@harness-fe/mcp-server 4.0.0-next.2 → 4.0.0-next.4

package/dist/bin.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/bin.js

@@ -0,0 +1,15 @@
+#!/usr/bin/env node
+/**
+ * Compat shim: the `harness-fe` CLI moved to @harness-fe/dev-cli when the
+ * monolith was split (daemon / mcp-server / dev-cli). We keep this bin so the
+ * old `npx @harness-fe/mcp-server` keeps working, but forward to dev-cli via
+ * npx at runtime — a static dependency would create an mcp-server ↔ dev-cli
+ * cycle (dev-cli already depends on mcp-server).
+ */
+import { spawnSync } from 'node:child_process';
+process.stderr.write('[harness-fe] The CLI moved to @harness-fe/dev-cli; forwarding. ' +
+    'Run `npx @harness-fe/dev-cli` directly to skip this hop.\n');
+const result = spawnSync('npx', ['-y', '@harness-fe/dev-cli', ...process.argv.slice(2)], {
+    stdio: 'inherit',
+});
+process.exit(result.status ?? 0);

package/dist/daemon.d.ts

@@ -24,9 +24,9 @@
  */
 import type { IncomingMessage } from 'node:http';
 import type { ConsentPolicy } from '@harness-fe/protocol';
-import { Bridge } from './bridge.js';
-import type { EventStore, IStore } from './store/types.js';
-import type { ITaskStore, IMemoryStore } from './store/types.js';
+import { Bridge } from '@harness-fe/daemon';
+import type { EventStore, IStore } from '@harness-fe/daemon';
+import type { ITaskStore, IMemoryStore } from '@harness-fe/daemon';
 export interface DaemonOptions {
     /** TCP port to listen on. Default `DEFAULT_WS_PORT` (see protocol). */
     port?: number;

package/dist/daemon.js

@@ -22,7 +22,7 @@
  * follower attachment, banner, signal handlers) stays in `cli.ts` —
  * not pushed into the factory.
  */
-import { Bridge } from './bridge.js';
+import { Bridge } from '@harness-fe/daemon';
 import { startMcpHttpServer } from './mcpHttp.js';
 export function createDaemon(opts = {}) {
     const mcpPath = opts.mcpPath ?? '/mcp';

package/dist/index.d.ts

@@ -1,7 +1,7 @@
-export { Bridge, defaultDataDir, type BridgeOptions } from './bridge.js';
+export { Bridge, defaultDataDir, type BridgeOptions } from '@harness-fe/daemon';
 export { createDaemon, type DaemonOptions, type DaemonHandle } from './daemon.js';
-export { SessionRouter, type PeerSession } from './sessionRouter.js';
+export { SessionRouter, type PeerSession } from '@harness-fe/daemon';
 export { startMcpStdioServer, createMcpServer, experimentalEnabled, type McpServerOptions, } from './mcp.js';
 export { startMcpHttpServer, type McpHttpOptions, type McpHttpHandle } from './mcpHttp.js';
-export { JsonlStore, JsonTaskStore, JsonMemoryStore, MemoryEventStore, sanitizeId, type MemoryEventStoreOptions, } from './store/index.js';
-export type { IStore, ITaskStore, IMemoryStore, EventStore, EventId, StreamId, ProjectMeta, ProjectTreeNode, BuildMeta, SessionMeta, TabMeta, } from './store/index.js';
+export { JsonlStore, JsonTaskStore, JsonMemoryStore, MemoryEventStore, sanitizeId, type MemoryEventStoreOptions, } from '@harness-fe/daemon';
+export type { IStore, ITaskStore, IMemoryStore, EventStore, EventId, StreamId, ProjectMeta, ProjectTreeNode, BuildMeta, SessionMeta, TabMeta, } from '@harness-fe/daemon';

