@trops/dash-core 0.1.489 → 0.1.491

package/dist/electron/index.js

@@ -17,7 +17,7 @@ var require$$0$5 = require('@modelcontextprotocol/sdk/client/index.js');
 var require$$1$4 = require('@modelcontextprotocol/sdk/client/stdio.js');
 var require$$0$4 = require('pkce-challenge');
 var require$$2$1 = require('os');
-var require$$9$1 = require('child_process');
+var require$$10 = require('child_process');
 var require$$3$2 = require('adm-zip');
 var require$$4$1 = require('url');
 var require$$2$2 = require('vm');
@@ -1107,7 +1107,7 @@ var secureStoreController$1 = {
   getData: getData$1,
 };
 
-const path$l = require$$1$2;
+const path$m = require$$1$2;
 const {
   readFileSync,
   writeFileSync: writeFileSync$4,
@@ -1125,7 +1125,7 @@ const {
 function ensureDirectoryExistence$2(filePath) {
   try {
     // isDirectory
-    var dirname = path$l.dirname(filePath);
+    var dirname = path$m.dirname(filePath);
     // check if the directory exists...return true
     // if not, we can pass in the dirname as the filepath
     // and check each directory recursively.
@@ -1240,7 +1240,7 @@ function removeFilesFromDirectory(directory, excludeFiles = []) {
 
       for (const file of files) {
         if (!excludeFiles.includes(file)) {
-          unlinkSync(path$l.join(directory, file), (err) => {
+          unlinkSync(path$m.join(directory, file), (err) => {
             if (err) throw err;
           });
         }
@@ -1257,8 +1257,8 @@ var file = {
   checkDirectory: checkDirectory$1,
 };
 
-const { app: app$e } = require$$0$1;
-const path$k = require$$1$2;
+const { app: app$f } = require$$0$1;
+const path$l = require$$1$2;
 const { writeFileSync: writeFileSync$3 } = require$$0$2;
 const { getFileContents: getFileContents$7 } = file;
 
@@ -1305,8 +1305,8 @@ const workspaceController$3 = {
   saveWorkspaceForApplication: (win, appId, workspaceObject) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$k.join(
-        app$e.getPath("userData"),
+      const filename = path$l.join(
+        app$f.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1354,8 +1354,8 @@ const workspaceController$3 = {
   saveMenuItemsForApplication: (win, appId, menuItems) => {
     try {
       // filename to the workspaces file
-      const filename = path$k.join(
-        app$e.getPath("userData"),
+      const filename = path$l.join(
+        app$f.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1403,8 +1403,8 @@ const workspaceController$3 = {
    */
   deleteWorkspaceForApplication: (win, appId, workspaceId) => {
     try {
-      const filename = path$k.join(
-        app$e.getPath("userData"),
+      const filename = path$l.join(
+        app$f.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1437,8 +1437,8 @@ const workspaceController$3 = {
 
   listWorkspacesForApplication: (win, appId) => {
     try {
-      const filename = path$k.join(
-        app$e.getPath("userData"),
+      const filename = path$l.join(
+        app$f.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1465,8 +1465,8 @@ const workspaceController$3 = {
 
   listMenuItemsForApplication: (win, appId) => {
     try {
-      const filename = path$k.join(
-        app$e.getPath("userData"),
+      const filename = path$l.join(
+        app$f.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1509,8 +1509,8 @@ const workspaceController$3 = {
 
 var workspaceController_1 = workspaceController$3;
 
-const { app: app$d } = require$$0$1;
-const path$j = require$$1$2;
+const { app: app$e } = require$$0$1;
+const path$k = require$$1$2;
 const { writeFileSync: writeFileSync$2 } = require$$0$2;
 const { getFileContents: getFileContents$6 } = file;
 
@@ -1530,8 +1530,8 @@ const themeController$5 = {
   saveThemeForApplication: (win, appId, name, obj) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$j.join(
-        app$d.getPath("userData"),
+      const filename = path$k.join(
+        app$e.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1576,8 +1576,8 @@ const themeController$5 = {
    */
   listThemesForApplication: (win, appId) => {
     try {
-      const filename = path$j.join(
-        app$d.getPath("userData"),
+      const filename = path$k.join(
+        app$e.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1618,8 +1618,8 @@ const themeController$5 = {
    */
   deleteThemeForApplication: (win, appId, themeKey) => {
     try {
-      const filename = path$j.join(
-        app$d.getPath("userData"),
+      const filename = path$k.join(
+        app$e.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1695,9 +1695,9 @@ var themeController_1 = themeController$5;
  *      `/data/`.
  */
 
-const path$i = require$$1$2;
-const fs$d = require$$0$2;
-const { app: app$c } = require$$0$1;
+const path$j = require$$1$2;
+const fs$e = require$$0$2;
+const { app: app$d } = require$$0$1;
 
 const APP_NAME = "Dashboard";
 
@@ -1706,10 +1706,10 @@ const APP_NAME = "Dashboard";
  * @returns {string[]} ordered allowed roots for that category
  */
 function getAllowedRoots$2(category) {
-  const userData = app$c.getPath("userData");
+  const userData = app$d.getPath("userData");
   switch (category) {
     case "data": {
-      const def = path$i.join(userData, APP_NAME, "data");
+      const def = path$j.join(userData, APP_NAME, "data");
       // The user can configure a custom data directory in
       // Settings → General → Data Directory. If set, that
       // location is ALSO an allowed root. We don't replace the
@@ -1719,13 +1719,13 @@ function getAllowedRoots$2(category) {
       return override ? [def, override] : [def];
     }
     case "themes":
-      return [path$i.join(userData, APP_NAME, "themes")];
+      return [path$j.join(userData, APP_NAME, "themes")];
     case "widgets":
-      return [path$i.join(userData, "widgets")];
+      return [path$j.join(userData, "widgets")];
     case "plugins":
-      return [path$i.join(userData, "plugins")];
+      return [path$j.join(userData, "plugins")];
     case "downloads":
-      return [app$c.getPath("downloads")];
+      return [app$d.getPath("downloads")];
     default:
       throw new Error("safePath: unknown allowed-roots category: " + category);
   }
@@ -1740,13 +1740,13 @@ function getAllowedRoots$2(category) {
  */
 function readDataDirectoryFromSettings() {
   try {
-    const settingsPath = path$i.join(
-      app$c.getPath("userData"),
+    const settingsPath = path$j.join(
+      app$d.getPath("userData"),
       APP_NAME,
       "settings.json",
     );
-    if (!fs$d.existsSync(settingsPath)) return undefined;
-    const raw = fs$d.readFileSync(settingsPath, "utf8");
+    if (!fs$e.existsSync(settingsPath)) return undefined;
+    const raw = fs$e.readFileSync(settingsPath, "utf8");
     const settings = JSON.parse(raw);
     const dir = settings && settings.dataDirectory;
     if (typeof dir === "string" && dir) return dir;
@@ -1772,18 +1772,18 @@ function safePath$3(requested, allowedRoots) {
     throw new Error("safePath: allowedRoots must be a non-empty array");
   }
 
-  const resolved = path$i.resolve(requested);
+  const resolved = path$j.resolve(requested);
 
   // Real-path through symlinks. If the file doesn't exist yet (a
   // create-new operation), real-path the parent so a symlink in the
   // parent chain can't trick us.
   let real = resolved;
   try {
-    real = fs$d.realpathSync(resolved);
+    real = fs$e.realpathSync(resolved);
   } catch (_e) {
     try {
-      const parent = fs$d.realpathSync(path$i.dirname(resolved));
-      real = path$i.join(parent, path$i.basename(resolved));
+      const parent = fs$e.realpathSync(path$j.dirname(resolved));
+      real = path$j.join(parent, path$j.basename(resolved));
     } catch (_e2) {
       // Parent doesn't exist either. Use the resolved-but-not-
       // real path; the caller's mkdirSync will happen inside the
@@ -1795,14 +1795,14 @@ function safePath$3(requested, allowedRoots) {
   for (const root of allowedRoots) {
     let realRoot = root;
     try {
-      if (fs$d.existsSync(root)) realRoot = fs$d.realpathSync(root);
+      if (fs$e.existsSync(root)) realRoot = fs$e.realpathSync(root);
     } catch (_e) {
       // root doesn't exist or isn't reachable — keep as-is for
       // the comparison below
     }
     // Exact match OR strictly-inside (with separator to prevent
     // /data-evil/ matching /data/).
-    if (real === realRoot || real.startsWith(realRoot + path$i.sep)) {
+    if (real === realRoot || real.startsWith(realRoot + path$j.sep)) {
       return real;
     }
   }
@@ -2060,15 +2060,15 @@ var safeJsExecutor$1 = {
  * - CSV -> JSON
  */
 
-var fs$c = require$$0$2;
+var fs$d = require$$0$2;
 var readline = require$$1$3;
 const xtreamer = require$$2;
 var xmlParser = require$$3$1;
 var JSONStream$1 = require$$4;
 const stream$1 = require$$5;
 var csv = require$$6;
-const path$h = require$$1$2;
-const { app: app$b } = require$$0$1;
+const path$i = require$$1$2;
+const { app: app$c } = require$$0$1;
 const { ensureDirectoryExistence: ensureDirectoryExistence$1 } = file;
 const safeJsExecutor = safeJsExecutor$1;
 
@@ -2122,7 +2122,7 @@ let Transform$1 = class Transform {
         let lineObject = [];
 
         const readInterface = readline.createInterface({
-          input: fs$c.createReadStream(filepath),
+          input: fs$d.createReadStream(filepath),
           output: process.stdout,
           console: false,
         });
@@ -2157,7 +2157,7 @@ let Transform$1 = class Transform {
     return new Promise((resolve, reject) => {
       try {
         const parser = JSONStream$1.parse("*");
-        const readStream = fs$c.createReadStream(file).pipe(parser);
+        const readStream = fs$d.createReadStream(file).pipe(parser);
 
         let count = 0;
 
@@ -2210,7 +2210,7 @@ let Transform$1 = class Transform {
   parseXMLStream = (filepath, outpath, start) => {
     return new Promise((resolve, reject) => {
       try {
-        const xmlFileReadStream = fs$c.createReadStream(filepath);
+        const xmlFileReadStream = fs$d.createReadStream(filepath);
 
         xmlFileReadStream.on("end", () => {
           writeStream.write("\n]");
@@ -2221,7 +2221,7 @@ let Transform$1 = class Transform {
           resolve("Read Finish");
         });
 
