@equilateral_ai/mindmeld 3.3.0 → 3.4.0

package/src/handlers/mcp/mindmeldMcpHandler.js

@@ -0,0 +1,689 @@
+/**
+ * MindMeld MCP Server — Lambda Handler
+ *
+ * Standards injection and governance for AI-assisted development via MCP.
+ * Implements JSON-RPC 2.0 over HTTP (Streamable HTTP transport).
+ *
+ * POST /api/mcp/mindmeld - JSON-RPC messages
+ * GET  /api/mcp/mindmeld - 405 (SSE not supported in Lambda)
+ * DELETE /api/mcp/mindmeld - 200 (session close, no-op)
+ *
+ * Auth: X-MindMeld-Token header (API token, not Cognito)
+ * Separate from JARVIS MCP (agent orchestration) — this serves
+ * external MCP clients (Cline, Claude Code) for standards injection.
+ */
+
+const { executeQuery } = require('./dbOperations');
+const crypto = require('crypto');
+
+const SERVER_INFO = {
+    name: 'mindmeld',
+    version: '0.1.0',
+    description: 'Standards injection and governance for AI-assisted development'
+};
+
+const PROTOCOL_VERSION = '2025-03-26';
+
+const CORS_HEADERS = {
+    'Access-Control-Allow-Origin': '*',
+    'Access-Control-Allow-Methods': 'POST, GET, DELETE, OPTIONS',
+    'Access-Control-Allow-Headers': 'Content-Type, Accept, Mcp-Session-Id, X-MindMeld-Token',
+};
+
+// ============================================================
+// Category Weights (same as standardsRelevantPost.js)
+// ============================================================
+
+const CATEGORY_WEIGHTS = {
+    'serverless-saas-aws': 1.0,
+    'frontend-development': 1.0,
+    'database': 0.9,
+    'backend': 0.9,
+    'compliance-security': 0.9,
+    'deployment': 0.8,
+    'testing': 0.7,
+    'real-time-systems': 0.7,
+    'well-architected': 0.7,
+    'cost-optimization': 0.7,
+    'multi-agent-orchestration': 0.1,
+};
+
+// ============================================================
+// Tool Definitions
+// ============================================================
+
+const TOOLS = [
+    {
+        name: 'mindmeld_init_session',
+        description: 'Initialize a MindMeld standards injection session. Scans project context, identifies relevant standards, returns injected rules and session token.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                project_path: { type: 'string', description: 'Absolute path to the project root' },
+                task_description: { type: 'string', description: 'Optional: what the developer intends to work on this session' },
+                team_id: { type: 'string', description: 'Team identifier for corpus lookup. Uses personal corpus if omitted.' }
+            },
+            required: ['project_path']
+        }
+    },
+    {
+        name: 'mindmeld_record_correction',
+        description: 'Record a correction to AI output. Feeds the standards maturity pipeline. Corrections drive pattern detection and eventually promote to Provisional standards.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                session_id: { type: 'string', description: 'Session token from mindmeld_init_session' },
+                original_output: { type: 'string', description: 'What the AI generated' },
+                corrected_output: { type: 'string', description: 'What the developer changed it to' },
+                correction_note: { type: 'string', description: 'Optional: developer explanation of why the correction was made' },
+                file_context: { type: 'string', description: 'Optional: filename or path where correction occurred' }
+            },
+            required: ['session_id', 'original_output', 'corrected_output']
+        }
+    },
+    {
+        name: 'mindmeld_get_standards',
+        description: 'On-demand lookup for specific standards or maturity status. Use for UI display, not injection — mindmeld_init_session handles injection.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                team_id: { type: 'string', description: 'Team identifier (optional, resolved from token)' },
+                filter: {
+                    type: 'object',
+                    properties: {
+                        maturity: { type: 'array', items: { type: 'string' }, description: 'Filter by maturity: provisional, solidified, reinforced' },
+                        standard_name: { type: 'string', description: 'Filter by standard name (partial match)' },
+                        limit: { type: 'integer', description: 'Max results (default 20)' }
+                    }
+                }
+            }
