add-workspace: run trust validation when marker already exists

sharpninja · claude · sharpninja · commit c109af59b278 · 2026-04-13T15:55:30.000-05:00
When AGENTS-README-FIRST.yaml is already present, skip registration
and run signature + health nonce verification instead of just erroring.
Extracted ValidateMarkerTrustAsync helper so both the new-registration
and already-registered paths share the same trust check.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/McpServer.Director/Commands/DirectorCommands.cs b/src/McpServer.Director/Commands/DirectorCommands.cs
@@ -446,7 +446,8 @@ private static Command BuildAddWorkspaceCommand()
 
             if (File.Exists(markerPath))
             {
-                Error($"Workspace is already registered — {markerPath} exists.");
+                Info($"Workspace already registered — validating trust for {markerPath}...");
+                await ValidateMarkerTrustAsync(workspacePath, markerPath).ConfigureAwait(true);
                 return;
             }
 
@@ -542,54 +543,8 @@ private static Command BuildAddWorkspaceCommand()
                 return;
             }
 
-            // Step 4: Read the marker and verify trust
-            var markerClient = McpHttpClient.FromMarkerOnly(workspacePath);
-            if (markerClient is null)
-            {
-                Error("Marker file was created but could not be parsed.");
-                return;
-            }
-
-            // Step 5: Verify HMAC-SHA256 signature
-            var lines = File.ReadAllLines(markerPath);
-            var markerFields = ParseMarkerFields(lines);
-            if (!VerifyMarkerSignature(markerFields, out var sigError))
-            {
-                Error($"Marker signature INVALID: {sigError}");
-                markerClient.Dispose();
-                return;
-            }
-
-            Success("Marker signature verified.");
-
-            // Step 6: Health nonce echo verification
-            var nonce = Guid.NewGuid().ToString("N");
-            try
-            {
-                var healthResult = await markerClient.GetAsync<JsonElement>(
-                    $"/health?nonce={Uri.EscapeDataString(nonce)}").ConfigureAwait(true);
-                var echoedNonce = healthResult.TryGetProperty("nonce", out var nonceProp)
-                    ? nonceProp.GetString() : null;
-                if (!string.Equals(echoedNonce, nonce, StringComparison.Ordinal))
-                {
-                    Error($"Health nonce mismatch: sent '{nonce}', got '{echoedNonce}'.");
-                    markerClient.Dispose();
-                    return;
-                }
-
-                Success("Health nonce verified.");
-            }
-            catch (Exception ex)
-            {
-                Error($"Health check failed: {ex.Message}");
-                markerClient.Dispose();
-                return;
-            }
-
-            markerClient.Dispose();
-            Success($"Workspace added and trusted: {workspacePath}");
-            Info($"Marker: {markerPath}");
-            Info($"API key: {markerClient.ApiKey[..Math.Min(8, markerClient.ApiKey.Length)]}...");
+            // Step 4: Validate trust on the new marker
+            await ValidateMarkerTrustAsync(workspacePath, markerPath).ConfigureAwait(true);
         }, s_workspaceOption, nameOption, serverOption);
 
         return cmd;
@@ -640,6 +595,61 @@ private static async Task<bool> WaitForFileAsync(string filePath, TimeSpan timeo
         }
     }
 
+    /// <summary>
+    /// Reads the marker file, verifies its HMAC-SHA256 signature, and performs
+    /// a health nonce echo check. Prints success/error via <see cref="CommandHelpers"/>.
+    /// </summary>
+    private static async Task ValidateMarkerTrustAsync(string workspacePath, string markerPath)
+    {
+        var markerClient = McpHttpClient.FromMarkerOnly(workspacePath);
+        if (markerClient is null)
+        {
+            Error("Marker file could not be parsed.");
+            return;
+        }
+
+        // Signature verification
+        var lines = File.ReadAllLines(markerPath);
+        var markerFields = ParseMarkerFields(lines);
+        if (!VerifyMarkerSignature(markerFields, out var sigError))
+        {
+            Error($"Marker signature INVALID: {sigError}");
+            markerClient.Dispose();
+            return;
+        }
+
+        Success("Marker signature verified.");
+
+        // Health nonce echo verification
+        var nonce = Guid.NewGuid().ToString("N");
+        try
+        {
+            var healthResult = await markerClient.GetAsync<JsonElement>(
+                $"/health?nonce={Uri.EscapeDataString(nonce)}").ConfigureAwait(true);
+            var echoedNonce = healthResult.TryGetProperty("nonce", out var nonceProp)
+                ? nonceProp.GetString() : null;
+            if (!string.Equals(echoedNonce, nonce, StringComparison.Ordinal))
+            {
+                Error($"Health nonce mismatch: sent '{nonce}', got '{echoedNonce}'.");
+                markerClient.Dispose();
+                return;
+            }
+
+            Success("Health nonce verified.");
+        }
+        catch (Exception ex)
+        {
+            Error($"Health check failed: {ex.Message}");
+            markerClient.Dispose();
+            return;
+        }
+
+        Success($"Workspace trusted: {workspacePath}");
+        Info($"Marker: {markerPath}");
+        Info($"API key: {markerClient.ApiKey[..Math.Min(8, markerClient.ApiKey.Length)]}...");
+        markerClient.Dispose();
+    }
+
     /// <summary>
     /// Parses the flat and dotted fields from the marker YAML for signature verification.
     /// Returns a dictionary mapping dotted keys (e.g. "endpoints.health") to their string values.
