Problem
The Terraform provider needs to support the real-world admin workflow of pre-provisioning a personal MCP server installation for another user. The current platform API shape appears to support this (InsertMcpServerSchema has userId, and McpServerModel.create() uses userId to assign the personal MCP server), but the install route overwrites the requested target user with the authenticated request user.
This means an admin cannot install an MCP server on behalf of another user. Any provider-side user_id field would be ignored by the backend and would either create the install for the API key owner or return an existing personal install for the API key owner.
Verified against latest upstream/main at 6744195f9.
Evidence
In platform/backend/src/routes/mcp-server.ts, POST /api/mcp_server currently overwrites target ownership:
// Set owner_id and userId to current user
serverData.ownerId = user.id;
serverData.userId = user.id;
The same route also checks duplicate personal installs against the authenticated user instead of a requested target user:
if (serverData.scope === "personal") {
const existingPersonal = existingServers.find(
(s) => s.scope === "personal" && s.ownerId === user.id,
);But platform/backend/src/types/mcp-server.ts exposes the intended request field:
userId: z.string().optional(), // For personal auth
And platform/backend/src/models/mcp-server.ts already uses userId for the personal install semantics:
const { userId, ...serverData } = server;
// ... construct local name with ownerId: userId
if (userId) {
await McpServerUserModel.assignUserToMcpServer(createdServer.id, userId);
}Expected behavior
For scope = "personal":
- If the request omits
userId, keep current behavior: install for the authenticated user.
- If the request includes
userId, allow users with sufficient permissions to install for that target user.
- Store
ownerId and the mcp_server_user assignment for the target user, not the authenticated API user.
- Duplicate detection should key on the effective target user, not always
user.id.
- Existing current-user personal install behavior remains unchanged.
Permission expectation
Suggested policy: only users with mcpServerInstallation:admin can install a personal MCP server for another user. Regular users should still only install for themselves.
Acceptance criteria
POST /api/mcp_server with scope: "personal" and userId: <other-user-id> creates or returns the personal install for <other-user-id> when caller has admin permission.- The response includes
ownerId = <other-user-id> and users / userDetails include <other-user-id>.
- Duplicate personal install detection uses
<other-user-id>.
- A non-admin caller gets a 403 when targeting another user.
- Terraform provider can safely add
archestra_mcp_server_installation.user_id without a backend-ignore guard firing.
Problem
The Terraform provider needs to support the real-world admin workflow of pre-provisioning a personal MCP server installation for another user. The current platform API shape appears to support this (
InsertMcpServerSchemahasuserId, andMcpServerModel.create()usesuserIdto assign the personal MCP server), but the install route overwrites the requested target user with the authenticated request user.This means an admin cannot install an MCP server on behalf of another user. Any provider-side
user_idfield would be ignored by the backend and would either create the install for the API key owner or return an existing personal install for the API key owner.Verified against latest
upstream/mainat6744195f9.Evidence
In
platform/backend/src/routes/mcp-server.ts,POST /api/mcp_servercurrently overwrites target ownership:The same route also checks duplicate personal installs against the authenticated user instead of a requested target user:
But
platform/backend/src/types/mcp-server.tsexposes the intended request field:And
platform/backend/src/models/mcp-server.tsalready usesuserIdfor the personal install semantics:Expected behavior
For
scope = "personal":userId, keep current behavior: install for the authenticated user.userId, allow users with sufficient permissions to install for that target user.ownerIdand themcp_server_userassignment for the target user, not the authenticated API user.user.id.Permission expectation
Suggested policy: only users with
mcpServerInstallation:admincan install a personal MCP server for another user. Regular users should still only install for themselves.Acceptance criteria
POST /api/mcp_serverwithscope: "personal"anduserId: <other-user-id>creates or returns the personal install for<other-user-id>when caller has admin permission.ownerId = <other-user-id>andusers/userDetailsinclude<other-user-id>.<other-user-id>.archestra_mcp_server_installation.user_idwithout a backend-ignore guard firing.