+        }
+    }
+];
+
+// ============================================================
+// Auth: API Token Validation
+// ============================================================
+
+async function validateApiToken(headers) {
+    const token = headers['x-mindmeld-token'] || headers['X-MindMeld-Token'];
+    if (!token) {
+        return { error: 'auth_invalid', message: 'X-MindMeld-Token header is required' };
+    }
+
+    const tokenHash = crypto.createHash('sha256').update(token).digest('hex');
+
+    const result = await executeQuery(`
+        SELECT t.token_id, t.email_address, t.client_id, t.company_id,
+               c.subscription_tier, c.subscription_status
+        FROM rapport.api_tokens t
+        JOIN rapport.clients c ON t.client_id = c.client_id
+        WHERE t.token_hash = $1
+          AND t.status = 'active'
+    `, [tokenHash]);
+
+    if (result.rows.length === 0) {
+        return { error: 'auth_invalid', message: 'Invalid or expired API token' };
+    }
+
+    const row = result.rows[0];
+
+    // Require active subscription (no free tier)
+    if (!row.subscription_tier || row.subscription_tier === 'free') {
+        return { error: 'auth_invalid', message: 'Active MindMeld subscription required. Subscribe at app.mindmeld.dev' };
+    }
+
+    // Fire-and-forget: update usage stats
+    executeQuery(
+        'UPDATE rapport.api_tokens SET last_used_at = NOW(), request_count = request_count + 1 WHERE token_id = $1',
+        [row.token_id]
+    ).catch(() => {});
+
+    return {
+        user: {
+            email: row.email_address,
+            client_id: row.client_id,
+            company_id: row.company_id,
+            subscription_tier: row.subscription_tier
+        }
+    };
+}
+
+// ============================================================
+// Relevance Scoring (same algorithm as standardsRelevantPost.js)
+// ============================================================
+
+function rankStandards(standards, recentCategories) {
+    return standards.map(standard => {
+        let score = 0;
+        score += (standard.correlation || 1.0) * 40;
+
+        const maturityScores = { enforced: 30, validated: 20, recommended: 10, provisional: 5 };
+        score += maturityScores[standard.maturity] || 0;
+
+        const categoryWeight = CATEGORY_WEIGHTS[standard.category] || 0.5;
+        score += categoryWeight * 20;
+
+        if (standard.applicable_files && standard.applicable_files.length > 0) score += 5;
+        if (standard.cost_impact && standard.cost_impact.severity === 'critical') score += 10;
+
+        if (standard.anti_patterns) {
+            const apCount = Array.isArray(standard.anti_patterns)
+                ? standard.anti_patterns.length
+                : Object.keys(standard.anti_patterns).length;
+            if (apCount > 0) score += 5;
+        }
+
+        const isWorkflow = (standard.rule && standard.rule.startsWith('WORKFLOW:'))
+            || (Array.isArray(standard.keywords) && standard.keywords.includes('workflow'));
+        if (isWorkflow) score += 10;
+
+        if (recentCategories && recentCategories[standard.category]) {
+            const usageCount = recentCategories[standard.category];
+            let rawBonus;
+            if (usageCount >= 8) rawBonus = 25;
+            else if (usageCount >= 4) rawBonus = 18;
+            else rawBonus = 10;
+            score += rawBonus * categoryWeight;
+        }
+
+        return { ...standard, relevance_score: Math.round(score * 10) / 10 };
+    }).sort((a, b) => b.relevance_score - a.relevance_score);
+}
+
+// ============================================================
+// Formatted Injection (same format as hooks/session-start.js)
+// ============================================================
+
+function formatInjection(sessionId, standards) {
+    const sections = [];
+
+    sections.push('# MindMeld Standards Injection');
+    sections.push(`<!-- session:${sessionId} -->`);
+    sections.push('');
+    sections.push('\u00A9 2025 Equilateral AI (Pareidolia LLC). All rights reserved.');
+    sections.push('Licensed for use within MindMeld platform only. Redistribution prohibited.');
+    sections.push('');
+
+    if (standards.length > 0) {
+        sections.push('## Relevant Standards');
+        sections.push('');
+
+        for (const standard of standards) {
+            sections.push(`### ${standard.element}`);
