vantage-peers-mcp 2.4.13 → 2.4.14

package/dist/server-http.d.ts

@@ -24,4 +24,17 @@
  *   PORT                  — HTTP port (default 3000)
  *   NODE_ENV              — set to "production" on Railway
  */
-export {};
+import { Hono } from "hono";
+/**
+ * D6 helper — extract client_secret from either the Authorization: Basic header
+ * (RFC 6749 §2.3.1 client_secret_basic) or the form body (client_secret_post).
+ * Returns { clientId, clientSecret } when present, else nulls.
+ *
+ * Basic header format: "Basic base64(client_id:client_secret)".
+ * Per RFC 6749 §2.3.1 the values are form-urlencoded before being colon-joined.
+ */
+export declare function parseBasicAuthSecret(authHeader: string | undefined, body: Record<string, string>): {
+    clientId: string | null;
+    clientSecret: string | null;
+};
+export declare const app: Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;

package/dist/server-http.js

@@ -31,6 +31,7 @@ import { ConvexHttpClient } from "convex/browser";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
 import { bearerAuthMiddleware, internalClient, masterOnlyMiddleware, sha256Base64Url, sha256Hex, } from "./src/auth.js";
+import { timingSafeEqual } from "./src/crypto.js";
 import { registerTools } from "./src/tools.js";
 import { listUiResources, readUiResource } from "./src/ui-resources/index.js";
 let pkg;
@@ -86,6 +87,33 @@ function randomOpaqueToken() {
         .map((b) => b.toString(16).padStart(2, "0"))
         .join("");
 }
+/**
+ * D6 helper — extract client_secret from either the Authorization: Basic header
+ * (RFC 6749 §2.3.1 client_secret_basic) or the form body (client_secret_post).
+ * Returns { clientId, clientSecret } when present, else nulls.
+ *
+ * Basic header format: "Basic base64(client_id:client_secret)".
+ * Per RFC 6749 §2.3.1 the values are form-urlencoded before being colon-joined.
+ */
+export function parseBasicAuthSecret(authHeader, body) {
+    if (authHeader?.toLowerCase().startsWith("basic ")) {
+        try {
+            const decoded = atob(authHeader.slice(6).trim());
+            const idx = decoded.indexOf(":");
+            if (idx > 0) {
+                const id = decodeURIComponent(decoded.slice(0, idx));
+                const secret = decodeURIComponent(decoded.slice(idx + 1));
+                return { clientId: id, clientSecret: secret };
+            }
+        }
+        catch {
+            // fall through to body
+        }
+    }
+    const id = typeof body.client_id === "string" ? body.client_id : null;
+    const secret = typeof body.client_secret === "string" ? body.client_secret : null;
+    return { clientId: id, clientSecret: secret };
+}
 async function loadScopeProfile(profileId) {
     return (await internalClient().query(
     // biome-ignore lint/suspicious/noExplicitAny: Convex string API
@@ -94,7 +122,7 @@ async function loadScopeProfile(profileId) {
 // ─────────────────────────────────────────────────────────────────────────────
 // App
 // ─────────────────────────────────────────────────────────────────────────────
-const app = new Hono();
+export const app = new Hono();
 // CORS — Claude web sends requests from claude.ai origin
 app.use("*", cors({
     origin: "*",
@@ -191,6 +219,17 @@ app.post("/register", async (c) => {
     // obtain master-level access. Non-default profiles are provisioned only
     // via POST /admin/oauth/clients (master-token gated).
     const scopeProfile = DEFAULT_PUBLIC_DCR_PROFILE;
+    // RFC 7591 §2: honour token_endpoint_auth_method if provided, else default
+    // to client_secret_basic (confidential). Only "none" / "client_secret_basic"
+    // / "client_secret_post" are accepted; anything else falls back to default.
+    const requestedAuthMethod = typeof body.token_endpoint_auth_method === "string"
+        ? body.token_endpoint_auth_method
+        : undefined;
+    const tokenEndpointAuthMethod = requestedAuthMethod === "none" ||
+        requestedAuthMethod === "client_secret_basic" ||
+        requestedAuthMethod === "client_secret_post"
+        ? requestedAuthMethod
+        : "client_secret_basic";
     try {
         await internalClient().mutation(
         // biome-ignore lint/suspicious/noExplicitAny: Convex string API
@@ -200,6 +239,7 @@ app.post("/register", async (c) => {
             name: clientName,
             redirectUris,
             scopeProfile,
+            tokenEndpointAuthMethod,
         });
     }
     catch (err) {
@@ -214,7 +254,7 @@ app.post("/register", async (c) => {
         client_secret_expires_at: 0, // never expires
         redirect_uris: redirectUris,
         client_name: clientName,
-        token_endpoint_auth_method: "client_secret_post",
+        token_endpoint_auth_method: tokenEndpointAuthMethod,
         grant_types: ["authorization_code", "refresh_token"],
         response_types: ["code"],
         // SC: standardized on mcp:full — consistent with well-known metadata
@@ -256,6 +296,16 @@ app.get("/authorize", async (c) => {
     if (client.revokedAt !== undefined) {
         return c.json({ error: "invalid_client", error_description: "client revoked" }, 400);
     }
+    // D7 — RFC 6749 §3.1.2.3/§3.1.2.4: redirect_uri MUST exact-match a
+    // registered URI. Defense against open-redirect / token-exfiltration via
+    // attacker-controlled redirect. No partial / prefix / wildcard match.
+    const registeredUris = client.redirectUris ?? [];
+    if (registeredUris.length === 0 || !registeredUris.includes(redirectUri)) {
+        return c.json({
+            error: "invalid_request",
+            error_description: "redirect_uri does not match a registered redirect URI for this client",
+        }, 400);
+    }
     const masterTokenForAuthCode = process.env.BEARER_SECRET_MASTER;
     if (!masterTokenForAuthCode) {
         console.error("[oauth] BEARER_SECRET_MASTER not set — cannot mint authorization code");
