@harness-fe/mcp-server 4.0.0-next.1 → 4.0.0-next.3

package/dist/bin.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/bin.js

@@ -0,0 +1,15 @@
+#!/usr/bin/env node
+/**
+ * Compat shim: the `harness-fe` CLI moved to @harness-fe/dev-cli when the
+ * monolith was split (daemon / mcp-server / dev-cli). We keep this bin so the
+ * old `npx @harness-fe/mcp-server` keeps working, but forward to dev-cli via
+ * npx at runtime — a static dependency would create an mcp-server ↔ dev-cli
+ * cycle (dev-cli already depends on mcp-server).
+ */
+import { spawnSync } from 'node:child_process';
+process.stderr.write('[harness-fe] The CLI moved to @harness-fe/dev-cli; forwarding. ' +
+    'Run `npx @harness-fe/dev-cli` directly to skip this hop.\n');
+const result = spawnSync('npx', ['-y', '@harness-fe/dev-cli', ...process.argv.slice(2)], {
+    stdio: 'inherit',
+});
+process.exit(result.status ?? 0);

package/dist/daemon.d.ts

@@ -24,9 +24,9 @@
  */
 import type { IncomingMessage } from 'node:http';
 import type { ConsentPolicy } from '@harness-fe/protocol';
-import { Bridge } from './bridge.js';
-import type { EventStore, IStore } from './store/types.js';
-import type { ITaskStore, IMemoryStore } from './store/types.js';
+import { Bridge } from '@harness-fe/daemon';
+import type { EventStore, IStore } from '@harness-fe/daemon';
+import type { ITaskStore, IMemoryStore } from '@harness-fe/daemon';
 export interface DaemonOptions {
     /** TCP port to listen on. Default `DEFAULT_WS_PORT` (see protocol). */
     port?: number;

package/dist/daemon.js

@@ -22,7 +22,7 @@
  * follower attachment, banner, signal handlers) stays in `cli.ts` —
  * not pushed into the factory.
  */
-import { Bridge } from './bridge.js';
+import { Bridge } from '@harness-fe/daemon';
 import { startMcpHttpServer } from './mcpHttp.js';
 export function createDaemon(opts = {}) {
     const mcpPath = opts.mcpPath ?? '/mcp';

package/dist/index.d.ts

@@ -1,7 +1,7 @@
-export { Bridge, defaultDataDir, type BridgeOptions } from './bridge.js';
+export { Bridge, defaultDataDir, type BridgeOptions } from '@harness-fe/daemon';
 export { createDaemon, type DaemonOptions, type DaemonHandle } from './daemon.js';
-export { SessionRouter, type PeerSession } from './sessionRouter.js';
+export { SessionRouter, type PeerSession } from '@harness-fe/daemon';
 export { startMcpStdioServer, createMcpServer, experimentalEnabled, type McpServerOptions, } from './mcp.js';
 export { startMcpHttpServer, type McpHttpOptions, type McpHttpHandle } from './mcpHttp.js';
-export { JsonlStore, JsonTaskStore, JsonMemoryStore, MemoryEventStore, sanitizeId, type MemoryEventStoreOptions, } from './store/index.js';
-export type { IStore, ITaskStore, IMemoryStore, EventStore, EventId, StreamId, ProjectMeta, ProjectTreeNode, BuildMeta, SessionMeta, TabMeta, } from './store/index.js';
+export { JsonlStore, JsonTaskStore, JsonMemoryStore, MemoryEventStore, sanitizeId, type MemoryEventStoreOptions, } from '@harness-fe/daemon';
+export type { IStore, ITaskStore, IMemoryStore, EventStore, EventId, StreamId, ProjectMeta, ProjectTreeNode, BuildMeta, SessionMeta, TabMeta, } from '@harness-fe/daemon';