+            sections.push(`**Category**: ${standard.category}`);
+            sections.push(`**Rule**: ${standard.rule}`);
+
+            if (standard.examples && standard.examples.length > 0) {
+                const example = standard.examples[0];
+                const exampleCode = typeof example === 'string' ? example : (example?.code || example?.description || '');
+                if (exampleCode) {
+                    sections.push('');
+                    sections.push('**Example**:');
+                    sections.push('```javascript');
+                    sections.push(exampleCode);
+                    sections.push('```');
+                }
+            }
+
+            if (standard.anti_patterns && standard.anti_patterns.length > 0) {
+                sections.push('');
+                sections.push('**Anti-patterns**:');
+                for (const ap of standard.anti_patterns) {
+                    const desc = typeof ap === 'string' ? ap : (ap?.description || '');
+                    if (desc) sections.push(`- \u274C ${desc}`);
+                }
+            }
+
+            sections.push('');
+        }
+    }
+
+    sections.push('---');
+    sections.push('*Context provided by MindMeld - mindmeld.dev*');
+
+    return sections.join('\n');
+}
+
+// ============================================================
+// Tool Implementations
+// ============================================================
+
+async function callTool(name, args, user) {
+    switch (name) {
+        case 'mindmeld_init_session':
+            return await toolInitSession(args, user);
+        case 'mindmeld_record_correction':
+            return await toolRecordCorrection(args, user);
+        case 'mindmeld_get_standards':
+            return await toolGetStandards(args, user);
+        default:
+            throw new Error(`Unknown tool: ${name}`);
+    }
+}
+
+async function toolInitSession(args, user) {
+    const { project_path, task_description } = args;
+    const sessionId = crypto.randomUUID();
+
+    // Try to match project by name for the user's company
+    let projectId = null;
+    if (project_path) {
+        const projectName = project_path.split('/').filter(Boolean).pop();
+        try {
+            const projectResult = await executeQuery(`
+                SELECT project_id FROM rapport.projects
+                WHERE company_id = $1 AND LOWER(project_name) = LOWER($2)
+                LIMIT 1
+            `, [user.company_id, projectName]);
+            if (projectResult.rows.length > 0) {
+                projectId = projectResult.rows[0].project_id;
+            }
+        } catch (err) {
+            console.error('[MCP] Project lookup failed:', err.message);
+        }
+    }
+
+    // Get recency data for scoring boost
+    const recentCategories = {};
+    try {
+        const recencyResult = await executeQuery(`
+            SELECT sp.category, COUNT(*) as usage_count
+            FROM rapport.session_standards ss
+            JOIN rapport.sessions s ON s.session_id = ss.session_id
+            JOIN rapport.standards_patterns sp ON sp.pattern_id = ss.standard_id
+            WHERE s.email_address = $1
+                AND s.started_at >= NOW() - INTERVAL '7 days'
+            GROUP BY sp.category
+            ORDER BY usage_count DESC LIMIT 5
+        `, [user.email]);
+        for (const row of recencyResult.rows) {
+            recentCategories[row.category] = parseInt(row.usage_count, 10);
+        }
+    } catch (err) {
+        console.error('[MCP] Recency query failed:', err.message);
+    }
+
+    // Default to broad categories (no filesystem scanning in Lambda)
+    const categories = [
+        'serverless-saas-aws', 'frontend-development', 'database', 'backend',
+        'compliance-security', 'well-architected', 'cost-optimization', 'deployment', 'testing'
+    ];
+
+    // Merge recency categories
+    for (const cat of Object.keys(recentCategories)) {
+        if (!categories.includes(cat)) categories.push(cat);
+    }
+
+    // Query standards
+    const result = await executeQuery(`
+        SELECT pattern_id, element, title, rule, category, keywords, correlation,
+               maturity, applicable_files, anti_patterns, examples, cost_impact, source
+        FROM rapport.standards_patterns
+        WHERE category = ANY($1::varchar[])
+          AND maturity IN ('enforced', 'validated', 'recommended')
