@a13xu/lucid 1.4.0 → 1.9.1

package/build/index.js

@@ -4,6 +4,9 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
 import { z } from "zod";
 import { initDatabase, prepareStatements } from "./database.js";
+import { guardRequest, guardOutput, configureGuard } from "./security/guard.js";
+import { allowHost } from "./security/ssrf.js";
+import { loadConfig } from "./config.js";
 import { remember, RememberSchema } from "./tools/remember.js";
 import { relate, RelateSchema } from "./tools/relate.js";
 import { recall, RecallSchema } from "./tools/recall.js";
@@ -14,15 +17,42 @@ import { handleValidateFile, ValidateFileSchema, handleCheckDrift, CheckDriftSch
 import { handleGrepCode, GrepCodeSchema } from "./tools/grep.js";
 import { handleInitProject, InitProjectSchema } from "./tools/init.js";
 import { handleSyncFile, SyncFileSchema, handleSyncProject, SyncProjectSchema, } from "./tools/sync.js";
+import { handleGetContext, GetContextSchema, handleGetRecent, GetRecentSchema, } from "./tools/context.js";
+import { handleReward, RewardSchema, handlePenalize, PenalizeSchema, handleShowRewards, ShowRewardsSchema, } from "./tools/reward.js";
+import { handleGetCodingRules, handleCheckCodeQuality, CheckCodeQualitySchema, } from "./tools/coding-guard.js";
 // ---------------------------------------------------------------------------
 // Init DB
 // ---------------------------------------------------------------------------
 const db = initDatabase();
 const stmts = prepareStatements(db);
 // ---------------------------------------------------------------------------
+// Security guard — initialize from config + env
+// ---------------------------------------------------------------------------
+const _appCfg = loadConfig();
+configureGuard(_appCfg.security ?? {});
+// Register Qdrant host in SSRF allowlist if configured
+const _qdrantUrl = process.env["QDRANT_URL"] ?? _appCfg.qdrant?.url;
+if (_qdrantUrl) {
+    try {
+        allowHost(_qdrantUrl);
+    }
+    catch { /* ignore invalid URL */ }
+}
+const _embeddingUrl = process.env["EMBEDDING_URL"] ?? _appCfg.qdrant?.embeddingUrl;
+if (_embeddingUrl) {
+    try {
+        allowHost(_embeddingUrl);
+    }
+    catch { /* ignore */ }
+}
+else {
+    // Default embedding endpoint
+    allowHost("https://api.openai.com");
+}
+// ---------------------------------------------------------------------------
 // MCP Server
 // ---------------------------------------------------------------------------
-const server = new Server({ name: "lucid", version: "1.1.0" }, { capabilities: { tools: {} } });
+const server = new Server({ name: "lucid", version: "1.9.1" }, { capabilities: { tools: {} } });
 // ---------------------------------------------------------------------------
 // Tool definitions
 // ---------------------------------------------------------------------------
@@ -154,6 +184,79 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                 required: ["pattern"],
             },
         },
+        // ── Context & Token Optimization ─────────────────────────────────────────
+        {
+            name: "get_context",
+            description: "Retrieve the minimal relevant context for a task or query. " +
+                "Uses TF-IDF scoring (or Qdrant vector search if configured) to rank files by relevance, " +
+                "applies recency boost for recently modified files, and returns skeletons (signatures only) " +
+                "for large files to stay within the token budget. " +
+                "Configure limits in lucid.config.json. Set QDRANT_URL env var for vector search.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    query: { type: "string", description: "What you are working on or searching for" },
+                    maxTokens: { type: "number", description: "Total token budget (default 4000)" },
+                    dirs: { type: "array", items: { type: "string" }, description: "Whitelist directories (e.g. [\"src\", \"backend\"])" },
+                    recentOnly: { type: "boolean", description: "Only files modified within recentWindowHours" },
+                    recentHours: { type: "number", description: "Override recent window (hours)" },
+                    skeletonOnly: { type: "boolean", description: "Always show skeleton (signatures only)" },
+                    topK: { type: "number", description: "Max files to consider (default 10)" },
+                },
+                required: ["query"],
+            },
+        },
+        {
+            name: "get_recent",
+            description: "Return files modified recently with line-level diffs. " +
+                "Shows what changed in each file since the previous sync. " +
+                "Useful for catching up after a git pull or resuming a session.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    hours: { type: "number", description: "Look back N hours (default 24)" },
+                    withDiffs: { type: "boolean", description: "Include line diffs (default true)" },
+                },
+            },
+        },
+        // ── Reward System ────────────────────────────────────────────────────────
+        {
+            name: "reward",
+            description: "Signal that the last get_context() result was helpful (+1 reward). " +
+                "The files returned in that context will be ranked higher in future similar queries. " +
+                "Call this after a get_context() result led to a correct fix or useful code.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    note: { type: "string", description: "Optional note about what worked (stored for future reference)" },
+                },
+            },
+        },
+        {
+            name: "penalize",
+            description: "Signal that the last get_context() result was unhelpful (-1 reward). " +
+                "The files returned in that context will be ranked lower in future similar queries. " +
