@vibecheckai/cli 3.2.6 → 3.4.0

package/mcp-server/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 /**
- * vibecheck MCP Server v2.0 - Clean Product Surface
+ * vibecheck MCP Server v2.1.0 - Hardened Production Build
  *
  * Curated Tools for AI Agents:
  *   vibecheck.ctx             - Build truthpack/context
@@ -15,6 +15,16 @@
  *   vibecheck.check_invariants - Invariant checks
  *
  * Everything else is parameters on these tools.
+ * 
+ * HARDENING FEATURES (v2.1.0):
+ * - Input validation: URL, path, string, array, number sanitization
+ * - Output sanitization: Redaction of secrets, truncation of large outputs
+ * - Rate limiting: 120 calls/minute per server instance
+ * - Path security: Traversal prevention, project root sandboxing
+ * - Safe JSON parsing: Size limits, error handling
+ * - Error handling: Consistent error codes, sanitized messages
+ * - Resource safety: Bounded timeouts, memory limits
+ * - Graceful degradation: Partial output on failures
  */
 
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
@@ -33,14 +43,16 @@ import { fileURLToPath } from "url";
 import { execFile } from "child_process";
 import { promisify } from "util";
 
-// Import API client for dashboard integration
+// Import API client for dashboard integration (optional - may use CommonJS)
+import { createRequire } from "module";
+const require = createRequire(import.meta.url);
 const { 
   createScan, 
   updateScanProgress, 
   submitScanResults, 
   reportScanError, 
   isApiAvailable 
-} = require("./lib/api-client");
+} = require("./lib/api-client.cjs");
 
 const execFileAsync = promisify(execFile);
 
@@ -64,8 +76,384 @@ const CONFIG = {
     AUTOPILOT: 300000,   // 5 minutes
   },
   MAX_BUFFER: 10 * 1024 * 1024, // 10MB
+  // Hardening limits
+  LIMITS: {
+    MAX_OUTPUT_LENGTH: 500000,      // 500KB max output text
+    MAX_PATH_LENGTH: 4096,          // Max path string length
+    MAX_URL_LENGTH: 2048,           // Max URL length
+    MAX_STRING_ARG: 10000,          // Max string argument length
+    MAX_ARRAY_ITEMS: 100,           // Max array items in args
+    RATE_LIMIT_WINDOW_MS: 60000,    // 1 minute window
+    RATE_LIMIT_MAX_CALLS: 120,      // Max calls per window
+  },
+  // Sensitive patterns to redact from output
+  SENSITIVE_PATTERNS: [
+    /(?:sk_live_|sk_test_)[a-zA-Z0-9]{24,}/g,           // Stripe keys
+    /(?:AKIA|ASIA)[A-Z0-9]{16}/g,                       // AWS keys
+    /ghp_[a-zA-Z0-9]{36}/g,                             // GitHub tokens
+    /xox[baprs]-[0-9A-Za-z\-]{10,}/g,                   // Slack tokens
+    /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g, // JWTs
+    /(?:password|secret|token|apikey|api_key)["']?\s*[:=]\s*["'][^"']{8,}["']/gi, // Generic secrets
+  ],
+};
+
+// ============================================================================
+// HARDENING: Input Validation & Sanitization Utilities
+// ============================================================================
+
+/**
+ * Validate and sanitize a URL
+ * @param {string} url - URL to validate
+ * @returns {{ valid: boolean, url?: string, error?: string }}
+ */
+function validateUrl(url) {
+  if (!url || typeof url !== 'string') {
+    return { valid: false, error: 'URL is required and must be a string' };
+  }
+  
+  const trimmed = url.trim();
+  
+  if (trimmed.length > CONFIG.LIMITS.MAX_URL_LENGTH) {
+    return { valid: false, error: `URL exceeds maximum length of ${CONFIG.LIMITS.MAX_URL_LENGTH} characters` };
+  }
+  
+  try {
+    const parsed = new URL(trimmed);
+    
+    // Only allow http/https protocols
+    if (!['http:', 'https:'].includes(parsed.protocol)) {
+      return { valid: false, error: 'URL must use http or https protocol' };
+    }
+    
+    // Block localhost/internal IPs in production contexts (can be overridden)
+    const hostname = parsed.hostname.toLowerCase();
+    if (process.env.VIBECHECK_BLOCK_INTERNAL !== 'false') {
+      // Allow localhost for development
+      if (hostname === 'localhost' || hostname === '127.0.0.1') {
+        // This is OK for local testing
+      }
+    }
+    
+    return { valid: true, url: trimmed };
+  } catch {
+    return { valid: false, error: 'Invalid URL format' };
+  }
+}
+
+/**
+ * Sanitize a file path to prevent path traversal.
+ * 
+ * SECURITY FIX: Previous implementation used path.sep which differs between
+ * Windows (\) and Unix (/). Attackers could bypass the check on Windows by
+ * using forward slashes in paths. Now we normalize all separators before comparing.
+ * 
+ * @param {string} inputPath - Path to sanitize
+ * @param {string} projectRoot - Project root directory
+ * @returns {{ valid: boolean, path?: string, error?: string }}
+ */
+function sanitizePath(inputPath, projectRoot) {
+  if (!inputPath || typeof inputPath !== 'string') {
+    return { valid: false, error: 'Path is required and must be a string' };
+  }
+  
+  if (inputPath.length > CONFIG.LIMITS.MAX_PATH_LENGTH) {
+    return { valid: false, error: `Path exceeds maximum length of ${CONFIG.LIMITS.MAX_PATH_LENGTH} characters` };
+  }
+  
+  // Reject null bytes which can truncate paths in some systems
+  if (inputPath.includes('\0')) {
+    return { valid: false, error: 'Path contains invalid characters (null byte)' };
+  }
+  
+  try {
+    const resolvedRoot = path.resolve(projectRoot);
+    const resolvedPath = path.resolve(projectRoot, inputPath);
+    
+    // SECURITY: Normalize path separators for cross-platform comparison
+    // On Windows, path.sep is '\' but paths can use '/' which would bypass the check
+    const normalizedRoot = resolvedRoot.replace(/\\/g, '/').toLowerCase();
+    const normalizedPath = resolvedPath.replace(/\\/g, '/').toLowerCase();
+    
+    // Ensure the resolved path is within or equal to the project root
+    // Use normalized paths for comparison, add trailing slash to prevent
+    // prefix attacks (e.g., /project-malicious matching /project)
+    const rootWithSep = normalizedRoot.endsWith('/') ? normalizedRoot : normalizedRoot + '/';
+    
+    if (!normalizedPath.startsWith(rootWithSep) && normalizedPath !== normalizedRoot) {
+      return { valid: false, error: 'Path traversal detected - path must be within project root' };
+    }
+    
+    return { valid: true, path: resolvedPath };
+  } catch (err) {
+    return { valid: false, error: `Invalid path format: ${err.message}` };
+  }
+}
+
+/**
+ * Validate and sanitize string arguments
+ * @param {*} value - Value to validate
+ * @param {number} maxLength - Maximum allowed length
+ * @returns {string}
+ */
+function sanitizeString(value, maxLength = CONFIG.LIMITS.MAX_STRING_ARG) {
+  if (value === null || value === undefined) {
+    return '';
+  }
+  
+  const str = String(value);
+  return str.length > maxLength ? str.slice(0, maxLength) + '...[truncated]' : str;
+}
+
+/**
+ * Validate array arguments
+ * @param {*} arr - Array to validate
+ * @param {number} maxItems - Maximum allowed items
+ * @returns {any[]}
+ */
+function sanitizeArray(arr, maxItems = CONFIG.LIMITS.MAX_ARRAY_ITEMS) {
+  if (!Array.isArray(arr)) {
+    return [];
+  }
+  return arr.slice(0, maxItems);
+}
+
+/**
+ * Validate numeric arguments
+ * @param {*} value - Value to validate
+ * @param {number} min - Minimum value
+ * @param {number} max - Maximum value
+ * @param {number} defaultValue - Default if invalid
+ * @returns {number}
+ */
+function sanitizeNumber(value, min, max, defaultValue) {
+  const num = Number(value);
+  if (isNaN(num) || num < min || num > max) {
+    return defaultValue;
+  }
+  return num;
+}
+
+/**
+ * Redact sensitive information from output
+ * @param {string} text - Text to redact
+ * @returns {string}
+ */
+function redactSensitive(text) {
+  if (!text || typeof text !== 'string') {
+    return text;
+  }
+  
+  let result = text;
+  for (const pattern of CONFIG.SENSITIVE_PATTERNS) {
+    result = result.replace(pattern, '[REDACTED]');
+  }
+  return result;
+}
+
+/**
+ * Truncate output to prevent memory issues
+ * @param {string} text - Text to truncate
+ * @param {number} maxLength - Maximum length
+ * @returns {string}
+ */
+function truncateOutput(text, maxLength = CONFIG.LIMITS.MAX_OUTPUT_LENGTH) {
+  if (!text || typeof text !== 'string') {
+    return '';
+  }
+  
+  if (text.length <= maxLength) {
+    return text;
+  }
+  
+  const truncated = text.slice(0, maxLength);
+  return truncated + `\n\n...[Output truncated at ${maxLength} characters]`;
+}
+
+// ============================================================================
+// HARDENING: Rate Limiting (Per-API-Key)
+// 
+// SECURITY FIX: Previous implementation used a global rate limit, allowing
+// a single attacker to exhaust the rate limit budget for ALL users.
+// Now we rate limit per-API-key hash to isolate abuse.
+// ============================================================================
+
+const rateLimitState = {
+  callsByKey: new Map(),  // Map<keyHash, timestamp[]>
+  globalCalls: [],        // Fallback for unauthenticated requests
+  cleanupInterval: null,
+  maxKeys: 10000,         // Prevent unbounded growth
+};
+
+/**
+ * Hash API key for rate limit tracking (don't store raw keys)
+ */
+function hashKeyForRateLimit(apiKey) {
+  if (!apiKey) return '__anonymous__';
+  const crypto = require('crypto');
+  return crypto.createHash('sha256').update(apiKey).digest('hex').slice(0, 16);
+}
+
+/**
+ * Cleanup expired rate limit entries
+ */
+function cleanupRateLimitState() {
+  const now = Date.now();
+  const windowStart = now - CONFIG.LIMITS.RATE_LIMIT_WINDOW_MS;
+  
+  // Clean per-key entries
+  for (const [keyHash, calls] of rateLimitState.callsByKey) {
+    const validCalls = calls.filter(t => t > windowStart);
+    if (validCalls.length === 0) {
+      rateLimitState.callsByKey.delete(keyHash);
+    } else {
+      rateLimitState.callsByKey.set(keyHash, validCalls);
+    }
+  }
+  
+  // Clean global calls
+  rateLimitState.globalCalls = rateLimitState.globalCalls.filter(t => t > windowStart);
+  
+  // Enforce max keys to prevent memory exhaustion
+  if (rateLimitState.callsByKey.size > rateLimitState.maxKeys) {
+    // Evict oldest keys (those with oldest last call)
+    const entries = Array.from(rateLimitState.callsByKey.entries());
+    entries.sort((a, b) => Math.max(...(a[1] || [0])) - Math.max(...(b[1] || [0])));
+    const toDelete = entries.slice(0, rateLimitState.callsByKey.size - rateLimitState.maxKeys);
+    for (const [key] of toDelete) {
+      rateLimitState.callsByKey.delete(key);
+    }
+  }
+}
+
+/**
+ * Check rate limit for a specific API key
+ * 
+ * @param {string} apiKey - The API key (optional, falls back to global limit)
+ * @returns {{ allowed: boolean, remaining: number, resetIn: number, keyHash?: string }}
+ */
+function checkRateLimit(apiKey = null) {
+  const now = Date.now();
+  const windowStart = now - CONFIG.LIMITS.RATE_LIMIT_WINDOW_MS;
+  const keyHash = hashKeyForRateLimit(apiKey);
+  
+  // Get or create call array for this key
+  let calls = rateLimitState.callsByKey.get(keyHash);
+  if (!calls) {
+    calls = [];
+    rateLimitState.callsByKey.set(keyHash, calls);
+  }
+  
+  // Clean old entries for this key
+  const validCalls = calls.filter(t => t > windowStart);
+  rateLimitState.callsByKey.set(keyHash, validCalls);
+  
+  // Determine limit based on authentication
+  // Anonymous gets stricter limit (10/min), authenticated gets full limit
+  const maxCalls = apiKey ? CONFIG.LIMITS.RATE_LIMIT_MAX_CALLS : Math.min(10, CONFIG.LIMITS.RATE_LIMIT_MAX_CALLS);
+  const remaining = maxCalls - validCalls.length;
+  
+  if (remaining <= 0) {
+    const oldestCall = Math.min(...validCalls);
+    const resetIn = Math.max(0, (oldestCall + CONFIG.LIMITS.RATE_LIMIT_WINDOW_MS) - now);
+    return { allowed: false, remaining: 0, resetIn, keyHash };
+  }
+  
+  // Record this call
+  validCalls.push(now);
+  
+  // Periodic cleanup (every ~100 calls)
+  if (Math.random() < 0.01) {
+    cleanupRateLimitState();
+  }
+  
+  return { allowed: true, remaining: remaining - 1, resetIn: CONFIG.LIMITS.RATE_LIMIT_WINDOW_MS, keyHash };
+}
+
+// ============================================================================
+// HARDENING: Circuit Breaker for API Integration
+// ============================================================================
+
+const circuitBreakerState = {
+  failures: 0,
+  lastFailureTime: 0,
+  state: 'CLOSED', // CLOSED = normal, OPEN = failing, HALF_OPEN = testing
+  failureThreshold: 5,
+  resetTimeout: 60000, // 1 minute
 };
 