-        const writeStream = fs$c.createWriteStream(outpath);
+        const writeStream = fs$d.createWriteStream(outpath);
         writeStream.write("[\n");
 
         const options = {
@@ -2273,10 +2273,10 @@ let Transform$1 = class Transform {
   ) => {
     return new Promise((resolve, reject) => {
       try {
-        const readStream = fs$c
+        const readStream = fs$d
           .createReadStream(filepath)
           .pipe(csv({ separator: delimiter }));
-        const writeStream = fs$c.createWriteStream(outpath);
+        const writeStream = fs$d.createWriteStream(outpath);
 
         let canParse = true;
 
@@ -2362,18 +2362,18 @@ let Transform$1 = class Transform {
       }
 
       // Validate file paths are within app data directory
-      const appDataDir = path$h.join(app$b.getPath("userData"), TRANSFORM_APP_NAME);
-      const resolvedFilepath = path$h.resolve(filepath);
-      const resolvedOutFilepath = path$h.resolve(outFilepath);
+      const appDataDir = path$i.join(app$c.getPath("userData"), TRANSFORM_APP_NAME);
+      const resolvedFilepath = path$i.resolve(filepath);
+      const resolvedOutFilepath = path$i.resolve(outFilepath);
 
-      if (!resolvedFilepath.startsWith(appDataDir + path$h.sep)) {
+      if (!resolvedFilepath.startsWith(appDataDir + path$i.sep)) {
         return reject(
           new Error(
             "Input file path must be within the application data directory",
           ),
         );
       }
-      if (!resolvedOutFilepath.startsWith(appDataDir + path$h.sep)) {
+      if (!resolvedOutFilepath.startsWith(appDataDir + path$i.sep)) {
         return reject(
           new Error(
             "Output file path must be within the application data directory",
@@ -2384,16 +2384,16 @@ let Transform$1 = class Transform {
       // JSON parser
       var parser = JSONStream$1.parse("*");
 
-      if (!fs$c.existsSync(resolvedFilepath)) {
+      if (!fs$d.existsSync(resolvedFilepath)) {
         return reject(new Error("File doesnt exist"));
       }
       console.log("file exists ", resolvedFilepath);
       // create the readStream to parse the large file (json)
-      var readStream = fs$c.createReadStream(resolvedFilepath).pipe(parser);
+      var readStream = fs$d.createReadStream(resolvedFilepath).pipe(parser);
 
       ensureDirectoryExistence$1(resolvedOutFilepath);
 
-      var writeStream = fs$c.createWriteStream(resolvedOutFilepath);
+      var writeStream = fs$d.createWriteStream(resolvedOutFilepath);
 
       let sep = "";
       let count = 0;
@@ -2505,9 +2505,9 @@ let Transform$1 = class Transform {
 
 var transform = Transform$1;
 
-const { app: app$a } = require$$0$1;
-var fs$b = require$$0$2;
-const path$g = require$$1$2;
+const { app: app$b } = require$$0$1;
+var fs$c = require$$0$2;
+const path$h = require$$1$2;
 const events$5 = events$8;
 const { getFileContents: getFileContents$5, writeToFile: writeToFile$2 } = file;
 const { safePath: safePath$2, getAllowedRoots: getAllowedRoots$1 } = safePath_1;
@@ -2532,8 +2532,8 @@ const dataController$1 = {
       // Validate the renderer-supplied filename is contained within
       // the data directory. path.join doesn't reject `..` segments;
       // safePath does.
-      const candidate = path$g.join(
-        app$a.getPath("userData"),
+      const candidate = path$h.join(
+        app$b.getPath("userData"),
         appName$5,
         appId,
         "data",
@@ -2691,7 +2691,7 @@ const dataController$1 = {
       // intent, plus realpath/symlink protection.
       const resolvedFilepath = safePath$2(toFilepath, getAllowedRoots$1("data"));
 
-      const writeStream = fs$b.createWriteStream(resolvedFilepath);
+      const writeStream = fs$c.createWriteStream(resolvedFilepath);
 
       https$3
         .get(url, (resp) => {
@@ -2855,8 +2855,8 @@ const dataController$1 = {
       if (data) {
         // Validate filename is contained within the data directory.
         // path.join doesn't reject `..` segments; safePath does.
-        const candidate = path$g.join(
-          app$a.getPath("userData"),
+        const candidate = path$h.join(
+          app$b.getPath("userData"),
           appName$5,
           "data",
           filename,
@@ -2948,8 +2948,8 @@ const dataController$1 = {
     try {
       if (filename) {
         // filename to the pages file (live pages)
-        const fromFilename = path$g.join(
-          app$a.getPath("userData"),
+        const fromFilename = path$h.join(
+          app$b.getPath("userData"),
           appName$5,
           "data",
           filename,
@@ -3029,9 +3029,9 @@ var dataController_1 = dataController$1;
  * settingsController
  */
 
-const { app: app$9 } = require$$0$1;
-const path$f = require$$1$2;
-const fs$a = require$$0$2;
+const { app: app$a } = require$$0$1;
+const path$g = require$$1$2;
+const fs$b = require$$0$2;
 const { getFileContents: getFileContents$4, writeToFile: writeToFile$1 } = file;
 
 const configFilename$3 = "settings.json";
@@ -3039,15 +3039,15 @@ const appName$4 = "Dashboard";
 
 // Helper function to recursively copy directory
 function copyDirectory(source, destination) {
-  if (!fs$a.existsSync(destination)) {
-    fs$a.mkdirSync(destination, { recursive: true });
+  if (!fs$b.existsSync(destination)) {
+    fs$b.mkdirSync(destination, { recursive: true });
   }
 
-  const files = fs$a.readdirSync(source);
+  const files = fs$b.readdirSync(source);
   for (const file of files) {
-    const srcPath = path$f.join(source, file);
-    const destPath = path$f.join(destination, file);
-    const stat = fs$a.lstatSync(srcPath);
+    const srcPath = path$g.join(source, file);
+    const destPath = path$g.join(destination, file);
+    const stat = fs$b.lstatSync(srcPath);
 
     // Skip symlinks to prevent following links to sensitive files
     if (stat.isSymbolicLink()) {
@@ -3058,7 +3058,7 @@ function copyDirectory(source, destination) {
     if (stat.isDirectory()) {
       copyDirectory(srcPath, destPath);
     } else {
-      fs$a.copyFileSync(srcPath, destPath);
+      fs$b.copyFileSync(srcPath, destPath);
     }
   }
 }
@@ -3074,8 +3074,8 @@ const settingsController$4 = {
     try {
       if (data) {
         // <appId>/settings.json
-        const filename = path$f.join(
-          app$9.getPath("userData"),
+        const filename = path$g.join(
+          app$a.getPath("userData"),
           appName$4,
           configFilename$3,
         );
@@ -3110,8 +3110,8 @@ const settingsController$4 = {
   getSettingsForApplication: (win) => {
     try {
       // <appId>/settings.json
-      const filename = path$f.join(
-        app$9.getPath("userData"),
+      const filename = path$g.join(
+        app$a.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3141,15 +3141,15 @@ const settingsController$4 = {
    */
   getDataDirectory: (win) => {
     try {
-      const settingsPath = path$f.join(
-        app$9.getPath("userData"),
+      const settingsPath = path$g.join(
+        app$a.getPath("userData"),
         appName$4,
         configFilename$3,
       );
       const settings = getFileContents$4(settingsPath, {});
       const userDataDir =
         settings.userDataDirectory ||
-        path$f.join(app$9.getPath("userData"), appName$4);
+        path$g.join(app$a.getPath("userData"), appName$4);
 
       console.log("[settingsController] Data directory retrieved successfully");
       // Return the data for ipcMain.handle() - modern promise-based approach
@@ -3176,18 +3176,18 @@ const settingsController$4 = {
   setDataDirectory: (win, newPath) => {
     try {
       // Validate the path exists and is a directory
-      if (!fs$a.existsSync(newPath)) {
-        fs$a.mkdirSync(newPath, { recursive: true });
+      if (!fs$b.existsSync(newPath)) {
+        fs$b.mkdirSync(newPath, { recursive: true });
       }
 
-      const stats = fs$a.statSync(newPath);
+      const stats = fs$b.statSync(newPath);
       if (!stats.isDirectory()) {
         throw new Error("Path is not a directory");
       }
 
       // Update settings
-      const settingsPath = path$f.join(
-        app$9.getPath("userData"),
+      const settingsPath = path$g.join(
+        app$a.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3220,20 +3220,20 @@ const settingsController$4 = {
   migrateDataDirectory: (win, oldPath, newPath) => {
     try {
       // Resolve paths to prevent traversal
-      const resolvedOldPath = path$f.resolve(oldPath);
-      const resolvedNewPath = path$f.resolve(newPath);
+      const resolvedOldPath = path$g.resolve(oldPath);
+      const resolvedNewPath = path$g.resolve(newPath);
 
       // Validate oldPath is the current configured data directory
-      const settingsCheckPath = path$f.join(
-        app$9.getPath("userData"),
+      const settingsCheckPath = path$g.join(
+        app$a.getPath("userData"),
         appName$4,
         configFilename$3,
       );
       const currentSettings = getFileContents$4(settingsCheckPath, {});
       const currentDataDir =
         currentSettings.userDataDirectory ||
-        path$f.join(app$9.getPath("userData"), appName$4);
-      if (resolvedOldPath !== path$f.resolve(currentDataDir)) {
+        path$g.join(app$a.getPath("userData"), appName$4);
+      if (resolvedOldPath !== path$g.resolve(currentDataDir)) {
         throw new Error("Source path must be the current data directory");
       }
 
@@ -3257,20 +3257,20 @@ const settingsController$4 = {
       }
 
       // Validate paths
-      if (!fs$a.existsSync(resolvedOldPath)) {
+      if (!fs$b.existsSync(resolvedOldPath)) {
         throw new Error("Source directory does not exist");
       }
 
-      if (!fs$a.existsSync(resolvedNewPath)) {
-        fs$a.mkdirSync(resolvedNewPath, { recursive: true });
+      if (!fs$b.existsSync(resolvedNewPath)) {
+        fs$b.mkdirSync(resolvedNewPath, { recursive: true });
       }
 
       // Copy files
       copyDirectory(resolvedOldPath, resolvedNewPath);
 
       // Update settings to use new path
-      const settingsPath = path$f.join(
-        app$9.getPath("userData"),
+      const settingsPath = path$g.join(
+        app$a.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3934,8 +3934,8 @@ function requireProviderController () {
 	return providerController_1;
 }
 
