npm - @dollhousemcp/mcp-server - Versions diffs - 1.9.12 → 1.9.13 - Mend

@dollhousemcp/mcp-server 1.9.12 → 1.9.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/CHANGELOG.md +31 -0
package/README.github.md +68 -0
package/README.md.backup +49 -1119
package/dist/elements/memories/MemoryManager.d.ts +31 -0
package/dist/elements/memories/MemoryManager.d.ts.map +1 -1
package/dist/elements/memories/MemoryManager.js +98 -15
package/dist/generated/version.d.ts +2 -2
package/dist/generated/version.js +3 -3
package/dist/utils/migrate-legacy-memories.d.ts +35 -0
package/dist/utils/migrate-legacy-memories.d.ts.map +1 -0
package/dist/utils/migrate-legacy-memories.js +207 -0
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,36 @@
 # Changelog
+## [1.9.13] - 2025-09-29
+### Fixed
+- **Memory System Critical Fixes (Issue #1206, PR #1207)**
+  - Fixed security scanner false positives preventing legitimate security documentation from loading
+  - Memory files with security terms (vulnerability, exploit, attack) now load correctly
+  - Local memory files are now pre-trusted (validateContent: false)
+  - Added visible error reporting for failed memory loads
+  - Users now see "Failed to load X memories" with detailed error messages
+  - New getLoadStatus() diagnostic method for troubleshooting
+  - New legacy memory migration tool (migrate-legacy-memories.ts)
+  - Migrates old .md files to .yaml format in date-organized folders
+  - Safe archiving of original files, dry-run mode by default
+### Added
+- **CLI Utility**: migrate-legacy-memories.ts for legacy file migration
+- **Diagnostic Method**: getLoadStatus() for memory loading diagnostics
+- **Error Tracking**: failedLoads tracking in MemoryManager
+### Code Quality
+- Fixed SonarCloud S3776: Reduced cognitive complexity in getLoadStatus()
+- Fixed SonarCloud S3358: Replaced nested ternary with if-else chain
+- Fixed SonarCloud S7785: Use top-level await instead of promise chain
+- Extracted handleLoadFailure() to eliminate code duplication
+- Use os.homedir() for cross-platform reliability
+### Security
+- Fixed DMCP-SEC-004: Added Unicode normalization to CLI input validation
 ## [1.9.12] - 2025-09-29
 ### Fixed

package/README.github.md CHANGED Viewed

@@ -873,6 +873,74 @@ For detailed guidelines, see [CONTRIBUTING.md](CONTRIBUTING.md).
 ## 🏷️ Version History
+### v1.9.13 - September 29, 2025
+**Memory System Critical Fixes**: Security scanner improvements and enhanced error reporting
+#### 🔧 Fixed
+- **Security Scanner False Positives** - Fixed memory system rejecting legitimate security documentation (#1206, #1207)
+  - Memory files with security terms (vulnerability, exploit, attack) now load correctly
+  - Local memory files are now pre-trusted (validateContent: false)
+- **Silent Error Reporting** - Added visible error reporting for failed memory loads
+  - Users now see "Failed to load X memories" with detailed error messages
+  - New getLoadStatus() diagnostic method for troubleshooting
+- **Legacy Memory Migration** - New migration tool for old .md files
+  - Migrates to .yaml format in date-organized folders
+  - Safe archiving of original files, dry-run mode by default
+#### ✨ Added
+- CLI Utility: migrate-legacy-memories.ts for legacy file migration
+- Diagnostic Method: getLoadStatus() for memory loading diagnostics
+- Error Tracking: failedLoads tracking in MemoryManager
+#### 🛠️ Code Quality
+- Fixed SonarCloud S3776: Reduced cognitive complexity in getLoadStatus()
+- Fixed SonarCloud S3358: Replaced nested ternary with if-else chain
+- Fixed SonarCloud S7785: Use top-level await instead of promise chain
+- Extracted handleLoadFailure() to eliminate code duplication
+- Use os.homedir() for cross-platform reliability
+#### 🔒 Security
+- Fixed DMCP-SEC-004: Added Unicode normalization to CLI input validation
+#### 📊 Statistics
+- 3 Critical fixes merged in PR #1207
+- 7 Code quality issues resolved
+- 1 Security issue fixed
+- Quality Gate: PASSING
+- Test Coverage: >96% maintained
+---
+### v1.9.12 - September 29, 2025
+**Memory System Stability**: Portfolio index and test isolation improvements
+#### 🔧 Fixed
+- **Memory Metadata Preservation** - Fixed PortfolioIndexManager overwriting memory metadata (#1196, #1197)
+  - Memory descriptions now properly preserved instead of "Memory element"
+- **Test Isolation** - Fixed memory portfolio index tests contaminating real user portfolio (#1194, #1195)
+  - Tests now use temporary directories
+  - Added security validation for memory YAML parsing (size limits, type checking)
+- **ElementFormatter Tool** - Added tool for cleaning malformed elements (#1190, #1193)
+#### 🛠️ Code Quality
+- Fixed SonarCloud S7781: Use String#replaceAll() for modern string replacement
+- Fixed SonarCloud S1135: Removed TODO comments, documented test isolation patterns
+#### 🔒 Security
+- Added content size validation (1MB limit) for memory YAML parsing
+- Added type safety validation for parsed memory content
+- Documented security trade-offs with audit suppressions
+#### 📊 Statistics
+- Memory portfolio index tests: 8/8 passing (was 3/8)
+- Closed issues: #1196, #1194, #1190, #659, #404, #919
+- Quality Gate: PASSING
+- Test Coverage: >96% maintained
+---
 ### v1.9.11 - September 28, 2025
 **SonarCloud Quality & Security**: Major code quality improvements and security fixes