@creative-ia/cortex 1.0.5 → 1.0.7

package/dist/config/auto-changelog.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Registra uma tool call no changelog do DynamoDB.
+ * Fire-and-forget — erros são silenciados.
+ */
+export declare function recordToolCall(toolName: string, args: Record<string, unknown>, resultPreview: string): Promise<void>;

package/dist/config/auto-changelog.js

@@ -0,0 +1,141 @@
+/**
+ * Auto-Changelog — Registra automaticamente no DynamoDB changelog
+ * quando uma tool de escrita é executada com sucesso.
+ *
+ * Tools de leitura (get_*, search_*, list_*) são ignoradas.
+ * O registro é fire-and-forget (não bloqueia a resposta da tool).
+ */
+import { putEntry } from "../knowledge/dynamo-store.js";
+import { countByDomain } from "../knowledge/dynamo-store.js";
+// Tools que geram registro automatico no changelog
+const WRITE_TOOLS = new Set([
+    "save_knowledge",
+    "delete_knowledge",
+    "create_process",
+    "update_process",
+    "advance_process",
+    "decompose_epic",
+    "generate_wiki",
+    "generate_report",
+    "reverse_engineer",
+    "analyze_docs",
+    "init_process",
+    "validate_idea",
+    "analyze_code",
+    "log_event",
+]);
+// Tools que NUNCA geram changelog (leitura, config, busca)
+const READ_TOOLS = new Set([
+    "get_code_standards",
+    "get_architecture_guidance",
+    "get_knowledge",
+    "search_knowledge",
+    "list_knowledge_domains",
+    "get_config",
+    "search_logs",
+    "insights_query",
+    "semantic_search",
+    "validate_process",
+]);
+// Evita changelog recursivo (save_knowledge salvando changelog sobre si mesmo)
+let _recording = false;
+/**
+ * Registra uma tool call no changelog do DynamoDB.
+ * Fire-and-forget — erros são silenciados.
+ */
+export async function recordToolCall(toolName, args, resultPreview) {
+    // Ignora tools de leitura
+    if (READ_TOOLS.has(toolName))
+        return;
+    // Ignora tools não mapeadas como escrita
+    if (!WRITE_TOOLS.has(toolName))
+        return;
+    // Evita recursão (save_knowledge chamando recordToolCall que chama save_knowledge)
+    if (_recording)
+        return;
+    // Ignora se o próprio save_knowledge está salvando no domain "changelog"
+    if (toolName === "save_knowledge" && args.domain === "changelog")
+        return;
+    _recording = true;
+    try {
+        const nextId = await getNextTaskId();
+        const title = buildTitle(toolName, args);
+        const content = buildContent(toolName, args, resultPreview);
+        const tags = buildTags(toolName, args);
+        await putEntry({
+            domain: "changelog",
+            id: nextId,
+            title,
+            content,
+            tags,
+            created_at: new Date().toISOString(),
+            updated_at: new Date().toISOString(),
+        });
+    }
