@equilateral_ai/mindmeld 3.4.0 → 3.5.1

package/src/handlers/mcp/mindmeldMcpHandler.js

@@ -1,582 +1,17 @@
 /**
- * MindMeld MCP Server — Lambda Handler
+ * MindMeld MCP Server — API Gateway Lambda Handler
  *
- * Standards injection and governance for AI-assisted development via MCP.
- * Implements JSON-RPC 2.0 over HTTP (Streamable HTTP transport).
+ * Thin wrapper over mindmeldMcpCore for API Gateway (REST) transport.
+ * Business logic lives in src/handlers/helpers/mindmeldMcpCore.js.
  *
  * POST /api/mcp/mindmeld - JSON-RPC messages
- * GET  /api/mcp/mindmeld - 405 (SSE not supported in Lambda)
+ * GET  /api/mcp/mindmeld - 405 (use Function URL for SSE)
  * DELETE /api/mcp/mindmeld - 200 (session close, no-op)
  *
- * Auth: X-MindMeld-Token header (API token, not Cognito)
- * Separate from JARVIS MCP (agent orchestration) — this serves
- * external MCP clients (Cline, Claude Code) for standards injection.
+ * Auth: X-MindMeld-Token header OR Authorization: Bearer token
  */
 
-const { executeQuery } = require('./dbOperations');
-const crypto = require('crypto');
-
-const SERVER_INFO = {
-    name: 'mindmeld',
-    version: '0.1.0',
-    description: 'Standards injection and governance for AI-assisted development'
-};
-
-const PROTOCOL_VERSION = '2025-03-26';
-
-const CORS_HEADERS = {
-    'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Methods': 'POST, GET, DELETE, OPTIONS',
-    'Access-Control-Allow-Headers': 'Content-Type, Accept, Mcp-Session-Id, X-MindMeld-Token',
-};
-
-// ============================================================
-// Category Weights (same as standardsRelevantPost.js)
-// ============================================================
-
-const CATEGORY_WEIGHTS = {
-    'serverless-saas-aws': 1.0,
-    'frontend-development': 1.0,
-    'database': 0.9,
-    'backend': 0.9,
-    'compliance-security': 0.9,
-    'deployment': 0.8,
-    'testing': 0.7,
-    'real-time-systems': 0.7,
-    'well-architected': 0.7,
-    'cost-optimization': 0.7,
-    'multi-agent-orchestration': 0.1,
-};
-
-// ============================================================
-// Tool Definitions
-// ============================================================
-
-const TOOLS = [
-    {
-        name: 'mindmeld_init_session',
-        description: 'Initialize a MindMeld standards injection session. Scans project context, identifies relevant standards, returns injected rules and session token.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                project_path: { type: 'string', description: 'Absolute path to the project root' },
-                task_description: { type: 'string', description: 'Optional: what the developer intends to work on this session' },
-                team_id: { type: 'string', description: 'Team identifier for corpus lookup. Uses personal corpus if omitted.' }
-            },
-            required: ['project_path']
-        }
-    },
-    {
-        name: 'mindmeld_record_correction',
-        description: 'Record a correction to AI output. Feeds the standards maturity pipeline. Corrections drive pattern detection and eventually promote to Provisional standards.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                session_id: { type: 'string', description: 'Session token from mindmeld_init_session' },
-                original_output: { type: 'string', description: 'What the AI generated' },
-                corrected_output: { type: 'string', description: 'What the developer changed it to' },
-                correction_note: { type: 'string', description: 'Optional: developer explanation of why the correction was made' },
-                file_context: { type: 'string', description: 'Optional: filename or path where correction occurred' }
-            },
-            required: ['session_id', 'original_output', 'corrected_output']
-        }
-    },
-    {
-        name: 'mindmeld_get_standards',
-        description: 'On-demand lookup for specific standards or maturity status. Use for UI display, not injection — mindmeld_init_session handles injection.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                team_id: { type: 'string', description: 'Team identifier (optional, resolved from token)' },
-                filter: {
-                    type: 'object',
-                    properties: {
-                        maturity: { type: 'array', items: { type: 'string' }, description: 'Filter by maturity: provisional, solidified, reinforced' },
-                        standard_name: { type: 'string', description: 'Filter by standard name (partial match)' },
-                        limit: { type: 'integer', description: 'Max results (default 20)' }
-                    }
-                }
-            }
-        }
-    }
-];
-
-// ============================================================
-// Auth: API Token Validation
-// ============================================================