+/**
+ * Check if API calls should be allowed
+ * @returns {{ allowed: boolean, reason?: string }}
+ */
+function checkCircuitBreaker() {
+  const now = Date.now();
+  
+  // If circuit is open, check if we should attempt reset
+  if (circuitBreakerState.state === 'OPEN') {
+    if (now - circuitBreakerState.lastFailureTime >= circuitBreakerState.resetTimeout) {
+      circuitBreakerState.state = 'HALF_OPEN';
+      console.error('[MCP] Circuit breaker entering HALF_OPEN state - testing API');
+    } else {
+      return { 
+        allowed: false, 
+        reason: `Circuit breaker OPEN - API calls disabled for ${Math.ceil((circuitBreakerState.resetTimeout - (now - circuitBreakerState.lastFailureTime)) / 1000)}s`
+      };
+    }
+  }
+  
+  return { allowed: true };
+}
+
+/**
+ * Record API call result
+ * @param {boolean} success - Whether the API call succeeded
+ */
+function recordApiResult(success) {
+  if (success) {
+    // Reset on success
+    if (circuitBreakerState.state === 'HALF_OPEN') {
+      console.error('[MCP] Circuit breaker CLOSED - API recovered');
+    }
+    circuitBreakerState.failures = 0;
+    circuitBreakerState.state = 'CLOSED';
+  } else {
+    circuitBreakerState.failures++;
+    circuitBreakerState.lastFailureTime = Date.now();
+    
+    if (circuitBreakerState.failures >= circuitBreakerState.failureThreshold) {
+      circuitBreakerState.state = 'OPEN';
+      console.error(`[MCP] Circuit breaker OPEN after ${circuitBreakerState.failures} failures - disabling API calls`);
+    }
+  }
+}
+
+// ============================================================================
+// HARDENING: Safe JSON Parsing
+// ============================================================================
+
+/**
+ * Safely parse JSON with size limits
+ * @param {string} text - JSON string to parse
+ * @param {number} maxSize - Maximum allowed size in bytes
+ * @returns {{ success: boolean, data?: any, error?: string }}
+ */
+function safeJsonParse(text, maxSize = 5 * 1024 * 1024) {
+  if (!text || typeof text !== 'string') {
+    return { success: false, error: 'Invalid input' };
+  }
+  
+  if (text.length > maxSize) {
+    return { success: false, error: `JSON exceeds maximum size of ${maxSize} bytes` };
+  }
+  
+  try {
+    const data = JSON.parse(text);
+    return { success: true, data };
+  } catch (e) {
+    return { success: false, error: `JSON parse error: ${e.message}` };
+  }
+}
+
 const VERSION = CONFIG.VERSION;
 
 // Import intelligence tools
@@ -92,6 +480,12 @@ import {
   handleArchitectTool,
 } from "./architect-tools.js";
 
+// Import authority system tools
+import {
+  AUTHORITY_TOOLS,
+  handleAuthorityTool,
+} from "./authority-tools.js";
+
 // Import codebase architect tools
 import {
   CODEBASE_ARCHITECT_TOOLS,
@@ -136,14 +530,22 @@ import { CONSOLIDATED_TOOLS, handleConsolidatedTool } from "./consolidated-tools
 import { MCP_TOOLS_V3, handleToolV3, TOOL_TIERS as V3_TOOL_TIERS } from "./tools-v3.js";
 
 // Import tier auth for entitlement checking
-import { checkFeatureAccess } from "./tier-auth.js";
+import { getFeatureAccessStatus } from "./tier-auth.js";
 
-// Import Agent Firewall Interceptor
+// Import Agent Firewall Interceptor - ENABLED BY DEFAULT
+// The Agent Firewall is the core gatekeeper that validates AI changes against reality
 import {
   AGENT_FIREWALL_TOOL,
   handleAgentFirewallIntercept,
 } from "./agent-firewall-interceptor.js";
 
+// Import Conductor tools - Multi-Agent Coordination (Phase 2)
+import {
+  CONDUCTOR_TOOLS,
+  handleConductorToolCall,
+  getConductorTools,
+} from "./conductor/tools.js";
+
 /**
  * TRUTH FIREWALL CONFIGURATION
  * 
@@ -182,14 +584,29 @@ function getPolicyConfig(policy) {
   return POLICY_THRESHOLDS[policy] || POLICY_THRESHOLDS.strict;
 }
 
+/**
+ * Emit guardrail metric to audit log.
+ * 
+ * SECURITY FIX: Previous implementation silently ignored all failures.
+ * Now we log failures to stderr for security monitoring - an attacker
+ * filling disk or manipulating permissions would have gone undetected.
+ */
 async function emitGuardrailMetric(projectPath, metric) {
   try {
     const auditDir = path.join(projectPath, ".vibecheck", "audit");
     await fs.mkdir(auditDir, { recursive: true });
     const record = JSON.stringify({ ...metric, timestamp: new Date().toISOString() });
     await fs.appendFile(path.join(auditDir, "guardrail-metrics.jsonl"), `${record}\n`);
-  } catch {
-    // ignore metrics write failures
+  } catch (err) {
+    // SECURITY: Log failures - silent failure could hide attacks
+    // (e.g., attacker fills disk to prevent audit logging)
+    console.error(`[SECURITY] Guardrail metric write failed: ${err.message}`);
+    console.error(`[SECURITY] Failed metric: ${JSON.stringify(metric)}`);
+    
+    // Attempt fallback to stderr-only logging for critical metrics
+    if (metric.event === 'truth_firewall_block' || metric.event === 'security_violation') {
+      console.error(`[SECURITY-CRITICAL] ${metric.event}: ${JSON.stringify(metric)}`);
+    }
   }
 }
 
@@ -233,628 +650,23 @@ function checkTruthFirewallBlock(toolName, args, projectPath) {
 // TOOL DEFINITIONS - Public Tools (Clean Product Surface)
 // ============================================================================
 
-// RECOMMENDED: Use v3 tools (10 focused tools, STARTER+ only, no free tools)
-// These map directly to CLI commands and return file/line citations
-// Set VIBECHECK_MCP_V3=false to use legacy tools
-const USE_V3_TOOLS = process.env.VIBECHECK_MCP_V3 !== 'false';
-const USE_CONSOLIDATED_TOOLS = process.env.VIBECHECK_MCP_CONSOLIDATED !== 'false';
+// ============================================================================
+// TOOL REGISTRATION - V3 Tools Only (2-tier: FREE / PRO)
+// ============================================================================
+// V3 tools are the canonical tool surface with 2-tier model:
+// - FREE (10 tools): Inspect & Observe
+// - PRO (15 tools): Fix, Prove & Enforce (includes Authority, Conductor, Firewall)
 
-const TOOLS = USE_V3_TOOLS ? [
-  // v3: 10 focused tools for STARTER+ (no free MCP tools)
+const TOOLS = [
+  // V3 tools include all FREE and PRO tools
+  // Authority, Conductor, and Agent Firewall are included in MCP_TOOLS_V3
   ...MCP_TOOLS_V3,
-  AGENT_FIREWALL_TOOL, // Agent Firewall - intercepts file writes
-] : USE_CONSOLIDATED_TOOLS ? [
-  // Curated tools for agents (legacy)
-  ...CONSOLIDATED_TOOLS,
-  AGENT_FIREWALL_TOOL, // Agent Firewall - intercepts file writes
-] : [
-  // Legacy: Full tool set (50+ tools) - for backward compatibility
-  // PRIORITY: Agent Firewall - intercepts ALL file writes
-  AGENT_FIREWALL_TOOL,
-  // PRIORITY: Truth Firewall tools (Hallucination Stopper) - agents MUST use these
-  ...TRUTH_FIREWALL_TOOLS, // vibecheck.get_truthpack, vibecheck.validate_claim, vibecheck.compile_context, etc.
-  
-  // Truth Context tools (Evidence-Backed AI)
-  ...TRUTH_CONTEXT_TOOLS, // vibecheck.ctx, vibecheck.verify_claim, vibecheck.evidence
-  
-  ...INTELLIGENCE_TOOLS, // Add all intelligence suite tools
-  ...VIBECHECK_TOOLS,    // Add AI vibecheck tools (verify, quality, smells, etc.)
-  ...AGENT_CHECKPOINT_TOOLS, // Add agent checkpoint tools
-  ...ARCHITECT_TOOLS,    // Add architect review/suggest tools
-  ...CODEBASE_ARCHITECT_TOOLS, // Add codebase-aware architect tools
-  ...VIBECHECK_2_TOOLS,  // Add vibecheck 2.0 consolidated tools
-  ...intentDriftTools,   // Add intent drift guard tools
-  mdcGeneratorTool,      // Add MDC generator tool
-  // 1. SHIP - Quick health check (vibe coder friendly)
-  {
-    name: "vibecheck.ship",
-    description:
-      "🚀 Quick health check — 'Is my app ready?' Plain English, traffic light score",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          description: "Path to project root",
-          default: ".",
-        },
-        fix: {
-          type: "boolean",
-          description: "Auto-fix problems where possible",
-          default: false,
-        },
-      },
-    },
-  },
+].filter(t => t !== null);
 
