fix: add MCP input validation and filter env vars in script-runner (#31)

* fix: use getSafeEnv() in script-runner and ide-detector

script-runner.ts passed raw process.env to spawned scripts, leaking
all environment variables (API keys, tokens, credentials) to user
scripts. ide-detector.ts spawned IDE processes without specifying env,
which defaults to inheriting process.env.

Both now use getSafeEnv() which filters out sensitive prefixes
(AWS_SECRET, GITHUB_TOKEN, ANTHROPIC_API, STRIPE_, etc.) matching
the same pattern already used by pty-manager, headless-manager, and
agent-detector.

* fix: add input validation to all MCP tool parameters

Previously all MCP tool inputs used bare z.string() with no length
limits or content validation. This allowed:
- Unbounded strings (title, description) causing resource exhaustion
- Path traversal in project_name (../../../etc/passwd)
- Arbitrary-length prompts and terminal writes
- Invalid hex colors and non-absolute paths

Add shared validation module (packages/mcp/src/validation.ts) with
bounded schemas for all input types:
- name: 1-200 chars, no .. / \ (path traversal protection)
- title: 1-500 chars
- description: 0-5000 chars
- prompt: 0-10000 chars
- absolutePath: must start with /
- hexColor: validated regex
- id: 1-100 chars
- shortText: 0-200 chars (branches, display names, icons)

Applied across all 6 tool files: tasks, projects, sessions,
workflows, git, and config.

* fix: use getSafeEnv() in commandExists() for consistent env filtering

The commandExists() helper used execFileSync without an explicit env,
inheriting process.env with sensitive variables. Now uses getSafeEnv()
to match the pattern already used in openInIDE().

Author: jcanizalez

packages/mcp/src/tools/git.ts

@@ -1,12 +1,12 @@
-import { z } from 'zod'
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
 import { listBranches, getGitBranch, getGitDiffFull } from '@vibegrid/server/git-utils'
+import { V } from '../validation'
 
 export function registerGitTools(server: McpServer): void {
   server.tool(
     'list_branches',
     'List git branches for a project',
-    { project_path: z.string().describe('Absolute path to project directory') },
+    { project_path: V.absolutePath.describe('Absolute path to project directory') },
     async (args) => {
       try {
         const local = listBranches(args.project_path)
@@ -26,7 +26,7 @@ export function registerGitTools(server: McpServer): void {
   server.tool(
     'get_diff',
     'Get git diff for a project (staged and unstaged changes)',
-    { project_path: z.string().describe('Absolute path to project directory') },
+    { project_path: V.absolutePath.describe('Absolute path to project directory') },
     async (args) => {
       try {
         const result = getGitDiffFull(args.project_path)

packages/mcp/src/tools/projects.ts

@@ -2,6 +2,7 @@ import { z } from 'zod'
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
 import type { configManager as ConfigManagerInstance } from '@vibegrid/server/config-manager'
 import type { AgentType } from '@vibegrid/shared/types'
+import { V } from '../validation'
 import {
   dbListProjects,
   dbGetProject,
@@ -35,11 +36,11 @@ export function registerProjectTools(
     'create_project',
     'Create a new project',
     {
-      name: z.string().describe('Project name (unique identifier)'),
-      path: z.string().describe('Absolute path to project directory'),
+      name: V.name.describe('Project name (unique identifier)'),
+      path: V.absolutePath.describe('Absolute path to project directory'),
       preferred_agents: z.array(z.enum(AGENT_TYPES)).optional().describe('Preferred agent types'),
-      icon: z.string().optional().describe('Lucide icon name'),
-      icon_color: z.string().optional().describe('Hex color for icon')
+      icon: V.shortText.optional().describe('Lucide icon name'),
+      icon_color: V.hexColor.optional().describe('Hex color for icon')
     },
     async (args) => {
       if (dbGetProject(args.name)) {
@@ -68,11 +69,11 @@ export function registerProjectTools(
     'update_project',
     "Update a project's properties",
     {
-      name: z.string().describe('Project name (identifier, cannot be changed)'),
-      path: z.string().optional().describe('New project path'),
+      name: V.name.describe('Project name (identifier, cannot be changed)'),
+      path: V.absolutePath.optional().describe('New project path'),
       preferred_agents: z.array(z.enum(AGENT_TYPES)).optional().describe('Preferred agent types'),
-      icon: z.string().optional().describe('Lucide icon name'),
-      icon_color: z.string().optional().describe('Hex color for icon')
+      icon: V.shortText.optional().describe('Lucide icon name'),
+      icon_color: V.hexColor.optional().describe('Hex color for icon')
     },
     async (args) => {
       if (!dbGetProject(args.name)) {
@@ -100,7 +101,7 @@ export function registerProjectTools(
   server.tool(
     'delete_project',
     'Delete a project and all its tasks',
-    { name: z.string().describe('Project name') },
+    { name: V.name.describe('Project name') },
     async (args) => {
       if (!dbGetProject(args.name)) {
         return {