-const { app: app$8 } = require$$0$1;
-const path$e = require$$1$2;
+const { app: app$9 } = require$$0$1;
+const path$f = require$$1$2;
 const { writeFileSync: writeFileSync$1 } = require$$0$2;
 const events$4 = events$8;
 const { getFileContents: getFileContents$3 } = file;
@@ -3955,8 +3955,8 @@ const layoutController$1 = {
   saveLayoutForApplication: (win, appId, layoutObject) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$e.join(
-        app$8.getPath("userData"),
+      const filename = path$f.join(
+        app$9.getPath("userData"),
         appName$3,
         appId,
         configFilename$2,
@@ -3988,8 +3988,8 @@ const layoutController$1 = {
    */
   listLayoutsForApplication: (win, appId) => {
     try {
-      const filename = path$e.join(
-        app$8.getPath("userData"),
+      const filename = path$f.join(
+        app$9.getPath("userData"),
         appName$3,
         appId,
         configFilename$2,
@@ -21153,154 +21153,211 @@ let StreamableHTTPClientTransport$1 = class StreamableHTTPClientTransport {
 streamableHttp$1.StreamableHTTPClientTransport = StreamableHTTPClientTransport$1;
 
 /**
- * widgetPermissions.js
+ * grantedPermissions.js
  *
- * Read and parse the `dash.permissions.mcp` block from an installed
- * widget's package.json.
+ * Stores the user's actual MCP permission grants per widget. This is the
+ * Slice-2 enforcement source of truth — separate from the widget's declared
+ * `dash.permissions.mcp` block (which is just a request).
  *
- * Manifest format (declared by widget authors in their package.json):
+ * The runtime gate (permissionGate.gateToolCall) reads from here only.
+ * A widget with a declared manifest but no grant entry has no access:
+ * fail-closed. The user grants permissions at install time (consent modal)
+ * or later in Settings → Privacy & Security.
  *
+ * Storage: userData/widgetMcpGrants.json. Atomic writes via tmp + rename.
+ *
+ * Shape on disk:
  *   {
- *     "name": "@trops/notes-summarizer",
- *     "dash": {
- *       "permissions": {
- *         "mcp": {
- *           "filesystem": {
- *             "tools": ["read_file", "list_directory"],
- *             "readPaths": ["~/Documents/notes"],
- *             "writePaths": []
- *           },
- *           "github": {
- *             "tools": ["search_repositories", "get_file_contents"]
- *           }
+ *     "@trops/notes-summarizer": {
+ *       "servers": {
+ *         "filesystem": {
+ *           "tools": ["read_file"],
+ *           "readPaths": ["/Users/jane/Documents/notes"],
+ *           "writePaths": []
  *         }
  *       }
  *     }
  *   }
  *
- * Path strings beginning with `~` are expanded to the user's home
- * directory at parse time. Tool-only servers (no path I/O, e.g.
- * github) omit the `readPaths`/`writePaths` keys.
+ * Note: paths are stored as-is (already tilde-expanded by the manifest
+ * parser before grants are written). Tests can re-expand via
+ * widgetPermissions.expandHome if they store ~ literals.
  *
  * Public API:
- *
- *   getWidgetMcpPermissions(widgetId) → permissions | null
- *     Returns the parsed permissions for a widget, or null if the
- *     widget is unmanifested. Cached per process.
- *
- *   parseManifestPermissions(packageJson) → permissions | null
- *     Pure function — exposed for tests.
- *
- *   clearCache() → void
- *     Test-only. Drops the in-process cache so tests can re-read.
+ *   getGrant(widgetId) → grant | null
+ *   setGrant(widgetId, perms) → boolean
+ *   revokeGrant(widgetId) → boolean
+ *   revokeServer(widgetId, serverName) → boolean
+ *   listAllGrants() → [{ widgetId, granted }]
+ *   clearCache() → void   // test-only
  */
 
-const fs$9 = require$$0$2;
-const path$d = require$$1$2;
-const os$2 = require$$2$1;
-const { app: app$7 } = require$$0$1;
+const fs$a = require$$0$2;
+const path$e = require$$1$2;
+const { app: app$8 } = require$$0$1;
 
-// Cache: widgetId → permissions | null. Populated lazily on first
-// lookup; invalidated when a widget is installed/uninstalled (the
-// install/uninstall paths call clearCache()).
-const _cache = new Map();
+const FILE_NAME = "widgetMcpGrants.json";
 
-/**
- * Expand a leading "~" to the user's home directory. Other paths are
- * returned as-is.
- */
-function expandHome(p) {
-  if (typeof p !== "string" || !p) return p;
-  if (p === "~") return os$2.homedir();
-  if (p.startsWith("~/") || p.startsWith("~\\")) {
-    return path$d.join(os$2.homedir(), p.slice(2));
+// In-process cache of the entire grants file. Lazily loaded; invalidated
+// on every write.
+let _cache$1 = null;
+
+function grantsFilePath() {
+  return path$e.join(app$8.getPath("userData"), FILE_NAME);
+}
+
+function loadFromDisk() {
+  const p = grantsFilePath();
+  if (!fs$a.existsSync(p)) return {};
+  try {
+    const raw = fs$a.readFileSync(p, "utf8");
+    const parsed = JSON.parse(raw);
+    if (!parsed || typeof parsed !== "object") return {};
+    return parsed;
+  } catch (e) {
+    console.warn("[grantedPermissions] failed to read " + p + ": " + e.message);
+    return {};
   }
-  return p;
+}
+
+function ensureCache() {
+  if (_cache$1 === null) _cache$1 = loadFromDisk();
+  return _cache$1;
+}
+
+function writeToDisk(data) {
+  const p = grantsFilePath();
+  const tmp = p + ".tmp";
+  // Ensure parent dir exists (userData should already, but be defensive
+  // for first-launch / freshly-cleared profile cases).
+  fs$a.mkdirSync(path$e.dirname(p), { recursive: true });
+  fs$a.writeFileSync(tmp, JSON.stringify(data, null, 2), "utf8");
+  fs$a.renameSync(tmp, p);
 }
 
 /**
- * Parse a widget's package.json contents into a normalized permissions
- * object. Returns null if no `dash.permissions.mcp` block exists.
+ * Sanitize a perms object before persisting. Drops unknown keys, coerces
+ * arrays of strings, and silently ignores malformed servers. Mirrors the
+ * shape produced by parseManifestPermissions so the gate reads either
+ * declared or granted with the same code path.
  */
-function parseManifestPermissions(packageJson) {
-  if (!packageJson || typeof packageJson !== "object") return null;
-  const mcp = packageJson?.dash?.permissions?.mcp;
-  if (!mcp || typeof mcp !== "object") return null;
+function sanitizePerms(perms) {
+  if (!perms || typeof perms !== "object") return null;
+  const rawServers =
+    perms.servers && typeof perms.servers === "object" ? perms.servers : null;
+  if (!rawServers) return null;
 
   const servers = {};
-  for (const [serverName, raw] of Object.entries(mcp)) {
+  for (const [name, raw] of Object.entries(rawServers)) {
     if (!raw || typeof raw !== "object") continue;
-    const tools = Array.isArray(raw.tools)
-      ? raw.tools.filter((t) => typeof t === "string")
-      : [];
-    const readPaths = Array.isArray(raw.readPaths)
-      ? raw.readPaths.filter((p) => typeof p === "string").map(expandHome)
-      : [];
-    const writePaths = Array.isArray(raw.writePaths)
-      ? raw.writePaths.filter((p) => typeof p === "string").map(expandHome)
-      : [];
-    servers[serverName] = { tools, readPaths, writePaths };
+    servers[name] = {
+      tools: Array.isArray(raw.tools)
+        ? raw.tools.filter((t) => typeof t === "string")
+        : [],
+      readPaths: Array.isArray(raw.readPaths)
+        ? raw.readPaths.filter((p) => typeof p === "string")
+        : [],
+      writePaths: Array.isArray(raw.writePaths)
+        ? raw.writePaths.filter((p) => typeof p === "string")
+        : [],
+    };
   }
-
   return { servers };
 }
 
-/**
- * Find a widget's installed package.json on disk. Widgets live under
- * userData/widgets/<scope>/<name>/ for scoped packages or
- * userData/widgets/<name>/ for unscoped. The widgetId is the npm
- * package name (e.g. "@trops/notes-summarizer" or "notes-summarizer").
- */
-function resolveWidgetPackagePath(widgetId) {
+function getGrant$2(widgetId) {
   if (typeof widgetId !== "string" || !widgetId) return null;
-  const widgetsRoot = path$d.join(app$7.getPath("userData"), "widgets");
-  // Split scope from name for "@scope/name" form.
-  const parts = widgetId.startsWith("@") ? widgetId.split("/") : [widgetId];
-  return path$d.join(widgetsRoot, ...parts, "package.json");
+  const all = ensureCache();
+  return all[widgetId] || null;
 }
 
-/**
- * Read and parse a widget's MCP permissions. Returns null if:
- *   - the widget directory doesn't exist
- *   - package.json is unreadable / malformed
- *   - the widget hasn't declared dash.permissions.mcp
- *
- * Result is cached per widgetId for the lifetime of this process.
- */
-function getWidgetMcpPermissions$1(widgetId) {
-  if (_cache.has(widgetId)) return _cache.get(widgetId);
-  const pkgPath = resolveWidgetPackagePath(widgetId);
-  if (!pkgPath || !fs$9.existsSync(pkgPath)) {
-    _cache.set(widgetId, null);
-    return null;
+function setGrant$1(widgetId, perms) {
+  if (typeof widgetId !== "string" || !widgetId) return false;
+  const sanitized = sanitizePerms(perms);
+  if (!sanitized) return false;
+  const all = ensureCache();
+  all[widgetId] = sanitized;
+  try {
+    writeToDisk(all);
+    return true;
+  } catch (e) {
+    console.warn(
+      "[grantedPermissions] failed to write grant for " +
+        widgetId +
+        ": " +
+        e.message,
+    );
+    // Roll back the cache entry so memory matches disk.
+    _cache$1 = loadFromDisk();
+    return false;
   }
+}
+
+function revokeGrant$1(widgetId) {
+  if (typeof widgetId !== "string" || !widgetId) return false;
+  const all = ensureCache();
+  if (!Object.prototype.hasOwnProperty.call(all, widgetId)) return false;
+  delete all[widgetId];
   try {
-    const raw = fs$9.readFileSync(pkgPath, "utf8");
-    const pkg = JSON.parse(raw);
-    const perms = parseManifestPermissions(pkg);
-    _cache.set(widgetId, perms);
-    return perms;
+    writeToDisk(all);
+    return true;
   } catch (e) {
     console.warn(
-      "[widgetPermissions] failed to read package.json for " +
+      "[grantedPermissions] failed to revoke grant for " +
         widgetId +
         ": " +
         e.message,
     );
-    _cache.set(widgetId, null);
-    return null;
+    _cache$1 = loadFromDisk();
+    return false;
   }
 }
 
