npm - @equilateral_ai/mindmeld - Versions diffs - 3.4.0 → 3.5.0 - Mend

@equilateral_ai/mindmeld 3.4.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/hooks/session-end.js +112 -3
package/package.json +1 -1
package/src/handlers/helpers/mindmeldMcpCore.js +594 -0
package/src/handlers/mcp/mindmeldMcpHandler.js +8 -573
package/src/handlers/mcp/mindmeldMcpStreamHandler.js +243 -0
package/src/handlers/users/userGet.js +3 -3

package/src/handlers/mcp/mindmeldMcpHandler.js CHANGED Viewed

@@ -1,582 +1,17 @@
 /**
- * MindMeld MCP Server — Lambda Handler
+ * MindMeld MCP Server — API Gateway Lambda Handler
  *
- * Standards injection and governance for AI-assisted development via MCP.
- * Implements JSON-RPC 2.0 over HTTP (Streamable HTTP transport).
+ * Thin wrapper over mindmeldMcpCore for API Gateway (REST) transport.
+ * Business logic lives in src/handlers/helpers/mindmeldMcpCore.js.
  *
  * POST /api/mcp/mindmeld - JSON-RPC messages
- * GET  /api/mcp/mindmeld - 405 (SSE not supported in Lambda)
+ * GET  /api/mcp/mindmeld - 405 (use Function URL for SSE)
  * DELETE /api/mcp/mindmeld - 200 (session close, no-op)
  *
- * Auth: X-MindMeld-Token header (API token, not Cognito)
- * Separate from JARVIS MCP (agent orchestration) — this serves
- * external MCP clients (Cline, Claude Code) for standards injection.
+ * Auth: X-MindMeld-Token header OR Authorization: Bearer token
  */
-const { executeQuery } = require('./dbOperations');
-const crypto = require('crypto');
-const SERVER_INFO = {
-    name: 'mindmeld',
-    version: '0.1.0',
-    description: 'Standards injection and governance for AI-assisted development'
-};
-const PROTOCOL_VERSION = '2025-03-26';
-const CORS_HEADERS = {
-    'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Methods': 'POST, GET, DELETE, OPTIONS',
-    'Access-Control-Allow-Headers': 'Content-Type, Accept, Mcp-Session-Id, X-MindMeld-Token',
-};
-// ============================================================
-// Category Weights (same as standardsRelevantPost.js)
-// ============================================================
-const CATEGORY_WEIGHTS = {
-    'serverless-saas-aws': 1.0,
-    'frontend-development': 1.0,
-    'database': 0.9,
-    'backend': 0.9,
-    'compliance-security': 0.9,
-    'deployment': 0.8,
-    'testing': 0.7,
-    'real-time-systems': 0.7,
-    'well-architected': 0.7,
-    'cost-optimization': 0.7,
-    'multi-agent-orchestration': 0.1,
-};
-// ============================================================
-// Tool Definitions
-// ============================================================
-const TOOLS = [
-    {
-        name: 'mindmeld_init_session',
-        description: 'Initialize a MindMeld standards injection session. Scans project context, identifies relevant standards, returns injected rules and session token.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                project_path: { type: 'string', description: 'Absolute path to the project root' },
-                task_description: { type: 'string', description: 'Optional: what the developer intends to work on this session' },
-                team_id: { type: 'string', description: 'Team identifier for corpus lookup. Uses personal corpus if omitted.' }
-            },
-            required: ['project_path']
-        }
-    },
-    {
-        name: 'mindmeld_record_correction',
-        description: 'Record a correction to AI output. Feeds the standards maturity pipeline. Corrections drive pattern detection and eventually promote to Provisional standards.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                session_id: { type: 'string', description: 'Session token from mindmeld_init_session' },
-                original_output: { type: 'string', description: 'What the AI generated' },
-                corrected_output: { type: 'string', description: 'What the developer changed it to' },
-                correction_note: { type: 'string', description: 'Optional: developer explanation of why the correction was made' },
-                file_context: { type: 'string', description: 'Optional: filename or path where correction occurred' }
-            },
-            required: ['session_id', 'original_output', 'corrected_output']
-        }
-    },
-    {
-        name: 'mindmeld_get_standards',
-        description: 'On-demand lookup for specific standards or maturity status. Use for UI display, not injection — mindmeld_init_session handles injection.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                team_id: { type: 'string', description: 'Team identifier (optional, resolved from token)' },
-                filter: {
-                    type: 'object',
-                    properties: {
-                        maturity: { type: 'array', items: { type: 'string' }, description: 'Filter by maturity: provisional, solidified, reinforced' },