+                "Call this after a get_context() result missed important files or was irrelevant.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    note: { type: "string", description: "Optional note about what was missing or wrong" },
+                },
+            },
+        },
+        {
+            name: "show_rewards",
+            description: "Show the top rewarded experiences and most rewarded files. " +
+                "Rewards decay exponentially (half-life ~14 days). " +
+                "Use this to understand which context queries and files have been most valuable.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    query: { type: "string", description: "Filter experiences by query text (optional)" },
+                    topK: { type: "number", description: "Number of top results to show (default 10)" },
+                },
+            },
+        },
         // ── Logic Guardian ───────────────────────────────────────────────────────
         {
             name: "validate_file",
@@ -191,6 +294,34 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                 "Call this before marking any implementation task as done.",
             inputSchema: { type: "object", properties: {} },
         },
+        // ── Coding Guard ─────────────────────────────────────────────────────────
+        {
+            name: "coding_rules",
+            description: "Get the 25 Golden Rules coding checklist. Covers clarity, naming, single responsibility, " +
+                "error handling, frontend component size/reuse/props, singleton rules, library selection, " +
+                "and architecture separation. Review before marking any task done.",
+            inputSchema: { type: "object", properties: {} },
+        },
+        {
+            name: "check_code_quality",
+            description: "Analyze a file or code snippet against the 25 Golden Rules. " +
+                "Detects: file/function size violations, vague naming, deep nesting, dead code, and — " +
+                "for React/Vue component files — inline styles, prop explosion, fetch-in-component, " +
+                "direct DOM access, mixed styling systems. " +
+                "Complements validate_file (which checks logic correctness).",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    path: { type: "string", description: "Absolute or relative path to the file to analyze." },
+                    code: { type: "string", description: "Code snippet to analyze inline." },
+                    language: {
+                        type: "string",
+                        enum: ["python", "javascript", "typescript", "vue", "generic"],
+                        description: "Language hint. Auto-detected from file extension if path is provided.",
+                    },
+                },
+            },
+        },
     ],
 }));
 // ---------------------------------------------------------------------------
@@ -198,6 +329,11 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
 // ---------------------------------------------------------------------------
 server.setRequestHandler(CallToolRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
+    // Security: rate limit + WAF check before any execution
+    const guard = guardRequest(name, args);
+    if (guard.blocked) {
+        return { content: [{ type: "text", text: guard.reason ?? "Request blocked by security guard" }], isError: true };
+    }
     try {
         let text;
         switch (name) {
@@ -222,7 +358,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 break;
             // Init & Sync
             case "init_project":
-                text = handleInitProject(stmts, InitProjectSchema.parse(args));
+                text = await handleInitProject(stmts, InitProjectSchema.parse(args));
                 break;
             case "sync_file":
                 text = handleSyncFile(stmts, SyncFileSchema.parse(args));
@@ -234,6 +370,23 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             case "grep_code":
                 text = handleGrepCode(stmts, GrepCodeSchema.parse(args));
                 break;
+            // Context & Token Optimization
+            case "get_context":
+                text = await handleGetContext(stmts, GetContextSchema.parse(args));
+                break;
+            case "get_recent":
+                text = handleGetRecent(stmts, GetRecentSchema.parse(args));
+                break;
+            // Reward System
+            case "reward":
+                text = handleReward(stmts, RewardSchema.parse(args));
+                break;
+            case "penalize":
+                text = handlePenalize(stmts, PenalizeSchema.parse(args));
+                break;
+            case "show_rewards":
+                text = handleShowRewards(stmts, ShowRewardsSchema.parse(args));
+                break;
             // Logic Guardian
             case "validate_file":
                 text = handleValidateFile(ValidateFileSchema.parse(args));
@@ -244,10 +397,18 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             case "get_checklist":
                 text = handleGetChecklist();
                 break;
+            // Coding Guard
+            case "coding_rules":
+                text = handleGetCodingRules();
+                break;
+            case "check_code_quality":
+                text = handleCheckCodeQuality(CheckCodeQualitySchema.parse(args));
+                break;
             default:
                 return { content: [{ type: "text", text: `Unknown tool: ${name}` }], isError: true };
         }
-        return { content: [{ type: "text", text }] };
+        // Security: scan output for sensitive data leakage
+        return { content: [{ type: "text", text: guardOutput(name, text) }] };
     }
     catch (err) {
         const message = err instanceof z.ZodError