+    catch {
+        // Fire-and-forget — não quebra a tool original
+    }
+    finally {
+        _recording = false;
+    }
+}
+async function getNextTaskId() {
+    try {
+        const count = await countByDomain("changelog");
+        return `TASK-${String(count + 1).padStart(3, "0")}`;
+    }
+    catch {
+        // Fallback com timestamp
+        return `TASK-AUTO-${Date.now()}`;
+    }
+}
+function buildTitle(toolName, args) {
+    const toolLabel = toolName.replace(/_/g, " ");
+    switch (toolName) {
+        case "save_knowledge":
+            return `[auto] ${toolLabel}: [${args.domain}] ${args.id} — ${(args.title || "").slice(0, 80)}`;
+        case "delete_knowledge":
+            return `[auto] ${toolLabel}: [${args.domain}] ${args.id}`;
+        case "create_process":
+            return `[auto] ${toolLabel}: ${(args.prompt || "").slice(0, 80)}`;
+        case "update_process":
+            return `[auto] ${toolLabel}: processo ${args.processId}`;
+        case "advance_process":
+            return `[auto] ${toolLabel}: processo ${args.processId}${args.epicId ? ` epic=${args.epicId}` : ""}`;
+        case "decompose_epic":
+            return `[auto] ${toolLabel}: processo ${args.processId} epic=${args.epicId}`;
+        case "generate_wiki":
+            return `[auto] ${toolLabel}: processo ${args.processId}`;
+        case "generate_report":
+            return `[auto] ${toolLabel}: ${(args.title || "").slice(0, 80)}`;
+        case "reverse_engineer":
+            return `[auto] ${toolLabel}: ${(args.repoDir || "").split("/").pop()}`;
+        case "analyze_docs":
+            return `[auto] ${toolLabel}: ${(args.docsDir || "").split("/").pop()}`;
+        case "validate_idea":
+            return `[auto] ${toolLabel}: ${(args.idea || "").slice(0, 80)}`;
+        case "analyze_code":
+            return `[auto] ${toolLabel}: ${args.filename || "inline"}`;
+        default:
+            return `[auto] ${toolLabel}`;
+    }
+}
+function buildContent(toolName, args, resultPreview) {
+    const sanitizedArgs = { ...args };
+    delete sanitizedArgs.licenseKey; // nunca logar licenseKey
+    delete sanitizedArgs.code; // codigo pode ser grande
+    delete sanitizedArgs.content; // conteudo pode ser grande
+    const argsStr = JSON.stringify(sanitizedArgs, null, 2);
+    const preview = resultPreview.slice(0, 500);
+    return `## Auto-changelog (${new Date().toISOString()})\n\nTool: ${toolName}\nArgs: ${argsStr}\n\nResultado (preview): ${preview}`;
+}
+function buildTags(toolName, args) {
+    const tags = ["auto-changelog", toolName.replace(/_/g, "-")];
+    if (args.domain)
+        tags.push(args.domain);
+    if (args.processId)
+        tags.push(`process-${args.processId}`);
+    if (args.epicId)
+        tags.push(`epic-${args.epicId}`);
+    return tags;
+}

