fix(security): enforce Tess MCP server identity #717

Merged
jason.woltje merged 1 commits from fix/tess-mcp-identity into main 2026-07-12 22:49:01 +00:00
Owner

Refs #707, task TESS-M1-SEC-003.

Refs #707, task TESS-M1-SEC-003.
jason.woltje added 1 commit 2026-07-12 21:34:28 +00:00
fix(gateway): harden MCP actor identity scope
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
9ab776f923
Author
Owner

VERIFIED APPROVE reviewer-of-record [W-jarvis:reviewer] head 9ab776f923

Reviewed PR #717 as non-author against main at exact head 9ab776f9232db94fecebbd47dbf86d4f296aadcb.

Evidence:

  • Exact head verified: PR ref resolves to 9ab776f9232db94fecebbd47dbf86d4f296aadcb.
  • Scope verified: MCP controller/service hardening only (apps/gateway/src/mcp/*), no unrelated source surfaces.
  • MCP actor context is now derived server-side from authenticated session data, with tenant, role, channel, correlation, and per-tool scopes; caller-supplied identity fields are rejected.
  • Existing MCP sessions are bound to the same authenticated actor/tenant/role/scope set; guessed or stale-scope session IDs return null.
  • Memory/conversation tools now use the authenticated actor instead of caller-supplied userId; project/mission/task reads and writes are filtered/denied by actor/tenant scope; coord tools remain restricted to global/platform admin scope and no longer accept caller-selected project paths.
  • Tests cover forged actor/tenant fields, missing tool scopes, memory/conversation victim access, tenant read/write boundaries, coord scope restrictions, and MCP session identity mismatch.
  • git diff --check clean.
  • CI verified green on exact head: Woodpecker push pipeline #1686 and PR pipeline #1690 both success via pr-ci-wait -n 717.

No merge performed by reviewer.

VERIFIED APPROVE reviewer-of-record [W-jarvis:reviewer] head 9ab776f9232db94fecebbd47dbf86d4f296aadcb Reviewed PR #717 as non-author against `main` at exact head `9ab776f9232db94fecebbd47dbf86d4f296aadcb`. Evidence: - Exact head verified: PR ref resolves to `9ab776f9232db94fecebbd47dbf86d4f296aadcb`. - Scope verified: MCP controller/service hardening only (`apps/gateway/src/mcp/*`), no unrelated source surfaces. - MCP actor context is now derived server-side from authenticated session data, with tenant, role, channel, correlation, and per-tool scopes; caller-supplied identity fields are rejected. - Existing MCP sessions are bound to the same authenticated actor/tenant/role/scope set; guessed or stale-scope session IDs return null. - Memory/conversation tools now use the authenticated actor instead of caller-supplied `userId`; project/mission/task reads and writes are filtered/denied by actor/tenant scope; coord tools remain restricted to global/platform admin scope and no longer accept caller-selected project paths. - Tests cover forged actor/tenant fields, missing tool scopes, memory/conversation victim access, tenant read/write boundaries, coord scope restrictions, and MCP session identity mismatch. - `git diff --check` clean. - CI verified green on exact head: Woodpecker push pipeline #1686 and PR pipeline #1690 both success via `pr-ci-wait -n 717`. No merge performed by reviewer.
jason.woltje merged commit 227b73fcdf into main 2026-07-12 22:49:01 +00:00
jason.woltje deleted branch fix/tess-mcp-identity 2026-07-12 22:49:02 +00:00
Sign in to join this conversation.
No Reviewers
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#717