npm - @trops/dash-core - Versions diffs - 0.1.491 → 0.1.492 - Mend

@trops/dash-core 0.1.491 → 0.1.492

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/electron/index.js +158 -6
package/dist/electron/index.js.map +1 -1
package/dist/index.esm.js +275 -151
package/dist/index.esm.js.map +1 -1
package/dist/index.js +275 -151
package/dist/index.js.map +1 -1
package/package.json +1 -1

package/dist/electron/index.js CHANGED Viewed

@@ -17,7 +17,7 @@ var require$$0$5 = require('@modelcontextprotocol/sdk/client/index.js');
 var require$$1$4 = require('@modelcontextprotocol/sdk/client/stdio.js');
 var require$$0$4 = require('pkce-challenge');
 var require$$2$1 = require('os');
-var require$$10 = require('child_process');
+var require$$11 = require('child_process');
 var require$$3$2 = require('adm-zip');
 var require$$4$1 = require('url');
 var require$$2$2 = require('vm');
@@ -21585,6 +21585,120 @@ var mcpServerKey = {
   SEP,
 };
+/**
+ * mcpScopeResolver.js
+ *
+ * Slice 3b: per-workspace path scope reconfiguration.
+ *
+ * The Slice-3a process isolation key (`workspaceId::serverName`) is the
+ * lifecycle handle. This module computes WHAT the spawned process is
+ * configured to see — the union of granted paths from widgets on the
+ * active workspace, applied as credential overrides at spawn time.
+ *
+ * Design:
+ *   - The renderer enumerates widgets on the active workspace, looks up
+ *     each widget's grant via window.mainApi.widgetMcp.getGrant, and
+ *     hands the array to unionPathScope() to compute the workspace
+ *     scope for a given server (e.g. "filesystem").
+ *   - The renderer passes the resulting scope as `pathScope` to
+ *     mcpStartServer.
+ *   - mcpController applies the scope to credentials (replacing
+ *     allowedPaths etc.) before its existing argsMapping spreads them
+ *     into the spawn args. Servers that don't declare argsMapping for
+ *     the path keys are unaffected.
+ *
+ * Feature flag: the controller only applies the override when
+ * `security.enforceWidgetMcpPermissions` is on. When off, server starts
+ * with credentials as-configured (pre-3b behavior).
+ *
+ * Out of scope here:
+ *   - Hot-respawn on widget add/remove (see Slice 3b plan, deferred).
+ *   - Catalog schema for new path-scoped servers (filesystem already
+ *     has argsMapping.allowedPaths; others added as discovered).
+ */
+/**
+ * Compute the workspace-scoped path union for a given server.
+ *
+ * @param {Array<{widgetId, granted}>} grants - widgets-on-workspace + their grants
+ * @param {string} serverName - the MCP server name (e.g. "filesystem")
+ * @returns {{ readPaths: string[], writePaths: string[], allowedPaths: string[] }}
+ *
+ * `allowedPaths` is the dedup union of read+write — used by
+ * filesystem-style servers that take a single allowed-list. Servers
+ * that distinguish read-only vs read-write can use the readPaths /
+ * writePaths arrays directly.
+ */
+function unionPathScope(grants, serverName) {
+  const reads = new Set();
+  const writes = new Set();
+  if (!Array.isArray(grants)) {
+    return { readPaths: [], writePaths: [], allowedPaths: [] };
+  }
+  for (const entry of grants) {
+    if (!entry || typeof entry !== "object") continue;
+    const granted = entry.granted;
+    if (!granted || typeof granted !== "object") continue;
+    const servers = granted.servers;
+    if (!servers || typeof servers !== "object") continue;
+    const serverPerms = servers[serverName];
+    if (!serverPerms || typeof serverPerms !== "object") continue;
+    if (Array.isArray(serverPerms.readPaths)) {
+      for (const p of serverPerms.readPaths) {
+        if (typeof p === "string" && p) reads.add(p);
+      }
+    }
+    if (Array.isArray(serverPerms.writePaths)) {
+      for (const p of serverPerms.writePaths) {
+        if (typeof p === "string" && p) writes.add(p);
+      }
+    }
+  }
+  const readPaths = [...reads];
+  const writePaths = [...writes];
+  const allowedPaths = [...new Set([...reads, ...writes])];
+  return { readPaths, writePaths, allowedPaths };
+}
+/**
+ * Override credential keys with values derived from a path scope.
+ *
+ * Filesystem-style servers expect `allowedPaths` as a comma-separated
+ * string (the catalog's `argsMapping.allowedPaths.split` then expands
+ * it back into positional args at spawn time). This helper joins the
+ * scope's allowedPaths to match that convention.
+ *
+ * Returns a NEW credentials object — does not mutate the input.
+ *
+ * If pathScope is empty (no granted paths at all), the existing
+ * credentials are returned unchanged so the user's globally-configured
+ * allowedPaths still works for the LLM tool path / NO_WORKSPACE bucket.
+ */