package/dist/config/cloudwatch-store.js

@@ -1,30 +1,45 @@
 /**
  * CloudWatch Logs — Escrita e consulta de logs do MCP Server.
  * Log group: /creative-ia50/mcp-server
+ *
+ * Lazy import — AWS SDK so e carregado quando necessario.
  */
-import { CloudWatchLogsClient, CreateLogStreamCommand, PutLogEventsCommand, FilterLogEventsCommand, StartQueryCommand, GetQueryResultsCommand, } from "@aws-sdk/client-cloudwatch-logs";
 const isLocal = process.env.USE_LOCALSTACK === "true";
-const cwl = new CloudWatchLogsClient({
-    region: process.env.AWS_REGION || "sa-east-1",
-    ...(isLocal && {
-        endpoint: "http://localhost:4566",
-        credentials: { accessKeyId: "test", secretAccessKey: "test" },
-    }),
-});
+const CLOUD_MODE = !!process.env.CORTEX_API_URL;
 const LOG_GROUP = process.env.LOG_GROUP || "/creative-ia50/mcp-server";
+let _cwl = null;
+let _cmds = {};
+async function getCwl() {
+    if (_cwl)
+        return _cwl;
+    const mod = await import("@aws-sdk/client-cloudwatch-logs");
+    _cmds = mod;
+    _cwl = new mod.CloudWatchLogsClient({
+        region: process.env.AWS_REGION || "sa-east-1",
+        ...(isLocal && {
+            endpoint: "http://localhost:4566",
+            credentials: { accessKeyId: "test", secretAccessKey: "test" },
+        }),
+    });
+    return _cwl;
+}
 // Ensure log stream exists for today
 async function ensureStream(streamName) {
     try {
-        await cwl.send(new CreateLogStreamCommand({ logGroupName: LOG_GROUP, logStreamName: streamName }));
+        const cwl = await getCwl();
+        await cwl.send(new _cmds.CreateLogStreamCommand({ logGroupName: LOG_GROUP, logStreamName: streamName }));
     }
     catch { /* already exists */ }
 }
 // Write a log event
 export async function writeLog(level, message, meta) {
+    if (CLOUD_MODE)
+        return; // cloud mode — logs go via cloud proxy
     const stream = `mcp-server/${new Date().toISOString().slice(0, 10)}`;
     await ensureStream(stream);
     const event = JSON.stringify({ level, message, ...meta, timestamp: new Date().toISOString() });
-    await cwl.send(new PutLogEventsCommand({
+    const cwl = await getCwl();
+    await cwl.send(new _cmds.PutLogEventsCommand({
         logGroupName: LOG_GROUP,
         logStreamName: stream,
         logEvents: [{ timestamp: Date.now(), message: event }],
@@ -32,20 +47,26 @@ export async function writeLog(level, message, meta) {
 }
 // Filter logs by pattern
 export async function filterLogs(params) {
+    if (CLOUD_MODE)
+        return [];
     const now = Date.now();
-    const res = await cwl.send(new FilterLogEventsCommand({
+    const cwl = await getCwl();
+    const res = await cwl.send(new _cmds.FilterLogEventsCommand({
         logGroupName: LOG_GROUP,
         filterPattern: params.pattern || "",
-        startTime: params.startTime || now - 24 * 60 * 60 * 1000, // default: last 24h
+        startTime: params.startTime || now - 24 * 60 * 60 * 1000,
         endTime: params.endTime || now,
         limit: params.limit || 50,
     }));
-    return (res.events || []).map(e => e.message || "");
+    return (res.events || []).map((e) => e.message || "");
 }
 // Run CloudWatch Insights query
 export async function queryLogs(params) {
+    if (CLOUD_MODE)
+        return [];
     const now = Date.now();
-    const start = await cwl.send(new StartQueryCommand({
+    const cwl = await getCwl();
+    const start = await cwl.send(new _cmds.StartQueryCommand({
         logGroupName: LOG_GROUP,
         queryString: params.query,
         startTime: Math.floor((params.startTime || now - 24 * 60 * 60 * 1000) / 1000),
@@ -54,12 +75,11 @@ export async function queryLogs(params) {
     }));
     if (!start.queryId)
         return [];
-    // Poll for results (max 10s)
     for (let i = 0; i < 20; i++) {
         await new Promise(r => setTimeout(r, 500));
-        const res = await cwl.send(new GetQueryResultsCommand({ queryId: start.queryId }));
+        const res = await cwl.send(new _cmds.GetQueryResultsCommand({ queryId: start.queryId }));
         if (res.status === "Complete" || res.status === "Failed" || res.status === "Cancelled") {
-            return (res.results || []).map(row => row.map(f => `${f.field}: ${f.value}`));
+            return (res.results || []).map((row) => row.map((f) => `${f.field}: ${f.value}`));
         }
     }
     return [];

package/dist/config/license.d.ts

@@ -1,3 +1,15 @@
+/**
+ * License Validator — Valida licença do cliente.
+ *
+ * Dois modos:
+ * 1. DynamoDB direto (Lambda / dev com AWS_PROFILE) — quando CORTEX_API_URL nao esta definido
+ * 2. HTTP remoto (cliente local via npx) — quando CORTEX_API_URL esta definido
+ *    Chama o endpoint nuvem para validar, com cache em memoria (TTL 5min)
+ *
+ * RBAC:
+ * - role "admin" → acesso total a todos os domains e tools
+ * - role "user"  → acesso restrito aos domains em allowedDomains
+ */
 export interface License {
     licenseKey: string;
     clientName: string;