package/dist/index.js

@@ -1,6 +1,6 @@
-export { Bridge, defaultDataDir } from './bridge.js';
+export { Bridge, defaultDataDir } from '@harness-fe/daemon';
 export { createDaemon } from './daemon.js';
-export { SessionRouter } from './sessionRouter.js';
+export { SessionRouter } from '@harness-fe/daemon';
 export { startMcpStdioServer, createMcpServer, experimentalEnabled, } from './mcp.js';
 export { startMcpHttpServer } from './mcpHttp.js';
-export { JsonlStore, JsonTaskStore, JsonMemoryStore, MemoryEventStore, sanitizeId, } from './store/index.js';
+export { JsonlStore, JsonTaskStore, JsonMemoryStore, MemoryEventStore, sanitizeId, } from '@harness-fe/daemon';

package/dist/mcp.d.ts

@@ -6,8 +6,8 @@
  * to the active runtime-client via the bridge.
  */
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import type { IBridge } from './bridge.js';
-import type { AuthOptions } from './auth.js';
+import type { IBridge } from '@harness-fe/daemon';
+import type { AuthOptions } from '@harness-fe/daemon';
 export interface McpServerOptions {
     /**
      * Name of the environment variable that gates experimental tools.

package/dist/mcp.js

@@ -9,12 +9,12 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
 import { COMMAND, PROTOCOL_VERSION, clickArgsSchema, evaluateArgsSchema, navigateArgsSchema, reloadArgsSchema, screenshotArgsSchema, scrollArgsSchema, setHtmlArgsSchema, setStyleArgsSchema, selectorSchema, typeArgsSchema, waitForArgsSchema, } from '@harness-fe/protocol';
-import { canSee, identifyPrincipal } from './identity.js';
-import { RemoteBridge } from './remoteBridge.js';
-import { buildVisitorTimeline } from './visitorTimeline.js';
-import { createReplayExport } from './replayCreate.js';
-import { openBrowser } from './openBrowser.js';
-import { buildDashboardUrl } from './dashboardUrl.js';
+import { canSee, canSeeProject, identifyPrincipal } from '@harness-fe/daemon';
+import { RemoteBridge } from '@harness-fe/daemon';
+import { buildVisitorTimeline } from '@harness-fe/daemon';
+import { createReplayExport } from '@harness-fe/daemon';
+import { openBrowser } from '@harness-fe/daemon';
+import { buildDashboardUrl } from '@harness-fe/daemon';
 const SERVER_NAME = 'harness-fe';
 /**
  * Experimental-feature gate.
@@ -88,6 +88,26 @@ function err(message) {
         isError: true,
     };
 }
+/**
+ * Owner chain of a project for tenant isolation (4.0 · A — binding/tagging):
+ * the project's own `createdBy` followed by its ancestors' (walked via
+ * `parentProjectId`, self → root, cycle-safe). Feed to `canSeeProject` so a
+ * host agent sees its sub-apps' data. Empty when the project is unknown.
+ */
+function ownerChainOf(projectId, store) {
+    const chain = [];
+    const seen = new Set();
+    let id = projectId;
+    while (id && !seen.has(id)) {
+        seen.add(id);
+        const p = store.getProject(id);
+        if (!p)
+            break;
+        chain.push(p.createdBy);
+        id = p.parentProjectId;
+    }
+    return chain;
+}
 function registerTools(server, bridge, auth) {
     server.registerTool(COMMAND.PAGE_CLICK, {
         description: 'Click on a DOM element resolved by the selector.',
@@ -462,8 +482,14 @@ function registerTools(server, bridge, auth) {
         },
     }, async ({ status, limit }, extra) => {
         const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
-        const tasks = (await bridge.listTasks({ status: status ?? 'pending', limit }))
-            .filter((t) => canSee(principal, t.createdBy));
+        // Tenant isolation by project ownership (4.0 · A): a task is visible
+        // when the caller owns its project (or a host ancestor). Falls back
+        // to the submitter tag when no store is configured (in-memory mode).
+        const store = bridge.store;
+        const all = await bridge.listTasks({ status: status ?? 'pending', limit });
+        const tasks = store
+            ? all.filter((t) => canSeeProject(principal, t.projectId, ownerChainOf(t.projectId, store)))
+            : all.filter((t) => canSee(principal, t.createdBy));
         const summary = tasks.map((t) => ({
             id: t.id,
