@trops/dash-core 0.1.491 → 0.1.493

package/dist/electron/index.js

@@ -17,7 +17,7 @@ var require$$0$5 = require('@modelcontextprotocol/sdk/client/index.js');
 var require$$1$4 = require('@modelcontextprotocol/sdk/client/stdio.js');
 var require$$0$4 = require('pkce-challenge');
 var require$$2$1 = require('os');
-var require$$10 = require('child_process');
+var require$$11 = require('child_process');
 var require$$3$2 = require('adm-zip');
 var require$$4$1 = require('url');
 var require$$2$2 = require('vm');
@@ -1107,7 +1107,7 @@ var secureStoreController$1 = {
   getData: getData$1,
 };
 
-const path$m = require$$1$2;
+const path$n = require$$1$2;
 const {
   readFileSync,
   writeFileSync: writeFileSync$4,
@@ -1125,7 +1125,7 @@ const {
 function ensureDirectoryExistence$2(filePath) {
   try {
     // isDirectory
-    var dirname = path$m.dirname(filePath);
+    var dirname = path$n.dirname(filePath);
     // check if the directory exists...return true
     // if not, we can pass in the dirname as the filepath
     // and check each directory recursively.
@@ -1240,7 +1240,7 @@ function removeFilesFromDirectory(directory, excludeFiles = []) {
 
       for (const file of files) {
         if (!excludeFiles.includes(file)) {
-          unlinkSync(path$m.join(directory, file), (err) => {
+          unlinkSync(path$n.join(directory, file), (err) => {
             if (err) throw err;
           });
         }
@@ -1258,7 +1258,7 @@ var file = {
 };
 
 const { app: app$f } = require$$0$1;
-const path$l = require$$1$2;
+const path$m = require$$1$2;
 const { writeFileSync: writeFileSync$3 } = require$$0$2;
 const { getFileContents: getFileContents$7 } = file;
 
@@ -1305,7 +1305,7 @@ const workspaceController$3 = {
   saveWorkspaceForApplication: (win, appId, workspaceObject) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$l.join(
+      const filename = path$m.join(
         app$f.getPath("userData"),
         appName$7,
         appId,
@@ -1354,7 +1354,7 @@ const workspaceController$3 = {
   saveMenuItemsForApplication: (win, appId, menuItems) => {
     try {
       // filename to the workspaces file
-      const filename = path$l.join(
+      const filename = path$m.join(
         app$f.getPath("userData"),
         appName$7,
         appId,
@@ -1403,7 +1403,7 @@ const workspaceController$3 = {
    */
   deleteWorkspaceForApplication: (win, appId, workspaceId) => {
     try {
-      const filename = path$l.join(
+      const filename = path$m.join(
         app$f.getPath("userData"),
         appName$7,
         appId,
@@ -1437,7 +1437,7 @@ const workspaceController$3 = {
 
   listWorkspacesForApplication: (win, appId) => {
     try {
-      const filename = path$l.join(
+      const filename = path$m.join(
         app$f.getPath("userData"),
         appName$7,
         appId,
@@ -1465,7 +1465,7 @@ const workspaceController$3 = {
 
   listMenuItemsForApplication: (win, appId) => {
     try {
-      const filename = path$l.join(
+      const filename = path$m.join(
         app$f.getPath("userData"),
         appName$7,
         appId,
@@ -1510,7 +1510,7 @@ const workspaceController$3 = {
 var workspaceController_1 = workspaceController$3;
 
 const { app: app$e } = require$$0$1;
-const path$k = require$$1$2;
+const path$l = require$$1$2;
 const { writeFileSync: writeFileSync$2 } = require$$0$2;
 const { getFileContents: getFileContents$6 } = file;
 
@@ -1530,7 +1530,7 @@ const themeController$5 = {
   saveThemeForApplication: (win, appId, name, obj) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$k.join(
+      const filename = path$l.join(
         app$e.getPath("userData"),
         appName$6,
         appId,
@@ -1576,7 +1576,7 @@ const themeController$5 = {
    */
   listThemesForApplication: (win, appId) => {
     try {
-      const filename = path$k.join(
+      const filename = path$l.join(
         app$e.getPath("userData"),
         appName$6,
         appId,
@@ -1618,7 +1618,7 @@ const themeController$5 = {
    */
   deleteThemeForApplication: (win, appId, themeKey) => {
     try {
-      const filename = path$k.join(
+      const filename = path$l.join(
         app$e.getPath("userData"),
         appName$6,
         appId,
@@ -1695,8 +1695,8 @@ var themeController_1 = themeController$5;
  *      `/data/`.
  */
 
-const path$j = require$$1$2;
-const fs$e = require$$0$2;
+const path$k = require$$1$2;
+const fs$f = require$$0$2;
 const { app: app$d } = require$$0$1;
 
 const APP_NAME = "Dashboard";
@@ -1709,7 +1709,7 @@ function getAllowedRoots$2(category) {
   const userData = app$d.getPath("userData");
   switch (category) {
     case "data": {
-      const def = path$j.join(userData, APP_NAME, "data");
+      const def = path$k.join(userData, APP_NAME, "data");
       // The user can configure a custom data directory in
       // Settings → General → Data Directory. If set, that
       // location is ALSO an allowed root. We don't replace the
@@ -1719,11 +1719,11 @@ function getAllowedRoots$2(category) {
       return override ? [def, override] : [def];
     }
     case "themes":
-      return [path$j.join(userData, APP_NAME, "themes")];
+      return [path$k.join(userData, APP_NAME, "themes")];
     case "widgets":
-      return [path$j.join(userData, "widgets")];
+      return [path$k.join(userData, "widgets")];
     case "plugins":
-      return [path$j.join(userData, "plugins")];
+      return [path$k.join(userData, "plugins")];
     case "downloads":
       return [app$d.getPath("downloads")];
     default:
@@ -1740,13 +1740,13 @@ function getAllowedRoots$2(category) {
  */
 function readDataDirectoryFromSettings() {
   try {
-    const settingsPath = path$j.join(
+    const settingsPath = path$k.join(
       app$d.getPath("userData"),
       APP_NAME,
       "settings.json",
     );
-    if (!fs$e.existsSync(settingsPath)) return undefined;
-    const raw = fs$e.readFileSync(settingsPath, "utf8");
+    if (!fs$f.existsSync(settingsPath)) return undefined;
+    const raw = fs$f.readFileSync(settingsPath, "utf8");
     const settings = JSON.parse(raw);
     const dir = settings && settings.dataDirectory;
     if (typeof dir === "string" && dir) return dir;
@@ -1772,18 +1772,18 @@ function safePath$3(requested, allowedRoots) {
     throw new Error("safePath: allowedRoots must be a non-empty array");
   }
 
-  const resolved = path$j.resolve(requested);
+  const resolved = path$k.resolve(requested);
 
   // Real-path through symlinks. If the file doesn't exist yet (a
   // create-new operation), real-path the parent so a symlink in the
   // parent chain can't trick us.
   let real = resolved;
   try {
-    real = fs$e.realpathSync(resolved);
+    real = fs$f.realpathSync(resolved);
   } catch (_e) {
     try {
-      const parent = fs$e.realpathSync(path$j.dirname(resolved));
-      real = path$j.join(parent, path$j.basename(resolved));
+      const parent = fs$f.realpathSync(path$k.dirname(resolved));
+      real = path$k.join(parent, path$k.basename(resolved));
     } catch (_e2) {
       // Parent doesn't exist either. Use the resolved-but-not-
       // real path; the caller's mkdirSync will happen inside the
@@ -1795,14 +1795,14 @@ function safePath$3(requested, allowedRoots) {
   for (const root of allowedRoots) {
     let realRoot = root;
     try {
-      if (fs$e.existsSync(root)) realRoot = fs$e.realpathSync(root);
+      if (fs$f.existsSync(root)) realRoot = fs$f.realpathSync(root);
     } catch (_e) {
       // root doesn't exist or isn't reachable — keep as-is for
       // the comparison below
     }
     // Exact match OR strictly-inside (with separator to prevent
     // /data-evil/ matching /data/).
-    if (real === realRoot || real.startsWith(realRoot + path$j.sep)) {
+    if (real === realRoot || real.startsWith(realRoot + path$k.sep)) {
       return real;
     }
   }
@@ -2060,14 +2060,14 @@ var safeJsExecutor$1 = {
  * - CSV -> JSON
  */
 