package/dist/config/license.js

@@ -10,19 +10,30 @@
  * - role "admin" → acesso total a todos os domains e tools
  * - role "user"  → acesso restrito aos domains em allowedDomains
  */
-import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
-import { DynamoDBDocumentClient, GetCommand } from "@aws-sdk/lib-dynamodb";
+// Dynamic import — AWS SDK so e carregado quando necessario (modo DynamoDB direto).
+// Isso evita o erro "Could not load credentials from any providers" em maquinas
+// que usam CORTEX_API_URL (cloud proxy) e nao tem credenciais AWS configuradas.
 const isLocal = process.env.USE_LOCALSTACK === "true";
-const CORTEX_API_URL = process.env.CORTEX_API_URL; // ex: https://zsul3dtu25.execute-api.sa-east-1.amazonaws.com/prod/mcp
-const ddb = CORTEX_API_URL
-    ? null // nao precisa de DynamoDB quando valida via HTTP
-    : DynamoDBDocumentClient.from(new DynamoDBClient({
+const CORTEX_API_URL = process.env.CORTEX_API_URL; // ex: https://mcp.creativeia50.com/mcp
+let _ddb = null;
+let _GetCommand = null;
+async function getDdb() {
+    if (CORTEX_API_URL)
+        return null; // cloud mode — nao precisa de DynamoDB
+    if (_ddb)
+        return _ddb;
+    const { DynamoDBClient } = await import("@aws-sdk/client-dynamodb");
+    const { DynamoDBDocumentClient, GetCommand } = await import("@aws-sdk/lib-dynamodb");
+    _GetCommand = GetCommand;
+    _ddb = DynamoDBDocumentClient.from(new DynamoDBClient({
         region: process.env.AWS_REGION || "sa-east-1",
         ...(isLocal && {
             endpoint: "http://localhost:4566",
             credentials: { accessKeyId: "test", secretAccessKey: "test" },
         }),
     }));
+    return _ddb;
+}
 const TABLE = process.env.LICENSE_TABLE || "creative-ia50-licenses";
 const licenseCache = new Map();
 const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutos
@@ -102,7 +113,10 @@ async function validateLicenseRemote(licenseKey, _toolName) {
  */
 async function validateLicenseDynamo(licenseKey, toolName) {
     try {
-        const res = await ddb.send(new GetCommand({ TableName: TABLE, Key: { licenseKey } }));
+        const ddb = await getDdb();
+        if (!ddb)
+            return { valid: false, reason: "DynamoDB not available (cloud mode?)" };
+        const res = await ddb.send(new _GetCommand({ TableName: TABLE, Key: { licenseKey } }));
         if (!res.Item) {
             return { valid: false, reason: "License not found" };
         }

package/dist/config/ssm-store.js

@@ -2,19 +2,35 @@
  * SSM Parameter Store — Registry de configuração do MCP Server.
  * Lê parâmetros de /creative-ia50/mcp-server/*
  */
-import { SSMClient, GetParameterCommand, GetParametersByPathCommand } from "@aws-sdk/client-ssm";
+// Lazy import — AWS SDK so e carregado quando necessario (evita erro de credenciais em cloud mode)
 const isLocal = process.env.USE_LOCALSTACK === "true";
-const ssm = new SSMClient({
-    region: process.env.AWS_REGION || "sa-east-1",
-    ...(isLocal && {
-        endpoint: "http://localhost:4566",
-        credentials: { accessKeyId: "test", secretAccessKey: "test" },
-    }),
-});
+const CLOUD_MODE = !!process.env.CORTEX_API_URL;
+let _ssm = null;
+let _GetParameterCommand = null;
+let _GetParametersByPathCommand = null;
+async function getSsm() {
+    if (_ssm)
+        return _ssm;
+    const { SSMClient } = await import("@aws-sdk/client-ssm");
+    const mod = await import("@aws-sdk/client-ssm");
+    _GetParameterCommand = mod.GetParameterCommand;
+    _GetParametersByPathCommand = mod.GetParametersByPathCommand;
+    _ssm = new SSMClient({
+        region: process.env.AWS_REGION || "sa-east-1",
+        ...(isLocal && {
+            endpoint: "http://localhost:4566",
+            credentials: { accessKeyId: "test", secretAccessKey: "test" },
+        }),
+    });
+    return _ssm;
+}
 const PREFIX = "/creative-ia50/mcp-server";
 export async function getParam(name) {
+    if (CLOUD_MODE)
+        return null;
     try {
-        const res = await ssm.send(new GetParameterCommand({ Name: `${PREFIX}/${name}` }));
+        const ssm = await getSsm();
+        const res = await ssm.send(new _GetParameterCommand({ Name: `${PREFIX}/${name}` }));
         return res.Parameter?.Value || null;
     }
     catch {
@@ -22,9 +38,12 @@ export async function getParam(name) {
     }
 }
 export async function getAllParams() {
+    if (CLOUD_MODE)
+        return {};
     const result = {};
     try {
-        const res = await ssm.send(new GetParametersByPathCommand({
+        const ssm = await getSsm();
+        const res = await ssm.send(new _GetParametersByPathCommand({
             Path: PREFIX,
             Recursive: true,
         }));

