@trops/dash-core 0.1.490 → 0.1.492

package/dist/electron/index.js

@@ -17,7 +17,7 @@ var require$$0$5 = require('@modelcontextprotocol/sdk/client/index.js');
 var require$$1$4 = require('@modelcontextprotocol/sdk/client/stdio.js');
 var require$$0$4 = require('pkce-challenge');
 var require$$2$1 = require('os');
-var require$$9$1 = require('child_process');
+var require$$11 = require('child_process');
 var require$$3$2 = require('adm-zip');
 var require$$4$1 = require('url');
 var require$$2$2 = require('vm');
@@ -21522,6 +21522,183 @@ var permissionGate = {
   PATH_ARG_KEYS,
 };
 
+/**
+ * mcpServerKey.js
+ *
+ * Slice 3a: per-workspace MCP server process isolation.
+ *
+ * `mcpController.activeServers` was historically keyed by `serverName`
+ * alone, so two workspaces using the same MCP server type (e.g. both
+ * using `filesystem`) shared one process. Slice 3a keys by the
+ * compound `(workspaceId, serverName)` so each workspace gets its
+ * own process. Slice 3b will configure each process with the union
+ * of grants from widgets on that workspace; for now, processes are
+ * simply isolated.
+ *
+ * Format: `<workspaceId>::<serverName>`. The `::` separator is
+ * unlikely to appear in a UUID-shaped workspace id; serverName is
+ * everything after the first `::` so server names containing `::`
+ * round-trip cleanly.
+ *
+ * Callers without a workspace context (legacy IPC, dash MCP server
+ * tools, AI Builder previews) supply `null`/`undefined` and land on
+ * the `NO_WORKSPACE` sentinel bucket — that's the pre-Slice-3 bucket.
+ *
+ * NOTE: workspaceId is renderer-supplied. Slice 3a uses it only as a
+ * process-isolation key, NOT as a trust boundary. Slice 3b will tie
+ * server scope (e.g. filesystem `--allowed` paths) to it; that's when
+ * the trust boundary appears.
+ */
+
+const NO_WORKSPACE = "__no_workspace__";
+const SEP = "::";
+
+function serverKey$1(workspaceId, serverName) {
+  if (typeof serverName !== "string" || !serverName) {
+    throw new Error("serverKey: serverName is required");
+  }
+  const wid =
+    typeof workspaceId === "string" && workspaceId ? workspaceId : NO_WORKSPACE;
+  return wid + SEP + serverName;
+}
+
+function parseServerKey$1(key) {
+  if (typeof key !== "string") {
+    throw new Error("parseServerKey: key must be a string");
+  }
+  const idx = key.indexOf(SEP);
+  if (idx < 0) {
+    throw new Error(
+      "parseServerKey: malformed key (no '::' separator): " + key,
+    );
+  }
+  return {
+    workspaceId: key.slice(0, idx),
+    serverName: key.slice(idx + SEP.length),
+  };
+}
+
+var mcpServerKey = {
+  serverKey: serverKey$1,
+  parseServerKey: parseServerKey$1,
+  NO_WORKSPACE,
+  SEP,
+};
+
+/**
+ * mcpScopeResolver.js
+ *
+ * Slice 3b: per-workspace path scope reconfiguration.
+ *
+ * The Slice-3a process isolation key (`workspaceId::serverName`) is the
+ * lifecycle handle. This module computes WHAT the spawned process is
+ * configured to see — the union of granted paths from widgets on the
+ * active workspace, applied as credential overrides at spawn time.
+ *
+ * Design:
+ *   - The renderer enumerates widgets on the active workspace, looks up
+ *     each widget's grant via window.mainApi.widgetMcp.getGrant, and
+ *     hands the array to unionPathScope() to compute the workspace
+ *     scope for a given server (e.g. "filesystem").
+ *   - The renderer passes the resulting scope as `pathScope` to
+ *     mcpStartServer.
+ *   - mcpController applies the scope to credentials (replacing
+ *     allowedPaths etc.) before its existing argsMapping spreads them
+ *     into the spawn args. Servers that don't declare argsMapping for
+ *     the path keys are unaffected.
+ *
+ * Feature flag: the controller only applies the override when
+ * `security.enforceWidgetMcpPermissions` is on. When off, server starts