packages/mcp/src/tools/sessions.ts

@@ -2,6 +2,7 @@ import { z } from 'zod'
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
 import type { ptyManager as PtyManagerInstance } from '@vibegrid/server/pty-manager'
 import type { AgentType, CreateTerminalPayload } from '@vibegrid/shared/types'
+import { V } from '../validation'
 
 type PtyManager = typeof PtyManagerInstance
 
@@ -35,12 +36,12 @@ export function registerSessionTools(server: McpServer, deps: { ptyManager: PtyM
     'Launch an AI agent in a new terminal session',
     {
       agent_type: z.enum(AGENT_TYPES).describe('Agent type to launch'),
-      project_name: z.string().describe('Project name'),
-      project_path: z.string().describe('Absolute path to project directory'),
-      prompt: z.string().optional().describe('Initial prompt to send to the agent'),
-      branch: z.string().optional().describe('Git branch to checkout'),
+      project_name: V.name.describe('Project name'),
+      project_path: V.absolutePath.describe('Absolute path to project directory'),
+      prompt: V.prompt.optional().describe('Initial prompt to send to the agent'),
+      branch: V.shortText.optional().describe('Git branch to checkout'),
       use_worktree: z.boolean().optional().describe('Create a git worktree'),
-      display_name: z.string().optional().describe('Display name for the session')
+      display_name: V.shortText.optional().describe('Display name for the session')
     },
     async (args) => {
       const payload: CreateTerminalPayload = {
@@ -82,7 +83,7 @@ export function registerSessionTools(server: McpServer, deps: { ptyManager: PtyM
   server.tool(
     'kill_session',
     'Kill a terminal session',
-    { id: z.string().describe('Session ID to kill') },
+    { id: V.id.describe('Session ID to kill') },
     async (args) => {
       try {
         ptyManager.killPty(args.id)
@@ -97,8 +98,11 @@ export function registerSessionTools(server: McpServer, deps: { ptyManager: PtyM
     'write_to_terminal',
     'Send input to a running terminal session',
     {
-      id: z.string().describe('Session ID'),
-      data: z.string().describe('Data to write (text input to send to the agent)')
+      id: V.id.describe('Session ID'),
+      data: z
+        .string()
+        .max(50000, 'Data must be 50000 characters or less')
+        .describe('Data to write (text input to send to the agent)')
     },
     async (args) => {
       try {

packages/mcp/src/tools/tasks.ts

@@ -4,6 +4,7 @@ import { z } from 'zod'
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
 import type { configManager as ConfigManagerInstance } from '@vibegrid/server/config-manager'
 import type { TaskConfig, TaskStatus, AgentType } from '@vibegrid/shared/types'
+import { V } from '../validation'
 import {
   dbListTasks,
   dbGetTask,
@@ -33,7 +34,7 @@ export function registerTaskTools(server: McpServer, deps: { configManager: Conf
     'list_tasks',
     'List tasks, optionally filtered by project and/or status',
     {
-      project_name: z.string().optional().describe('Filter by project name'),
+      project_name: V.name.optional().describe('Filter by project name'),
       status: z
         .enum(TASK_STATUSES as [string, ...string[]])
         .optional()
@@ -49,14 +50,14 @@ export function registerTaskTools(server: McpServer, deps: { configManager: Conf
     'create_task',
     'Create a new task in a project',
     {
-      project_name: z.string().describe('Project name (must match existing project)'),
-      title: z.string().describe('Task title'),
-      description: z.string().optional().describe('Task description (markdown)'),
+      project_name: V.name.describe('Project name (must match existing project)'),
+      title: V.title.describe('Task title'),
+      description: V.description.optional().describe('Task description (markdown)'),
       status: z
         .enum(TASK_STATUSES as [string, ...string[]])
         .optional()
         .describe('Task status (default: todo)'),
-      branch: z.string().optional().describe('Git branch for this task'),
+      branch: V.shortText.optional().describe('Git branch for this task'),
       use_worktree: z.boolean().optional().describe('Create a git worktree for this task'),
       assigned_agent: z.enum(AGENT_TYPES).optional().describe('Assign to an agent type')
     },
@@ -95,34 +96,29 @@ export function registerTaskTools(server: McpServer, deps: { configManager: Conf
     }
   )
 