package/dist/index.js

@@ -1,6 +1,6 @@
-export { Bridge, defaultDataDir } from './bridge.js';
+export { Bridge, defaultDataDir } from '@harness-fe/daemon';
 export { createDaemon } from './daemon.js';
-export { SessionRouter } from './sessionRouter.js';
+export { SessionRouter } from '@harness-fe/daemon';
 export { startMcpStdioServer, createMcpServer, experimentalEnabled, } from './mcp.js';
 export { startMcpHttpServer } from './mcpHttp.js';
-export { JsonlStore, JsonTaskStore, JsonMemoryStore, MemoryEventStore, sanitizeId, } from './store/index.js';
+export { JsonlStore, JsonTaskStore, JsonMemoryStore, MemoryEventStore, sanitizeId, } from '@harness-fe/daemon';

package/dist/mcp.d.ts

@@ -6,8 +6,8 @@
  * to the active runtime-client via the bridge.
  */
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import type { IBridge } from './bridge.js';
-import type { AuthOptions } from './auth.js';
+import type { IBridge } from '@harness-fe/daemon';
+import type { AuthOptions } from '@harness-fe/daemon';
 export interface McpServerOptions {
     /**
      * Name of the environment variable that gates experimental tools.

package/dist/mcp.js

@@ -9,12 +9,12 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
 import { COMMAND, PROTOCOL_VERSION, clickArgsSchema, evaluateArgsSchema, navigateArgsSchema, reloadArgsSchema, screenshotArgsSchema, scrollArgsSchema, setHtmlArgsSchema, setStyleArgsSchema, selectorSchema, typeArgsSchema, waitForArgsSchema, } from '@harness-fe/protocol';
-import { identifyPrincipal } from './identity.js';
-import { RemoteBridge } from './remoteBridge.js';
-import { buildVisitorTimeline } from './visitorTimeline.js';
-import { createReplayExport } from './replayCreate.js';
-import { openBrowser } from './openBrowser.js';
-import { buildDashboardUrl } from './dashboardUrl.js';
+import { canSee, canSeeProject, identifyPrincipal } from '@harness-fe/daemon';
+import { RemoteBridge } from '@harness-fe/daemon';
+import { buildVisitorTimeline } from '@harness-fe/daemon';
+import { createReplayExport } from '@harness-fe/daemon';
+import { openBrowser } from '@harness-fe/daemon';
+import { buildDashboardUrl } from '@harness-fe/daemon';
 const SERVER_NAME = 'harness-fe';
 /**
  * Experimental-feature gate.
@@ -59,7 +59,7 @@ export function createMcpServer(bridge, options = {}) {
     const leaderStore = bridge.store;
     if (leaderStore != null) {
         const memoryStore = bridge.getMemoryStore();
-        registerStoreTools(server, leaderStore, memoryStore, bridge);
+        registerStoreTools(server, leaderStore, memoryStore, bridge, options.auth);
     }
     else if (bridge instanceof RemoteBridge) {
         registerRemoteStoreTools(server, bridge);
@@ -88,6 +88,26 @@ function err(message) {
         isError: true,
     };
 }
+/**
+ * Owner chain of a project for tenant isolation (4.0 · A — binding/tagging):
+ * the project's own `createdBy` followed by its ancestors' (walked via
+ * `parentProjectId`, self → root, cycle-safe). Feed to `canSeeProject` so a
+ * host agent sees its sub-apps' data. Empty when the project is unknown.
+ */
+function ownerChainOf(projectId, store) {
+    const chain = [];
+    const seen = new Set();
+    let id = projectId;
+    while (id && !seen.has(id)) {
+        seen.add(id);
+        const p = store.getProject(id);
+        if (!p)
