icode-mcp-adapter 1.0.4 → 1.0.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "icode-mcp-adapter",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "Dynamic MCP server adapter — auto-generates CRUD tools from schema configs. Plugs into icode-server via Fastify or runs standalone.",
   "type": "module",
   "main": "src/engine/McpEngine.js",

package/src/engine/McpEngine.js

@@ -1,55 +1,51 @@
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { registerTableTools } from './ToolBuilder.js';
-import { resolveSchemas } from './SchemaAdapter.js';
+import { resolveSchemas as defaultResolveSchemas } from './SchemaAdapter.js';
 
 /**
  * Create an MCP server from a FULL app config (tables already defined).
  *
  * @param {import('./types.js').AppConfig} config - with tables[] fully specified
  * @param {{ query: Function }} db
+ * @param {{ userId: string }} [identity] - Caller identity; required when a table is owner-scoped
  * @returns {McpServer}
  */
-export function createMcpServer(config, db) {
+export function createMcpServer(config, db, identity) {
   const server = new McpServer({
     name: `${config.appName}-mcp`,
     version: config.version,
   });
 
   for (const table of config.tables) {
-    registerTableTools(server, db, table);
+    registerTableTools(server, db, table, identity);
   }
 
   return server;
 }
 
 /**
- * Create an MCP server from a LIGHTWEIGHT config (auto-resolve columns from DB).
+ * Create an MCP server from a LIGHTWEIGHT config (auto-resolve columns).
  *
- * Queries INFORMATION_SCHEMA to discover columns, types, PKs, defaults.
- * Only needs a simple config listing which tables + operations to expose.
- *
- * @param {{ name: string, version?: string, tables: Record<string, import('./SchemaAdapter.js').TableConfig> }} config
+ * @param {Object} config - app config with tables
  * @param {{ query: Function }} db - Pool or SQLService
+ * @param {{ resolveSchemas?: Function, identity?: { userId: string } }} [opts]
+ *        resolveSchemas: (db, tableConfigs, opts) => Promise<TableSchema[]>
+ *        Defaults to INFORMATION_SCHEMA-based resolver.
+ *        Inject your own to use icode-server's SchemasService or any other source.
+ *        identity: caller identity used to scope owner-scoped tables.
  * @returns {Promise<McpServer>}
- *
- * @example
- *   const server = await createMcpServerAuto({
- *     name: 'paaal',
- *     tables: {
- *       plans:        { operations: ['list','get','update'], pkType: 'uuid' },
- *       achievements: { operations: ['list','get','add','update'] },
- *       actions:      { operations: ['list','get','add','update'] },
- *     }
- *   }, db);
  */
-export async function createMcpServerAuto(config, db) {
+export async function createMcpServerAuto(config, db, opts = {}) {
+  const resolveSchemas = opts.resolveSchemas || defaultResolveSchemas;
+
   const tables = await resolveSchemas(db, config.tables, {
-    cacheKey: config.appName,
+    cacheKey: `${config.appName}--${config.env || 'prod'}`,
+    ownerColumn: config.ownerColumn,
   });
 
   return createMcpServer({
     appName: config.appName,
     version: config.version || '1.0.0',
     tables,
-  }, db);
+  }, db, opts.identity);
 }

package/src/engine/SchemaAdapter.js

@@ -1,11 +1,11 @@
 /**
- * Auto-derives MCP TableSchema from the live database (INFORMATION_SCHEMA).
+ * Auto-derives MCP TableSchema from INFORMATION_SCHEMA.
  *
  * Follows icode-server conventions:
  *   - PK: `guid` (string)
  *   - Soft delete: `_deleted` (0 = active, 1 = deleted)
  *   - Timestamp: `_created`
- *   - Meta fields: `_time`, `_by`, `_createdBy`, `pk`, etc. → readOnly
+ *   - Meta fields: `_created`, `_createdBy`, `_time`, `_by`, `_deleted`, `pk` → readOnly
  *
  * Works with:
  *   - mysql2/promise Pool.query()     (standalone)
@@ -14,7 +14,7 @@
 
