Skip to content

[codex] add cloud gateway account management#402

Draft
jeremymcs wants to merge 8 commits into
mainfrom
codex/cloud-mcp-gateway-accounts-usage
Draft

[codex] add cloud gateway account management#402
jeremymcs wants to merge 8 commits into
mainfrom
codex/cloud-mcp-gateway-accounts-usage

Conversation

@jeremymcs

@jeremymcs jeremymcs commented Jun 2, 2026

Copy link
Copy Markdown
Member

Summary

  • add Cloud MCP Gateway user management with admin and account UIs, Clerk-backed account auth, local hashed user tokens, pairing codes, usage tracking, and quota enforcement
  • let local cloud runtimes advertise external MCP tools, including browser MCP tools, and forward those through the gateway with routing fields
  • add authenticated Streamable HTTP support for gsd-mcp-server --http plus README coverage for cloud/remote setup

Why

Remote MCP clients need a safer hosted gateway surface: operators need users, tokens, runtime visibility, usage accounting, and quotas, while local runtimes need a way to expose browser and other stdio MCP tools without exposing local websocket endpoints.

Validation

  • pnpm install --lockfile-only --ignore-scripts
  • pnpm install --ignore-scripts
  • pnpm --filter @opengsd/contracts build
  • pnpm --filter @opengsd/rpc-client build
  • pnpm --filter @opengsd/mcp-server build
  • pnpm --filter @opengsd/cloud-mcp-gateway test
  • pnpm --filter @opengsd/mcp-server test
  • pnpm --filter @opengsd/daemon build
  • pnpm --filter @opengsd/daemon test

View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.


Note

High Risk
Touches authentication, token lifecycle, Clerk integration, and quota enforcement on the public /mcp path—misconfiguration could lock out users or expose endpoints; large surface area across gateway, daemon, and mcp-server.

Overview
This PR turns the Cloud MCP Gateway into an operable hosted product: admin (/admin) and Clerk-backed account (/account) UIs, REST APIs for users/tokens/pairing/runtimes/usage, persisted auth and usage stores, and plan-based quotas that block /mcp tool calls before they hit the local runtime (throttled calls logged as non-billable).

The gateway MCP layer now merges runtime-advertised tools (with runtimeId / projectAlias routing) alongside built-in GSD tools, records per-call metrics, and enforces limits via a new usage limiter. Auth grows into a full user registry (roles, plans, revocable gsd_usr_ tokens, disabled users, optional POST /register).

On the daemon side, cloud runtimes can bridge stdio MCP servers (default gsd-browser mcp, configurable via env) and advertise those tools upstream; LocalToolExecutor delegates unknown tool names to that bridge.

gsd-mcp-server gains --http Streamable HTTP on /mcp with bearer auth defaults that refuse public unauthenticated binds unless loopback or --no-auth.

Reviewed by Cursor Bugbot for commit beb1592. Bugbot is set up for automated code reviews on this repo. Configure here.

@socket-security

socket-security Bot commented Jun 2, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednpm/​@​clerk/​backend@​3.4.148010095100100

View full report

@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

🔴 PR Risk Report — CRITICAL

Files changed 32
Systems affected 4
Overall risk 🔴 CRITICAL

Affected Systems

Risk System
🔴 critical Agent Core
🟠 high AI Providers
🟡 medium CLI
🟡 medium TUI Components
File Breakdown
Risk File Systems
🟡 packages/cloud-mcp-gateway/src/cli.ts CLI
🔴 packages/cloud-mcp-gateway/src/index.ts Agent Core, AI Providers, TUI Components
🟡 packages/mcp-server/src/cli.ts CLI
packages/cloud-mcp-gateway/README.md (unclassified)
packages/cloud-mcp-gateway/package.json (unclassified)
packages/cloud-mcp-gateway/src/account-ui.ts (unclassified)
packages/cloud-mcp-gateway/src/admin-ui.ts (unclassified)
packages/cloud-mcp-gateway/src/auth-store.test.ts (unclassified)
packages/cloud-mcp-gateway/src/auth-store.ts (unclassified)
packages/cloud-mcp-gateway/src/clerk-auth.test.ts (unclassified)
packages/cloud-mcp-gateway/src/clerk-auth.ts (unclassified)
packages/cloud-mcp-gateway/src/mcp.test.ts (unclassified)
packages/cloud-mcp-gateway/src/mcp.ts (unclassified)
packages/cloud-mcp-gateway/src/protocol.ts (unclassified)
packages/cloud-mcp-gateway/src/runtime-registry.test.ts (unclassified)
packages/cloud-mcp-gateway/src/runtime-registry.ts (unclassified)
packages/cloud-mcp-gateway/src/server.test.ts (unclassified)
packages/cloud-mcp-gateway/src/server.ts (unclassified)
packages/cloud-mcp-gateway/src/usage-limits.test.ts (unclassified)
packages/cloud-mcp-gateway/src/usage-limits.ts (unclassified)
packages/cloud-mcp-gateway/src/usage-store.test.ts (unclassified)
packages/cloud-mcp-gateway/src/usage-store.ts (unclassified)
packages/daemon/package.json (unclassified)
packages/daemon/src/cloud-runtime.ts (unclassified)
packages/daemon/src/external-mcp-tools.ts (unclassified)
packages/daemon/src/local-tool-executor.test.ts (unclassified)
packages/daemon/src/local-tool-executor.ts (unclassified)
packages/mcp-server/README.md (unclassified)
packages/mcp-server/package.json (unclassified)
packages/mcp-server/src/http.test.ts (unclassified)
packages/mcp-server/src/http.ts (unclassified)
pnpm-lock.yaml (unclassified)

⚠️ 🔴 Critical risk — the following systems require verification before merge:

  • 🔴 Agent Core: check for race conditions and loop exit paths in the agent loop
  • 🟠 AI Providers: confirm provider API contract and error handling are intact

⛔ This PR should not be merged without executing this follow-up prompt.