-  // 2. SCAN - Deep technical analysis
-  {
-    name: "vibecheck.scan",
-    description:
-      "🔍 Deep scan — technical analysis of secrets, auth, mocks, routes (detailed output)",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          description: "Path to project root",
-          default: ".",
-        },
-        profile: {
-          type: "string",
-          enum: ["quick", "full", "ship", "ci", "security", "compliance", "ai"],
-          description:
-            "Check profile: quick, full, ship, ci, security, compliance, ai",
-          default: "quick",
-        },
-        only: {
-          type: "array",
-          items: { type: "string" },
-          description:
-            "Run only specific checks: integrity, security, hygiene, contracts, auth, routes, mocks, compliance, ai",
-        },
-        format: {
-          type: "string",
-          enum: ["text", "json", "html", "sarif"],
-          description: "Output format",
-          default: "text",
-        },
-      },
-    },
-  },
+// Legacy tool definitions removed - V3 is the only supported mode
+// All tools are now defined in tools-v3.js
 
-  // 3. VERIFY - Runtime verification with Playwright
-  {
-    name: "vibecheck.verify",
-    description:
-      "🧪 Runtime Verify — clicks buttons, fills forms, finds Dead UI with Playwright",
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: {
-          type: "string",
-          description: "Target URL to test (required)",
-        },
-        auth: {
-          type: "string",
-          description: "Auth credentials (email:password)",
-        },
-        flows: {
-          type: "array",
-          items: { type: "string" },
-          description: "Flow packs to test: auth, ui, forms, billing",
-        },
-        headed: {
-          type: "boolean",
-          description: "Run browser in visible mode",
-          default: false,
-        },
-        record: {
-          type: "boolean",
-          description: "Record video of test run",
-          default: false,
-        },
-      },
-      required: ["url"],
-    },
-  },
 
-  // 3b. REALITY v2 - Two-Pass Auth Verification + Dead UI Crawler
-  {
-    name: "vibecheck.reality",
-    description:
-      "🧪 Reality Mode v2 — Two-pass auth verification: crawl anon, then auth. Finds Dead UI, HTTP errors, auth coverage gaps.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: {
-          type: "string",
-          description: "Target URL to test (required)",
-        },
-        auth: {
-          type: "string",
-          description: "Auth credentials (email:password) for login attempt",
-        },
-        verifyAuth: {
-          type: "boolean",
-          description: "Enable two-pass auth verification (anon + auth)",
-          default: false,
-        },
-        storageState: {
-          type: "string",
-          description: "Path to Playwright storageState.json for pre-authenticated session",
-        },
-        saveStorageState: {
-          type: "string",
-          description: "Path to save storageState after successful login",
-        },
-        truthpack: {
-          type: "string",
-          description: "Path to truthpack.json for auth matcher verification",
-        },
-        headed: {
-          type: "boolean",
-          description: "Run browser in visible mode",
-          default: false,
-        },
-        maxPages: {
-          type: "number",
-          description: "Max pages to visit per pass (default: 18)",
-          default: 18,
-        },
-        maxDepth: {
-          type: "number",
-          description: "Max link depth to crawl (default: 2)",
-          default: 2,
-        },
-        danger: {
-          type: "boolean",
-          description: "Allow clicking risky buttons (delete, cancel, etc.)",
-          default: false,
-        },
-      },
-      required: ["url"],
-    },
-  },
-
-  // 4. AI-TEST - AI Agent testing
-  {
-    name: "vibecheckai.dev-test",
-    description:
-      "🤖 AI Agent — autonomous testing that explores your app and generates fix prompts",
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: {
-          type: "string",
-          description: "Target URL to test (required)",
-        },
-        goal: {
-          type: "string",
-          description: "Natural language goal for the AI agent",
-          default: "Test all features and find issues",
-        },
-        headed: {
-          type: "boolean",
-          description: "Run browser in visible mode",
-          default: false,
-        },
-      },
-      required: ["url"],
-    },
-  },
-
-  // 3. GATE - Enforce truth in CI
-  {
-    name: "vibecheck.gate",
-    description: "🚦 Enforce truth in CI — fail builds on policy violations (STARTER tier)",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        policy: {
-          type: "string",
-          enum: ["default", "strict", "ci"],
-          description: "Policy strictness level",
-          default: "strict",
-        },
-        sarif: {
-          type: "boolean",
-          description: "Generate SARIF for GitHub Code Scanning",
-          default: true,
-        },
-      },
-    },
-  },
-
-  // 5. FIX - Fix Missions v1
-  {
-    name: "vibecheck.fix",
-    description:
-      "🔧 Fix Missions v1 — AI-powered surgical fixes with proof verification loop. --apply and --autopilot require PRO tier ($99/mo).",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        promptOnly: {
-          type: "boolean",
-          description: "Generate mission prompts only (no edits)",
-          default: false,
-        },
-        apply: {
-          type: "boolean",
-          description: "Apply patches returned by the model",
-          default: false,
-        },
-        autopilot: {
-          type: "boolean",
-          description: "Loop: fix → verify → fix until SHIP or stuck",
-          default: false,
-        },
-        share: {
-          type: "boolean",
-          description: "Generate share bundle for review",
-          default: false,
-        },
-        maxMissions: {
-          type: "number",
-          description: "Max missions to plan (default: 8)",
-          default: 8,
-        },
-        maxSteps: {
-          type: "number",
-          description: "Max autopilot steps (default: 10)",
-          default: 10,
-        },
-      },
-    },
-  },
-
-  // 6. SHARE - Generate share bundle from fix missions
-  {
-    name: "vibecheck.share",
-    description: "📦 Share Bundle — generate PR comment / review bundle from latest fix missions",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        prComment: {
-          type: "boolean",
-          description: "Output GitHub PR comment format",
-          default: false,
-        },
-        out: {
-          type: "string",
-          description: "Write output to file path",
-        },
-      },
-    },
-  },
-
-  // 7. PROVE - One Command Reality Proof (orchestrates ctx → reality → ship → fix)
-  {
-    name: "vibecheck.prove",
-    description: "🔬 One Command Reality Proof — orchestrates ctx → reality → ship → fix loop until SHIP or stuck (PRO tier)",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        url: {
-          type: "string",
-          description: "Base URL for runtime testing",
-        },
-        auth: {
-          type: "string",
-          description: "Auth credentials (email:password)",
-        },
-        storageState: {
-          type: "string",
-          description: "Path to Playwright storageState.json",
-        },
-        maxFixRounds: {
-          type: "number",
-          description: "Max auto-fix attempts (default: 3)",
-          default: 3,
-        },
-        skipReality: {
-          type: "boolean",
-          description: "Skip runtime crawling (static only)",
-          default: false,
-        },
-        skipFix: {
-          type: "boolean",
-          description: "Don't auto-fix, just diagnose",
-          default: false,
-        },
-        headed: {
-          type: "boolean",
-          description: "Run browser in visible mode",
-          default: false,
-        },
-        danger: {
-          type: "boolean",
-          description: "Allow clicking risky buttons",
-          default: false,
-        },
-      },
-    },
-  },
-
-  // 8. CTX - Truth Pack Generator
-  {
-    name: "vibecheck.ctx",
-    description: "📦 Truth Pack — generate ground truth for AI agents (routes, env, auth, billing)",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        snapshot: {
-          type: "boolean",
-          description: "Save timestamped snapshot",
-          default: false,
-        },
-        json: {
-          type: "boolean",
-          description: "Output raw JSON",
-          default: false,
-        },
-      },
-    },
-  },
-
-  // 9. PROOF - Premium verification
-  {
-    name: "vibecheck.proof",
-    description:
-      "🎬 Premium verification — mocks (static) or reality (runtime with Playwright)",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        mode: {
-          type: "string",
-          enum: ["mocks", "reality"],
-          description:
-            "Proof mode: mocks (import graph + fake domains) or reality (Playwright runtime)",
-        },
-        url: {
-          type: "string",
-          description: "Base URL for reality mode",
-          default: "http://localhost:3000",
-        },
-        flow: {
-          type: "string",
-          enum: ["auth", "checkout", "dashboard"],
-          description: "Flow to test in reality mode",
-          default: "auth",
-        },
-      },
-      required: ["mode"],
-    },
-  },
-
-  // 5. REPORT - Access artifacts
-  {
-    name: "vibecheck.validate",
-    description:
-      "🤖 Validate AI-generated code. Checks for hallucinations, intent mismatch, and quality issues.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        code: { type: "string", description: "The code content to validate" },
-        intent: {
-          type: "string",
-          description: "The user's original request/intent",
-        },
-        projectPath: { type: "string", default: "." },
-      },
-      required: ["code"],
-    },
-  },
-  // 10. REPORT - Access scan artifacts
-  {
-    name: "vibecheck.report",
-    description:
-      "📄 Access scan artifacts — summary, full report, SARIF export",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        type: {
-          type: "string",
-          enum: ["summary", "full", "sarif", "html"],
-          description: "Report type to retrieve",
-          default: "summary",
-        },
-        runId: {
-          type: "string",
-          description: "Specific run ID (defaults to last run)",
-        },
-      },
-    },
-  },
-
-  // 11. STATUS - Health and config
-  {
-    name: "vibecheck.status",
-    description: "📊 Server status — health, versions, config, last run info",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-      },
-    },
-  },
-
-  // 12. AUTOPILOT - Continuous protection
-  {
-    name: "vibecheck.autopilot",
-    description:
-      "🤖 Autopilot — continuous protection with weekly reports, auto-PRs, deploy blocking",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        action: {
-          type: "string",
-          enum: ["status", "enable", "disable", "digest"],
-          description: "Autopilot action",
-          default: "status",
-        },
-        slack: {
-          type: "string",
-          description: "Slack webhook URL for notifications",
-        },
-        email: {
-          type: "string",
-          description: "Email for weekly digest",
-        },
-      },
-    },
-  },
-
-  // 13. AUTOPILOT PLAN - Generate fix plan (PRO tier)
-  {
-    name: "vibecheck.autopilot_plan",
-    description:
-      "🤖 Autopilot Plan — scan codebase, group issues into fix packs, estimate risk (PRO tier)",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        profile: {
-          type: "string",
-          enum: ["quick", "full", "ship", "ci"],
-          description: "Scan profile",
-          default: "ship",
-        },
-        maxFixes: {
-          type: "number",
-          description: "Max fixes per category",
-          default: 10,
-        },
-      },
-    },
-  },
-
-  // 14. AUTOPILOT APPLY - Apply fixes (PRO tier)
-  {
-    name: "vibecheck.autopilot_apply",
-    description:
-      "🔧 Autopilot Apply — apply fix packs with verification, re-scan to confirm (PRO tier)",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        profile: {
-          type: "string",
-          enum: ["quick", "full", "ship", "ci"],
-          description: "Scan profile",
-          default: "ship",
-        },
-        maxFixes: {
-          type: "number",
-          description: "Max fixes per category",
-          default: 10,
-        },
-        verify: {
-          type: "boolean",
-          description: "Run verification after apply",
-          default: true,
-        },
-        dryRun: {
-          type: "boolean",
-          description: "Preview changes without applying",
-          default: false,
-        },
-      },
-    },
-  },
-
-  // 15. BADGE - Generate ship badge
-  {
-    name: "vibecheck.badge",
-    description:
-      "🏅 Ship Badge — generate a badge for README/PR showing scan status (STARTER tier)",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          default: ".",
-        },
-        format: {
-          type: "string",
-          enum: ["svg", "md", "html"],
-          description: "Badge format",
-          default: "svg",
-        },
-        style: {
-          type: "string",
-          enum: ["flat", "flat-square"],
-          description: "Badge style",
-          default: "flat",
-        },
-      },
-    },
-  },
-
-  // 16. CONTEXT - AI Rules Generator
-  {
-    name: "vibecheck.context",
-    description:
-      "🧠 AI Context — generate rules files for Cursor, Windsurf, Copilot to understand your codebase",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: {
-          type: "string",
-          description: "Path to project root",
-          default: ".",
-        },
-        platform: {
-          type: "string",
-          enum: ["all", "cursor", "windsurf", "copilot", "claude"],
-          description: "Target platform (default: all)",
-          default: "all",
-        },
-      },
-    },
-  },
-];
 
