@veedubin/boomerang-v3 0.4.2 → 0.5.0

package/.opencode/agents/boomerang-agent-builder.md

@@ -16,13 +16,12 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_search_project": allow
+    "memini-ai-dev_query_kg": allow
+    "memini-ai-dev_extract_entities": allow
+    "skill": allow
   edit: allow
   bash:
     "basename *": allow

package/.opencode/agents/boomerang-architect.md

@@ -16,13 +16,29 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    # Full memory suite
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_get_status": allow
+    "memini-ai-dev_adjust_trust": allow
+    "memini-ai-dev_get_trust_score": allow
+    # Full KG suite (research authority)
+    "memini-ai-dev_query_kg": allow
+    "memini-ai-dev_extract_entities": allow
+    "memini-ai-dev_get_entity_graph": allow
+    "memini-ai-dev_get_inference_chain": allow
+    "memini-ai-dev_search_entities": allow
+    "memini-ai-dev_create_relationship": allow
+    "memini-ai-dev_get_relationship_summary": allow
+    # Thought chains
+    "memini-ai-dev_add_thought": allow
+    "memini-ai-dev_start_thought_chain": allow
+    # Project search
+    "memini-ai-dev_search_project": allow
+    "memini-ai-dev_index_project": allow
+    "memini-ai-dev_get_file_contents": allow
+    # Markitdown for doc review
+    "markitdown_convert_to_markdown": allow
   edit: allow
   bash:
     "basename *": allow

package/.opencode/agents/boomerang-coder.md

@@ -16,13 +16,14 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_get_status": allow
+    "memini-ai-dev_adjust_trust": allow
+    "memini-ai-dev_get_trust_score": allow
+    "memini-ai-dev_add_thought": allow
+    "memini-ai-dev_start_thought_chain": allow
+    "memini-ai-dev_search_project": allow
   edit: allow
   bash:
     "basename *": allow

package/.opencode/agents/boomerang-explorer.md

@@ -16,13 +16,9 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_search_project": allow
+    "memini-ai-dev_index_project": allow
+    "memini-ai-dev_get_file_contents": allow
   edit: deny
   bash:
     "ls *": allow

package/.opencode/agents/boomerang-git.md

@@ -16,13 +16,16 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    # GH MCP for remote operations
+    "github-mcp_create_branch": allow
+    "github-mcp_create_or_update_file": allow
+    "github-mcp_push_files": allow
+    "github-mcp_get_file_contents": allow
+    "github-mcp_create_pull_request": allow
+    "github-mcp_create_issue": allow
+    "github-mcp_update_issue": allow
   edit: deny
   bash:
     "git *": allow

package/.opencode/agents/boomerang-handoff.md

@@ -16,13 +16,12 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_get_tier0_summary": allow
+    "memini-ai-dev_get_tier1_summary": allow
+    "memini-ai-dev_adjust_trust": allow
+    "memini-ai-dev_get_trust_score": allow
   edit: allow
   bash:
     "basename *": allow

package/.opencode/agents/boomerang-init.md

@@ -16,13 +16,11 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_get_tier0_summary": allow
+    "memini-ai-dev_get_tier1_summary": allow
+    "memini-ai-dev_list_peers": allow
+    "memini-ai-dev_get_user_profile": allow
   edit: allow
   bash:
     "basename *": allow

package/.opencode/agents/boomerang-linter.md

@@ -16,13 +16,8 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
   edit: allow
   bash:
     "basename *": allow

package/.opencode/agents/boomerang-release.md

@@ -16,13 +16,10 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_adjust_trust": allow
+    "memini-ai-dev_get_trust_score": allow
   edit: allow
   bash:
     "basename *": allow
@@ -43,6 +40,35 @@ You are the **Boomerang Release** - release automation specialist.
 3. **Git tags** - Create and push tags
 4. **Publish** - npm publish, uv pip install
 