package/dist/index.js

@@ -15,6 +15,7 @@ import { z } from "zod";
 import { validateLicense, canAccessDomain } from "./config/license.js";
 import { isCloudProxyEnabled, callCloudTool } from "./config/cloud-proxy.js";
 import { withTelemetry, reportTelemetry } from "./config/telemetry.js";
+import { recordToolCall } from "./config/auto-changelog.js";
 import { getCodeStandards } from "./tools/get-code-standards.js";
 import { analyzeCode } from "./tools/analyze-code.js";
 import { getArchitectureGuidance } from "./tools/get-architecture.js";
@@ -51,6 +52,15 @@ async function licenseGate(licenseKey, toolName) {
 function cloudResult(text) {
     return { content: [{ type: "text", text }] };
 }
+// --- Helper: auto-changelog fire-and-forget ---
+// Registra tool calls de escrita no changelog do DynamoDB.
+// Nao bloqueia a resposta — roda em background.
+function autoLog(toolName, args, resultText) {
+    if (!CLOUD_MODE) {
+        // Apenas em modo direto (Lambda). Em cloud mode o server remoto ja registra.
+        recordToolCall(toolName, args, resultText).catch(() => { });
+    }
+}
 async function proxyToCloud(toolName, args) {
     const start = Date.now();
     try {
@@ -102,6 +112,7 @@ server.tool("analyze_code", "Analyzes code against L1-L4 standards. Returns viol
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await analyzeCode({ code, language, filename });
+    autoLog("analyze_code", { language, filename }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: get_architecture_guidance ---
@@ -131,6 +142,7 @@ server.tool("init_process", "Initializes a new process with UUID, checklist, and
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await initProcess({ title, stakeholder, description });
+    autoLog("init_process", { title, stakeholder }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: validate_process ---
@@ -159,6 +171,7 @@ server.tool("validate_idea", "Analyzes a business idea against the company knowl
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await validateIdea({ idea, context });
+    autoLog("validate_idea", { idea: idea.slice(0, 200) }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: generate_report ---
@@ -173,6 +186,7 @@ server.tool("generate_report", "Generates a branded HTML report on the client ma
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await withTelemetry("generate_report", () => generateReport({ title, content, reportType, outputDir }), (r) => `report=${reportType} title=${title.slice(0, 50)}`, { reportType });
+    autoLog("generate_report", { title, reportType }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // =============================================================================
@@ -196,6 +210,7 @@ server.tool("save_knowledge", "Salva ou atualiza um registro de conhecimento org
     if (!canAccessDomain(gate.license, domain))
         return { content: [{ type: "text", text: `Access denied: domain '${domain}' not allowed for this license` }] };
     const result = await saveKnowledge({ domain, id, title, content, tags, metadata });
+    autoLog("save_knowledge", { domain, id, title, tags }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: get_knowledge ---
@@ -247,6 +262,7 @@ server.tool("delete_knowledge", "Remove um registro de conhecimento organizacion
     if (!canAccessDomain(gate.license, domain))
         return { content: [{ type: "text", text: `Access denied: domain '${domain}' not allowed for this license` }] };
     const result = await deleteKnowledgeEntry({ domain, id });
+    autoLog("delete_knowledge", { domain, id }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: list_knowledge_domains ---