+        ORDER BY CASE WHEN maturity = 'enforced' THEN 1 WHEN maturity = 'validated' THEN 2 ELSE 3 END,
+                 correlation DESC
+    `, [categories]);
+
+    if (result.rows.length === 0) {
+        return {
+            content: [{ type: 'text', text: JSON.stringify({ error: 'corpus_empty', message: 'No standards found in corpus' }) }],
+            isError: true
+        };
+    }
+
+    // Rank, deduplicate, apply diversity caps
+    let ranked = rankStandards(result.rows, recentCategories);
+
+    const seenElements = new Set();
+    ranked = ranked.filter(s => {
+        if (seenElements.has(s.element)) return false;
+        seenElements.add(s.element);
+        return true;
+    });
+
+    const MAX_PER_CATEGORY = 2;
+    const MAX_PER_TITLE = 1;
+    const top = [];
+    const categoryCounts = {};
+    const titleCounts = {};
+    for (const standard of ranked) {
+        const cat = standard.category;
+        const title = standard.title || standard.element;
+        categoryCounts[cat] = (categoryCounts[cat] || 0) + 1;
+        titleCounts[title] = (titleCounts[title] || 0) + 1;
+        if (categoryCounts[cat] <= MAX_PER_CATEGORY && titleCounts[title] <= MAX_PER_TITLE) {
+            top.push(standard);
+            if (top.length >= 10) break;
+        }
+    }
+
+    // Format injection markdown
+    const formattedInjection = formatInjection(sessionId, top);
+
+    // Fire-and-forget: record session + standards
+    executeQuery(`
+        INSERT INTO rapport.sessions (session_id, project_id, email_address, started_at, session_data)
+        VALUES ($1, $2, $3, NOW(), $4)
+        ON CONFLICT (session_id) DO NOTHING
+    `, [sessionId, projectId, user.email, JSON.stringify({ source: 'mcp', task_description: task_description || null })])
+        .catch(err => console.error('[MCP] Session record failed:', err.message));
+
+    for (const standard of top) {
+        executeQuery(`
+            INSERT INTO rapport.session_standards (session_id, standard_id, standard_name, relevance_score, created_at)
+            VALUES ($1, $2, $3, $4, NOW())
+            ON CONFLICT (session_id, standard_id) DO UPDATE SET relevance_score = EXCLUDED.relevance_score
+        `, [sessionId, standard.pattern_id, standard.element, standard.relevance_score])
+            .catch(err => console.error('[MCP] Standard record failed:', err.message));
+    }
+
+    // Get corpus size for summary
+    let corpusSize = result.rows.length;
+    try {
+        const countResult = await executeQuery('SELECT COUNT(*) as cnt FROM rapport.standards_patterns');
+        corpusSize = parseInt(countResult.rows[0].cnt, 10);
+    } catch (err) {
+        // Use result count as fallback
+    }
+
+    const response = {
+        session_id: sessionId,
+        injected_rules: top.map(s => ({
+            rule_id: s.pattern_id,
+            standard: s.element,
+            maturity: s.maturity,
+            text: s.rule,
+            relevance_score: s.relevance_score
+        })),
+        injection_summary: {
+            rule_count: top.length,
+            token_estimate: Math.ceil(formattedInjection.length / 4),
+            standards_matched: ranked.length,
+            corpus_size: corpusSize
+        },
+        formatted_injection: formattedInjection
+    };
+
+    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
+}
+
+async function toolRecordCorrection(args, user) {
+    const { session_id, original_output, corrected_output, correction_note, file_context } = args;
+    const correctionId = crypto.randomUUID();
+
+    // Simple pattern match: check if correction keywords match any existing standard rules
+    let matchedStandardId = null;
+    let patternDetected = false;
+    try {
+        // Extract significant words from the correction
+        const correctionWords = corrected_output.toLowerCase().split(/\s+/).filter(w => w.length > 4);
+        if (correctionWords.length > 0) {
+            const searchTerms = correctionWords.slice(0, 5).join(' | ');
+            const matchResult = await executeQuery(`
+                SELECT pattern_id, element FROM rapport.standards_patterns
+                WHERE to_tsvector('english', rule) @@ to_tsquery('english', $1)
+                LIMIT 1
+            `, [searchTerms]);
+            if (matchResult.rows.length > 0) {
+                matchedStandardId = matchResult.rows[0].pattern_id;
+                patternDetected = true;
+            }
+        }
+    } catch (err) {