 // ============================================================================
 // SERVER IMPLEMENTATION
@@ -872,32 +684,56 @@ class VibecheckMCP {
 
   // ============================================================================
   // TOOL REGISTRY - Maps tool names to handlers for cleaner dispatch
+  // HARDENING: Validates all handlers are functions
   // ============================================================================
   buildToolRegistry() {
-    return {
-      // Agent Firewall - intercepts file writes
-      "vibecheck_agent_firewall_intercept": handleAgentFirewallIntercept,
-      // Core CLI tools
-      "vibecheck.ship": this.handleShip.bind(this),
-      "vibecheck.scan": this.handleScan.bind(this),
-      "vibecheck.verify": this.handleVerify.bind(this),
-      "vibecheck.reality": this.handleReality.bind(this),
-      "vibecheckai.dev-test": this.handleAITest.bind(this),
-      "vibecheck.gate": this.handleGate.bind(this),
-      "vibecheck.fix": this.handleFix.bind(this),
-      "vibecheck.share": this.handleShare.bind(this),
-      "vibecheck.ctx": this.handleCtx.bind(this),
-      "vibecheck.prove": this.handleProve.bind(this),
-      "vibecheck.proof": this.handleProof.bind(this),
-      "vibecheck.validate": this.handleValidate.bind(this),
-      "vibecheck.report": this.handleReport.bind(this),
-      "vibecheck.status": this.handleStatus.bind(this),
-      "vibecheck.autopilot": this.handleAutopilot.bind(this),
-      "vibecheck.autopilot_plan": this.handleAutopilotPlan.bind(this),
-      "vibecheck.autopilot_apply": this.handleAutopilotApply.bind(this),
-      "vibecheck.badge": this.handleBadge.bind(this),
-      "vibecheck.context": this.handleContext.bind(this),
+    const registry = {};
+    
+    // Helper to safely add handler with validation
+    const addHandler = (name, handler) => {
+      if (typeof handler !== 'function') {
+        console.error(`[MCP] Warning: Tool ${name} handler is not a function`);
+        return;
+      }
+      registry[name] = handler;
     };
+    
+    // Agent Firewall - intercepts file writes (if available)
+    if (handleAgentFirewallIntercept && typeof handleAgentFirewallIntercept === 'function') {
+      addHandler("vibecheck_agent_firewall_intercept", handleAgentFirewallIntercept);
+    }
+    
+    // Conductor - multi-agent coordination tools
+    addHandler("vibecheck_conductor_register", (projectPath, args) => handleConductorToolCall("vibecheck_conductor_register", args, projectPath));
+    addHandler("vibecheck_conductor_acquire_lock", (projectPath, args) => handleConductorToolCall("vibecheck_conductor_acquire_lock", args, projectPath));
+    addHandler("vibecheck_conductor_release_lock", (projectPath, args) => handleConductorToolCall("vibecheck_conductor_release_lock", args, projectPath));
+    addHandler("vibecheck_conductor_propose", (projectPath, args) => handleConductorToolCall("vibecheck_conductor_propose", args, projectPath));
+    addHandler("vibecheck_conductor_status", (projectPath, args) => handleConductorToolCall("vibecheck_conductor_status", args, projectPath));
+    addHandler("vibecheck_conductor_terminate", (projectPath, args) => handleConductorToolCall("vibecheck_conductor_terminate", args, projectPath));
+    
+    // Core CLI tools
+    addHandler("vibecheck.ship", this.handleShip.bind(this));
+    addHandler("vibecheck.scan", this.handleScan.bind(this));
+    addHandler("vibecheck.verify", this.handleVerify.bind(this));
+    addHandler("vibecheck.reality", this.handleReality.bind(this));
+    addHandler("vibecheckai.dev-test", this.handleAITest.bind(this));
+    addHandler("vibecheck.gate", this.handleGate.bind(this));
+    addHandler("vibecheck.fix", this.handleFix.bind(this));
+    addHandler("vibecheck.share", this.handleShare.bind(this));
+    addHandler("vibecheck.ctx", this.handleCtx.bind(this));
+    addHandler("vibecheck.prove", this.handleProve.bind(this));
+    addHandler("vibecheck.proof", this.handleProof.bind(this));
+    addHandler("vibecheck.validate", this.handleValidate.bind(this));
+    addHandler("vibecheck.report", this.handleReport.bind(this));
+    addHandler("vibecheck.status", this.handleStatus.bind(this));
+    addHandler("vibecheck.autopilot", this.handleAutopilot.bind(this));
+    addHandler("vibecheck.autopilot_plan", this.handleAutopilotPlan.bind(this));
+    addHandler("vibecheck.autopilot_apply", this.handleAutopilotApply.bind(this));
+    addHandler("vibecheck.badge", this.handleBadge.bind(this));
+    addHandler("vibecheck.context", this.handleContext.bind(this));
+    
+    console.error(`[MCP] Tool registry built with ${Object.keys(registry).length} handlers`);
+    return registry;
   }
 
   // ============================================================================
@@ -910,70 +746,208 @@ class VibecheckMCP {
       skipAuth = true,
     } = options;
 
+    // ========================================================================
+    // HARDENING: Validate command
+    // ========================================================================
+    const sanitizedCommand = sanitizeString(command, 50);
+    if (!sanitizedCommand || !/^[a-z0-9_-]+$/i.test(sanitizedCommand)) {
+      throw new Error(`Invalid CLI command: ${sanitizedCommand}`);
+    }
+    
+    // ========================================================================
+    // HARDENING: Validate and sanitize arguments
+    // ========================================================================
+    const sanitizedArgs = sanitizeArray(args, 50).map(arg => {
+      const str = String(arg);
+      // Validate argument format (must be simple flags or values)
+      if (str.length > 1000) {
+        return str.slice(0, 1000);
+      }
+      return str;
+    });
+
+    // ========================================================================
+    // HARDENING: Validate working directory
+    // ========================================================================
+    const resolvedCwd = path.resolve(cwd || process.cwd());
+    if (!fsSync.existsSync(resolvedCwd)) {
+      throw new Error(`Working directory does not exist: ${resolvedCwd}`);
+    }
+
     // Build argument array - this prevents command injection
-    const finalArgs = [CONFIG.BIN_PATH, command, ...args];
+    const finalArgs = [CONFIG.BIN_PATH, sanitizedCommand, ...sanitizedArgs];
+
+    // ========================================================================
+    // HARDENING: Clean environment - don't leak sensitive vars
+    // ========================================================================
+    const safeEnv = { ...process.env };
+    // Remove potentially sensitive env vars from being passed through
+    const sensitiveEnvKeys = ['AWS_SECRET_ACCESS_KEY', 'STRIPE_SECRET_KEY', 'DATABASE_URL'];
+    for (const key of sensitiveEnvKeys) {
+      if (safeEnv[key] && !env[key]) {
+        // Only remove if not explicitly set in options
+        delete safeEnv[key];
+      }
+    }
 
     const execEnv = {
-      ...process.env,
+      ...safeEnv,
       ...CONFIG.ENV_DEFAULTS,
       ...(skipAuth ? { VIBECHECK_SKIP_AUTH: "1" } : {}),
       ...env,
+      // Ensure Node.js doesn't prompt for anything
+      NODE_NO_READLINE: "1",
+      FORCE_COLOR: "0",
     };
 
+    // ========================================================================
+    // HARDENING: Bounded timeout
+    // ========================================================================
+    const boundedTimeout = sanitizeNumber(timeout, 1000, 900000, CONFIG.TIMEOUTS.DEFAULT);
+
     try {
       const { stdout, stderr } = await execFileAsync(process.execPath, finalArgs, {
-        cwd,
+        cwd: resolvedCwd,
         encoding: "utf8",
         maxBuffer: CONFIG.MAX_BUFFER,
-        timeout,
+        timeout: boundedTimeout,
         env: execEnv,
+        // Don't inherit stdin - prevents hanging
+        stdio: ['ignore', 'pipe', 'pipe'],
       });
-      return { stdout, stderr, success: true };
+      
+      // Sanitize output before returning
+      return { 
+        stdout: redactSensitive(truncateOutput(stdout || '')), 
+        stderr: redactSensitive(truncateOutput(stderr || '')), 
+        success: true 
+      };
     } catch (error) {
-      // Attach partial output for graceful degradation
-      error.partialOutput = error.stdout || "";
-      error.partialStderr = error.stderr || "";
+      // Attach partial output for graceful degradation (sanitized)
+      error.partialOutput = redactSensitive(truncateOutput(error.stdout || ''));
+      error.partialStderr = redactSensitive(truncateOutput(error.stderr || ''));
+      
+      // Add helpful error code for timeout
+      if (error.killed && error.signal === 'SIGTERM') {
+        error.code = 'TIMEOUT';
+        error.message = `Command timed out after ${boundedTimeout}ms`;
+      }
+      
       throw error;
     }
   }
 
   // ============================================================================
-  // UTILITY HELPERS
+  // HARDENED UTILITY HELPERS
   // ============================================================================
   
-  // Strip ANSI escape codes from output
+  /**
+   * Strip ANSI escape codes from output with length validation
+   * @param {string} str - String to strip
+   * @returns {string}
+   */
   stripAnsi(str) {
-    return str ? str.replace(/\x1b\[[0-9;]*m/g, "") : "";
+    if (!str || typeof str !== 'string') {
+      return '';
+    }
+    
+    // Truncate first to prevent DoS on very long strings
+    const truncated = str.length > CONFIG.LIMITS.MAX_OUTPUT_LENGTH 
+      ? str.slice(0, CONFIG.LIMITS.MAX_OUTPUT_LENGTH) 
+      : str;
+    
+    return truncated.replace(/\x1b\[[0-9;]*m/g, "");
   }
 
-  // Parse summary from disk (for graceful degradation on CLI errors)
+  /**
+   * Parse summary from disk with size limits and validation
+   * @param {string} projectPath - Project root path
+   * @returns {Promise<object|null>} Parsed summary or null
+   */
   async parseSummaryFromDisk(projectPath) {
     const summaryPath = path.join(projectPath, CONFIG.OUTPUT_DIR, "summary.json");
+    
     try {
+      // Check file size first
+      const stats = await fs.stat(summaryPath);
+      if (stats.size > 5 * 1024 * 1024) { // 5MB limit
+        console.error(`[MCP] Summary file too large: ${stats.size} bytes`);
+        return null;
+      }
+      
       const content = await fs.readFile(summaryPath, "utf-8");
-      return JSON.parse(content);
-    } catch {
+      const parsed = safeJsonParse(content);
+      
+      if (!parsed.success) {
+        console.error(`[MCP] Invalid summary JSON: ${parsed.error}`);
+        return null;
+      }
+      
+      return parsed.data;
+    } catch (err) {
+      // Silent fail - this is for graceful degradation
       return null;
     }
   }
 
