agent-orchestrator-mcp-server 0.8.0 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
|
-
import { parseAllowedAgentRoots } from '../allowed-agent-roots.js';
|
|
3
2
|
export const WakeMeUpLaterSchema = z.object({
|
|
4
3
|
session_id: z.union([z.string(), z.number()]),
|
|
5
4
|
wake_at: z.string(),
|
|
@@ -180,17 +179,6 @@ export function wakeMeUpLaterTool(_server, clientFactory) {
|
|
|
180
179
|
};
|
|
181
180
|
}
|
|
182
181
|
const client = clientFactory();
|
|
183
|
-
if (parseAllowedAgentRoots() !== null) {
|
|
184
|
-
return {
|
|
185
|
-
content: [
|
|
186
|
-
{
|
|
187
|
-
type: 'text',
|
|
188
|
-
text: 'Error: wake_me_up_later is not allowed when ALLOWED_AGENT_ROOTS is set. Triggers cannot be created because sessions are restricted to specific preconfigured agent roots.',
|
|
189
|
-
},
|
|
190
|
-
],
|
|
191
|
-
isError: true,
|
|
192
|
-
};
|
|
193
|
-
}
|
|
194
182
|
const session = await client.getSession(session_id);
|
|
195
183
|
// Reject states the Rails API can't auto-sleep from. `needs_input` →
|
|
196
184
|
// immediate sleep; `running` → deferred sleep via pending_sleep metadata;
|
|
@@ -101,17 +101,6 @@ export function wakeMeUpWhenSessionChangesStateTool(_server, clientFactory) {
|
|
|
101
101
|
};
|
|
102
102
|
}
|
|
103
103
|
const { session_id, watched_session_id, event_name, prompt } = validated;
|
|
104
|
-
if (parseAllowedAgentRoots() !== null) {
|
|
105
|
-
return {
|
|
106
|
-
content: [
|
|
107
|
-
{
|
|
108
|
-
type: 'text',
|
|
109
|
-
text: 'Error: wake_me_up_when_session_changes_state is not allowed when ALLOWED_AGENT_ROOTS is set. Triggers cannot be created because sessions are restricted to specific preconfigured agent roots.',
|
|
110
|
-
},
|
|
111
|
-
],
|
|
112
|
-
isError: true,
|
|
113
|
-
};
|
|
114
|
-
}
|
|
115
104
|
const client = clientFactory();
|
|
116
105
|
const session = await client.getSession(session_id);
|
|
117
106
|
// The trigger fires on the requester's auto-sleep+resume cycle when the
|
|
@@ -167,6 +156,28 @@ export function wakeMeUpWhenSessionChangesStateTool(_server, clientFactory) {
|
|
|
167
156
|
isError: true,
|
|
168
157
|
};
|
|
169
158
|
}
|
|
159
|
+
// ALLOWED_AGENT_ROOTS scopes which agent roots this server is permitted
|
|
160
|
+
// to operate on. The constraint prevents an agent on a restricted server
|
|
161
|
+
// from scheduling wakes on sessions that belong to roots outside its
|
|
162
|
+
// scope. The requester is, by definition, already on an allowed root
|
|
163
|
+
// (it is the calling agent's session); we only need to validate the
|
|
164
|
+
// watched session belongs to the same scope.
|
|
165
|
+
const allowedRoots = parseAllowedAgentRoots();
|
|
166
|
+
if (allowedRoots !== null) {
|
|
167
|
+
const watchedAgentRoot = watchedSession.metadata?.agent_root_key ?? null;
|
|
168
|
+
if (watchedAgentRoot === null || !allowedRoots.includes(watchedAgentRoot)) {
|
|
169
|
+
const watchedAgentRootStr = watchedAgentRoot ?? '(unknown)';
|
|
170
|
+
return {
|
|
171
|
+
content: [
|
|
172
|
+
{
|
|
173
|
+
type: 'text',
|
|
174
|
+
text: `Error: ALLOWED_AGENT_ROOTS is set — watched session ${watched_session_id} belongs to agent root "${watchedAgentRootStr}", which is not in the allowed list [${allowedRoots.join(', ')}]. The trigger would let this server schedule wakes on a session outside its permitted scope. Pass a watched_session_id whose agent root is in the allowed list, or run this tool from a server without ALLOWED_AGENT_ROOTS restrictions.`,
|
|
175
|
+
},
|
|
176
|
+
],
|
|
177
|
+
isError: true,
|
|
178
|
+
};
|
|
179
|
+
}
|
|
180
|
+
}
|
|
170
181
|
if (event_name === 'session_failed' && watchedSession.status === 'failed') {
|
|
171
182
|
return {
|
|
172
183
|
content: [
|