+            break;
+        chain.push(p.createdBy);
+        id = p.parentProjectId;
+    }
+    return chain;
+}
 function registerTools(server, bridge, auth) {
     server.registerTool(COMMAND.PAGE_CLICK, {
         description: 'Click on a DOM element resolved by the selector.',
@@ -460,8 +480,16 @@ function registerTools(server, bridge, auth) {
             status: taskStatusEnum.optional(),
             limit: z.number().int().positive().optional(),
         },
-    }, async ({ status, limit }) => {
-        const tasks = await bridge.listTasks({ status: status ?? 'pending', limit });
+    }, async ({ status, limit }, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        // Tenant isolation by project ownership (4.0 · A): a task is visible
+        // when the caller owns its project (or a host ancestor). Falls back
+        // to the submitter tag when no store is configured (in-memory mode).
+        const store = bridge.store;
+        const all = await bridge.listTasks({ status: status ?? 'pending', limit });
+        const tasks = store
+            ? all.filter((t) => canSeeProject(principal, ownerChainOf(t.projectId, store)))
+            : all.filter((t) => canSee(principal, t.createdBy));
         const summary = tasks.map((t) => ({
             id: t.id,
             status: t.status,
@@ -547,16 +575,19 @@ function registerExperimentalTools(server, bridge) {
     void bridge;
 }
 // ─── Store tools (session history, timeline, memory) ──────────────────────────
-function registerStoreTools(server, store, memoryStore, bridge) {
+function registerStoreTools(server, store, memoryStore, bridge, auth) {
     server.registerTool('session.list', {
         description: 'List recent sessions for a project. Returns session IDs, start times, and status.',
         inputSchema: {
             projectId: z.string().describe('Project ID (package.json name)'),
             limit: z.number().int().positive().default(10).optional(),
         },
-    }, async ({ projectId, limit }) => {
-        const sessions = store.listSessions({ projectId, limit: limit ?? 10 });
-        return ok(sessions);
+    }, async ({ projectId, limit }, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        // Owning a project (or a host ancestor) grants its whole session set.
+        if (!canSeeProject(principal, ownerChainOf(projectId, store)))
+            return ok([]);
+        return ok(store.listSessions({ projectId, limit: limit ?? 10 }));
     });
     server.registerTool('session.summary', {
         description: 'Get a summary of a session: event counts, last error, active tabs.',
@@ -624,8 +655,11 @@ function registerStoreTools(server, store, memoryStore, bridge) {
     server.registerTool('project.sessions', {
         description: 'List all projects with their most recent session info.',
         inputSchema: {},
-    }, async () => {
-        const projects = store.listProjects();
+    }, async (_args, extra) => {
+        const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+        const projects = store
+            .listProjects()
+            .filter((p) => canSeeProject(principal, ownerChainOf(p.id, store)));
         const result = projects.map((p) => ({
             ...p,
             recentSessions: store.listSessions({ projectId: p.id, limit: 3 }),