-
-async function validateApiToken(headers) {
-    const token = headers['x-mindmeld-token'] || headers['X-MindMeld-Token'];
-    if (!token) {
-        return { error: 'auth_invalid', message: 'X-MindMeld-Token header is required' };
-    }
-
-    const tokenHash = crypto.createHash('sha256').update(token).digest('hex');
-
-    const result = await executeQuery(`
-        SELECT t.token_id, t.email_address, t.client_id, t.company_id,
-               c.subscription_tier, c.subscription_status
-        FROM rapport.api_tokens t
-        JOIN rapport.clients c ON t.client_id = c.client_id
-        WHERE t.token_hash = $1
-          AND t.status = 'active'
-    `, [tokenHash]);
-
-    if (result.rows.length === 0) {
-        return { error: 'auth_invalid', message: 'Invalid or expired API token' };
-    }
-
-    const row = result.rows[0];
-
-    // Require active subscription (no free tier)
-    if (!row.subscription_tier || row.subscription_tier === 'free') {
-        return { error: 'auth_invalid', message: 'Active MindMeld subscription required. Subscribe at app.mindmeld.dev' };
-    }
-
-    // Fire-and-forget: update usage stats
-    executeQuery(
-        'UPDATE rapport.api_tokens SET last_used_at = NOW(), request_count = request_count + 1 WHERE token_id = $1',
-        [row.token_id]
-    ).catch(() => {});
-
-    return {
-        user: {
-            email: row.email_address,
-            client_id: row.client_id,
-            company_id: row.company_id,
-            subscription_tier: row.subscription_tier
-        }
-    };
-}
-
-// ============================================================
-// Relevance Scoring (same algorithm as standardsRelevantPost.js)
-// ============================================================
-
-function rankStandards(standards, recentCategories) {
-    return standards.map(standard => {
-        let score = 0;
-        score += (standard.correlation || 1.0) * 40;
-
-        const maturityScores = { enforced: 30, validated: 20, recommended: 10, provisional: 5 };
-        score += maturityScores[standard.maturity] || 0;
-
-        const categoryWeight = CATEGORY_WEIGHTS[standard.category] || 0.5;
-        score += categoryWeight * 20;
-
-        if (standard.applicable_files && standard.applicable_files.length > 0) score += 5;
-        if (standard.cost_impact && standard.cost_impact.severity === 'critical') score += 10;
-
-        if (standard.anti_patterns) {
-            const apCount = Array.isArray(standard.anti_patterns)
-                ? standard.anti_patterns.length
-                : Object.keys(standard.anti_patterns).length;
-            if (apCount > 0) score += 5;
-        }
-
-        const isWorkflow = (standard.rule && standard.rule.startsWith('WORKFLOW:'))
-            || (Array.isArray(standard.keywords) && standard.keywords.includes('workflow'));
-        if (isWorkflow) score += 10;
-
-        if (recentCategories && recentCategories[standard.category]) {
-            const usageCount = recentCategories[standard.category];
-            let rawBonus;
-            if (usageCount >= 8) rawBonus = 25;
-            else if (usageCount >= 4) rawBonus = 18;
-            else rawBonus = 10;
-            score += rawBonus * categoryWeight;
-        }
-
-        return { ...standard, relevance_score: Math.round(score * 10) / 10 };
-    }).sort((a, b) => b.relevance_score - a.relevance_score);
-}
-
-// ============================================================
-// Formatted Injection (same format as hooks/session-start.js)
-// ============================================================
-
-function formatInjection(sessionId, standards) {
-    const sections = [];
-
-    sections.push('# MindMeld Standards Injection');
-    sections.push(`<!-- session:${sessionId} -->`);
-    sections.push('');
-    sections.push('\u00A9 2025 Equilateral AI (Pareidolia LLC). All rights reserved.');
-    sections.push('Licensed for use within MindMeld platform only. Redistribution prohibited.');
-    sections.push('');
-
-    if (standards.length > 0) {
-        sections.push('## Relevant Standards');
-        sections.push('');
-
-        for (const standard of standards) {
-            sections.push(`### ${standard.element}`);
-            sections.push(`**Category**: ${standard.category}`);
-            sections.push(`**Rule**: ${standard.rule}`);
-
-            if (standard.examples && standard.examples.length > 0) {
-                const example = standard.examples[0];
-                const exampleCode = typeof example === 'string' ? example : (example?.code || example?.description || '');
-                if (exampleCode) {
-                    sections.push('');
-                    sections.push('**Example**:');
-                    sections.push('```javascript');
-                    sections.push(exampleCode);
-                    sections.push('```');
-                }
-            }
-
