fix(webapp): scope sessions auth per-task, not wildcard

ericallam · ericallam · commit c438fdffbedb · 2026-04-30T09:31:01.000+01:00
Devin caught two real issues with the previous resource shape on PR #3474: 1. The "body isn't available at auth-resolve time" claim was wrong. Action-route resource callbacks receive the parsed body as the 4th arg (apiBuilder.server.ts:710). Other routes like api.v1.tasks.batch.ts use it (line 33). 2. The auth check is OR across resource types — listing both `sessions: "*"` and `tasks: body.taskIdentifier` would let a `write:sessions`-only JWT pass for any task, defeating the per-task narrowing. Replace `() => ({ sessions: "*" })` with `(_, __, ___, body) => ({ tasks: body.taskIdentifier })` and rely on the `write:sessions` / `admin` super-scopes for broad access. A JWT scoped only to `write:tasks:foo` can now only create sessions whose taskIdentifier is `foo`. MCP-style flows that hold `write:sessions` continue to work via the super-scope path. Verified: MCP `start_agent_chat` → `send_agent_message` → `close_agent_chat` still passes locally; webapp typecheck clean.
diff --git a/apps/webapp/app/routes/api.v1.sessions.ts b/apps/webapp/app/routes/api.v1.sessions.ts
@@ -110,15 +110,23 @@ const { action } = createActionApiRoute(
     // behalf of the developer without weakening the browser model.
     allowJWT: true,
     authorization: {
-      // Resource scoping by `taskIdentifier` isn't possible at auth-resolve
-      // time — action routes don't pass `body` to the resource callback,
-      // and the task name only lives in the body. We require a `sessions`
-      // resource scope (wildcard) and rely on `write:sessions` / `admin`
-      // super-scopes to gate access. Per-task narrowing happens implicitly
-      // because the JWT-issuer (e.g. cli-v3 MCP) decides which scopes to
-      // request when minting the token.
+      // Per-task scoping via `body.taskIdentifier` (action-route resource
+      // callbacks receive the parsed body as the 4th arg — see
+      // `apiBuilder.server.ts:710`). A JWT scoped only to `write:tasks:foo`
+      // can only create sessions whose `taskIdentifier` is `"foo"`. Broad
+      // callers (cli-v3 MCP, customer servers wrapping their own auth)
+      // hold the `write:sessions` super-scope and bypass the per-task
+      // check entirely.
+      //
+      // Note: the auth check is OR across resource types, so listing both
+      // `sessions` and `tasks` here would let a `write:sessions`-scoped
+      // JWT pass for *any* task — defeating the per-task narrowing. Keep
+      // it task-only and let the super-scope path handle session-level
+      // wildcard access.
       action: "write",
-      resource: () => ({ sessions: "*" }),
+      resource: (_params, _searchParams, _headers, body) => ({
+        tasks: body.taskIdentifier,
+      }),
       superScopes: ["write:sessions", "admin"],
     },
     corsStrategy: "all",
