@dollhousemcp/mcp-server 1.8.0 → 1.9.0

package/CHANGELOG.md

@@ -1,5 +1,123 @@
 # Changelog
 
+## [1.8.1] - 2025-09-15
+
+### Fixed
+- **Extended Node Compatibility**: Fixed Headers constructor undefined in CI environment
+  - Replaced Headers constructor with plain object mock to ensure cross-platform compatibility
+  - Previously failing test "should provide helpful error messages for common failures" now passes consistently
+  - Improves CI reliability for Extended Node Compatibility workflow
+- **Documentation**: Updated website URL to reflect live status (removed "(planned)" designation)
+  - Website https://dollhousemcp.com is now live and accessible
+  - Updated README chunks and regenerated documentation files
+
+### Improved
+- **CI Reliability**: Enhanced test infrastructure for better cross-platform compatibility
+- **Test Mocking**: Improved mock strategies to work in both local and CI environments
+
+## [1.8.0] - 2025-09-15
+
+### 🚨 Breaking Changes
+- **Configuration Wizard Auto-Trigger Removed**: The configuration wizard no longer appears automatically on first MCP interaction
+  - Different LLMs handled auto-insertion unpredictably, causing UX inconsistencies
+  - Migration: Wizard still available manually via `config` tool with `action: 'wizard'`
+
+### Added
+
+#### Major Portfolio System Enhancements
+- **Configurable Repository Names**: Portfolio repository names now configurable via `TEST_GITHUB_REPO` environment variable
+- **Full Portfolio Sync Functionality**: Complete bidirectional sync with GitHub portfolios
+  - `sync_portfolio pull` functionality for downloading elements from GitHub
+  - Three sync modes: additive (default), mirror, backup
+  - Dry-run mode with change preview
+  - Progress reporting and conflict resolution
+- **Portfolio Pull Handler**: New modular architecture for GitHub portfolio synchronization
+  - PortfolioPullHandler for orchestrating pull operations
+  - PortfolioSyncComparer for intelligent comparison logic
+  - PortfolioDownloader with Unicode normalization and batch processing
+- **Enhanced Tool Clarity**: Renamed conflicting tools for better user experience
+  - `install_content` → `install_collection_content` (install FROM collection)
+  - `submit_content` → `submit_collection_content` (submit TO collection)
+  - Maintained `sync_portfolio` for bulk operations
+
+#### GitHub Integration Improvements
+- **Portfolio Repository Management**: Comprehensive GitHub repository management
+  - Automated repository creation and initialization
+  - Smart conflict detection and resolution
+  - Authenticated username resolution for portfolio operations
+- **Rate Limiting Fixes**: Resolved bulk operation failures
+  - Fixed redundant token validation causing GitHub API rate limits
+  - Added tokenPreValidated flag to prevent validation on every API call
+  - Improved bulk sync success rate from 0% to functional operation
+- **Filename Transformation Fix**: Fixed critical portfolio sync issue
+  - Resolved mismatch between GitHub filenames and local processing
+  - Portfolio pull operations now correctly find and restore files
+  - Eliminated "No elements found in GitHub portfolio" errors
+
+#### Test Infrastructure & Environment
+- **Isolated Test Environment**: Dedicated test infrastructure with real GitHub integration
+  - Created dollhouse-test-portfolio repository for safe testing
+  - Docker Compose configuration for test environment
+  - Configurable test parameters via environment variables
+- **Enhanced Test Coverage**: Comprehensive unit tests for portfolio functionality
+  - PortfolioSyncComparer.test.ts (11 test suites, 15 tests)
+  - PortfolioDownloader.test.ts (5 test suites, 15 tests)
+  - Performance tests for large portfolios (1000+ elements)
+
+### Fixed
+
+#### Critical Portfolio Sync Issues
+- **Issue #930**: Portfolio sync pull failures resolved
+  - Fixed filename transformation mismatch preventing file restoration
+  - GitHub operations now use consistent filename format
+- **Issue #913**: Portfolio upload failures with null response errors
+  - Fixed IElement object incomplete method implementations
+  - Now uses PortfolioElementAdapter pattern for reliable uploads
+- **Issue #926**: Rate limiting issues in bulk operations
+  - Eliminated redundant token validation calls
+  - Batch processing with proper rate limiting
+
+#### GitHub Authentication & API
+- **JSON Parsing Error**: Fixed `Unexpected token 'U', "Unauthorized" is not valid JSON` error
+  - Added proper response status checking before JSON parsing
+  - Improved error messages for authentication failures
+- **User Authentication**: Fixed portfolio operations using incorrect usernames
+  - Now uses authenticated user's username instead of element author
+  - Prevents 404 errors in portfolio sync operations
+- **Token Management**: Enhanced GitHub token handling and validation
+
+#### Template System
+- **Issue #914**: Template variable interpolation completely broken
+  - Refactored template rendering to dedicated TemplateRenderer utility class
+  - Fixed variable substitution and validation
+  - Added comprehensive error handling and logging
+
+### Performance
+- **Portfolio Sync Optimization**: Significant performance improvements
+  - Batch index rebuilds (4x faster for large portfolios)
+  - Parallel downloads with rate limiting (up to 5x faster)
+  - Single index rebuild after all operations complete
+- **Test Coverage**: Maintained 97%+ test coverage across all changes
+- **CI Reliability**: Enhanced workflow consistency and eliminated flaky tests
+
+### Dependencies
+- **@modelcontextprotocol/sdk**: Updated to v1.18.0 (latest MCP protocol features)
+- **zod**: Updated to v4.1.8 (schema validation improvements)
+- **jsdom**: Updated to v27.0.0 (DOM testing environment enhancements)
+- **@types/node**: Updated to v24.4.0 (latest Node.js type definitions)
+
+### Security
+- **Input Validation**: Enhanced Unicode normalization to prevent homograph attacks
+- **Security Audit Logging**: Added comprehensive logging for portfolio operations
+- **Authentication**: Improved GitHub authentication flow reliability
+- **YAML Parsing Security**: Enhanced validation to prevent code injection
+
+### Developer Experience
+- **Tool Organization**: Organized 41 MCP tools into 6 logical categories
+- **Configuration Wizard**: Interactive setup for new installations
+- **Debug Infrastructure**: Enhanced logging and error tracking
+- **Documentation**: Comprehensive session notes and troubleshooting guides
+
 ## [1.7.3] - 2025-09-09
 