 // ── MySQL → MCP type mapping ─────────────────────────────────────────────────
 
-const MYSQL_TYPE_MAP = {
+const DATATYPE_MAP = {
   varchar:    'string',
   char:       'string',
   tinytext:   'string',
@@ -25,6 +25,7 @@ const MYSQL_TYPE_MAP = {
   bigint:     'number',
   smallint:   'number',
   mediumint:  'number',
+  tinyint:    'number',
   float:      'number',
   double:     'number',
   decimal:    'number',
@@ -35,9 +36,8 @@ const MYSQL_TYPE_MAP = {
   enum:       'enum',
 };
 
-// ── icode-server meta fields (auto-managed, always readOnly) ─────────────────
+// ── Meta fields (auto-managed by icode-server, always readOnly) ──────────────
 
-// Meta fields auto-managed by icode-server — always readOnly
 const META_FIELDS = new Set([
   '_created',      // created timestamp (epoch ms)
   '_createdBy',    // who created
@@ -53,21 +53,13 @@ const cache = new Map();
 const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
 
 /**
- * Resolve full TableSchema[] from a lightweight config + live DB.
+ * Resolve full TableSchema[] from config + INFORMATION_SCHEMA.
  *
  * @param {{ query: Function }} db - Pool or SQLService
- * @param {Record<string, TableConfig>} tableConfigs - lightweight per-table config
- * @param {{ cacheKey?: string }} [opts]
+ * @param {Record<string, TableConfig>} tableConfigs
+ * @param {{ cacheKey?: string, ownerColumn?: string }} [opts]
+ *        ownerColumn: app-level default owner column (per-table `ownerColumn` overrides; `null` opts out)
  * @returns {Promise<import('./types.js').TableSchema[]>}
- *
- * @typedef {Object} TableConfig
- * @property {('list'|'get'|'add'|'update'|'delete')[]} operations
- * @property {'auto'|'string'} [pkType]        - override PK type detection
- * @property {boolean} [softDelete]            - default: auto-detected (_deleted col)
- * @property {string} [singular]               - override singular derivation
- * @property {string} [displayName]            - override display name
- * @property {string} [listOrderBy]            - default: `_created` DESC
- * @property {Record<string, Partial<import('./types.js').ColumnDef>>} [columns] - per-column overrides
  */
 export async function resolveSchemas(db, tableConfigs, opts = {}) {
   // Check cache
@@ -78,7 +70,6 @@ export async function resolveSchemas(db, tableConfigs, opts = {}) {
     }
   }
 
-  // Detect current database name
   const [dbRows] = await db.query('SELECT DATABASE() as db');
   const dbName = dbRows[0].db;
 
@@ -99,16 +90,14 @@ export async function resolveSchemas(db, tableConfigs, opts = {}) {
       continue;
     }
 
-    // ── Detect primary key ────────────────────────────────────────────────
-    // icode-server uses `guid` (string), fallback to `pk` (auto-increment)
+    // ── Detect primary key ──────────────────────────────────────────────
     const hasGuid = rows.some(r => r.COLUMN_NAME === 'guid');
     const hasPk = rows.some(r => r.COLUMN_NAME === 'pk');
     const pkName = config.primaryKey || (hasGuid ? 'guid' : (hasPk ? 'pk' : 'guid'));
     const pkActualRow = rows.find(r => r.COLUMN_NAME === pkName);
     const isStringPk = pkActualRow?.DATA_TYPE === 'varchar';
 
-    // ── Detect soft delete ────────────────────────────────────────────────
-    // icode-server standard: _deleted = 0 (not deleted), _deleted = 1 (deleted)
+    // ── Detect soft delete ──────────────────────────────────────────────
     const hasDeletedCol = rows.some(r => r.COLUMN_NAME === '_deleted');
 
     let softDeleteFilter = null;
@@ -119,25 +108,31 @@ export async function resolveSchemas(db, tableConfigs, opts = {}) {
       softDeleteSet = '`_deleted` = 1';
     }
 