-var fs$d = require$$0$2;
+var fs$e = require$$0$2;
 var readline = require$$1$3;
 const xtreamer = require$$2;
 var xmlParser = require$$3$1;
 var JSONStream$1 = require$$4;
 const stream$1 = require$$5;
 var csv = require$$6;
-const path$i = require$$1$2;
+const path$j = require$$1$2;
 const { app: app$c } = require$$0$1;
 const { ensureDirectoryExistence: ensureDirectoryExistence$1 } = file;
 const safeJsExecutor = safeJsExecutor$1;
@@ -2122,7 +2122,7 @@ let Transform$1 = class Transform {
         let lineObject = [];
 
         const readInterface = readline.createInterface({
-          input: fs$d.createReadStream(filepath),
+          input: fs$e.createReadStream(filepath),
           output: process.stdout,
           console: false,
         });
@@ -2157,7 +2157,7 @@ let Transform$1 = class Transform {
     return new Promise((resolve, reject) => {
       try {
         const parser = JSONStream$1.parse("*");
-        const readStream = fs$d.createReadStream(file).pipe(parser);
+        const readStream = fs$e.createReadStream(file).pipe(parser);
 
         let count = 0;
 
@@ -2210,7 +2210,7 @@ let Transform$1 = class Transform {
   parseXMLStream = (filepath, outpath, start) => {
     return new Promise((resolve, reject) => {
       try {
-        const xmlFileReadStream = fs$d.createReadStream(filepath);
+        const xmlFileReadStream = fs$e.createReadStream(filepath);
 
         xmlFileReadStream.on("end", () => {
           writeStream.write("\n]");
@@ -2221,7 +2221,7 @@ let Transform$1 = class Transform {
           resolve("Read Finish");
         });
 
-        const writeStream = fs$d.createWriteStream(outpath);
+        const writeStream = fs$e.createWriteStream(outpath);
         writeStream.write("[\n");
 
         const options = {
@@ -2273,10 +2273,10 @@ let Transform$1 = class Transform {
   ) => {
     return new Promise((resolve, reject) => {
       try {
-        const readStream = fs$d
+        const readStream = fs$e
           .createReadStream(filepath)
           .pipe(csv({ separator: delimiter }));
-        const writeStream = fs$d.createWriteStream(outpath);
+        const writeStream = fs$e.createWriteStream(outpath);
 
         let canParse = true;
 
@@ -2362,18 +2362,18 @@ let Transform$1 = class Transform {
       }
 
       // Validate file paths are within app data directory
-      const appDataDir = path$i.join(app$c.getPath("userData"), TRANSFORM_APP_NAME);
-      const resolvedFilepath = path$i.resolve(filepath);
-      const resolvedOutFilepath = path$i.resolve(outFilepath);
+      const appDataDir = path$j.join(app$c.getPath("userData"), TRANSFORM_APP_NAME);
+      const resolvedFilepath = path$j.resolve(filepath);
+      const resolvedOutFilepath = path$j.resolve(outFilepath);
 
-      if (!resolvedFilepath.startsWith(appDataDir + path$i.sep)) {
+      if (!resolvedFilepath.startsWith(appDataDir + path$j.sep)) {
         return reject(
           new Error(
             "Input file path must be within the application data directory",
           ),
         );
       }
-      if (!resolvedOutFilepath.startsWith(appDataDir + path$i.sep)) {
+      if (!resolvedOutFilepath.startsWith(appDataDir + path$j.sep)) {
         return reject(
           new Error(
             "Output file path must be within the application data directory",
@@ -2384,16 +2384,16 @@ let Transform$1 = class Transform {
       // JSON parser
       var parser = JSONStream$1.parse("*");
 
-      if (!fs$d.existsSync(resolvedFilepath)) {
+      if (!fs$e.existsSync(resolvedFilepath)) {
         return reject(new Error("File doesnt exist"));
       }
       console.log("file exists ", resolvedFilepath);
       // create the readStream to parse the large file (json)
-      var readStream = fs$d.createReadStream(resolvedFilepath).pipe(parser);
+      var readStream = fs$e.createReadStream(resolvedFilepath).pipe(parser);
 
       ensureDirectoryExistence$1(resolvedOutFilepath);
 
-      var writeStream = fs$d.createWriteStream(resolvedOutFilepath);
+      var writeStream = fs$e.createWriteStream(resolvedOutFilepath);
 
       let sep = "";
       let count = 0;
@@ -2506,8 +2506,8 @@ let Transform$1 = class Transform {
 var transform = Transform$1;
 
 const { app: app$b } = require$$0$1;
-var fs$c = require$$0$2;
-const path$h = require$$1$2;
+var fs$d = require$$0$2;
+const path$i = require$$1$2;
 const events$5 = events$8;
 const { getFileContents: getFileContents$5, writeToFile: writeToFile$2 } = file;
 const { safePath: safePath$2, getAllowedRoots: getAllowedRoots$1 } = safePath_1;
@@ -2532,7 +2532,7 @@ const dataController$1 = {
       // Validate the renderer-supplied filename is contained within
       // the data directory. path.join doesn't reject `..` segments;
       // safePath does.
-      const candidate = path$h.join(
+      const candidate = path$i.join(
         app$b.getPath("userData"),
         appName$5,
         appId,
@@ -2691,7 +2691,7 @@ const dataController$1 = {
       // intent, plus realpath/symlink protection.
       const resolvedFilepath = safePath$2(toFilepath, getAllowedRoots$1("data"));
 
-      const writeStream = fs$c.createWriteStream(resolvedFilepath);
+      const writeStream = fs$d.createWriteStream(resolvedFilepath);
 
       https$3
         .get(url, (resp) => {
@@ -2855,7 +2855,7 @@ const dataController$1 = {
       if (data) {
         // Validate filename is contained within the data directory.
         // path.join doesn't reject `..` segments; safePath does.
-        const candidate = path$h.join(
+        const candidate = path$i.join(
           app$b.getPath("userData"),
           appName$5,
           "data",
@@ -2948,7 +2948,7 @@ const dataController$1 = {
     try {
       if (filename) {
         // filename to the pages file (live pages)
-        const fromFilename = path$h.join(
+        const fromFilename = path$i.join(
           app$b.getPath("userData"),
           appName$5,
           "data",
@@ -3030,8 +3030,8 @@ var dataController_1 = dataController$1;
  */
 
 const { app: app$a } = require$$0$1;
-const path$g = require$$1$2;
-const fs$b = require$$0$2;
+const path$h = require$$1$2;
+const fs$c = require$$0$2;
 const { getFileContents: getFileContents$4, writeToFile: writeToFile$1 } = file;
 
 const configFilename$3 = "settings.json";
@@ -3039,15 +3039,15 @@ const appName$4 = "Dashboard";
 
 // Helper function to recursively copy directory
 function copyDirectory(source, destination) {
-  if (!fs$b.existsSync(destination)) {
-    fs$b.mkdirSync(destination, { recursive: true });
+  if (!fs$c.existsSync(destination)) {
+    fs$c.mkdirSync(destination, { recursive: true });
   }
 
-  const files = fs$b.readdirSync(source);
+  const files = fs$c.readdirSync(source);
   for (const file of files) {
-    const srcPath = path$g.join(source, file);
-    const destPath = path$g.join(destination, file);
-    const stat = fs$b.lstatSync(srcPath);
+    const srcPath = path$h.join(source, file);
+    const destPath = path$h.join(destination, file);
+    const stat = fs$c.lstatSync(srcPath);
 