-function clearCache() {
-  _cache.clear();
+function revokeServer$1(widgetId, serverName) {
+  if (typeof widgetId !== "string" || !widgetId) return false;
+  if (typeof serverName !== "string" || !serverName) return false;
+  const all = ensureCache();
+  const widgetEntry = all[widgetId];
+  if (!widgetEntry || !widgetEntry.servers) return false;
+  if (!Object.prototype.hasOwnProperty.call(widgetEntry.servers, serverName))
+    return false;
+  delete widgetEntry.servers[serverName];
+  try {
+    writeToDisk(all);
+    return true;
+  } catch (e) {
+    console.warn(
+      "[grantedPermissions] failed to revoke server " +
+        serverName +
+        " for " +
+        widgetId +
+        ": " +
+        e.message,
+    );
+    _cache$1 = loadFromDisk();
+    return false;
+  }
 }
 
-var widgetPermissions = {
-  getWidgetMcpPermissions: getWidgetMcpPermissions$1,
-  parseManifestPermissions,
-  expandHome,
-  clearCache,
+function listAllGrants$1() {
+  const all = ensureCache();
+  return Object.entries(all).map(([widgetId, granted]) => ({
+    widgetId,
+    granted,
+  }));
+}
+
+function clearCache$1() {
+  _cache$1 = null;
+}
+
+var grantedPermissions = {
+  getGrant: getGrant$2,
+  setGrant: setGrant$1,
+  revokeGrant: revokeGrant$1,
+  revokeServer: revokeServer$1,
+  listAllGrants: listAllGrants$1,
+  clearCache: clearCache$1,
 };
 
 /**
@@ -21309,32 +21366,40 @@ var widgetPermissions = {
  * Per-widget gating for MCP tool calls.
  *
  * When `gateToolCall` is invoked with a widget identity, server name,
- * tool name, and tool arguments, it consults the widget's installed
- * permission manifest (electron/mcp/widgetPermissions.js) and either
- * permits the call or returns a clear denial reason.
+ * tool name, and tool arguments, it consults the widget's GRANTED
+ * permissions (electron/mcp/grantedPermissions.js) and either permits
+ * the call or returns a clear denial reason.
+ *
+ * **Granted vs declared (Slice 2):** the widget's package.json
+ * `dash.permissions.mcp` block is the *request* — read by
+ * widgetPermissions.js and shown to the user at install time. The
+ * *grant* is what the user actually approved. The runtime gate reads
+ * grants only. A widget with a declared manifest but no grant entry
+ * has no MCP access — fail-closed. The user grants permissions via
+ * the install consent modal or Settings → Privacy & Security.
  *
  * Two layers:
  *
- *   1. **Tool-name allowlist** — the manifest's `tools[]` array for the
+ *   1. **Tool-name allowlist** — the granted `tools[]` array for the
  *      target server determines which tool names this widget may
  *      invoke. Anything outside the list is rejected.
  *
  *   2. **Path-argument containment** — for tools whose arguments
  *      include a path-shaped key (`path`, `uri`, `filepath`, `file`,
  *      `directory`), the supplied path is validated with safePath()
- *      against the widget's declared `readPaths` or `writePaths` for
+ *      against the widget's granted `readPaths` or `writePaths` for
  *      the target server. The read/write distinction is heuristic
  *      based on the tool name (e.g. `write_file` is treated as a
  *      write).
  *
- * This is the runtime enforcement layer. Install-time consent UI and
- * per-dashboard MCP-server scope reconfiguration are separate plans
- * (Slices 2 and 3). When the feature flag is OFF (default), this gate
- * is bypassed entirely; mcpController behaves as before. When ON,
- * every callTool dispatch goes through this gate.
+ * This is the runtime enforcement layer. Install-time consent UI is
+ * Slice 2. Per-dashboard MCP-server scope reconfiguration is Slice 3.
+ * When the feature flag is OFF (default), this gate is bypassed
+ * entirely; mcpController behaves as before. When ON, every callTool
+ * dispatch goes through this gate.
  */
 
-const { getWidgetMcpPermissions } = widgetPermissions;
+const { getGrant: getGrant$1 } = grantedPermissions;
 const { safePath: safePath$1 } = safePath_1;
 
 // Argument keys that look like paths. Different MCP servers use
@@ -21365,18 +21430,18 @@ function gateToolCall$1({ widgetId, serverName, toolName, args }) {
     };
   }
 
-  const perms = getWidgetMcpPermissions(widgetId);
+  const perms = getGrant$1(widgetId);
   if (!perms) {
     return {
       allow: false,
       reason:
         "widget '" +
         widgetId +
-        "' has no MCP permission manifest; declare dash.permissions.mcp in its package.json to grant access",
+        "' has no MCP permissions granted; user must approve at install time or in Settings → Privacy & Security",
     };
   }
 
-  const serverPerms = perms.servers[serverName];
+  const serverPerms = perms.servers && perms.servers[serverName];
   if (!serverPerms) {
     return {
       allow: false,
@@ -21457,6 +21522,69 @@ var permissionGate = {
   PATH_ARG_KEYS,
 };
 
+/**
+ * mcpServerKey.js
+ *
+ * Slice 3a: per-workspace MCP server process isolation.
+ *
+ * `mcpController.activeServers` was historically keyed by `serverName`
+ * alone, so two workspaces using the same MCP server type (e.g. both
+ * using `filesystem`) shared one process. Slice 3a keys by the
+ * compound `(workspaceId, serverName)` so each workspace gets its
+ * own process. Slice 3b will configure each process with the union
+ * of grants from widgets on that workspace; for now, processes are
+ * simply isolated.
+ *
+ * Format: `<workspaceId>::<serverName>`. The `::` separator is
+ * unlikely to appear in a UUID-shaped workspace id; serverName is
+ * everything after the first `::` so server names containing `::`
+ * round-trip cleanly.
+ *
+ * Callers without a workspace context (legacy IPC, dash MCP server
+ * tools, AI Builder previews) supply `null`/`undefined` and land on
+ * the `NO_WORKSPACE` sentinel bucket — that's the pre-Slice-3 bucket.
+ *
+ * NOTE: workspaceId is renderer-supplied. Slice 3a uses it only as a
+ * process-isolation key, NOT as a trust boundary. Slice 3b will tie
+ * server scope (e.g. filesystem `--allowed` paths) to it; that's when
+ * the trust boundary appears.
+ */
+
+const NO_WORKSPACE = "__no_workspace__";
+const SEP = "::";
+
+function serverKey$1(workspaceId, serverName) {
+  if (typeof serverName !== "string" || !serverName) {
+    throw new Error("serverKey: serverName is required");
+  }
+  const wid =
+    typeof workspaceId === "string" && workspaceId ? workspaceId : NO_WORKSPACE;
+  return wid + SEP + serverName;
+}
+
+function parseServerKey$1(key) {
+  if (typeof key !== "string") {
+    throw new Error("parseServerKey: key must be a string");
+  }
+  const idx = key.indexOf(SEP);
+  if (idx < 0) {
+    throw new Error(
+      "parseServerKey: malformed key (no '::' separator): " + key,
+    );
+  }
+  return {
+    workspaceId: key.slice(0, idx),
+    serverName: key.slice(idx + SEP.length),
+  };
+}
+
+var mcpServerKey = {
+  serverKey: serverKey$1,
+  parseServerKey: parseServerKey$1,
+  NO_WORKSPACE,
+  SEP,
+};
+
 /**
  * mcpController.js
  *
@@ -21477,12 +21605,13 @@ const {
 const {
   StreamableHTTPClientTransport,
 } = streamableHttp$1;
-const path$c = require$$1$2;
-const fs$8 = require$$0$2;
-const os$1 = require$$2$1;
+const path$d = require$$1$2;
+const fs$9 = require$$0$2;
+const os$2 = require$$2$1;
 const responseCache$2 = responseCache_1;
 const { gateToolCall } = permissionGate;
-const { app: app$6 } = require$$0$1;
+const { serverKey, parseServerKey } = mcpServerKey;
+const { app: app$7 } = require$$0$1;
 
 // Read the widget-MCP-enforcement feature flag from settings.json.
 // Default is OFF — flipping ON activates per-widget gating in
@@ -21490,13 +21619,13 @@ const { app: app$6 } = require$$0$1;
 // and electron/mcp/permissionGate.js for context.
 function isWidgetPermissionEnforcementEnabled() {
   try {
-    const settingsPath = path$c.join(
-      app$6.getPath("userData"),
+    const settingsPath = path$d.join(
+      app$7.getPath("userData"),
       "Dashboard",
       "settings.json",
     );
-    if (!fs$8.existsSync(settingsPath)) return false;
-    const raw = fs$8.readFileSync(settingsPath, "utf8");
+    if (!fs$9.existsSync(settingsPath)) return false;
+    const raw = fs$9.readFileSync(settingsPath, "utf8");
     const settings = JSON.parse(raw);
     return Boolean(settings?.security?.enforceWidgetMcpPermissions);
   } catch (_e) {
@@ -21638,18 +21767,18 @@ function getShellPath$1() {
     return _shellPath$1;
   }
 
-  const { execSync } = require$$9$1;
+  const { execSync } = require$$10;
   const fallbackDirs = ["/usr/local/bin", "/opt/homebrew/bin"];
 
   // Scan nvm versions, tracking both latest and best compatible version
-  const home = os$1.homedir();
+  const home = os$2.homedir();
   let compatibleNvmBin = null;
   if (home) {
     fallbackDirs.push(`${home}/.volta/bin`);
     fallbackDirs.push(`${home}/.nodenv/shims`);
     try {
       const nvmDir = `${home}/.nvm/versions/node`;
-      const versions = fs$8.readdirSync(nvmDir).sort();
+      const versions = fs$9.readdirSync(nvmDir).sort();
       if (versions.length > 0) {
         // Find the highest compatible version (v18/v20/v22)
         for (let i = versions.length - 1; i >= 0; i--) {
@@ -21781,19 +21910,19 @@ function interpolate$1(template, credentials) {
  * @param {object} tokenRefresh { credentialsPath, oauthKeysPath }
  */
 async function refreshGoogleOAuthToken(tokenRefresh) {
-  const home = os$1.homedir();
+  const home = os$2.homedir();
   const credPath = tokenRefresh.credentialsPath.replace(/^~/, home);
   const keysPath = tokenRefresh.oauthKeysPath.replace(/^~/, home);
 
-  if (!fs$8.existsSync(credPath) || !fs$8.existsSync(keysPath)) {
+  if (!fs$9.existsSync(credPath) || !fs$9.existsSync(keysPath)) {
     console.log(
       "[mcpController] Token refresh skipped: credential files not found",
     );
     return;
   }
 
