Merge branch 'main' into mg/add-validations

Author: MarceloRGonc

packages/server/api/src/app/ai/chat/ai-mcp-chat.controller.ts

@@ -26,6 +26,7 @@ import { ModelMessage } from 'ai';
 import { FastifyReply } from 'fastify';
 import { StatusCodes } from 'http-status-codes';
 import removeMarkdown from 'markdown-to-text';
+import { getProjectScopedRoutePolicy } from '../../core/security/route-policies/route-security-policy-factory';
 import { extractUiToolResultsFromMessage } from '../mcp/tool-utils';
 import {
   createChatContext,
@@ -470,6 +471,9 @@ export const aiMCPChatController: FastifyPluginAsyncTypebox = async (app) => {
 const OpenChatOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai', 'ai-chat-mcp'],
@@ -482,6 +486,9 @@ const OpenChatOptions = {
 const NewMessageOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai', 'ai-chat-mcp'],
@@ -494,6 +501,9 @@ const NewMessageOptions = {
 const ChatNameOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai', 'ai-chat-mcp'],
@@ -505,6 +515,9 @@ const ChatNameOptions = {
 const CodeGenerationOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai', 'ai-chat'],
@@ -517,6 +530,9 @@ const CodeGenerationOptions = {
 const RenameChatOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai', 'ai-chat-mcp'],
@@ -529,6 +545,9 @@ const RenameChatOptions = {
 const DeleteChatOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai', 'ai-chat-mcp'],
@@ -541,6 +560,9 @@ const DeleteChatOptions = {
 const ListChatsOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai', 'ai-chat-mcp'],
@@ -555,6 +577,9 @@ const ListChatsOptions = {
 const UpdateChatModelOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai', 'ai-chat-mcp'],

packages/server/api/src/app/ai/config/ai-config.controller.ts

@@ -5,6 +5,7 @@ import {
 import { AiConfig, PrincipalType, SaveAiConfigRequest } from '@openops/shared';
 import { StatusCodes } from 'http-status-codes';
 import { entitiesMustBeOwnedByCurrentProject } from '../../authentication/authorization';
+import { getProjectScopedRoutePolicy } from '../../core/security/route-policies/route-security-policy-factory';
 import { aiConfigService } from './ai-config.service';
 
 export const aiConfigController: FastifyPluginAsyncTypebox = async (app) => {
@@ -84,6 +85,9 @@ export const aiConfigController: FastifyPluginAsyncTypebox = async (app) => {
 const SaveAiConfigOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai-config'],
@@ -96,6 +100,9 @@ const SaveAiConfigOptions = {
 const getAiConfigRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai-config'],
@@ -107,6 +114,9 @@ const getAiConfigRequest = {
 const aiConfigIdRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['ai-config'],

packages/server/api/src/app/mcp/config/mcp-config.controller.ts

@@ -9,6 +9,7 @@ import {
 } from '@openops/shared';
 import { StatusCodes } from 'http-status-codes';
 import { entitiesMustBeOwnedByCurrentProject } from '../../authentication/authorization';
+import { getProjectScopedRoutePolicy } from '../../core/security/route-policies/route-security-policy-factory';
 import { mcpConfigService } from './mcp-config.service';
 
 export const mcpConfigController: FastifyPluginAsyncTypebox = async (app) => {
@@ -50,6 +51,9 @@ export const mcpConfigController: FastifyPluginAsyncTypebox = async (app) => {
 const SaveMcpConfigOptions = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['mcp-config'],
@@ -62,6 +66,9 @@ const SaveMcpConfigOptions = {
 const getMcpConfigRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['mcp-config'],
@@ -72,6 +79,9 @@ const getMcpConfigRequest = {
 const mcpConfigIdRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER],
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER],
+    }),
   },
   schema: {
     tags: ['mcp-config'],