@@ -344,6 +394,29 @@ app.post("/token", async (c) => {
         if (!client || client.revokedAt !== undefined) {
             return c.json({ error: "invalid_client" }, 400);
         }
+        // D6 — RFC 6749 §4.1.3 + §6: confidential clients MUST authenticate at
+        // /token. Default (absent) treated as confidential for backward compat.
+        // Public clients (token_endpoint_auth_method="none") skip the check —
+        // PKCE provides the binding (already verified above).
+        const authMethod = client.tokenEndpointAuthMethod ?? "client_secret_basic";
+        if (authMethod !== "none") {
+            const { clientSecret } = parseBasicAuthSecret(c.req.header("authorization"), body);
+            if (!clientSecret) {
+                c.header("WWW-Authenticate", 'Basic realm="oauth"');
+                return c.json({
+                    error: "invalid_client",
+                    error_description: "client authentication required for confidential client",
+                }, 401);
+            }
+            const presentedHash = await sha256Hex(clientSecret);
+            if (!client.clientSecretHash ||
+                !(await timingSafeEqual(presentedHash, client.clientSecretHash))) {
+                return c.json({
+                    error: "invalid_client",
+                    error_description: "client_secret mismatch",
+                }, 401);
+            }
+        }
         const profile = await loadScopeProfile(client.scopeProfile);
         if (!profile) {
             console.error("[oauth] scope_profile not found during token issue:", client.scopeProfile);
@@ -406,6 +479,32 @@ app.post("/token", async (c) => {
         if (!record) {
             return c.json({ error: "invalid_grant" }, 400);
         }
+        // D6 — confidential client authentication on refresh too (RFC 6749 §6).
+        const refreshClient = (await internalClient().query(
+        // biome-ignore lint/suspicious/noExplicitAny: Convex string API
+        "oauth:getClientByClientId", { clientId: record.clientId }));
+        if (!refreshClient || refreshClient.revokedAt !== undefined) {
+            return c.json({ error: "invalid_client" }, 400);
+        }
+        const refreshAuthMethod = refreshClient.tokenEndpointAuthMethod ?? "client_secret_basic";
+        if (refreshAuthMethod !== "none") {
+            const { clientSecret } = parseBasicAuthSecret(c.req.header("authorization"), body);
+            if (!clientSecret) {
+                c.header("WWW-Authenticate", 'Basic realm="oauth"');
+                return c.json({
+                    error: "invalid_client",
+                    error_description: "client authentication required for confidential client",
+                }, 401);
+            }
+            const presentedHash = await sha256Hex(clientSecret);
+            if (!refreshClient.clientSecretHash ||
+                !(await timingSafeEqual(presentedHash, refreshClient.clientSecretHash))) {
+                return c.json({
+                    error: "invalid_client",
+                    error_description: "client_secret mismatch",
+                }, 401);
+            }
+        }
         const profile = await loadScopeProfile(record.scopeProfile);
         if (!profile) {
             return c.json({ error: "server_error" }, 500);
@@ -480,6 +579,14 @@ admin.post("/oauth/clients", async (c) => {
     const redirectUris = Array.isArray(body.redirect_uris)
         ? body.redirect_uris
         : [];
+    const adminRequestedAuthMethod = typeof body.token_endpoint_auth_method === "string"
+        ? body.token_endpoint_auth_method
+        : undefined;
+    const adminTokenEndpointAuthMethod = adminRequestedAuthMethod === "none" ||
+        adminRequestedAuthMethod === "client_secret_basic" ||
+        adminRequestedAuthMethod === "client_secret_post"
+        ? adminRequestedAuthMethod
+        : "client_secret_basic";
     if (!name || !scopeProfile) {
         return c.json({
             error: "invalid_request",
@@ -503,6 +610,7 @@ admin.post("/oauth/clients", async (c) => {
             name,
             redirectUris,
             scopeProfile,
+            tokenEndpointAuthMethod: adminTokenEndpointAuthMethod,
         });
     }
     catch (err) {
@@ -589,14 +697,18 @@ app.all("/mcp", bearerAuthMiddleware(), async (c) => {
 // ─────────────────────────────────────────────────────────────────────────────
 const PORT = Number(process.env.PORT ?? 3000);
 const HOSTNAME = "0.0.0.0";
-// Explicit Bun.serve() — does not rely on default-export auto-detection,
-// which can fail when started via `bun run <file>` (vs `bun <file>`).
-// @ts-expect-error — Bun global available at runtime on Railway
-const server = Bun.serve({
-    port: PORT,
-    hostname: HOSTNAME,
-    fetch: app.fetch,
-});
-console.log(`[vantage-peers-mcp] HTTP transport listening on ${server.hostname}:${server.port}`);
-console.log(`[vantage-peers-mcp] Health: http://${server.hostname}:${server.port}/health`);
-console.log(`[vantage-peers-mcp] MCP:    http://${server.hostname}:${server.port}/mcp`);
+// Bootstrap is gated so tests can `import { app }` without binding a socket.
+// VP_TEST_MODE=1 short-circuits the listener (vitest sets this in setup).
+if (process.env.VP_TEST_MODE !== "1") {
+    // Explicit Bun.serve() — does not rely on default-export auto-detection,
+    // which can fail when started via `bun run <file>` (vs `bun <file>`).
+    // @ts-expect-error — Bun global available at runtime on Railway
+    const server = Bun.serve({
+        port: PORT,
+        hostname: HOSTNAME,
+        fetch: app.fetch,
+    });
+    console.log(`[vantage-peers-mcp] HTTP transport listening on ${server.hostname}:${server.port}`);
+    console.log(`[vantage-peers-mcp] Health: http://${server.hostname}:${server.port}/health`);
+    console.log(`[vantage-peers-mcp] MCP:    http://${server.hostname}:${server.port}/mcp`);
+}

