fix: access control hardening and behavior consistency (h-batch-3)#3107
Merged
crivetimihai merged 2 commits intomainfrom Feb 22, 2026
Merged
fix: access control hardening and behavior consistency (h-batch-3)#3107crivetimihai merged 2 commits intomainfrom
crivetimihai merged 2 commits intomainfrom
Conversation
- C-05: require tools.execute for both tools/call and legacy JSON-RPC tool invocation paths
- C-18: enforce scoped access on GET /resources/{resource_id}/info and maintain fail-closed ID ownership checks
- C-19: align root management endpoints with admin.system_config authorization requirements
- C-20: harden OAuth fetch-tools scope resolution and ownership checks with normalized token-team semantics
- C-35: validate server existence and scoped access before SSE setup, preserving deterministic 404/403 behavior
- C-39: sanitize imported scoped fields (team_id, owner_email, visibility, team) before persistence
- C-18: harden JWT rich-token teams semantics by distinguishing omitted teams from explicit teams=null
- add/update regression tests for allow/deny coverage across RPC, OAuth, resource info, import sanitization, and token helpers
- update CHANGELOG and local issue evidence/index entries for the hardening follow-up
Refs: C-05 C-18 C-19 C-20 C-35 C-39
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
vishu-bh
pushed a commit
that referenced
this pull request
Feb 24, 2026
* fix: access control hardening and behavior consistency
- C-05: require tools.execute for both tools/call and legacy JSON-RPC tool invocation paths
- C-18: enforce scoped access on GET /resources/{resource_id}/info and maintain fail-closed ID ownership checks
- C-19: align root management endpoints with admin.system_config authorization requirements
- C-20: harden OAuth fetch-tools scope resolution and ownership checks with normalized token-team semantics
- C-35: validate server existence and scoped access before SSE setup, preserving deterministic 404/403 behavior
- C-39: sanitize imported scoped fields (team_id, owner_email, visibility, team) before persistence
- C-18: harden JWT rich-token teams semantics by distinguishing omitted teams from explicit teams=null
- add/update regression tests for allow/deny coverage across RPC, OAuth, resource info, import sanitization, and token helpers
- update CHANGELOG and local issue evidence/index entries for the hardening follow-up
Refs: C-05 C-18 C-19 C-20 C-35 C-39
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update tests
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
---------
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR hardens access-control and ownership-scope behavior across RPC, resource reads, OAuth gateway sync, and import sanitization, with focused regression coverage for allow/deny paths.
Changes
C-05
tools.executefor backward-compatible JSON-RPC tool invocation (method=<tool_name>) in addition totools/call.C-18
GET /resources/{resource_id}/info.C-19
admin.system_config) across root routes.C-20
C-35
404/403behavior.C-39
team_id,owner_email,visibility, andteamvalues before persistence.Token helper consistency
teamsfrom explicitteams: null.Validation
Targeted regressions:
uv run pytest -q tests/unit/mcpgateway/test_main.py::TestRPCEndpoints::test_rpc_legacy_tool_invocation_requires_tools_execute tests/unit/mcpgateway/test_main_extended.py::TestRpcHandling::test_handle_rpc_backward_compat_tool_requires_execute_permission tests/unit/mcpgateway/test_main_extended.py::TestRpcHandling::test_handle_rpc_backward_compat_tool_allows_when_authorized tests/unit/mcpgateway/test_main_extended.py::TestRemainingCoverageGaps::test_get_resource_info_success_and_not_found tests/unit/mcpgateway/test_main_extended.py::TestRemainingCoverageGaps::test_get_resource_info_denies_when_scope_enforcement_fails tests/unit/mcpgateway/routers/test_oauth_router.py::TestOAuthRouter::test_fetch_tools_after_oauth_cached_public_only_admin_token_stays_scoped tests/unit/mcpgateway/routers/test_oauth_router.py::TestOAuthRouter::test_fetch_tools_after_oauth_cached_public_only_admin_token_allow_path tests/unit/mcpgateway/services/test_import_service.py::test_sanitize_import_scope_fields_removes_team_and_owner tests/unit/mcpgateway/services/test_import_service.py::test_process_entities_strips_untrusted_scope_fields_before_processing tests/unit/mcpgateway/test_rpc_backward_compatibility.pyFull affected unit modules:
uv run pytest -q tests/unit/mcpgateway/test_main.py tests/unit/mcpgateway/test_main_extended.py tests/unit/mcpgateway/routers/test_oauth_router.py tests/unit/mcpgateway/services/test_import_service.py tests/unit/mcpgateway/test_rpc_backward_compatibility.pyToken helper tests:
uv run pytest -q tests/unit/mcpgateway/utils/test_create_jwt_token.pyPlaywright checks relevant to entity delete behavior:
uv run pytest -q tests/playwright/entities/test_entity_lifecycle.py::TestToolLifecycle::test_delete_tool tests/playwright/entities/test_entity_lifecycle.py::TestResourceLifecycle::test_delete_resource tests/playwright/entities/test_entity_lifecycle.py::TestPromptLifecycle::test_delete_prompt tests/playwright/entities/test_entity_lifecycle.py::TestServerLifecycle::test_delete_serverScope matrix check:
uv run pytest -q tests/playwright/security/test_token_scope_matrix.py::TestTokenTeamsMatrix::test_teams_claim_matrix_controls_visibilityQuality gates:
make flake8(pass)make pylint(pass, 10.00/10)Changelog
CHANGELOG.mdunder1.0.0-RC2to capture the hardening details and token-helper semantics update.Refs: C-05, C-18, C-19, C-20, C-35, C-39