-                        standard_name: { type: 'string', description: 'Filter by standard name (partial match)' },
-                        limit: { type: 'integer', description: 'Max results (default 20)' }
-                    }
-                }
-            }
-        }
-    }
-];
-// ============================================================
-// Auth: API Token Validation
-// ============================================================
-async function validateApiToken(headers) {
-    const token = headers['x-mindmeld-token'] || headers['X-MindMeld-Token'];
-    if (!token) {
-        return { error: 'auth_invalid', message: 'X-MindMeld-Token header is required' };
-    }
-    const tokenHash = crypto.createHash('sha256').update(token).digest('hex');
-    const result = await executeQuery(`
-        SELECT t.token_id, t.email_address, t.client_id, t.company_id,
-               c.subscription_tier, c.subscription_status
-        FROM rapport.api_tokens t
-        JOIN rapport.clients c ON t.client_id = c.client_id
-        WHERE t.token_hash = $1
-          AND t.status = 'active'
-    `, [tokenHash]);
-    if (result.rows.length === 0) {
-        return { error: 'auth_invalid', message: 'Invalid or expired API token' };
-    }
-    const row = result.rows[0];
-    // Require active subscription (no free tier)
-    if (!row.subscription_tier || row.subscription_tier === 'free') {
-        return { error: 'auth_invalid', message: 'Active MindMeld subscription required. Subscribe at app.mindmeld.dev' };
-    }
-    // Fire-and-forget: update usage stats
-    executeQuery(
-        'UPDATE rapport.api_tokens SET last_used_at = NOW(), request_count = request_count + 1 WHERE token_id = $1',
-        [row.token_id]
-    ).catch(() => {});
-    return {
-        user: {
-            email: row.email_address,
-            client_id: row.client_id,
-            company_id: row.company_id,
-            subscription_tier: row.subscription_tier
-        }
-    };
-}
-// ============================================================
-// Relevance Scoring (same algorithm as standardsRelevantPost.js)
-// ============================================================
-function rankStandards(standards, recentCategories) {
-    return standards.map(standard => {
-        let score = 0;
-        score += (standard.correlation || 1.0) * 40;
-        const maturityScores = { enforced: 30, validated: 20, recommended: 10, provisional: 5 };
-        score += maturityScores[standard.maturity] || 0;
-        const categoryWeight = CATEGORY_WEIGHTS[standard.category] || 0.5;
-        score += categoryWeight * 20;
-        if (standard.applicable_files && standard.applicable_files.length > 0) score += 5;
-        if (standard.cost_impact && standard.cost_impact.severity === 'critical') score += 10;
-        if (standard.anti_patterns) {
-            const apCount = Array.isArray(standard.anti_patterns)
-                ? standard.anti_patterns.length
-                : Object.keys(standard.anti_patterns).length;
-            if (apCount > 0) score += 5;
-        }
-        const isWorkflow = (standard.rule && standard.rule.startsWith('WORKFLOW:'))
-            || (Array.isArray(standard.keywords) && standard.keywords.includes('workflow'));
-        if (isWorkflow) score += 10;
-        if (recentCategories && recentCategories[standard.category]) {
-            const usageCount = recentCategories[standard.category];
-            let rawBonus;
-            if (usageCount >= 8) rawBonus = 25;
-            else if (usageCount >= 4) rawBonus = 18;
-            else rawBonus = 10;
-            score += rawBonus * categoryWeight;
-        }
-        return { ...standard, relevance_score: Math.round(score * 10) / 10 };
-    }).sort((a, b) => b.relevance_score - a.relevance_score);
-}
-// ============================================================
-// Formatted Injection (same format as hooks/session-start.js)
-// ============================================================
-function formatInjection(sessionId, standards) {
-    const sections = [];
-    sections.push('# MindMeld Standards Injection');
-    sections.push(`<!-- session:${sessionId} -->`);
-    sections.push('');
-    sections.push('\u00A9 2025 Equilateral AI (Pareidolia LLC). All rights reserved.');
-    sections.push('Licensed for use within MindMeld platform only. Redistribution prohibited.');
-    sections.push('');
-    if (standards.length > 0) {
-        sections.push('## Relevant Standards');
-        sections.push('');
-        for (const standard of standards) {
-            sections.push(`### ${standard.element}`);
-            sections.push(`**Category**: ${standard.category}`);
-            sections.push(`**Rule**: ${standard.rule}`);
-            if (standard.examples && standard.examples.length > 0) {
-                const example = standard.examples[0];
