fix: [ML-1335]: Pass harness-account header in API calls (#150)

* Merge remote-tracking branch 'origin/master' into ML-1335

* revert change to templates.go take up in new PR

* re-create pullreq.go

* re-create accesscontrol.go

* make format

* fix compile

* Merge remote-tracking branch 'origin/master' into ML-1335

* code format + remove check on account_id

* merge scope_utils.go into scope.go

* remove context.go

* port left over calls to scope methods

* Merge remote-tracking branch 'origin' into ML-1335

* Set account ID in context using middleware (#160)

* fix: [ML-1335]: fixed e2e

Signed-off-by: Saranya-jena <[email protected]>

* add unit tests

* remove AccountIDKey

* rename to "scope"

* Set account ID in context using middleware

* fix: [ML-1335]: Resolved comments

Signed-off-by: Saranya-jena <[email protected]>

* fix: [ML-1335]: fixed 404 issue with list_templates tool

Signed-off-by: Saranya-jena <[email protected]>

Author: Saranya-jena

client/client.go

@@ -15,6 +15,7 @@ import (
 	"github.com/cenkalti/backoff/v4"
 	"github.com/harness/harness-mcp/client/dto"
 	"github.com/harness/harness-mcp/pkg/harness/auth"
+	"github.com/harness/harness-mcp/pkg/harness/common"
 )
 
 const (
@@ -29,8 +30,6 @@ var (
 	// when different tools get added.
 	defaultPageSize = 5
 	maxPageSize     = 20
-
-	apiKeyHeader = "x-api-key"
 )
 
 var (
@@ -475,6 +474,13 @@ func (c *Client) Do(r *http.Request) (*http.Response, error) {
 	}
 	r.Header.Set(k, v)
 
+	// Check for scope in context and add account ID to headers if present
+	if scope, err := common.GetScopeFromContext(ctx); err == nil {
+		if scope.AccountID != "" {
+			slog.Debug("Adding account ID header from scope in context", "accountID", scope.AccountID)
+			r.Header.Set("Harness-Account", scope.AccountID)
+		}
+	}
 	return c.client.Do(r)
 }
 

client/client_test.go

@@ -2,11 +2,15 @@ package client
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"io"
 	"net/http"
 	"strings"
 	"testing"
+
+	"github.com/harness/harness-mcp/client/dto"
+	"github.com/harness/harness-mcp/pkg/harness/common"
 )
 
 // TestUnmarshalResponse_StringPointer tests the string pointer handling in unmarshalResponse function
@@ -239,3 +243,75 @@ func (e *errorReader) Read(p []byte) (n int, err error) {
 func (e *errorReader) Close() error {
 	return nil
 }
+
+// --- New tests for Harness-Account header injection via scope ---
+
+type mockAuthProvider struct{}
+
+func (m mockAuthProvider) GetHeader(ctx context.Context) (string, string, error) {
+	return "Authorization", "Bearer test-token", nil
+}
+
+type recordingTransport struct {
+	sawAccount string
+}
+
+func (rt *recordingTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	rt.sawAccount = req.Header.Get("Harness-Account")
+	return &http.Response{
+		StatusCode: http.StatusOK,
+		Body:       io.NopCloser(strings.NewReader("ok")),
+		Header:     make(http.Header),
+		Request:    req,
+	}, nil
+}
+
+func TestClientDo_AddsHarnessAccountHeader_FromScope(t *testing.T) {
+	// Prepare client with recording transport
+	rt := &recordingTransport{}
+	c := &Client{
+		client:       &http.Client{Transport: rt},
+		AuthProvider: mockAuthProvider{},
+	}
+
+	// Build request with scope in context
+	req, err := http.NewRequest(http.MethodGet, "http://example.com/test", nil)
+	if err != nil {
+		t.Fatalf("failed to create request: %v", err)
+	}
+
+	scope := dto.Scope{AccountID: "acc_123", OrgID: "org", ProjectID: "proj"}
+	ctx := common.WithScopeContext(context.Background(), scope)
+	req = req.WithContext(ctx)
+
+	// Execute
+	if _, err := c.Do(req); err != nil {
+		t.Fatalf("Do() returned error: %v", err)
+	}
+
+	// Assert
+	if rt.sawAccount != scope.AccountID {
+		t.Fatalf("expected Harness-Account header %q, got %q", scope.AccountID, rt.sawAccount)
+	}
+}
+
+func TestClientDo_DoesNotAddHarnessAccountHeader_WhenNoScope(t *testing.T) {
+	rt := &recordingTransport{}
+	c := &Client{
+		client:       &http.Client{Transport: rt},
+		AuthProvider: mockAuthProvider{},
+	}
+
+	req, err := http.NewRequest(http.MethodGet, "http://example.com/test", nil)
+	if err != nil {
+		t.Fatalf("failed to create request: %v", err)
+	}
+
+	if _, err := c.Do(req); err != nil {
+		t.Fatalf("Do() returned error: %v", err)
+	}
+
+	if rt.sawAccount != "" {
+		t.Fatalf("expected no Harness-Account header, got %q", rt.sawAccount)
+	}
+}

client/dto/intelligence.go

@@ -107,14 +107,14 @@ func (s *ServiceChatParameters) IsStreaming() bool {
 }
 
 type ServiceChatResponseIntelligence struct {
-    ConversationID    string                   `json:"conversation_id"`
-    ConversationRaw   string                   `json:"conversation_raw"`
-    InteractionID     string                   `json:"interaction_id,omitempty"`
-    CapabilitiesToRun []map[string]interface{} `json:"capabilities_to_run,omitempty"`
-    ModelUsage        map[string]interface{}   `json:"model_usage,omitempty"`
-    // Keep these for backward compatibility if needed elsewhere
-    Response string `json:"response,omitempty"`
-    Error    string `json:"error,omitempty"`
+	ConversationID    string                   `json:"conversation_id"`
+	ConversationRaw   string                   `json:"conversation_raw"`
+	InteractionID     string                   `json:"interaction_id,omitempty"`
+	CapabilitiesToRun []map[string]interface{} `json:"capabilities_to_run,omitempty"`
+	ModelUsage        map[string]interface{}   `json:"model_usage,omitempty"`
+	// Keep these for backward compatibility if needed elsewhere
+	Response string `json:"response,omitempty"`
+	Error    string `json:"error,omitempty"`
 }
 
 // ProgressUpdate represents progress information for streaming responses

cmd/harness-mcp-server/main.go

@@ -366,7 +366,7 @@ func runStdioServer(ctx context.Context, config config.Config) error {
 
 	// Create server
 	// WithRecovery makes sure panics are logged and don't crash the server
-	harnessServer := harness.NewServer(version, server.WithHooks(hooks), server.WithRecovery())
+	harnessServer := harness.NewServer(version, &config, server.WithHooks(hooks), server.WithRecovery())
 
 	// Initialize toolsets
 	toolsets, err := harness.InitToolsets(ctx, &config)

pkg/harness/tools/scope.go renamed to pkg/harness/common/scope.go

@@ -1,6 +1,7 @@
-package tools
+package common
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/harness/harness-mcp/client/dto"
@@ -83,3 +84,37 @@ func FetchScope(config *config.Config, request mcp.CallToolRequest, required boo
 
 	return scope, nil
 }
+
+// OptionalParam is a helper function that can be used to fetch an optional parameter from the request.
+func OptionalParam[T any](r mcp.CallToolRequest, p string) (T, error) {
+	var zero T
+
+	// Check if the parameter is present in the request
+	if _, ok := r.GetArguments()[p]; !ok {
+		return zero, nil
+	}
+
+	// Check if the parameter is of the expected type
+	if _, ok := r.GetArguments()[p].(T); !ok {
+		return zero, fmt.Errorf("parameter %s is not of type %T, is %T", p, zero, r.GetArguments()[p])
+	}
+
+	return r.GetArguments()[p].(T), nil
+}
+
+// ScopeKey is the context key for storing the scope
+type ScopeKey struct{}
+
+// GetScopeFromContext retrieves the scope from the context
+func GetScopeFromContext(ctx context.Context) (dto.Scope, error) {
+	scope, ok := ctx.Value(ScopeKey{}).(dto.Scope)
+	if !ok {
+		return dto.Scope{}, fmt.Errorf("scope not found in context")
+	}
+	return scope, nil
+}
+
+// WithScopeContext adds the scope to the context
+func WithScopeContext(ctx context.Context, scope dto.Scope) context.Context {
+	return context.WithValue(ctx, ScopeKey{}, scope)
+}

pkg/harness/common/scope_test.go

@@ -0,0 +1,96 @@
+package common
+
+import (
+	"testing"
+
+	"github.com/harness/harness-mcp/cmd/harness-mcp-server/config"
+	"github.com/mark3labs/mcp-go/mcp"
+)
+
+func newRequest(args map[string]any) mcp.CallToolRequest {
+	r := mcp.CallToolRequest{}
+	r.Params.Arguments = args
+	return r
+}
+
+func TestFetchScope_ErrorWhenNoAccountID(t *testing.T) {
+	cfg := &config.Config{AccountID: ""}
+	r := newRequest(nil)
+	_, err := FetchScope(cfg, r, false)
+	if err == nil || err.Error() != "account ID is required" {
+		t.Fatalf("expected account ID required error, got: %v", err)
+	}
+}
+
+func TestFetchScope_UsesConfigDefaultsWhenNotProvided(t *testing.T) {
+	cfg := &config.Config{AccountID: "acc", DefaultOrgID: "org", DefaultProjectID: "proj"}
+	r := newRequest(nil)
+	scope, err := FetchScope(cfg, r, false)
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if scope.AccountID != "acc" || scope.OrgID != "org" || scope.ProjectID != "proj" {
+		t.Fatalf("unexpected scope: %+v", scope)
+	}
+}
+
+func TestFetchScope_RequestOverridesConfig(t *testing.T) {
+	cfg := &config.Config{AccountID: "acc", DefaultOrgID: "org", DefaultProjectID: "proj"}
+	args := map[string]any{"org_id": "o2", "project_id": "p2"}
+	r := newRequest(args)
+	scope, err := FetchScope(cfg, r, false)
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if scope.OrgID != "o2" || scope.ProjectID != "p2" {
+		t.Fatalf("expected overrides (o2,p2), got: (%s,%s)", scope.OrgID, scope.ProjectID)
+	}
+}
+
+func TestFetchScope_RequiredMissingOrg(t *testing.T) {
+	cfg := &config.Config{AccountID: "acc", DefaultOrgID: "", DefaultProjectID: "proj"}
+	r := newRequest(nil)
+	_, err := FetchScope(cfg, r, true)
+	if err == nil || err.Error() != "org ID is required" {
+		t.Fatalf("expected org ID required error, got: %v", err)
+	}
+}
+
+func TestFetchScope_RequiredMissingProject(t *testing.T) {
+	cfg := &config.Config{AccountID: "acc", DefaultOrgID: "org", DefaultProjectID: ""}
+	r := newRequest(nil)
+	_, err := FetchScope(cfg, r, true)
+	if err == nil || err.Error() != "project ID is required" {
+		t.Fatalf("expected project ID required error, got: %v", err)
+	}
+}
+
+func TestOptionalParam_MissingReturnsZero(t *testing.T) {
+	r := newRequest(nil)
+	val, err := OptionalParam[string](r, "missing")
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if val != "" {
+		t.Fatalf("expected zero value, got %q", val)
+	}
+}
+
+func TestOptionalParam_TypeMismatch(t *testing.T) {
+	r := newRequest(map[string]any{"n": 123})
+	_, err := OptionalParam[string](r, "n")
+	if err == nil {
+		t.Fatalf("expected type mismatch error, got nil")
+	}
+}
+
+func TestOptionalParam_Success(t *testing.T) {
+	r := newRequest(map[string]any{"s": "ok"})
+	val, err := OptionalParam[string](r, "s")
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if val != "ok" {
+		t.Fatalf("expected 'ok', got %q", val)
+	}
+}

pkg/harness/middleware/account_middleware.go

@@ -0,0 +1,32 @@
+package middleware
+
+import (
+	"context"
+
+	"github.com/harness/harness-mcp/cmd/harness-mcp-server/config"
+	"github.com/harness/harness-mcp/pkg/harness/common"
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+)
+
+// WithHarnessScope creates a middleware that extracts the scope from the request
+// and adds it to the context for all tool handlers
+func WithHarnessScope(config *config.Config) server.ToolHandlerMiddleware {
+	return func(next server.ToolHandlerFunc) server.ToolHandlerFunc {
+		return func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			// Extract scope from the request
+			scope, err := common.FetchScope(config, request, false)
+			if err != nil {
+				// If we can't get the scope, continue with the request
+				// The tool handler will handle this error if needed
+				return next(ctx, request)
+			}
+
+			// Add the entire scope to the context
+			ctx = common.WithScopeContext(ctx, scope)
+
+			// Call the next handler with the enriched context
+			return next(ctx, request)
+		}
+	}
+}