-    // ── Build columns ─────────────────────────────────────────────────────
+    // ── Build columns ───────────────────────────────────────────────────
     const columns = rows.map(row => {
       const col = buildColumn(row, pkName);
 
-      // Apply per-column overrides from config
+      // Apply per-column overrides from config (description, filterable)
       if (config.columns?.[row.COLUMN_NAME]) {
-        Object.assign(col, config.columns[row.COLUMN_NAME]);
+        const override = config.columns[row.COLUMN_NAME];
+        if (override.description) col.description = override.description;
+        if (override.filterable) col.filterable = true;
+        if (override.required !== undefined) col.required = override.required;
+        if (override.nullable !== undefined) col.nullable = override.nullable;
       }
 
       return col;
     });
 
-    // ── Derive singular name ──────────────────────────────────────────────
     const singular = config.singular || deriveSingular(tableName);
-
-    // ── Default ORDER BY ──────────────────────────────────────────────────
     const hasCreated = rows.some(r => r.COLUMN_NAME === '_created');
     const defaultOrder = hasCreated ? '`_created` DESC' : undefined;
 
+    const ownerColumn = resolveOwnerColumn(config, opts.ownerColumn);
+    if (ownerColumn && !rows.some(r => r.COLUMN_NAME === ownerColumn)) {
+      throw new Error(`[MCP] Table '${tableName}' is owner-scoped on '${ownerColumn}' but no such column exists in '${dbName}'`);
+    }
+
     tables.push({
       name: tableName,
       singular,
@@ -149,6 +144,7 @@ export async function resolveSchemas(db, tableConfigs, opts = {}) {
       softDeleteSet,
       operations: config.operations || ['list', 'get', 'add', 'update'],
       listOrderBy: config.listOrderBy || defaultOrder,
+      ownerColumn,
       columns,
       ...(config.customDescriptions && { customDescriptions: config.customDescriptions }),
     });
@@ -178,37 +174,16 @@ function buildColumn(row, pkName) {
     type: resolveType(row),
   };
 
-  // Primary key → readOnly
-  if (row.COLUMN_NAME === pkName) {
-    col.readOnly = true;
-  }
-
-  // Auto-increment → readOnly
-  if (row.EXTRA?.includes('auto_increment')) {
-    col.readOnly = true;
-  }
+  if (row.COLUMN_NAME === pkName) col.readOnly = true;
+  if (row.EXTRA?.includes('auto_increment')) col.readOnly = true;
+  if (row.COLUMN_NAME === '_created') col.autoSet = 'created_at';
+  if (META_FIELDS.has(row.COLUMN_NAME)) col.readOnly = true;
+  if (row.IS_NULLABLE === 'YES') col.nullable = true;
 
-  // _created → autoSet
-  if (row.COLUMN_NAME === '_created') {
-    col.autoSet = 'created_at';
-  }
-
-  // icode-server meta fields → readOnly (auto-managed by the platform)
-  if (META_FIELDS.has(row.COLUMN_NAME)) {
-    col.readOnly = true;
-  }
-
-  // Nullable
-  if (row.IS_NULLABLE === 'YES') {
-    col.nullable = true;
-  }
-
-  // Default value
   if (row.COLUMN_DEFAULT !== null && row.COLUMN_DEFAULT !== undefined) {
     col.default = parseDefault(row);
   }
 
-  // Required: NOT NULL, no default, not auto-set, not PK, not meta
   if (row.IS_NULLABLE === 'NO'
     && row.COLUMN_DEFAULT === null
     && !col.readOnly
@@ -217,14 +192,12 @@ function buildColumn(row, pkName) {
     col.required = true;
   }
 
-  // Filterable: indexed columns and guid/FK references
   if (row.COLUMN_KEY === 'MUL'
     || (row.COLUMN_NAME.endsWith('_id') && row.COLUMN_NAME !== pkName)
     || (row.COLUMN_NAME === 'guid' && row.COLUMN_NAME !== pkName)) {
     col.filterable = true;
   }
 