-                const exampleCode = typeof example === 'string' ? example : (example?.code || example?.description || '');
-                if (exampleCode) {
-                    sections.push('');
-                    sections.push('**Example**:');
-                    sections.push('```javascript');
-                    sections.push(exampleCode);
-                    sections.push('```');
-                }
-            }
-            if (standard.anti_patterns && standard.anti_patterns.length > 0) {
-                sections.push('');
-                sections.push('**Anti-patterns**:');
-                for (const ap of standard.anti_patterns) {
-                    const desc = typeof ap === 'string' ? ap : (ap?.description || '');
-                    if (desc) sections.push(`- \u274C ${desc}`);
-                }
-            }
-            sections.push('');
-        }
-    }
-    sections.push('---');
-    sections.push('*Context provided by MindMeld - mindmeld.dev*');
-    return sections.join('\n');
-}
-// ============================================================
-// Tool Implementations
-// ============================================================
-async function callTool(name, args, user) {
-    switch (name) {
-        case 'mindmeld_init_session':
-            return await toolInitSession(args, user);
-        case 'mindmeld_record_correction':
-            return await toolRecordCorrection(args, user);
-        case 'mindmeld_get_standards':
-            return await toolGetStandards(args, user);
-        default:
-            throw new Error(`Unknown tool: ${name}`);
-    }
-}
-async function toolInitSession(args, user) {
-    const { project_path, task_description } = args;
-    const sessionId = crypto.randomUUID();
-    // Try to match project by name for the user's company
-    let projectId = null;
-    if (project_path) {
-        const projectName = project_path.split('/').filter(Boolean).pop();
-        try {
-            const projectResult = await executeQuery(`
-                SELECT project_id FROM rapport.projects
-                WHERE company_id = $1 AND LOWER(project_name) = LOWER($2)
-                LIMIT 1
-            `, [user.company_id, projectName]);
-            if (projectResult.rows.length > 0) {
-                projectId = projectResult.rows[0].project_id;
-            }
-        } catch (err) {
-            console.error('[MCP] Project lookup failed:', err.message);
-        }
-    }
-    // Get recency data for scoring boost
-    const recentCategories = {};
-    try {
-        const recencyResult = await executeQuery(`
-            SELECT sp.category, COUNT(*) as usage_count
-            FROM rapport.session_standards ss
-            JOIN rapport.sessions s ON s.session_id = ss.session_id
-            JOIN rapport.standards_patterns sp ON sp.pattern_id = ss.standard_id
-            WHERE s.email_address = $1
-                AND s.started_at >= NOW() - INTERVAL '7 days'
-            GROUP BY sp.category
-            ORDER BY usage_count DESC LIMIT 5
-        `, [user.email]);
-        for (const row of recencyResult.rows) {
-            recentCategories[row.category] = parseInt(row.usage_count, 10);
-        }
-    } catch (err) {
-        console.error('[MCP] Recency query failed:', err.message);
-    }
-    // Default to broad categories (no filesystem scanning in Lambda)
-    const categories = [
-        'serverless-saas-aws', 'frontend-development', 'database', 'backend',
-        'compliance-security', 'well-architected', 'cost-optimization', 'deployment', 'testing'
-    ];
-    // Merge recency categories
-    for (const cat of Object.keys(recentCategories)) {
-        if (!categories.includes(cat)) categories.push(cat);
-    }
-    // Query standards
-    const result = await executeQuery(`
-        SELECT pattern_id, element, title, rule, category, keywords, correlation,
-               maturity, applicable_files, anti_patterns, examples, cost_impact, source
-        FROM rapport.standards_patterns
-        WHERE category = ANY($1::varchar[])
-          AND maturity IN ('enforced', 'validated', 'recommended')
-        ORDER BY CASE WHEN maturity = 'enforced' THEN 1 WHEN maturity = 'validated' THEN 2 ELSE 3 END,
-                 correlation DESC
-    `, [categories]);
-    if (result.rows.length === 0) {
-        return {
-            content: [{ type: 'text', text: JSON.stringify({ error: 'corpus_empty', message: 'No standards found in corpus' }) }],
-            isError: true
-        };
-    }
-    // Rank, deduplicate, apply diversity caps
-    let ranked = rankStandards(result.rows, recentCategories);
-    const seenElements = new Set();
-    ranked = ranked.filter(s => {
-        if (seenElements.has(s.element)) return false;
-        seenElements.add(s.element);
-        return true;
-    });
-    const MAX_PER_CATEGORY = 2;
-    const MAX_PER_TITLE = 1;
