Summary
MCP v2 host mutation tools can fail with You don't have access to host ... even when the same user can access the host and the same operation works via the CLI.
The observed failure is with:
workspaces_createagents_run
Cloud-only/listing tools still work:
hosts_listprojects_listworkspaces_list
Observed behavior
workspaces_list returns the host's workspaces through MCP v2.hosts_list returns the host.workspaces_create via MCP v2 fails with You don't have access to host ....agents_run via MCP v2 fails with the same error.superset workspaces create --host <same-host> ... succeeds.superset agents run --workspace <same-workspace> ... succeeds.
Source-level diagnosis
The CLI and MCP v2 do not use the same path for a local host:
- CLI
resolveHostTarget() uses a local manifest fast path when requestedHostId === getHostId(), calling http://127.0.0.1:<port>/trpc directly.
- MCP v2 always calls the Relay for host mutations via
hostServiceMutation().
Relay checks access before forwarding to the host:
apps/relay/src/access.ts calls host.checkAccess.- It only allows the request when
result.allowed && result.paidPlan.
packages/trpc/src/router/host/host.ts can return allowed: true, paidPlan: false.
In that state, the user has host access but Relay returns 403 because the paid plan gate fails. MCP v2 maps all 403 responses to You don't have access to host ..., which is misleading.
Expected behavior
One of these should be true:
- MCP v2 should use a local fast path for local host operations, matching CLI behavior; or
- MCP v2 should clearly report that Relay/remote host mutation requires a paid plan or remote access entitlement, rather than saying the user lacks host access; or
checkHostAccess should distinguish host membership from paid-plan gating and return a more specific error.
Related PRs
Impact
This breaks programmatic orchestration via MCP v2 in environments where CLI local operations work. It also makes debugging difficult because the error implies missing host access when the actual issue is the Relay paid-plan gate.
Notes
Specific org/host ids and tokens are intentionally omitted from this public report.
Summary
MCP v2 host mutation tools can fail with
You don't have access to host ...even when the same user can access the host and the same operation works via the CLI.The observed failure is with:
workspaces_createagents_runCloud-only/listing tools still work:
hosts_listprojects_listworkspaces_listObserved behavior
workspaces_listreturns the host's workspaces through MCP v2.hosts_listreturns the host.workspaces_createvia MCP v2 fails withYou don't have access to host ....agents_runvia MCP v2 fails with the same error.superset workspaces create --host <same-host> ...succeeds.superset agents run --workspace <same-workspace> ...succeeds.Source-level diagnosis
The CLI and MCP v2 do not use the same path for a local host:
resolveHostTarget()uses a local manifest fast path whenrequestedHostId === getHostId(), callinghttp://127.0.0.1:<port>/trpcdirectly.hostServiceMutation().Relay checks access before forwarding to the host:
apps/relay/src/access.tscallshost.checkAccess.result.allowed && result.paidPlan.packages/trpc/src/router/host/host.tscan returnallowed: true, paidPlan: false.In that state, the user has host access but Relay returns 403 because the paid plan gate fails. MCP v2 maps all 403 responses to
You don't have access to host ..., which is misleading.Expected behavior
One of these should be true:
checkHostAccessshould distinguish host membership from paid-plan gating and return a more specific error.Related PRs
allowed: true, paidPlan: falsecase.agents_run, which inherits the same Relay host-mutation path.Impact
This breaks programmatic orchestration via MCP v2 in environments where CLI local operations work. It also makes debugging difficult because the error implies missing host access when the actual issue is the Relay paid-plan gate.
Notes
Specific org/host ids and tokens are intentionally omitted from this public report.