npm - @poncho-ai/harness - Versions diffs - 0.34.1 → 0.35.0 - Mend

@poncho-ai/harness 0.34.1 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@poncho-ai/harness",
-  "version": "0.34.1",
+  "version": "0.35.0",
   "description": "Agent execution runtime - conversation loop, tool dispatch, streaming",
   "repository": {
     "type": "git",
@@ -29,11 +29,12 @@
     "ai": "^6.0.86",
     "cheerio": "^1.2.0",
     "jiti": "^2.6.1",
+    "jose": "^6.2.2",
     "mustache": "^4.2.0",
     "redis": "^5.10.0",
     "yaml": "^2.4.0",
     "zod": "^3.22.0",
-    "@poncho-ai/sdk": "1.7.1"
+    "@poncho-ai/sdk": "1.8.0"
   },
   "devDependencies": {
     "@types/mustache": "^4.2.6",

package/src/config.ts CHANGED Viewed

@@ -134,6 +134,12 @@ export interface PonchoConfig extends McpConfig {
     /** Cron expression controlling how often the reminder poll runs (local and serverless). Default: every 10 minutes. */
     pollSchedule?: string;
   };
+  /**
+   * Declare env var names that tenants can self-manage via the web UI or API.
+   * Key = env var name, value = human-readable label shown in the settings panel.
+   * Example: { LINEAR_API_KEY: "Linear API Key", STRIPE_KEY: "Stripe Secret Key" }
+   */
+  tenantSecrets?: Record<string, string>;
   /** Set to `false` to disable the built-in web UI (headless / API-only mode). */
   webUi?: false;
   /** Enable browser automation tools. Set `true` for defaults, or provide config. */