-  // Enum values
   if (row.DATA_TYPE === 'enum') {
     col.enumValues = parseEnum(row.COLUMN_TYPE);
   }
@@ -232,19 +205,11 @@ function buildColumn(row, pkName) {
   return col;
 }
 
-// ── Type resolution ──────────────────────────────────────────────────────────
-
 function resolveType(row) {
-  // tinyint(1) → boolean
   if (row.COLUMN_TYPE === 'tinyint(1)') return 'boolean';
-
-  // bigint for timestamp columns → timestamp (epoch ms)
   if (row.DATA_TYPE === 'bigint' && (row.COLUMN_NAME === '_created' || row.COLUMN_NAME === '_time')) return 'timestamp';
-
-  // varchar(36) named guid → string (not uuid — icode guids aren't always uuid format)
   if (row.COLUMN_NAME === 'guid') return 'string';
-
-  return MYSQL_TYPE_MAP[row.DATA_TYPE] || 'string';
+  return DATATYPE_MAP[row.DATA_TYPE] || 'string';
 }
 
 function parseEnum(columnType) {
@@ -268,6 +233,11 @@ function parseDefault(row) {
 
 // ── Helpers ──────────────────────────────────────────────────────────────────
 
+/** Owner column for a table: per-table override → app default → none (null). */
+function resolveOwnerColumn(config, appDefault) {
+  return config.ownerColumn !== undefined ? config.ownerColumn : (appDefault ?? null);
+}
+
 function deriveSingular(name) {
   if (name.endsWith('ies')) return name.slice(0, -3) + 'y';
   if (name.endsWith('ses')) return name.slice(0, -2);

package/src/engine/ToolBuilder.js

@@ -37,14 +37,26 @@ function zodFor(col, opts = {}) {
   return s;
 }
 
-/** Get writable columns (exclude readOnly, autoSet, and primaryKey) */
+/** Get writable columns (exclude readOnly, autoSet, primaryKey, and the owner column) */
 function writableCols(table) {
-  return table.columns.filter(c => !c.readOnly && !c.autoSet && c.name !== table.primaryKey);
+  return table.columns.filter(c =>
+    !c.readOnly && !c.autoSet && c.name !== table.primaryKey && c.name !== table.ownerColumn);
 }
 
-/** Get filterable columns */
+/** Get filterable columns (the owner column is implicit, never a caller filter) */
 function filterCols(table) {
-  return table.columns.filter(c => c.filterable);
+  return table.columns.filter(c => c.filterable && c.name !== table.ownerColumn);
+}
+
+/** WHERE clause + params targeting one row by PK, scoped to the owner when set. */
+function pkWhere(table, pkVal, owner) {
+  let clause = `${q(table.primaryKey)} = ?`;
+  const params = [pkVal];
+  if (owner) {
+    clause += ` AND ${q(owner.col)} = ?`;
+    params.push(owner.id);
+  }
+  return { clause, params };
 }
 
 /** Build PK Zod schema */
@@ -61,24 +73,35 @@ function pkSchema(table) {
  * @param {{ query: (sql: string, params: any[]) => Promise<[any[], any]> }} db
  *        — any object with query(sql, params) → [rows, fields]
  * @param {import('./types.js').TableSchema} table
+ * @param {{ userId: string }} [identity] - Caller identity; required for owner-scoped tables.
  */
-export function registerTableTools(server, db, table) {
+export function registerTableTools(server, db, table, identity) {
   const display = table.displayName || table.singular;
 
+  // Row-level ownership: scope every query to the calling user. Fail closed —
+  // an owner-scoped table is never served without an identity.
+  let owner = null;
+  if (table.ownerColumn) {
+    if (!identity?.userId) {
+      throw new Error(`[MCP] '${table.name}' is owner-scoped but no user identity was provided`);
+    }
+    owner = { col: table.ownerColumn, id: identity.userId };
+  }
+
   for (const op of table.operations) {
     switch (op) {
-      case 'list':   regList(server, db, table, display); break;
-      case 'get':    regGet(server, db, table, display); break;
-      case 'add':    regAdd(server, db, table, display); break;
-      case 'update': regUpdate(server, db, table, display); break;
-      case 'delete': regDelete(server, db, table, display); break;
+      case 'list':   regList(server, db, table, display, owner); break;
+      case 'get':    regGet(server, db, table, display, owner); break;
+      case 'add':    regAdd(server, db, table, display, owner); break;
+      case 'update': regUpdate(server, db, table, display, owner); break;
+      case 'delete': regDelete(server, db, table, display, owner); break;
     }
   }
 }
 
 // ── LIST ──────────────────────────────────────────────────────────────────────
 
-function regList(server, db, table, display) {
+function regList(server, db, table, display, owner) {
   const filters = filterCols(table);
   const inputSchema = {};
   for (const f of filters) {
@@ -96,6 +119,10 @@ function regList(server, db, table, display) {
       const vals = [];
 
       if (table.softDeleteFilter) where.push(table.softDeleteFilter);
+      if (owner) {
+        where.push(`${q(owner.col)} = ?`);
+        vals.push(owner.id);
+      }
 
       for (const f of filters) {
         if (args[f.name] !== undefined && args[f.name] !== null) {
@@ -121,7 +148,7 @@ function regList(server, db, table, display) {
 
 // ── GET ───────────────────────────────────────────────────────────────────────
 
-function regGet(server, db, table, display) {
+function regGet(server, db, table, display, owner) {
   server.registerTool(`get_${table.singular}`, {
     title: `Get ${display}`,
     description: table.customDescriptions?.get
@@ -129,9 +156,10 @@ function regGet(server, db, table, display) {
     inputSchema: { [table.primaryKey]: pkSchema(table) },
   }, async (args) => {
     try {
+      const { clause, params } = pkWhere(table, args[table.primaryKey], owner);
       const [rows] = await db.query(
-        `SELECT * FROM ${q(table.name)} WHERE ${q(table.primaryKey)} = ? LIMIT 1`,
-        [args[table.primaryKey]],
+        `SELECT * FROM ${q(table.name)} WHERE ${clause} LIMIT 1`,
+        params,
       );
       const row = rows[0] || null;
       return {
@@ -146,7 +174,7 @@ function regGet(server, db, table, display) {
 
 // ── ADD ───────────────────────────────────────────────────────────────────────
 
-function regAdd(server, db, table, display) {
+function regAdd(server, db, table, display, owner) {
   const cols = writableCols(table);
   const inputSchema = {};
   for (const c of cols) {
@@ -182,6 +210,13 @@ function regAdd(server, db, table, display) {
         placeholders.push('?');
       }
 
+      // Owner scope — force the owning user; never trust client input
+      if (owner) {
+        insertCols.push(q(owner.col));
+        insertVals.push(owner.id);
+        placeholders.push('?');
+      }
+
       // User-provided columns
       for (const c of cols) {
         if (args[c.name] !== undefined) {
@@ -213,7 +248,7 @@ function regAdd(server, db, table, display) {
 
 // ── UPDATE ────────────────────────────────────────────────────────────────────
 
-function regUpdate(server, db, table, display) {
+function regUpdate(server, db, table, display, owner) {
   const cols = writableCols(table);
   const inputSchema = { [table.primaryKey]: pkSchema(table) };
   for (const c of cols) {
@@ -227,7 +262,6 @@ function regUpdate(server, db, table, display) {
     inputSchema,
   }, async (args) => {
     try {
-      const pkVal = args[table.primaryKey];
       const setClauses = [];
       const vals = [];
 
@@ -242,15 +276,15 @@ function regUpdate(server, db, table, display) {
         return { content: [{ type: 'text', text: 'No fields to update.' }] };
       }
 