 ### Security

package/README.github.md

@@ -29,7 +29,7 @@
 **🌐 Repository**: https://github.com/DollhouseMCP/mcp-server  
 **🏪 Collection**: https://github.com/DollhouseMCP/collection  
 **📦 NPM Package**: https://www.npmjs.com/package/@dollhousemcp/mcp-server  
-**🌍 Website**: https://dollhousemcp.com (planned)
+**🌍 Website**: https://dollhousemcp.com
 
 ---
 
@@ -158,21 +158,17 @@ Enable autonomous task completion
 
 </td>
 </tr>
-</table>
-
-### 🔄 Coming Soon
-
-<table>
 <tr>
 <td width="50%">
 
-#### 🧠 Memory
+#### 🧠 Memory (NEW in v1.9.0!)
 Persistent context across sessions
 - **Project Context** - Remember project details and decisions
 - **Learning Progress** - Track skill development over time
 - **Personal Preferences** - Store user-specific settings
 - **Conversation History** - Maintain dialogue continuity
-- **Status**: Coming Soon
+- **Date-based organization** - Automatic folder structure
+- **Use**: `"Create a memory for this project"`
 
 </td>
 <td width="50%">
@@ -842,6 +838,128 @@ For detailed guidelines, see [CONTRIBUTING.md](CONTRIBUTING.md).
 