-  server.tool(
-    'get_task',
-    'Get a task by ID',
-    { id: z.string().describe('Task ID') },
-    async (args) => {
-      const task = dbGetTask(args.id)
-      if (!task) {
-        return {
-          content: [{ type: 'text', text: `Error: task "${args.id}" not found` }],
-          isError: true
-        }
+  server.tool('get_task', 'Get a task by ID', { id: V.id.describe('Task ID') }, async (args) => {
+    const task = dbGetTask(args.id)
+    if (!task) {
+      return {
+        content: [{ type: 'text', text: `Error: task "${args.id}" not found` }],
+        isError: true
       }
-      return { content: [{ type: 'text', text: JSON.stringify(task, null, 2) }] }
     }
-  )
+    return { content: [{ type: 'text', text: JSON.stringify(task, null, 2) }] }
+  })
 
   server.tool(
     'update_task',
     "Update a task's properties",
     {
-      id: z.string().describe('Task ID'),
-      title: z.string().optional().describe('New title'),
-      description: z.string().optional().describe('New description'),
+      id: V.id.describe('Task ID'),
+      title: V.title.optional().describe('New title'),
+      description: V.description.optional().describe('New description'),
       status: z
         .enum(TASK_STATUSES as [string, ...string[]])
         .optional()
         .describe('New status'),
-      branch: z.string().optional().describe('Git branch'),
+      branch: V.shortText.optional().describe('Git branch'),
       use_worktree: z.boolean().optional().describe('Use git worktree'),
       assigned_agent: z.enum(AGENT_TYPES).optional().describe('Assigned agent type'),
       order: z.number().optional().describe('Queue order')
@@ -165,7 +161,7 @@ export function registerTaskTools(server: McpServer, deps: { configManager: Conf
   server.tool(
     'delete_task',
     'Delete a task by ID',
-    { id: z.string().describe('Task ID') },
+    { id: V.id.describe('Task ID') },
     async (args) => {
       const task = dbGetTask(args.id)
       if (!task) {
@@ -186,15 +182,13 @@ export function registerTaskTools(server: McpServer, deps: { configManager: Conf
     'Get your current task and project context. Auto-detects based on your working directory. ' +
       'Call this at the start of a session to understand what you are working on.',
     {
-      cwd: z
-        .string()
+      cwd: V.absolutePath
         .optional()
         .describe(
           'Your current working directory (auto-detected if omitted). ' +
             'Used to match against known projects and task worktrees.'
         ),
-      task_id: z
-        .string()
+      task_id: V.id
         .optional()
         .describe('Specific task ID to get context for (overrides auto-detection)')
     },

packages/mcp/src/tools/workflows.ts

@@ -3,6 +3,7 @@ import { z } from 'zod'
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
 import type { configManager as ConfigManagerInstance } from '@vibegrid/server/config-manager'
 import type { scheduler as SchedulerInstance } from '@vibegrid/server/scheduler'
+import { V } from '../validation'
 import type {
   WorkflowDefinition,
   WorkflowNode,
@@ -22,48 +23,48 @@ type Scheduler = typeof SchedulerInstance
 
 const launchAgentConfigSchema = z.object({
   agentType: z.enum(['claude', 'copilot', 'codex', 'opencode', 'gemini']),
-  projectName: z.string(),
-  projectPath: z.string(),
-  args: z.array(z.string()).optional(),
-  displayName: z.string().optional(),
-  branch: z.string().optional(),
+  projectName: V.name,
+  projectPath: V.absolutePath,
+  args: z.array(V.shortText).optional(),
+  displayName: V.shortText.optional(),
+  branch: V.shortText.optional(),
   useWorktree: z.boolean().optional(),
-  remoteHostId: z.string().optional(),
-  prompt: z.string().optional(),
+  remoteHostId: V.id.optional(),
+  prompt: V.prompt.optional(),
   promptDelayMs: z.number().optional(),
-  taskId: z.string().optional(),
+  taskId: V.id.optional(),
   taskFromQueue: z.boolean().optional()
 })
 