@@ -290,6 +306,7 @@ server.tool("log_event", "Registra um evento de log no CloudWatch Logs do MCP Se
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await logEvent({ level, message, meta });
+    autoLog("log_event", { level, message: message.slice(0, 200) }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: search_logs ---
@@ -355,6 +372,7 @@ server.tool("create_process", "Cria esqueleto de processo: recebe frase em lingu
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await withTelemetry("create_process", () => createProcess({ prompt, stakeholder }), (r) => `prompt=${prompt.slice(0, 80)}`, { stakeholder });
+    autoLog("create_process", { prompt: prompt.slice(0, 200), stakeholder }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: update_process ---
@@ -380,6 +398,7 @@ server.tool("update_process", "Acrescenta informações a um processo existente
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await updateProcess({ processId, updates, listProcesses });
+    autoLog("update_process", { processId, listProcesses }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: decompose_epic ---
@@ -393,6 +412,7 @@ server.tool("decompose_epic", "Decompõe um épico (EP-XX) em artefatos completo
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await withTelemetry("decompose_epic", () => decomposeEpic({ processId, epicId, processDir }), (r) => `process=${processId} epic=${epicId}`, { processId, epicId });
+    autoLog("decompose_epic", { processId, epicId }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: advance_process ---
@@ -406,6 +426,7 @@ server.tool("advance_process", "Orquestrador inteligente: detecta a fase atual d
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await withTelemetry("advance_process", () => advanceProcess({ processId, processDir, epicId }), (r) => `process=${processId}${epicId ? ` epic=${epicId}` : ""}`, { processId, epicId });
+    autoLog("advance_process", { processId, epicId }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Tool: generate_wiki ---
@@ -418,6 +439,7 @@ server.tool("generate_wiki", "Gera/atualiza wiki navegável do processo: index.h
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await withTelemetry("generate_wiki", () => generateWiki({ processId, processDir }), (r) => `process=${processId}`, { processId });
+    autoLog("generate_wiki", { processId }, JSON.stringify(result));
     return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
 });
 // --- Tool: reverse_engineer ---
@@ -432,6 +454,7 @@ server.tool("reverse_engineer", "Analisa repositório local ou remoto (Git URL)
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await withTelemetry("reverse_engineer", () => reverseEngineer({ repoDir, processId, processDir, outputFilename }), (r) => `repo=${repoDir.split("/").pop() || repoDir}`, { repoDir, processId });
+    autoLog("reverse_engineer", { repoDir: repoDir.split("/").pop() || repoDir, processId }, JSON.stringify(result));
     return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
 });
 // --- Tool: analyze_docs ---
@@ -446,6 +469,7 @@ server.tool("analyze_docs", "Analisa um diretório de documentação, extrai tex
     if ("denied" in gate)
         return { content: [{ type: "text", text: gate.denied }] };
     const result = await withTelemetry("analyze_docs", () => analyzeDocs({ docsDir, processId, processDir, maxFiles }), (r) => `dir=${docsDir.split("/").pop() || docsDir}`, { docsDir, processId });
+    autoLog("analyze_docs", { docsDir: docsDir.split("/").pop() || docsDir, processId }, result);
     return { content: [{ type: "text", text: result }] };
 });
 // --- Start server ---