package/src/harness.ts CHANGED Viewed

@@ -21,10 +21,12 @@ import { createDefaultTools, createDeleteDirectoryTool, createDeleteTool, create
 import {
   createMemoryStore,
   createMemoryTools,
+  type MemoryConfig,
   type MemoryStore,
 } from "./memory.js";
 import { createTodoStore, createTodoTools, type TodoItem, type TodoStore } from "./todo-tools.js";
 import { createReminderStore, type ReminderStore } from "./reminder-store.js";
+import { createSecretsStore, resolveEnv, type SecretsStore } from "./secrets-store.js";
 import { createReminderTools } from "./reminder-tools.js";
 import { LocalMcpBridge } from "./mcp.js";
 import { createModelProvider, getModelContextWindow, type ModelProviderFactory, type ProviderConfig } from "./model-factory.js";
@@ -639,8 +641,11 @@ export class AgentHarness {
   readonly uploadStore?: UploadStore;
   private skillContextWindow = "";
   private memoryStore?: MemoryStore;
+  private readonly tenantMemoryStores = new Map<string, MemoryStore>();
+  private memoryConfig?: MemoryConfig;
   private todoStore?: TodoStore;
   reminderStore?: ReminderStore;
+  secretsStore?: SecretsStore;
   private loadedConfig?: PonchoConfig;
   private loadedSkills: SkillMetadata[] = [];
   private skillFingerprint = "";
@@ -975,6 +980,31 @@ export class AgentHarness {
     return this.todoStore.get(conversationId);
   }
+  /**
+   * Get a memory store, optionally scoped to a tenant.
+   * Returns the default (agent-wide) store when tenantId is null/undefined.
+   */
+  private getMemoryStore(tenantId?: string): MemoryStore | undefined {
+    if (!this.memoryConfig?.enabled) return undefined;
+    if (!tenantId) return this.memoryStore;
+    let store = this.tenantMemoryStores.get(tenantId);
+    if (!store) {
+      const agentId = this.parsedAgent?.frontmatter.id ?? this.parsedAgent?.frontmatter.name ?? "unknown";
+      store = createMemoryStore(agentId, this.memoryConfig, {
+        workingDir: this.workingDir,
+        tenantId,
+      });
+      this.tenantMemoryStores.set(tenantId, store);
+      // Evict oldest entries if cache grows too large
+      if (this.tenantMemoryStores.size > 100) {
+        const oldest = this.tenantMemoryStores.keys().next().value;
+        if (oldest) this.tenantMemoryStores.delete(oldest);
+      }
+    }
+    return store;
+  }
   private listActiveSkills(): string[] {
     return [...this.activeSkillNames].sort();
   }
@@ -1164,6 +1194,7 @@ export class AgentHarness {
     if (!this.mcpBridge) {
       return;
     }
     const requestedPatterns = this.getRequestedMcpPatterns();
     this.dispatcher.unregisterMany(this.registeredMcpToolNames);
     this.registeredMcpToolNames.clear();
@@ -1354,6 +1385,7 @@ export class AgentHarness {
     this.registerSkillTools(skillMetadata);
     const agentId = this.parsedAgent.frontmatter.id ?? this.parsedAgent.frontmatter.name;
+    this.memoryConfig = memoryConfig ?? undefined;
     if (memoryConfig?.enabled) {
       this.memoryStore = createMemoryStore(
         agentId,
@@ -1361,9 +1393,10 @@ export class AgentHarness {
         { workingDir: this.workingDir },
       );
       this.dispatcher.registerMany(
-        createMemoryTools(this.memoryStore, {
-          maxRecallConversations: memoryConfig.maxRecallConversations,
-        }),
+        createMemoryTools(
+          (ctx) => this.getMemoryStore(ctx.tenantId) ?? this.memoryStore!,
+          { maxRecallConversations: memoryConfig.maxRecallConversations },
+        ),
       );
     }
@@ -1393,6 +1426,16 @@ export class AgentHarness {
         });
     }
+    // Secrets store for per-tenant env var overrides
+    const authTokenEnv = config?.auth?.tokenEnv ?? "PONCHO_AUTH_TOKEN";
+    const authToken = process.env[authTokenEnv];
+    if (authToken) {
+      this.secretsStore = createSecretsStore(agentId, authToken, stateConfig, { workingDir: this.workingDir });
+      bridge.setEnvResolver(async (tenantId, envName) => {
+        return resolveEnv(this.secretsStore, tenantId, envName);
+      });
+    }
     await bridge.startLocalServers();
     await bridge.discoverTools();
     await this.refreshMcpTools("initialize");
@@ -1609,6 +1652,7 @@ export class AgentHarness {
         attributes: {
           "gen_ai.operation.name": "invoke_agent",
           ...(input.conversationId ? { "gen_ai.conversation.id": input.conversationId } : {}),
+          ...(input.tenantId ? { "tenant.id": input.tenantId } : {}),
         },
       });
@@ -1662,8 +1706,9 @@ export class AgentHarness {
       await this.initialize();
     }
     // Start memory + todo fetches early so they overlap with refresh I/O
-    const memoryPromise = this.memoryStore
-      ? this.memoryStore.getMainMemory()
+    const activeMemoryStore = this.getMemoryStore(input.tenantId);
+    const memoryPromise = activeMemoryStore
+      ? activeMemoryStore.getMainMemory()
       : undefined;
     const todosPromise = this.todoStore
       ? this.todoStore.get(input.conversationId ?? "__default__")
@@ -1671,6 +1716,16 @@ export class AgentHarness {
     await this.refreshAgentIfChanged();
     await this.refreshSkillsIfChanged();
+    // Deferred MCP discovery: servers that couldn't discover at startup because the
+    // env var was missing (tenant secrets provide the token instead).
+    if (input.tenantId && this.mcpBridge?.hasDeferredServers()) {
+      const newTools = await this.mcpBridge.discoverAndLoadDeferred(input.tenantId);
+      for (const tool of newTools) {
+        this.dispatcher.register(tool);
+        this.registeredMcpToolNames.add(tool.name);
+      }
+    }
     let agent = this.parsedAgent as ParsedAgent;
     const runId = `run_${randomUUID()}`;
     const start = now();
@@ -2593,6 +2648,7 @@ ${boundedMainMemory.trim()}`
         parameters: input.parameters ?? {},
         abortSignal: input.abortSignal,
         conversationId: input.conversationId,
+        tenantId: input.tenantId,
       };
       const toolResultsForModel: Array<{

package/src/index.ts CHANGED Viewed

@@ -17,6 +17,8 @@ export * from "./reminder-tools.js";
 export * from "./state.js";
 export * from "./upload-store.js";
 export * from "./telemetry.js";
+export * from "./secrets-store.js";
+export * from "./tenant-token.js";
 export * from "./tool-dispatcher.js";
 export * from "./subagent-manager.js";
 export * from "./subagent-tools.js";