package/dist/mcpHttp.d.ts

@@ -6,8 +6,8 @@
  * `http://<host>:<port>/mcp` and authenticate via `Authorization: Bearer
  * <token>` like any other client.
  */
-import type { IBridge } from './bridge.js';
-import type { EventStore } from './store/types.js';
+import type { IBridge } from '@harness-fe/daemon';
+import type { EventStore } from '@harness-fe/daemon';
 export interface McpHttpOptions {
     /** URL path the transport listens on. Default `/mcp`. */
     path?: string;

package/dist/mcpHttp.js

@@ -9,7 +9,9 @@
 import { randomUUID } from 'node:crypto';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
 import { createMcpServer } from './mcp.js';
-import { MemoryEventStore } from './store/MemoryEventStore.js';
+import { identifyPrincipal } from '@harness-fe/daemon';
+import { runWithCaller } from '@harness-fe/daemon';
+import { MemoryEventStore } from '@harness-fe/daemon';
 /**
  * Mount the MCP HTTP transport on the bridge's HTTP server. Bridge must
  * already have been started; calls `prependHttpHandler` so it runs before
@@ -37,13 +39,17 @@ export async function startMcpHttpServer(bridge, opts = {}) {
     if (typeof b.prependHttpHandler !== 'function') {
         throw new Error('mcpHttp: bridge does not support prependHttpHandler (need a Bridge instance with HTTP server)');
     }
+    const auth = b.getAuthOptions();
     b.prependHttpHandler(async (req, res) => {
         const url = req.url ?? '';
         const qi = url.indexOf('?');
         const reqPath = qi < 0 ? url : url.slice(0, qi);
         if (reqPath !== path)
             return false;
-        await transport.handleRequest(req, res);
+        // Establish the per-call caller for command-target scoping (4.0 · A):
+        // every sendCommand within this request reads it via currentCaller().
+        const principal = identifyPrincipal(req.headers, auth);
+        await runWithCaller(principal, () => transport.handleRequest(req, res));
         return true;
     });
     return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@harness-fe/mcp-server",
-  "version": "4.0.0-next.1",
+  "version": "4.0.0-next.3",
   "description": "Unified MCP daemon: stdio MCP for AI agents + WS bridge for Vite plugin and runtime client.",
   "type": "module",
   "license": "MIT",
@@ -16,7 +16,7 @@
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
-    "harness-fe": "./dist/cli.js"
+    "harness-fe": "./dist/bin.js"
   },
   "exports": {
     ".": {
@@ -35,11 +35,10 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.26.0",
-    "rrweb-player": "1.0.0-alpha.4",
     "ws": "^8.18.0",
     "zod": "^4.4.3",
-    "@harness-fe/dashboard-ui": "0.2.0",
-    "@harness-fe/protocol": "4.0.0-next.0"
+    "@harness-fe/protocol": "4.0.0-next.0",
+    "@harness-fe/daemon": "4.0.0-next.3"
   },
   "devDependencies": {
     "@types/ws": "^8.5.10",
@@ -53,10 +52,9 @@
   },
   "scripts": {
     "build": "tsc",
-    "postbuild": "node -e \"require('fs').chmodSync('dist/cli.js', 0o755)\"",
+    "postbuild": "node -e \"require('fs').chmodSync('dist/bin.js', 0o755)\"",
     "dev": "tsc --watch --preserveWatchOutput",
     "watch": "tsc --watch --preserveWatchOutput",
-    "start": "tsx src/cli.ts",
     "typecheck": "tsc --noEmit",
     "test": "vitest run"
   }

package/src/bin.ts

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+/**
+ * Compat shim: the `harness-fe` CLI moved to @harness-fe/dev-cli when the
+ * monolith was split (daemon / mcp-server / dev-cli). We keep this bin so the
+ * old `npx @harness-fe/mcp-server` keeps working, but forward to dev-cli via
+ * npx at runtime — a static dependency would create an mcp-server ↔ dev-cli
+ * cycle (dev-cli already depends on mcp-server).
+ */
+import { spawnSync } from 'node:child_process';
+
+process.stderr.write(
+    '[harness-fe] The CLI moved to @harness-fe/dev-cli; forwarding. ' +
+        'Run `npx @harness-fe/dev-cli` directly to skip this hop.\n',
+);
+
+const result = spawnSync('npx', ['-y', '@harness-fe/dev-cli', ...process.argv.slice(2)], {
+    stdio: 'inherit',
+});
+process.exit(result.status ?? 0);

package/src/daemon.ts

@@ -27,10 +27,10 @@ import type { IncomingMessage } from 'node:http';
 
 import type { ConsentPolicy } from '@harness-fe/protocol';
 
-import { Bridge } from './bridge.js';
+import { Bridge } from '@harness-fe/daemon';
 import { startMcpHttpServer } from './mcpHttp.js';
-import type { EventStore, IStore } from './store/types.js';
-import type { ITaskStore, IMemoryStore } from './store/types.js';
+import type { EventStore, IStore } from '@harness-fe/daemon';
+import type { ITaskStore, IMemoryStore } from '@harness-fe/daemon';
 
 export interface DaemonOptions {
     /** TCP port to listen on. Default `DEFAULT_WS_PORT` (see protocol). */

package/src/experimental.test.ts

@@ -17,8 +17,8 @@ import { join } from 'node:path';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { InMemoryTransport } from '@modelcontextprotocol/sdk/inMemory.js';
 import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
-import { Bridge } from './bridge.js';
-import { JsonlStore } from './store/index.js';
+import { Bridge } from '@harness-fe/daemon';
+import { JsonlStore } from '@harness-fe/daemon';
 import { createMcpServer, experimentalEnabled } from './mcp.js';
 import { createDaemon } from './daemon.js';
 

