npm - @alaarab/cortex - Versions diffs - 1.13.2 → 1.13.4 - Mend

@alaarab/cortex 1.13.2 → 1.13.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/mcp/dist/cli-hooks-output.js +12 -2
package/mcp/dist/content-learning.js +10 -3
package/mcp/dist/mcp-finding.js +3 -1
package/mcp/dist/memory-ui.js +12 -2
package/mcp/dist/shared-entity-graph.js +2 -1
package/mcp/dist/shared-index.js +8 -5
package/mcp/dist/shared.js +0 -5
package/package.json +1 -1

package/mcp/dist/cli-hooks-output.js CHANGED Viewed

@@ -38,14 +38,24 @@ export function buildHookOutput(selected, usedTokens, intent, gitCtx, detectedPr
         parts.push("");
         for (const injected of indexEntries) {
             recordInjection(cortexPathLocal, injected.key, sessionId);
-            recordRetrieval(cortexPathLocal, injected.doc.path, injected.doc.type);
+            try {
+                recordRetrieval(cortexPathLocal, injected.doc.path ?? injected.doc.filename, injected.doc.type);
+            }
+            catch {
+                // best-effort
+            }
         }
     }
     else {
         for (const injected of selected) {
             const { doc, snippet, key } = injected;
             recordInjection(cortexPathLocal, key, sessionId);
-            recordRetrieval(cortexPathLocal, doc.path, doc.type);
+            try {
+                recordRetrieval(cortexPathLocal, doc.path ?? doc.filename, doc.type);
+            }
+            catch {
+                // best-effort
+            }
             parts.push(`[${getDocSourceKey(doc, cortexPathLocal)}] (${doc.type})`);
             parts.push(annotateStale(snippet));
             parts.push("");

package/mcp/dist/content-learning.js CHANGED Viewed

@@ -192,9 +192,12 @@ export function upsertCanonical(cortexPath, project, memory) {
     const canonicalPath = path.join(resolvedDir, "CANONICAL_MEMORIES.md");
     const today = new Date().toISOString().slice(0, 10);
     const bullet = memory.startsWith("- ") ? memory : `- ${memory}`;
+    let canonicalContent = "";
     withFileLock(canonicalPath, () => {
         if (!fs.existsSync(canonicalPath)) {
-            fs.writeFileSync(canonicalPath, `# ${project} Canonical Memories\n\n## Pinned\n\n${bullet} _(pinned ${today})_\n`);
+            const initial = `# ${project} Canonical Memories\n\n## Pinned\n\n${bullet} _(pinned ${today})_\n`;
+            fs.writeFileSync(canonicalPath, initial);
+            canonicalContent = initial;
         }
         else {
             const existing = fs.readFileSync(canonicalPath, "utf8");
@@ -203,13 +206,17 @@ export function upsertCanonical(cortexPath, project, memory) {
                 const updated = existing.includes("## Pinned")
                     ? existing.replace("## Pinned", `## Pinned\n\n${line}`)
                     : `${existing.trimEnd()}\n\n## Pinned\n\n${line}\n`;
+                const finalContent = updated.endsWith("\n") ? updated : updated + "\n";
                 const tmpPath = canonicalPath + ".tmp";
-                fs.writeFileSync(tmpPath, updated.endsWith("\n") ? updated : updated + "\n");
+                fs.writeFileSync(tmpPath, finalContent);
                 fs.renameSync(tmpPath, canonicalPath);
+                canonicalContent = finalContent;
+            }
+            else {
+                canonicalContent = existing;
             }
         }
     });
-    const canonicalContent = fs.readFileSync(canonicalPath, "utf8");
     const locks = loadCanonicalLocks(cortexPath);
     const lockKey = `${project}/CANONICAL_MEMORIES.md`;
     locks[lockKey] = {

package/mcp/dist/mcp-finding.js CHANGED Viewed

@@ -59,7 +59,9 @@ export function register(server, ctx) {
                                 const lineEnd = content.indexOf("\n", idx);
                                 const insertAt = lineEnd >= 0 ? lineEnd : content.length;
                                 content = content.slice(0, insertAt) + " " + conflicts.annotations.join(" ") + " <!-- conflicts_checked: true -->" + content.slice(insertAt);
-                                fs.writeFileSync(fp, content);
+                                const tmpFp = fp + ".tmp";
+                                fs.writeFileSync(tmpFp, content);
+                                fs.renameSync(tmpFp, fp);
                             }
                         }
                     }