package/build/indexer/ast.d.ts

@@ -0,0 +1,9 @@
+export interface Skeleton {
+    imports: string[];
+    exports: string[];
+    todos: string[];
+    summary: string;
+}
+export declare function extractSkeleton(source: string, language: string): Skeleton;
+/** Render skeleton as compact text for context assembly. */
+export declare function renderSkeleton(sk: Skeleton, filepath: string): string;

package/build/indexer/ast.js

@@ -0,0 +1,158 @@
+// Structural skeleton extraction — regex-based AST-like parsing
+// Returns only signatures, imports, and TODO comments (no function bodies)
+// Used by get_context when a file exceeds the per-file token budget
+// ---------------------------------------------------------------------------
+// TypeScript / JavaScript
+// ---------------------------------------------------------------------------
+function skeletonTS(source) {
+    const lines = source.split("\n");
+    const imports = [];
+    const exports = [];
+    const todos = [];
+    let summary = "";
+    // Grab first JSDoc comment as summary
+    const jsdoc = source.match(/^\/\*\*([\s\S]*?)\*\//m);
+    if (jsdoc) {
+        summary = jsdoc[1].replace(/\s*\*\s*/g, " ").trim().slice(0, 150);
+    }
+    let i = 0;
+    while (i < lines.length) {
+        const line = lines[i];
+        const trimmed = line.trim();
+        // Imports
+        if (/^import\s/.test(trimmed)) {
+            // Multi-line import: collect until ';'
+            let full = line;
+            while (!full.includes(";") && i + 1 < lines.length) {
+                i++;
+                full += " " + lines[i].trim();
+            }
+            imports.push(full.replace(/\s+/g, " ").trim());
+            i++;
+            continue;
+        }
+        // Exported declarations
+        if (/^export\s/.test(trimmed)) {
+            // Grab JSDoc above if present
+            let sig = line;
+            // If it's a function/class/interface, find the signature (up to first '{' or ';')
+            if (/^export\s+(async\s+)?function|^export\s+(abstract\s+)?class|^export\s+interface/.test(trimmed)) {
+                let j = i;
+                let full = "";
+                while (j < lines.length) {
+                    full += lines[j] + "\n";
+                    if (lines[j].includes("{") || lines[j].includes(";"))
+                        break;
+                    j++;
+                }
+                // Show only up to opening brace
+                sig = full.split("{")[0].replace(/\n/g, " ").replace(/\s+/g, " ").trim() + " { … }";
+            }
+            else if (/^export\s+(type|interface)\s/.test(trimmed)) {
+                // Multi-line type — take first line
+                sig = trimmed.split("{")[0].trim() + (trimmed.includes("{") ? " { … }" : "");
+            }
+            else {
+                // const/enum/default — take line
+                sig = trimmed.slice(0, 120);
+            }
+            exports.push(sig);
+            i++;
+            continue;
+        }
+        // TODOs
+        if (/\/\/\s*(TODO|FIXME|HACK)/i.test(trimmed)) {
+            todos.push(trimmed.slice(0, 100));
+        }
+        i++;
+    }
+    return { imports, exports, todos, summary };