package/src/mcp.ts CHANGED Viewed

@@ -273,6 +273,15 @@ export class LocalMcpBridge {
   private readonly toolCatalog = new Map<string, McpToolDescriptor[]>();
   private readonly unavailableServers = new Map<string, string>();
   private readonly authFailedServers = new Set<string>();
+  private envResolver?: (tenantId: string | undefined, envName: string) => Promise<string | undefined>;
+  /**
+   * Set a resolver for per-tenant env vars (e.g. MCP auth tokens).
+   * Called by the harness after creating the secrets store.
+   */
+  setEnvResolver(resolver: (tenantId: string | undefined, envName: string) => Promise<string | undefined>): void {
+    this.envResolver = resolver;
+  }
   constructor(config: McpConfig | undefined) {
     this.remoteServers = (config?.mcp ?? []).filter((entry): entry is RemoteMcpServerConfig =>
@@ -316,8 +325,12 @@ export class LocalMcpBridge {
     console.info(`[poncho][mcp] ${line}`);
   }
+  /** Set of servers where discovery was deferred (no default token, has env resolver). */
+  private readonly deferredDiscoveryServers = new Set<string>();
   async discoverTools(): Promise<void> {
     this.toolCatalog.clear();
+    this.deferredDiscoveryServers.clear();
     for (const remoteServer of this.remoteServers) {
       const name = this.getServerName(remoteServer);
       if (this.unavailableServers.has(name)) {
@@ -338,6 +351,13 @@ export class LocalMcpBridge {
       } catch (error) {
         const message = error instanceof Error ? error.message : String(error);
         if (error instanceof McpHttpError && error.status === 401) {
+          if (this.envResolver && remoteServer.auth?.tokenEnv) {
+            // Discovery failed without token but tenant secrets may provide one —
+            // defer discovery to first loadTools() call with a tenant context
+            this.deferredDiscoveryServers.add(name);
+            this.log("info", "catalog.deferred", { server: name, reason: "auth_deferred_to_tenant" });
+            continue;
+          }
           this.authFailedServers.add(name);
           this.log("warn", "auth.failed", {
             server: name,
@@ -351,6 +371,64 @@ export class LocalMcpBridge {
     }
   }
+  /**
+   * Run deferred discovery and return ToolDefinitions for all newly discovered tools.
+   * Call this during run() so the tools are available to the model immediately.
+   */
+  async discoverAndLoadDeferred(tenantId: string): Promise<ToolDefinition[]> {
+    if (this.deferredDiscoveryServers.size === 0) return [];
+    for (const server of this.remoteServers) {
+      await this.tryDeferredDiscovery(server, tenantId);
+    }
+    // Build tool definitions only for servers that were deferred and now have tools
+    const tools: ToolDefinition[] = [];
+    for (const server of this.remoteServers) {
+      const name = this.getServerName(server);
+      // Only include servers that WERE deferred (whether discovery succeeded or not)
+      if (!server.auth?.tokenEnv) continue;
+      const discovered = this.toolCatalog.get(name);
+      if (!discovered || discovered.length === 0) continue;
+      const client = this.rpcClients.get(name);
+      if (!client) continue;
+      tools.push(...this.toToolDefinitions(name, discovered, client, server));
+    }
+    return tools;
+  }
+  private async tryDeferredDiscovery(server: RemoteMcpServerConfig, tenantId: string): Promise<void> {
+    const name = this.getServerName(server);
+    if (!this.deferredDiscoveryServers.has(name)) return;
+    if (this.toolCatalog.has(name)) return; // already discovered
+    const tokenEnv = server.auth?.tokenEnv;
+    if (!tokenEnv || !this.envResolver) return;
+    const token = await this.envResolver(tenantId, tokenEnv);
+    if (!token) return;
+    try {
+      const probeClient = new StreamableHttpMcpRpcClient(
+        server.url,
+        server.timeoutMs ?? 10_000,
+        token,
+        server.headers,
+      );
+      const discovered = await probeClient.listTools();
+      this.toolCatalog.set(name, discovered);
+      this.deferredDiscoveryServers.delete(name);
+      this.log("info", "catalog.loaded", {
+        server: name,
+        discoveredCount: discovered.length,
+        via: "deferred_tenant_discovery",
+      });
+    } catch (error) {
+      this.log("warn", "catalog.deferred_failed", {
+        server: name,
+        error: error instanceof Error ? error.message : String(error),
+      });
+    }
+  }
   async startLocalServers(): Promise<void> {
