npm - @harness-fe/mcp-server - Versions diffs - 4.0.0-next.1 → 4.0.0-next.2 - Mend

@harness-fe/mcp-server 4.0.0-next.1 → 4.0.0-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/identity.d.ts CHANGED Viewed

@@ -71,4 +71,20 @@ type HeaderBag = Record<string, string | string[] | undefined>;
  * - token mode → token principal from the Authorization header (LOCAL if absent)
  */
 export declare function identifyPrincipal(headers: HeaderBag | undefined, opts: AuthOptions): Principal;
+/**
+ * Tenant-isolation visibility check (4.0 · P3). Decides whether `principal`
+ * may see a record tagged with `createdBy`.
+ *
+ * - `local` (loopback / stdio solo / no-auth) → sees everything. This keeps
+ *   solo dev's behaviour completely unchanged.
+ * - unowned data (`createdBy` null/undefined — legacy rows from before P1, or
+ *   records the daemon never tagged) → visible to everyone (backward compat).
+ * - otherwise → visible only to the principal that created it.
+ *
+ * Note: in the current single-token / loopback reality the data creator
+ * (plugin / runtime client) and the querying agent share one principal, so
+ * this is exact. A full `project → agent` binding (creator ≠ consumer, once
+ * P6 splits write/read scopes) is deferred to P6.
+ */
+export declare function canSee(principal: Principal, createdBy: string | null | undefined): boolean;
 export {};

package/dist/identity.js CHANGED Viewed

@@ -99,3 +99,25 @@ export function identifyPrincipal(headers, opts) {
     const token = bearerFromHeaders(headers);
     return token ? { id: tokenPrincipalId(token), kind: 'token' } : LOCAL_PRINCIPAL;
 }
+/**
+ * Tenant-isolation visibility check (4.0 · P3). Decides whether `principal`
+ * may see a record tagged with `createdBy`.
+ *
+ * - `local` (loopback / stdio solo / no-auth) → sees everything. This keeps
+ *   solo dev's behaviour completely unchanged.
+ * - unowned data (`createdBy` null/undefined — legacy rows from before P1, or
+ *   records the daemon never tagged) → visible to everyone (backward compat).
+ * - otherwise → visible only to the principal that created it.
+ *
+ * Note: in the current single-token / loopback reality the data creator
+ * (plugin / runtime client) and the querying agent share one principal, so
+ * this is exact. A full `project → agent` binding (creator ≠ consumer, once
+ * P6 splits write/read scopes) is deferred to P6.
+ */
+export function canSee(principal, createdBy) {
+    if (principal.kind === 'local')
+        return true;
+    if (createdBy == null)
+        return true;
+    return createdBy === principal.id;
+}