+}
+// ---------------------------------------------------------------------------
+// Python
+// ---------------------------------------------------------------------------
+function skeletonPython(source) {
+    const lines = source.split("\n");
+    const imports = [];
+    const exports = [];
+    const todos = [];
+    let summary = "";
+    // Module docstring
+    const docMatch = source.match(/^['"]{3}([\s\S]*?)['"]{3}/m);
+    if (docMatch)
+        summary = docMatch[1].trim().slice(0, 150);
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const trimmed = line.trim();
+        if (trimmed.startsWith("import ") || trimmed.startsWith("from ")) {
+            imports.push(trimmed.slice(0, 100));
+            continue;
+        }
+        // Public function/class/async def at top level (no indent)
+        if (/^(def|class|async def)\s+(\w)/.test(trimmed) && !trimmed.startsWith("_")) {
+            // Collect signature (may span multiple lines until ':')
+            let sig = line;
+            let j = i + 1;
+            while (!sig.includes(":") && j < lines.length) {
+                sig += " " + lines[j].trim();
+                j++;
+            }
+            sig = sig.split(":")[0].replace(/\s+/g, " ").trim() + ":";
+            exports.push(sig.slice(0, 120));
+            continue;
+        }
+        if (/^\s*#\s*(TODO|FIXME|HACK)/i.test(line)) {
+            todos.push(trimmed.slice(0, 100));
+        }
+    }
+    return { imports, exports, todos, summary };
+}
+// ---------------------------------------------------------------------------
+// Generic (markdown, yaml, json, etc.)
+// ---------------------------------------------------------------------------
+function skeletonGeneric(source) {
+    const lines = source.split("\n").slice(0, 30);
+    const todos = [];
+    for (const line of source.split("\n")) {
+        if (/(?:\/\/|#)\s*(TODO|FIXME|HACK)/i.test(line)) {
+            todos.push(line.trim().slice(0, 100));
+        }
+    }
+    return {
+        imports: [],
+        exports: [],
+        todos,
+        summary: lines.join("\n").slice(0, 300),
+    };
+}
+// ---------------------------------------------------------------------------
+// Public
+// ---------------------------------------------------------------------------
+export function extractSkeleton(source, language) {
+    switch (language) {
+        case "typescript":
+        case "javascript":
+            return skeletonTS(source);
+        case "python":
+            return skeletonPython(source);
+        default:
+            return skeletonGeneric(source);
+    }
+}
+/** Render skeleton as compact text for context assembly. */
+export function renderSkeleton(sk, filepath) {
+    const parts = [`// ${filepath} [skeleton]`];
+    if (sk.summary)
+        parts.push(`// ${sk.summary}`);
+    if (sk.imports.length > 0)
+        parts.push(sk.imports.slice(0, 8).join("\n"));
+    if (sk.exports.length > 0) {
+        parts.push("// — exports —");
+        parts.push(sk.exports.join("\n"));
+    }
+    if (sk.todos.length > 0) {
+        parts.push("// — TODOs —");
+        parts.push(sk.todos.join("\n"));
+    }
+    return parts.join("\n\n");
+}