Ask your coding agent to verify before submitting:

Review this PR for risks in: Agent Core, AI Providers. Verify:

1. check for race conditions and loop exit paths in the agent loop
2. confirm provider API contract and error handling are intact

Before modifying any code, assess the scope of this fix:

- Identify the root cause, not just the reported symptom.
- Search the codebase for other call sites, similar patterns, or duplicated logic that may share the same bug.
- List affected tests, documentation, and any downstream consumers that depend on the current behavior.
- Flag any changes that extend beyond the immediate file or function.

Report findings first. Then propose a fix scoped to the actual root cause, and wait for confirmation before applying changes outside the originally reported location.

💡 Have a Codex subscription? Get an independent second opinion: codex review --adversarial

@jeremymcs jeremymcs marked this pull request as ready for review June 2, 2026 15:27
Comment thread packages/mcp-server/src/http.ts Fixed
Comment thread packages/mcp-server/src/http.ts Fixed
@jeremymcs jeremymcs marked this pull request as draft June 2, 2026 15:31

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Fix All in Cursor

Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issues.

Reviewed by Cursor Bugbot for commit beb1592. Configure here.

Comment thread packages/mcp-server/src/http.ts Outdated
Comment thread packages/cloud-mcp-gateway/src/usage-limits.ts
@jeremymcs

Copy link
Copy Markdown
Member Author

Accepted — queued for a code change.

@socket-security

socket-security Bot commented Jun 2, 2026

Copy link
Copy Markdown

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@jeremymcs jeremymcs force-pushed the codex/cloud-mcp-gateway-accounts-usage branch from 0515360 to 52ebbc7 Compare June 12, 2026 03:28
@jeremymcs

Copy link
Copy Markdown
Member Author

Accepted — queued for a code change.

@jeremymcs

Copy link
Copy Markdown
Member Author

Started an automated PR update.

Merge conflicts were detected while updating this branch from the base branch.

Conflicted files:

  • packages/cloud-mcp-gateway/src/runtime-registry.test.ts
  • packages/mcp-server/package.json

An automatic resolution attempt is running. If it cannot complete safely, this PR will be marked for manual follow-up.

@jeremymcs jeremymcs force-pushed the codex/cloud-mcp-gateway-accounts-usage branch from 900cec2 to 44cea75 Compare July 2, 2026 04:23
@jeremymcs

Copy link
Copy Markdown
Member Author

Started an automated PR update.

Merge conflicts were detected while updating this branch from the base branch.

Conflicted files:

  • packages/cloud-mcp-gateway/src/auth-store.ts
  • packages/daemon/src/cloud-runtime.ts

An automatic resolution attempt is running. If it cannot complete safely, this PR will be marked for manual follow-up.

@jeremymcs

Copy link
Copy Markdown
Member Author

Re: the latest Cursor Bugbot review (commit beb15921, "2 potential issues") — both flagged issues are already fixed and verified at current HEAD (44cea75f); the corresponding inline review threads are resolved:

  1. HTTP MCP auth timing-unsafe comparisonauthorize in packages/mcp-server/src/http.ts:89 uses a.length === b.length && timingSafeEqual(a, b) (node:crypto), matching the gateway's tokenMatches pattern. No timing leak.
  2. readLimit treats fractional values as unlimitedpackages/cloud-mcp-gateway/src/usage-limits.ts:210-216 now uses an explicit if (parsed === 0) return undefined sentinel and Math.max(1, Math.floor(parsed)), so 0.5 resolves to a limit of 1, not unlimited. Covered by the readLimit treats fractional values as limit of 1, not unlimited test.

Verification at HEAD: pnpm --filter @opengsd/mcp-server test → 208/208 pass; pnpm --filter @opengsd/cloud-mcp-gateway test → 45/45 pass. No code change needed — the Bugbot re-flag is stale relative to the fixes already on this branch.

@jeremymcs jeremymcs force-pushed the codex/cloud-mcp-gateway-accounts-usage branch from 44cea75 to c260f84 Compare July 7, 2026 21:02
@jeremymcs

Copy link
Copy Markdown
Member Author

Started an automated PR update.

Accepted review feedback is being applied.
Progress and final results will be posted in the related review thread(s).

jeremymcs added a commit that referenced this pull request Jul 7, 2026
jeremymcs and others added 8 commits July 7, 2026 16:36
…onal sentinel

- Replace `===` bearer token comparison in mcp-server http.ts with
  timingSafeEqual (mirrors the cloud-mcp-gateway tokenMatches helper)
- Fix readLimit in usage-limits.ts: values in (0, 1) no longer silently
  map to unlimited via `Math.floor(x) || undefined`; they now resolve to
  a minimum limit of 1. Only an explicit `0` maps to unlimited.
- Add test case covering the fractional readLimit behaviour

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@jeremymcs jeremymcs force-pushed the codex/cloud-mcp-gateway-accounts-usage branch from c9770ac to 3b88520 Compare July 7, 2026 21:39
@jeremymcs

Copy link
Copy Markdown
Member Author

Started an automated PR update.

Merge conflicts were detected while updating this branch from the base branch.

Conflicted files:

  • packages/daemon/package.json
  • pnpm-lock.yaml

An automatic resolution attempt is running. If it cannot complete safely, this PR will be marked for manual follow-up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants