fix(superintendent): prevent owner review from loading document MCP servers by kamilio · Pull Request #316 · poe-platform/poe-code

kamilio · 2026-05-15T18:06:25Z

Owner review previously forwarded MCP server definitions from superintendent document frontmatter into the spawned owner agent, creating a trust-boundary where attacker-controlled plans could cause local commands to be executed.

Limit owner review MCP configuration to the built-in workflow transition server by changing buildMcpServers to only return the owner-workflow MCP server and ignore document-supplied MCP entries.
Remove the document-to-spawn MCP mapping path and the unused toSpawnMcpServer/McpConfig usage from packages/superintendent/src/runtime/run-owner-review.ts.
Update unit tests in packages/superintendent/src/runtime/run-owner-review.test.ts to assert that document-defined MCP servers are ignored while the workflow MCP server remains present and retains its timeout.

Ran npm run test -- packages/superintendent/src/runtime/run-owner-review.test.ts and the test file passed (13 tests all succeeding).
Commit hooks ran npm run lint:eslint and npm run lint:types as part of the commit and they completed (warnings only for existing files, no blocking errors).

…ervers

poe-code-agent

LGTM

fix(superintendent): prevent owner review from loading document MCP s…

bb175f3

…ervers

kamilio added aardvark codex labels May 15, 2026 — with ChatGPT Codex Connector

poe-code-agent Bot approved these changes May 15, 2026

View reviewed changes

Provide feedback