@shawn-composiochecks…dash-792-claude-mcp-ai-content-gen-categories → master3 files · +3 −3updated 3w agoAdds the 'AI Content Generation' category to three Mercury toolkits whose pure media-gen tools surfaced for Claude OAuth users despite the existing §4.B category-deny in dashboard/src/server/utils/mcp-client-restrictions.ts. The category-deny mechanism works correctly for properly-tagged toolkits (heygen, kieai, gemini, etc.) — these three were missing the tag.
Anthropic's V1 review of our MCP directory submission flagged 4 critical issues (after V0 was thought to be resolved):
Reproduced in Claude Desktop. Repro evidence at composio-video-scripts/claude-connectors/v1-repro/.
Root cause: the dashboard sends categories: { disable: ["Payment Processing", "AI Content Generation"] } for Claude OAuth clients. Apollo resolves that to a toolkits.disable list by querying Thermos for any toolkit whose categories[] array contains either string. elevenlabs, lmnt, and gan_ai had 'Artificial Intelligence' and 'Video & Audio' but never got 'AI Content Generation' — so the filter never matched.
V0 PR #493 (DASH-792) named elevenlabs in its toolkit-level §4.B denylist, but that denylist was later refactored to category-based and the categorization gap was never backfilled. Confirmed control group (kieai, gemini, heygen, openai, claid_ai, fal_ai, replicate, supportivekoala, procfu) all have 'AI Content Generation' and ARE correctly filtered today.
| Toolkit | Before | After |
|---|---|---|
elevenlabs | ['Artificial Intelligence', 'Video & Audio'] | + 'AI Content Generation' |
lmnt | same | same |
gan_ai | same | same |
bannerbear, dynapictures, placid, remove_bg, ritekit, cloudinary — templating, image-editing, or text-rendering tools. May fall under §4.B's design-asset exception or out of scope (no AI). Pending clarification from Anthropic before tagging. Tracked separately.
postiz_mcp (V1 critical issues 1+2) — MCP-type toolkit not registered in this repo, manually registered in Thermos. Addressed separately in a Thermos data fix.
Local typecheck and config validation passed for all 3 files:
$ make validate-config file=apps/elevenlabs/config.ts
✅ Type checking passed
$ make validate-config file=apps/lmnt/config.ts
✅ Type checking passed
$ make validate-config file=apps/gan_ai/config.ts
✅ Type checking passed
The 'AI Content Generation' string is enum value at line 12 of @composiohq/auth-config's TOOLKIT_CATEGORIES (verified against hermes/packages/auth-config/src/lib/categories.ts:12). createToolkitConfig validates categories against this enum at compile time.
Pre-fix repro (Claude Desktop, OAuth client = Claude → claude-restricted policy):
ELEVENLABS_TEXT_TO_SPEECH (failing — should be filtered)GAN_AI_GET_PHOTO_AVATAR_INFERENCE_DETAILS, GAN_AI_GET_AVATAR_VIDEO_INFERENCE_DETAILS (failing — should be filtered)Post-deploy verification plan:
evictMcpSession flow).elevenlabs, lmnt, gan_ai no longer surface as primary tools.Payment Processing category-deny unaffected.gemini, kieai continue to be filtered (control group still works).Will update Anthropic review thread once 1–3 verified.
What this test is NOT: local validation does not exercise the full Mercury → Thermos sync → Apollo filter → Dashboard MCP gateway flow. That requires staging/prod deploy + cache eviction. The argument for shipping anyway is that the same mechanism works correctly today for 9+ already-tagged toolkits (control group), and a misfire is over-blocking (recoverable via revert), not under-blocking (which is the actual policy risk).
Linear: DASH-792 Anthropic V1 review: critical issues 3 + 4 (issues 1+2 are POSTIZ_MCP, separate fix)
Made with Cursor
Conditionally block image generation and finance toolkits when the connected session name contains "Claude".