     this.unavailableServers.clear();
     for (const server of this.remoteServers) {
@@ -359,15 +437,24 @@ export class LocalMcpBridge {
       if (tokenEnv) {
         const token = process.env[tokenEnv];
         if (!token || token.trim().length === 0) {
-          this.unavailableServers.set(
-            name,
-            `Missing bearer token value from env var ${tokenEnv}`,
-          );
-          this.log("warn", "auth.token_missing", {
+          if (!this.envResolver) {
+            // No tenant secrets resolver — server is genuinely unavailable
+            this.unavailableServers.set(
+              name,
+              `Missing bearer token value from env var ${tokenEnv}`,
+            );
+            this.log("warn", "auth.token_missing", {
+              server: name,
+              tokenEnv,
+            });
+            continue;
+          }
+          // Tenant secrets resolver available — create client without a default token;
+          // per-tenant tokens will be resolved at call time in toToolDefinitions
+          this.log("info", "auth.token_deferred", {
             server: name,
             tokenEnv,
           });
-          continue;
         }
       }
       this.rpcClients.set(
@@ -441,6 +528,31 @@ export class LocalMcpBridge {
     return output.sort();
   }
+  hasDeferredServers(): boolean {
+    return this.deferredDiscoveryServers.size > 0;
+  }
+  /**
+   * Return ToolDefinitions for catalog tools not already registered in the dispatcher.
+   */
+  getUnregisteredTools(registeredNames: Set<string>): ToolDefinition[] {
+    const tools: ToolDefinition[] = [];
+    for (const server of this.remoteServers) {
+      const name = this.getServerName(server);
+      const discovered = this.toolCatalog.get(name);
+      if (!discovered || discovered.length === 0) continue;
+      const client = this.rpcClients.get(name);
+      if (!client) continue;
+      const unregistered = discovered.filter(
+        (d) => !registeredNames.has(`${name}/${d.name}`),
+      );
+      if (unregistered.length > 0) {
+        tools.push(...this.toToolDefinitions(name, unregistered, client, server));
+      }
+    }
+    return tools;
+  }
   async loadTools(
     requestedPatterns: string[],
   ): Promise<ToolDefinition[]> {
@@ -474,7 +586,7 @@ export class LocalMcpBridge {
       const selectedDescriptors = discovered.filter((descriptor) =>
         selectedRawNames.has(descriptor.name),
       );
-      tools.push(...this.toToolDefinitions(serverName, selectedDescriptors, client));
+      tools.push(...this.toToolDefinitions(serverName, selectedDescriptors, client, server));
     }
     this.log("info", "tools.selected", {
       requestedPatternCount: requestedPatterns.length,
@@ -489,6 +601,7 @@ export class LocalMcpBridge {
     serverName: string,
     tools: McpToolDescriptor[],
     client: McpRpcClient,
+    server?: RemoteMcpServerConfig,
   ): ToolDefinition[] {
     return tools.map((tool) => ({
       name: `${serverName}/${tool.name}`,
@@ -498,9 +611,27 @@ export class LocalMcpBridge {
           type: "object",
           properties: {},
         },
-      handler: async (input) => {
+      handler: async (input, context) => {
         try {
-          return await client.callTool(tool.name, input);
+          // Per-tenant token resolution: if we have a resolver and the server uses tokenEnv,
+          // create a per-request client with the tenant-specific token
+          const tokenEnv = server?.auth?.tokenEnv;
+          let callClient = client;
+          if (tokenEnv && this.envResolver && context?.tenantId) {
+            const tenantToken = await this.envResolver(context.tenantId, tokenEnv);
+            const defaultToken = process.env[tokenEnv];
+            // Only create a per-request client when the tenant has a different token.
+            // Using the original client preserves the established MCP session.
+            if (tenantToken && tenantToken !== defaultToken) {
+              callClient = new StreamableHttpMcpRpcClient(
+                server.url,
+                server.timeoutMs ?? 10_000,
+                tenantToken,
+                server.headers,
+              );
+            }
+          }
+          return await callClient.callTool(tool.name, input);
         } catch (error) {
           if (error instanceof McpHttpError && error.status === 401) {
             this.authFailedServers.add(serverName);