+ * with credentials as-configured (pre-3b behavior).
+ *
+ * Out of scope here:
+ *   - Hot-respawn on widget add/remove (see Slice 3b plan, deferred).
+ *   - Catalog schema for new path-scoped servers (filesystem already
+ *     has argsMapping.allowedPaths; others added as discovered).
+ */
+
+/**
+ * Compute the workspace-scoped path union for a given server.
+ *
+ * @param {Array<{widgetId, granted}>} grants - widgets-on-workspace + their grants
+ * @param {string} serverName - the MCP server name (e.g. "filesystem")
+ * @returns {{ readPaths: string[], writePaths: string[], allowedPaths: string[] }}
+ *
+ * `allowedPaths` is the dedup union of read+write — used by
+ * filesystem-style servers that take a single allowed-list. Servers
+ * that distinguish read-only vs read-write can use the readPaths /
+ * writePaths arrays directly.
+ */
+function unionPathScope(grants, serverName) {
+  const reads = new Set();
+  const writes = new Set();
+
+  if (!Array.isArray(grants)) {
+    return { readPaths: [], writePaths: [], allowedPaths: [] };
+  }
+
+  for (const entry of grants) {
+    if (!entry || typeof entry !== "object") continue;
+    const granted = entry.granted;
+    if (!granted || typeof granted !== "object") continue;
+    const servers = granted.servers;
+    if (!servers || typeof servers !== "object") continue;
+    const serverPerms = servers[serverName];
+    if (!serverPerms || typeof serverPerms !== "object") continue;
+
+    if (Array.isArray(serverPerms.readPaths)) {
+      for (const p of serverPerms.readPaths) {
+        if (typeof p === "string" && p) reads.add(p);
+      }
+    }
+    if (Array.isArray(serverPerms.writePaths)) {
+      for (const p of serverPerms.writePaths) {
+        if (typeof p === "string" && p) writes.add(p);
+      }
+    }
+  }
+
+  const readPaths = [...reads];
+  const writePaths = [...writes];
+  const allowedPaths = [...new Set([...reads, ...writes])];
+
+  return { readPaths, writePaths, allowedPaths };
+}
+
+/**
+ * Override credential keys with values derived from a path scope.
+ *
+ * Filesystem-style servers expect `allowedPaths` as a comma-separated
+ * string (the catalog's `argsMapping.allowedPaths.split` then expands
+ * it back into positional args at spawn time). This helper joins the
+ * scope's allowedPaths to match that convention.
+ *
+ * Returns a NEW credentials object — does not mutate the input.
+ *
+ * If pathScope is empty (no granted paths at all), the existing
+ * credentials are returned unchanged so the user's globally-configured
+ * allowedPaths still works for the LLM tool path / NO_WORKSPACE bucket.
+ */
+function applyPathScopeToCredentials$1(credentials, pathScope) {
+  const base =
+    credentials && typeof credentials === "object" ? { ...credentials } : {};
+
+  if (!pathScope || typeof pathScope !== "object") return base;
+
+  const allowed = Array.isArray(pathScope.allowedPaths)
+    ? pathScope.allowedPaths
+    : [];
+  if (allowed.length === 0) return base;
+
+  base.allowedPaths = allowed.join(",");
+  return base;
+}
+
+var mcpScopeResolver = {
+  unionPathScope,
+  applyPathScopeToCredentials: applyPathScopeToCredentials$1,
+};
+
 /**
  * mcpController.js
  *
@@ -21547,6 +21724,8 @@ const fs$9 = require$$0$2;
 const os$2 = require$$2$1;
 const responseCache$2 = responseCache_1;
 const { gateToolCall } = permissionGate;
+const { serverKey, parseServerKey } = mcpServerKey;
+const { applyPathScopeToCredentials } = mcpScopeResolver;
 const { app: app$7 } = require$$0$1;
 
 // Read the widget-MCP-enforcement feature flag from settings.json.
@@ -21703,7 +21882,7 @@ function getShellPath$1() {
     return _shellPath$1;
   }
 
-  const { execSync } = require$$9$1;
+  const { execSync } = require$$11;
   const fallbackDirs = ["/usr/local/bin", "/opt/homebrew/bin"];
 