+        console.error('[MCP] Pattern match failed:', err.message);
+    }
+
+    // Store correction
+    await executeQuery(`
+        INSERT INTO rapport.mcp_corrections
+            (correction_id, session_id, email_address, company_id, original_output,
+             corrected_output, correction_note, file_context, matched_standard_id, status)
+        VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, 'recorded')
+    `, [correctionId, session_id, user.email, user.company_id,
+        original_output, corrected_output, correction_note || null,
+        file_context || null, matchedStandardId]);
+
+    const response = {
+        correction_id: correctionId,
+        pattern_detected: patternDetected,
+        matched_standard: matchedStandardId,
+        status: 'recorded'
+    };
+
+    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
+}
+
+async function toolGetStandards(args, user) {
+    const filter = args.filter || {};
+    const limit = Math.min(parseInt(filter.limit) || 20, 100);
+    const maturityFilter = filter.maturity;
+    const nameFilter = filter.standard_name;
+
+    let query = `
+        SELECT pattern_id as standard_id, element as name, maturity,
+               COUNT(*) OVER() as total_count,
+               (SELECT COUNT(*) FROM rapport.session_standards WHERE standard_id = sp.pattern_id) as session_count
+        FROM rapport.standards_patterns sp
+        WHERE 1=1
+    `;
+    const params = [];
+
+    if (maturityFilter && Array.isArray(maturityFilter) && maturityFilter.length > 0) {
+        params.push(maturityFilter);
+        query += ` AND maturity = ANY($${params.length}::varchar[])`;
+    }
+
+    if (nameFilter) {
+        params.push(`%${nameFilter}%`);
+        query += ` AND (element ILIKE $${params.length} OR title ILIKE $${params.length})`;
+    }
+
+    query += ` ORDER BY maturity DESC, element ASC`;
+    params.push(limit);
+    query += ` LIMIT $${params.length}`;
+
+    const result = await executeQuery(query, params);
+
+    // Corpus summary
+    const summaryResult = await executeQuery(`
+        SELECT
+            COUNT(*) as total_standards,
+            COUNT(*) FILTER (WHERE maturity = 'enforced') as reinforced_count,
+            COUNT(*) FILTER (WHERE maturity = 'validated') as solidified_count,
+            COUNT(*) FILTER (WHERE maturity IN ('recommended', 'provisional')) as provisional_count
+        FROM rapport.standards_patterns
+    `);
+    const summary = summaryResult.rows[0] || {};
+
+    const response = {
+        standards: result.rows.map(r => ({
+            standard_id: r.standard_id,
+            name: r.name,
+            maturity: r.maturity,
+            rule_count: 1,
+            session_count: parseInt(r.session_count, 10) || 0,
+        })),
+        corpus_summary: {
+            total_standards: parseInt(summary.total_standards, 10) || 0,
+            total_rules: parseInt(summary.total_standards, 10) || 0,
+            reinforced_count: parseInt(summary.reinforced_count, 10) || 0,
+            solidified_count: parseInt(summary.solidified_count, 10) || 0,
+            provisional_count: parseInt(summary.provisional_count, 10) || 0,
+        }
+    };
+
+    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
+}
+
+// ============================================================
+// JSON-RPC Message Router
+// ============================================================
+
+async function handleJsonRpc(message, user) {
+    const { method, params, id } = message;
+
+    switch (method) {
+        case 'initialize':
+            return {
+                jsonrpc: '2.0',
+                id,
+                result: {
+                    protocolVersion: PROTOCOL_VERSION,
+                    capabilities: {
+                        tools: { listChanged: false }
+                    },
+                    serverInfo: SERVER_INFO
+                }
+            };
+
+        case 'notifications/initialized':
+            return null;
+
+        case 'ping':
+            return { jsonrpc: '2.0', id, result: {} };
+
+        case 'tools/list':
+            return { jsonrpc: '2.0', id, result: { tools: TOOLS } };
+
+        case 'tools/call': {
+            const { name, arguments: args } = params;
+            try {
+                const result = await callTool(name, args || {}, user);
+                return { jsonrpc: '2.0', id, result };
+            } catch (error) {