package/dist/mcp.js CHANGED Viewed

@@ -9,7 +9,7 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
 import { COMMAND, PROTOCOL_VERSION, clickArgsSchema, evaluateArgsSchema, navigateArgsSchema, reloadArgsSchema, screenshotArgsSchema, scrollArgsSchema, setHtmlArgsSchema, setStyleArgsSchema, selectorSchema, typeArgsSchema, waitForArgsSchema, } from '@harness-fe/protocol';
-import { identifyPrincipal } from './identity.js';
+import { canSee, identifyPrincipal } from './identity.js';
 import { RemoteBridge } from './remoteBridge.js';
 import { buildVisitorTimeline } from './visitorTimeline.js';
 import { createReplayExport } from './replayCreate.js';
@@ -59,7 +59,7 @@ export function createMcpServer(bridge, options = {}) {
     const leaderStore = bridge.store;
     if (leaderStore != null) {
         const memoryStore = bridge.getMemoryStore();
-        registerStoreTools(server, leaderStore, memoryStore, bridge);
+        registerStoreTools(server, leaderStore, memoryStore, bridge, options.auth);
     }
     else if (bridge instanceof RemoteBridge) {
         registerRemoteStoreTools(server, bridge);
@@ -460,8 +460,10 @@ function registerTools(server, bridge, auth) {
             status: taskStatusEnum.optional(),
             limit: z.number().int().positive().optional(),
         },
-    }, async ({ status, limit }) => {
-        const tasks = await bridge.listTasks({ status: status ?? 'pending', limit });
+    }, async ({ status, limit }, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const tasks = (await bridge.listTasks({ status: status ?? 'pending', limit }))
+            .filter((t) => canSee(principal, t.createdBy));
         const summary = tasks.map((t) => ({
             id: t.id,
             status: t.status,
@@ -547,15 +549,18 @@ function registerExperimentalTools(server, bridge) {
     void bridge;
 }
 // ─── Store tools (session history, timeline, memory) ──────────────────────────
-function registerStoreTools(server, store, memoryStore, bridge) {
+function registerStoreTools(server, store, memoryStore, bridge, auth) {
     server.registerTool('session.list', {
         description: 'List recent sessions for a project. Returns session IDs, start times, and status.',
         inputSchema: {
             projectId: z.string().describe('Project ID (package.json name)'),
             limit: z.number().int().positive().default(10).optional(),
         },
-    }, async ({ projectId, limit }) => {
-        const sessions = store.listSessions({ projectId, limit: limit ?? 10 });
+    }, async ({ projectId, limit }, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const sessions = store
+            .listSessions({ projectId, limit: limit ?? 10 })
+            .filter((s) => canSee(principal, s.createdBy));
         return ok(sessions);
     });
     server.registerTool('session.summary', {
@@ -624,11 +629,14 @@ function registerStoreTools(server, store, memoryStore, bridge) {
     server.registerTool('project.sessions', {
         description: 'List all projects with their most recent session info.',
         inputSchema: {},
-    }, async () => {
-        const projects = store.listProjects();
+    }, async (_args, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const projects = store.listProjects().filter((p) => canSee(principal, p.createdBy));
         const result = projects.map((p) => ({
             ...p,
-            recentSessions: store.listSessions({ projectId: p.id, limit: 3 }),
+            recentSessions: store
+                .listSessions({ projectId: p.id, limit: 3 })
+                .filter((s) => canSee(principal, s.createdBy)),
         }));
         return ok(result);
     });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@harness-fe/mcp-server",
-  "version": "4.0.0-next.1",
+  "version": "4.0.0-next.2",
   "description": "Unified MCP daemon: stdio MCP for AI agents + WS bridge for Vite plugin and runtime client.",
   "type": "module",
   "license": "MIT",

package/src/identity.test.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import type { IncomingMessage } from 'node:http';
 import {
     HOST_PRINCIPAL,
     LOCAL_PRINCIPAL,
+    canSee,
     identifyPrincipal,
     resolvePrincipal,
     tokenPrincipalId,
@@ -84,3 +85,25 @@ describe('identity: identifyPrincipal (P4 — identify, not authorize)', () => {
         expect(identifyPrincipal({ authorization: 'Bearer x' }, { authorize: () => true })).toBe(HOST_PRINCIPAL);
     });
 });
+describe('identity: canSee (P3 tenant visibility)', () => {
+    const tokenA = { id: 'token:aaa', kind: 'token' as const };
+    const tokenB = { id: 'token:bbb', kind: 'token' as const };
+    it('local sees everything (zero behaviour change for solo dev)', () => {
+        expect(canSee(LOCAL_PRINCIPAL, 'token:aaa')).toBe(true);
+        expect(canSee(LOCAL_PRINCIPAL, undefined)).toBe(true);
+        expect(canSee(LOCAL_PRINCIPAL, null)).toBe(true);
+    });
+    it('unowned data (no createdBy) is visible to everyone', () => {
+        expect(canSee(tokenA, undefined)).toBe(true);
+        expect(canSee(tokenA, null)).toBe(true);
+    });
+    it('named principal sees only its own owned data', () => {
+        expect(canSee(tokenA, 'token:aaa')).toBe(true);
+        expect(canSee(tokenA, 'token:bbb')).toBe(false);
+        expect(canSee(tokenB, 'token:aaa')).toBe(false);
+    });
+});

