Add project scoping support#100
Conversation
Read KERNEL_PROJECT or KERNEL_PROJECT_ID env var and inject the X-Kernel-Project-Id header into all SDK requests. This mirrors the CLI approach and allows org-scoped API keys to target a specific project.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR modifies the MCP server client setup, not the kernel API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal) specified in the filter. To monitor this PR anyway, reply with |
Projects is a brand new feature — KERNEL_PROJECT_ID was never in production, so there's no legacy to preserve. Only read KERNEL_PROJECT. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 8a7abb7. Configure here.
| const projectId = process.env.KERNEL_PROJECT; | ||
| if (projectId) { | ||
| headers["X-Kernel-Project-Id"] = projectId; | ||
| } |
There was a problem hiding this comment.
Missing KERNEL_PROJECT_ID environment variable fallback
High Severity
The PR description states that KERNEL_PROJECT takes priority over KERNEL_PROJECT_ID, matching the CLI behavior. However, the implementation only reads process.env.KERNEL_PROJECT and never falls back to process.env.KERNEL_PROJECT_ID. Users who configure project scoping via KERNEL_PROJECT_ID (instead of KERNEL_PROJECT) will silently get no project scoping applied to their requests, which could lead to API calls hitting the wrong project scope.
Reviewed by Cursor Bugbot for commit 8a7abb7. Configure here.
2 participants
Adds server-side project scoping for the MCP server.
What changed
createKernelClient()now readsKERNEL_PROJECTfrom env vars and, when set, injects theX-Kernel-Project-Idheader into all SDK requests.Scope
This is server-side env-var scoping — the deployment is pinned to one project for every user that connects. Useful for self-hosted MCP deployments where the operator wants every connecting user/agent locked to a single project.
For the hosted
mcp.onkernel.com(multi-tenant), this env var is not the right knob — it would scope every user of the hosted deployment to the same project. For per-user project scoping on hosted MCP, use either:Notes
KERNEL_PROJECTonly.KERNEL_PROJECT_IDwas never shipped, so there's no legacy fallback to preserve.KERNEL_PROJECTis not set, no header is sent (backwards compatible).Related