAL) ────────────────────
 /**
@@ -550,15 +549,18 @@ function registerExperimentalTools(server, bridge) {
     void bridge;
 }
 // ─── Store tools (session history, timeline, memory) ──────────────────────────
-function registerStoreTools(server, store, memoryStore, bridge) {
+function registerStoreTools(server, store, memoryStore, bridge, auth) {
     server.registerTool('session.list', {
         description: 'List recent sessions for a project. Returns session IDs, start times, and status.',
         inputSchema: {
             projectId: z.string().describe('Project ID (package.json name)'),
             limit: z.number().int().positive().default(10).optional(),
         },
-    }, async ({ projectId, limit }) => {
-        const sessions = store.listSessions({ projectId, limit: limit ?? 10 });
+    }, async ({ projectId, limit }, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const sessions = store
+            .listSessions({ projectId, limit: limit ?? 10 })
+            .filter((s) => canSee(principal, s.createdBy));
         return ok(sessions);
     });
     server.registerTool('session.summary', {
@@ -627,11 +629,14 @@ function registerStoreTools(server, store, memoryStore, bridge) {
     server.registerTool('project.sessions', {
         description: 'List all projects with their most recent session info.',
         inputSchema: {},
-    }, async () => {
-        const projects = store.listProjects();
+    }, async (_args, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const projects = store.listProjects().filter((p) => canSee(principal, p.createdBy));
         const result = projects.map((p) => ({
             ...p,
-            recentSessions: store.listSessions({ projectId: p.id, limit: 3 }),
+            recentSessions: store
+                .listSessions({ projectId: p.id, limit: 3 })
+                .filter((s) => canSee(principal, s.createdBy)),
         }));
         return ok(result);
     });

package/dist/mcpHttp.js

@@ -21,7 +21,13 @@ export async function startMcpHttpServer(bridge, opts = {}) {
     const eventStore = opts.eventStore === null
         ? undefined
         : opts.eventStore ?? new MemoryEventStore();
-    const server = createMcpServer(bridge, { experimentalEnvVar: opts.experimentalEnvVar });
+    // Pass the daemon's auth so MCP tools can identify the per-call principal
+    // from request headers (4.0 · P4). stdio (startMcpStdioServer) omits this,
+    // so stdio calls resolve to the local principal.
+    const server = createMcpServer(bridge, {
+        experimentalEnvVar: opts.experimentalEnvVar,
+        auth: bridge.getAuthOptions(),
+    });
     const transport = new StreamableHTTPServerTransport({
         sessionIdGenerator: stateful ? () => randomUUID() : undefined,
         eventStore,

package/dist/sessionRouter.d.ts

@@ -8,10 +8,13 @@
  * Caller can override via explicit tabId on every command.
  */
 import type { PeerRole, TabInfo } from '@harness-fe/protocol';
+import type { Principal } from './identity.js';
 export interface PeerSession {
     role: PeerRole;
     projectId: string;
     tabId?: string;
+    /** Caller identity behind this connection (4.0 · P1). Defaults to `local`. */
+    principal?: Principal;
     /** Runtime-client only: identifies the page load (sessionId) this connection belongs to. */
     sessionId?: string;
     /** Runtime-client only: stable per-browser visitor identifier. */

package/dist/store/JsonlStore.js

@@ -401,6 +401,8 @@ export class JsonlStore {
             ...existing,
             ...meta,
             id: sessionId,
+            // Write-once: first principal to open the session owns it.
+            createdBy: existing?.createdBy ?? meta.createdBy,
         };
         // Reset participants — we'll rebuild via dedup loop below
         merged.participants = [];
@@ -552,6 +554,8 @@ export class JsonlStore {
             id: projectId,
             createdAt: existing?.createdAt ?? Date.now(),
             lastActiveAt: Date.now(),
+            // Write-once: the first principal to create the project owns it.
+            createdBy: existing?.createdBy ?? patch.createdBy,
         };
         enforceExtensionBudget(merged, `project ${projectId}`);
         writeJson(metaPath, merged);

package/dist/store/types.d.ts

@@ -63,6 +63,12 @@ export interface ProjectMeta {
     parentProjectId?: string;
     displayName?: string;
     tags?: string[];
+    /**
+     * Caller-identity tag (4.0 · P1): principal id that first created this
+     * project. Write-once (locked on creation like `createdAt`); informational
+     * in P1, the basis for `project → agent` routing/isolation in P3.
+     */
+    createdBy?: string;
     metadata?: Record<string, unknown>;
 }
 /**
@@ -140,6 +146,11 @@ export interface SessionMeta {
         };
         storageTruncated?: boolean;
     };
+    /**
+     * Caller-identity tag (4.0 · P1): principal id of the connection that
+     * opened this session. Write-once. Informational in P1.
+     */
+    createdBy?: string;
     metadata?: Record<string, unknown>;
 }
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@harness-fe/mcp-server",
-  "version": "3.4.1",
+  "version": "4.0.0-next.2",
   "description": "Unified MCP daemon: stdio MCP for AI agents + WS bridge for Vite plugin and runtime client.",
   "type": "module",
   "license": "MIT",
@@ -39,7 +39,7 @@
     "ws": "^8.18.0",
     "zod": "^4.4.3",
     "@harness-fe/dashboard-ui": "0.2.0",
-    "@harness-fe/protocol": "3.2.0"
+    "@harness-fe/protocol": "4.0.0-next.0"
   },
   "devDependencies": {
     "@types/ws": "^8.5.10",

package/src/bridge.ts

@@ -18,10 +18,12 @@ import { networkInterfaces } from 'node:os';
 import {
     DEFAULT_LOGIN_PATH,
     handleLoginPost,
+    isAuthEnabled,
     isAuthorized,
     sendUnauthorized,
     type AuthOptions,
 } from './auth.js';
+import { LOCAL_PRINCIPAL, resolvePrincipal, type Principal } from './identity.js';
 import { join as joinPath } from 'node:path';
 import { homedir } from 'node:os';
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
@@ -29,6 +31,7 @@ import {
     DEFAULT_WS_PORT,
     EVENT_NAME,
     PROTOCOL_VERSION,
+    type ConsentPolicy,
     isLoopbackHost,
     pageLoadPayloadSchema,
     rrwebChunkPayloadSchema,
@@ -79,8 +82,8 @@ export interface IBridge {
     ): Promise<unknown>;
     listTabs(): Promise<TabInfo[]>;
     listTasks(filter?: { status?: TaskStatus | 'all'; limit?: number }): Promise<Task[]>;
-    claimTask(id: string): Promise<Task | undefined>;
-    resolveTask(id: string, note?: string): Promise<Task | undefined>;
+    claimTask(id: string, principal?: Principal): Promise<Task | undefined>;
+    resolveTask(id: string, note?: string, principal?: Principal): Promise<Task | undefined>;
     getMemoryStore(): IMemoryStore;
     /**
      * Base URL (e.g. http://127.0.0.1:47729) where the replay viewer is reachable.
@@ -139,6 +142,13 @@ export interface BridgeOptions {
      * token disables auth (only valid when bound to a loopback host).
      */
     auth?: AuthOptions;
+    /**
+     * Browser-consent policy for control commands (4.0 · P2). When omitted it
+     * defaults to `session` while auth is enabled (non-loopback / exposed) and
+     * `off` on loopback — so solo dev keeps its zero-friction flow and any
+     * exposed daemon prompts the user before an agent drives the page.
+     */
+    consent?: ConsentPolicy;
     /**
      * Override the host used when building outbound URLs (dashboard links,
      * replay viewer URLs). When omitted and `host` is `0.0.0.0` / `::`, the
@@ -221,8 +231,10 @@ export class Bridge implements IBridge {
     private pending = new Map<string, PendingCommand>();
     private eventListeners = new Set<EventListener>();
     private tasks = new Map<string, Task>();
-    private opts: Required<Omit<BridgeOptions, 'store' | 'taskStore' | 'memoryStore' | 'autoPurge' | 'attachmentsDataDir' | 'auth' | 'publicHost' | 'dataDir' | 'label'>>;
+    private opts: Required<Omit<BridgeOptions, 'store' | 'taskStore' | 'memoryStore' | 'autoPurge' | 'attachmentsDataDir' | 'auth' | 'consent' | 'publicHost' | 'dataDir' | 'label'>>;
     private auth: AuthOptions;
+    /** Browser-consent policy pushed to runtime clients in hello.ack (4.0 · P2). */
+    private readonly consentPolicy: ConsentPolicy;
     private publicHostOverride: string | undefined;
     private readonly attachDataDir: string;
     private autoPurgeOpts: Required<NonNullable<BridgeOptions['autoPurge']>>;
@@ -233,6 +245,15 @@ export class Bridge implements IBridge {
      * or sessionId (for runtime-client connections).
      */
     private connToStoreId = new Map<string, string>();
+    /** Caller identity per connection (4.0 · P1). Resolved at WS upgrade. */
+    private connToPrincipal = new Map<string, Principal>();
+    /**
+     * Identity attributed to MCP-driven writes (task claim/resolve). The MCP
+     * tool layer is a daemon-wide singleton today with no per-call caller
+     * context, so stdio/HTTP agents collapse to one principal. P4 (per-session
+     * MCP transport) replaces this with the real per-call principal.
+     */
+    private readonly defaultPrincipal: Principal = LOCAL_PRINCIPAL;
     /** Connections that already logged a "no store session" warning. */
     private warnedNoSession = new Set<string>();
     /**
@@ -273,6 +294,12 @@ export class Bridge implements IBridge {
             host: opts.host ?? '127.0.0.1',
         };
         this.auth = opts.auth ?? {};
+        // Consent defaults track the auth boundary: exposed (auth on) ⇒ prompt
+        // once per session; loopback solo (auth off) ⇒ no prompts. Explicit
+        // opts.consent always wins.
+        this.consentPolicy = opts.consent ?? {
+            mode: isAuthEnabled(this.auth) ? 'session' : 'off',
+        };
         this.publicHostOverride = opts.publicHost;
         // Default auto-purge ON. CI / tests pass `enabled: false` (or set
         // env HARNESS_FE_PURGE_DISABLED=1) to opt out.
@@ -440,7 +467,7 @@ export class Bridge implements IBridge {
             });
 
             const wss = new WebSocketServer({ noServer: true });
-            wss.on('connection', (ws) => this.onConnection(ws));
+            wss.on('connection', (ws, req: IncomingMessage) => this.onConnection(ws, req));
 
             httpServer.on('upgrade', (req, socket, head) => {
                 if (!isAuthorized(req, this.auth)) {
@@ -560,6 +587,11 @@ export class Bridge implements IBridge {
         return this.auth.token;
     }
 
+    /** Daemon auth options — used by the MCP layer to identify the per-call principal (4.0 · P4). */
+    getAuthOptions(): AuthOptions {
+        return this.auth;
+    }
+
     /**
      * Broadcast a `dashboard.update` frame to every subscribed dashboard SPA.
      *
@@ -740,11 +772,15 @@ export class Bridge implements IBridge {
         return filtered.slice(0, limit);
     }
 
-    async claimTask(id: string): Promise<Task | undefined> {
+    async claimTask(id: string, principal?: Principal): Promise<Task | undefined> {
         const task = this.tasks.get(id);
         if (!task) return undefined;
         task.status = 'claimed';
         task.claimedAt = Date.now();
+        // Tag which agent picked it up (4.0 · P1/P4). The per-call principal
+        // (HTTP MCP, resolved from request headers) wins; stdio / no-caller
+        // falls back to the daemon's local principal.
+        task.agentId = (principal ?? this.defaultPrincipal).id;
         this.persistTasks();
         // Persist status change to store
         this.persistTaskEvent(task, 'task:claim');
@@ -757,12 +793,13 @@ export class Bridge implements IBridge {
         return this.readTaskAttachment(task.projectId, taskId, attachmentId);
     }
 
