getCommand(); if (!$command || !str_starts_with($command->getName() ?? '', 'mcp:')) { return; } $profileId = $_ENV['MCP_PROFILE_ID'] ?? ''; $password = $_ENV['MCP_PROFILE_PASSWORD'] ?? ''; if ('' === $profileId || '' === $password) { $this->logger->error('MCP stdio: missing MCP_PROFILE_ID or MCP_PROFILE_PASSWORD env vars'); $event->disableCommand(); $event->getOutput()->writeln('MCP auth: MCP_PROFILE_ID and MCP_PROFILE_PASSWORD env vars required'); return; } $profile = $this->profiles->find($profileId); if (!$profile || !$profile->isActive()) { $this->logger->error('MCP stdio: profile not found or inactive', ['profileId' => $profileId]); $event->disableCommand(); $event->getOutput()->writeln('MCP auth: invalid profile'); return; } if (!$this->passwordHasher->isPasswordValid($profile, $password)) { $this->logger->error('MCP stdio: invalid password', ['profileId' => $profileId]); $event->disableCommand(); $event->getOutput()->writeln('MCP auth: invalid password'); return; } $token = new UsernamePasswordToken($profile, 'mcp', $profile->getRoles()); $this->tokenStorage->setToken($token); $this->logger->info('MCP stdio auth success', [ 'profileId' => $profileId, 'roles' => $profile->getRoles(), ]); } }