     // Skip symlinks to prevent following links to sensitive files
     if (stat.isSymbolicLink()) {
@@ -3058,7 +3058,7 @@ function copyDirectory(source, destination) {
     if (stat.isDirectory()) {
       copyDirectory(srcPath, destPath);
     } else {
-      fs$b.copyFileSync(srcPath, destPath);
+      fs$c.copyFileSync(srcPath, destPath);
     }
   }
 }
@@ -3074,7 +3074,7 @@ const settingsController$4 = {
     try {
       if (data) {
         // <appId>/settings.json
-        const filename = path$g.join(
+        const filename = path$h.join(
           app$a.getPath("userData"),
           appName$4,
           configFilename$3,
@@ -3110,7 +3110,7 @@ const settingsController$4 = {
   getSettingsForApplication: (win) => {
     try {
       // <appId>/settings.json
-      const filename = path$g.join(
+      const filename = path$h.join(
         app$a.getPath("userData"),
         appName$4,
         configFilename$3,
@@ -3141,7 +3141,7 @@ const settingsController$4 = {
    */
   getDataDirectory: (win) => {
     try {
-      const settingsPath = path$g.join(
+      const settingsPath = path$h.join(
         app$a.getPath("userData"),
         appName$4,
         configFilename$3,
@@ -3149,7 +3149,7 @@ const settingsController$4 = {
       const settings = getFileContents$4(settingsPath, {});
       const userDataDir =
         settings.userDataDirectory ||
-        path$g.join(app$a.getPath("userData"), appName$4);
+        path$h.join(app$a.getPath("userData"), appName$4);
 
       console.log("[settingsController] Data directory retrieved successfully");
       // Return the data for ipcMain.handle() - modern promise-based approach
@@ -3176,17 +3176,17 @@ const settingsController$4 = {
   setDataDirectory: (win, newPath) => {
     try {
       // Validate the path exists and is a directory
-      if (!fs$b.existsSync(newPath)) {
-        fs$b.mkdirSync(newPath, { recursive: true });
+      if (!fs$c.existsSync(newPath)) {
+        fs$c.mkdirSync(newPath, { recursive: true });
       }
 
-      const stats = fs$b.statSync(newPath);
+      const stats = fs$c.statSync(newPath);
       if (!stats.isDirectory()) {
         throw new Error("Path is not a directory");
       }
 
       // Update settings
-      const settingsPath = path$g.join(
+      const settingsPath = path$h.join(
         app$a.getPath("userData"),
         appName$4,
         configFilename$3,
@@ -3220,11 +3220,11 @@ const settingsController$4 = {
   migrateDataDirectory: (win, oldPath, newPath) => {
     try {
       // Resolve paths to prevent traversal
-      const resolvedOldPath = path$g.resolve(oldPath);
-      const resolvedNewPath = path$g.resolve(newPath);
+      const resolvedOldPath = path$h.resolve(oldPath);
+      const resolvedNewPath = path$h.resolve(newPath);
 
       // Validate oldPath is the current configured data directory
-      const settingsCheckPath = path$g.join(
+      const settingsCheckPath = path$h.join(
         app$a.getPath("userData"),
         appName$4,
         configFilename$3,
@@ -3232,8 +3232,8 @@ const settingsController$4 = {
       const currentSettings = getFileContents$4(settingsCheckPath, {});
       const currentDataDir =
         currentSettings.userDataDirectory ||
-        path$g.join(app$a.getPath("userData"), appName$4);
-      if (resolvedOldPath !== path$g.resolve(currentDataDir)) {
+        path$h.join(app$a.getPath("userData"), appName$4);
+      if (resolvedOldPath !== path$h.resolve(currentDataDir)) {
         throw new Error("Source path must be the current data directory");
       }
 
@@ -3257,19 +3257,19 @@ const settingsController$4 = {
       }
 
       // Validate paths
-      if (!fs$b.existsSync(resolvedOldPath)) {
+      if (!fs$c.existsSync(resolvedOldPath)) {
         throw new Error("Source directory does not exist");
       }
 
-      if (!fs$b.existsSync(resolvedNewPath)) {
-        fs$b.mkdirSync(resolvedNewPath, { recursive: true });
+      if (!fs$c.existsSync(resolvedNewPath)) {
+        fs$c.mkdirSync(resolvedNewPath, { recursive: true });
       }
 
       // Copy files
       copyDirectory(resolvedOldPath, resolvedNewPath);
 
       // Update settings to use new path
-      const settingsPath = path$g.join(
+      const settingsPath = path$h.join(
         app$a.getPath("userData"),
         appName$4,
         configFilename$3,
@@ -3935,7 +3935,7 @@ function requireProviderController () {
 }
 
 const { app: app$9 } = require$$0$1;
-const path$f = require$$1$2;
+const path$g = require$$1$2;
 const { writeFileSync: writeFileSync$1 } = require$$0$2;
 const events$4 = events$8;
 const { getFileContents: getFileContents$3 } = file;
@@ -3955,7 +3955,7 @@ const layoutController$1 = {
   saveLayoutForApplication: (win, appId, layoutObject) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$f.join(
+      const filename = path$g.join(
         app$9.getPath("userData"),
         appName$3,
         appId,
@@ -3988,7 +3988,7 @@ const layoutController$1 = {
    */
   listLayoutsForApplication: (win, appId) => {
     try {
-      const filename = path$f.join(
+      const filename = path$g.join(
         app$9.getPath("userData"),
         appName$3,
         appId,
@@ -21192,8 +21192,8 @@ streamableHttp$1.StreamableHTTPClientTransport = StreamableHTTPClientTransport$1
  *   clearCache() → void   // test-only
  */
 
-const fs$a = require$$0$2;
-const path$e = require$$1$2;
+const fs$b = require$$0$2;
+const path$f = require$$1$2;
 const { app: app$8 } = require$$0$1;
 
 const FILE_NAME = "widgetMcpGrants.json";
@@ -21203,14 +21203,14 @@ const FILE_NAME = "widgetMcpGrants.json";
 let _cache$1 = null;
 
 function grantsFilePath() {
-  return path$e.join(app$8.getPath("userData"), FILE_NAME);
+  return path$f.join(app$8.getPath("userData"), FILE_NAME);
 }
 
 function loadFromDisk() {
   const p = grantsFilePath();
-  if (!fs$a.existsSync(p)) return {};
+  if (!fs$b.existsSync(p)) return {};
   try {
-    const raw = fs$a.readFileSync(p, "utf8");
+    const raw = fs$b.readFileSync(p, "utf8");
     const parsed = JSON.parse(raw);
     if (!parsed || typeof parsed !== "object") return {};
     return parsed;
@@ -21230,16 +21230,27 @@ function writeToDisk(data) {
   const tmp = p + ".tmp";
   // Ensure parent dir exists (userData should already, but be defensive
   // for first-launch / freshly-cleared profile cases).
-  fs$a.mkdirSync(path$e.dirname(p), { recursive: true });
-  fs$a.writeFileSync(tmp, JSON.stringify(data, null, 2), "utf8");
-  fs$a.renameSync(tmp, p);
+  fs$b.mkdirSync(path$f.dirname(p), { recursive: true });
+  fs$b.writeFileSync(tmp, JSON.stringify(data, null, 2), "utf8");
+  fs$b.renameSync(tmp, p);
 }
 
+// Recognized origins for a persisted grant. "declared" means the user
+// approved against the developer's declared dash.permissions.mcp block;
+// "discovered" means the install-time scanner produced a synthetic
+// manifest the user approved; "manual" means the user typed entries
+// themselves in Settings → Privacy & Security with no manifest backing.
+// Other values are dropped on persist (legacy grants stay null).
+const ALLOWED_GRANT_ORIGINS = new Set(["declared", "discovered", "manual"]);
+
 /**
  * Sanitize a perms object before persisting. Drops unknown keys, coerces
  * arrays of strings, and silently ignores malformed servers. Mirrors the
  * shape produced by parseManifestPermissions so the gate reads either
  * declared or granted with the same code path.
+ *
+ * Optional `grantOrigin` field is preserved when it's one of the
+ * recognized values; bogus values are dropped.
  */
 function sanitizePerms(perms) {
   if (!perms || typeof perms !== "object") return null;
@@ -21262,7 +21273,14 @@ function sanitizePerms(perms) {
         : [],
     };
   }
-  return { servers };
+  const out = { servers };
+  if (
+    typeof perms.grantOrigin === "string" &&
+    ALLOWED_GRANT_ORIGINS.has(perms.grantOrigin)
+  ) {
+    out.grantOrigin = perms.grantOrigin;
+  }
+  return out;
 }
 
 function getGrant$2(widgetId) {
@@ -21358,6 +21376,7 @@ var grantedPermissions = {
   revokeServer: revokeServer$1,
   listAllGrants: listAllGrants$1,
   clearCache: clearCache$1,
+  ALLOWED_GRANT_ORIGINS,
 };
 
