hero_auth: users_delete MCP tool does not actually delete users #40

New issue

Closed

opened 2026-03-18 20:11:54 +00:00 by mik-tf · 1 comment

mik-tf commented

2026-03-18 20:11:54 +00:00

Owner

Bug

The users_delete MCP tool on hero_auth returns an empty JSON-RPC result {} but does not actually remove the user from the database.

Steps to reproduce

Create a user via MCP: tools/call with users_add (name: "crudtest", scope: "read")
Verify user exists: tools/call with users_list → shows 2 users
Delete user: tools/call with users_delete (name: "crudtest") → returns {}
List users again: tools/call with users_list → still shows 2 users

Expected

After users_delete, the user should be removed and users_list should show one fewer user.

Verified on

herodev.gent04.grid.tf — tested via direct curl to hero_auth_ui.sock MCP endpoint.

Notes

The MCP transport is working correctly (request reaches backend, response returns). This is a hero_auth service-level bug in the delete handler.

## Bug The `users_delete` MCP tool on hero_auth returns an empty JSON-RPC result `{}` but does not actually remove the user from the database. ## Steps to reproduce 1. Create a user via MCP: `tools/call` with `users_add` (name: "crudtest", scope: "read") 2. Verify user exists: `tools/call` with `users_list` → shows 2 users 3. Delete user: `tools/call` with `users_delete` (name: "crudtest") → returns `{}` 4. List users again: `tools/call` with `users_list` → still shows 2 users ## Expected After `users_delete`, the user should be removed and `users_list` should show one fewer user. ## Verified on herodev.gent04.grid.tf — tested via direct curl to `hero_auth_ui.sock` MCP endpoint. ## Notes The MCP transport is working correctly (request reaches backend, response returns). This is a hero_auth service-level bug in the delete handler.

mik-tf referenced this issue

2026-03-18 20:13:08 +00:00

Bring all Hero services to 4-pillar standard (OpenRPC + MCP + Health + Socket) #34

~~mik-tf referenced this issue 2026-03-18 20:13:52 +00:00~~

Hero OS — Master Roadmap #38

mik-tf commented

2026-03-18 22:02:58 +00:00

Author

Owner

Fixed and verified on herodev (2026-03-18)

Root cause: The users_delete MCP/RPC tool required client_id (UUID) but callers naturally passed name. Since args.get("client_id") returned None, it returned an error instead of deleting.

Fix: Both MCP and RPC handlers now accept name OR client_id for user lookup. Updated OpenRPC spec and inline docs.

Verification (CRUD round-trip on herodev):

users_list → 0 users
users_add(name: deltest) → created with UUID
users_delete(name: deltest) → {"deleted": "deltest"} ✅
users_list → 0 users (confirmed deletion) ✅

Commit (on development):

hero_auth 5dd8373 — fix: users_delete now accepts name or client_id

Deployed to herodev.

**Fixed and verified on herodev (2026-03-18)** **Root cause:** The `users_delete` MCP/RPC tool required `client_id` (UUID) but callers naturally passed `name`. Since `args.get("client_id")` returned None, it returned an error instead of deleting. **Fix:** Both MCP and RPC handlers now accept `name` OR `client_id` for user lookup. Updated OpenRPC spec and inline docs. **Verification (CRUD round-trip on herodev):** 1. `users_list` → 0 users 2. `users_add(name: deltest)` → created with UUID 3. `users_delete(name: deltest)` → `{"deleted": "deltest"}` ✅ 4. `users_list` → 0 users (confirmed deletion) ✅ **Commit (on `development`):** - hero_auth `5dd8373` — fix: users_delete now accepts name or client_id Deployed to herodev.

mik-tf closed this issue

2026-03-18 22:02:58 +00:00

~~mik-tf referenced this issue 2026-03-18 22:06:25 +00:00~~

Hero OS — Master Roadmap #38

~~mik-tf referenced this issue 2026-03-18 22:37:34 +00:00~~

Hero OS — Master Roadmap #38

~~mik-tf referenced this issue 2026-03-18 22:55:28 +00:00~~

Hero OS — Master Roadmap #38

~~mik-tf referenced this issue 2026-03-18 22:58:45 +00:00~~

Hero OS — Master Roadmap #38

~~mik-tf referenced this issue 2026-03-18 23:16:26 +00:00~~

Hero OS — Master Roadmap #38