-      vals.push(pkVal);
+      const target = pkWhere(table, args[table.primaryKey], owner);
       await db.query(
-        `UPDATE ${q(table.name)} SET ${setClauses.join(', ')} WHERE ${q(table.primaryKey)} = ?`,
-        vals,
+        `UPDATE ${q(table.name)} SET ${setClauses.join(', ')} WHERE ${target.clause}`,
+        [...vals, ...target.params],
       );
 
       const [rows] = await db.query(
-        `SELECT * FROM ${q(table.name)} WHERE ${q(table.primaryKey)} = ?`,
-        [pkVal],
+        `SELECT * FROM ${q(table.name)} WHERE ${target.clause}`,
+        target.params,
       );
 
       return {
@@ -265,7 +299,7 @@ function regUpdate(server, db, table, display) {
 
 // ── DELETE ────────────────────────────────────────────────────────────────────
 
-function regDelete(server, db, table, display) {
+function regDelete(server, db, table, display, owner) {
   server.registerTool(`delete_${table.singular}`, {
     title: `Delete ${display}`,
     description: table.customDescriptions?.delete
@@ -273,17 +307,17 @@ function regDelete(server, db, table, display) {
     inputSchema: { [table.primaryKey]: pkSchema(table) },
   }, async (args) => {
     try {
-      const pkVal = args[table.primaryKey];
+      const { clause, params } = pkWhere(table, args[table.primaryKey], owner);
 
       if (table.softDeleteSet) {
         await db.query(
-          `UPDATE ${q(table.name)} SET ${table.softDeleteSet} WHERE ${q(table.primaryKey)} = ?`,
-          [pkVal],
+          `UPDATE ${q(table.name)} SET ${table.softDeleteSet} WHERE ${clause}`,
+          params,
         );
       } else {
         await db.query(
-          `DELETE FROM ${q(table.name)} WHERE ${q(table.primaryKey)} = ?`,
-          [pkVal],
+          `DELETE FROM ${q(table.name)} WHERE ${clause}`,
+          params,
         );
       }
 

package/src/engine/types.js

@@ -23,6 +23,7 @@
  * @property {ColumnDef[]} columns
  * @property {('list'|'get'|'add'|'update'|'delete')[]} operations
  * @property {string} [listOrderBy]  - Default ORDER BY clause (use backticks for reserved words)
+ * @property {string|null} [ownerColumn] - Row-level owner column; every query is scoped to the caller on it
  * @property {Object} [customDescriptions] - Override tool descriptions per operation
  *
  * @typedef {Object} DbConfig
@@ -40,6 +41,7 @@
  * @property {string} displayName    - Human-readable (e.g., 'PAAAL Coach')
  * @property {string} version
  * @property {DbConfig} db
+ * @property {string} [ownerColumn]  - App-wide default owner column for row-level scoping (per-table `ownerColumn` overrides)
  * @property {TableSchema[]} tables
  */
 

package/src/transport/fastifyAdapter.js

@@ -9,6 +9,7 @@
  *   await app.register(mcpPlugin, {
  *     apps: { paaal: paaalConfig },
  *     getDb: (appName, env) => getAppDbService(appName, env),
+ *     getUser: (appName, env, sid) => resolveSession(appName, env, sid), // → { userId } | null
  *   });
  *
  * Route param format:
@@ -40,6 +41,26 @@ function parseAppParam(param) {
   };
 }
 