+## MANDATORY: Version Bump Checklist (NEVER SKIP)
+
+For EVERY release, you MUST verify ALL of these files have been updated. Use `grep` to find remaining old versions:
+
+**Boomerang-v3 Files:**
+- [ ] `package.json` — `"version": "X.Y.Z"`
+- [ ] `README.md` — Badge URL + release notes + `npx @veedubin/boomerang-v3` references
+- [ ] `AGENTS.md` — Add release note entry in `## Review Notes`
+- [ ] `TASKS.md` — Add entry in completed task table + update "Latest release" quick refs
+- [ ] `CONTEXT.md` — Update version in status table and `Last Updated` header
+- [ ] `scripts/install-boomerang.js` — Any version constants
+- [ ] `.opencode/opencode.json` — Any plugin version references
+
+**memini-ai-dev Files:**
+- [ ] `pyproject.toml` — `[project] version = "X.Y.Z"`
+- [ ] `README.md` — Version badge + release notes
+- [ ] `AGENTS.md` (if exists) — Release note entry
+
+**Root Monorepo Files (if changed):**
+- [ ] `AGENTS.md` (root) — Match boomerang-v3/AGENTS.md
+- [ ] `TASKS.md` (root) — Match boomerang-v3/TASKS.md
+- [ ] `CONTEXT.md` (root) — Match boomerang-v3/CONTEXT.md
+
+**Verification Command (ALWAYS RUN):**
+```bash
+grep -rn "v0.OLD.X" . --include="*.json" --include="*.md" | grep -v node_modules | grep -v package-lock | grep -v "History"
+```
+↑ Replace `0.OLD.X` with the PREVIOUS version. If any non-historical reference remains, fix it before committing.
+
 ## Release Process
 
 ### Python (memini-ai-dev)

package/.opencode/agents/boomerang-tester.md

@@ -16,13 +16,11 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_adjust_trust": allow
+    "memini-ai-dev_get_trust_score": allow
+    "memini-ai-dev_search_project": allow
   edit: allow
   bash:
     "basename *": allow

package/.opencode/agents/boomerang-writer.md

@@ -16,13 +16,9 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_get_tier0_summary": allow
   edit: allow
   bash:
     "ls *": allow

package/.opencode/agents/boomerang.md

@@ -16,13 +16,19 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    # Core memory operations
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_get_status": allow
+    "memini-ai-dev_adjust_trust": allow
+    "memini-ai-dev_get_trust_score": allow
+    "memini-ai-dev_list_peers": allow
+    # Thought chains for planning
+    "memini-ai-dev_add_thought": allow
+    "memini-ai-dev_start_thought_chain": allow
+    "memini-ai-dev_get_thought_chain": allow
+    "memini-ai-dev_pause_thought_chain": allow
+    "memini-ai-dev_resume_thought_chain": allow
   edit: allow
   bash:
     "*": ask

package/.opencode/agents/mcp-specialist.md

@@ -16,13 +16,10 @@ permission:
   question: allow
   doom_loop: allow
   tool:
-    "memini-ai-dev_*": allow
-    "searxng_*": allow
-    "markitdown_*": allow
-    "github-mcp_*": allow
-    "playwright_*": allow
-    "webfetch": allow
-    "websearch": allow
+    "memini-ai-dev_query_memories": allow
+    "memini-ai-dev_add_memory": allow
+    "memini-ai-dev_query_kg": allow
+    "memini-ai-dev_extract_entities": allow
   edit: allow
   bash:
     "ls *": allow

package/AGENTS.md

@@ -385,6 +385,9 @@ IDLE → MEMORY_QUERY → SEQUENTIAL_THINK → PLAN → DELEGATE → GIT_CHECK
 
 ## Review Notes
 
+- **2026-05-21**: **boomerang-v3 v0.5.0 RELEASED** — Agent permission overhaul v0.5.0: replaced wildcard tool patterns with explicit allow-lists per agent role. Security improvements: boomerang-release local-only, boomerang-git gets remote GitHub MCP. ~57-73% token reduction per request.
+- **2026-05-20**: **boomerang-v3 v0.4.3 RELEASED** — Fixed critical env var mismatch for thought chains: `MEMINI_THOUGHT_CHAINS_ENABLED` → `THOUGHT_CHAINS`. The memini-ai server uses `alias="THOUGHT_CHAINS"` (not `MEMINI_THOUGHT_CHAINS_ENABLED`). Requires OpenCode restart to load the corrected config.
+- **2026-05-20**: **boomerang-v3 v0.4.2 RELEASED** — Removed deprecated `sequential-thinking` references from README, skills, and orchestrator SKILL.md. Added `MEMINI_THOUGHT_CHAINS_ENABLED: "true"` to root `opencode.json` (later corrected to `THOUGHT_CHAINS`).
 - **2026-05-19**: **boomerang-v3 v0.4.1 RELEASED** — Documentation refreshed, stale version references updated across monorepo. package.json bumped from v0.4.0 → v0.4.1.
 - **2026-05-19**: **boomerang-v3 v0.4.0 RELEASED** — Lint fixes (13 ESLint errors), context buffer added, telemetry client added. 127/127 tests passing, 0 lint errors. Git tag `v0.4.0` pushed. npm publish failed: invalid/missing `NPM_PUBLISH_TOKEN` in GitHub Actions secrets.
 - **2026-05-19**: **boomerang-v3 v0.3.2 UPDATED** — Agent bash permissions expanded: `basename`, `diff`, `cp`, `which` added. Orchestrator clarified: CAN edit docs, delegates code. Parallel execution guidance added. All 30 agent files synced between `.opencode/agents/` and `boomerang-v3/.opencode/agents/`.

