agent-relay-server 0.34.0 → 0.34.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/mcp.ts +4 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-relay-server",
3
- "version": "0.34.0",
3
+ "version": "0.34.1",
4
4
  "description": "Lightweight HTTP message relay for inter-agent communication across machines",
5
5
  "module": "src/index.ts",
6
6
  "type": "module",
package/src/mcp.ts CHANGED
@@ -820,10 +820,10 @@ async function relaySpawnAgent(auth: McpAuthContext, args: Record<string, unknow
820
820
  }
821
821
  }
822
822
 
823
- assertComponentResourceAllowed(auth, {
824
- scope: "agent:write",
825
- resource: { orchestratorId: orchestrator.id, cwd: resolvedCwd, policyName, spawnRequestId },
826
- });
823
+ // #323 — gate child spawn only on `orchestrators` (the parent's legit bound), NOT its self-scoping
824
+ // spawnRequestIds/cwdPrefixes/policies: those describe the child, not parent-owned resources, so
825
+ // gating on them makes maxSpawnedAgents unreachable for every component token (cwd checked above).
826
+ assertComponentResourceAllowed(auth, { scope: "agent:write", resource: { orchestratorId: orchestrator.id } });
827
827
 
828
828
  // Child runner token: a normal long-living agent that is NOT itself spawn-capable
829
829
  // (canSpawn:false → no grandchildren), stamped with authoritative lineage so it registers