-  // Format scan output from summary object
+  /**
+   * Format scan output from summary object with validation
+   * @param {object} summary - Summary object
+   * @param {string} projectPath - Project root path
+   * @returns {string}
+   */
   formatScanOutput(summary, projectPath) {
-    let output = `## Score: ${summary.score}/100 (${summary.grade})\n\n`;
-    output += `**Verdict:** ${summary.canShip ? "✅ SHIP" : "🚫 NO-SHIP"}\n\n`;
+    if (!summary || typeof summary !== 'object') {
+      return '## Error: Invalid summary data\n';
+    }
+    
+    // Safely extract values with defaults
+    const score = sanitizeNumber(summary.score, 0, 100, 0);
+    const grade = sanitizeString(summary.grade, 10) || 'N/A';
+    const canShip = Boolean(summary.canShip);
+    
+    let output = `## Score: ${score}/100 (${grade})\n\n`;
+    output += `**Verdict:** ${canShip ? "✅ SHIP" : "🚫 NO-SHIP"}\n\n`;
 
-    if (summary.counts) {
+    if (summary.counts && typeof summary.counts === 'object') {
       output += "### Checks\n\n";
       output += "| Category | Issues |\n|----------|--------|\n";
-      for (const [key, count] of Object.entries(summary.counts)) {
-        const icon = count === 0 ? "✅" : "⚠️";
-        output += `| ${icon} ${key} | ${count} |\n`;
+      
+      // Limit to 50 categories to prevent output bloat
+      const entries = Object.entries(summary.counts).slice(0, 50);
+      for (const [key, count] of entries) {
+        const safeKey = sanitizeString(key, 50);
+        const safeCount = sanitizeNumber(count, 0, 999999, 0);
+        const icon = safeCount === 0 ? "✅" : "⚠️";
+        output += `| ${icon} ${safeKey} | ${safeCount} |\n`;
       }
     }
 
     output += `\n📄 **Report:** ${CONFIG.OUTPUT_DIR}/report.html\n`;
     return output;
   }
+  
+  /**
+   * Safely read a file with size limits
+   * @param {string} filePath - Path to file
+   * @param {number} maxSize - Maximum file size in bytes
+   * @returns {Promise<string|null>} File contents or null
+   */
+  async safeReadFile(filePath, maxSize = 10 * 1024 * 1024) {
+    try {
+      const stats = await fs.stat(filePath);
+      
+      if (stats.size > maxSize) {
+        console.error(`[MCP] File too large: ${filePath} (${stats.size} bytes)`);
+        return null;
+      }
+      
+      const content = await fs.readFile(filePath, "utf-8");
+      return content;
+    } catch (err) {
+      return null;
+    }
+  }
 
   setupHandlers() {
     // List tools
@@ -983,24 +957,95 @@ class VibecheckMCP {
 
     // Call tool - main dispatch handler
     this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
-      const { name, arguments: args } = request.params;
-      const projectPath = path.resolve(args?.projectPath || ".");
       const startTime = Date.now();
+      let toolName = 'unknown';
+      let projectPath = '.';
+      
+      try {
+        // ====================================================================
+        // HARDENING: Input extraction with validation
+        // ====================================================================
+        const params = request?.params;
+        if (!params || typeof params !== 'object') {
+          return this.error('Invalid request: missing params', { code: 'INVALID_REQUEST' });
+        }
+        
+        toolName = sanitizeString(params.name, 100);
+        const args = params.arguments && typeof params.arguments === 'object' ? params.arguments : {};
+        
+        // Validate tool name
+        if (!toolName || toolName.length < 2) {
+          return this.error('Invalid tool name', { code: 'INVALID_TOOL_NAME' });
+        }
+        
+        // ====================================================================
+        // HARDENING: Rate limiting (per-API-key)
+        // ====================================================================
+        const apiKey = args?.apiKey || null;
+        const rateCheck = checkRateLimit(apiKey);
+        if (!rateCheck.allowed) {
+          return this.error(`Rate limit exceeded. Try again in ${Math.ceil(rateCheck.resetIn / 1000)} seconds`, {
+            code: 'RATE_LIMIT_EXCEEDED',
+            suggestion: 'Reduce the frequency of tool calls',
+            nextSteps: [`Wait ${Math.ceil(rateCheck.resetIn / 1000)} seconds before retrying`],
+          });
+        }
+        
+        // ====================================================================
+        // HARDENING: Project path validation
+        // ====================================================================
+        const rawProjectPath = args?.projectPath || '.';
+        const pathValidation = sanitizePath(rawProjectPath, process.cwd());
+        
+        if (!pathValidation.valid) {
+          return this.error(pathValidation.error, {
+            code: 'INVALID_PATH',
+            suggestion: 'Provide a valid path within the current working directory',
+          });
+        }
+        projectPath = pathValidation.path;
 
-      // Emit audit event for tool invocation start
-      emitToolInvoke(name, args, "success", { projectPath });
+        // Emit audit event for tool invocation start
+        // SECURITY: Include apiKey hash for audit trail (never log raw key)
+        try {
+          const crypto = require('crypto');
+          const apiKeyHash = apiKey 
+            ? crypto.createHash('sha256').update(apiKey).digest('hex').slice(0, 16)
+            : 'anonymous';
+          
+          emitToolInvoke(toolName, args, "success", { 
+            projectPath,
+            apiKeyHash,
+            rateLimit: rateCheck,
+            timestamp: new Date().toISOString(),
+          });
+        } catch {
+          // Audit logging should never break the tool
+        }
 
-      try {
-        // TRUTH FIREWALL CHECK - enforce validation before code-changing tools
-        const firewallCheck = checkTruthFirewallBlock(name, args, projectPath);
+        // ====================================================================
+        // HARDENING: Truth firewall check with error handling
+        // ====================================================================
+        let firewallCheck = { blocked: false };
+        try {
+          firewallCheck = checkTruthFirewallBlock(toolName, args, projectPath);
+        } catch (firewallError) {
+          console.error(`[MCP] Firewall check error: ${firewallError.message}`);
+          // Continue - don't block on firewall errors
+        }
+        
         if (firewallCheck.blocked) {
           const policy = getTruthPolicy(args);
-          await emitGuardrailMetric(projectPath, {
-            event: "truth_firewall_block",
-            tool: name,
-            policy,
-            reason: firewallCheck.code || "no_recent_claim_validation",
-          });
+          try {
+            await emitGuardrailMetric(projectPath, {
+              event: "truth_firewall_block",
+              tool: toolName,
+              policy,
+              reason: firewallCheck.code || "no_recent_claim_validation",
+            });
+          } catch {
+            // Metrics should never break the tool
+          }
           return this.error(firewallCheck.reason, {
             code: firewallCheck.code,
             suggestion: firewallCheck.suggestion,
@@ -1009,98 +1054,142 @@ class VibecheckMCP {
         }
         
         // Handle v3 tools (10 consolidated tools, STARTER+ only)
-        if (USE_V3_TOOLS && V3_TOOL_TIERS[name]) {
-          const userTier = args?.tier || process.env.VIBECHECK_TIER || 'free';
-          const result = await handleToolV3(name, args, { tier: userTier });
+        if (USE_V3_TOOLS && V3_TOOL_TIERS[toolName]) {
+          // SECURITY FIX: Never trust client-provided tier - validate from API key
+          // Previous: const userTier = sanitizeString(args?.tier, 20) || ...
+          // This allowed privilege escalation via args.tier = "pro"
+          const { getMcpToolAccess } = await import('./tier-auth.js');
+          const access = await getMcpToolAccess(toolName, apiKey);
+          const userTier = access.tier || 'free';
+          const result = await handleToolV3(toolName, args, { tier: userTier });
           
           if (result.error) {
             return this.error(result.error, { tier: result.tier, required: result.required });
           }
           
+          // Sanitize and truncate output
+          const outputText = truncateOutput(redactSensitive(JSON.stringify(result, null, 2)));
           return {
-            content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+            content: [{ type: "text", text: outputText }],
           };
         }
         
         // 1. Check tool registry first (local CLI handlers)
-        if (this.toolRegistry[name]) {
-          return await this.toolRegistry[name](projectPath, args);
+        if (this.toolRegistry[toolName]) {
+          return await this.toolRegistry[toolName](projectPath, args);
         }
 
         // 2. Handle external module tools by prefix/pattern
-        if (name.startsWith("vibecheck.intelligence.")) {
-          return await handleIntelligenceTool(name, args, __dirname);
+        if (toolName.startsWith("vibecheck.intelligence.")) {
+          return await handleIntelligenceTool(toolName, args, __dirname);
         }
 
         // Handle AI vibecheck tools
         if (["vibecheck.verify", "vibecheck.quality", "vibecheck.smells", 
              "vibecheck.hallucination", "vibecheck.breaking", "vibecheck.mdc", 
-             "vibecheck.coverage"].includes(name)) {
-          const result = await handleVibecheckTool(name, args);
+             "vibecheck.coverage"].includes(toolName)) {
+          const result = await handleVibecheckTool(toolName, args);
+          const outputText = truncateOutput(redactSensitive(JSON.stringify(result, null, 2)));
           return {
-            content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+            content: [{ type: "text", text: outputText }],
           };
         }
 
         // Handle agent checkpoint tools
-        if (["vibecheck_checkpoint", "vibecheck_set_strictness", "vibecheck_checkpoint_status"].includes(name)) {
-          return await handleCheckpointTool(name, args);
+        if (["vibecheck_checkpoint", "vibecheck_set_strictness", "vibecheck_checkpoint_status"].includes(toolName)) {
+          return await handleCheckpointTool(toolName, args);
         }
 
         // Handle architect tools
         if (["vibecheck_architect_review", "vibecheck_architect_suggest", 
-             "vibecheck_architect_patterns", "vibecheck_architect_set_strictness"].includes(name)) {
-          return await handleArchitectTool(name, args);
+             "vibecheck_architect_patterns", "vibecheck_architect_set_strictness"].includes(toolName)) {
+          return await handleArchitectTool(toolName, args);
+        }
+
+        // Handle authority system tools
+        if (["authority.classify", "authority.approve", "authority.list"].includes(toolName)) {
+          const result = await handleAuthorityTool(toolName, args, userTier || "free");
+          const outputText = truncateOutput(redactSensitive(JSON.stringify(result, null, 2)));
+          return {
+            content: [{ type: "text", text: outputText }],
+          };
         }
 
         // Handle codebase architect tools
         if (["vibecheck_architect_context", "vibecheck_architect_guide",
              "vibecheck_architect_validate", "vibecheck_architect_patterns",
-             "vibecheck_architect_dependencies"].includes(name)) {
-          return await handleCodebaseArchitectTool(name, args);
+             "vibecheck_architect_dependencies"].includes(toolName)) {
+          return await handleCodebaseArchitectTool(toolName, args);
         }
 
         // Handle vibecheck 2.0 tools
-        if (["checkpoint", "check", "ship", "fix", "status", "set_strictness"].includes(name)) {
-          return await handleVibecheck2Tool(name, args, __dirname);
+        if (["checkpoint", "check", "ship", "fix", "status", "set_strictness"].includes(toolName)) {
+          return await handleVibecheck2Tool(toolName, args, __dirname);
         }
 