package/mcp/dist/memory-ui.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import * as http from "http";
 import * as crypto from "crypto";
+import { timingSafeEqual } from "crypto";
 import * as fs from "fs";
 import * as path from "path";
 import * as querystring from "querystring";
@@ -35,6 +36,15 @@ function getSubmittedAuthToken(req, url, parsedBody) {
         return bodyAuth;
     return "";
 }
+function authTokensMatch(submitted, authToken) {
+    if (!authToken || !submitted)
+        return false;
+    const submittedBuffer = Buffer.from(submitted);
+    const authTokenBuffer = Buffer.from(authToken);
+    if (submittedBuffer.length !== authTokenBuffer.length)
+        return false;
+    return timingSafeEqual(submittedBuffer, authTokenBuffer);
+}
 function recentUsage(cortexPath) {
     const usage = path.join(cortexPath, ".governance", "memory-usage.log");
     if (!fs.existsSync(usage))
@@ -324,7 +334,7 @@ export function createReviewUiServer(cortexPath, opts) {
         if (req.method === "GET" && url.startsWith("/api/graph")) {
             if (authToken) {
                 const submitted = getSubmittedAuthToken(req, url);
-                if (submitted !== authToken) {
+                if (!authTokensMatch(submitted, authToken)) {
                     res.writeHead(401, { "content-type": "text/plain; charset=utf-8" });
                     res.end("Unauthorized");
                     return;
@@ -356,7 +366,7 @@ export function createReviewUiServer(cortexPath, opts) {
                 const parsed = querystring.parse(body);
                 if (authToken) {
                     const submitted = getSubmittedAuthToken(req, url, parsed);
-                    if (submitted !== authToken) {
+                    if (!authTokensMatch(submitted, authToken)) {
                         res.writeHead(401, { "content-type": "text/plain; charset=utf-8" });
                         res.end("Unauthorized");
                         return;

package/mcp/dist/shared-entity-graph.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import * as fs from "fs";
+const PROSE_ENTITY_PATTERN = /\b(React|Vue|Angular|Next\.js|Nuxt|Svelte|Express|Fastify|Koa|Hapi|NestJS|Django|Flask|FastAPI|Rails|Spring|Laravel|Redis|Postgres|PostgreSQL|MySQL|MariaDB|SQLite|MongoDB|DynamoDB|Cassandra|Elasticsearch|Docker|Kubernetes|Terraform|Ansible|AWS|GCP|Azure|Vercel|Netlify|Cloudflare|Prisma|TypeORM|Sequelize|Drizzle|Mongoose|Jest|Vitest|Mocha|Cypress|Playwright|Puppeteer|Webpack|Vite|Rollup|esbuild|Turbopack|ESLint|Prettier|Babel|SWC|GraphQL|REST|gRPC|WebSocket|Kafka|RabbitMQ|NATS|Nginx|Caddy|Traefik|Node\.js|Deno|Bun|Python|Rust|Go|Java|Kotlin|Swift|TypeScript|JavaScript)\b/gi;
 const ENTITY_PATTERNS = [
     // import/require patterns: import X from 'pkg' or require('pkg')
     /(?:import\s+.*?\s+from\s+['"])(@?[\w\-/]+)(?:['"])/g,
@@ -6,7 +7,7 @@ const ENTITY_PATTERNS = [
     // @scope/package patterns in text
     /@[\w-]+\/[\w-]+/g,
     // Known library/tool names mentioned in prose (case-insensitive word boundaries)
-    /\b(React|Vue|Angular|Next\.js|Nuxt|Svelte|Express|Fastify|Django|Flask|Rails|Spring|Redis|Postgres|PostgreSQL|MySQL|MongoDB|SQLite|Docker|Kubernetes|Terraform|AWS|GCP|Azure|Vercel|Netlify|Prisma|TypeORM|Sequelize|Jest|Vitest|Cypress|Playwright|Webpack|Vite|ESLint|Prettier|GraphQL|gRPC|Kafka|RabbitMQ|Elasticsearch|Nginx|Caddy|Node\.js|Deno|Bun|Python|Rust|Go|Java|TypeScript|Zod|Drizzle|tRPC|Tailwind|shadcn)\b/gi,
+    PROSE_ENTITY_PATTERN,
 ];
 function extractEntityNames(content) {
     const found = new Set();

package/mcp/dist/shared-index.js CHANGED Viewed

@@ -617,12 +617,15 @@ export function getDocSourceKey(doc, cortexPath) {
     return buildSourceDocKey(doc.project, doc.path, cortexPath, doc.filename);
 }
 export function rowToDoc(row) {
+    if (!Array.isArray(row) || row.length < 5) {
+        throw new Error(`rowToDoc: expected ≥5 columns, got ${Array.isArray(row) ? row.length : typeof row}`);
+    }
     return {
-        project: row[0],
-        filename: row[1],
-        type: row[2],
-        content: row[3],
-        path: row[4],
+        project: row[0] != null ? String(row[0]) : "",
+        filename: row[1] != null ? String(row[1]) : "",
+        type: row[2] != null ? String(row[2]) : "",
+        content: row[3] != null ? String(row[3]) : "",
+        path: row[4] != null ? String(row[4]) : "",
     };
 }
 export function queryDocRows(db, sql, params) {

package/mcp/dist/shared.js CHANGED Viewed

@@ -32,11 +32,6 @@ export function forwardErr(result) {
         return { ok: false, error: result.error, code: result.code };
     return { ok: false, error: "unexpected forward of ok result" };
 }
-// Type guard: returns true when result is a string error (legacy T | string pattern).
-// Useful during migration from T | string to CortexResult<T>.
-export function isCortexError(result) {
-    return typeof result === "string";
-}
 const ERROR_CODES = new Set(Object.values(CortexError));
 // Extract the error code from a legacy error string (e.g. "PROJECT_NOT_FOUND: ...").
 // Returns the code if the string starts with a known CortexError, or undefined.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@alaarab/cortex",
-  "version": "1.13.2",
+  "version": "1.13.4",
   "description": "Long-term memory for AI agents — stored as markdown in a git repo you own.",
   "type": "module",
   "bin": {