   // Scan nvm versions, tracking both latest and best compatible version
@@ -21936,17 +22115,50 @@ const mcpController$3 = {
    * startServer
    * Start an MCP server with the given config and credentials
    *
+   * Slice 3a: server instances are keyed by `(workspaceId, serverName)`
+   * so two workspaces using the same server type get separate processes.
+   * Pass `null`/`undefined` workspaceId to land on the legacy
+   * NO_WORKSPACE bucket (e.g. dash MCP server tools, AI Builder previews).
+   *
+   * Slice 3b: when `security.enforceWidgetMcpPermissions` is on AND a
+   * non-empty `pathScope` is supplied, the scope's allowed paths
+   * override the server's existing path-style credentials before the
+   * catalog's argsMapping spreads them into spawn args. This scopes
+   * the server's OS-level capability to the union of widget grants on
+   * the active workspace.
+   *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName unique name for this server instance
    * @param {object} mcpConfig { transport, command, args, envMapping }
    * @param {object} credentials decrypted credentials object
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
+   * @param {object|null} pathScope { readPaths, writePaths, allowedPaths } (Slice 3b)
    * @returns {{ success, serverName, tools, status } | { error, message }}
    */
-  startServer: async (win, serverName, mcpConfig, credentials) => {
+  startServer: async (
+    win,
+    serverName,
+    mcpConfig,
+    credentials,
+    workspaceId,
+    pathScope = null,
+  ) => {
+    const key = serverKey(workspaceId, serverName);
+    // Slice 3b: when the gate is enforced, override credentials with
+    // the workspace's union of granted paths so the spawned process
+    // can't see anything broader than the user has consented to.
+    if (
+      isWidgetPermissionEnforcementEnabled() &&
+      pathScope &&
+      Array.isArray(pathScope.allowedPaths) &&
+      pathScope.allowedPaths.length > 0
+    ) {
+      credentials = applyPathScopeToCredentials(credentials, pathScope);
+    }
     // 1. Already connected? Return existing connection
-    const existing = activeServers.get(serverName);
+    const existing = activeServers.get(key);
     if (existing && existing.status === STATUS$1.CONNECTED && existing.client) {
-      console.log(`[mcpController] Server already connected: ${serverName}`);
+      console.log(`[mcpController] Server already connected: ${key}`);
       return {
         success: true,
         serverName,
@@ -21957,19 +22169,19 @@ const mcpController$3 = {
     }
 
     // 2. Already starting? Piggyback on the pending promise
-    if (pendingStarts.has(serverName)) {
+    if (pendingStarts.has(key)) {
       console.log(
-        `[mcpController] Server already starting, deduplicating: ${serverName}`,
+        `[mcpController] Server already starting, deduplicating: ${key}`,
       );
-      return pendingStarts.get(serverName);
+      return pendingStarts.get(key);
     }
 
     // 3. Fresh start — wrap in a promise and track it
     const startPromise = (async () => {
       try {
         // Stop if in stale/error state
-        if (activeServers.has(serverName)) {
-          await mcpController$3.stopServer(win, serverName);
+        if (activeServers.has(key)) {
+          await mcpController$3.stopServer(win, serverName, workspaceId);
         }
 
         // Merge with catalog entry to pick up updated command/args
@@ -22100,12 +22312,14 @@ const mcpController$3 = {
         }
 
         // Update status to connecting
-        activeServers.set(serverName, {
+        activeServers.set(key, {
           client: null,
           transport,
           tools: [],
           resources: [],
           status: STATUS$1.CONNECTING,
+          workspaceId: workspaceId || null,
+          serverName,
         });
 
         // Create MCP client
@@ -22139,16 +22353,18 @@ const mcpController$3 = {
         }
 
         // Store the active connection
-        activeServers.set(serverName, {
+        activeServers.set(key, {
           client,
           transport,
           tools,
           resources,
           status: STATUS$1.CONNECTED,
+          workspaceId: workspaceId || null,
+          serverName,
         });
 
         console.log(
-          `[mcpController] Server connected: ${serverName} (${tools.length} tools, ${resources.length} resources)`,
+          `[mcpController] Server connected: ${key} (${tools.length} tools, ${resources.length} resources)`,
         );
 
         return {
@@ -22173,13 +22389,15 @@ const mcpController$3 = {
         }
 
         // Mark as error state
-        activeServers.set(serverName, {
+        activeServers.set(key, {
           client: null,
           transport: null,
           tools: [],
           resources: [],
           status: STATUS$1.ERROR,
           error: errorMessage,
+          workspaceId: workspaceId || null,
+          serverName,
         });
 
         return {
@@ -22189,11 +22407,11 @@ const mcpController$3 = {
           status: STATUS$1.ERROR,
         };
       } finally {
-        pendingStarts.delete(serverName);
+        pendingStarts.delete(key);
       }
     })();
 