package/README.md

@@ -3,7 +3,7 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
 [![OpenCode Plugin](https://img.shields.io/badge/OpenCode-Plugin-ff6b35?style=flat-square)](https://opencode.ai)
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.0-blue?style=flat-square)](https://www.typescriptlang.org/)
-[![v0.4.1](https://img.shields.io/badge/v0.4.1-memini--ai-2ecc71?style=flat-square)](https://github.com/Veedubin/Boomerang-v3/releases/tag/v0.4.1)
+[![v0.5.0](https://img.shields.io/badge/v0.5.0-memini--ai-2ecc71?style=flat-square)](https://github.com/Veedubin/Boomerang-v3/releases/tag/v0.5.0)
 
 *Intelligent multi-agent coordination for OpenCode with memini-ai memory.*
 
@@ -31,7 +31,9 @@
 - **Tiered loading (L0/L1/L2)** — Efficient context abstraction
 - **Contradiction detection** — Find and resolve conflicting memories
 - **Knowledge graph integration** — Entity extraction and inference
-- **Python-based memini-ai** — Modern memory server with FastMCP
+- **Thought Chains** — Structured reasoning traces for complex problem solving
+- **Multi-Peer & Dialectic Memory** — Collaborative memory sharing and dialectic resolution
+- **Python-based memini-ai** — Modern memory server with FastMCP ([PyPI](https://pypi.org/project/memini-ai-dev/))
 
 ---
 
@@ -47,7 +49,7 @@ memini-ai includes a live D3.js visualization for the knowledge graph:
 
 ```bash
 cd memini-ai-dev
-export MEMINI_DB_URL="postgresql://postgres:password@localhost:5432/postgres"
+export MEMINI_DB_URL="postgresql://user:password@localhost:5432/postgres"  # Set your actual DB URL
 uvx --from memini-ai-dev memini-ai --server --port 8000
 ```
 
@@ -63,7 +65,7 @@ npm install @veedubin/boomerang-v3
 
 ### Configuration
 
-Add to your `.opencode/opencode.json`:
+Add to your `.opencode/opencode.json`. If using **Ollama Cloud**, ensure your provider is configured with `baseURL: "https://ollama.com/v1"`.
 
 ```json
 {
@@ -73,7 +75,7 @@ Add to your `.opencode/opencode.json`:
       "type": "local",
       "command": ["uvx", "--from", "memini-ai-dev", "memini-ai", "--stdio"],
       "environment": {
-        "MEMINI_DB_URL": "postgresql://postgres:password@localhost:5434/postgres",
+        "MEMINI_DB_URL": "{env:MEMINI_DB_URL}",
         "MEMINI_EMBEDDING_DIM": "384",
         "MEMINI_TRUST_ENGINE": "true",
         "MEMINI_MEMORY_GRAPH": "true",
@@ -85,7 +87,7 @@ Add to your `.opencode/opencode.json`:
         "MEMINI_DECAY_ENABLED": "true",
         "MEMINI_MULTI_PEER_ENABLED": "true",
         "MEMINI_DIALECTIC_ENABLED": "true",
-        "MEMINI_THOUGHT_CHAINS_ENABLED": "true"
+        "THOUGHT_CHAINS": "true"
       },
       "timeout": 60000,
       "enabled": true
@@ -98,7 +100,7 @@ Add to your `.opencode/opencode.json`:
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `MEMINI_DB_URL` | PostgreSQL connection URL | `postgresql://postgres:password@localhost:5432/postgres` |
+| `MEMINI_DB_URL` | PostgreSQL connection URL | Set via `.env` (see `.env.example`) |
 | `MEMINI_PROJECT_ID` | Project namespace | auto-generated |
 | `MEMINI_EMBEDDING_DIM` | 1024 or 384 | 1024 |
 | `MEMINI_DEVICE` | auto, gpu, cpu | auto |
@@ -115,7 +117,7 @@ Add to your `.opencode/opencode.json`:
 ```bash
 docker run -d --name postgres-test \
   -e POSTGRES_PASSWORD=password \
-  -p 5432:5432 \
+  -p 5434:5432 \
   timescale/timescaledb:latest-pg15
 ```
 
@@ -123,7 +125,7 @@ docker run -d --name postgres-test \
 
