Heimdall MCP 1.5.0 Adds Resource Locks to Stop Silent Overwrites
Heimdall MCP 1.5.0 adds resource locks across MCP tools and native editor actions, closing a race condition where concurrent agents overwrite each other silently.
Heimdall MCP's 1.5.0 release targets a race condition its earlier tool-name and argument-level policies couldn't catch: two agent sessions writing to the same file or calling the same database tool within milliseconds of each other, with the second write silently winning and the first agent's work vanishing unnoticed.
The fix is resource locking, enforced at two levels. MCP tool calls routed through Heimdall's proxy can now carry a locks block per tool, where each LockRule names the argument that becomes the lock key, sets a TTL as a backstop against crashed holders, and chooses whether a conflict is rejected outright or just logged as a warning. A second layer covers host-native editing tools — Claude Code's Write, Edit, MultiEdit, and NotebookEdit — which never pass through any MCP proxy and previously sat outside any policy's reach entirely.
Claude Code enforcement runs through a genuine PreToolUse hook that reloads config fresh on every call, checks the same SQLite lock store the proxy uses, and fails open on internal errors so a hook bug can never brick a session. OpenCode support ships as an in-process plugin loaded once at startup, but it's explicitly flagged experimental — its lock-denial and hook-registration logic haven't yet been confirmed against a live running OpenCode process. Bash is deliberately left unlocked, since a shell command has no single stable resource to key a lock on.