             status: t.status,
@@ -492,14 +518,34 @@ function registerTools(server, bridge, auth) {
         return ok(task);
     });
     server.registerTool(COMMAND.TASKS_RESOLVE, {
-        description: 'Mark a task as resolved with an optional note. Use after addressing the user request.',
+        description: 'Mark a task as resolved with an optional note and structured resolution. ' +
+            'Use after addressing the user request. Pass `resolution` to close the ' +
+            'feedback loop: how it was fixed (type), the fix commit/PR, and the ' +
+            'verificationSessionId of the post-fix re-test that proved the fix.',
         inputSchema: {
             taskId: z.string(),
             note: z.string().optional(),
+            resolution: z
+                .object({
+                type: z
+                    .enum(['code-fix', 'config', 'wontfix', 'duplicate', 'cannot-reproduce'])
+                    .optional(),
+                commit: z.string().optional().describe('Git commit SHA of the fix.'),
+                prUrl: z.string().optional().describe('Pull-request URL for the fix.'),
+                verificationSessionId: z
+                    .string()
+                    .optional()
+                    .describe('Session id of the post-fix re-test that verified the fix.'),
+                verifiedAt: z
+                    .number()
+                    .optional()
+                    .describe('Epoch ms; defaulted when verificationSessionId is given.'),
+            })
+                .optional(),
         },
-    }, async ({ taskId, note }, extra) => {
+    }, async ({ taskId, note, resolution }, extra) => {
         const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
-        const task = await bridge.resolveTask(taskId, note, principal);
+        const task = await bridge.resolveTask(taskId, note, resolution, principal);
         if (!task) {
             throw new Error(`tasks.resolve: no task with id "${taskId}"`);
         }
@@ -558,10 +604,10 @@ function registerStoreTools(server, store, memoryStore, bridge, auth) {
         },
     }, async ({ projectId, limit }, extra) => {
         const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
-        const sessions = store
-            .listSessions({ projectId, limit: limit ?? 10 })
-            .filter((s) => canSee(principal, s.createdBy));
-        return ok(sessions);
+        // Owning a project (or a host ancestor) grants its whole session set.
+        if (!canSeeProject(principal, projectId, ownerChainOf(projectId, store)))
+            return ok([]);
+        return ok(store.listSessions({ projectId, limit: limit ?? 10 }));
     });
     server.registerTool('session.summary', {
         description: 'Get a summary of a session: event counts, last error, active tabs.',
@@ -631,12 +677,12 @@ function registerStoreTools(server, store, memoryStore, bridge, auth) {
         inputSchema: {},
     }, async (_args, extra) => {
         const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
-        const projects = store.listProjects().filter((p) => canSee(principal, p.createdBy));
+        const projects = store
+            .listProjects()
+            .filter((p) => canSeeProject(principal, p.id, ownerChainOf(p.id, store)));
         const result = projects.map((p) => ({
             ...p,
-            recentSessions: store
-                .listSessions({ projectId: p.id, limit: 3 })
-                .filter((s) => canSee(principal, s.createdBy)),
+            recentSessions: store.listSessions({ projectId: p.id, limit: 3 }),
         }));
         return ok(result);
     });

package/dist/mcpHttp.d.ts

@@ -6,8 +6,8 @@
  * `http://<host>:<port>/mcp` and authenticate via `Authorization: Bearer
  * <token>` like any other client.
  */
-import type { IBridge } from './bridge.js';
-import type { EventStore } from './store/types.js';
+import type { IBridge } from '@harness-fe/daemon';
+import type { EventStore } from '@harness-fe/daemon';
 export interface McpHttpOptions {
     /** URL path the transport listens on. Default `/mcp`. */
     path?: string;

package/dist/mcpHttp.js

@@ -8,8 +8,11 @@
  */
 import { randomUUID } from 'node:crypto';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
 import { createMcpServer } from './mcp.js';
-import { MemoryEventStore } from './store/MemoryEventStore.js';
+import { identifyPrincipal } from '@harness-fe/daemon';
+import { runWithCaller } from '@harness-fe/daemon';
+import { MemoryEventStore } from '@harness-fe/daemon';
 /**
  * Mount the MCP HTTP transport on the bridge's HTTP server. Bridge must
  * already have been started; calls `prependHttpHandler` so it runs before
@@ -18,38 +21,105 @@ import { MemoryEventStore } from './store/MemoryEventStore.js';
 export async function startMcpHttpServer(bridge, opts = {}) {
     const path = opts.path ?? '/mcp';
     const stateful = opts.stateful !== false;
-    const eventStore = opts.eventStore === null
-        ? undefined
-        : opts.eventStore ?? new MemoryEventStore();
-    // Pass the daemon's auth so MCP tools can identify the per-call principal
-    // from request headers (4.0 · P4). stdio (startMcpStdioServer) omits this,
-    // so stdio calls resolve to the local principal.
-    const server = createMcpServer(bridge, {
-        experimentalEnvVar: opts.experimentalEnvVar,
-        auth: bridge.getAuthOptions(),
-    });
-    const transport = new StreamableHTTPServerTransport({
-        sessionIdGenerator: stateful ? () => randomUUID() : undefined,
-        eventStore,
-    });
-    await server.connect(transport);
     const b = bridge;
     if (typeof b.prependHttpHandler !== 'function') {
         throw new Error('mcpHttp: bridge does not support prependHttpHandler (need a Bridge instance with HTTP server)');
     }
+    // Pass the daemon's auth so MCP tools can identify the per-call principal
+    // from request headers (4.0 · P4). stdio (startMcpStdioServer) omits this,
+    // so stdio calls resolve to the local principal.
+    const auth = b.getAuthOptions();
+    const sessions = new Map();
+    function newSession() {
+        const server = createMcpServer(bridge, { experimentalEnvVar: opts.experimentalEnvVar, auth });
+        const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: stateful ? () => randomUUID() : undefined,
+            // null → resumability off; an explicit store → use it; default → a
+            // fresh per-session MemoryEventStore.
+            eventStore: opts.eventStore === null ? undefined : (opts.eventStore ?? new MemoryEventStore()),
+            onsessioninitialized: (sid) => {
+                sessions.set(sid, { transport, server });
+            },
+        });
+        transport.onclose = () => {
+            const sid = transport.sessionId;
+            if (sid)
+                sessions.delete(sid);
+        };
+        return { transport, server };
+    }
     b.prependHttpHandler(async (req, res) => {
         const url = req.url ?? '';
         const qi = url.indexOf('?');
         const reqPath = qi < 0 ? url : url.slice(0, qi);
         if (reqPath !== path)
             return false;
-        await transport.handleRequest(req, res);
+        // Per-call caller for command-target scoping (4.0 · A): every sendCommand
+        // within this request reads it via currentCaller().
+        const principal = identifyPrincipal(req.headers, auth);
+        const sid = req.headers['mcp-session-id'];
+        // Established session — route by id (POST follow-ups, GET SSE, DELETE).
+        if (typeof sid === 'string' && sessions.has(sid)) {
+            const { transport } = sessions.get(sid);