 ```bash
 cd memini-ai-dev
-export MEMINI_DB_URL="postgresql://postgres:password@localhost:5432/postgres"
+export MEMINI_DB_URL="postgresql://user:password@localhost:5434/postgres"  # Set your actual DB URL
 uvx --from memini-ai-dev memini-ai --stdio
 ```
 
@@ -291,11 +293,10 @@ boomerang-v3/
 
 ## Release History
 
+- **v0.5.0** — Agent permission overhaul: replaced wildcard tool patterns with explicit allow-lists per agent role. Security fix: boomerang-release no longer has GitHub MCP access (local-only). boomerang-git now has explicit GitHub MCP tools for remote operations. ~57-73% reduction in tool description tokens per request.
+- **v0.4.3** — Fixed critical env var mismatch for thought chains: `MEMINI_THOUGHT_CHAINS_ENABLED` → `THOUGHT_CHAINS`
+- **v0.4.2** — Removed deprecated `sequential-thinking` references, cleaned up orchestrator SKILL.md
 - **v0.4.1** — Documentation refresh, stale version references corrected across monorepo
-- **v3.0.0** — memini-ai integration: Trust engine, knowledge graph, tiered loading, PostgreSQL/pgvector
-- **v4.0.0** (boomerang-v2) — Orchestrator as pure decision layer, OpenCode handles execution
-- **v3.0.0** (boomerang-v2) — LanceDB → Qdrant migration
-- **v2.0.0** (boomerang-v2) — First stable with built-in memory
 
 ---
 

package/dist/memini-client/index.js

@@ -10,6 +10,97 @@
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
 // ============================================================================
+// Security: Environment Variable Allowlist
+// ============================================================================
+// Only pass explicitly whitelisted environment variables to the child Python
+// process. This prevents leaking secrets like GITHUB_PERSONAL_ACCESS_TOKEN,
+// OLLAMA_API_KEY, or any other sensitive env vars from the OpenCode parent
+// process. See SECURITY.md H4 for rationale.
+//
+// The memini-ai-dev Python server uses pydantic-settings with env_prefix="MEMINI_"
+// and explicit aliases for some vars. Only vars that the child process actually
+// needs are included here.
+// ============================================================================
+const ALLOWED_ENV_VARS = [
+    // Python runtime
+    'PYTHONUNBUFFERED', // Always set to '1' for unbuffered output
+    'PATH', // Required for Python to find executables
+    'HOME', // Required for Python to find user home (pip cache, etc.)
+    'LANG', // Locale setting for Python
+    'LC_ALL', // Locale override for Python
+    'PYTHONPATH', // Python module search path (if set)
+    'VIRTUAL_ENV', // Virtual environment path (if running in venv)
+    // memini-ai-dev database connection
+    'MEMINI_DB_URL', // PostgreSQL connection string (primary config)
+    'DB_SSLMODE', // PostgreSQL SSL mode (alias, no MEMINI_ prefix)
+    'DB_SSLROOTCERT', // Path to SSL root certificate (alias)
+    // memini-ai-dev feature gates (pydantic-settings aliases)
+    'THOUGHT_CHAINS', // Enable persistent thought chains
+    'TRUST_ENGINE', // Enable trust scoring
+    'MEMORY_GRAPH', // Enable memory graph
+    'AUTO_EXTRACT', // Enable auto-extraction
+    'AUTO_EXTRACT_TURNS', // Turns between auto-extractions
+    'TIERED_LOADING', // Enable tiered loading
+    'TIER0_MAX_TOKENS', // Tier 0 max tokens
+    'TIER1_MAX_TOKENS', // Tier 1 max tokens
+    'KG_ENABLED', // Enable knowledge graph
+    'MULTI_PEER_ENABLED', // Enable multi-peer
+    'MULTI_PEER_GUEST_SHARING', // Allow guest sharing
+    'DIALECTIC_ENABLED', // Enable dialectic reasoning
+    'DECAY_ENABLED', // Enable memory decay
+    'USER_MODELING', // Enable user modeling
+    // memini-ai-dev MEMINI_-prefixed config (pydantic env_prefix)
+    'MEMINI_PRECISION', // Model precision (fp16, fp32)
+    'MEMINI_DEVICE', // Device override (cpu, cuda, etc.)
+    'MEMINI_USE_GPU', // Use GPU flag
+    'MEMINI_EMBEDDING_DIM', // Embedding dimension (384 or 1024)
+    'MEMINI_BATCH_SIZE', // Batch size for embedding