-    const top = [];
-    const categoryCounts = {};
-    const titleCounts = {};
-    for (const standard of ranked) {
-        const cat = standard.category;
-        const title = standard.title || standard.element;
-        categoryCounts[cat] = (categoryCounts[cat] || 0) + 1;
-        titleCounts[title] = (titleCounts[title] || 0) + 1;
-        if (categoryCounts[cat] <= MAX_PER_CATEGORY && titleCounts[title] <= MAX_PER_TITLE) {
-            top.push(standard);
-            if (top.length >= 10) break;
-        }
-    }
-    // Format injection markdown
-    const formattedInjection = formatInjection(sessionId, top);
-    // Fire-and-forget: record session + standards
-    executeQuery(`
-        INSERT INTO rapport.sessions (session_id, project_id, email_address, started_at, session_data)
-        VALUES ($1, $2, $3, NOW(), $4)
-        ON CONFLICT (session_id) DO NOTHING
-    `, [sessionId, projectId, user.email, JSON.stringify({ source: 'mcp', task_description: task_description || null })])
-        .catch(err => console.error('[MCP] Session record failed:', err.message));
-    for (const standard of top) {
-        executeQuery(`
-            INSERT INTO rapport.session_standards (session_id, standard_id, standard_name, relevance_score, created_at)
-            VALUES ($1, $2, $3, $4, NOW())
-            ON CONFLICT (session_id, standard_id) DO UPDATE SET relevance_score = EXCLUDED.relevance_score
-        `, [sessionId, standard.pattern_id, standard.element, standard.relevance_score])
-            .catch(err => console.error('[MCP] Standard record failed:', err.message));
-    }
-    // Get corpus size for summary
-    let corpusSize = result.rows.length;
-    try {
-        const countResult = await executeQuery('SELECT COUNT(*) as cnt FROM rapport.standards_patterns');
-        corpusSize = parseInt(countResult.rows[0].cnt, 10);
-    } catch (err) {
-        // Use result count as fallback
-    }
-    const response = {
-        session_id: sessionId,
-        injected_rules: top.map(s => ({
-            rule_id: s.pattern_id,
-            standard: s.element,
-            maturity: s.maturity,
-            text: s.rule,
-            relevance_score: s.relevance_score
-        })),
-        injection_summary: {
-            rule_count: top.length,
-            token_estimate: Math.ceil(formattedInjection.length / 4),
-            standards_matched: ranked.length,
-            corpus_size: corpusSize
-        },
-        formatted_injection: formattedInjection
-    };
-    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
-}
-async function toolRecordCorrection(args, user) {
-    const { session_id, original_output, corrected_output, correction_note, file_context } = args;
-    const correctionId = crypto.randomUUID();
-    // Simple pattern match: check if correction keywords match any existing standard rules
-    let matchedStandardId = null;
-    let patternDetected = false;
-    try {
-        // Extract significant words from the correction
-        const correctionWords = corrected_output.toLowerCase().split(/\s+/).filter(w => w.length > 4);
-        if (correctionWords.length > 0) {
-            const searchTerms = correctionWords.slice(0, 5).join(' | ');
-            const matchResult = await executeQuery(`
-                SELECT pattern_id, element FROM rapport.standards_patterns
-                WHERE to_tsvector('english', rule) @@ to_tsquery('english', $1)
-                LIMIT 1
-            `, [searchTerms]);
-            if (matchResult.rows.length > 0) {
-                matchedStandardId = matchResult.rows[0].pattern_id;
-                patternDetected = true;
-            }
-        }
-    } catch (err) {
-        console.error('[MCP] Pattern match failed:', err.message);
-    }
-    // Store correction
-    await executeQuery(`
-        INSERT INTO rapport.mcp_corrections
-            (correction_id, session_id, email_address, company_id, original_output,
-             corrected_output, correction_note, file_context, matched_standard_id, status)
-        VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, 'recorded')
-    `, [correctionId, session_id, user.email, user.company_id,
-        original_output, corrected_output, correction_note || null,
-        file_context || null, matchedStandardId]);
-    const response = {
-        correction_id: correctionId,
-        pattern_detected: patternDetected,
-        matched_standard: matchedStandardId,
-        status: 'recorded'
-    };
-    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
-}
-async function toolGetStandards(args, user) {
-    const filter = args.filter || {};
-    const limit = Math.min(parseInt(filter.limit) || 20, 100);
-    const maturityFilter = filter.maturity;
-    const nameFilter = filter.standard_name;
-    let query = `
-        SELECT pattern_id as standard_id, element as name, maturity,