-  const credentials = JSON.parse(fs$8.readFileSync(credPath, "utf8"));
-  const keysFile = JSON.parse(fs$8.readFileSync(keysPath, "utf8"));
+  const credentials = JSON.parse(fs$9.readFileSync(credPath, "utf8"));
+  const keysFile = JSON.parse(fs$9.readFileSync(keysPath, "utf8"));
   const keyData = keysFile.installed || keysFile.web;
 
   if (
@@ -21862,7 +21991,7 @@ async function refreshGoogleOAuthToken(tokenRefresh) {
     credentials.refresh_token = body.refresh_token;
   }
 
-  fs$8.writeFileSync(credPath, JSON.stringify(credentials, null, 2));
+  fs$9.writeFileSync(credPath, JSON.stringify(credentials, null, 2));
   console.log("[mcpController] Google OAuth token refreshed successfully");
 }
 
@@ -21871,17 +22000,24 @@ const mcpController$3 = {
    * startServer
    * Start an MCP server with the given config and credentials
    *
+   * Slice 3a: server instances are keyed by `(workspaceId, serverName)`
+   * so two workspaces using the same server type get separate processes.
+   * Pass `null`/`undefined` workspaceId to land on the legacy
+   * NO_WORKSPACE bucket (e.g. dash MCP server tools, AI Builder previews).
+   *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName unique name for this server instance
    * @param {object} mcpConfig { transport, command, args, envMapping }
    * @param {object} credentials decrypted credentials object
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ success, serverName, tools, status } | { error, message }}
    */
-  startServer: async (win, serverName, mcpConfig, credentials) => {
+  startServer: async (win, serverName, mcpConfig, credentials, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     // 1. Already connected? Return existing connection
-    const existing = activeServers.get(serverName);
+    const existing = activeServers.get(key);
     if (existing && existing.status === STATUS$1.CONNECTED && existing.client) {
-      console.log(`[mcpController] Server already connected: ${serverName}`);
+      console.log(`[mcpController] Server already connected: ${key}`);
       return {
         success: true,
         serverName,
@@ -21892,19 +22028,19 @@ const mcpController$3 = {
     }
 
     // 2. Already starting? Piggyback on the pending promise
-    if (pendingStarts.has(serverName)) {
+    if (pendingStarts.has(key)) {
       console.log(
-        `[mcpController] Server already starting, deduplicating: ${serverName}`,
+        `[mcpController] Server already starting, deduplicating: ${key}`,
       );
-      return pendingStarts.get(serverName);
+      return pendingStarts.get(key);
     }
 
     // 3. Fresh start — wrap in a promise and track it
     const startPromise = (async () => {
       try {
         // Stop if in stale/error state
-        if (activeServers.has(serverName)) {
-          await mcpController$3.stopServer(win, serverName);
+        if (activeServers.has(key)) {
+          await mcpController$3.stopServer(win, serverName, workspaceId);
         }
 
         // Merge with catalog entry to pick up updated command/args
@@ -21977,7 +22113,7 @@ const mcpController$3 = {
           // Merge static env vars from mcpConfig (with ~ expansion)
           if (mcpConfig.staticEnv) {
             Object.entries(mcpConfig.staticEnv).forEach(([envVar, value]) => {
-              env[envVar] = value.replace(/^~/, os$1.homedir());
+              env[envVar] = value.replace(/^~/, os$2.homedir());
             });
           }
 
@@ -22016,7 +22152,7 @@ const mcpController$3 = {
           }
 
           // Interpolate {{MCP_DIR}} in args to resolve local MCP server scripts
-          const mcpDir = path$c.join(__dirname, "..", "mcp");
+          const mcpDir = path$d.join(__dirname, "..", "mcp");
           for (let i = 0; i < args.length; i++) {
             if (
               typeof args[i] === "string" &&
@@ -22035,12 +22171,14 @@ const mcpController$3 = {
         }
 
         // Update status to connecting
-        activeServers.set(serverName, {
+        activeServers.set(key, {
           client: null,
           transport,
           tools: [],
           resources: [],
           status: STATUS$1.CONNECTING,
+          workspaceId: workspaceId || null,
+          serverName,
         });
 
         // Create MCP client
@@ -22074,16 +22212,18 @@ const mcpController$3 = {
         }
 
         // Store the active connection
-        activeServers.set(serverName, {
+        activeServers.set(key, {
           client,
           transport,
           tools,
           resources,
           status: STATUS$1.CONNECTED,
+          workspaceId: workspaceId || null,
+          serverName,
         });
 
         console.log(
-          `[mcpController] Server connected: ${serverName} (${tools.length} tools, ${resources.length} resources)`,
+          `[mcpController] Server connected: ${key} (${tools.length} tools, ${resources.length} resources)`,
         );
 
         return {
@@ -22108,13 +22248,15 @@ const mcpController$3 = {
         }
 
         // Mark as error state
-        activeServers.set(serverName, {
+        activeServers.set(key, {
           client: null,
           transport: null,
           tools: [],
           resources: [],
           status: STATUS$1.ERROR,
           error: errorMessage,
+          workspaceId: workspaceId || null,
+          serverName,
         });
 
         return {
@@ -22124,11 +22266,11 @@ const mcpController$3 = {
           status: STATUS$1.ERROR,
         };
       } finally {
-        pendingStarts.delete(serverName);
+        pendingStarts.delete(key);
       }
     })();
 
-    pendingStarts.set(serverName, startPromise);
+    pendingStarts.set(key, startPromise);
     return startPromise;
   },
 
@@ -22138,20 +22280,22 @@ const mcpController$3 = {
    *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName the server to stop
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ success, serverName } | { error, message }}
    */
-  stopServer: async (win, serverName) => {
+  stopServer: async (win, serverName, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     try {
       // Wait for any in-flight start to finish before stopping
-      if (pendingStarts.has(serverName)) {
+      if (pendingStarts.has(key)) {
         try {
-          await pendingStarts.get(serverName);
+          await pendingStarts.get(key);
         } catch (e) {
           /* stopping anyway */
         }
       }
 
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server) {
         return {
           success: true,
@@ -22160,7 +22304,7 @@ const mcpController$3 = {
         };
       }
 
-      console.log(`[mcpController] Stopping server: ${serverName}`);
+      console.log(`[mcpController] Stopping server: ${key}`);
 
       // Close the client connection
       if (server.client) {
@@ -22168,27 +22312,24 @@ const mcpController$3 = {
           await server.client.close();
         } catch (closeError) {
           console.warn(
-            `[mcpController] Error closing client for ${serverName}:`,
+            `[mcpController] Error closing client for ${key}:`,
             closeError.message,
           );
         }
       }
 
-      activeServers.delete(serverName);
+      activeServers.delete(key);
 
-      console.log(`[mcpController] Server stopped: ${serverName}`);
+      console.log(`[mcpController] Server stopped: ${key}`);
 
       return {
         success: true,
         serverName,
       };
     } catch (error) {
-      console.error(
-        `[mcpController] Error stopping server ${serverName}:`,
-        error,
-      );
+      console.error(`[mcpController] Error stopping server ${key}:`, error);
       // Clean up anyway
-      activeServers.delete(serverName);
+      activeServers.delete(key);
       return {
         error: true,
         message: error.message,
@@ -22205,6 +22346,10 @@ const mcpController$3 = {
    * @param {string} toolName the tool to call
    * @param {object} args arguments for the tool
    * @param {Array<string>} allowedTools optional whitelist of allowed tool names
+   * @param {string|null} widgetId the widget originating the call (Slice 1+2)
+   * @param {string|null} workspaceId the active workspace (Slice 3a) — used
+   *                       to scope the server process per workspace.
+   *                       Slice 3b will tie path scope to this id.
    * @returns {{ result } | { error, message }}
    */
   callTool: async (
@@ -22214,11 +22359,13 @@ const mcpController$3 = {
     args,
     allowedTools = null,
     widgetId = null,
+    workspaceId = null,
   ) => {
+    const key = serverKey(workspaceId, serverName);
     try {
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server || !server.client) {
-        throw new Error(`Server not connected: ${serverName}`);
+        throw new Error(`Server not connected: ${key}`);
       }
 
       // Per-widget manifest gate. Activated by the
@@ -22251,7 +22398,7 @@ const mcpController$3 = {
       }
 
       const doCall = async () => {
-        console.log(`[mcpController] Calling tool: ${serverName}/${toolName}`);
+        console.log(`[mcpController] Calling tool: ${key}/${toolName}`);
         const result = await server.client.callTool({
           name: toolName,
           arguments: args || {},
@@ -22262,18 +22409,21 @@ const mcpController$3 = {
         };
       };
 
-      // Cache read-only tool calls with in-flight dedup.
-      // Writes always hit the source (and we invalidate the server's cache).
+      // Cache read-only tool calls with in-flight dedup. Cache key is
+      // scoped per (workspace, server, tool, args) so two workspaces
+      // calling the same read on the same server type don't share a
+      // cached response — they're separate processes with potentially
+      // different scopes (Slice 3b will make that explicit).
       if (isReadOnlyTool(toolName)) {
-        const key = `mcp:${serverName}:${toolName}:${JSON.stringify(args || {})}`;
-        return responseCache$2.get(key, doCall, {
+        const cacheKey = `mcp:${key}:${toolName}:${JSON.stringify(args || {})}`;
+        return responseCache$2.get(cacheKey, doCall, {
           ttl: DEFAULT_TOOL_CACHE_TTL,
         });
       }
 
       // Write/mutation: invalidate any cached reads for this server
       // (safest default — broad invalidation when state changes)
-      responseCache$2.invalidatePrefix(`mcp:${serverName}:`);
+      responseCache$2.invalidatePrefix(`mcp:${key}:`);
       return doCall();
     } catch (error) {
       console.error(
@@ -22293,13 +22443,15 @@ const mcpController$3 = {
    *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ tools } | { error, message }}
    */
-  listTools: async (win, serverName) => {
+  listTools: async (win, serverName, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     try {
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server || !server.client) {
-        throw new Error(`Server not connected: ${serverName}`);
+        throw new Error(`Server not connected: ${key}`);
       }
 