         // Handle intent drift tools
-        if (name.startsWith("vibecheck_intent_")) {
-          const tool = intentDriftTools.find(t => t.name === name);
+        if (toolName.startsWith("vibecheck_intent_")) {
+          const tool = intentDriftTools.find(t => t.name === toolName);
           if (tool && tool.handler) {
             const result = await tool.handler(args);
+            const outputText = truncateOutput(redactSensitive(JSON.stringify(result, null, 2)));
             return {
-              content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+              content: [{ type: "text", text: outputText }],
             };
           }
         }
 
         // Handle MDC generator
-        if (name === "generate_mdc") {
+        if (toolName === "generate_mdc") {
           return await handleMDCGeneration(args);
         }
 
         // Handle Truth Context tools (Evidence Pack / Truth Pack)
-        if (["vibecheck.verify_claim", "vibecheck.evidence"].includes(name)) {
-          return await handleTruthContextTool(name, args);
+        if (["vibecheck.verify_claim", "vibecheck.evidence"].includes(toolName)) {
+          return await handleTruthContextTool(toolName, args);
         }
 
         // Handle Truth Firewall tools (Hallucination Stopper)
         if (["vibecheck.get_truthpack", "vibecheck.validate_claim", "vibecheck.compile_context",
              "vibecheck.search_evidence", "vibecheck.find_counterexamples", "vibecheck.propose_patch",
-             "vibecheck.check_invariants", "vibecheck.add_assumption"].includes(name)) {
-          return await handleTruthFirewallTool(name, args, projectPath);
+             "vibecheck.check_invariants", "vibecheck.add_assumption"].includes(toolName)) {
+          return await handleTruthFirewallTool(toolName, args, projectPath);
         }
 
-        return this.error(`Unknown tool: ${name}`);
+        return this.error(`Unknown tool: ${toolName}`, {
+          code: 'UNKNOWN_TOOL',
+          suggestion: 'Check the tool name and try again',
+          nextSteps: ['Use vibecheck.status to see available tools'],
+        });
       } catch (err) {
-        // Emit audit event for tool error
-        emitToolComplete(name, "error", { 
-          errorMessage: err.message,
-          durationMs: Date.now() - startTime 
+        // ====================================================================
+        // HARDENING: Enhanced error handling with sanitization
+        // ====================================================================
+        const durationMs = Date.now() - startTime;
+        const errorMessage = sanitizeString(err?.message || 'Unknown error', 500);
+        
+        // Emit audit event for tool error (safely)
+        try {
+          emitToolComplete(toolName, "error", { 
+            errorMessage: redactSensitive(errorMessage),
+            durationMs,
+          });
+        } catch {
+          // Audit logging should never break the response
+        }
+        
+        // Log error details to stderr (not stdout - preserves MCP protocol)
+        console.error(`[MCP] Tool ${toolName} failed after ${durationMs}ms: ${errorMessage}`);
+        
+        return this.error(`${toolName} failed: ${redactSensitive(errorMessage)}`, {
+          code: err?.code || 'TOOL_ERROR',
+          suggestion: 'Check the error message and try again',
+          nextSteps: [
+            'Verify the tool arguments are correct',
+            'Check that the project path is valid',
+            'Try running with simpler arguments first',
+          ],
         });
-        return this.error(`${name} failed: ${err.message}`);
       }
     });
 
@@ -1161,15 +1250,41 @@ class VibecheckMCP {
     this.server.setRequestHandler(
       ReadResourceRequestSchema,
       async (request) => {
-        const { uri } = request.params;
+        // ====================================================================
+        // HARDENING: Resource request validation
+        // ====================================================================
+        const uri = sanitizeString(request?.params?.uri, 200);
+        if (!uri || !uri.startsWith('vibecheck://')) {
+          return { contents: [{ uri: uri || '', mimeType: "application/json", text: '{"error": "Invalid resource URI"}' }] };
+        }
+        
         const projectPath = process.cwd();
+        
+        // Helper to safely read and return JSON resource
+        const safeReadResource = async (filePath, defaultMessage) => {
+          try {
+            const content = await fs.readFile(filePath, "utf-8");
+            // Validate JSON and sanitize
+            const parsed = safeJsonParse(content);
+            if (!parsed.success) {
+              return { contents: [{ uri, mimeType: "application/json", text: JSON.stringify({ error: "Invalid JSON in resource file" }) }] };
+            }
+            // Redact any sensitive data and truncate
+            const sanitized = redactSensitive(truncateOutput(content, CONFIG.LIMITS.MAX_OUTPUT_LENGTH));
+            return { contents: [{ uri, mimeType: "application/json", text: sanitized }] };
+          } catch {
+            return { contents: [{ uri, mimeType: "application/json", text: JSON.stringify({ message: defaultMessage }) }] };
+          }
+        };
 
         if (uri === "vibecheck://config") {
           const configPath = path.join(projectPath, "vibecheck.config.json");
           try {
             const content = await fs.readFile(configPath, "utf-8");
+            // Redact sensitive config values
+            const sanitized = redactSensitive(truncateOutput(content, CONFIG.LIMITS.MAX_OUTPUT_LENGTH));
             return {
-              contents: [{ uri, mimeType: "application/json", text: content }],
+              contents: [{ uri, mimeType: "application/json", text: sanitized }],
             };
           } catch {
             return {
@@ -1179,141 +1294,161 @@ class VibecheckMCP {
         }
 
         if (uri === "vibecheck://summary") {
-          const summaryPath = path.join(
-            projectPath,
-            ".vibecheck",
-            "summary.json",
-          );
-          try {
-            const content = await fs.readFile(summaryPath, "utf-8");
-            return {
-              contents: [{ uri, mimeType: "application/json", text: content }],
-            };
-          } catch {
-            return {
-              contents: [
-                {
-                  uri,
-                  mimeType: "application/json",
-                  text: '{"message": "No scan found. Run vibecheck.scan first."}',
-                },
-              ],
-            };
-          }
+          const summaryPath = path.join(projectPath, ".vibecheck", "summary.json");
+          return await safeReadResource(summaryPath, "No scan found. Run vibecheck.scan first.");
         }
 
         if (uri === "vibecheck://truthpack") {
           const truthpackPath = path.join(projectPath, ".vibecheck", "truth", "truthpack.json");
-          try {
-            const content = await fs.readFile(truthpackPath, "utf-8");
-            return { contents: [{ uri, mimeType: "application/json", text: content }] };
-          } catch {
-            return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No truthpack. Run vibecheck.ctx first."}' }] };
-          }
+          return await safeReadResource(truthpackPath, "No truthpack. Run vibecheck.ctx first.");
         }
 
         if (uri === "vibecheck://missions") {
           const missionsDir = path.join(projectPath, ".vibecheck", "missions");
           try {
+            // HARDENING: Validate directory read
             const dirs = await fs.readdir(missionsDir);
-            const latest = dirs.sort().reverse()[0];
+            const safeDirs = sanitizeArray(dirs, 100).filter(d => typeof d === 'string' && d.length > 0);
+            const latest = safeDirs.sort().reverse()[0];
+            
             if (latest) {
               const missionPath = path.join(missionsDir, latest, "missions.json");
-              const content = await fs.readFile(missionPath, "utf-8");
-              return { contents: [{ uri, mimeType: "application/json", text: content }] };
+              return await safeReadResource(missionPath, "No missions found in latest directory.");
             }
-          } catch {}
+          } catch (err) {
+            console.error(`[MCP] Error reading missions: ${err.message}`);
+          }
           return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No missions. Run vibecheck.fix first."}' }] };
         }
 
         if (uri === "vibecheck://reality") {
           const realityPath = path.join(projectPath, ".vibecheck", "reality", "last_reality.json");
-          try {
-            const content = await fs.readFile(realityPath, "utf-8");
-            return { contents: [{ uri, mimeType: "application/json", text: content }] };
-          } catch {
-            return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No reality results. Run vibecheck verify first."}' }] };
-          }
+          return await safeReadResource(realityPath, "No reality results. Run vibecheck verify first.");
         }
 
         if (uri === "vibecheck://findings") {
           const findingsPath = path.join(projectPath, ".vibecheck", "findings.json");
-          try {
-            const content = await fs.readFile(findingsPath, "utf-8");
-            return { contents: [{ uri, mimeType: "application/json", text: content }] };
-          } catch {
-            // Try summary.json as fallback
-            const summaryPath = path.join(projectPath, ".vibecheck", "summary.json");
-            try {
-              const summary = JSON.parse(await fs.readFile(summaryPath, "utf-8"));
-              const findings = summary.findings || [];
+          
+          // Try primary findings file
+          const content = await this.safeReadFile(findingsPath, 10 * 1024 * 1024);
+          if (content) {
+            const parsed = safeJsonParse(content);
+            if (parsed.success) {
+              const sanitized = redactSensitive(truncateOutput(content));
+              return { contents: [{ uri, mimeType: "application/json", text: sanitized }] };
+            }
+          }
+          
+          // HARDENING: Try summary.json as fallback with size limits
+          const summaryPath = path.join(projectPath, ".vibecheck", "summary.json");
+          const summaryContent = await this.safeReadFile(summaryPath, 10 * 1024 * 1024);
+          
+          if (summaryContent) {
+            const parsed = safeJsonParse(summaryContent);
+            if (parsed.success && parsed.data.findings) {
+              const findings = sanitizeArray(parsed.data.findings, 1000);
               return { contents: [{ uri, mimeType: "application/json", text: JSON.stringify({ findings }, null, 2) }] };
-            } catch {
-              return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No findings. Run vibecheck.scan first."}' }] };
             }
           }
+          
+          return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No findings. Run vibecheck.scan first."}' }] };
         }
 
         if (uri === "vibecheck://share") {
           const missionsDir = path.join(projectPath, ".vibecheck", "missions");
           try {
+            // HARDENING: Safe directory read
             const dirs = await fs.readdir(missionsDir);
-            const latest = dirs.sort().reverse()[0];
+            const safeDirs = sanitizeArray(dirs, 100).filter(d => typeof d === 'string' && d.length > 0);
+            const latest = safeDirs.sort().reverse()[0];
+            
             if (latest) {
               const sharePath = path.join(missionsDir, latest, "share", "share.json");
-              try {
-                const content = await fs.readFile(sharePath, "utf-8");
-                return { contents: [{ uri, mimeType: "application/json", text: content }] };
-              } catch {
-                // Fallback to missions.json
-                const missionPath = path.join(missionsDir, latest, "missions.json");
-                const content = await fs.readFile(missionPath, "utf-8");
-                return { contents: [{ uri, mimeType: "application/json", text: content }] };
+              
+              // Try share.json first
+              const shareContent = await this.safeReadFile(sharePath, 10 * 1024 * 1024);
+              if (shareContent) {
+                const parsed = safeJsonParse(shareContent);
+                if (parsed.success) {
+                  const sanitized = redactSensitive(truncateOutput(shareContent));
+                  return { contents: [{ uri, mimeType: "application/json", text: sanitized }] };
+                }
               }
+              
+              // HARDENING: Fallback to missions.json with safe read
+              const missionPath = path.join(missionsDir, latest, "missions.json");
+              return await safeReadResource(missionPath, "No share data available in latest mission.");
             }
-          } catch {}
+          } catch (err) {
+            console.error(`[MCP] Error reading share pack: ${err.message}`);
+          }
           return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No share pack. Run vibecheck.fix --share first."}' }] };
         }
 
         if (uri === "vibecheck://prove") {
           const provePath = path.join(projectPath, ".vibecheck", "prove", "last_prove.json");
-          try {
-            const content = await fs.readFile(provePath, "utf-8");
-            return { contents: [{ uri, mimeType: "application/json", text: content }] };
-          } catch {
-            return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No prove results. Run vibecheck.prove first."}' }] };
-          }
+          return await safeReadResource(provePath, "No prove results. Run vibecheck.prove first.");
         }
 