+            await runWithCaller(principal, () => transport.handleRequest(req, res));
+            return true;
+        }
+        // No (known) session id. A POST `initialize` opens one; anything else is invalid.
+        if (req.method === 'POST') {
+            let body;
+            try {
+                body = await readJsonBody(req);
+            }
+            catch {
+                sendMcpError(res, 400, -32700, 'Parse error');
+                return true;
+            }
+            if (stateful && !isInitializeRequest(body)) {
+                sendMcpError(res, 400, -32600, 'Bad Request: no valid mcp-session-id (initialize first)');
+                return true;
+            }
+            const { server, transport } = newSession();
+            await server.connect(transport);
+            if (!stateful) {
+                // Stateless one-shot: tear down when the response ends.
+                res.on('close', () => {
+                    void transport.close();
+                    void server.close();
+                });
+            }
+            await runWithCaller(principal, () => transport.handleRequest(req, res, body));
+            return true;
+        }
+        // GET/DELETE without a known session — nothing to attach to.
+        sendMcpError(res, 400, -32600, 'Bad Request: unknown or missing mcp-session-id');
         return true;
     });
     return {
         path,
         async close() {
-            await server.close();
+            for (const { server } of sessions.values()) {
+                await server.close().catch(() => undefined);
+            }
+            sessions.clear();
         },
     };
 }
+async function readJsonBody(req) {
+    const chunks = [];
+    let total = 0;
+    const MAX = 4 * 1024 * 1024; // 4 MiB cap — MCP requests are small
+    for await (const c of req) {
+        const buf = c;
+        total += buf.length;
+        if (total > MAX)
+            throw new Error('mcp body too large');
+        chunks.push(buf);
+    }
+    const raw = Buffer.concat(chunks).toString('utf8');
+    return raw ? JSON.parse(raw) : undefined;
+}
+function sendMcpError(res, status, code, message) {
+    res.statusCode = status;
+    res.setHeader('content-type', 'application/json');
+    res.end(JSON.stringify({ jsonrpc: '2.0', error: { code, message }, id: null }));
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@harness-fe/mcp-server",
-  "version": "4.0.0-next.2",
+  "version": "4.0.0-next.4",
   "description": "Unified MCP daemon: stdio MCP for AI agents + WS bridge for Vite plugin and runtime client.",
   "type": "module",
   "license": "MIT",
@@ -16,7 +16,7 @@
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
-    "harness-fe": "./dist/cli.js"
+    "harness-fe": "./dist/bin.js"
   },
   "exports": {
     ".": {
@@ -35,11 +35,10 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.26.0",
-    "rrweb-player": "1.0.0-alpha.4",
     "ws": "^8.18.0",
     "zod": "^4.4.3",
-    "@harness-fe/dashboard-ui": "0.2.0",
-    "@harness-fe/protocol": "4.0.0-next.0"
+    "@harness-fe/daemon": "4.0.0-next.4",
+    "@harness-fe/protocol": "4.0.0-next.4"
   },
   "devDependencies": {
     "@types/ws": "^8.5.10",
@@ -53,10 +52,9 @@
   },
   "scripts": {
     "build": "tsc",
-    "postbuild": "node -e \"require('fs').chmodSync('dist/cli.js', 0o755)\"",
+    "postbuild": "node -e \"require('fs').chmodSync('dist/bin.js', 0o755)\"",
     "dev": "tsc --watch --preserveWatchOutput",
     "watch": "tsc --watch --preserveWatchOutput",
-    "start": "tsx src/cli.ts",
     "typecheck": "tsc --noEmit",
     "test": "vitest run"
   }