package/build/indexer/project.js

@@ -183,9 +183,9 @@ function indexLogicGuardianYaml(path, stmts, results) {
 }
 // Source file indexing — extrage exporturi, clase, funcții principale
 const SOURCE_EXTS = new Set([".ts", ".tsx", ".js", ".jsx", ".py", ".go", ".rs"]);
-const SKIP_DIRS = new Set(["node_modules", ".git", "build", "dist", "__pycache__", ".next", "venv", ".venv", "target"]);
-const MAX_SOURCE_FILES = 30;
-function indexSourceFile(filepath, projectName, stmts) {
+const SKIP_DIRS = new Set(["node_modules", ".git", "build", "dist", "__pycache__", ".next", "venv", ".venv", "target", ".cache", "coverage", ".nyc_output"]);
+const MAX_SOURCE_FILES = 10_000;
+function indexSourceFile(filepath, rootDir, projectName, stmts) {
     const content = readFile(filepath);
     if (!content)
         return [];
@@ -206,18 +206,18 @@ function indexSourceFile(filepath, projectName, stmts) {
     }
     if (exports.length === 0)
         return [];
-    const relPath = filepath.replace(/\\/g, "/").split("/src/")[1] ?? basename(filepath);
+    // Cale relativă față de rădăcina proiectului
+    const relPath = filepath.replace(/\\/g, "/").replace(rootDir.replace(/\\/g, "/") + "/", "");
     const obs = [`exports from ${relPath}: ${exports.slice(0, 10).join(", ")}`];
     upsert(stmts, projectName, "project", obs);
     return exports;
 }
 function scanSources(dir, projectName, stmts, results) {
-    const srcDir = join(dir, "src");
-    const scanDir = existsSync(srcDir) ? srcDir : dir;
+    const rootDir = dir.replace(/\\/g, "/");
     let fileCount = 0;
     const exportedSymbols = [];
-    function walk(d, depth) {
-        if (depth > 3 || fileCount >= MAX_SOURCE_FILES)
+    function walk(d) {
+        if (fileCount >= MAX_SOURCE_FILES)
             return;
         let entries;
         try {
@@ -230,18 +230,26 @@ function scanSources(dir, projectName, stmts, results) {
             if (SKIP_DIRS.has(entry))
                 continue;
             const full = join(d, entry);
-            const stat = statSync(full);
+            let stat;
+            try {
+                stat = statSync(full);
+            }
+            catch {
+                continue;
+            }
             if (stat.isDirectory()) {
-                walk(full, depth + 1);
+                walk(full);
             }
-            else if (SOURCE_EXTS.has(extname(entry))) {
-                const syms = indexSourceFile(full, projectName, stmts);
+            else if (SOURCE_EXTS.has(extname(entry).toLowerCase())) {
+                const syms = indexSourceFile(full, rootDir, projectName, stmts);
                 exportedSymbols.push(...syms);
                 fileCount++;
+                if (fileCount >= MAX_SOURCE_FILES)
+                    return;
             }
         }
     }
-    walk(scanDir, 0);
+    walk(dir);
     if (fileCount > 0) {
         results.push({
             entity: projectName,

package/build/memory/experience.d.ts

@@ -0,0 +1,11 @@
+import type { Statements } from "../database.js";
+export declare const getLastExperienceId: () => number | null;
+export declare const setLastExperienceId: (id: number) => void;
+export declare function decayedReward(reward: number, rewardedAt: number | null): number;
+export declare function createExperience(query: string, contextFps: string[], strategy: string, stmts: Statements): number;
+export declare function rewardExperience(id: number, delta: number, feedback: string | null, stmts: Statements): {
+    query: string;
+    fps: string[];
+} | null;
+export declare function implicitRewardFromSync(filepath: string, stmts: Statements): boolean;
+export declare function getFileRewardsMap(stmts: Statements): Map<string, number>;