package/dist/knowledge/dynamo-store.js

@@ -5,38 +5,42 @@
  * PK: domain (ex: "decisions", "changelog", "troubleshooting", "glossary")
  * SK: id (ex: "ADR-001", "TASK-030", "TS-005", "TERM-001")
  *
- * Suporta LocalStack e AWS real via USE_LOCALSTACK env var.
+ * Lazy import — AWS SDK so e carregado quando necessario.
  */
-import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
-import { DynamoDBDocumentClient, PutCommand, GetCommand, QueryCommand, DeleteCommand, } from "@aws-sdk/lib-dynamodb";
 const isLocal = process.env.USE_LOCALSTACK === "true";
-const ddb = DynamoDBDocumentClient.from(new DynamoDBClient({
-    region: process.env.AWS_REGION || "sa-east-1",
-    ...(isLocal && {
-        endpoint: "http://localhost:4566",
-        credentials: { accessKeyId: "test", secretAccessKey: "test" },
-    }),
-}));
 const TABLE = process.env.KNOWLEDGE_TABLE || "creative-ia50-knowledge";
-// --- PUT (create or update) ---
+let _ddb = null;
+let _cmds = {};
+async function getDdb() {
+    if (_ddb)
+        return _ddb;
+    const { DynamoDBClient } = await import("@aws-sdk/client-dynamodb");
+    const mod = await import("@aws-sdk/lib-dynamodb");
+    _cmds = mod;
+    _ddb = mod.DynamoDBDocumentClient.from(new DynamoDBClient({
+        region: process.env.AWS_REGION || "sa-east-1",
+        ...(isLocal && {
+            endpoint: "http://localhost:4566",
+            credentials: { accessKeyId: "test", secretAccessKey: "test" },
+        }),
+    }));
+    return _ddb;
+}
 export async function putEntry(entry) {
-    await ddb.send(new PutCommand({
+    const ddb = await getDdb();
+    await ddb.send(new _cmds.PutCommand({
         TableName: TABLE,
-        Item: {
-            ...entry,
-            primary_tag: entry.tags?.[0] || "untagged",
-            updated_at: new Date().toISOString(),
-        },
+        Item: { ...entry, primary_tag: entry.tags?.[0] || "untagged", updated_at: new Date().toISOString() },
     }));
 }
-// --- GET single entry ---
 export async function getEntry(domain, id) {
-    const res = await ddb.send(new GetCommand({ TableName: TABLE, Key: { domain, id } }));
+    const ddb = await getDdb();
+    const res = await ddb.send(new _cmds.GetCommand({ TableName: TABLE, Key: { domain, id } }));
     return res.Item || null;
 }
-// --- QUERY by domain (list all entries in a domain) ---
 export async function queryByDomain(domain, limit) {
-    const res = await ddb.send(new QueryCommand({
+    const ddb = await getDdb();
+    const res = await ddb.send(new _cmds.QueryCommand({
         TableName: TABLE,
         KeyConditionExpression: "#d = :domain",
         ExpressionAttributeNames: { "#d": "domain" },
@@ -46,11 +50,9 @@ export async function queryByDomain(domain, limit) {
     }));
     return res.Items || [];
 }
-// --- SEARCH by tag (uses GSI tag-index) ---
 export async function searchByTag(tag, limit) {
-    // Scan with filter — for small datasets this is fine.
-    // For large scale, use a GSI on tags (flattened).
-    const res = await ddb.send(new QueryCommand({
+    const ddb = await getDdb();
+    const res = await ddb.send(new _cmds.QueryCommand({
         TableName: TABLE,
         IndexName: "tag-index",
         KeyConditionExpression: "primary_tag = :tag",
@@ -59,22 +61,19 @@ export async function searchByTag(tag, limit) {
     }));
     return res.Items || [];
 }
-// --- SEARCH by text (simple contains on title + content) ---
 export async function searchByText(domain, text, limit) {
     const all = await queryByDomain(domain, 500);
     const lower = text.toLowerCase();
-    const filtered = all.filter((e) => e.title.toLowerCase().includes(lower) ||
-        e.content.toLowerCase().includes(lower) ||
-        (e.tags && e.tags.some((t) => t.toLowerCase().includes(lower))));
+    const filtered = all.filter((e) => e.title.toLowerCase().includes(lower) || e.content.toLowerCase().includes(lower) || (e.tags && e.tags.some((t) => t.toLowerCase().includes(lower))));
     return limit ? filtered.slice(0, limit) : filtered;
 }
-// --- DELETE ---
 export async function deleteEntry(domain, id) {
-    await ddb.send(new DeleteCommand({ TableName: TABLE, Key: { domain, id } }));
+    const ddb = await getDdb();
+    await ddb.send(new _cmds.DeleteCommand({ TableName: TABLE, Key: { domain, id } }));
 }
-// --- COUNT entries in a domain ---
 export async function countByDomain(domain) {
-    const res = await ddb.send(new QueryCommand({
+    const ddb = await getDdb();
+    const res = await ddb.send(new _cmds.QueryCommand({
         TableName: TABLE,
         KeyConditionExpression: "#d = :domain",
         ExpressionAttributeNames: { "#d": "domain" },

