michal/mcpctl
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Revert "feat(mcplocal): per-McpToken gate-ungate cache so service tokens survive proxies"
All checks were successful
CI/CD / lint (push) Successful in 51s
Details
CI/CD / typecheck (push) Successful in 1m46s
Details
CI/CD / test (push) Successful in 1m3s
Details
CI/CD / build (push) Successful in 2m14s
Details
CI/CD / smoke (push) Successful in 4m43s
Details
CI/CD / publish (push) Successful in 1m23s
Details

Browse Source 
This reverts commit 39df459bb1.
This commit is contained in:
Michal
2026-04-18 18:16:18 +01:00
parent 1480d268c7
commit 6946250090
7 changed files with 14 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
src/mcplocal/tests/session-gate.test.ts
View File

@@ -152,76 +152,4 @@ describe('SessionGate', () => {
expect(gate.isGated('s1')).toBe(false);
expect(gate.getSession('s2')!.tags).toEqual([]); // s2 untouched
});
describe('per-McpToken ungate cache', () => {
it('new session from an already-ungated token starts ungated, with prior tags + prompts', () => {
const gate = new SessionGate();
gate.createSession('session-1', true, 'tokA');
expect(gate.isGated('session-1')).toBe(true);
gate.ungate('session-1', ['ops'], makeMatchResult(['runbook']), 'tokA');
expect(gate.isTokenUngated('tokA')).toBe(true);
// LiteLLM semantics: same token, brand-new session-id.
gate.createSession('session-2', true, 'tokA');
expect(gate.isGated('session-2')).toBe(false);
const s2 = gate.getSession('session-2')!;
expect(s2.tags).toContain('ops');
expect(s2.retrievedPrompts.has('runbook')).toBe(true);
});
it('does not persist across tokens', () => {
const gate = new SessionGate();
gate.createSession('s1', true, 'tokA');
gate.ungate('s1', ['ops'], makeMatchResult(['p']), 'tokA');
// Different token → fresh gated session.
gate.createSession('s2', true, 'tokB');
expect(gate.isGated('s2')).toBe(true);
expect(gate.isTokenUngated('tokB')).toBe(false);
});
it('is not triggered when no tokenSha is supplied (STDIO path)', () => {
const gate = new SessionGate();
gate.createSession('s1', true);
gate.ungate('s1', ['ops'], makeMatchResult(['p']));
// A second session with no token starts gated — STDIO semantics preserved.
gate.createSession('s2', true);
expect(gate.isGated('s2')).toBe(true);
});
it('honors the TTL window and expires', () => {
const gate = new SessionGate(50); // 50ms TTL for the test
gate.createSession('s1', true, 'tokA');
gate.ungate('s1', ['ops'], makeMatchResult(['p']), 'tokA');
expect(gate.isTokenUngated('tokA')).toBe(true);
return new Promise<void>((resolve) => setTimeout(() => {
expect(gate.isTokenUngated('tokA')).toBe(false);
gate.createSession('s2', true, 'tokA');
expect(gate.isGated('s2')).toBe(true);
resolve();
}, 70));
});
it('revokeToken clears the ungate entry immediately', () => {
const gate = new SessionGate();
gate.createSession('s1', true, 'tokA');
gate.ungate('s1', ['ops'], makeMatchResult(['p']), 'tokA');
expect(gate.isTokenUngated('tokA')).toBe(true);
gate.revokeToken('tokA');
expect(gate.isTokenUngated('tokA')).toBe(false);
gate.createSession('s2', true, 'tokA');
expect(gate.isGated('s2')).toBe(true);
});
it('empty-string tokenSha does not register an ungate entry', () => {
const gate = new SessionGate();
gate.createSession('s1', true, '');
gate.ungate('s1', ['ops'], makeMatchResult(['p']), '');
expect(gate.isTokenUngated('')).toBe(false);
});
});
});