package/src/memory.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { mkdir, readFile, rename, writeFile } from "node:fs/promises";
 import { dirname, resolve } from "node:path";
-import { defineTool, type ToolDefinition } from "@poncho-ai/sdk";
+import { defineTool, type ToolContext, type ToolDefinition } from "@poncho-ai/sdk";
 import type { StateProviderName } from "./state.js";
 import {
   ensureAgentIdentity,
@@ -102,14 +102,16 @@ class InMemoryMemoryStore implements MemoryStore {
 class FileMainMemoryStore implements MemoryStore {
   private readonly workingDir: string;
   private filePath = "";
+  private readonly customRelPath?: string;
   private readonly ttlMs?: number;
   private loaded = false;
   private writing = Promise.resolve();
   private mainMemory: MainMemory = { ...DEFAULT_MAIN_MEMORY };
-  constructor(workingDir: string, ttlSeconds?: number) {
+  constructor(workingDir: string, ttlSeconds?: number, customRelPath?: string) {
     this.workingDir = workingDir;
     this.ttlMs = typeof ttlSeconds === "number" ? ttlSeconds * 1000 : undefined;
+    this.customRelPath = customRelPath;
   }
   private async ensureFilePath(): Promise<void> {
@@ -117,7 +119,10 @@ class FileMainMemoryStore implements MemoryStore {
       return;
     }
     const identity = await ensureAgentIdentity(this.workingDir);
-    this.filePath = resolve(getAgentStoreDirectory(identity), LOCAL_MEMORY_FILE);
+    this.filePath = resolve(
+      getAgentStoreDirectory(identity),
+      this.customRelPath ?? LOCAL_MEMORY_FILE,
+    );
   }
   private isExpired(updatedAt: number): boolean {
@@ -225,13 +230,22 @@ class KVBackedMemoryStore implements MemoryStore {
 export const createMemoryStore = (
   agentId: string,
   config?: MemoryConfig,
-  options?: { workingDir?: string },
+  options?: { workingDir?: string; tenantId?: string },
 ): MemoryStore => {
   const provider = config?.provider ?? "local";
   const ttl = config?.ttl;
   const workingDir = options?.workingDir ?? process.cwd();
+  const tenantId = options?.tenantId;
   if (provider === "local") {
+    if (tenantId) {
+      // Tenant-scoped memory: store under tenants/{tenantId}/memory.json
+      return new FileMainMemoryStore(
+        workingDir,
+        ttl,
+        `tenants/${slugifyStorageComponent(tenantId)}/${LOCAL_MEMORY_FILE}`,
+      );
+    }
     return new FileMainMemoryStore(workingDir, ttl);
   }
   if (provider === "memory") {
@@ -240,7 +254,10 @@ export const createMemoryStore = (
   const kv = createRawKVStore(config);
   if (kv) {
-    const storageKey = `poncho:${STORAGE_SCHEMA_VERSION}:${slugifyStorageComponent(agentId)}:memory:main`;
+    const base = `poncho:${STORAGE_SCHEMA_VERSION}:${slugifyStorageComponent(agentId)}`;
+    const storageKey = tenantId
+      ? `${base}:t:${slugifyStorageComponent(tenantId)}:memory:main`
+      : `${base}:memory:main`;
     return new KVBackedMemoryStore(kv, storageKey, ttl);
   }
   return new InMemoryMemoryStore(ttl);
@@ -281,9 +298,12 @@ const buildRecallSnippet = (content: string, query: string, maxChars = 360): str
 };
 export const createMemoryTools = (
-  store: MemoryStore,
+  store: MemoryStore | ((context: ToolContext) => MemoryStore),
   options?: { maxRecallConversations?: number },
 ): ToolDefinition[] => {
+  const resolveStore = typeof store === "function"
+    ? store
+    : () => store;
   const maxRecallConversations = Math.max(1, options?.maxRecallConversations ?? 20);
   return [
     defineTool({
@@ -294,8 +314,8 @@ export const createMemoryTools = (
         properties: {},
         additionalProperties: false,
       },
-      handler: async () => {
-        const memory = await store.getMainMemory();
+      handler: async (_input, context) => {
+        const memory = await resolveStore(context).getMainMemory();
         return { memory };
       },
     }),
@@ -316,12 +336,12 @@ export const createMemoryTools = (
         required: ["content"],
         additionalProperties: false,
       },
-      handler: async (input) => {
+      handler: async (input, context) => {
         const content = typeof input.content === "string" ? input.content.trim() : "";
         if (!content) {
           throw new Error("content is required");
         }
-        const memory = await store.updateMainMemory({ content });
+        const memory = await resolveStore(context).updateMainMemory({ content });
         return { ok: true, memory };
       },
     }),
@@ -349,13 +369,13 @@ export const createMemoryTools = (
         required: ["old_str", "new_str"],
         additionalProperties: false,
       },
-      handler: async (input) => {
+      handler: async (input, context) => {
         const oldStr = typeof input.old_str === "string" ? input.old_str : "";
         const newStr = typeof input.new_str === "string" ? input.new_str : "";
         if (!oldStr) {
           throw new Error("old_str must not be empty.");
         }
-        const current = await store.getMainMemory();
+        const current = await resolveStore(context).getMainMemory();
         const content = current.content;
         const first = content.indexOf(oldStr);
         if (first === -1) {
@@ -370,7 +390,7 @@ export const createMemoryTools = (
           );
         }
         const newContent = content.slice(0, first) + newStr + content.slice(first + oldStr.length);
-        const memory = await store.updateMainMemory({ content: newContent });
+        const memory = await resolveStore(context).updateMainMemory({ content: newContent });
         return { ok: true, memory };
       },
     }),