-    async resolveTask(id: string, note?: string): Promise<Task | undefined> {
+    async resolveTask(id: string, note?: string, principal?: Principal): Promise<Task | undefined> {
         const task = this.tasks.get(id);
         if (!task) return undefined;
         task.status = 'resolved';
         task.resolvedAt = Date.now();
         if (note !== undefined) task.note = note;
+        if (!task.agentId) task.agentId = (principal ?? this.defaultPrincipal).id;
         this.persistTasks();
         // Persist status change to store
         this.persistTaskEvent(task, 'task:resolve');
@@ -1036,9 +1073,16 @@ export class Bridge implements IBridge {
         return false;
     }
 
-    private onConnection(ws: WebSocket): void {
+    private onConnection(ws: WebSocket, req?: IncomingMessage): void {
         const connectionId = randomUUID();
         this.sockets.set(connectionId, ws);
+        // Resolve caller identity once at connection time (4.0 · P1). The
+        // upgrade handler already enforced isAuthorized, so resolvePrincipal
+        // won't reject here; fall back to LOCAL for the loopback / no-req path.
+        this.connToPrincipal.set(
+            connectionId,
+            (req && resolvePrincipal(req, this.auth)) || LOCAL_PRINCIPAL,
+        );
 
         ws.on('message', (raw) => {
             let parsed: unknown;
@@ -1096,6 +1140,7 @@ export class Bridge implements IBridge {
                 }
             }
             this.router.unregister(connectionId);
+            this.connToPrincipal.delete(connectionId);
         });
 
         ws.on('error', () => {
@@ -1145,6 +1190,7 @@ export class Bridge implements IBridge {
                 // absent. The runtime-client branch below opens its own store
                 // session if one does not already exist for this project.
 
+                const principal = this.connToPrincipal.get(connectionId) ?? LOCAL_PRINCIPAL;
                 const session = this.router.register({
                     role: frame.role,
                     projectId: frame.projectId,
@@ -1154,6 +1200,7 @@ export class Bridge implements IBridge {
                     userId: frame.userId,
                     connectionId,
                     page: frame.page,
+                    principal,
                 });
                 // Persist to store
                 if (this.store) {
@@ -1167,6 +1214,7 @@ export class Bridge implements IBridge {
                             this.store.upsertProject(frame.projectId, {
                                 parentProjectId: frame.parentProjectId,
                                 displayName: frame.displayName,
+                                createdBy: principal.id,
                             });
                         } catch (err) {
                             // Cycle detection or other validation failure —
@@ -1244,6 +1292,7 @@ export class Bridge implements IBridge {
                             referrer: undefined,
                             userAgent: frame.page?.userAgent,
                             participants,
+                            createdBy: principal.id,
                         });
                         this.connToStoreId.set(connectionId, sessionId);
                         this.notifyDashboard({
@@ -1286,6 +1335,7 @@ export class Bridge implements IBridge {
                     id: frame.id,
                     tabId: session.tabId,
                     serverVersion: PROTOCOL_VERSION,
+                    consent: this.consentPolicy,
                 };
                 ws.send(JSON.stringify(ack));
                 // One concise line per accepted peer. Visibility for "is the

package/src/daemon.ts

@@ -25,6 +25,8 @@
 
 import type { IncomingMessage } from 'node:http';
 
+import type { ConsentPolicy } from '@harness-fe/protocol';
+
 import { Bridge } from './bridge.js';
 import { startMcpHttpServer } from './mcpHttp.js';
 import type { EventStore, IStore } from './store/types.js';
@@ -60,6 +62,12 @@ export interface DaemonOptions {
      * flows through here. Mutually exclusive with `authorize`.
      */
     token?: string;
+    /**
+     * Browser-consent policy for control commands (4.0 · P2). Omit to track the
+     * auth boundary automatically: `session` when auth is on (exposed daemon),
+     * `off` on loopback solo dev. Pass `{ mode }` to force a policy.
+     */
+    consent?: ConsentPolicy;
     /**
      * IStore implementation. Omit for the default JSONL store at `dataDir`.
      * Pass `null` to disable session/event persistence entirely.
@@ -150,6 +158,7 @@ export function createDaemon(opts: DaemonOptions = {}): DaemonHandle {
         dataDir: opts.dataDir,
         label: opts.label,
         auth,
+        consent: opts.consent,
     });
 
     let mcpHandle: Awaited<ReturnType<typeof startMcpHttpServer>> | undefined;