package/dist/knowledge/embeddings.js

@@ -1,22 +1,32 @@
 /**
  * Bedrock Titan Embeddings — Gera embeddings para semantic search.
  * Model: amazon.titan-embed-text-v2:0 (256 dimensions)
- * Custo: ~$0.0002 per 1K input tokens
+ *
+ * Lazy import — AWS SDK so e carregado quando necessario.
  */
-import { BedrockRuntimeClient, InvokeModelCommand } from "@aws-sdk/client-bedrock-runtime";
 const isLocal = process.env.USE_LOCALSTACK === "true";
-const bedrock = new BedrockRuntimeClient({
-    region: process.env.AWS_REGION || "sa-east-1",
-    ...(isLocal && {
-        endpoint: "http://localhost:4566",
-        credentials: { accessKeyId: "test", secretAccessKey: "test" },
-    }),
-});
 const MODEL_ID = "amazon.titan-embed-text-v2:0";
 const DIMENSIONS = 256;
+let _bedrock = null;
+let _InvokeModelCommand = null;
+async function getBedrock() {
+    if (_bedrock)
+        return _bedrock;
+    const mod = await import("@aws-sdk/client-bedrock-runtime");
+    _InvokeModelCommand = mod.InvokeModelCommand;
+    _bedrock = new mod.BedrockRuntimeClient({
+        region: process.env.AWS_REGION || "sa-east-1",
+        ...(isLocal && {
+            endpoint: "http://localhost:4566",
+            credentials: { accessKeyId: "test", secretAccessKey: "test" },
+        }),
+    });
+    return _bedrock;
+}
 export async function getEmbedding(text) {
+    const bedrock = await getBedrock();
     const body = JSON.stringify({ inputText: text.slice(0, 8000), dimensions: DIMENSIONS });
-    const res = await bedrock.send(new InvokeModelCommand({
+    const res = await bedrock.send(new _InvokeModelCommand({
         modelId: MODEL_ID,
         body: new TextEncoder().encode(body),
         contentType: "application/json",

package/dist/knowledge/loader.js

@@ -2,29 +2,40 @@
  * Knowledge Loader — Carrega skills e knowledge do S3 (LocalStack ou AWS).
  * O conteúdo NUNCA é exposto diretamente ao cliente.
  * As tools processam o conteúdo e retornam apenas respostas derivadas.
+ *
+ * Lazy import — AWS SDK so e carregado quando necessario.
  */
-import { S3Client, GetObjectCommand, ListObjectsV2Command } from "@aws-sdk/client-s3";
 const isLocal = process.env.USE_LOCALSTACK === "true";
-const s3 = new S3Client({
-    region: process.env.AWS_REGION || "us-east-1",
-    ...(isLocal && {
-        endpoint: "http://localhost:4566",
-        forcePathStyle: true,
-        credentials: { accessKeyId: "test", secretAccessKey: "test" },
-    }),
-});
 const BUCKET = process.env.SKILLS_BUCKET || "creative-ia50-skills";
+let _s3 = null;
+let _cmds = {};
+async function getS3() {
+    if (_s3)
+        return _s3;
+    const mod = await import("@aws-sdk/client-s3");
+    _cmds = mod;
+    _s3 = new mod.S3Client({
+        region: process.env.AWS_REGION || "us-east-1",
+        ...(isLocal && {
+            endpoint: "http://localhost:4566",
+            forcePathStyle: true,
+            credentials: { accessKeyId: "test", secretAccessKey: "test" },
+        }),
+    });
+    return _s3;
+}
 async function getObject(key) {
-    const cmd = new GetObjectCommand({ Bucket: BUCKET, Key: key });
+    const s3 = await getS3();
+    const cmd = new _cmds.GetObjectCommand({ Bucket: BUCKET, Key: key });
     const res = await s3.send(cmd);
     return (await res.Body?.transformToString()) || "";
 }
 async function listObjects(prefix) {
-    const cmd = new ListObjectsV2Command({ Bucket: BUCKET, Prefix: prefix });
+    const s3 = await getS3();
+    const cmd = new _cmds.ListObjectsV2Command({ Bucket: BUCKET, Prefix: prefix });
     const res = await s3.send(cmd);
     return (res.Contents || []).map((o) => o.Key).filter(Boolean);
 }
-// --- Public API ---
 export async function loadCodeStandards() {
     const raw = await getObject("knowledge/code-standards.json");
     return JSON.parse(raw);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@creative-ia/cortex",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "Cortex by Creative IA — Centro de inteligencia para arquitetura de software. MCP Server com 24 tools.",
   "type": "module",
   "main": "dist/index.js",