Skip to content

Comments

AI-2442: add read-only access control for guest and read-only roles#397

Merged
vita-stejskal merged 5 commits intomainfrom
AI-2442-read-only-access-for-guest-and-ro-roles
Feb 21, 2026
Merged

AI-2442: add read-only access control for guest and read-only roles#397
vita-stejskal merged 5 commits intomainfrom
AI-2442-read-only-access-for-guest-and-ro-roles

Conversation

@vita-stejskal
Copy link
Contributor

@vita-stejskal vita-stejskal commented Feb 18, 2026

Description

Linear: AI-2442

Change Type

  • Major (breaking changes, significant new features)
  • Minor (new features, enhancements, backward compatible)
  • Patch (bug fixes, small improvements, no new features)

Summary

Transplants the role-based access control fix from upstream PR #381:

  • Filter tool list to read-only tools only for guest and readonly roles
  • Block write tool calls for those roles with a clear error message
  • Swallow 403 errors in the tool event trigger (expected for restricted roles that can't post analytics events)
  • Add is_read_only_tool() helper to mcp.py, replacing the duplicate _is_read_only_tool() in authorization.py
  • Bump version to 1.44.8

Testing

  • Tested with Cursor AI desktop (Streamable-HTTP transports)

Optional testing

  • Tested with Cursor AI desktop (all transports)
  • Tested with claude.ai web and canary-orion MCP (SSE and Streamable-HTTP)
  • Tested with In Platform Agent on canary-orion
  • Tested with RO chat on canary-orion

Checklist

  • Self-review completed
  • Unit tests added/updated (if applicable)
  • Integration tests added/updated (if applicable)
  • Project version bumped according to the change type (if applicable)
  • Documentation updated (if applicable)

@vita-stejskal @claude
AI-2442: add read-only access control for guest and read-only roles
0e1c160 
- Filter tools list to read-only tools only for guest/readonly roles
- Block write tool calls for guest/readonly roles with a clear error message
- Swallow 403 errors in tool event trigger (expected for restricted roles)
- Extract is_read_only_tool() to utils.py, removing duplicate from authorization.py
- Bump version to 1.44.8

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@linear
Copy link

linear bot commented Feb 18, 2026

AI-2442 Enable read-only tools access for guest and RO users in chat

@vita-stejskal vita-stejskal self-assigned this Feb 18, 2026
@vita-stejskal vita-stejskal mentioned this pull request Feb 18, 2026
Closed
13 tasks
Base automatically changed from AI-2585-allow-share-role-modify-flow to main February 18, 2026 21:39
Matovidlo
Matovidlo reviewed Feb 19, 2026
View reviewed changes
Copy link
Contributor

@Matovidlo Matovidlo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks alright, the issue is that guest can use all tools except flows one, read only users cannot submit storage events. Therefore I am missing these 2 things. I would do guest role as all tools - excluding scheduler ones and for RO we need to somehow not report to AI/User of MCP when having RO role 403 forbidden when doing storage event or even better to not call it when such user is using the MCP

@vita-stejskal
Copy link
Contributor Author

vita-stejskal commented Feb 20, 2026

It looks alright, the issue is that guest can use all tools except flows one

Ok, this is now fixed in 109fbce. The quest role can access all tools except of those that are accessible only to admins.

... read only users cannot submit storage events. ... and for RO we need to somehow not report to AI/User of MCP when having RO role 403 forbidden when doing storage event or even better to not call it when such user is using the MCP

The 403 Forbidden responses from the SAPI Events API are silently swallowed (logged to DD) regardless of the user's role. This is a workaround which can be removed when the MCP server is allowed to call the SAPI Events API even for read-only user roles. I'd keep this workaround for now. The real fix needs to be done outside of the MCP server and once it's done the SAPI will simply stop responding with 403 Forbidden and so the emitted events will be recorded without any further changes needed in the MCP server.

vita-stejskal and others added 2 commits February 21, 2026 20:30
@vita-stejskal
Merge branch 'main' into AI-2442-read-only-access-for-guest-and-ro-roles
0abaca3
@vita-stejskal @claude
AI-2442: remove implicit requests dependency from cli.py
6f8c9d3 
requests.JSONDecodeError is identical to json.JSONDecodeError (requests
re-exports it), making the handler redundant. Removing it eliminates the
undeclared dependency on the requests library, which is no longer reliably
available as a transitive dep (jsonschema-path 0.4.x made it optional).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@vita-stejskal vita-stejskal merged commit dc5aee0 into main Feb 21, 2026
31 of 37 checks passed
@vita-stejskal vita-stejskal deleted the AI-2442-read-only-access-for-guest-and-ro-roles branch February 21, 2026 21:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Matovidlo Matovidlo Matovidlo approved these changes

@mariankrotil mariankrotil Awaiting requested review from mariankrotil

Assignees

@vita-stejskal vita-stejskal

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vita-stejskal @Matovidlo