 /**
@@ -21585,6 +21604,120 @@ var mcpServerKey = {
   SEP,
 };
 
+/**
+ * mcpScopeResolver.js
+ *
+ * Slice 3b: per-workspace path scope reconfiguration.
+ *
+ * The Slice-3a process isolation key (`workspaceId::serverName`) is the
+ * lifecycle handle. This module computes WHAT the spawned process is
+ * configured to see — the union of granted paths from widgets on the
+ * active workspace, applied as credential overrides at spawn time.
+ *
+ * Design:
+ *   - The renderer enumerates widgets on the active workspace, looks up
+ *     each widget's grant via window.mainApi.widgetMcp.getGrant, and
+ *     hands the array to unionPathScope() to compute the workspace
+ *     scope for a given server (e.g. "filesystem").
+ *   - The renderer passes the resulting scope as `pathScope` to
+ *     mcpStartServer.
+ *   - mcpController applies the scope to credentials (replacing
+ *     allowedPaths etc.) before its existing argsMapping spreads them
+ *     into the spawn args. Servers that don't declare argsMapping for
+ *     the path keys are unaffected.
+ *
+ * Feature flag: the controller only applies the override when
+ * `security.enforceWidgetMcpPermissions` is on. When off, server starts
+ * with credentials as-configured (pre-3b behavior).
+ *
+ * Out of scope here:
+ *   - Hot-respawn on widget add/remove (see Slice 3b plan, deferred).
+ *   - Catalog schema for new path-scoped servers (filesystem already
+ *     has argsMapping.allowedPaths; others added as discovered).
+ */
+
+/**
+ * Compute the workspace-scoped path union for a given server.
+ *
+ * @param {Array<{widgetId, granted}>} grants - widgets-on-workspace + their grants
+ * @param {string} serverName - the MCP server name (e.g. "filesystem")
+ * @returns {{ readPaths: string[], writePaths: string[], allowedPaths: string[] }}
+ *
+ * `allowedPaths` is the dedup union of read+write — used by
+ * filesystem-style servers that take a single allowed-list. Servers
+ * that distinguish read-only vs read-write can use the readPaths /
+ * writePaths arrays directly.
+ */
+function unionPathScope(grants, serverName) {
+  const reads = new Set();
+  const writes = new Set();
+
+  if (!Array.isArray(grants)) {
+    return { readPaths: [], writePaths: [], allowedPaths: [] };
+  }
+
+  for (const entry of grants) {
+    if (!entry || typeof entry !== "object") continue;
+    const granted = entry.granted;
+    if (!granted || typeof granted !== "object") continue;
+    const servers = granted.servers;
+    if (!servers || typeof servers !== "object") continue;
+    const serverPerms = servers[serverName];
+    if (!serverPerms || typeof serverPerms !== "object") continue;
+
+    if (Array.isArray(serverPerms.readPaths)) {
+      for (const p of serverPerms.readPaths) {
+        if (typeof p === "string" && p) reads.add(p);
+      }
+    }
+    if (Array.isArray(serverPerms.writePaths)) {
+      for (const p of serverPerms.writePaths) {
+        if (typeof p === "string" && p) writes.add(p);
+      }
+    }
+  }
+
+  const readPaths = [...reads];
+  const writePaths = [...writes];
+  const allowedPaths = [...new Set([...reads, ...writes])];
+
+  return { readPaths, writePaths, allowedPaths };
+}
+
+/**
+ * Override credential keys with values derived from a path scope.
+ *
+ * Filesystem-style servers expect `allowedPaths` as a comma-separated
+ * string (the catalog's `argsMapping.allowedPaths.split` then expands
+ * it back into positional args at spawn time). This helper joins the
+ * scope's allowedPaths to match that convention.
+ *
+ * Returns a NEW credentials object — does not mutate the input.
+ *
+ * If pathScope is empty (no granted paths at all), the existing
+ * credentials are returned unchanged so the user's globally-configured
+ * allowedPaths still works for the LLM tool path / NO_WORKSPACE bucket.
+ */
+function applyPathScopeToCredentials$1(credentials, pathScope) {
+  const base =
+    credentials && typeof credentials === "object" ? { ...credentials } : {};
+
+  if (!pathScope || typeof pathScope !== "object") return base;
+
+  const allowed = Array.isArray(pathScope.allowedPaths)
+    ? pathScope.allowedPaths
+    : [];
+  if (allowed.length === 0) return base;
+
+  base.allowedPaths = allowed.join(",");
+  return base;
+}
+
+var mcpScopeResolver = {
+  unionPathScope,
+  applyPathScopeToCredentials: applyPathScopeToCredentials$1,
+};
+
 /**
  * mcpController.js
  *
@@ -21605,12 +21738,13 @@ const {
 const {
   StreamableHTTPClientTransport,
 } = streamableHttp$1;
-const path$d = require$$1$2;
-const fs$9 = require$$0$2;
+const path$e = require$$1$2;
+const fs$a = require$$0$2;
 const os$2 = require$$2$1;
 const responseCache$2 = responseCache_1;
 const { gateToolCall } = permissionGate;
 const { serverKey, parseServerKey } = mcpServerKey;
+const { applyPathScopeToCredentials } = mcpScopeResolver;
 const { app: app$7 } = require$$0$1;
 
 // Read the widget-MCP-enforcement feature flag from settings.json.
@@ -21619,13 +21753,13 @@ const { app: app$7 } = require$$0$1;
 // and electron/mcp/permissionGate.js for context.
 function isWidgetPermissionEnforcementEnabled() {
   try {
-    const settingsPath = path$d.join(
+    const settingsPath = path$e.join(
       app$7.getPath("userData"),
       "Dashboard",
       "settings.json",
     );
-    if (!fs$9.existsSync(settingsPath)) return false;
-    const raw = fs$9.readFileSync(settingsPath, "utf8");
+    if (!fs$a.existsSync(settingsPath)) return false;
+    const raw = fs$a.readFileSync(settingsPath, "utf8");
     const settings = JSON.parse(raw);
     return Boolean(settings?.security?.enforceWidgetMcpPermissions);
   } catch (_e) {
@@ -21767,7 +21901,7 @@ function getShellPath$1() {
     return _shellPath$1;
   }
 
-  const { execSync } = require$$10;
+  const { execSync } = require$$11;
   const fallbackDirs = ["/usr/local/bin", "/opt/homebrew/bin"];
 
   // Scan nvm versions, tracking both latest and best compatible version
@@ -21778,7 +21912,7 @@ function getShellPath$1() {
     fallbackDirs.push(`${home}/.nodenv/shims`);
     try {
       const nvmDir = `${home}/.nvm/versions/node`;
-      const versions = fs$9.readdirSync(nvmDir).sort();
+      const versions = fs$a.readdirSync(nvmDir).sort();
       if (versions.length > 0) {
         // Find the highest compatible version (v18/v20/v22)
         for (let i = versions.length - 1; i >= 0; i--) {
@@ -21914,15 +22048,15 @@ async function refreshGoogleOAuthToken(tokenRefresh) {
   const credPath = tokenRefresh.credentialsPath.replace(/^~/, home);
   const keysPath = tokenRefresh.oauthKeysPath.replace(/^~/, home);
 
-  if (!fs$9.existsSync(credPath) || !fs$9.existsSync(keysPath)) {
+  if (!fs$a.existsSync(credPath) || !fs$a.existsSync(keysPath)) {
     console.log(
       "[mcpController] Token refresh skipped: credential files not found",
     );
     return;
   }
 
-  const credentials = JSON.parse(fs$9.readFileSync(credPath, "utf8"));
-  const keysFile = JSON.parse(fs$9.readFileSync(keysPath, "utf8"));
+  const credentials = JSON.parse(fs$a.readFileSync(credPath, "utf8"));
+  const keysFile = JSON.parse(fs$a.readFileSync(keysPath, "utf8"));
   const keyData = keysFile.installed || keysFile.web;
 
   if (
@@ -21991,7 +22125,7 @@ async function refreshGoogleOAuthToken(tokenRefresh) {
     credentials.refresh_token = body.refresh_token;
   }
 
-  fs$9.writeFileSync(credPath, JSON.stringify(credentials, null, 2));
+  fs$a.writeFileSync(credPath, JSON.stringify(credentials, null, 2));
   console.log("[mcpController] Google OAuth token refreshed successfully");
 }
 