package/src/index.ts

@@ -1,6 +1,6 @@
-export { Bridge, defaultDataDir, type BridgeOptions } from './bridge.js';
+export { Bridge, defaultDataDir, type BridgeOptions } from '@harness-fe/daemon';
 export { createDaemon, type DaemonOptions, type DaemonHandle } from './daemon.js';
-export { SessionRouter, type PeerSession } from './sessionRouter.js';
+export { SessionRouter, type PeerSession } from '@harness-fe/daemon';
 export {
     startMcpStdioServer,
     createMcpServer,
@@ -15,7 +15,7 @@ export {
     MemoryEventStore,
     sanitizeId,
     type MemoryEventStoreOptions,
-} from './store/index.js';
+} from '@harness-fe/daemon';
 export type {
     IStore,
     ITaskStore,
@@ -28,4 +28,4 @@ export type {
     BuildMeta,
     SessionMeta,
     TabMeta,
-} from './store/index.js';
+} from '@harness-fe/daemon';

package/src/mcp.ts

@@ -24,16 +24,16 @@ import {
     typeArgsSchema,
     waitForArgsSchema,
 } from '@harness-fe/protocol';
-import type { IBridge } from './bridge.js';
-import type { Bridge } from './bridge.js';
-import type { AuthOptions } from './auth.js';
-import { identifyPrincipal } from './identity.js';
-import { RemoteBridge } from './remoteBridge.js';
-import type { IStore, IMemoryStore } from './store/index.js';
-import { buildVisitorTimeline } from './visitorTimeline.js';
-import { createReplayExport } from './replayCreate.js';
-import { openBrowser } from './openBrowser.js';
-import { buildDashboardUrl } from './dashboardUrl.js';
+import type { IBridge } from '@harness-fe/daemon';
+import type { Bridge } from '@harness-fe/daemon';
+import type { AuthOptions } from '@harness-fe/daemon';
+import { canSee, canSeeProject, identifyPrincipal } from '@harness-fe/daemon';
+import { RemoteBridge } from '@harness-fe/daemon';
+import type { IStore, IMemoryStore } from '@harness-fe/daemon';
+import { buildVisitorTimeline } from '@harness-fe/daemon';
+import { createReplayExport } from '@harness-fe/daemon';
+import { openBrowser } from '@harness-fe/daemon';
+import { buildDashboardUrl } from '@harness-fe/daemon';
 
 const SERVER_NAME = 'harness-fe';
 
@@ -102,7 +102,7 @@ export function createMcpServer(bridge: IBridge, options: McpServerOptions = {})
     const leaderStore = (bridge as Bridge).store;
     if (leaderStore != null) {
         const memoryStore = bridge.getMemoryStore();
-        registerStoreTools(server, leaderStore, memoryStore, bridge);
+        registerStoreTools(server, leaderStore, memoryStore, bridge, options.auth);
     } else if (bridge instanceof RemoteBridge) {
         registerRemoteStoreTools(server, bridge);
     }
@@ -141,6 +141,25 @@ function err(message: string): {
     };
 }
 
+/**
+ * Owner chain of a project for tenant isolation (4.0 · A — binding/tagging):
+ * the project's own `createdBy` followed by its ancestors' (walked via
+ * `parentProjectId`, self → root, cycle-safe). Feed to `canSeeProject` so a
+ * host agent sees its sub-apps' data. Empty when the project is unknown.
+ */
+function ownerChainOf(projectId: string, store: IStore): Array<string | undefined> {
+    const chain: Array<string | undefined> = [];
+    const seen = new Set<string>();
+    let id: string | undefined = projectId;
+    while (id && !seen.has(id)) {
+        seen.add(id);
+        const p = store.getProject(id);
+        if (!p) break;
+        chain.push(p.createdBy);
+        id = p.parentProjectId;
+    }
+    return chain;
+}
 
 function registerTools(server: McpServer, bridge: IBridge, auth?: AuthOptions): void {
     server.registerTool(
@@ -750,8 +769,16 @@ function registerTools(server: McpServer, bridge: IBridge, auth?: AuthOptions):
                 limit: z.number().int().positive().optional(),
             },
         },
-        async ({ status, limit }) => {
-            const tasks = await bridge.listTasks({ status: status ?? 'pending', limit });
+        async ({ status, limit }, extra) => {
+            const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+            // Tenant isolation by project ownership (4.0 · A): a task is visible
+            // when the caller owns its project (or a host ancestor). Falls back
+            // to the submitter tag when no store is configured (in-memory mode).
+            const store = (bridge as Bridge).store;
+            const all = await bridge.listTasks({ status: status ?? 'pending', limit });
+            const tasks = store
+                ? all.filter((t) => canSeeProject(principal, ownerChainOf(t.projectId, store)))
+                : all.filter((t) => canSee(principal, t.createdBy));
             const summary = tasks.map((t) => ({
                 id: t.id,
                 status: t.status,
@@ -865,7 +892,7 @@ function registerExperimentalTools(server: McpServer, bridge: IBridge): void {
 