+    'MEMINI_TABLE_NAME', // Database table name
+    'MEMINI_PROJECT_ID', // Project ID
+    'MEMINI_LOG_LEVEL', // Logging level
+    'MEMINI_CHUNK_SIZE', // Indexer chunk size
+    'MEMINI_CHUNK_OVERLAP', // Indexer chunk overlap
+    'MEMINI_DB_POOL_SIZE', // DB pool size
+    'MEMINI_DB_MIN_SIZE', // DB min pool size
+    'MEMINI_DB_MAX_SIZE', // DB max pool size
+    'MEMINI_TRUST_THRESHOLD_ARCHIVE', // Trust archive threshold
+    'MEMINI_TRUST_THRESHOLD_PROMOTE', // Trust promote threshold
+    'MEMINI_TRUST_DELTA_USE', // Trust delta on use
+    'MEMINI_TRUST_DELTA_IGNORED', // Trust delta on ignore
+    'MEMINI_TRUST_DELTA_CORRECT', // Trust delta on correction
+    'MEMINI_TRUST_DELTA_CONFIRM', // Trust delta on confirmation
+    'MEMINI_WORKERS', // Worker count
+    'MEMINI_LLM_URL', // LLM URL (alias: LLM_URL)
+    // LLM configuration (aliases without MEMINI_ prefix)
+    'LLM_URL', // LLM URL for dialectic reasoning
+    'LLM_MODEL', // LLM model for dialectic reasoning
+    // HuggingFace / sentence-transformers cache
+    'SENTENCE_TRANSFORMERS_CACHE', // Model cache directory
+    'TRANSFORMERS_CACHE', // HuggingFace transformers cache
+    'HF_HOME', // HuggingFace home directory
+];
+/**
+ * Build a minimal environment object for the child Python process.
+ * Only includes whitelisted variables that exist in process.env.
+ * This prevents leaking secrets like GITHUB_PERSONAL_ACCESS_TOKEN or
+ * OLLAMA_API_KEY to child processes.
+ */
+function buildChildEnv() {
+    const env = {
+        PYTHONUNBUFFERED: '1', // Always required for unbuffered Python output
+    };
+    for (const key of ALLOWED_ENV_VARS) {
+        // Skip PYTHONUNBUFFERED since we always set it above
+        if (key === 'PYTHONUNBUFFERED')
+            continue;
+        const value = process.env[key];
+        if (value !== undefined && value !== '') {
+            env[key] = value;
+        }
+    }
+    return env;
+}
+// ============================================================================
 // MeminiClient - Persistent MCP stdio Client
 // ============================================================================
 /**
@@ -76,10 +167,11 @@ export class MeminiClient {
         }
         try {
             // Create stdio transport - SDK handles process spawning
+            // Security: Only pass whitelisted env vars (see ALLOWED_ENV_VARS above)
             this._transport = new StdioClientTransport({
                 command: 'python',
                 args: ['-m', 'memini_ai.server'],
-                env: { ...process.env, PYTHONUNBUFFERED: '1' },
+                env: buildChildEnv(),
             });
             // Create MCP client
             this._mcpClient = new Client({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@veedubin/boomerang-v3",
-  "version": "0.4.2",
+  "version": "0.5.0",
   "description": "Multi-agent orchestration plugin for OpenCode with memini-ai memory",
   "type": "module",
   "main": "dist/index.js",

package/scripts/install-boomerang.js

@@ -77,7 +77,7 @@ const MCP_TEMPLATES = {
     type: 'local',
     command: ['uvx', '--from', 'memini-ai-dev', 'memini-ai', '--stdio'],
     environment: {
-      MEMINI_DB_URL: 'postgresql://postgres:password@localhost:5434/postgres',
+      MEMINI_DB_URL: process.env.MEMINI_DB_URL || 'postgresql://user:password@localhost:5434/postgres',
       MEMINI_EMBEDDING_DIM: '384',
       MEMINI_TRUST_ENGINE: 'true',
       MEMINI_MEMORY_GRAPH: 'true',
@@ -97,7 +97,7 @@ const MCP_TEMPLATES = {
     type: 'local',
     command: ['uv', 'run', '--project', './boomerang-queue', 'python', '-m', 'boomerang_queue', '--stdio'],
     environment: {
-      MEMINI_DB_URL: 'postgresql://postgres:password@localhost:5434/postgres',
+      MEMINI_DB_URL: process.env.MEMINI_DB_URL || 'postgresql://user:password@localhost:5434/postgres',
       BOOMERANG_TENANT_ID: 'default',
     },
     timeout: 60000,