-    pendingStarts.set(serverName, startPromise);
+    pendingStarts.set(key, startPromise);
     return startPromise;
   },
 
@@ -22203,20 +22421,22 @@ const mcpController$3 = {
    *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName the server to stop
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ success, serverName } | { error, message }}
    */
-  stopServer: async (win, serverName) => {
+  stopServer: async (win, serverName, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     try {
       // Wait for any in-flight start to finish before stopping
-      if (pendingStarts.has(serverName)) {
+      if (pendingStarts.has(key)) {
         try {
-          await pendingStarts.get(serverName);
+          await pendingStarts.get(key);
         } catch (e) {
           /* stopping anyway */
         }
       }
 
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server) {
         return {
           success: true,
@@ -22225,7 +22445,7 @@ const mcpController$3 = {
         };
       }
 
-      console.log(`[mcpController] Stopping server: ${serverName}`);
+      console.log(`[mcpController] Stopping server: ${key}`);
 
       // Close the client connection
       if (server.client) {
@@ -22233,27 +22453,24 @@ const mcpController$3 = {
           await server.client.close();
         } catch (closeError) {
           console.warn(
-            `[mcpController] Error closing client for ${serverName}:`,
+            `[mcpController] Error closing client for ${key}:`,
             closeError.message,
           );
         }
       }
 
-      activeServers.delete(serverName);
+      activeServers.delete(key);
 
-      console.log(`[mcpController] Server stopped: ${serverName}`);
+      console.log(`[mcpController] Server stopped: ${key}`);
 
       return {
         success: true,
         serverName,
       };
     } catch (error) {
-      console.error(
-        `[mcpController] Error stopping server ${serverName}:`,
-        error,
-      );
+      console.error(`[mcpController] Error stopping server ${key}:`, error);
       // Clean up anyway
-      activeServers.delete(serverName);
+      activeServers.delete(key);
       return {
         error: true,
         message: error.message,
@@ -22270,6 +22487,10 @@ const mcpController$3 = {
    * @param {string} toolName the tool to call
    * @param {object} args arguments for the tool
    * @param {Array<string>} allowedTools optional whitelist of allowed tool names
+   * @param {string|null} widgetId the widget originating the call (Slice 1+2)
+   * @param {string|null} workspaceId the active workspace (Slice 3a) — used
+   *                       to scope the server process per workspace.
+   *                       Slice 3b will tie path scope to this id.
    * @returns {{ result } | { error, message }}
    */
   callTool: async (
@@ -22279,11 +22500,13 @@ const mcpController$3 = {
     args,
     allowedTools = null,
     widgetId = null,
+    workspaceId = null,
   ) => {
+    const key = serverKey(workspaceId, serverName);
     try {
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server || !server.client) {
-        throw new Error(`Server not connected: ${serverName}`);
+        throw new Error(`Server not connected: ${key}`);
       }
 
       // Per-widget manifest gate. Activated by the
@@ -22316,7 +22539,7 @@ const mcpController$3 = {
       }
 
       const doCall = async () => {
-        console.log(`[mcpController] Calling tool: ${serverName}/${toolName}`);
+        console.log(`[mcpController] Calling tool: ${key}/${toolName}`);
         const result = await server.client.callTool({
           name: toolName,
           arguments: args || {},
@@ -22327,18 +22550,21 @@ const mcpController$3 = {
         };
       };
 
-      // Cache read-only tool calls with in-flight dedup.
-      // Writes always hit the source (and we invalidate the server's cache).
+      // Cache read-only tool calls with in-flight dedup. Cache key is
+      // scoped per (workspace, server, tool, args) so two workspaces
+      // calling the same read on the same server type don't share a
+      // cached response — they're separate processes with potentially
+      // different scopes (Slice 3b will make that explicit).
       if (isReadOnlyTool(toolName)) {
-        const key = `mcp:${serverName}:${toolName}:${JSON.stringify(args || {})}`;
-        return responseCache$2.get(key, doCall, {
+        const cacheKey = `mcp:${key}:${toolName}:${JSON.stringify(args || {})}`;
+        return responseCache$2.get(cacheKey, doCall, {
           ttl: DEFAULT_TOOL_CACHE_TTL,
         });
       }
 