@@ -22005,15 +22139,41 @@ const mcpController$3 = {
    * Pass `null`/`undefined` workspaceId to land on the legacy
    * NO_WORKSPACE bucket (e.g. dash MCP server tools, AI Builder previews).
    *
+   * Slice 3b: when `security.enforceWidgetMcpPermissions` is on AND a
+   * non-empty `pathScope` is supplied, the scope's allowed paths
+   * override the server's existing path-style credentials before the
+   * catalog's argsMapping spreads them into spawn args. This scopes
+   * the server's OS-level capability to the union of widget grants on
+   * the active workspace.
+   *
    * @param {BrowserWindow} win the main window
    * @param {string} serverName unique name for this server instance
    * @param {object} mcpConfig { transport, command, args, envMapping }
    * @param {object} credentials decrypted credentials object
    * @param {string|null} workspaceId active workspace id (Slice 3a)
+   * @param {object|null} pathScope { readPaths, writePaths, allowedPaths } (Slice 3b)
    * @returns {{ success, serverName, tools, status } | { error, message }}
    */
-  startServer: async (win, serverName, mcpConfig, credentials, workspaceId) => {
+  startServer: async (
+    win,
+    serverName,
+    mcpConfig,
+    credentials,
+    workspaceId,
+    pathScope = null,
+  ) => {
     const key = serverKey(workspaceId, serverName);
+    // Slice 3b: when the gate is enforced, override credentials with
+    // the workspace's union of granted paths so the spawned process
+    // can't see anything broader than the user has consented to.
+    if (
+      isWidgetPermissionEnforcementEnabled() &&
+      pathScope &&
+      Array.isArray(pathScope.allowedPaths) &&
+      pathScope.allowedPaths.length > 0
+    ) {
+      credentials = applyPathScopeToCredentials(credentials, pathScope);
+    }
     // 1. Already connected? Return existing connection
     const existing = activeServers.get(key);
     if (existing && existing.status === STATUS$1.CONNECTED && existing.client) {
@@ -22152,7 +22312,7 @@ const mcpController$3 = {
           }
 
           // Interpolate {{MCP_DIR}} in args to resolve local MCP server scripts
-          const mcpDir = path$d.join(__dirname, "..", "mcp");
+          const mcpDir = path$e.join(__dirname, "..", "mcp");
           for (let i = 0; i < args.length; i++) {
             if (
               typeof args[i] === "string" &&
@@ -22590,20 +22750,20 @@ const mcpController$3 = {
    */
   getCatalog: (win) => {
     try {
-      const catalogPath = path$d.join(
+      const catalogPath = path$e.join(
         __dirname,
         "..",
         "mcp",
         "mcpServerCatalog.json",
       );
 
-      if (!fs$9.existsSync(catalogPath)) {
+      if (!fs$a.existsSync(catalogPath)) {
         return {
           catalog: [],
         };
       }
 
-      const catalogData = fs$9.readFileSync(catalogPath, "utf8");
+      const catalogData = fs$a.readFileSync(catalogPath, "utf8");
       const catalog = JSON.parse(catalogData);
 
       return {
@@ -22631,18 +22791,18 @@ const mcpController$3 = {
    */
   getKnownExternalCatalog: () => {
     try {
-      const catalogPath = path$d.join(
+      const catalogPath = path$e.join(
         __dirname,
         "..",
         "mcp",
         "knownExternalMcpServers.json",
       );
 
-      if (!fs$9.existsSync(catalogPath)) {
+      if (!fs$a.existsSync(catalogPath)) {
         return { success: true, servers: [] };
       }
 
-      const catalogData = fs$9.readFileSync(catalogPath, "utf8");
+      const catalogData = fs$a.readFileSync(catalogPath, "utf8");
       const catalog = JSON.parse(catalogData);
 
       return {
@@ -22695,7 +22855,7 @@ const mcpController$3 = {
    * @returns {{ success } | { error, message }}
    */
   runAuth: async (win, mcpConfig, credentials, authCommand) => {
-    const { spawn } = require$$10;
+    const { spawn } = require$$11;
 
     const env = cleanEnvForChildProcess();
 
@@ -22707,8 +22867,8 @@ const mcpController$3 = {
         const destPath = to.replace(/^~/, os$2.homedir());
         const destDir = require$$1$2.dirname(destPath);
         try {
-          fs$9.mkdirSync(destDir, { recursive: true });
-          fs$9.copyFileSync(sourcePath, destPath);
+          fs$a.mkdirSync(destDir, { recursive: true });
+          fs$a.copyFileSync(sourcePath, destPath);
         } catch (err) {
           return {
             error: true,
@@ -22744,7 +22904,7 @@ const mcpController$3 = {
     }
 
     // Interpolate {{MCP_DIR}} in authCommand args (same as startServer)
-    const mcpDir = path$d.join(__dirname, "..", "mcp");
+    const mcpDir = path$e.join(__dirname, "..", "mcp");
     const resolvedArgs = (authCommand.args || []).map((arg) =>
       typeof arg === "string" && arg.includes("{{MCP_DIR}}")
         ? arg.replace(/\{\{MCP_DIR\}\}/g, mcpDir)
@@ -23292,8 +23452,8 @@ function commonjsRequire(path) {
  * Runs in the Electron main process at widget install time.
  */
 
-const fs$8 = require$$0$2;
-const path$c = require$$1$2;
+const fs$9 = require$$0$2;
+const path$d = require$$1$2;
 
 /**
  * Structured error thrown by compileWidget() when the underlying
@@ -23328,7 +23488,7 @@ function getEsbuildDiagnostics() {
 
   try {
     const pkgJsonPath = require.resolve("esbuild/package.json");
-    diagnostics.esbuildPackageDir = path$c.dirname(pkgJsonPath);
+    diagnostics.esbuildPackageDir = path$d.dirname(pkgJsonPath);
     diagnostics.esbuildVersion = commonjsRequire(pkgJsonPath).version;
   } catch (err) {
     diagnostics.esbuildResolveError = err.message;
@@ -23338,15 +23498,15 @@ function getEsbuildDiagnostics() {
     const archPkgJson = require.resolve(
       `${diagnostics.archPackage}/package.json`,
     );
-    const archDir = path$c.dirname(archPkgJson);
+    const archDir = path$d.dirname(archPkgJson);
     // esbuild's native binary on macOS/Linux is bin/esbuild;
     // on Windows it's esbuild.exe at the package root.
     const candidate =
       process.platform === "win32"
-        ? path$c.join(archDir, "esbuild.exe")
-        : path$c.join(archDir, "bin", "esbuild");
+        ? path$d.join(archDir, "esbuild.exe")
+        : path$d.join(archDir, "bin", "esbuild");
     diagnostics.nativeBinaryPath = candidate;
-    diagnostics.nativeBinaryExists = fs$8.existsSync(candidate);
+    diagnostics.nativeBinaryExists = fs$9.existsSync(candidate);
   } catch (err) {
     diagnostics.archResolveError = err.message;
   }
@@ -23392,26 +23552,26 @@ async function healthCheck() {
  * @returns {string|null} Path to the widgets/ directory, or null
  */
 function findWidgetsDir$2(widgetPath) {
-  const direct = path$c.join(widgetPath, "widgets");
-  if (fs$8.existsSync(direct)) {
+  const direct = path$d.join(widgetPath, "widgets");
+  if (fs$9.existsSync(direct)) {
     return direct;
   }
 
   // Check configs/widgets/ (packageZip.js nests .dash.js files here)
-  const configsWidgets = path$c.join(widgetPath, "configs", "widgets");
-  if (fs$8.existsSync(configsWidgets)) {
+  const configsWidgets = path$d.join(widgetPath, "configs", "widgets");
+  if (fs$9.existsSync(configsWidgets)) {
     return configsWidgets;
   }
 
   // Check configs/ directory (used by packageZip.js for distributed widgets)
-  const configs = path$c.join(widgetPath, "configs");
-  if (fs$8.existsSync(configs)) {
+  const configs = path$d.join(widgetPath, "configs");
+  if (fs$9.existsSync(configs)) {
     return configs;
   }
 
