fix(mcp): restrict device execution to user's own devices

[saddlepaddle]

Summary

• Adds userId ownership check in executeOnDevice() so users can only target their own devices, not any device in the org
• Returns an explicit error ("Device X does not belong to you") instead of the misleading "not online" when targeting another user's device
• Updates start_claude_session and start_claude_subagent tool descriptions to note the ownership constraint

Test plan

• bun run typecheck passes
• bun test passes
• Authenticate as User A, target User B's device → get "does not belong to you" error
• Authenticate as User A, target User A's own device → works as before
• Nonexistent/offline device → still returns "not online" error

Summary by CodeRabbit

• Bug Fixes

  • Added ownership validation so users can only operate devices that belong to them.

• Documentation

  • Updated tool descriptions to clarify device ownership requirements.

[coderabbitai]

📝 Walkthrough

Walkthrough

Tool descriptions were updated to state an ownership requirement, and the device execution utility now verifies the device belongs to the current user before creating commands.

Changes

Cohort / File(s)	Summary
Tool Documentation packages/mcp/src/tools/devices/start-claude-session/start-claude-session.ts	Updated descriptions for start_claude_session and start_claude_subagent to require that the target device belongs to the current user.
Device Execution Logic packages/mcp/src/tools/utils/utils.ts	Added an ownership check in executeOnDevice: after confirming the device is online, the function now verifies device.userId matches the current user and returns an error payload if not, preventing command creation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I sniff the code, I give a thump,
Devices checked before we jump.
Only owners may call the tune,
I guard the keys beneath the moon. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: restricting device execution to user-owned devices via a userId ownership check.
Description check	✅ Passed	The description includes a clear summary and test plan. However, it doesn't follow the required template structure with explicit sections like Type of Change, Testing, and Additional Notes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-slack-context

---

No actionable comments were generated in the recent review. 🎉

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🧹 Preview Cleanup Complete

The following preview resources have been cleaned up:

• ✅ Neon database branch
• ✅ Electric Fly.io app
• ✅ Streams Fly.io app

Thank you for your contribution! 🎉