       // Write/mutation: invalidate any cached reads for this server
       // (safest default — broad invalidation when state changes)
-      responseCache$2.invalidatePrefix(`mcp:${serverName}:`);
+      responseCache$2.invalidatePrefix(`mcp:${key}:`);
       return doCall();
     } catch (error) {
       console.error(
@@ -22358,13 +22584,15 @@ const mcpController$3 = {
    *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ tools } | { error, message }}
    */
-  listTools: async (win, serverName) => {
+  listTools: async (win, serverName, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     try {
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server || !server.client) {
-        throw new Error(`Server not connected: ${serverName}`);
+        throw new Error(`Server not connected: ${key}`);
       }
 
       // Refresh tool list from server
@@ -22396,13 +22624,15 @@ const mcpController$3 = {
    *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ resources } | { error, message }}
    */
-  listResources: async (win, serverName) => {
+  listResources: async (win, serverName, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     try {
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server || !server.client) {
-        throw new Error(`Server not connected: ${serverName}`);
+        throw new Error(`Server not connected: ${key}`);
       }
 
       const resourcesResult = await server.client.listResources();
@@ -22434,13 +22664,15 @@ const mcpController$3 = {
    * @param {BrowserWindow} win the main window
    * @param {string} serverName the server name
    * @param {string} uri the resource URI
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {{ resource } | { error, message }}
    */
-  readResource: async (win, serverName, uri) => {
+  readResource: async (win, serverName, uri, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
     try {
-      const server = activeServers.get(serverName);
+      const server = activeServers.get(key);
       if (!server || !server.client) {
-        throw new Error(`Server not connected: ${serverName}`);
+        throw new Error(`Server not connected: ${key}`);
       }
 
       const result = await server.client.readResource({ uri });
@@ -22469,8 +22701,9 @@ const mcpController$3 = {
    * @param {string} serverName the server name
    * @returns {{ status, tools, error }}
    */
-  getServerStatus: (win, serverName) => {
-    const server = activeServers.get(serverName);
+  getServerStatus: (win, serverName, workspaceId) => {
+    const key = serverKey(workspaceId, serverName);
+    const server = activeServers.get(key);
     if (!server) {
       return {
         serverName,
@@ -22603,7 +22836,7 @@ const mcpController$3 = {
    * @returns {{ success } | { error, message }}
    */
   runAuth: async (win, mcpConfig, credentials, authCommand) => {
-    const { spawn } = require$$9$1;
+    const { spawn } = require$$11;
 
     const env = cleanEnvForChildProcess();
 
@@ -22732,12 +22965,39 @@ const mcpController$3 = {
       `[mcpController] Stopping all servers (${activeServers.size} active)`,
     );
     const promises = [];
-    for (const [serverName] of activeServers) {
-      promises.push(mcpController$3.stopServer(null, serverName));
+    // Slice 3a: keys are compound `(workspaceId, serverName)`. Parse
+    // to call stopServer with the original args.
+    for (const [key] of activeServers) {
+      const { workspaceId, serverName } = parseServerKey(key);
+      promises.push(mcpController$3.stopServer(null, serverName, workspaceId));
     }
     await Promise.allSettled(promises);
     console.log("[mcpController] All servers stopped");
   },
+
+  /**
+   * stopServersForWorkspace
+   * Stop every server keyed under the given workspaceId. Called when
+   * a workspace unmounts so its scoped MCP processes don't leak.
+   *
+   * @param {string} workspaceId the workspace whose servers to stop
+   */
+  stopServersForWorkspace: async (workspaceId) => {
+    if (!workspaceId) return;
+    const promises = [];
+    for (const [key] of activeServers) {
+      const parsed = parseServerKey(key);
+      if (parsed.workspaceId !== workspaceId) continue;
+      promises.push(
+        mcpController$3.stopServer(null, parsed.serverName, workspaceId),
+      );
+    }
+    if (promises.length === 0) return;
+    console.log(
+      `[mcpController] Stopping ${promises.length} server(s) for workspace ${workspaceId}`,
+    );
+    await Promise.allSettled(promises);
+  },
 };
 
 mcpController$4.exports = mcpController$3;
@@ -47743,7 +48003,7 @@ var mcpDashServerController_1 = mcpDashServerController$4;
  * can use the Chat widget without a separate API key.
  */
 