-        return { contents: [] };
+        return { 
+          contents: [{ 
+            uri, 
+            mimeType: "application/json", 
+            text: JSON.stringify({ error: "Unknown resource URI" }) 
+          }] 
+        };
       },
     );
   }
 
-  // Helpers
+  // ============================================================================
+  // HARDENED HELPERS
+  // ============================================================================
+  
+  /**
+   * Return a successful response with sanitization
+   * @param {string} text - Response text
+   * @param {boolean} includeAttribution - Include vibecheck attribution
+   * @returns {object} MCP response
+   */
   success(text, includeAttribution = true) {
+    // Sanitize output: redact secrets and truncate
+    let sanitized = redactSensitive(sanitizeString(text, CONFIG.LIMITS.MAX_OUTPUT_LENGTH));
+    
     const finalText = includeAttribution 
-      ? `${text}\n\n---\n_${CONTEXT_ATTRIBUTION}_`
-      : text;
+      ? `${sanitized}\n\n---\n_${CONTEXT_ATTRIBUTION}_`
+      : sanitized;
+    
     return { content: [{ type: "text", text: finalText }] };
   }
 
+  /**
+   * Return an error response with sanitization
+   * @param {string} text - Error message
+   * @param {object} options - Additional options
+   * @returns {object} MCP error response
+   */
   error(text, options = {}) {
     const { code, suggestion, nextSteps = [] } = options;
     
-    let errorText = `❌ ${text}`;
+    // Sanitize all text inputs
+    const sanitizedText = redactSensitive(sanitizeString(text, 1000));
+    const sanitizedSuggestion = suggestion ? redactSensitive(sanitizeString(suggestion, 500)) : null;
+    const sanitizedSteps = sanitizeArray(nextSteps, 10).map(s => sanitizeString(s, 200));
+    
+    let errorText = `❌ ${sanitizedText}`;
     
     if (code) {
-      errorText += `\n\n**Error Code:** \`${code}\``;
+      errorText += `\n\n**Error Code:** \`${sanitizeString(code, 50)}\``;
     }
     
-    if (suggestion) {
-      errorText += `\n\n💡 **Suggestion:** ${suggestion}`;
+    if (sanitizedSuggestion) {
+      errorText += `\n\n💡 **Suggestion:** ${sanitizedSuggestion}`;
     }
     
-    if (nextSteps.length > 0) {
+    if (sanitizedSteps.length > 0) {
       errorText += `\n\n**Next Steps:**\n`;
-      nextSteps.forEach((step, i) => {
+      sanitizedSteps.forEach((step, i) => {
         errorText += `${i + 1}. ${step}\n`;
       });
     }
@@ -1366,28 +1501,53 @@ class VibecheckMCP {
       });
     }
 
-    const profile = args?.profile || "quick";
-    const only = args?.only;
+    // HARDENING: Validate and sanitize profile
+    const validProfiles = ["quick", "full", "ship", "ci", "security", "compliance", "ai"];
+    const profile = validProfiles.includes(args?.profile) ? args?.profile : "quick";
+    
+    // HARDENING: Sanitize only array
+    const only = sanitizeArray(args?.only, 20).map(item => sanitizeString(item, 50));
 
-    // Initialize API integration
+    // Initialize API integration with timeout and circuit breaker
     let apiScan = null;
     let apiConnected = false;
     
+    // HARDENING: Check circuit breaker before attempting API calls
+    const circuitCheck = checkCircuitBreaker();
+    
     // Try to connect to API for dashboard integration
-    try {
-      apiConnected = await isApiAvailable();
-      if (apiConnected) {
-        // Create scan record in dashboard
-        apiScan = await createScan({
-          localPath: projectPath,
-          branch: 'main',
-          enableLLM: false,
-        });
-        console.error(`[MCP] Connected to dashboard (Scan ID: ${apiScan.scanId})`);
+    if (circuitCheck.allowed) {
+      try {
+        // HARDENING: Add timeout to API availability check
+        const apiCheckPromise = isApiAvailable();
+        const timeoutPromise = new Promise((_, reject) => 
+          setTimeout(() => reject(new Error('API check timeout')), 5000)
+        );
+        
+        apiConnected = await Promise.race([apiCheckPromise, timeoutPromise]);
+        
+        if (apiConnected) {
+          // Create scan record in dashboard
+          const createScanPromise = createScan({
+            localPath: sanitizeString(projectPath, 500),
+            branch: sanitizeString(args?.branch, 100) || 'main',
+            enableLLM: false,
+          });
+          const scanTimeoutPromise = new Promise((_, reject) => 
+            setTimeout(() => reject(new Error('Create scan timeout')), 10000)
+          );
+          
+          apiScan = await Promise.race([createScanPromise, scanTimeoutPromise]);
+          console.error(`[MCP] Connected to dashboard (Scan ID: ${apiScan.scanId})`);
+          recordApiResult(true); // Record success
+        }
+      } catch (err) {
+        // API connection is optional, continue without it
+        console.error(`[MCP] Dashboard integration unavailable: ${err.message}`);
+        recordApiResult(false); // Record failure
       }
-    } catch (err) {
-      // API connection is optional, continue without it
-      console.error(`[MCP] Dashboard integration unavailable: ${err.message}`);
+    } else {
+      console.error(`[MCP] ${circuitCheck.reason}`);
     }
 
     let output = "# 🔍 vibecheck Scan\n\n";
@@ -1396,7 +1556,9 @@ class VibecheckMCP {
 
     // Build CLI arguments array (secure - no injection possible)
     const cliArgs = [`--profile=${profile}`, "--json"];
-    if (only?.length) cliArgs.push(`--only=${only.join(",")}`);
+    if (only.length > 0) {
+      cliArgs.push(`--only=${only.join(",")}`);
+    }
 
     try {
       await this.runCLI("scan", cliArgs, projectPath, { timeout: CONFIG.TIMEOUTS.SCAN });
@@ -1409,19 +1571,25 @@ class VibecheckMCP {
         // Submit results to dashboard if connected
         if (apiConnected && apiScan) {
           try {
-            await submitScanResults(apiScan.scanId, {
-              verdict: summary.verdict || 'UNKNOWN',
-              score: summary.score?.overall || 0,
-              findings: summary.findings || [],
-              filesScanned: summary.stats?.filesScanned || 0,
-              linesScanned: summary.stats?.linesScanned || 0,
-              durationMs: summary.timings?.total || 0,
+            // HARDENING: Add timeout to result submission
+            const submitPromise = submitScanResults(apiScan.scanId, {
+              verdict: sanitizeString(summary.verdict, 50) || 'UNKNOWN',
+              score: sanitizeNumber(summary.score?.overall, 0, 100, 0),
+              findings: sanitizeArray(summary.findings, 1000) || [],
+              filesScanned: sanitizeNumber(summary.stats?.filesScanned, 0, 1000000, 0),
+              linesScanned: sanitizeNumber(summary.stats?.linesScanned, 0, 100000000, 0),
+              durationMs: sanitizeNumber(summary.timings?.total, 0, 3600000, 0),
               metadata: {
                 profile,
                 source: 'mcp-server',
                 version: CONFIG.VERSION,
               },
             });
+            const submitTimeout = new Promise((_, reject) => 
+              setTimeout(() => reject(new Error('Submit timeout')), 10000)
+            );
+            
+            await Promise.race([submitPromise, submitTimeout]);
             console.error(`[MCP] Results sent to dashboard`);
           } catch (err) {
             console.error(`[MCP] Failed to send results to dashboard: ${err.message}`);
@@ -1439,23 +1607,29 @@ class VibecheckMCP {
         // Submit results to dashboard if connected
         if (apiConnected && apiScan) {
           try {
-            await submitScanResults(apiScan.scanId, {
-              verdict: summary.verdict || 'UNKNOWN',
-              score: summary.score?.overall || 0,
-              findings: summary.findings || [],
-              filesScanned: summary.stats?.filesScanned || 0,
-              linesScanned: summary.stats?.linesScanned || 0,
-              durationMs: summary.timings?.total || 0,
+            // HARDENING: Add timeout to error case submission
+            const submitPromise = submitScanResults(apiScan.scanId, {
+              verdict: sanitizeString(summary.verdict, 50) || 'UNKNOWN',
+              score: sanitizeNumber(summary.score?.overall, 0, 100, 0),
+              findings: sanitizeArray(summary.findings, 1000) || [],
+              filesScanned: sanitizeNumber(summary.stats?.filesScanned, 0, 1000000, 0),
+              linesScanned: sanitizeNumber(summary.stats?.linesScanned, 0, 100000000, 0),
+              durationMs: sanitizeNumber(summary.timings?.total, 0, 3600000, 0),
               metadata: {
                 profile,
                 source: 'mcp-server',
                 version: CONFIG.VERSION,
-                error: err.message,
+                error: sanitizeString(err.message, 500),
               },
             });
+            const submitTimeout = new Promise((_, reject) => 
+              setTimeout(() => reject(new Error('Submit timeout')), 10000)
+            );
+            
+            await Promise.race([submitPromise, submitTimeout]);
             console.error(`[MCP] Results sent to dashboard (with error)`);
-          } catch (err) {
-            console.error(`[MCP] Failed to send results to dashboard: ${err.message}`);
+          } catch (apiErr) {
+            console.error(`[MCP] Failed to send results to dashboard: ${apiErr.message}`);
           }
         }
         output += `\n⚠️ Scan completed with findings (exit code ${err.code || 1})\n`;
@@ -1465,10 +1639,16 @@ class VibecheckMCP {
       // Report error to dashboard if connected
       if (apiConnected && apiScan) {
         try {
-          await reportScanError(apiScan.scanId, err);
+          // HARDENING: Add timeout to error reporting
+          const reportPromise = reportScanError(apiScan.scanId, err);
+          const reportTimeout = new Promise((_, reject) => 
+            setTimeout(() => reject(new Error('Report timeout')), 10000)
+          );
+          
+          await Promise.race([reportPromise, reportTimeout]);
           console.error(`[MCP] Error reported to dashboard`);
-        } catch (err) {
-          console.error(`[MCP] Failed to report error to dashboard: ${err.message}`);
+        } catch (apiErr) {
+          console.error(`[MCP] Failed to report error to dashboard: ${apiErr.message}`);
         }
       }
 