       // Refresh tool list from server
@@ -22331,13 +22483,15 @@ const mcpController$3 = {
    *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ resources } | { error, message }}
    */
-  listResources: async (win, serverName) => {
+  listResources: async (win, serverName, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     try {
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server || !server.client) {
-        throw new Error(`Server not connected: ${serverName}`);
+        throw new Error(`Server not connected: ${key}`);
       }
 
       const resourcesResult = await server.client.listResources();
@@ -22369,13 +22523,15 @@ const mcpController$3 = {
    * @param {BrowserWindow} win the main window
    * @param {string} serverName the server name
    * @param {string} uri the resource URI
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ resource } | { error, message }}
    */
-  readResource: async (win, serverName, uri) => {
+  readResource: async (win, serverName, uri, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     try {
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server || !server.client) {
-        throw new Error(`Server not connected: ${serverName}`);
+        throw new Error(`Server not connected: ${key}`);
       }
 
       const result = await server.client.readResource({ uri });
@@ -22404,8 +22560,9 @@ const mcpController$3 = {
    * @param {string} serverName the server name
    * @returns {{ status, tools, error }}
    */
-  getServerStatus: (win, serverName) => {
-    const server = activeServers.get(serverName);
+  getServerStatus: (win, serverName, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
+    const server = activeServers.get(key);
     if (!server) {
       return {
         serverName,
@@ -22433,20 +22590,20 @@ const mcpController$3 = {
    */
   getCatalog: (win) => {
     try {
-      const catalogPath = path$c.join(
+      const catalogPath = path$d.join(
         __dirname,
         "..",
         "mcp",
         "mcpServerCatalog.json",
       );
 
-      if (!fs$8.existsSync(catalogPath)) {
+      if (!fs$9.existsSync(catalogPath)) {
         return {
           catalog: [],
         };
       }
 
-      const catalogData = fs$8.readFileSync(catalogPath, "utf8");
+      const catalogData = fs$9.readFileSync(catalogPath, "utf8");
       const catalog = JSON.parse(catalogData);
 
       return {
@@ -22474,18 +22631,18 @@ const mcpController$3 = {
    */
   getKnownExternalCatalog: () => {
     try {
-      const catalogPath = path$c.join(
+      const catalogPath = path$d.join(
         __dirname,
         "..",
         "mcp",
         "knownExternalMcpServers.json",
       );
 
-      if (!fs$8.existsSync(catalogPath)) {
+      if (!fs$9.existsSync(catalogPath)) {
         return { success: true, servers: [] };
       }
 
-      const catalogData = fs$8.readFileSync(catalogPath, "utf8");
+      const catalogData = fs$9.readFileSync(catalogPath, "utf8");
       const catalog = JSON.parse(catalogData);
 
       return {
@@ -22538,7 +22695,7 @@ const mcpController$3 = {
    * @returns {{ success } | { error, message }}
    */
   runAuth: async (win, mcpConfig, credentials, authCommand) => {
-    const { spawn } = require$$9$1;
+    const { spawn } = require$$10;
 
     const env = cleanEnvForChildProcess();
 
@@ -22547,11 +22704,11 @@ const mcpController$3 = {
       const { from, to } = authCommand.setup.copyCredential;
       const sourcePath = credentials?.[from];
       if (sourcePath) {
-        const destPath = to.replace(/^~/, os$1.homedir());
+        const destPath = to.replace(/^~/, os$2.homedir());
         const destDir = require$$1$2.dirname(destPath);
         try {
-          fs$8.mkdirSync(destDir, { recursive: true });
-          fs$8.copyFileSync(sourcePath, destPath);
+          fs$9.mkdirSync(destDir, { recursive: true });
+          fs$9.copyFileSync(sourcePath, destPath);
         } catch (err) {
           return {
             error: true,
@@ -22582,12 +22739,12 @@ const mcpController$3 = {
     // Merge static env vars from authCommand with ~ expansion
     if (authCommand.staticEnv) {
       Object.entries(authCommand.staticEnv).forEach(([key, value]) => {
-        env[key] = value.replace(/^~/, os$1.homedir());
+        env[key] = value.replace(/^~/, os$2.homedir());
       });
     }
 
     // Interpolate {{MCP_DIR}} in authCommand args (same as startServer)
-    const mcpDir = path$c.join(__dirname, "..", "mcp");
+    const mcpDir = path$d.join(__dirname, "..", "mcp");
     const resolvedArgs = (authCommand.args || []).map((arg) =>
       typeof arg === "string" && arg.includes("{{MCP_DIR}}")
         ? arg.replace(/\{\{MCP_DIR\}\}/g, mcpDir)
@@ -22667,12 +22824,39 @@ const mcpController$3 = {
       `[mcpController] Stopping all servers (${activeServers.size} active)`,
     );
     const promises = [];
-    for (const [serverName] of activeServers) {
-      promises.push(mcpController$3.stopServer(null, serverName));
+    // Slice 3a: keys are compound `(workspaceId, serverName)`. Parse
+    // to call stopServer with the original args.
+    for (const [key] of activeServers) {
+      const { workspaceId, serverName } = parseServerKey(key);
+      promises.push(mcpController$3.stopServer(null, serverName, workspaceId));
     }
     await Promise.allSettled(promises);
     console.log("[mcpController] All servers stopped");
   },
+
+  /**
+   * stopServersForWorkspace
+   * Stop every server keyed under the given workspaceId. Called when
+   * a workspace unmounts so its scoped MCP processes don't leak.
+   *
+   * @param {string} workspaceId the workspace whose servers to stop
+   */
+  stopServersForWorkspace: async (workspaceId) => {
+    if (!workspaceId) return;
+    const promises = [];
+    for (const [key] of activeServers) {
+      const parsed = parseServerKey(key);
+      if (parsed.workspaceId !== workspaceId) continue;
+      promises.push(
+        mcpController$3.stopServer(null, parsed.serverName, workspaceId),
+      );
+    }
+    if (promises.length === 0) return;
+    console.log(
+      `[mcpController] Stopping ${promises.length} server(s) for workspace ${workspaceId}`,
+    );
+    await Promise.allSettled(promises);
+  },
 };
 
 mcpController$4.exports = mcpController$3;
@@ -23108,8 +23292,8 @@ function commonjsRequire(path) {
  * Runs in the Electron main process at widget install time.
  */
 
-const fs$7 = require$$0$2;
-const path$b = require$$1$2;
+const fs$8 = require$$0$2;
+const path$c = require$$1$2;
 
 /**
  * Structured error thrown by compileWidget() when the underlying
@@ -23144,7 +23328,7 @@ function getEsbuildDiagnostics() {
 
   try {
     const pkgJsonPath = require.resolve("esbuild/package.json");
-    diagnostics.esbuildPackageDir = path$b.dirname(pkgJsonPath);
+    diagnostics.esbuildPackageDir = path$c.dirname(pkgJsonPath);
     diagnostics.esbuildVersion = commonjsRequire(pkgJsonPath).version;
   } catch (err) {
     diagnostics.esbuildResolveError = err.message;
@@ -23154,15 +23338,15 @@ function getEsbuildDiagnostics() {
     const archPkgJson = require.resolve(
       `${diagnostics.archPackage}/package.json`,
     );
-    const archDir = path$b.dirname(archPkgJson);
+    const archDir = path$c.dirname(archPkgJson);
     // esbuild's native binary on macOS/Linux is bin/esbuild;
     // on Windows it's esbuild.exe at the package root.
     const candidate =
       process.platform === "win32"
-        ? path$b.join(archDir, "esbuild.exe")
-        : path$b.join(archDir, "bin", "esbuild");
+        ? path$c.join(archDir, "esbuild.exe")
+        : path$c.join(archDir, "bin", "esbuild");
     diagnostics.nativeBinaryPath = candidate;
-    diagnostics.nativeBinaryExists = fs$7.existsSync(candidate);
+    diagnostics.nativeBinaryExists = fs$8.existsSync(candidate);
   } catch (err) {
     diagnostics.archResolveError = err.message;
   }
@@ -23208,26 +23392,26 @@ async function healthCheck() {
  * @returns {string|null} Path to the widgets/ directory, or null
  */
 function findWidgetsDir$2(widgetPath) {
-  const direct = path$b.join(widgetPath, "widgets");
-  if (fs$7.existsSync(direct)) {
+  const direct = path$c.join(widgetPath, "widgets");
+  if (fs$8.existsSync(direct)) {
     return direct;
   }
 
   // Check configs/widgets/ (packageZip.js nests .dash.js files here)
-  const configsWidgets = path$b.join(widgetPath, "configs", "widgets");
-  if (fs$7.existsSync(configsWidgets)) {
+  const configsWidgets = path$c.join(widgetPath, "configs", "widgets");
+  if (fs$8.existsSync(configsWidgets)) {
     return configsWidgets;
   }
 
   // Check configs/ directory (used by packageZip.js for distributed widgets)
-  const configs = path$b.join(widgetPath, "configs");
-  if (fs$7.existsSync(configs)) {
+  const configs = path$c.join(widgetPath, "configs");
+  if (fs$8.existsSync(configs)) {
     return configs;
   }
 
   // Check one level deeper for nested ZIP extraction
   try {
-    const entries = fs$7.readdirSync(widgetPath, { withFileTypes: true });
+    const entries = fs$8.readdirSync(widgetPath, { withFileTypes: true });
     const subdirs = entries.filter(
       (e) =>
         e.isDirectory() &&
@@ -23237,8 +23421,8 @@ function findWidgetsDir$2(widgetPath) {
     );
 
     for (const subdir of subdirs) {
-      const nested = path$b.join(widgetPath, subdir.name, "widgets");
-      if (fs$7.existsSync(nested)) {
+      const nested = path$c.join(widgetPath, subdir.name, "widgets");
+      if (fs$8.existsSync(nested)) {
         console.log(`[WidgetCompiler] Found nested widgets/ at ${nested}`);
         return nested;
       }
@@ -23272,7 +23456,7 @@ async function compileWidget$1(widgetPath) {
   }
 
   // Discover .dash.js config files
-  const files = fs$7.readdirSync(widgetsDir);
+  const files = fs$8.readdirSync(widgetsDir);
   const dashFiles = files.filter((f) => f.endsWith(".dash.js"));
 
   if (dashFiles.length === 0) {
@@ -23286,15 +23470,15 @@ async function compileWidget$1(widgetPath) {
   // Compute relative path from the entry file (in widgetPath) to widgetsDir,
   // since widgetsDir may be nested (e.g., ./weather-widget/widgets/).
   const relWidgetsDir =
-    "./" + path$b.relative(widgetPath, widgetsDir).split(path$b.sep).join("/");
+    "./" + path$c.relative(widgetPath, widgetsDir).split(path$c.sep).join("/");
   const imports = [];
   const exportParts = [];
 
   for (const dashFile of dashFiles) {
     const componentName = dashFile.replace(".dash.js", "");
     const componentFile = `${componentName}.js`;
-    const componentFilePath = path$b.join(widgetsDir, componentFile);
-    const hasComponent = fs$7.existsSync(componentFilePath);
+    const componentFilePath = path$c.join(widgetsDir, componentFile);
+    const hasComponent = fs$8.existsSync(componentFilePath);
 