package/build/memory/experience.js

@@ -0,0 +1,85 @@
+// Reward system — lightweight RL from get_context usage signals
+// Sources: explicit reward()/penalize(), implicit sync_file(), temporal decay
+// ---------------------------------------------------------------------------
+// In-process tracking of the last created experience (server is long-running)
+// ---------------------------------------------------------------------------
+let _lastId = null;
+export const getLastExperienceId = () => _lastId;
+export const setLastExperienceId = (id) => { _lastId = id; };
+// ---------------------------------------------------------------------------
+// Exponential decay — half-life ≈ 14 days (λ = ln(2)/14 ≈ 0.0495 ≈ 0.05)
+// ---------------------------------------------------------------------------
+export function decayedReward(reward, rewardedAt) {
+    if (rewardedAt === null || rewardedAt === 0)
+        return 0;
+    const daysSince = Math.max(0, (Date.now() / 1000 - rewardedAt) / 86400);
+    return reward * Math.exp(-0.05 * daysSince);
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function tokenizeQuery(query) {
+    return query.toLowerCase().split(/\s+/).filter((t) => t.length > 1).join(" ");
+}
+function parseFps(contextFps) {
+    try {
+        return JSON.parse(contextFps);
+    }
+    catch {
+        return [];
+    }
+}
+// ---------------------------------------------------------------------------
+// Create experience — called after get_context returns results
+// ---------------------------------------------------------------------------
+export function createExperience(query, contextFps, strategy, stmts) {
+    const result = stmts.insertExperience.run(query, tokenizeQuery(query), JSON.stringify(contextFps), strategy);
+    const id = Number(result.lastInsertRowid);
+    setLastExperienceId(id);
+    return id;
+}
+// ---------------------------------------------------------------------------
+// Reward or penalize an experience (explicit feedback)
+// ---------------------------------------------------------------------------
+export function rewardExperience(id, delta, feedback, stmts) {
+    const exp = stmts.getExperienceById.get(id);
+    if (!exp)
+        return null;
+    stmts.updateExperienceReward.run(delta, feedback, id);
+    const fps = parseFps(exp.context_fps);
+    for (const fp of fps) {
+        stmts.upsertFileReward.run(fp, delta);
+    }
+    return { query: exp.query, fps };
+}
+// ---------------------------------------------------------------------------
+// Implicit reward from sync_file — if filepath was in the last context → +0.3
+// ---------------------------------------------------------------------------
+const IMPLICIT_DELTA = 0.3;
+export function implicitRewardFromSync(filepath, stmts) {
+    const lastId = getLastExperienceId();
+    if (lastId === null)
+        return false;
+    const exp = stmts.getExperienceById.get(lastId);
+    if (!exp)
+        return false;
+    const fps = parseFps(exp.context_fps);
+    if (!fps.includes(filepath))
+        return false;
+    stmts.updateExperienceReward.run(IMPLICIT_DELTA, null, lastId);
+    stmts.upsertFileReward.run(filepath, IMPLICIT_DELTA);
+    return true;
+}
+// ---------------------------------------------------------------------------
+// Get file rewards map — for ranking boost in assembleContext()
+// ---------------------------------------------------------------------------
+export function getFileRewardsMap(stmts) {
+    const rows = stmts.getFileRewards.all();
+    const map = new Map();
+    for (const row of rows) {
+        const d = decayedReward(row.total_reward, row.last_rewarded);
+        if (d > 0)
+            map.set(row.filepath, d);
+    }
+    return map;
+}

package/build/retrieval/context.d.ts

@@ -0,0 +1,29 @@
+import type { Statements } from "../database.js";
+import type { ResolvedConfig } from "../config.js";
+export declare function estimateTokens(text: string): number;
+export declare function extractFragments(source: string, query: string, contextLines?: number): string;
+export declare function computeDiff(prev: string, curr: string, maxChanges?: number): string;
+export interface ContextFile {
+    filepath: string;
+    language: string;
+    tokens: number;
+    content: string;
+    reason: string;
+}
+export interface ContextResult {
+    files: ContextFile[];
+    totalTokens: number;
+    strategy: "qdrant" | "tfidf" | "recent";
+    truncated: boolean;
+    skippedFiles: number;
+}
+export interface ContextOptions {
+    maxTokens?: number;
+    maxTokensPerFile?: number;
+    dirs?: string[];
+    recentOnly?: boolean;
+    recentHours?: number;
+    skeletonOnly?: boolean;
+    topK?: number;
+}
+export declare function assembleContext(query: string, stmts: Statements, cfg: ResolvedConfig, opts?: ContextOptions): Promise<ContextResult>;