+function applyPathScopeToCredentials$1(credentials, pathScope) {
+  const base =
+    credentials && typeof credentials === "object" ? { ...credentials } : {};
+  if (!pathScope || typeof pathScope !== "object") return base;
+  const allowed = Array.isArray(pathScope.allowedPaths)
+    ? pathScope.allowedPaths
+    : [];
+  if (allowed.length === 0) return base;
+  base.allowedPaths = allowed.join(",");
+  return base;
+}
+var mcpScopeResolver = {
+  unionPathScope,
+  applyPathScopeToCredentials: applyPathScopeToCredentials$1,
+};
 /**
  * mcpController.js
  *
@@ -21611,6 +21725,7 @@ const os$2 = require$$2$1;
 const responseCache$2 = responseCache_1;
 const { gateToolCall } = permissionGate;
 const { serverKey, parseServerKey } = mcpServerKey;
+const { applyPathScopeToCredentials } = mcpScopeResolver;
 const { app: app$7 } = require$$0$1;
 // Read the widget-MCP-enforcement feature flag from settings.json.
@@ -21767,7 +21882,7 @@ function getShellPath$1() {
     return _shellPath$1;
   }
-  const { execSync } = require$$10;
+  const { execSync } = require$$11;
   const fallbackDirs = ["/usr/local/bin", "/opt/homebrew/bin"];
   // Scan nvm versions, tracking both latest and best compatible version
@@ -22005,15 +22120,41 @@ const mcpController$3 = {
    * Pass `null`/`undefined` workspaceId to land on the legacy
    * NO_WORKSPACE bucket (e.g. dash MCP server tools, AI Builder previews).
    *
+   * Slice 3b: when `security.enforceWidgetMcpPermissions` is on AND a
+   * non-empty `pathScope` is supplied, the scope's allowed paths
+   * override the server's existing path-style credentials before the
+   * catalog's argsMapping spreads them into spawn args. This scopes
+   * the server's OS-level capability to the union of widget grants on
+   * the active workspace.
+   *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName unique name for this server instance
    * @param {object} mcpConfig { transport, command, args, envMapping }
    * @param {object} credentials decrypted credentials object
    * @param {string|null} workspaceId active workspace id (Slice 3a)
+   * @param {object|null} pathScope { readPaths, writePaths, allowedPaths } (Slice 3b)
    * @returns {{ success, serverName, tools, status } | { error, message }}
    */
-  startServer: async (win, serverName, mcpConfig, credentials, workspaceId) => {
+  startServer: async (
+    win,
+    serverName,
+    mcpConfig,
+    credentials,
+    workspaceId,
+    pathScope = null,
+  ) => {
     const key = serverKey(workspaceId, serverName);
+    // Slice 3b: when the gate is enforced, override credentials with
+    // the workspace's union of granted paths so the spawned process
+    // can't see anything broader than the user has consented to.
+    if (
+      isWidgetPermissionEnforcementEnabled() &&
+      pathScope &&
+      Array.isArray(pathScope.allowedPaths) &&
+      pathScope.allowedPaths.length > 0
+    ) {
+      credentials = applyPathScopeToCredentials(credentials, pathScope);
+    }
     // 1. Already connected? Return existing connection
     const existing = activeServers.get(key);
     if (existing && existing.status === STATUS$1.CONNECTED && existing.client) {
@@ -22695,7 +22836,7 @@ const mcpController$3 = {
    * @returns {{ success } | { error, message }}
    */
   runAuth: async (win, mcpConfig, credentials, authCommand) => {
-    const { spawn } = require$$10;
+    const { spawn } = require$$11;
     const env = cleanEnvForChildProcess();
@@ -47862,7 +48003,7 @@ var mcpDashServerController_1 = mcpDashServerController$4;
  * can use the Chat widget without a separate API key.
  */
-const { spawn, execSync } = require$$10;
+const { spawn, execSync } = require$$11;
 const {
   LLM_STREAM_DELTA: LLM_STREAM_DELTA$2,
   LLM_STREAM_TOOL_CALL: LLM_STREAM_TOOL_CALL$2,
@@ -62253,14 +62394,25 @@ const mcpApi$2 = {
    * @param {object} credentials decrypted credentials object
    * @param {string|null} workspaceId active workspace id (Slice 3a) —
    *   server processes are keyed per workspace.
+   * @param {object|null} pathScope (Slice 3b) — when provided, the
+   *   workspace's union of granted paths overrides the server's
+   *   path-style credentials at spawn time. Shape:
+   *   `{ readPaths, writePaths, allowedPaths }`.
    * @returns {Promise<{ success, serverName, tools, status } | { error, message }>}
    */
-  startServer: (serverName, mcpConfig, credentials, workspaceId = null) =>
+  startServer: (
+    serverName,
+    mcpConfig,
+    credentials,
+    workspaceId = null,
+    pathScope = null,
+  ) =>
     ipcRenderer$i.invoke(MCP_START_SERVER, {
       serverName,
       mcpConfig,
       credentials,
       workspaceId,
+      pathScope,
     }),
   /**