package/src/bin.ts

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+/**
+ * Compat shim: the `harness-fe` CLI moved to @harness-fe/dev-cli when the
+ * monolith was split (daemon / mcp-server / dev-cli). We keep this bin so the
+ * old `npx @harness-fe/mcp-server` keeps working, but forward to dev-cli via
+ * npx at runtime — a static dependency would create an mcp-server ↔ dev-cli
+ * cycle (dev-cli already depends on mcp-server).
+ */
+import { spawnSync } from 'node:child_process';
+
+process.stderr.write(
+    '[harness-fe] The CLI moved to @harness-fe/dev-cli; forwarding. ' +
+        'Run `npx @harness-fe/dev-cli` directly to skip this hop.\n',
+);
+
+const result = spawnSync('npx', ['-y', '@harness-fe/dev-cli', ...process.argv.slice(2)], {
+    stdio: 'inherit',
+});
+process.exit(result.status ?? 0);

package/src/daemon.ts

@@ -27,10 +27,10 @@ import type { IncomingMessage } from 'node:http';
 
 import type { ConsentPolicy } from '@harness-fe/protocol';
 
-import { Bridge } from './bridge.js';
+import { Bridge } from '@harness-fe/daemon';
 import { startMcpHttpServer } from './mcpHttp.js';
-import type { EventStore, IStore } from './store/types.js';
-import type { ITaskStore, IMemoryStore } from './store/types.js';
+import type { EventStore, IStore } from '@harness-fe/daemon';
+import type { ITaskStore, IMemoryStore } from '@harness-fe/daemon';
 
 export interface DaemonOptions {
     /** TCP port to listen on. Default `DEFAULT_WS_PORT` (see protocol). */

package/src/experimental.test.ts

@@ -17,8 +17,8 @@ import { join } from 'node:path';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { InMemoryTransport } from '@modelcontextprotocol/sdk/inMemory.js';
 import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
-import { Bridge } from './bridge.js';
-import { JsonlStore } from './store/index.js';
+import { Bridge } from '@harness-fe/daemon';
+import { JsonlStore } from '@harness-fe/daemon';
 import { createMcpServer, experimentalEnabled } from './mcp.js';
 import { createDaemon } from './daemon.js';
 

package/src/index.ts

@@ -1,6 +1,6 @@
-export { Bridge, defaultDataDir, type BridgeOptions } from './bridge.js';
+export { Bridge, defaultDataDir, type BridgeOptions } from '@harness-fe/daemon';
 export { createDaemon, type DaemonOptions, type DaemonHandle } from './daemon.js';
-export { SessionRouter, type PeerSession } from './sessionRouter.js';
+export { SessionRouter, type PeerSession } from '@harness-fe/daemon';
 export {
     startMcpStdioServer,
     createMcpServer,
@@ -15,7 +15,7 @@ export {
     MemoryEventStore,
     sanitizeId,
     type MemoryEventStoreOptions,
-} from './store/index.js';
+} from '@harness-fe/daemon';
 export type {
     IStore,
     ITaskStore,
@@ -28,4 +28,4 @@ export type {
     BuildMeta,
     SessionMeta,
     TabMeta,
-} from './store/index.js';
+} from '@harness-fe/daemon';

package/src/mcp.ts

@@ -24,16 +24,16 @@ import {
     typeArgsSchema,
     waitForArgsSchema,
 } from '@harness-fe/protocol';
-import type { IBridge } from './bridge.js';
-import type { Bridge } from './bridge.js';
-import type { AuthOptions } from './auth.js';
-import { canSee, identifyPrincipal } from './identity.js';
-import { RemoteBridge } from './remoteBridge.js';
-import type { IStore, IMemoryStore } from './store/index.js';
-import { buildVisitorTimeline } from './visitorTimeline.js';
-import { createReplayExport } from './replayCreate.js';
-import { openBrowser } from './openBrowser.js';
-import { buildDashboardUrl } from './dashboardUrl.js';
+import type { IBridge } from '@harness-fe/daemon';
+import type { Bridge } from '@harness-fe/daemon';
+import type { AuthOptions } from '@harness-fe/daemon';
+import { canSee, canSeeProject, identifyPrincipal } from '@harness-fe/daemon';
+import { RemoteBridge } from '@harness-fe/daemon';
+import type { IStore, IMemoryStore } from '@harness-fe/daemon';
+import { buildVisitorTimeline } from '@harness-fe/daemon';
+import { createReplayExport } from '@harness-fe/daemon';
+import { openBrowser } from '@harness-fe/daemon';
+import { buildDashboardUrl } from '@harness-fe/daemon';
 
 const SERVER_NAME = 'harness-fe';
 
@@ -141,6 +141,25 @@ function err(message: string): {
     };
 }
 
+/**
+ * Owner chain of a project for tenant isolation (4.0 · A — binding/tagging):
+ * the project's own `createdBy` followed by its ancestors' (walked via
+ * `parentProjectId`, self → root, cycle-safe). Feed to `canSeeProject` so a
+ * host agent sees its sub-apps' data. Empty when the project is unknown.
+ */
+function ownerChainOf(projectId: string, store: IStore): Array<string | undefined> {
+    const chain: Array<string | undefined> = [];
+    const seen = new Set<string>();
+    let id: string | undefined = projectId;
+    while (id && !seen.has(id)) {
+        seen.add(id);
+        const p = store.getProject(id);
+        if (!p) break;
+        chain.push(p.createdBy);
+        id = p.parentProjectId;
+    }
+    return chain;
+}
 
