npm - vantage-peers-mcp - Versions diffs - 2.3.2 → 2.3.4 - Mend

vantage-peers-mcp 2.3.2 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,18 @@
 # Changelog
+## v2.3.4 — 2026-05-28
+**Security fix** — DCR (Dynamic Client Registration) self-registration now defaults to tenant-scope only. Master scope requires explicit admin authorization (`ADMIN_DCR_TOKEN` / `BEARER_SECRET_MASTER` env var). Closes beta blocker for Marie/Iris RH onboarding identified in VP Cloud audit Day 84.
+Changes:
+- `convex/oauth.ts`: `registerPublicClient` now explicitly rejects `scopeProfile="master"` with a `ScopeViolation` error. Previously only the HTTP server enforced this; the Convex-layer was bypassable via direct internal call.
+- `mcp-server/src/auth.ts`: bearer layer 3 (DCR token path) no longer maps `mcp:full` scope string to `scopeProfile="master"`. DCR tokens now always resolve to `client-generic` (deny-by-default). The `mcp:full` label in the legacy `oauthTokens` table was a scope label, not an authorization grant.
+- `convex/oauthDcr.ts`: added security documentation clarifying the legacy table is no longer an escalation path; the auth middleware fix is the primary gate.
+Tests: 5 new Convex security tests (`convex/oauth-dcr-security.test.ts`) + 5 new MCP scope enforcement tests (`mcp-server/src/__tests__/dcr-scope-enforcement.test.ts`), 0 regression on existing suites.
+VP task: k17218rvqyncs1v6rwj3qdzfsn87jj4n. Beta unblock chain: DCR fix → 5 quick wins onboarding (seed-profiles + marie-iris-rh client + README VP Cloud + runbook + email).
 ## v2.3.2 — 2026-05-28
 **Hotfix** — Expose `fields="lite"` + `status` array/aliases in MCP tool schemas (Day 82 sprint gap).

package/dist/src/auth.js CHANGED Viewed

@@ -231,10 +231,18 @@ export function bearerAuthMiddleware() {
                 console.error("[auth] CONVEX_URL_INTERNAL not set — cannot route DCR OAuth token");
                 return c.json({ error: "Server misconfigured: internal deployment URL missing" }, 500);
             }
-            // Map DCR single-scope string → OAuthContext fields.
-            // DCR tokens always carry "mcp:full" which maps to full access.
+            // SECURITY FIX: DCR tokens from the legacy oauthDcr path (oauthTokens
+            // table) carry "mcp:full" as a scope string. Previously this was mapped
+            // to scopeProfile="master" which granted cross-tenant, full-access.
+            // This is the DCR master-scope leak identified in VP Cloud audit Day 84.
+            //
+            // Fix: DCR self-registered clients ALWAYS resolve to "client-generic"
+            // (deny-by-default). "mcp:full" in the legacy table is a scope label, NOT
+            // an authorization to bypass namespace isolation. Master scope is only
+            // granted via the master bearer token path (layer 1) or via the
+            // oauth_access_tokens table with an admin-provisioned scopeProfile
+            // (layer 2). The DCR layer (layer 3) never grants master access.
             const scopes = dcrResult.scope.split(/\s+/).filter(Boolean);
-            const isFull = scopes.includes("mcp:full");
             c.set("tenant", {
                 tenantName: `dcr:${dcrResult.clientId}`,
                 convexUrl: internalUrl,
@@ -243,10 +251,11 @@ export function bearerAuthMiddleware() {
                 clientId: dcrResult.clientId,
                 userId: dcrResult.clientId,
                 scopes,
-                scopeProfile: isFull ? "master" : "client-generic",
-                fromAllowList: isFull ? ["*"] : [],
-                namespaceReadPrefixes: isFull ? ["*"] : [],
-                namespaceWritePrefixes: isFull ? ["*"] : [],
+                // Always tenant-scoped — never master — regardless of scope string value.
+                scopeProfile: "client-generic",
+                fromAllowList: [],
+                namespaceReadPrefixes: [],
+                namespaceWritePrefixes: [],
                 expiresAt: dcrResult.expiresAt,
                 isMaster: false,
             });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vantage-peers-mcp",
-  "version": "2.3.2",
+  "version": "2.3.4",
   "description": "MCP server for VantagePeers — shared memory, messaging, and task coordination for AI agent teams",
   "type": "module",
   "main": "./dist/server.js",