   // Check one level deeper for nested ZIP extraction
   try {
-    const entries = fs$8.readdirSync(widgetPath, { withFileTypes: true });
+    const entries = fs$9.readdirSync(widgetPath, { withFileTypes: true });
     const subdirs = entries.filter(
       (e) =>
         e.isDirectory() &&
@@ -23421,8 +23581,8 @@ function findWidgetsDir$2(widgetPath) {
     );
 
     for (const subdir of subdirs) {
-      const nested = path$c.join(widgetPath, subdir.name, "widgets");
-      if (fs$8.existsSync(nested)) {
+      const nested = path$d.join(widgetPath, subdir.name, "widgets");
+      if (fs$9.existsSync(nested)) {
         console.log(`[WidgetCompiler] Found nested widgets/ at ${nested}`);
         return nested;
       }
@@ -23456,7 +23616,7 @@ async function compileWidget$1(widgetPath) {
   }
 
   // Discover .dash.js config files
-  const files = fs$8.readdirSync(widgetsDir);
+  const files = fs$9.readdirSync(widgetsDir);
   const dashFiles = files.filter((f) => f.endsWith(".dash.js"));
 
   if (dashFiles.length === 0) {
@@ -23470,15 +23630,15 @@ async function compileWidget$1(widgetPath) {
   // Compute relative path from the entry file (in widgetPath) to widgetsDir,
   // since widgetsDir may be nested (e.g., ./weather-widget/widgets/).
   const relWidgetsDir =
-    "./" + path$c.relative(widgetPath, widgetsDir).split(path$c.sep).join("/");
+    "./" + path$d.relative(widgetPath, widgetsDir).split(path$d.sep).join("/");
   const imports = [];
   const exportParts = [];
 
   for (const dashFile of dashFiles) {
     const componentName = dashFile.replace(".dash.js", "");
     const componentFile = `${componentName}.js`;
-    const componentFilePath = path$c.join(widgetsDir, componentFile);
-    const hasComponent = fs$8.existsSync(componentFilePath);
+    const componentFilePath = path$d.join(widgetsDir, componentFile);
+    const hasComponent = fs$9.existsSync(componentFilePath);
 
     // Import the config (always)
     imports.push(
@@ -23510,17 +23670,17 @@ async function compileWidget$1(widgetPath) {
   const entryContent = [...imports, "", ...exportParts, ""].join("\n");
 
   // Write temporary entry file in the widget root
-  const entryPath = path$c.join(widgetPath, "__compile_entry.js");
-  const distDir = path$c.join(widgetPath, "dist");
-  const outPath = path$c.join(distDir, "index.cjs.js");
+  const entryPath = path$d.join(widgetPath, "__compile_entry.js");
+  const distDir = path$d.join(widgetPath, "dist");
+  const outPath = path$d.join(distDir, "index.cjs.js");
 
   try {
     // Ensure dist/ directory exists
-    if (!fs$8.existsSync(distDir)) {
-      fs$8.mkdirSync(distDir, { recursive: true });
+    if (!fs$9.existsSync(distDir)) {
+      fs$9.mkdirSync(distDir, { recursive: true });
     }
 
-    fs$8.writeFileSync(entryPath, entryContent, "utf8");
+    fs$9.writeFileSync(entryPath, entryContent, "utf8");
 
     console.log(
       `[WidgetCompiler] Compiling ${dashFiles.length} component(s) from ${widgetPath}`,
@@ -23576,8 +23736,8 @@ async function compileWidget$1(widgetPath) {
   } finally {
     // Clean up temporary entry file
     try {
-      if (fs$8.existsSync(entryPath)) {
-        fs$8.unlinkSync(entryPath);
+      if (fs$9.existsSync(entryPath)) {
+        fs$9.unlinkSync(entryPath);
       }
     } catch (cleanupError) {
       // Non-fatal
@@ -23609,8 +23769,8 @@ var widgetCompiler$1 = {
  * Integrates with ComponentManager for automatic registration
  */
 
-const fs$7 = require$$0$2;
-const path$b = require$$1$2;
+const fs$8 = require$$0$2;
+const path$c = require$$1$2;
 const vm = require$$2$2;
 const { findWidgetsDir: findWidgetsDir$1 } = widgetCompiler$1;
 
@@ -23698,14 +23858,14 @@ class DynamicWidgetLoader {
       );
 
       const widgetsDir =
-        findWidgetsDir$1(widgetPath) || path$b.join(widgetPath, "widgets");
-      const componentPath = path$b.join(widgetsDir, `${componentName}.js`);
-      const configPath = path$b.join(widgetsDir, `${componentName}.dash.js`);
+        findWidgetsDir$1(widgetPath) || path$c.join(widgetPath, "widgets");
+      const componentPath = path$c.join(widgetsDir, `${componentName}.js`);
+      const configPath = path$c.join(widgetsDir, `${componentName}.dash.js`);
 
-      if (!fs$7.existsSync(componentPath)) {
+      if (!fs$8.existsSync(componentPath)) {
         throw new Error(`Component file not found: ${componentPath}`);
       }
-      if (!fs$7.existsSync(configPath)) {
+      if (!fs$8.existsSync(configPath)) {
         throw new Error(`Config file not found: ${configPath}`);
       }
 
@@ -23756,7 +23916,7 @@ class DynamicWidgetLoader {
    */
   async loadConfigFile(configPath) {
     try {
-      const source = fs$7.readFileSync(configPath, "utf8");
+      const source = fs$8.readFileSync(configPath, "utf8");
 
       let exportMatch = source.match(/export\s+default\s+({[\s\S]*});?\s*$/);
 
@@ -23824,7 +23984,7 @@ class DynamicWidgetLoader {
         return [];
       }
 
-      const files = fs$7.readdirSync(widgetsDir);
+      const files = fs$8.readdirSync(widgetsDir);
       const widgets = new Set();
 
       files.forEach((file) => {
@@ -23900,8 +24060,8 @@ var dynamicWidgetLoaderExports = dynamicWidgetLoader$3.exports;
  *     Test-only. Drops the in-process cache so tests can re-read.
  */
 
-const fs$6 = require$$0$2;
-const path$a = require$$1$2;
+const fs$7 = require$$0$2;
+const path$b = require$$1$2;
 const os$1 = require$$2$1;
 const { app: app$6 } = require$$0$1;
 
@@ -23918,7 +24078,7 @@ function expandHome(p) {
   if (typeof p !== "string" || !p) return p;
   if (p === "~") return os$1.homedir();
   if (p.startsWith("~/") || p.startsWith("~\\")) {
-    return path$a.join(os$1.homedir(), p.slice(2));
+    return path$b.join(os$1.homedir(), p.slice(2));
   }
   return p;
 }
@@ -23958,10 +24118,10 @@ function parseManifestPermissions(packageJson) {
  */
 function resolveWidgetPackagePath(widgetId) {
   if (typeof widgetId !== "string" || !widgetId) return null;
-  const widgetsRoot = path$a.join(app$6.getPath("userData"), "widgets");
+  const widgetsRoot = path$b.join(app$6.getPath("userData"), "widgets");
   // Split scope from name for "@scope/name" form.
   const parts = widgetId.startsWith("@") ? widgetId.split("/") : [widgetId];
-  return path$a.join(widgetsRoot, ...parts, "package.json");
+  return path$b.join(widgetsRoot, ...parts, "package.json");
 }
 
 /**
@@ -23975,12 +24135,12 @@ function resolveWidgetPackagePath(widgetId) {
 function getWidgetMcpPermissions$1(widgetId) {
   if (_cache.has(widgetId)) return _cache.get(widgetId);
   const pkgPath = resolveWidgetPackagePath(widgetId);
-  if (!pkgPath || !fs$6.existsSync(pkgPath)) {
+  if (!pkgPath || !fs$7.existsSync(pkgPath)) {
     _cache.set(widgetId, null);
     return null;
   }
   try {
-    const raw = fs$6.readFileSync(pkgPath, "utf8");
+    const raw = fs$7.readFileSync(pkgPath, "utf8");
     const pkg = JSON.parse(raw);
     const perms = parseManifestPermissions(pkg);
     _cache.set(widgetId, perms);
@@ -24008,6 +24168,200 @@ var widgetPermissions = {
   clearCache,
 };
 
