vantage-peers-mcp 2.3.3 → 2.3.5

package/CHANGELOG.md

@@ -1,5 +1,34 @@
 # Changelog
 
+## v2.3.5 — 2026-05-28
+
+**Critical hotfix** — v2.3.3 (PR #539) shipped the backend filters `createdBy` + `updatedSince` and the Zod schema exports but did NOT wire those params into the 4 list MCP tool args blocks. Pi pull-cycle quickstart `list_tasks createdBy="pi" status="review" fields="lite"` was silently dropping `createdBy` at the MCP boundary and returning all visible tasks. Auto-clamp safeguard (Day 83) also could not trigger because Zod `.default(50)` / `.default(20)` on `limit` overrode the absent-value signal before it reached the backend.
+
+Fixes:
+- `mcp-server/src/tools.ts` : 4 list tools now expose `createdBy` (`list_tasks` + `list_tasks_by_mission` only — `list_missions` + `list_briefing_notes` do not accept it backend-side) and `updatedSince` (all 4).
+- Removed `.default(50)` (3 tools) and `.default(20)` (1 tool) on `limit` so absent value reaches the backend, enabling the v2.3.3 auto-clamp safeguard.
+
+Tests : 8 new boundary-forwarding cases (`src/__tests__/list-queries-v2.3.5-wire-createdby-updatedsince.test.ts`) — verify MCP layer actually forwards new params to `convex.query` instead of dropping them. 0 regression on existing suites.
+
+Detection : Vantage-Bridge architecture review Sigma scope Day 84 — direct `grep`/`sed` inspection of `tools.ts` confirmed the gap. Backend already correct since v2.3.3 (`convex/tasks.ts:354-357`).
+
+Fix-pattern (Day 84 capitalize) : when adding a new param across backend + MCP wrapper, the test suite MUST cover not only schema validation but also the tool-handler→convex.query forwarding boundary. Schema-only tests passed cleanly in v2.3.3 while the actual feature was broken in prod.
+
+VP task : `k177tsvdxzase5sjy2qm9fdvp187kbwr`. Predecessor v2.3.3 PR #539 (`k1796s5j6jfkvkx0tn5n926ftd87jx9p`).
+
+## v2.3.4 — 2026-05-28
+
+**Security fix** — DCR (Dynamic Client Registration) self-registration now defaults to tenant-scope only. Master scope requires explicit admin authorization (`ADMIN_DCR_TOKEN` / `BEARER_SECRET_MASTER` env var). Closes beta blocker for Marie/Iris RH onboarding identified in VP Cloud audit Day 84.
+
+Changes:
+- `convex/oauth.ts`: `registerPublicClient` now explicitly rejects `scopeProfile="master"` with a `ScopeViolation` error. Previously only the HTTP server enforced this; the Convex-layer was bypassable via direct internal call.
+- `mcp-server/src/auth.ts`: bearer layer 3 (DCR token path) no longer maps `mcp:full` scope string to `scopeProfile="master"`. DCR tokens now always resolve to `client-generic` (deny-by-default). The `mcp:full` label in the legacy `oauthTokens` table was a scope label, not an authorization grant.
+- `convex/oauthDcr.ts`: added security documentation clarifying the legacy table is no longer an escalation path; the auth middleware fix is the primary gate.
+
+Tests: 5 new Convex security tests (`convex/oauth-dcr-security.test.ts`) + 5 new MCP scope enforcement tests (`mcp-server/src/__tests__/dcr-scope-enforcement.test.ts`), 0 regression on existing suites.
+
+VP task: k17218rvqyncs1v6rwj3qdzfsn87jj4n. Beta unblock chain: DCR fix → 5 quick wins onboarding (seed-profiles + marie-iris-rh client + README VP Cloud + runbook + email).
+
 ## v2.3.3 — 2026-05-28
 
 **Follow-up to v2.3.2 (Day 84 scope élargi)** — Extend list queries with `createdBy` + `updatedSince` filters + auto-clamp safeguard.

package/dist/src/auth.js

@@ -231,10 +231,18 @@ export function bearerAuthMiddleware() {
                 console.error("[auth] CONVEX_URL_INTERNAL not set — cannot route DCR OAuth token");
                 return c.json({ error: "Server misconfigured: internal deployment URL missing" }, 500);
             }
-            // Map DCR single-scope string → OAuthContext fields.
-            // DCR tokens always carry "mcp:full" which maps to full access.
+            // SECURITY FIX: DCR tokens from the legacy oauthDcr path (oauthTokens
+            // table) carry "mcp:full" as a scope string. Previously this was mapped
+            // to scopeProfile="master" which granted cross-tenant, full-access.
+            // This is the DCR master-scope leak identified in VP Cloud audit Day 84.
+            //
+            // Fix: DCR self-registered clients ALWAYS resolve to "client-generic"
+            // (deny-by-default). "mcp:full" in the legacy table is a scope label, NOT
+            // an authorization to bypass namespace isolation. Master scope is only
+            // granted via the master bearer token path (layer 1) or via the
+            // oauth_access_tokens table with an admin-provisioned scopeProfile
+            // (layer 2). The DCR layer (layer 3) never grants master access.
             const scopes = dcrResult.scope.split(/\s+/).filter(Boolean);
-            const isFull = scopes.includes("mcp:full");
             c.set("tenant", {
                 tenantName: `dcr:${dcrResult.clientId}`,
                 convexUrl: internalUrl,
@@ -243,10 +251,11 @@ export function bearerAuthMiddleware() {
                 clientId: dcrResult.clientId,
                 userId: dcrResult.clientId,
                 scopes,
-                scopeProfile: isFull ? "master" : "client-generic",
-                fromAllowList: isFull ? ["*"] : [],
-                namespaceReadPrefixes: isFull ? ["*"] : [],
-                namespaceWritePrefixes: isFull ? ["*"] : [],
+                // Always tenant-scoped — never master — regardless of scope string value.
+                scopeProfile: "client-generic",
+                fromAllowList: [],
+                namespaceReadPrefixes: [],
+                namespaceWritePrefixes: [],
                 expiresAt: dcrResult.expiresAt,
                 isMaster: false,
             });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vantage-peers-mcp",
-  "version": "2.3.3",
+  "version": "2.3.5",
   "description": "MCP server for VantagePeers — shared memory, messaging, and task coordination for AI agent teams",
   "type": "module",
   "main": "./dist/server.js",