package/dist/src/crypto.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Constant-time comparison helper for hex-encoded hash strings.
+ *
+ * Ported from `convex/oauth.ts:23-45` (Day 47 master-token gate) to close
+ * Eta F1 MAJOR on PR #621 (S1.5 D6+D7): the `presentedHash !== client.clientSecretHash`
+ * checks at `mcp-server/server-http.ts` L577-580 (authorization_code grant) and
+ * L692 (refresh_token grant) were non-constant-time, leaking a timing oracle on
+ * confidential client authentication (RFC 6749 §6).
+ *
+ * Algorithm is **identical** to the Convex helper:
+ *   1. TextEncoder → bytes.
+ *   2. Length mismatch → still run a dummy HMAC over equal-length input to
+ *      avoid a branch-timing leak, then return false.
+ *   3. Equal length → XOR-accumulate diff, return diff === 0.
+ *
+ * Web Crypto (`crypto.subtle`) is used (not the Node `crypto.timingSafeEqual`
+ * variant) for two reasons:
+ *   - Parity with the Convex implementation — same algorithm, same surface.
+ *   - sha256Hex outputs are 64-char hex strings so length is normally equal,
+ *     but defensively we handle mismatch (e.g. empty string fallback when
+ *     `clientSecretHash` is undefined on a malformed row).
+ */
+export declare function timingSafeEqual(a: string, b: string): Promise<boolean>;