+/**
+ * manifestScanner.js
+ *
+ * Literal-only static scanner for widget MCP usage. Three callers:
+ *   1. publish-time CLI (`dash-scan-manifest`) — the dev runs it before
+ *      shipping a widget; it diffs detected calls against the package's
+ *      `dash.permissions.mcp` block.
+ *   2. install-time hook in widgetRegistry — when a widget arrives
+ *      without a manifest, the scanner is run on the installed source
+ *      and the result is offered as a "discovered" consent prompt.
+ *   3. Future: lints during widget builds, IDE plugins, etc.
+ *
+ * Scope: detects literal-string `callTool("server","tool", ...)` and
+ * `useMcpProvider("server")` patterns. Anything dynamic (variable,
+ * template literal, function arg) is recorded as a `warnings[]` entry,
+ * NOT a silent miss.
+ *
+ * This is a *linter*, not a security mechanism. The runtime gate
+ * (Slices 1-3) is the actual boundary.
+ */
+
+const fs$6 = require$$0$2;
+const path$a = require$$1$2;
+
+const SOURCE_EXTENSIONS = new Set([
+  ".js",
+  ".jsx",
+  ".ts",
+  ".tsx",
+  ".mjs",
+  ".cjs",
+]);
+const SCAN_FILE_LIMIT = 200;
+
+const CALL_TOOL_REGEX =
+  /(?:mainApi\.mcp\.|window\.mainApi\.mcp\.|\b)callTool\s*\(\s*([^,)]+?)\s*,\s*([^,)]+?)\s*[,)]/g;
+
+const USE_PROVIDER_REGEX = /useMcpProvider\s*\(\s*([^,)]+?)\s*[,)]/g;
+
+function stripComments(src) {
+  return src
+    .replace(/\/\*[\s\S]*?\*\//g, "")
+    .replace(/(^|[^:])\/\/.*$/gm, "$1");
+}
+
+function tryLiteralString(arg) {
+  if (typeof arg !== "string") return null;
+  const trimmed = arg.trim();
+  const m =
+    /^"([^"\\]*(?:\\.[^"\\]*)*)"$/.exec(trimmed) ||
+    /^'([^'\\]*(?:\\.[^'\\]*)*)'$/.exec(trimmed);
+  if (!m) return null;
+  return m[1];
+}
+
+function lineNumberOf(src, charIndex) {
+  let n = 1;
+  for (let i = 0; i < charIndex && i < src.length; i++) {
+    if (src.charCodeAt(i) === 10) n++;
+  }
+  return n;
+}
+
+function readSourceFiles(dir) {
+  const result = [];
+  const skipDirs = new Set([
+    "node_modules",
+    "dist",
+    "package",
+    "build",
+    ".git",
+  ]);
+  function walk(current, relBase) {
+    let entries;
+    try {
+      entries = fs$6.readdirSync(current, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      const abs = path$a.join(current, entry.name);
+      const rel = relBase ? path$a.join(relBase, entry.name) : entry.name;
+      if (entry.isDirectory()) {
+        if (skipDirs.has(entry.name)) continue;
+        walk(abs, rel);
+      } else if (entry.isFile()) {
+        const ext = path$a.extname(entry.name).toLowerCase();
+        if (!SOURCE_EXTENSIONS.has(ext)) continue;
+        if (result.length >= SCAN_FILE_LIMIT) return;
+        try {
+          result.push({
+            relPath: rel,
+            source: fs$6.readFileSync(abs, "utf8"),
+          });
+        } catch {
+          // unreadable — skip
+        }
+      }
+    }
+  }
+  walk(dir, "");
+  return result;
+}
+
+function scanForMcpUsage(input) {
+  if (!input || typeof input !== "object") {
+    return { servers: {}, warnings: [] };
+  }
+
+  let fileList = [];
+  if (input.files && typeof input.files === "object") {
+    for (const [relPath, source] of Object.entries(input.files)) {
+      const ext = path$a.extname(relPath).toLowerCase();
+      if (!SOURCE_EXTENSIONS.has(ext)) continue;
+      if (typeof source !== "string") continue;
+      fileList.push({ relPath, source });
+    }
+  } else if (typeof input.dir === "string" && input.dir) {
+    fileList = readSourceFiles(input.dir);
+  }
+
+  const servers = {};
+  const warnings = [];
+
+  function ensureServer(name) {
+    if (!servers[name]) servers[name] = { tools: new Set() };
+    return servers[name];
+  }
+
+  for (const { relPath, source } of fileList) {
+    const stripped = stripComments(source);
+
+    USE_PROVIDER_REGEX.lastIndex = 0;
+    let m;
+    while ((m = USE_PROVIDER_REGEX.exec(stripped)) !== null) {
+      const lit = tryLiteralString(m[1]);
+      const line = lineNumberOf(stripped, m.index);
+      if (lit) {
+        ensureServer(lit);
+      } else {
+        warnings.push({
+          file: relPath,
+          line,
+          kind: "dynamic-server-name",
+          snippet: m[0].trim(),
+        });
+      }
+    }
+
+    CALL_TOOL_REGEX.lastIndex = 0;
+    while ((m = CALL_TOOL_REGEX.exec(stripped)) !== null) {
+      const serverLit = tryLiteralString(m[1]);
+      const toolLit = tryLiteralString(m[2]);
+      const line = lineNumberOf(stripped, m.index);
+
+      if (serverLit && toolLit) {
+        ensureServer(serverLit).tools.add(toolLit);
+      } else if (!serverLit && !toolLit) {
+        warnings.push({
+          file: relPath,
+          line,
+          kind: "dynamic-server-and-tool",
+          snippet: m[0].trim(),
+        });
+      } else if (!serverLit) {
+        warnings.push({
+          file: relPath,
+          line,
+          kind: "dynamic-server-name",
+          snippet: m[0].trim(),
+        });
+      } else {
+        warnings.push({
+          file: relPath,
+          line,
+          kind: "dynamic-tool-name",
+          snippet: m[0].trim(),
+        });
+      }
+    }
+  }
+
+  const out = {};
+  for (const [name, entry] of Object.entries(servers)) {
+    out[name] = { tools: [...entry.tools].sort() };
+  }
+  return { servers: out, warnings };
+}
+
+var manifestScanner = {
+  scanForMcpUsage,
+  SCAN_FILE_LIMIT,
+};
+
 /**
  * schedulerController.js
  *
@@ -24552,6 +24906,7 @@ var schedulerController_1 = schedulerController$2;
 	  getWidgetMcpPermissions,
 	  clearCache: clearWidgetPermsCache,
 	} = widgetPermissions;
+	const { scanForMcpUsage } = manifestScanner;
 
 	let WIDGETS_CACHE_DIR = null;
 	let REGISTRY_CONFIG_FILE = null;
@@ -25633,6 +25988,14 @@ var schedulerController_1 = schedulerController$2;
 	 * with the user's selections (Slice 2) or quietly drops the message
 	 * (older renderer pre-Slice-2 — the gate still fail-closes).
 	 *
+	 * Fallback: if there's no manifest, run the literal-only scanner on the
+	 * installed source. If the scan finds any literal MCP usage, emit the
+	 * same event with `discovered: true` and a synthetic declared blob —
+	 * the consent modal renders this with amber framing so the user knows
+	 * they're approving a guess, not the developer's declaration. If the
+	 * scan finds nothing, no event fires; the widget appears in
+	 * Settings → Privacy & Security with a "Grant manually" button.
+	 *
 	 * Cache invalidation: widgetPermissions caches per-process, so an upgrade
 	 * over a stale cached entry would otherwise keep the old manifest. Drop
 	 * the whole cache here — cheap, infrequent.
@@ -25641,11 +26004,41 @@ var schedulerController_1 = schedulerController$2;
 	  try {
 	    clearWidgetPermsCache();
 	    const declared = getWidgetMcpPermissions(widgetName);
-	    if (!declared) return;
+	    if (declared) {
+	      BrowserWindow.getAllWindows().forEach((win) => {
+	        win.webContents.send("widget:mcp-consent-required", {
+	          widgetId: widgetName,
+	          declared,
+	        });
+	      });
+	      return;
+	    }
+
+	    // No manifest — try a scan of the installed source.
+	    if (!WIDGETS_CACHE_DIR) return;
+	    const widgetPath = path.join(WIDGETS_CACHE_DIR, ...widgetName.split("/"));
+	    if (!fs.existsSync(widgetPath)) return;
+	    const scanResult = scanForMcpUsage({ dir: widgetPath });
+	    const detectedServers = Object.keys(scanResult.servers);
+	    if (detectedServers.length === 0) return; // nothing actionable to prompt about
+
+	    // Build a synthetic declared blob in the same shape parseManifestPermissions
+	    // produces so the consent modal can render it identically (modulo the
+	    // amber "discovered" framing).
+	    const syntheticServers = {};
+	    for (const [name, entry] of Object.entries(scanResult.servers)) {
+	      syntheticServers[name] = {
+	        tools: entry.tools,
+	        readPaths: [],
+	        writePaths: [],
+	      };
+	    }
 	    BrowserWindow.getAllWindows().forEach((win) => {
 	      win.webContents.send("widget:mcp-consent-required", {
 	        widgetId: widgetName,
-	        declared,
+	        declared: { servers: syntheticServers },
+	        discovered: true,
+	        warnings: scanResult.warnings,
 	      });
 	    });
 	  } catch (e) {
@@ -47862,7 +48255,7 @@ var mcpDashServerController_1 = mcpDashServerController$4;
  * can use the Chat widget without a separate API key.
  */
 