     // Import the config (always)
     imports.push(
@@ -23326,17 +23510,17 @@ async function compileWidget$1(widgetPath) {
   const entryContent = [...imports, "", ...exportParts, ""].join("\n");
 
   // Write temporary entry file in the widget root
-  const entryPath = path$b.join(widgetPath, "__compile_entry.js");
-  const distDir = path$b.join(widgetPath, "dist");
-  const outPath = path$b.join(distDir, "index.cjs.js");
+  const entryPath = path$c.join(widgetPath, "__compile_entry.js");
+  const distDir = path$c.join(widgetPath, "dist");
+  const outPath = path$c.join(distDir, "index.cjs.js");
 
   try {
     // Ensure dist/ directory exists
-    if (!fs$7.existsSync(distDir)) {
-      fs$7.mkdirSync(distDir, { recursive: true });
+    if (!fs$8.existsSync(distDir)) {
+      fs$8.mkdirSync(distDir, { recursive: true });
     }
 
-    fs$7.writeFileSync(entryPath, entryContent, "utf8");
+    fs$8.writeFileSync(entryPath, entryContent, "utf8");
 
     console.log(
       `[WidgetCompiler] Compiling ${dashFiles.length} component(s) from ${widgetPath}`,
@@ -23392,8 +23576,8 @@ async function compileWidget$1(widgetPath) {
   } finally {
     // Clean up temporary entry file
     try {
-      if (fs$7.existsSync(entryPath)) {
-        fs$7.unlinkSync(entryPath);
+      if (fs$8.existsSync(entryPath)) {
+        fs$8.unlinkSync(entryPath);
       }
     } catch (cleanupError) {
       // Non-fatal
@@ -23425,8 +23609,8 @@ var widgetCompiler$1 = {
  * Integrates with ComponentManager for automatic registration
  */
 
-const fs$6 = require$$0$2;
-const path$a = require$$1$2;
+const fs$7 = require$$0$2;
+const path$b = require$$1$2;
 const vm = require$$2$2;
 const { findWidgetsDir: findWidgetsDir$1 } = widgetCompiler$1;
 
@@ -23514,14 +23698,14 @@ class DynamicWidgetLoader {
       );
 
       const widgetsDir =
-        findWidgetsDir$1(widgetPath) || path$a.join(widgetPath, "widgets");
-      const componentPath = path$a.join(widgetsDir, `${componentName}.js`);
-      const configPath = path$a.join(widgetsDir, `${componentName}.dash.js`);
+        findWidgetsDir$1(widgetPath) || path$b.join(widgetPath, "widgets");
+      const componentPath = path$b.join(widgetsDir, `${componentName}.js`);
+      const configPath = path$b.join(widgetsDir, `${componentName}.dash.js`);
 
-      if (!fs$6.existsSync(componentPath)) {
+      if (!fs$7.existsSync(componentPath)) {
         throw new Error(`Component file not found: ${componentPath}`);
       }
-      if (!fs$6.existsSync(configPath)) {
+      if (!fs$7.existsSync(configPath)) {
         throw new Error(`Config file not found: ${configPath}`);
       }
 
@@ -23572,7 +23756,7 @@ class DynamicWidgetLoader {
    */
   async loadConfigFile(configPath) {
     try {
-      const source = fs$6.readFileSync(configPath, "utf8");
+      const source = fs$7.readFileSync(configPath, "utf8");
 
       let exportMatch = source.match(/export\s+default\s+({[\s\S]*});?\s*$/);
 
@@ -23640,7 +23824,7 @@ class DynamicWidgetLoader {
         return [];
       }
 
-      const files = fs$6.readdirSync(widgetsDir);
+      const files = fs$7.readdirSync(widgetsDir);
       const widgets = new Set();
 
       files.forEach((file) => {
@@ -23673,6 +23857,157 @@ dynamicWidgetLoader$3.exports.dynamicWidgetLoader = dynamicWidgetLoader$2;
 
 var dynamicWidgetLoaderExports = dynamicWidgetLoader$3.exports;
 
+/**
+ * widgetPermissions.js
+ *
+ * Read and parse the `dash.permissions.mcp` block from an installed
+ * widget's package.json.
+ *
+ * Manifest format (declared by widget authors in their package.json):
+ *
+ *   {
+ *     "name": "@trops/notes-summarizer",
+ *     "dash": {
+ *       "permissions": {
+ *         "mcp": {
+ *           "filesystem": {
+ *             "tools": ["read_file", "list_directory"],
+ *             "readPaths": ["~/Documents/notes"],
+ *             "writePaths": []
+ *           },
+ *           "github": {
+ *             "tools": ["search_repositories", "get_file_contents"]
+ *           }
+ *         }
+ *       }
+ *     }
+ *   }
+ *
+ * Path strings beginning with `~` are expanded to the user's home
+ * directory at parse time. Tool-only servers (no path I/O, e.g.
+ * github) omit the `readPaths`/`writePaths` keys.
+ *
+ * Public API:
+ *
+ *   getWidgetMcpPermissions(widgetId) → permissions | null
+ *     Returns the parsed permissions for a widget, or null if the
+ *     widget is unmanifested. Cached per process.
+ *
+ *   parseManifestPermissions(packageJson) → permissions | null
+ *     Pure function — exposed for tests.
+ *
+ *   clearCache() → void
+ *     Test-only. Drops the in-process cache so tests can re-read.
+ */
+
+const fs$6 = require$$0$2;
+const path$a = require$$1$2;
+const os$1 = require$$2$1;
+const { app: app$6 } = require$$0$1;
+
+// Cache: widgetId → permissions | null. Populated lazily on first
+// lookup; invalidated when a widget is installed/uninstalled (the
+// install/uninstall paths call clearCache()).
+const _cache = new Map();
+
+/**
+ * Expand a leading "~" to the user's home directory. Other paths are
+ * returned as-is.
+ */
+function expandHome(p) {
+  if (typeof p !== "string" || !p) return p;
+  if (p === "~") return os$1.homedir();
+  if (p.startsWith("~/") || p.startsWith("~\\")) {
+    return path$a.join(os$1.homedir(), p.slice(2));
+  }
+  return p;
+}
+
+/**
+ * Parse a widget's package.json contents into a normalized permissions
+ * object. Returns null if no `dash.permissions.mcp` block exists.
+ */
+function parseManifestPermissions(packageJson) {
+  if (!packageJson || typeof packageJson !== "object") return null;
+  const mcp = packageJson?.dash?.permissions?.mcp;
+  if (!mcp || typeof mcp !== "object") return null;
+
+  const servers = {};
+  for (const [serverName, raw] of Object.entries(mcp)) {
+    if (!raw || typeof raw !== "object") continue;
+    const tools = Array.isArray(raw.tools)
+      ? raw.tools.filter((t) => typeof t === "string")
+      : [];
+    const readPaths = Array.isArray(raw.readPaths)
+      ? raw.readPaths.filter((p) => typeof p === "string").map(expandHome)
+      : [];
+    const writePaths = Array.isArray(raw.writePaths)
+      ? raw.writePaths.filter((p) => typeof p === "string").map(expandHome)
+      : [];
+    servers[serverName] = { tools, readPaths, writePaths };
+  }
+
+  return { servers };
+}
+
+/**
+ * Find a widget's installed package.json on disk. Widgets live under
+ * userData/widgets/<scope>/<name>/ for scoped packages or
+ * userData/widgets/<name>/ for unscoped. The widgetId is the npm
+ * package name (e.g. "@trops/notes-summarizer" or "notes-summarizer").
+ */
+function resolveWidgetPackagePath(widgetId) {
+  if (typeof widgetId !== "string" || !widgetId) return null;
+  const widgetsRoot = path$a.join(app$6.getPath("userData"), "widgets");
+  // Split scope from name for "@scope/name" form.
+  const parts = widgetId.startsWith("@") ? widgetId.split("/") : [widgetId];
+  return path$a.join(widgetsRoot, ...parts, "package.json");
+}
+
+/**
+ * Read and parse a widget's MCP permissions. Returns null if:
+ *   - the widget directory doesn't exist
+ *   - package.json is unreadable / malformed
+ *   - the widget hasn't declared dash.permissions.mcp
+ *
+ * Result is cached per widgetId for the lifetime of this process.
+ */
+function getWidgetMcpPermissions$1(widgetId) {
+  if (_cache.has(widgetId)) return _cache.get(widgetId);
+  const pkgPath = resolveWidgetPackagePath(widgetId);
+  if (!pkgPath || !fs$6.existsSync(pkgPath)) {
+    _cache.set(widgetId, null);
+    return null;
+  }
+  try {
+    const raw = fs$6.readFileSync(pkgPath, "utf8");
+    const pkg = JSON.parse(raw);
+    const perms = parseManifestPermissions(pkg);
+    _cache.set(widgetId, perms);
+    return perms;
+  } catch (e) {
+    console.warn(
+      "[widgetPermissions] failed to read package.json for " +
+        widgetId +
+        ": " +
+        e.message,
+    );
+    _cache.set(widgetId, null);
+    return null;
+  }
+}
+
+function clearCache() {
+  _cache.clear();
+}
+
+var widgetPermissions = {
+  getWidgetMcpPermissions: getWidgetMcpPermissions$1,
+  parseManifestPermissions,
+  expandHome,
+  clearCache,
+};
+
 /**
  * schedulerController.js
  *
@@ -24213,6 +24548,10 @@ var schedulerController_1 = schedulerController$2;
 	const { compileWidget, findWidgetsDir } = widgetCompiler$1;
 	const { toPackageId, parsePackageId } = packageId;
 	const { getStoredToken } = registryAuthController$2;
+	const {
+	  getWidgetMcpPermissions,
+	  clearCache: clearWidgetPermsCache,
+	} = widgetPermissions;
 
 	let WIDGETS_CACHE_DIR = null;
 	let REGISTRY_CONFIG_FILE = null;
@@ -25287,6 +25626,38 @@ var schedulerController_1 = schedulerController$2;
 	  return null;
 	}
 