 // ─── Store tools (session history, timeline, memory) ──────────────────────────
 
-function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemoryStore, bridge: IBridge): void {
+function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemoryStore, bridge: IBridge, auth?: AuthOptions): void {
     server.registerTool(
         'session.list',
         {
@@ -875,9 +902,11 @@ function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemo
                 limit: z.number().int().positive().default(10).optional(),
             },
         },
-        async ({ projectId, limit }) => {
-            const sessions = store.listSessions({ projectId, limit: limit ?? 10 });
-            return ok(sessions);
+        async ({ projectId, limit }, extra) => {
+            const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+            // Owning a project (or a host ancestor) grants its whole session set.
+            if (!canSeeProject(principal, ownerChainOf(projectId, store))) return ok([]);
+            return ok(store.listSessions({ projectId, limit: limit ?? 10 }));
         },
     );
 
@@ -963,8 +992,11 @@ function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemo
             description: 'List all projects with their most recent session info.',
             inputSchema: {},
         },
-        async () => {
-            const projects = store.listProjects();
+        async (_args, extra) => {
+            const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
+            const projects = store
+                .listProjects()
+                .filter((p) => canSeeProject(principal, ownerChainOf(p.id, store)));
             const result = projects.map((p) => ({
                 ...p,
                 recentSessions: store.listSessions({ projectId: p.id, limit: 3 }),

package/src/mcpHttp.test.ts

@@ -1,9 +1,9 @@
 import { afterEach, describe, expect, it } from 'vitest';
 import type { JSONRPCMessage } from '@modelcontextprotocol/sdk/types.js';
-import { Bridge } from './bridge.js';
+import { Bridge } from '@harness-fe/daemon';
 import { startMcpHttpServer } from './mcpHttp.js';
-import { MemoryEventStore } from './store/MemoryEventStore.js';
-import type { EventStore } from './store/types.js';
+import { MemoryEventStore } from '@harness-fe/daemon';
+import type { EventStore } from '@harness-fe/daemon';
 
 const cleanups: Array<() => Promise<void> | void> = [];
 

package/src/mcpHttp.ts

@@ -10,10 +10,12 @@
 import { randomUUID } from 'node:crypto';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
 import type { IncomingMessage, ServerResponse } from 'node:http';
-import type { Bridge, IBridge } from './bridge.js';
+import type { Bridge, IBridge } from '@harness-fe/daemon';
 import { createMcpServer } from './mcp.js';
-import { MemoryEventStore } from './store/MemoryEventStore.js';
-import type { EventStore } from './store/types.js';
+import { identifyPrincipal } from '@harness-fe/daemon';
+import { runWithCaller } from '@harness-fe/daemon';
+import { MemoryEventStore } from '@harness-fe/daemon';
+import type { EventStore } from '@harness-fe/daemon';
 
 export interface McpHttpOptions {
     /** URL path the transport listens on. Default `/mcp`. */
@@ -81,12 +83,16 @@ export async function startMcpHttpServer(
         );
     }
 
+    const auth = b.getAuthOptions();
     b.prependHttpHandler(async (req: IncomingMessage, res: ServerResponse) => {
         const url = req.url ?? '';
         const qi = url.indexOf('?');
         const reqPath = qi < 0 ? url : url.slice(0, qi);
         if (reqPath !== path) return false;
-        await transport.handleRequest(req, res);
+        // Establish the per-call caller for command-target scoping (4.0 · A):
+        // every sendCommand within this request reads it via currentCaller().
+        const principal = identifyPrincipal(req.headers, auth);
+        await runWithCaller(principal, () => transport.handleRequest(req, res));
         return true;
     });
 