-const { spawn, execSync } = require$$10;
+const { spawn, execSync } = require$$11;
 const {
   LLM_STREAM_DELTA: LLM_STREAM_DELTA$2,
   LLM_STREAM_TOOL_CALL: LLM_STREAM_TOOL_CALL$2,
@@ -59939,6 +60332,91 @@ const webSocketController$1 = {
 
 var webSocketController_1 = webSocketController$1;
 
+/**
+ * widgetMcpGrantsListing.js
+ *
+ * Pure helper that joins three data sources into rows for the
+ * Settings → Privacy & Security panel:
+ *   - installed widgets (from widgetRegistry.getWidgets())
+ *   - persisted grants (from grantedPermissions.listAllGrants())
+ *   - declared manifests (from widgetPermissions.getWidgetMcpPermissions())
+ *
+ * Output row shape:
+ *   {
+ *     widgetId: string,
+ *     declared: object|null,    // dash.permissions.mcp block from package.json
+ *     granted: object|null,     // user grant from widgetMcpGrants.json
+ *     hasManifest: boolean,     // declared !== null
+ *     grantOrigin: string|null  // "declared" | "discovered" | "manual" | null
+ *   }
+ *
+ * Includes ALL installed widgets (even unmanifested + ungranted) so the
+ * panel can offer "Grant manually" for every widget. Also surfaces
+ * orphan grants (granted but uninstalled — rare, only happens if
+ * uninstall didn't revoke).
+ */
+
+function buildGrantsListing$1(
+  installedWidgets,
+  grantsByWidgetId,
+  declaredByWidgetId,
+) {
+  const rows = [];
+  const seen = new Set();
+
+  const installed = Array.isArray(installedWidgets) ? installedWidgets : [];
+  const grants = grantsByWidgetId instanceof Map ? grantsByWidgetId : new Map();
+  const declared =
+    declaredByWidgetId instanceof Map ? declaredByWidgetId : new Map();
+
+  for (const w of installed) {
+    if (!w || typeof w !== "object") continue;
+    const widgetId = w.name;
+    if (typeof widgetId !== "string" || !widgetId) continue;
+    if (seen.has(widgetId)) continue;
+    seen.add(widgetId);
+
+    const decl = declared.get(widgetId) || null;
+    const grant = grants.get(widgetId) || null;
+    const grantOrigin =
+      grant &&
+      typeof grant === "object" &&
+      typeof grant.grantOrigin === "string"
+        ? grant.grantOrigin
+        : null;
+
+    rows.push({
+      widgetId,
+      declared: decl,
+      granted: grant,
+      hasManifest: decl !== null,
+      grantOrigin,
+    });
+  }
+
+  // Orphan grants: granted but not in the installed list.
+  for (const [widgetId, grant] of grants) {
+    if (seen.has(widgetId)) continue;
+    const grantOrigin =
+      grant &&
+      typeof grant === "object" &&
+      typeof grant.grantOrigin === "string"
+        ? grant.grantOrigin
+        : null;
+    rows.push({
+      widgetId,
+      declared: null,
+      granted: grant,
+      hasManifest: false,
+      grantOrigin,
+    });
+  }
+
+  return rows;
+}
+
+var widgetMcpGrantsListing = { buildGrantsListing: buildGrantsListing$1 };
+
 /**
  * widgetMcpGrantsController.js
  *
@@ -59964,6 +60442,7 @@ const {
 } = grantedPermissions;
 const { getWidgetMcpPermissions } = widgetPermissions;
 const { getWidgetRegistry } = widgetRegistryExports;
+const { buildGrantsListing } = widgetMcpGrantsListing;
 
 function setupWidgetMcpGrantsHandlers() {
   ipcMain$1.handle("widget-mcp:get-grant", (event, widgetId) => {
@@ -59982,19 +60461,18 @@ function setupWidgetMcpGrantsHandlers() {
     return revokeServer(widgetId, serverName);
   });
 
-  // Joins all installed widgets with their declared and granted permission
-  // blocks. Returns one row per widget that has a declared manifest OR a
-  // grant — this surfaces both "freshly installed, awaiting consent" and
-  // "previously granted, now reviewable" cases in Settings.
+  // Joins all installed widgets with their declared manifests + persisted
+  // grants. Returns ONE row per installed widget regardless of whether it
+  // has a manifest or grant — that's how the Settings panel can offer
+  // "Grant manually" for unmanifested widgets. Plus orphan-grant rows for
+  // granted-but-uninstalled cases. Logic delegated to
+  // widgetMcpGrantsListing.buildGrantsListing for unit-testability.
   ipcMain$1.handle("widget-mcp:list-all", () => {
     const grantsByWidget = new Map();
     for (const { widgetId, granted } of listAllGrants()) {
       grantsByWidget.set(widgetId, granted);
     }
 
-    const rows = [];
-    const seen = new Set();
-
     let installedWidgets = [];
     try {
       installedWidgets = getWidgetRegistry().getWidgets() || [];
@@ -60002,25 +60480,19 @@ function setupWidgetMcpGrantsHandlers() {
       // Registry not initialized yet; fall back to grants-only listing.
     }
 
+    const declaredByWidget = new Map();
     for (const w of installedWidgets) {
       const widgetId = w?.name;
-      if (!widgetId || seen.has(widgetId)) continue;
-      seen.add(widgetId);
+      if (!widgetId) continue;
       const declared = getWidgetMcpPermissions(widgetId);
-      const granted = grantsByWidget.get(widgetId) || null;
-      // Skip widgets with neither — they have nothing to show.
-      if (!declared && !granted) continue;
-      rows.push({ widgetId, declared, granted });
+      if (declared) declaredByWidget.set(widgetId, declared);
     }
 
-    // Surface any grants whose widget is no longer installed (rare, but
-    // possible if uninstall didn't revoke). The user can still revoke them.
-    for (const [widgetId, granted] of grantsByWidget) {
-      if (seen.has(widgetId)) continue;
-      rows.push({ widgetId, declared: null, granted });
-    }
-
-    return rows;
+    return buildGrantsListing(
+      installedWidgets,
+      grantsByWidget,
+      declaredByWidget,
+    );
   });
 }
 
@@ -62253,14 +62725,25 @@ const mcpApi$2 = {
    * @param {object} credentials decrypted credentials object
    * @param {string|null} workspaceId active workspace id (Slice 3a) —
    *   server processes are keyed per workspace.
+   * @param {object|null} pathScope (Slice 3b) — when provided, the
+   *   workspace's union of granted paths overrides the server's
+   *   path-style credentials at spawn time. Shape:
+   *   `{ readPaths, writePaths, allowedPaths }`.
    * @returns {Promise<{ success, serverName, tools, status } | { error, message }>}
    */
-  startServer: (serverName, mcpConfig, credentials, workspaceId = null) =>
+  startServer: (
+    serverName,
+    mcpConfig,
+    credentials,
+    workspaceId = null,
+    pathScope = null,
+  ) =>
     ipcRenderer$i.invoke(MCP_START_SERVER, {
       serverName,
       mcpConfig,
       credentials,
       workspaceId,
+      pathScope,
     }),
 
   /**