+	/**
+	 * If a freshly-installed widget declares dash.permissions.mcp, ping the
+	 * renderer so the consent modal can pop up. The renderer subscribes via
+	 * `widget:mcp-consent-required` and either calls widget-mcp:set-grant
+	 * with the user's selections (Slice 2) or quietly drops the message
+	 * (older renderer pre-Slice-2 — the gate still fail-closes).
+	 *
+	 * Cache invalidation: widgetPermissions caches per-process, so an upgrade
+	 * over a stale cached entry would otherwise keep the old manifest. Drop
+	 * the whole cache here — cheap, infrequent.
+	 */
+	function maybeEmitMcpConsentRequired(widgetName) {
+	  try {
+	    clearWidgetPermsCache();
+	    const declared = getWidgetMcpPermissions(widgetName);
+	    if (!declared) return;
+	    BrowserWindow.getAllWindows().forEach((win) => {
+	      win.webContents.send("widget:mcp-consent-required", {
+	        widgetId: widgetName,
+	        declared,
+	      });
+	    });
+	  } catch (e) {
+	    console.warn(
+	      "[widgetRegistry] mcp consent emit failed for " +
+	        widgetName +
+	        ": " +
+	        e.message,
+	    );
+	  }
+	}
+
 	/**
 	 * Setup IPC handlers for widget management (use in main.js)
 	 */
@@ -25313,6 +25684,8 @@ var schedulerController_1 = schedulerController$2;
 	        });
 	      });
 
+	      maybeEmitMcpConsentRequired(widgetName);
+
 	      return config;
 	    },
 	  );
@@ -25334,6 +25707,8 @@ var schedulerController_1 = schedulerController$2;
 	        });
 	      });
 
+	      maybeEmitMcpConsentRequired(widgetName);
+
 	      return config;
 	    },
 	  );
@@ -47487,7 +47862,7 @@ var mcpDashServerController_1 = mcpDashServerController$4;
  * can use the Chat widget without a separate API key.
  */
 
-const { spawn, execSync } = require$$9$1;
+const { spawn, execSync } = require$$10;
 const {
   LLM_STREAM_DELTA: LLM_STREAM_DELTA$2,
   LLM_STREAM_TOOL_CALL: LLM_STREAM_TOOL_CALL$2,
@@ -50796,7 +51171,7 @@ async function handleGetAppStats$1() {
 
 const registryController$2 = registryController$3;
 const registryAuthController$1 = registryAuthController$2;
-const { getWidgetRegistry } = widgetRegistryExports;
+const { getWidgetRegistry: getWidgetRegistry$1 } = widgetRegistryExports;
 
 /**
  * Helper: find a workspace by ID or return the first (active) one.
@@ -51324,7 +51699,7 @@ async function handleConfigureWidget$1({ dashboardId, widgetId, config }) {
 function getInstalledPackageNames() {
   const installed = new Set();
   try {
-    const registry = getWidgetRegistry();
+    const registry = getWidgetRegistry$1();
     const widgets = registry.getWidgets();
     for (const w of widgets) {
       const name = w.name || w.packageId || "";
@@ -51605,7 +51980,7 @@ async function handleInstallWidget$1({ packageName }) {
     }
 
     // Download and install
-    const registry = getWidgetRegistry();
+    const registry = getWidgetRegistry$1();
     const config = await registry.downloadWidget(pkg.name, pkg.downloadUrl);
 
     // Notify all renderer windows
@@ -59564,6 +59939,93 @@ const webSocketController$1 = {
 
 var webSocketController_1 = webSocketController$1;
 
+/**
+ * widgetMcpGrantsController.js
+ *
+ * IPC handlers for the Slice-2 user-grant store. The renderer reads/writes
+ * grants via these channels: install consent modal calls `widget-mcp:set-grant`
+ * with the user's selections, Settings → Privacy & Security calls
+ * `widget-mcp:list-all` to render the grant audit, and either entry point can
+ * call `widget-mcp:revoke` / `widget-mcp:revoke-server`.
+ *
+ * The list-all handler joins each grant with its declared manifest so the UI
+ * can show declared-vs-granted diffs (declared paths the user did NOT grant
+ * are rendered struck through, etc.). Widgets that have a manifest but no
+ * grant are also surfaced — those are the install-consent retroactive prompts.
+ */
+
+const { ipcMain: ipcMain$1 } = require$$0$1;
+const {
+  getGrant,
+  setGrant,
+  revokeGrant,
+  revokeServer,
+  listAllGrants,
+} = grantedPermissions;
+const { getWidgetMcpPermissions } = widgetPermissions;
+const { getWidgetRegistry } = widgetRegistryExports;
+
+function setupWidgetMcpGrantsHandlers() {
+  ipcMain$1.handle("widget-mcp:get-grant", (event, widgetId) => {
+    return getGrant(widgetId);
+  });
+
+  ipcMain$1.handle("widget-mcp:set-grant", (event, widgetId, perms) => {
+    return setGrant(widgetId, perms);
+  });
+
+  ipcMain$1.handle("widget-mcp:revoke", (event, widgetId) => {
+    return revokeGrant(widgetId);
+  });
+
+  ipcMain$1.handle("widget-mcp:revoke-server", (event, widgetId, serverName) => {
+    return revokeServer(widgetId, serverName);
+  });
+
+  // Joins all installed widgets with their declared and granted permission
+  // blocks. Returns one row per widget that has a declared manifest OR a
+  // grant — this surfaces both "freshly installed, awaiting consent" and
+  // "previously granted, now reviewable" cases in Settings.
+  ipcMain$1.handle("widget-mcp:list-all", () => {
+    const grantsByWidget = new Map();
+    for (const { widgetId, granted } of listAllGrants()) {
+      grantsByWidget.set(widgetId, granted);
+    }
+
+    const rows = [];
+    const seen = new Set();
+
+    let installedWidgets = [];
+    try {
+      installedWidgets = getWidgetRegistry().getWidgets() || [];
+    } catch (_e) {
+      // Registry not initialized yet; fall back to grants-only listing.
+    }
+
+    for (const w of installedWidgets) {
+      const widgetId = w?.name;
+      if (!widgetId || seen.has(widgetId)) continue;
+      seen.add(widgetId);
+      const declared = getWidgetMcpPermissions(widgetId);
+      const granted = grantsByWidget.get(widgetId) || null;
+      // Skip widgets with neither — they have nothing to show.
+      if (!declared && !granted) continue;
+      rows.push({ widgetId, declared, granted });
+    }
+
+    // Surface any grants whose widget is no longer installed (rare, but
+    // possible if uninstall didn't revoke). The user can still revoke them.
+    for (const [widgetId, granted] of grantsByWidget) {
+      if (seen.has(widgetId)) continue;
+      rows.push({ widgetId, declared: null, granted });
+    }
+
+    return rows;
+  });
+}
+
+var widgetMcpGrantsController$1 = { setupWidgetMcpGrantsHandlers };
+
 /**
  * clientFactories.js
  *
@@ -61789,13 +62251,16 @@ const mcpApi$2 = {
    * @param {string} serverName unique name for this server instance
    * @param {object} mcpConfig { transport, command, args, envMapping }
    * @param {object} credentials decrypted credentials object
+   * @param {string|null} workspaceId active workspace id (Slice 3a) —
+   *   server processes are keyed per workspace.
    * @returns {Promise<{ success, serverName, tools, status } | { error, message }>}
    */
-  startServer: (serverName, mcpConfig, credentials) =>
+  startServer: (serverName, mcpConfig, credentials, workspaceId = null) =>
     ipcRenderer$i.invoke(MCP_START_SERVER, {
       serverName,
       mcpConfig,
       credentials,
+      workspaceId,
     }),
 
   /**
@@ -61803,19 +62268,22 @@ const mcpApi$2 = {
    * Stop a running MCP server
    *
    * @param {string} serverName the server to stop
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ success, serverName } | { error, message }>}
    */
-  stopServer: (serverName) =>
-    ipcRenderer$i.invoke(MCP_STOP_SERVER, { serverName }),
+  stopServer: (serverName, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_STOP_SERVER, { serverName, workspaceId }),
 
   /**
    * listTools
    * List available tools for a running MCP server
    *
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ tools } | { error, message }>}
    */
-  listTools: (serverName) => ipcRenderer$i.invoke(MCP_LIST_TOOLS, { serverName }),
+  listTools: (serverName, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_LIST_TOOLS, { serverName, workspaceId }),
 
   /**
    * callTool
@@ -61830,6 +62298,9 @@ const mcpApi$2 = {
    *   used to look up the widget's MCP permission manifest and gate
    *   the call accordingly. Should be the npm package name of the
    *   calling widget (e.g. "@trops/notes-summarizer").
+   * @param {string|null} workspaceId active workspace id (Slice 3a) —
+   *   the server process is scoped per (workspace, server). Slice 3b
+   *   will tie path scope to this id.
    * @returns {Promise<{ result } | { error, message }>}
    */
   callTool: (
@@ -61838,6 +62309,7 @@ const mcpApi$2 = {
     args,
     allowedTools = null,
     widgetId = null,
+    workspaceId = null,
   ) =>
     ipcRenderer$i.invoke(MCP_CALL_TOOL, {
       serverName,
@@ -61845,6 +62317,7 @@ const mcpApi$2 = {
       args,
       allowedTools,
       widgetId,
+      workspaceId,
     }),
 
   /**
@@ -61852,10 +62325,11 @@ const mcpApi$2 = {
    * List available resources for a running MCP server
    *
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ resources } | { error, message }>}
    */
-  listResources: (serverName) =>
-    ipcRenderer$i.invoke(MCP_LIST_RESOURCES, { serverName }),
+  listResources: (serverName, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_LIST_RESOURCES, { serverName, workspaceId }),
 
   /**
    * readResource
@@ -61863,20 +62337,22 @@ const mcpApi$2 = {
    *
    * @param {string} serverName the server name
    * @param {string} uri the resource URI
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ resource } | { error, message }>}
    */
-  readResource: (serverName, uri) =>
-    ipcRenderer$i.invoke(MCP_READ_RESOURCE, { serverName, uri }),
+  readResource: (serverName, uri, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_READ_RESOURCE, { serverName, uri, workspaceId }),
 
   /**
    * getServerStatus
    * Get the connection status of a server
    *
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ status, tools, error }>}
    */
-  getServerStatus: (serverName) =>
-    ipcRenderer$i.invoke(MCP_SERVER_STATUS, { serverName }),
+  getServerStatus: (serverName, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_SERVER_STATUS, { serverName, workspaceId }),
 
   /**
    * getCatalog
@@ -64613,6 +65089,7 @@ const paletteToThemeMapper = paletteToThemeMapper_1;
 const webSocketController = webSocketController_1;
 const extractionCacheController = extractionCacheController_1;
 const mcpDashServerController = mcpDashServerController_1;
+const widgetMcpGrantsController = widgetMcpGrantsController$1;
 
 // --- Errors ---
 const themeFromUrlErrors = themeFromUrlErrors$1;
@@ -64717,6 +65194,7 @@ var electron = {
   webSocketController,
   extractionCacheController,
   mcpDashServerController,
+  widgetMcpGrantsController,
 
   // Controller functions (flat) — spread for convenient destructuring
   ...controllers,