Merge pull request 'fix: project list uses RBAC filtering instead of ownerId' (#25) from fix/project-list-rbac into main

src/mcpd/src/routes/projects.ts

@@ -2,9 +2,9 @@ import type { FastifyInstance } from 'fastify';
 import type { ProjectService } from '../services/project.service.js';
 
 export function registerProjectRoutes(app: FastifyInstance, service: ProjectService): void {
-  app.get('/api/v1/projects', async (request) => {
-    // If authenticated, filter by owner; otherwise list all
-    return service.list(request.userId);
+  app.get('/api/v1/projects', async () => {
+    // RBAC preSerialization hook handles access filtering
+    return service.list();
   });
 
   app.get<{ Params: { id: string } }>('/api/v1/projects/:id', async (request) => {