src/runtime/server.rs:407 dispatches every cancel envelope to handle_cancel without passing the authenticated session, and src/runtime/server.rs:925 then calls jobs.cancel(&job_id) solely by parsed job id. The global JobRegistry already stores the owning session_id, and job.subscribe has same-session or same-principal authorization at src/runtime/server.rs:1118, but cancel does not perform an equivalent check. A client that learns another session's job id can therefore cancel that job even though src/messages/subscriptions.rs documents that a job subscription does not grant cancel authority and the README describes subscribers as read-only.
Fix prompt: Update cancel handling so MessageType::Cancel passes the current SessionState into handle_cancel, look up the target job with a snapshot or an ownership-aware registry method, and return cancel.refused with a permission-denied reason unless the requester owns the job session or satisfies an explicit same-principal policy. Preserve cancellation for the owning session, keep malformed and unknown job id behavior, and add an integration test with two authenticated sessions where one session can observe or know the other job id but cannot cancel it.
src/runtime/server.rs:407dispatches everycancelenvelope tohandle_cancelwithout passing the authenticated session, andsrc/runtime/server.rs:925then callsjobs.cancel(&job_id)solely by parsed job id. The globalJobRegistryalready stores the owningsession_id, andjob.subscribehas same-session or same-principal authorization atsrc/runtime/server.rs:1118, but cancel does not perform an equivalent check. A client that learns another session's job id can therefore cancel that job even thoughsrc/messages/subscriptions.rsdocuments that a job subscription does not grant cancel authority and the README describes subscribers as read-only.Fix prompt: Update cancel handling so
MessageType::Cancelpasses the currentSessionStateintohandle_cancel, look up the target job with a snapshot or an ownership-aware registry method, and returncancel.refusedwith a permission-denied reason unless the requester owns the job session or satisfies an explicit same-principal policy. Preserve cancellation for the owning session, keep malformed and unknown job id behavior, and add an integration test with two authenticated sessions where one session can observe or know the other job id but cannot cancel it.