cat1: live probes — protocol/curation PASS, per-user list gateway-wide (finding), ungranted rejected

categories/cat1-functional/NOTES.md

@@ -0,0 +1,18 @@
+# Lane notes — Category 1 (Functional MCP Gateway Capability)
+
+- **Owner:** ztaylor
+- **Last live-state check:** 2026-06-18 (dashboard 200; gateway `zeb-gateway-test` live)
+- **Fixtures used:** gateway `zeb-gateway-test` (7 main-catalog tools, Arcade-Headers auth); users A/B from `config/targets.yaml`. Raw evidence in `tests/probes.md`.
+
+## Log
+- 2026-06-18 — lib client connects live; protocol/curation/per-user-visibility/ungranted probes done.
+  - PASS: protocol compliance (connect/list/invoke/structured error), tool curation (7 listed == 7 selected).
+  - FINDING: per-user tool *list* scoping not differentiated via Arcade-Headers on one gateway (A==B). Needs cat-3 Contextual Access or separate gateways / User Source.
+  - Q5: ungranted tool → `McpError: tool not enabled for this gateway`.
+
+## Remaining for cat-1 scoring
+- [ ] 2.2 — connect a **second real MCP client (Claude Code)** to the gateway (no-adapter evidence).
+- [ ] 2.5 — **dynamic registration**: add/remove a tool on the gateway (dashboard or API), re-list, confirm no restart. (needs a gateway edit)
+- [ ] 2.7 — **mixed prebuilt + custom**: compose a gateway with a `main` tool + a `lib/mcp_server` tool. (needs reference server → `arcade login`/`arcade deploy`)
+- [ ] 2.4 — **`whoami` execution proof** that calls run as the calling user. (needs reference server)
+- [ ] 2.8 — finalize scores once the above land.