+/** Read the Bearer token (an icode session id) from the Authorization header. */
+function readBearer(req) {
+  const header = req.headers['authorization'];
+  if (typeof header !== 'string') return null;
+  const [scheme, token] = header.split(/\s+/, 2);
+  return /^bearer$/i.test(scheme) && token ? token.trim() : null;
+}
+
+/** MCP-spec 401 — points the client at the protected-resource metadata (Login with icode). */
+function unauthorized(req, reply) {
+  const proto = req.headers['x-forwarded-proto'] || req.protocol || 'https';
+  const host = req.headers['x-forwarded-host'] || req.headers.host;
+  reply.header('WWW-Authenticate', `Bearer resource_metadata="${proto}://${host}/.well-known/oauth-protected-resource"`);
+  return reply.code(401).send({
+    jsonrpc: '2.0',
+    error: { code: -32001, message: 'Authentication required' },
+    id: null,
+  });
+}
+
 /**
  * @param {import('fastify').FastifyInstance} fastify
  * @param {Object} opts
@@ -47,16 +68,38 @@ function parseAppParam(param) {
  *        — app configs keyed by appName: { paaal: paaalConfig }
  * @param {(appName: string, env: string) => Promise<{ query: Function }>} opts.getDb
  *        — DB provider function, e.g. (name, env) => getAppDbService(name, env)
+ * @param {(db, tableConfigs, opts) => Promise<TableSchema[]>} [opts.resolveSchemas]
+ *        — Custom schema resolver. Default: INFORMATION_SCHEMA.
+ *        — Inject your own to use SchemasService or any other source.
+ * @param {(appName: string, env: string, sid: string) => Promise<{ userId: string } | null>} [opts.getUser]
+ *        — Resolve a Bearer session id to the caller's identity. When provided, the MCP
+ *          endpoint requires a valid session and scopes data to that user; when omitted,
+ *          requests are unauthenticated (owner-scoped tables then fail closed).
  * @param {string} [opts.prefix='/v1/mcp']
  * @param {boolean} [opts.public=true]
  */
 export default async function mcpPlugin(fastify, opts = {}) {
   const getDb = opts.getDb;
+  const getUser = opts.getUser;
+  const resolveSchemas = opts.resolveSchemas;
   const prefix = opts.prefix || '/v1/mcp';
   const isPublic = opts.public ?? true;
 
   if (!getDb) throw new Error('icode-mcp-adapter: opts.getDb is required');
 
+  // Resolve the request's Bearer session id to { userId } via the injected getUser.
+  // Null when no getUser is configured, no token is sent, or the session is invalid.
+  async function identityFor(req, appName, env) {
+    if (!getUser) return null;
+    const sid = readBearer(req);
+    if (!sid) return null;
+    try {
+      return await getUser(appName, env, sid);
+    } catch {
+      return null;
+    }
+  }
+
   // Build lookup: key = "appName--env" (or "appName--prod" for default)
   const apps = new Map();
   for (const config of Object.values(opts.apps || {})) {
@@ -77,25 +120,41 @@ export default async function mcpPlugin(fastify, opts = {}) {
 
     const sessionId = req.headers['mcp-session-id'];
 
-    // Existing session
+    // Existing session — re-check the caller still owns it (revoked sessions drop here)
     if (sessionId && sessions.has(sessionId)) {
-      await sessions.get(sessionId).transport.handleRequest(req.raw, reply.raw, req.body);
+      const session = sessions.get(sessionId);
+      if (getUser) {
+        const identity = await identityFor(req, appName, env);
+        if (!identity?.userId || identity.userId !== session.userId) {
+          return unauthorized(req, reply);
+        }
+      }
+      await session.transport.handleRequest(req.raw, reply.raw, req.body);
       return reply.hijack();
     }
 
     // New session (must be initialize request)
     if (!sessionId && isInitializeRequest(req.body)) {
+      const identity = await identityFor(req, appName, env);
+      if (getUser && !identity?.userId) return unauthorized(req, reply);
+
       let db;
       try {
         db = await getDb(appName, env);
       } catch (err) {
         return reply.code(400).send({ ok: false, error: err.message || err.sqlMessage || 'Failed to get DB connection' });
       }
-      const server = await createMcpServerAuto(appConfig, db);
+
+      let server;
+      try {
+        server = await createMcpServerAuto(appConfig, db, { resolveSchemas, identity });
+      } catch (err) {
+        return reply.code(500).send({ ok: false, error: err.message || 'Failed to initialize MCP server' });
+      }
 
       const transport = new StreamableHTTPServerTransport({
         sessionIdGenerator: () => randomUUID(),
-        onsessioninitialized: (id) => sessions.set(id, { transport, server }),
+        onsessioninitialized: (id) => sessions.set(id, { transport, server, userId: identity?.userId }),
       });
       transport.onclose = () => {
         if (transport.sessionId) sessions.delete(transport.sessionId);