package/dist/src/crypto.js

@@ -0,0 +1,39 @@
+/**
+ * Constant-time comparison helper for hex-encoded hash strings.
+ *
+ * Ported from `convex/oauth.ts:23-45` (Day 47 master-token gate) to close
+ * Eta F1 MAJOR on PR #621 (S1.5 D6+D7): the `presentedHash !== client.clientSecretHash`
+ * checks at `mcp-server/server-http.ts` L577-580 (authorization_code grant) and
+ * L692 (refresh_token grant) were non-constant-time, leaking a timing oracle on
+ * confidential client authentication (RFC 6749 §6).
+ *
+ * Algorithm is **identical** to the Convex helper:
+ *   1. TextEncoder → bytes.
+ *   2. Length mismatch → still run a dummy HMAC over equal-length input to
+ *      avoid a branch-timing leak, then return false.
+ *   3. Equal length → XOR-accumulate diff, return diff === 0.
+ *
+ * Web Crypto (`crypto.subtle`) is used (not the Node `crypto.timingSafeEqual`
+ * variant) for two reasons:
+ *   - Parity with the Convex implementation — same algorithm, same surface.
+ *   - sha256Hex outputs are 64-char hex strings so length is normally equal,
+ *     but defensively we handle mismatch (e.g. empty string fallback when
+ *     `clientSecretHash` is undefined on a malformed row).
+ */
+export async function timingSafeEqual(a, b) {
+    const encoder = new TextEncoder();
+    const aBytes = encoder.encode(a);
+    const bBytes = encoder.encode(b);
+    if (aBytes.length !== bBytes.length) {
+        // Still do a comparison on equal-length buffers to avoid branch-timing leak.
+        const dummy = new Uint8Array(aBytes.length);
+        const aKey = await crypto.subtle.importKey("raw", aBytes.length > 0 ? aBytes : new Uint8Array([0]), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+        await crypto.subtle.sign("HMAC", aKey, dummy);
+        return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < aBytes.length; i++) {
+        diff |= aBytes[i] ^ bBytes[i];
+    }
+    return diff === 0;
+}

package/dist/src/scope-filter.d.ts

@@ -0,0 +1,65 @@
+/**
+ * Sprint S3.1 B2 — scope-aware filter helpers for VP MCP tools.
+ *
+ * Replaces the binary `guardMasterOnly` 403 rejection with row-level filtering
+ * so non-master scoped OAuth clients (Marie's onboarding case 2026-06-01) can
+ * see their own data instead of receiving a blanket Forbidden.
+ *
+ * Doctrine references:
+ *   - decisions/doctrine-scope-aware-filter-2026-05-26.md (D3 base)
+ *   - memory j579y6f31g7xzgtgdnpgetdmjx87ztyj (D9-D14 extension)
+ *
+ * Contract:
+ *   - Master scope (isMasterScope === true) = wildcard pass.
+ *   - Legacy bearer (oauthCtx === undefined) = wildcard pass (treated as master-
+ *     equivalent for backward-compatibility with mcpTenants Pi/Tau/Phi paths).
+ *   - Non-master scope = row passes iff:
+ *       row.createdBy ∈ oauthCtx.fromAllowList
+ *       OR
+ *       row.namespace startsWith one of oauthCtx.namespaceReadPrefixes
+ *           (prefix matched as exact-equal OR followed by '/' boundary)
+ *   - Row missing BOTH `createdBy` and `namespace` = denied for non-master.
+ *
+ * NOTE: this module is intentionally framework-agnostic — no McpServer / Hono
+ * imports — to keep the helpers trivially unit-testable.
+ */
+import { type OAuthContext } from "./auth.js";
+/**
+ * Row shape accepted by the scope filter. All fields optional because real
+ * Convex documents from list_peers / list_messages / etc. don't all carry both.
+ */
+export type ScopeFilterable = {
+    createdBy?: string;
+    namespace?: string;
+};
+/**
+ * Core predicate. Returns true when the row is visible to the caller.
+ *
+ *   - Master scope (isMasterScope === true)            → true (wildcard)
+ *   - Legacy bearer (oauthCtx === undefined)           → true (back-compat)
+ *   - row.createdBy ∈ oauthCtx.fromAllowList           → true
+ *   - row.namespace === prefix OR startsWith prefix+'/'
+ *     for any prefix ∈ oauthCtx.namespaceReadPrefixes  → true
+ *   - otherwise                                        → false
+ *
+ * Substring matches that don't fall on a '/' boundary are explicitly rejected
+ * (e.g. namespace="orchestrator/alphabet" does NOT match prefix
+ * "orchestrator/alpha"). This avoids the classic prefix-isolation bypass.
+ */
+export declare function passesScopeFilter(oauthCtx: OAuthContext | undefined, row: ScopeFilterable): boolean;
+/**
+ * Filter a list of rows (post-query). Used by list_* tools.
+ */
+export declare function scopeFilterList<T extends ScopeFilterable>(oauthCtx: OAuthContext | undefined, rows: T[]): T[];
+/**
+ * Assert a single row passes (get_* tools). Returns the row when allowed, null
+ * otherwise — callers translate null to a 404-equivalent "not found" MCP error
+ * to avoid leaking the difference between "absent" and "filtered out".
+ */
+export declare function scopeFilterGet<T extends ScopeFilterable>(oauthCtx: OAuthContext | undefined, row: T | null | undefined): T | null;
+/**
+ * Helper for callers that want a single "is master / legacy" predicate without
+ * importing isMasterScope directly. Mirrors the legacy-bearer-passes-through
+ * convention.
+ */
+export declare function isWildcardScope(ctx: OAuthContext | undefined): boolean;