 function registerTools(server: McpServer, bridge: IBridge, auth?: AuthOptions): void {
     server.registerTool(
@@ -752,8 +771,14 @@ function registerTools(server: McpServer, bridge: IBridge, auth?: AuthOptions):
         },
         async ({ status, limit }, extra) => {
             const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
-            const tasks = (await bridge.listTasks({ status: status ?? 'pending', limit }))
-                .filter((t) => canSee(principal, t.createdBy));
+            // Tenant isolation by project ownership (4.0 · A): a task is visible
+            // when the caller owns its project (or a host ancestor). Falls back
+            // to the submitter tag when no store is configured (in-memory mode).
+            const store = (bridge as Bridge).store;
+            const all = await bridge.listTasks({ status: status ?? 'pending', limit });
+            const tasks = store
+                ? all.filter((t) => canSeeProject(principal, t.projectId, ownerChainOf(t.projectId, store)))
+                : all.filter((t) => canSee(principal, t.createdBy));
             const summary = tasks.map((t) => ({
                 id: t.id,
                 status: t.status,
@@ -793,15 +818,35 @@ function registerTools(server: McpServer, bridge: IBridge, auth?: AuthOptions):
         COMMAND.TASKS_RESOLVE,
         {
             description:
-                'Mark a task as resolved with an optional note. Use after addressing the user request.',
+                'Mark a task as resolved with an optional note and structured resolution. ' +
+                'Use after addressing the user request. Pass `resolution` to close the ' +
+                'feedback loop: how it was fixed (type), the fix commit/PR, and the ' +
+                'verificationSessionId of the post-fix re-test that proved the fix.',
             inputSchema: {
                 taskId: z.string(),
                 note: z.string().optional(),
+                resolution: z
+                    .object({
+                        type: z
+                            .enum(['code-fix', 'config', 'wontfix', 'duplicate', 'cannot-reproduce'])
+                            .optional(),
+                        commit: z.string().optional().describe('Git commit SHA of the fix.'),
+                        prUrl: z.string().optional().describe('Pull-request URL for the fix.'),
+                        verificationSessionId: z
+                            .string()
+                            .optional()
+                            .describe('Session id of the post-fix re-test that verified the fix.'),
+                        verifiedAt: z
+                            .number()
+                            .optional()
+                            .describe('Epoch ms; defaulted when verificationSessionId is given.'),
+                    })
+                    .optional(),
             },
         },
-        async ({ taskId, note }, extra) => {
+        async ({ taskId, note, resolution }, extra) => {
             const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
-            const task = await bridge.resolveTask(taskId, note, principal);
+            const task = await bridge.resolveTask(taskId, note, resolution, principal);
             if (!task) {
                 throw new Error(`tasks.resolve: no task with id "${taskId}"`);
             }
@@ -879,10 +924,9 @@ function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemo
         },
         async ({ projectId, limit }, extra) => {
             const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
-            const sessions = store
-                .listSessions({ projectId, limit: limit ?? 10 })
-                .filter((s) => canSee(principal, s.createdBy));
-            return ok(sessions);
+            // Owning a project (or a host ancestor) grants its whole session set.
+            if (!canSeeProject(principal, projectId, ownerChainOf(projectId, store))) return ok([]);
+            return ok(store.listSessions({ projectId, limit: limit ?? 10 }));
         },
     );
 
@@ -970,12 +1014,12 @@ function registerStoreTools(server: McpServer, store: IStore, memoryStore: IMemo
         },
         async (_args, extra) => {
             const principal = identifyPrincipal(extra.requestInfo?.headers, auth ?? {});
-            const projects = store.listProjects().filter((p) => canSee(principal, p.createdBy));
+            const projects = store
+                .listProjects()
+                .filter((p) => canSeeProject(principal, p.id, ownerChainOf(p.id, store)));
             const result = projects.map((p) => ({
                 ...p,
-                recentSessions: store
-                    .listSessions({ projectId: p.id, limit: 3 })
-                    .filter((s) => canSee(principal, s.createdBy)),
+                recentSessions: store.listSessions({ projectId: p.id, limit: 3 }),
             }));
             return ok(result);
         },