package/src/identity.ts CHANGED Viewed

@@ -114,3 +114,24 @@ export function identifyPrincipal(headers: HeaderBag | undefined, opts: AuthOpti
     const token = bearerFromHeaders(headers);
     return token ? { id: tokenPrincipalId(token), kind: 'token' } : LOCAL_PRINCIPAL;
 }
+/**
+ * Tenant-isolation visibility check (4.0 · P3). Decides whether `principal`
+ * may see a record tagged with `createdBy`.
+ *
+ * - `local` (loopback / stdio solo / no-auth) → sees everything. This keeps
+ *   solo dev's behaviour completely unchanged.
+ * - unowned data (`createdBy` null/undefined — legacy rows from before P1, or
+ *   records the daemon never tagged) → visible to everyone (backward compat).
+ * - otherwise → visible only to the principal that created it.
+ *
+ * Note: in the current single-token / loopback reality the data creator
+ * (plugin / runtime client) and the querying agent share one principal, so
+ * this is exact. A full `project → agent` binding (creator ≠ consumer, once
+ * P6 splits write/read scopes) is deferred to P6.
+ */
+export function canSee(principal: Principal, createdBy: string | null | undefined): boolean {
+    if (principal.kind === 'local') return true;
+    if (createdBy == null) return true;
+    return createdBy === principal.id;
+}

package/src/mcp.ts CHANGED Viewed

@@ -27,7 +27,7 @@ import {
 import type { IBridge } from './bridge.js';
 import type { Bridge } from './bridge.js';
 import type { AuthOptions } from './auth.js';
-import { identifyPrincipal } from './identity.js';
+import { canSee, identifyPrincipal } from './identity.js';
 import { RemoteBridge } from './remoteBridge.js';
 import type { IStore, IMemoryStore } from './store/index.js';
 import { buildVisitorTimeline } from './visitorTimeline.js';
@@ -102,7 +102,7 @@ export function createMcpServer(bridge: IBridge, options: McpServerOptions = {})
     const leaderStore = (bridge as Bridge).store;
     if (leaderStore != null) {
         const memoryStore = bridge.getMemoryStore();
-        registerStoreTools(server, leaderStore, memoryStore, bridge);
+        registerStoreTools(server, leaderStore, memoryStore, bridge, options.auth);
     } else if (bridge instanceof RemoteBridge) {
         registerRemoteStoreTools(server, bridge);
     }
@@ -750,8 +750,10 @@ function registerTools(server: McpServer, bridge: IBridge, auth?: AuthOptions):
                 limit: z.number().int().positive().optional(),
             },
         },
-        async ({ status, limit }) => {
-            const tasks = await bridge.listTasks({ status: status ?? 'pending', limit });
+        async ({ status, limit }, extra) => {
+            const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+            const tasks = (await bridge.listTasks({ status: status ?? 'pending', limit }))
+                .filter((t) => canSee(principal, t.createdBy));
             const summary = tasks.map((t) => ({
                 id: t.id,
                 status: t.status,
@@ -865,7 +867,7 @@ function registerExperimentalTools(server: McpServer, bridge: IBridge): void {
 // ─── Store tools (session history, timeline, memory) ──────────────────────────
-function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemoryStore, bridge: IBridge): void {
+function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemoryStore, bridge: IBridge, auth?: AuthOptions): void {
     server.registerTool(
         'session.list',
         {
@@ -875,8 +877,11 @@ function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemo
                 limit: z.number().int().positive().default(10).optional(),
             },
         },
-        async ({ projectId, limit }) => {
-            const sessions = store.listSessions({ projectId, limit: limit ?? 10 });
+        async ({ projectId, limit }, extra) => {
+            const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+            const sessions = store
+                .listSessions({ projectId, limit: limit ?? 10 })
+                .filter((s) => canSee(principal, s.createdBy));
             return ok(sessions);
         },
     );
@@ -963,11 +968,14 @@ function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemo
             description: 'List all projects with their most recent session info.',
             inputSchema: {},
         },
-        async () => {
-            const projects = store.listProjects();
+        async (_args, extra) => {
+            const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+            const projects = store.listProjects().filter((p) => canSee(principal, p.createdBy));
             const result = projects.map((p) => ({
                 ...p,
-                recentSessions: store.listSessions({ projectId: p.id, limit: 3 }),
+                recentSessions: store
+                    .listSessions({ projectId: p.id, limit: 3 })
+                    .filter((s) => canSee(principal, s.createdBy)),
             }));
             return ok(result);
         },