package/dist/src/scope-filter.js

@@ -0,0 +1,84 @@
+/**
+ * Sprint S3.1 B2 — scope-aware filter helpers for VP MCP tools.
+ *
+ * Replaces the binary `guardMasterOnly` 403 rejection with row-level filtering
+ * so non-master scoped OAuth clients (Marie's onboarding case 2026-06-01) can
+ * see their own data instead of receiving a blanket Forbidden.
+ *
+ * Doctrine references:
+ *   - decisions/doctrine-scope-aware-filter-2026-05-26.md (D3 base)
+ *   - memory j579y6f31g7xzgtgdnpgetdmjx87ztyj (D9-D14 extension)
+ *
+ * Contract:
+ *   - Master scope (isMasterScope === true) = wildcard pass.
+ *   - Legacy bearer (oauthCtx === undefined) = wildcard pass (treated as master-
+ *     equivalent for backward-compatibility with mcpTenants Pi/Tau/Phi paths).
+ *   - Non-master scope = row passes iff:
+ *       row.createdBy ∈ oauthCtx.fromAllowList
+ *       OR
+ *       row.namespace startsWith one of oauthCtx.namespaceReadPrefixes
+ *           (prefix matched as exact-equal OR followed by '/' boundary)
+ *   - Row missing BOTH `createdBy` and `namespace` = denied for non-master.
+ *
+ * NOTE: this module is intentionally framework-agnostic — no McpServer / Hono
+ * imports — to keep the helpers trivially unit-testable.
+ */
+import { isMasterScope } from "./auth.js";
+/**
+ * Core predicate. Returns true when the row is visible to the caller.
+ *
+ *   - Master scope (isMasterScope === true)            → true (wildcard)
+ *   - Legacy bearer (oauthCtx === undefined)           → true (back-compat)
+ *   - row.createdBy ∈ oauthCtx.fromAllowList           → true
+ *   - row.namespace === prefix OR startsWith prefix+'/'
+ *     for any prefix ∈ oauthCtx.namespaceReadPrefixes  → true
+ *   - otherwise                                        → false
+ *
+ * Substring matches that don't fall on a '/' boundary are explicitly rejected
+ * (e.g. namespace="orchestrator/alphabet" does NOT match prefix
+ * "orchestrator/alpha"). This avoids the classic prefix-isolation bypass.
+ */
+export function passesScopeFilter(oauthCtx, row) {
+    if (!oauthCtx)
+        return true;
+    if (isMasterScope(oauthCtx))
+        return true;
+    const { createdBy, namespace } = row;
+    if (createdBy && oauthCtx.fromAllowList.includes(createdBy))
+        return true;
+    if (namespace) {
+        for (const p of oauthCtx.namespaceReadPrefixes) {
+            if (namespace === p)
+                return true;
+            if (namespace.startsWith(`${p}/`))
+                return true;
+        }
+    }
+    return false;
+}
+/**
+ * Filter a list of rows (post-query). Used by list_* tools.
+ */
+export function scopeFilterList(oauthCtx, rows) {
+    return rows.filter((r) => passesScopeFilter(oauthCtx, r));
+}
+/**
+ * Assert a single row passes (get_* tools). Returns the row when allowed, null
+ * otherwise — callers translate null to a 404-equivalent "not found" MCP error
+ * to avoid leaking the difference between "absent" and "filtered out".
+ */
+export function scopeFilterGet(oauthCtx, row) {
+    if (row == null)
+        return null;
+    return passesScopeFilter(oauthCtx, row) ? row : null;
+}
+/**
+ * Helper for callers that want a single "is master / legacy" predicate without
+ * importing isMasterScope directly. Mirrors the legacy-bearer-passes-through
+ * convention.
+ */
+export function isWildcardScope(ctx) {
+    if (!ctx)
+        return true;
+    return isMasterScope(ctx);
+}