package/src/reminder-store.ts CHANGED Viewed

@@ -24,6 +24,7 @@ export interface Reminder {
   createdAt: number;
   conversationId: string;
   ownerId?: string;
+  tenantId?: string | null;
 }
 export interface ReminderStore {
@@ -34,6 +35,7 @@ export interface ReminderStore {
     timezone?: string;
     conversationId: string;
     ownerId?: string;
+    tenantId?: string | null;
   }): Promise<Reminder>;
   cancel(id: string): Promise<Reminder>;
   delete(id: string): Promise<void>;
@@ -97,6 +99,7 @@ class InMemoryReminderStore implements ReminderStore {
     timezone?: string;
     conversationId: string;
     ownerId?: string;
+    tenantId?: string | null;
   }): Promise<Reminder> {
     const reminder: Reminder = {
       id: generateId(),
@@ -107,6 +110,7 @@ class InMemoryReminderStore implements ReminderStore {
       createdAt: Date.now(),
       conversationId: input.conversationId,
       ownerId: input.ownerId,
+      tenantId: input.tenantId,
     };
     this.reminders = pruneStale(this.reminders);
     this.reminders.push(reminder);
@@ -175,6 +179,7 @@ class FileReminderStore implements ReminderStore {
     timezone?: string;
     conversationId: string;
     ownerId?: string;
+    tenantId?: string | null;
   }): Promise<Reminder> {
     const reminder: Reminder = {
       id: generateId(),
@@ -185,6 +190,7 @@ class FileReminderStore implements ReminderStore {
       createdAt: Date.now(),
       conversationId: input.conversationId,
       ownerId: input.ownerId,
+      tenantId: input.tenantId,
     };
     let reminders = await this.readAll();
     reminders = pruneStale(reminders);

package/src/reminder-tools.ts CHANGED Viewed

@@ -84,6 +84,7 @@ export const createReminderTools = (store: ReminderStore): ToolDefinition[] => [
         scheduledAt,
         timezone,
         conversationId,
+        tenantId: context.tenantId,
       });
       return {
@@ -116,8 +117,12 @@ export const createReminderTools = (store: ReminderStore): ToolDefinition[] => [
       },
       additionalProperties: false,
     },
-    handler: async (input) => {
+    handler: async (input, context) => {
       let reminders = await store.list();
+      // Tenant-scoped: only show reminders belonging to the current tenant
+      if (context.tenantId) {
+        reminders = reminders.filter((r) => r.tenantId === context.tenantId);
+      }
       const status = typeof input.status === "string" ? input.status : undefined;
       if (status && VALID_STATUSES.includes(status as ReminderStatus)) {
         reminders = reminders.filter((r) => r.status === status);
@@ -150,9 +155,17 @@ export const createReminderTools = (store: ReminderStore): ToolDefinition[] => [
       required: ["id"],
       additionalProperties: false,
     },
-    handler: async (input) => {
+    handler: async (input, context) => {
       const id = typeof input.id === "string" ? input.id.trim() : "";
       if (!id) throw new Error("id is required");
+      // Validate tenant ownership before cancelling
+      if (context.tenantId) {
+        const all = await store.list();
+        const target = all.find((r) => r.id === id);
+        if (target && target.tenantId !== context.tenantId) {
+          throw new Error("Reminder not found");
+        }
+      }
       const cancelled = await store.cancel(id);
       return {
         ok: true,