Restrict get_canvas AI tool to Rill user agents (#9256)

begelundmuller · begelundmuller · commit 3a43c24ba561 · 2026-04-17T16:43:41.000+02:00
* Restrict get_canvas AI tool to Rill user agents with AI access

* Fix test
diff --git a/runtime/ai/canvas_get.go b/runtime/ai/canvas_get.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	"github.com/modelcontextprotocol/go-sdk/mcp"
 	"github.com/rilldata/rill/runtime"
@@ -48,8 +49,18 @@ func (t *GetCanvas) Spec() *mcp.Tool {
 }
 
 func (t *GetCanvas) CheckAccess(ctx context.Context) (bool, error) {
+	// Must be allowed to use AI and query objects
 	s := GetSession(ctx)
-	return s.Claims().Can(runtime.ReadObjects), nil
+	if !s.Claims().Can(runtime.UseAI) || !s.Claims().Can(runtime.ReadObjects) {
+		return false, nil
+	}
+
+	// Only allow for rill user agents since it's not useful in MCP contexts.
+	if !strings.HasPrefix(s.CatalogSession().UserAgent, "rill") {
+		return false, nil
+	}
+
+	return true, nil
 }
 
 func (t *GetCanvas) Handler(ctx context.Context, args *GetCanvasArgs) (*GetCanvasResult, error) {
diff --git a/runtime/server/mcp_test.go b/runtime/server/mcp_test.go
@@ -71,7 +71,6 @@ explore:
 	expectedTools := []string{
 		ai.ListMetricsViewsName,
 		ai.GetMetricsViewName,
-		ai.GetCanvasName,
 		ai.QueryMetricsViewName,
 		ai.QueryMetricsViewSummaryName,
 		ai.ProjectStatusName,