+                console.error(`[MCP] Tool ${name} error:`, error.message);
+                return {
+                    jsonrpc: '2.0',
+                    id,
+                    result: {
+                        content: [{ type: 'text', text: JSON.stringify({ error: 'timeout', message: error.message }) }],
+                        isError: true
+                    }
+                };
+            }
+        }
+
+        default:
+            return {
+                jsonrpc: '2.0',
+                id,
+                error: { code: -32601, message: `Method not found: ${method}` }
+            };
+    }
+}
+
+// ============================================================
+// Lambda Handler
+// ============================================================
+
+exports.handler = async (event) => {
+    const method = event.httpMethod;
+
+    // CORS preflight
+    if (method === 'OPTIONS') {
+        return {
+            statusCode: 200,
+            headers: { ...CORS_HEADERS, 'Access-Control-Max-Age': '86400' },
+            body: ''
+        };
+    }
+
+    // GET — SSE not supported in Lambda
+    if (method === 'GET') {
+        return {
+            statusCode: 405,
+            headers: { ...CORS_HEADERS, 'Content-Type': 'application/json', Allow: 'POST, DELETE, OPTIONS' },
+            body: JSON.stringify({
+                jsonrpc: '2.0',
+                error: { code: -32000, message: 'SSE streaming not supported. Use POST for JSON-RPC requests.' },
+                id: null
+            })
+        };
+    }
+
+    // DELETE — Session close (no-op)
+    if (method === 'DELETE') {
+        return {
+            statusCode: 200,
+            headers: { ...CORS_HEADERS, 'Content-Type': 'application/json' },
+            body: ''
+        };
+    }
+
+    // POST — JSON-RPC
+    if (method !== 'POST') {
+        return {
+            statusCode: 405,
+            headers: { ...CORS_HEADERS, 'Content-Type': 'application/json', Allow: 'POST, GET, DELETE, OPTIONS' },
+            body: JSON.stringify({ jsonrpc: '2.0', error: { code: -32000, message: 'Method not allowed' }, id: null })
+        };
+    }
+
+    // Validate API token
+    const authResult = await validateApiToken(event.headers || {});
+    if (authResult.error) {
+        return {
+            statusCode: 200,
+            headers: { ...CORS_HEADERS, 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                jsonrpc: '2.0',
+                error: { code: -32000, message: authResult.message },
+                id: null
+            })
+        };
+    }
+
+    try {
+        let body;
+        try {
+            body = typeof event.body === 'string' ? JSON.parse(event.body) : event.body;
+        } catch (e) {
+            return {
+                statusCode: 400,
+                headers: { ...CORS_HEADERS, 'Content-Type': 'application/json' },
+                body: JSON.stringify({ jsonrpc: '2.0', error: { code: -32700, message: 'Parse error: invalid JSON' }, id: null })
+            };
+        }
+
+        // Handle batch requests
+        if (Array.isArray(body)) {
+            const responses = [];
+            for (const msg of body) {
+                const response = await handleJsonRpc(msg, authResult.user);
+                if (response) responses.push(response);
+            }
+            return {
+                statusCode: responses.length > 0 ? 200 : 202,
+                headers: { ...CORS_HEADERS, 'Content-Type': 'application/json' },
+                body: responses.length > 0 ? JSON.stringify(responses) : ''
+            };
+        }
+
+        // Handle single request
+        const response = await handleJsonRpc(body, authResult.user);
+
+        if (!response) {
+            return { statusCode: 202, headers: { ...CORS_HEADERS, 'Content-Type': 'application/json' }, body: '' };
+        }
+
+        return {
+            statusCode: 200,
+            headers: { ...CORS_HEADERS, 'Content-Type': 'application/json' },
+            body: JSON.stringify(response)
+        };
+
+    } catch (error) {
+        console.error('[MCP] Handler error:', error);
+        return {
+            statusCode: 200,
+            headers: { ...CORS_HEADERS, 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                jsonrpc: '2.0',
+                error: { code: -32603, message: 'Internal server error' },
+                id: null
+            })
+        };
+    }
+};