package/dist/src/tools.js

@@ -10,6 +10,7 @@
 import { ErrorCode, McpError } from "@modelcontextprotocol/sdk/types.js";
 import { z } from "zod";
 import { checkFromAllowed, checkNamespaceRead, checkNamespaceWrite, isMasterScope, } from "./auth.js";
+import { scopeFilterGet, scopeFilterList } from "./scope-filter.js";
 import { wrapToolResult } from "./ui-resources/stream-marker.js";
 // ─────────────────────────────────────────────────────────────────────────────
 // VP_EMIT_UI_MARKERS gate
@@ -582,14 +583,18 @@ export function registerTools(server, convex, oauthCtx) {
         title: "Get memory",
     }, async ({ memoryId }) => {
         try {
-            const _scopeDenied = guardMasterOnly("get_memory");
-            if (_scopeDenied)
-                return _scopeDenied;
+            // S3.1.A Wave A — scope-aware filter replaces guardMasterOnly.
+            // Non-master clients may now read their own data; cross-tenant rows
+            // collapse to a non-leaky "not found" shape (same as a missing row).
             const memory = await convex.query("memories:getMemory", {
                 memoryId,
             });
+            const filtered = scopeFilterGet(oauthCtx, memory);
+            if (filtered === null) {
+                return mcpError(`Memory not found: ${memoryId}`);
+            }
             return {
-                content: [{ type: "text", text: JSON.stringify(memory, null, 2) }],
+                content: [{ type: "text", text: JSON.stringify(filtered, null, 2) }],
             };
         }
         catch (error) {
@@ -937,10 +942,20 @@ export function registerTools(server, convex, oauthCtx) {
                 : Array.isArray(memories?.page)
                     ? memories.page
                     : [];
-            const baseText = capListResponseBytes(memories, JSON.stringify(memories, null, 2), "list_memories");
+            // S3.1.A Wave A — row-level scope filter on the post-query list.
+            // Master + legacy bearer pass through unchanged. Non-master clients
+            // see only rows whose createdBy ∈ fromAllowList OR whose namespace
+            // matches one of namespaceReadPrefixes (exact or '/' boundary).
+            const filteredList = scopeFilterList(oauthCtx, rawList);
+            // Preserve the original response shape (array vs {page} envelope)
+            // so downstream consumers don't need to special-case Wave A.
+            const filteredEnvelope = Array.isArray(memories)
+                ? filteredList
+                : { ...memories, page: filteredList };
+            const baseText = capListResponseBytes(filteredEnvelope, JSON.stringify(filteredEnvelope, null, 2), "list_memories");
             const text = appendMarkerIfEnabled(baseText, () => ({
                 kind: "memory-quote",
-                items: rawList.map((m) => ({
+                items: filteredList.map((m) => ({
                     _id: m._id,
                     namespace: m.namespace,
                     type: m.type,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vantage-peers-mcp",
-  "version": "2.4.13",
+  "version": "2.4.14",
   "description": "MCP server for VantagePeers — shared memory, messaging, and task coordination for AI agent teams",
   "type": "module",
   "main": "./dist/server.js",
@@ -25,7 +25,10 @@
     "prepublishOnly": "npm run build",
     "dev": "bun run server.ts",
     "start": "bun run dist/server-http.js",
-    "dev:http": "bun run server-http.ts"
+    "dev:http": "bun run server-http.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage"
   },
   "repository": {
     "type": "git",
@@ -74,7 +77,9 @@
   },
   "devDependencies": {
     "@types/node": "^24.12.2",
-    "typescript": "^5.9.3"
+    "@vitest/coverage-v8": "^4.1.8",
+    "typescript": "^5.9.3",
+    "vitest": "^4.1.8"
   },
   "overrides": {
     "path-to-regexp": "^8.4.0"