-               COUNT(*) OVER() as total_count,
-               (SELECT COUNT(*) FROM rapport.session_standards WHERE standard_id = sp.pattern_id) as session_count
-        FROM rapport.standards_patterns sp
-        WHERE 1=1
-    `;
-    const params = [];
-    if (maturityFilter && Array.isArray(maturityFilter) && maturityFilter.length > 0) {
-        params.push(maturityFilter);
-        query += ` AND maturity = ANY($${params.length}::varchar[])`;
-    }
-    if (nameFilter) {
-        params.push(`%${nameFilter}%`);
-        query += ` AND (element ILIKE $${params.length} OR title ILIKE $${params.length})`;
-    }
-    query += ` ORDER BY maturity DESC, element ASC`;
-    params.push(limit);
-    query += ` LIMIT $${params.length}`;
-    const result = await executeQuery(query, params);
-    // Corpus summary
-    const summaryResult = await executeQuery(`
-        SELECT
-            COUNT(*) as total_standards,
-            COUNT(*) FILTER (WHERE maturity = 'enforced') as reinforced_count,
-            COUNT(*) FILTER (WHERE maturity = 'validated') as solidified_count,
-            COUNT(*) FILTER (WHERE maturity IN ('recommended', 'provisional')) as provisional_count
-        FROM rapport.standards_patterns
-    `);
-    const summary = summaryResult.rows[0] || {};
-    const response = {
-        standards: result.rows.map(r => ({
-            standard_id: r.standard_id,
-            name: r.name,
-            maturity: r.maturity,
-            rule_count: 1,
-            session_count: parseInt(r.session_count, 10) || 0,
-        })),
-        corpus_summary: {
-            total_standards: parseInt(summary.total_standards, 10) || 0,
-            total_rules: parseInt(summary.total_standards, 10) || 0,
-            reinforced_count: parseInt(summary.reinforced_count, 10) || 0,
-            solidified_count: parseInt(summary.solidified_count, 10) || 0,
-            provisional_count: parseInt(summary.provisional_count, 10) || 0,
-        }
-    };
-    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
-}
-// ============================================================
-// JSON-RPC Message Router
-// ============================================================
-async function handleJsonRpc(message, user) {
-    const { method, params, id } = message;
-    switch (method) {
-        case 'initialize':
-            return {
-                jsonrpc: '2.0',
-                id,
-                result: {
-                    protocolVersion: PROTOCOL_VERSION,
-                    capabilities: {
-                        tools: { listChanged: false }
-                    },
-                    serverInfo: SERVER_INFO
-                }
-            };
-        case 'notifications/initialized':
-            return null;
-        case 'ping':
-            return { jsonrpc: '2.0', id, result: {} };
-        case 'tools/list':
-            return { jsonrpc: '2.0', id, result: { tools: TOOLS } };
-        case 'tools/call': {
-            const { name, arguments: args } = params;
-            try {
-                const result = await callTool(name, args || {}, user);
-                return { jsonrpc: '2.0', id, result };
-            } catch (error) {
-                console.error(`[MCP] Tool ${name} error:`, error.message);
-                return {
-                    jsonrpc: '2.0',
-                    id,
-                    result: {
-                        content: [{ type: 'text', text: JSON.stringify({ error: 'timeout', message: error.message }) }],
-                        isError: true
-                    }
-                };
-            }
-        }
-        default:
-            return {
-                jsonrpc: '2.0',
-                id,
-                error: { code: -32601, message: `Method not found: ${method}` }
-            };
-    }
-}
-// ============================================================
-// Lambda Handler
-// ============================================================
+const { validateApiToken, handleJsonRpc, CORS_HEADERS } = require('./mindmeldMcpCore');
 exports.handler = async (event) => {
     const method = event.httpMethod;
@@ -590,14 +25,14 @@ exports.handler = async (event) => {
         };
     }
-    // GET — SSE not supported in Lambda
+    // GET — direct clients to the streaming Function URL
     if (method === 'GET') {
         return {
             statusCode: 405,
             headers: { ...CORS_HEADERS, 'Content-Type': 'application/json', Allow: 'POST, DELETE, OPTIONS' },
             body: JSON.stringify({
                 jsonrpc: '2.0',
-                error: { code: -32000, message: 'SSE streaming not supported. Use POST for JSON-RPC requests.' },
+                error: { code: -32000, message: 'SSE streaming not supported on this endpoint. Use POST for JSON-RPC requests.' },
                 id: null
             })
         };