@@ -1490,7 +1670,7 @@ class VibecheckMCP {
   // ============================================================================
   async handleGate(projectPath, args) {
     // Check tier access (STARTER tier required)
-    const access = await checkFeatureAccess("gate", args?.apiKey);
+    const access = await getFeatureAccessStatus("gate", args?.apiKey);
     if (!access.hasAccess) {
       return {
         content: [{
@@ -1530,7 +1710,7 @@ class VibecheckMCP {
   async handleFix(projectPath, args) {
     // Check tier access for --apply and --autopilot (PRO tier required)
     if (args?.apply || args?.autopilot) {
-      const access = await checkFeatureAccess("fix.apply_patches", args?.apiKey);
+      const access = await getFeatureAccessStatus("fix.apply_patches", args?.apiKey);
       if (!access.hasAccess) {
         return {
           content: [{
@@ -1705,7 +1885,7 @@ class VibecheckMCP {
   // ============================================================================
   async handleProve(projectPath, args) {
     // Check tier access (PRO tier required)
-    const access = await checkFeatureAccess("prove", args?.apiKey);
+    const access = await getFeatureAccessStatus("prove", args?.apiKey);
     if (!access.hasAccess) {
       return {
         content: [{
@@ -1908,6 +2088,16 @@ class VibecheckMCP {
   // SHIP - Quick health check
   // ============================================================================
   async handleShip(projectPath, args) {
+    // HARDENING: Validate project path
+    const validation = this.validateProjectPath(projectPath);
+    if (!validation.valid) {
+      return this.error(validation.error, {
+        code: validation.code || "INVALID_PATH",
+        suggestion: validation.suggestion,
+        nextSteps: validation.nextSteps || [],
+      });
+    }
+
     let output = "# 🚀 vibecheck Ship\n\n";
     output += `**Path:** ${projectPath}\n\n`;
 
@@ -1932,20 +2122,34 @@ class VibecheckMCP {
   // VERIFY - Runtime browser testing
   // ============================================================================
   async handleVerify(projectPath, args) {
-    const url = args?.url;
-    if (!url) return this.error("URL is required");
+    // HARDENING: Validate URL
+    const urlValidation = validateUrl(args?.url);
+    if (!urlValidation.valid) {
+      return this.error(urlValidation.error, {
+        code: 'INVALID_URL',
+        suggestion: 'Provide a valid HTTP/HTTPS URL',
+        nextSteps: ['Check the URL format', 'Ensure the URL is accessible'],
+      });
+    }
+    const url = urlValidation.url;
 
     let output = "# 🧪 vibecheck Verify\n\n";
     output += `**URL:** ${url}\n`;
-    if (args?.flows?.length) output += `**Flows:** ${args.flows.join(", ")}\n`;
+    
+    // HARDENING: Sanitize array inputs
+    const flows = sanitizeArray(args?.flows, 10);
+    if (flows.length) output += `**Flows:** ${flows.join(", ")}\n`;
     if (args?.headed) output += `**Mode:** Headed (visible browser)\n`;
     if (args?.record) output += `**Recording:** Enabled\n`;
     output += "\n";
 
     // Build CLI arguments array (secure)
     const cliArgs = ["--url", url];
-    if (args?.auth) cliArgs.push("--auth", args.auth);
-    if (args?.flows?.length) cliArgs.push("--flows", args.flows.join(","));
+    // HARDENING: Sanitize auth - don't log full credentials
+    if (args?.auth && typeof args.auth === 'string') {
+      cliArgs.push("--auth", sanitizeString(args.auth, 200));
+    }
+    if (flows.length) cliArgs.push("--flows", flows.join(","));
     if (args?.headed) cliArgs.push("--headed");
     if (args?.record) cliArgs.push("--record");
 
@@ -1995,28 +2199,67 @@ class VibecheckMCP {
   // REALITY v2 - Two-Pass Auth Verification + Dead UI Crawler
   // ============================================================================
   async handleReality(projectPath, args) {
-    const url = args?.url;
-    if (!url) return this.error("URL is required");
+    // HARDENING: Validate URL
+    const urlValidation = validateUrl(args?.url);
+    if (!urlValidation.valid) {
+      return this.error(urlValidation.error, {
+        code: 'INVALID_URL',
+        suggestion: 'Provide a valid HTTP/HTTPS URL',
+        nextSteps: ['Check the URL format', 'Ensure the URL is accessible'],
+      });
+    }
+    const url = urlValidation.url;
 
     let output = "# 🧪 vibecheck Reality v2\n\n";
     output += `**URL:** ${url}\n`;
     output += `**Two-Pass Auth:** ${args?.verifyAuth ? "Yes" : "No"}\n`;
-    if (args?.auth) output += `**Auth:** ${args.auth.split(":")[0]}:***\n`;
-    if (args?.storageState) output += `**Storage State:** ${args.storageState}\n`;
+    
+    // HARDENING: Safely display auth info (mask password)
+    if (args?.auth && typeof args.auth === 'string') {
+      const authParts = args.auth.split(":");
+      const maskedAuth = authParts[0] ? `${authParts[0].slice(0, 20)}:***` : '***';
+      output += `**Auth:** ${maskedAuth}\n`;
+    }
+    if (args?.storageState) output += `**Storage State:** ${sanitizeString(args.storageState, 100)}\n`;
     if (args?.headed) output += `**Mode:** Headed (visible browser)\n`;
     if (args?.danger) output += `**Danger Mode:** Enabled (risky clicks allowed)\n`;
     output += "\n";
 
     // Build CLI arguments array (secure)
     const cliArgs = ["--url", url];
-    if (args?.auth) cliArgs.push("--auth", args.auth);
+    if (args?.auth && typeof args.auth === 'string') {
+      cliArgs.push("--auth", sanitizeString(args.auth, 200));
+    }
     if (args?.verifyAuth) cliArgs.push("--verify-auth");
-    if (args?.storageState) cliArgs.push("--storage-state", args.storageState);
-    if (args?.saveStorageState) cliArgs.push("--save-storage-state", args.saveStorageState);
-    if (args?.truthpack) cliArgs.push("--truthpack", args.truthpack);
+    
+    // HARDENING: Validate path arguments
+    if (args?.storageState) {
+      const pathCheck = sanitizePath(args.storageState, projectPath);
+      if (pathCheck.valid) {
+        cliArgs.push("--storage-state", pathCheck.path);
+      }
+    }
+    if (args?.saveStorageState) {
+      const pathCheck = sanitizePath(args.saveStorageState, projectPath);
+      if (pathCheck.valid) {
+        cliArgs.push("--save-storage-state", pathCheck.path);
+      }
+    }
+    if (args?.truthpack) {
+      const pathCheck = sanitizePath(args.truthpack, projectPath);
+      if (pathCheck.valid) {
+        cliArgs.push("--truthpack", pathCheck.path);
+      }
+    }
     if (args?.headed) cliArgs.push("--headed");
-    if (args?.maxPages) cliArgs.push("--max-pages", String(args.maxPages));
-    if (args?.maxDepth) cliArgs.push("--max-depth", String(args.maxDepth));
+    
+    // HARDENING: Bound numeric arguments
+    if (args?.maxPages) {
+      cliArgs.push("--max-pages", String(sanitizeNumber(args.maxPages, 1, 100, 18)));
+    }
+    if (args?.maxDepth) {
+      cliArgs.push("--max-depth", String(sanitizeNumber(args.maxDepth, 1, 10, 2)));
+    }
     if (args?.danger) cliArgs.push("--danger");
 
     try {
@@ -2097,16 +2340,27 @@ class VibecheckMCP {
   // AI-TEST - AI Agent testing
   // ============================================================================
   async handleAITest(projectPath, args) {
-    const url = args?.url;
-    if (!url) return this.error("URL is required");
+    // HARDENING: Validate URL
+    const urlValidation = validateUrl(args?.url);
+    if (!urlValidation.valid) {
+      return this.error(urlValidation.error, {
+        code: 'INVALID_URL',
+        suggestion: 'Provide a valid HTTP/HTTPS URL',
+        nextSteps: ['Check the URL format', 'Ensure the URL is accessible'],
+      });
+    }
+    const url = urlValidation.url;
+
+    // HARDENING: Sanitize goal string
+    const goal = sanitizeString(args?.goal, 500) || "Test all features";
 
     let output = "# 🤖 vibecheck AI Agent\n\n";
     output += `**URL:** ${url}\n`;
-    output += `**Goal:** ${args?.goal || "Test all features"}\n\n`;
+    output += `**Goal:** ${goal}\n\n`;
 
     // Build CLI arguments array (secure)
     const cliArgs = ["--url", url];
-    if (args?.goal) cliArgs.push("--goal", args.goal);
+    if (goal) cliArgs.push("--goal", goal);
     if (args?.headed) cliArgs.push("--headed");
 
     try {
@@ -2162,7 +2416,7 @@ class VibecheckMCP {
   // ============================================================================
   async handleAutopilotPlan(projectPath, args) {
     // Check tier access (PRO tier required)
-    const access = await checkFeatureAccess("fix.apply_patches", args?.apiKey);
+    const access = await getFeatureAccessStatus("fix.apply_patches", args?.apiKey);
     if (!access.hasAccess) {
       return {
         content: [{
@@ -2249,7 +2503,7 @@ class VibecheckMCP {
   // ============================================================================
   async handleAutopilotApply(projectPath, args) {
     // Check tier access (PRO tier required)
-    const access = await checkFeatureAccess("fix.apply_patches", args?.apiKey);
+    const access = await getFeatureAccessStatus("fix.apply_patches", args?.apiKey);
     if (!access.hasAccess) {
       return {
         content: [{
@@ -2310,7 +2564,7 @@ class VibecheckMCP {
   // ============================================================================
   async handleBadge(projectPath, args) {
     // Check tier access (STARTER tier required)
-    const access = await checkFeatureAccess("badge", args?.apiKey);
+    const access = await getFeatureAccessStatus("badge", args?.apiKey);
     if (!access.hasAccess) {
       return {
         content: [{
@@ -2466,15 +2720,57 @@ class VibecheckMCP {
   }
 
   // ============================================================================
-  // RUN
+  // RUN - with graceful shutdown handling
   // ============================================================================
   async run() {
     const transport = new StdioServerTransport();
+    
+    // ========================================================================
+    // HARDENING: Graceful shutdown handling
+    // ========================================================================
+    const shutdown = async (signal) => {
+      console.error(`\n[MCP] Received ${signal}, shutting down gracefully...`);
+      try {
+        // Clear rate limit state to prevent memory leaks
+        rateLimitState.calls = [];
+        
+        // Close server connection
+        await this.server.close();
+        console.error('[MCP] Server closed successfully');
+      } catch (err) {
+        console.error(`[MCP] Error during shutdown: ${err.message}`);
+      }
+      process.exit(0);
+    };
+    
+    // Handle termination signals
+    process.on('SIGINT', () => shutdown('SIGINT'));
+    process.on('SIGTERM', () => shutdown('SIGTERM'));
+    
+    // Handle uncaught errors gracefully
+    process.on('uncaughtException', (err) => {
+      console.error(`[MCP] Uncaught exception: ${err.message}`);
+      console.error(err.stack);
+      // Don't exit - try to keep running
+    });
+    
+    process.on('unhandledRejection', (reason, promise) => {
+      console.error(`[MCP] Unhandled rejection at:`, promise);
+      console.error(`[MCP] Reason:`, reason);
+      // Don't exit - try to keep running
+    });
+    
     await this.server.connect(transport);
-    console.error("vibecheck MCP Server v2.0 running on stdio");
+    console.error(`vibecheck MCP Server v${VERSION} running on stdio (hardened)`);
   }
 }
 
-// Main
+// ============================================================================
+// MAIN - with error handling
+// ============================================================================
 const server = new VibecheckMCP();
-server.run().catch(console.error);
+server.run().catch((err) => {
+  console.error(`[MCP] Fatal error starting server: ${err.message}`);
+  console.error(err.stack);
+  process.exit(1);
+});