 const triggerConfigSchema = z.union([
   z.object({ triggerType: z.literal('manual') }),
-  z.object({ triggerType: z.literal('once'), runAt: z.string() }),
+  z.object({ triggerType: z.literal('once'), runAt: V.shortText }),
   z.object({
     triggerType: z.literal('recurring'),
-    cron: z.string(),
-    timezone: z.string().optional()
+    cron: V.shortText,
+    timezone: V.shortText.optional()
   }),
-  z.object({ triggerType: z.literal('taskCreated'), projectFilter: z.string().optional() }),
+  z.object({ triggerType: z.literal('taskCreated'), projectFilter: V.name.optional() }),
   z.object({
     triggerType: z.literal('taskStatusChanged'),
-    projectFilter: z.string().optional(),
+    projectFilter: V.name.optional(),
     fromStatus: z.enum(['todo', 'in_progress', 'in_review', 'done', 'cancelled']).optional(),
     toStatus: z.enum(['todo', 'in_progress', 'in_review', 'done', 'cancelled']).optional()
   })
 ])
 
 const nodeSchema = z.object({
-  id: z.string(),
+  id: V.id,
   type: z.enum(['trigger', 'launchAgent']),
-  label: z.string(),
+  label: V.shortText,
   config: z.record(z.unknown()),
   position: z.object({ x: z.number(), y: z.number() })
 })
 
 const edgeSchema = z.object({
-  id: z.string(),
-  source: z.string(),
-  target: z.string()
+  id: V.id,
+  source: V.id,
+  target: V.id
 })
 
 /**
@@ -135,7 +136,7 @@ export function registerWorkflowTools(
     'create_workflow',
     'Create a new workflow. Accepts either full nodes/edges or a convenience flat format (trigger + actions array).',
     z.object({
-      name: z.string().describe('Workflow name'),
+      name: V.title.describe('Workflow name'),
       trigger: triggerConfigSchema
         .optional()
         .describe('Trigger config (convenience mode). Defaults to manual.'),
@@ -145,8 +146,8 @@ export function registerWorkflowTools(
         .describe('Actions to execute (convenience mode). Auto-generates graph.'),
       nodes: z.array(nodeSchema).optional().describe('Full graph nodes (advanced mode)'),
       edges: z.array(edgeSchema).optional().describe('Full graph edges (advanced mode)'),
-      icon: z.string().optional().describe('Lucide icon name (default: zap)'),
-      icon_color: z.string().optional().describe('Hex color (default: #6366f1)'),
+      icon: V.shortText.optional().describe('Lucide icon name (default: zap)'),
+      icon_color: V.hexColor.optional().describe('Hex color (default: #6366f1)'),
       enabled: z.boolean().optional().describe('Whether workflow is enabled (default: true)'),
       stagger_delay_ms: z.number().optional().describe('Delay in ms between actions')
     }),
@@ -188,12 +189,12 @@ export function registerWorkflowTools(
     'update_workflow',
     "Update a workflow's properties",
     z.object({
-      id: z.string().describe('Workflow ID'),
-      name: z.string().optional(),
+      id: V.id.describe('Workflow ID'),
+      name: V.title.optional(),
       nodes: z.array(nodeSchema).optional(),
       edges: z.array(edgeSchema).optional(),
-      icon: z.string().optional(),
-      icon_color: z.string().optional(),
+      icon: V.shortText.optional(),
+      icon_color: V.hexColor.optional(),
       enabled: z.boolean().optional(),
       stagger_delay_ms: z.number().optional()
     }),
@@ -229,7 +230,7 @@ export function registerWorkflowTools(
   server.tool(
     'delete_workflow',
     'Delete a workflow',
-    { id: z.string().describe('Workflow ID') },
+    { id: V.id.describe('Workflow ID') },
     async (args) => {
       const workflows = dbListWorkflows()
       const workflow = workflows.find((w) => w.id === args.id)