-const { spawn, execSync } = require$$9$1;
+const { spawn, execSync } = require$$11;
 const {
   LLM_STREAM_DELTA: LLM_STREAM_DELTA$2,
   LLM_STREAM_TOOL_CALL: LLM_STREAM_TOOL_CALL$2,
@@ -62132,13 +62392,27 @@ const mcpApi$2 = {
    * @param {string} serverName unique name for this server instance
    * @param {object} mcpConfig { transport, command, args, envMapping }
    * @param {object} credentials decrypted credentials object
+   * @param {string|null} workspaceId active workspace id (Slice 3a) —
+   *   server processes are keyed per workspace.
+   * @param {object|null} pathScope (Slice 3b) — when provided, the
+   *   workspace's union of granted paths overrides the server's
+   *   path-style credentials at spawn time. Shape:
+   *   `{ readPaths, writePaths, allowedPaths }`.
    * @returns {Promise<{ success, serverName, tools, status } | { error, message }>}
    */
-  startServer: (serverName, mcpConfig, credentials) =>
+  startServer: (
+    serverName,
+    mcpConfig,
+    credentials,
+    workspaceId = null,
+    pathScope = null,
+  ) =>
     ipcRenderer$i.invoke(MCP_START_SERVER, {
       serverName,
       mcpConfig,
       credentials,
+      workspaceId,
+      pathScope,
     }),
 
   /**
@@ -62146,19 +62420,22 @@ const mcpApi$2 = {
    * Stop a running MCP server
    *
    * @param {string} serverName the server to stop
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ success, serverName } | { error, message }>}
    */
-  stopServer: (serverName) =>
-    ipcRenderer$i.invoke(MCP_STOP_SERVER, { serverName }),
+  stopServer: (serverName, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_STOP_SERVER, { serverName, workspaceId }),
 
   /**
    * listTools
    * List available tools for a running MCP server
    *
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ tools } | { error, message }>}
    */
-  listTools: (serverName) => ipcRenderer$i.invoke(MCP_LIST_TOOLS, { serverName }),
+  listTools: (serverName, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_LIST_TOOLS, { serverName, workspaceId }),
 
   /**
    * callTool
@@ -62173,6 +62450,9 @@ const mcpApi$2 = {
    *   used to look up the widget's MCP permission manifest and gate
    *   the call accordingly. Should be the npm package name of the
    *   calling widget (e.g. "@trops/notes-summarizer").
+   * @param {string|null} workspaceId active workspace id (Slice 3a) —
+   *   the server process is scoped per (workspace, server). Slice 3b
+   *   will tie path scope to this id.
    * @returns {Promise<{ result } | { error, message }>}
    */
   callTool: (
@@ -62181,6 +62461,7 @@ const mcpApi$2 = {
     args,
     allowedTools = null,
     widgetId = null,
+    workspaceId = null,
   ) =>
     ipcRenderer$i.invoke(MCP_CALL_TOOL, {
       serverName,
@@ -62188,6 +62469,7 @@ const mcpApi$2 = {
       args,
       allowedTools,
       widgetId,
+      workspaceId,
     }),
 
   /**
@@ -62195,10 +62477,11 @@ const mcpApi$2 = {
    * List available resources for a running MCP server
    *
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ resources } | { error, message }>}
    */
-  listResources: (serverName) =>
-    ipcRenderer$i.invoke(MCP_LIST_RESOURCES, { serverName }),
+  listResources: (serverName, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_LIST_RESOURCES, { serverName, workspaceId }),
 
   /**
    * readResource
@@ -62206,20 +62489,22 @@ const mcpApi$2 = {
    *
    * @param {string} serverName the server name
    * @param {string} uri the resource URI
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ resource } | { error, message }>}
    */
-  readResource: (serverName, uri) =>
-    ipcRenderer$i.invoke(MCP_READ_RESOURCE, { serverName, uri }),
+  readResource: (serverName, uri, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_READ_RESOURCE, { serverName, uri, workspaceId }),
 
   /**
    * getServerStatus
    * Get the connection status of a server
    *
    * @param {string} serverName the server name
+   * @param {string|null} workspaceId active workspace id (Slice 3a)
    * @returns {Promise<{ status, tools, error }>}
    */
-  getServerStatus: (serverName) =>
-    ipcRenderer$i.invoke(MCP_SERVER_STATUS, { serverName }),
+  getServerStatus: (serverName, workspaceId = null) =>
+    ipcRenderer$i.invoke(MCP_SERVER_STATUS, { serverName, workspaceId }),
 
   /**
    * getCatalog