package/src/mcpLayer.e2e.test.ts

@@ -16,8 +16,8 @@ import { join } from 'node:path';
 import { randomUUID } from 'node:crypto';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { InMemoryTransport } from '@modelcontextprotocol/sdk/inMemory.js';
-import { Bridge } from './bridge.js';
-import { JsonlStore } from './store/index.js';
+import { Bridge } from '@harness-fe/daemon';
+import { JsonlStore } from '@harness-fe/daemon';
 import { createMcpServer } from './mcp.js';
 import type {
     EventFrame,

package/src/newCapabilities.e2e.test.ts

@@ -14,8 +14,8 @@ import { mkdtempSync, rmSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 import { randomUUID } from 'node:crypto';
-import { Bridge } from './bridge.js';
-import { JsonlStore } from './store/index.js';
+import { Bridge } from '@harness-fe/daemon';
+import { JsonlStore } from '@harness-fe/daemon';
 import type {
     EventFrame,
     HelloAckFrame,
@@ -23,7 +23,7 @@ import type {
     StorageEntry,
     WsEntry,
 } from '@harness-fe/protocol';
-import { buildVisitorTimeline } from './visitorTimeline.js';
+import { buildVisitorTimeline } from '@harness-fe/daemon';
 
 interface TestEnv {
     bridge: Bridge;

package/dist/auth.d.ts

@@ -1,53 +0,0 @@
-/**
- * Token-based auth for the bridge's HTTP + WS surfaces.
- *
- * Loopback (127.*, localhost, ::1) — auth disabled by default; the daemon
- * trusts everything that can reach the loopback socket. As soon as the
- * daemon is bound to a non-loopback host (e.g. 0.0.0.0 for LAN debugging),
- * the CLI requires a token and this module enforces it on every HTTP route
- * and WS upgrade.
- *
- * Why a single module: dashboard / replay viewer / events handler /
- * MCP HTTP transport all live behind the same bridge HTTP server. Bridge
- * wraps requests with `isAuthorized` once, so individual handlers never
- * see unauthenticated traffic and don't carry auth code.
- */
-import type { IncomingMessage, ServerResponse } from 'node:http';
-export declare const DEFAULT_COOKIE_NAME = "harness_fe_token";
-export declare const DEFAULT_LOGIN_PATH = "/__auth";
-export interface AuthOptions {
-    /** Expected token. Empty/undefined disables token auth. */
-    token?: string;
-    /**
-     * Custom authorization predicate. When supplied, runs *instead of* the
-     * token check on every HTTP request and WS upgrade. Synchronous: the
-     * WS upgrade handshake completes inline. For host-injected auth that
-     * needs an async lookup, cache the result in a cookie via the host's
-     * own middleware and have `authorize` read the cookie.
-     */
-    authorize?: (req: IncomingMessage) => boolean;
-    /** Cookie name set after a successful login. Default: harness_fe_token. */
-    cookieName?: string;
-    /** POST path that consumes the login form. Default: /__auth. */
-    loginPath?: string;
-}
-export declare function isAuthEnabled(opts: AuthOptions): boolean;
-/** Pull token from header / cookie / query / WS subprotocol (first match wins). */
-export declare function extractToken(req: IncomingMessage, opts?: AuthOptions): string | undefined;
-/**
- * Constant-time token compare. Hashing both sides first means we always
- * compare equal-length buffers, sidestepping the length-leak that a raw
- * timingSafeEqual on user input would have.
- */
-export declare function verifyToken(provided: string | undefined, expected: string): boolean;
-/** True if request is allowed (auth disabled, custom predicate accepts, or token matches). */
-export declare function isAuthorized(req: IncomingMessage, opts: AuthOptions): boolean;
-/**
- * Write a 401 response. Browsers (Accept: text/html) get a minimal login
- * form they can post the token through; everything else gets JSON.
- */
-export declare function sendUnauthorized(req: IncomingMessage, res: ServerResponse, opts: AuthOptions): void;
-/**
- * Handle POST {loginPath}: read form body, verify token, set cookie, 303 → next.
- */
-export declare function handleLoginPost(req: IncomingMessage, res: ServerResponse, opts: AuthOptions): Promise<void>;