 ## 🏷️ Version History
 
+### v1.9.0 - September 19, 2025
+
+**🎉 Memory Element Release**: Persistent context storage with enterprise-grade features
+
+#### ✨ New Features
+- **Memory Element**: Complete implementation of persistent context storage (PR #1000 - The Milestone PR!)
+- **Date-based Organization**: Automatic folder structure (YYYY-MM-DD) prevents flat directory issues
+- **Content Deduplication**: SHA-256 hashing prevents duplicate storage (Issue #994)
+- **Search Indexing**: Fast queries across thousands of entries with O(log n) performance (Issue #984)
+- **Privacy Levels**: Three-tier access control (public, private, sensitive)
+- **Retention Policies**: Automatic cleanup based on age and capacity
+
+#### 🔧 Improvements
+- **Performance Optimizations**: 60-second cache for date folder operations
+- **Collision Handling**: Automatic version suffixes for same-named files
+- **Atomic Operations**: FileLockManager prevents corruption and race conditions
+- **Sanitization Caching**: SHA-256 checksums reduce CPU usage by ~40% during deserialization
+- **Retry Logic**: Search index building with exponential backoff
+
+#### 🛡️ Security
+- **Comprehensive Input Validation**: All memory content sanitized with DOMPurify
+- **Path Traversal Protection**: Robust validation in MemoryManager
+- **Size Limits**: DoS protection with 1MB memory and 100KB entry limits
+- **Audit Logging**: Complete security event tracking
+
+#### 🧪 Testing
+- **89 Memory Tests**: Comprehensive coverage across 4 test suites
+- **Concurrent Access Tests**: Thread safety verification
+- **Security Coverage**: XSS, Unicode attacks, path traversal
+- **CI Improvements**: Fixed GitHub integration test conflicts (PR #1001)
+
+---
+
+### v1.8.1 - September 15, 2025
+
+**CI Reliability Improvements**: Fixed persistent test failures across platforms
+
+#### 🔧 Bug Fixes
+- **GitHub API 409 Conflicts**: Enhanced retry mechanism with jitter for parallel CI jobs
+- **Windows Performance Tests**: Platform-specific timing thresholds for CI environments
+- **Test Stability**: Resolved flaky tests in Extended Node Compatibility workflow
+
+---
+
+### v1.8.0 - September 15, 2025
+
+**Major Portfolio System Enhancements**: Full GitHub portfolio synchronization
+
+#### ✨ New Features
+- **Portfolio Sync**: Complete bidirectional sync with GitHub portfolios
+- **Pull Functionality**: Download elements from GitHub portfolios (3 sync modes)
+- **Configurable Repos**: Portfolio repository names now configurable
+- **Configuration Wizard**: Now manual-only (removed auto-trigger for better UX)
+
+#### 🔧 Improvements
+- **Tool Clarity**: Renamed conflicting tools for better user experience
+- **Rate Limiting**: Fixed redundant token validation causing API limits
+- **GitHub Integration**: Comprehensive repository management
+
+---
+
+### v1.7.4 - September 12, 2025
+
+**Hotfix Release**: Critical build and registration fixes
+
+#### 🔧 Bug Fixes
+- **Build Infrastructure**: Fixed missing TypeScript files in dist
+- **Tool Registration**: Resolved MCP tool availability issues
+- **Skill System**: Fixed skill registration and activation
+- **Test Framework**: Restored test infrastructure functionality
+
+---
+
+### v1.7.3 - September 9, 2025
+
+**Security & Configuration Release**: Prototype pollution protection and config management
+
+#### 🛡️ Security
+- **Prototype Pollution Protection**: Comprehensive validation against injection attacks
+- **YAML Security**: Maintained FAILSAFE_SCHEMA with security documentation
+- **Security Audit**: Achieved 0 security findings across all severity levels
+
+#### ✨ Improvements
+- **Configuration Management**: Complete overhaul with atomic operations
+- **Test Coverage**: Comprehensive security and configuration tests
+- **Input Normalization**: All inputs normalized at MCP request layer
+
+---
+
+### v1.7.2 - September 7, 2025
+
+**Security Patch Release**: Critical logging vulnerability fixes
+
+#### 🛡️ Security Fixes
+- **Clear-text Logging Prevention**: Comprehensive sanitization of sensitive data
+- **OAuth Token Protection**: Prevents exposure of tokens in console output
+- **API Key Sanitization**: Masks all credentials before logging
+
+---
+
+### v1.7.1 - September 3, 2025
+
+**Maintenance Release**: Documentation and compatibility improvements
+
+#### 🔧 Improvements
+- **Documentation**: Updated for better clarity and accuracy
+- **Compatibility**: Enhanced cross-platform support
+- **Bug Fixes**: Various minor fixes and optimizations
+
+---
+
+### v1.7.0 - August 30, 2025
+
+**Major Feature Release**: Enhanced portfolio and collection systems
+
+#### ✨ New Features
+- **Portfolio Management**: Improved local portfolio organization
+- **Collection Integration**: Better integration with community collection
+- **Security Enhancements**: Critical security fixes from code review
+
+---
+
 ### v1.6.11 - August 28, 2025
 
 **Test Reliability & Collection Fixes**: Improved test suite stability and fixed collection system

package/README.md

@@ -10,7 +10,7 @@ A comprehensive Model Context Protocol (MCP) server that enables dynamic AI pers
 **🌐 Repository**: https://github.com/DollhouseMCP/mcp-server  
 **🏪 Collection**: https://github.com/DollhouseMCP/collection  
 **📦 NPM Package**: https://www.npmjs.com/package/@dollhousemcp/mcp-server  
-**🌍 Website**: https://dollhousemcp.com (planned)
+**🌍 Website**: https://dollhousemcp.com
 
 ## 🚀 Quick Start