-            if (standard.anti_patterns && standard.anti_patterns.length > 0) {
-                sections.push('');
-                sections.push('**Anti-patterns**:');
-                for (const ap of standard.anti_patterns) {
-                    const desc = typeof ap === 'string' ? ap : (ap?.description || '');
-                    if (desc) sections.push(`- \u274C ${desc}`);
-                }
-            }
-
-            sections.push('');
-        }
-    }
-
-    sections.push('---');
-    sections.push('*Context provided by MindMeld - mindmeld.dev*');
-
-    return sections.join('\n');
-}
-
-// ============================================================
-// Tool Implementations
-// ============================================================
-
-async function callTool(name, args, user) {
-    switch (name) {
-        case 'mindmeld_init_session':
-            return await toolInitSession(args, user);
-        case 'mindmeld_record_correction':
-            return await toolRecordCorrection(args, user);
-        case 'mindmeld_get_standards':
-            return await toolGetStandards(args, user);
-        default:
-            throw new Error(`Unknown tool: ${name}`);
-    }
-}
-
-async function toolInitSession(args, user) {
-    const { project_path, task_description } = args;
-    const sessionId = crypto.randomUUID();
-
-    // Try to match project by name for the user's company
-    let projectId = null;
-    if (project_path) {
-        const projectName = project_path.split('/').filter(Boolean).pop();
-        try {
-            const projectResult = await executeQuery(`
-                SELECT project_id FROM rapport.projects
-                WHERE company_id = $1 AND LOWER(project_name) = LOWER($2)
-                LIMIT 1
-            `, [user.company_id, projectName]);
-            if (projectResult.rows.length > 0) {
-                projectId = projectResult.rows[0].project_id;
-            }
-        } catch (err) {
-            console.error('[MCP] Project lookup failed:', err.message);
-        }
-    }
-
-    // Get recency data for scoring boost
-    const recentCategories = {};
-    try {
-        const recencyResult = await executeQuery(`
-            SELECT sp.category, COUNT(*) as usage_count
-            FROM rapport.session_standards ss
-            JOIN rapport.sessions s ON s.session_id = ss.session_id
-            JOIN rapport.standards_patterns sp ON sp.pattern_id = ss.standard_id
-            WHERE s.email_address = $1
-                AND s.started_at >= NOW() - INTERVAL '7 days'
-            GROUP BY sp.category
-            ORDER BY usage_count DESC LIMIT 5
-        `, [user.email]);
-        for (const row of recencyResult.rows) {
-            recentCategories[row.category] = parseInt(row.usage_count, 10);
-        }
-    } catch (err) {
-        console.error('[MCP] Recency query failed:', err.message);
-    }
-
-    // Default to broad categories (no filesystem scanning in Lambda)
-    const categories = [
-        'serverless-saas-aws', 'frontend-development', 'database', 'backend',
-        'compliance-security', 'well-architected', 'cost-optimization', 'deployment', 'testing'
-    ];
-
-    // Merge recency categories
-    for (const cat of Object.keys(recentCategories)) {
-        if (!categories.includes(cat)) categories.push(cat);
-    }
-
-    // Query standards
-    const result = await executeQuery(`
-        SELECT pattern_id, element, title, rule, category, keywords, correlation,
-               maturity, applicable_files, anti_patterns, examples, cost_impact, source
-        FROM rapport.standards_patterns
-        WHERE category = ANY($1::varchar[])
-          AND maturity IN ('enforced', 'validated', 'recommended')
-        ORDER BY CASE WHEN maturity = 'enforced' THEN 1 WHEN maturity = 'validated' THEN 2 ELSE 3 END,
-                 correlation DESC
-    `, [categories]);
-
-    if (result.rows.length === 0) {
-        return {
-            content: [{ type: 'text', text: JSON.stringify({ error: 'corpus_empty', message: 'No standards found in corpus' }) }],
-            isError: true
-        };
-    }
-
-    // Rank, deduplicate, apply diversity caps
-    let ranked = rankStandards(result.rows, recentCategories);
-
-    const seenElements = new Set();
-    ranked = ranked.filter(s => {
-        if (seenElements.has(s.element)) return false;
-        seenElements.add(s.element);
-        return true;
-    });
-
-    const MAX_PER_CATEGORY = 2;
-    const MAX_PER_TITLE = 1;
-    const top = [];
-    const categoryCounts = {};
-    const titleCounts = {};
-    for (const standard of ranked) {
-        const cat = standard.category;
-        const title = standard.title || standard.element;
-        categoryCounts[cat] = (categoryCounts[cat] || 0) + 1;
-        titleCounts[title] = (titleCounts[title] || 0) + 1;
-        if (categoryCounts[cat] <= MAX_PER_CATEGORY && titleCounts[title] <= MAX_PER_TITLE) {
-            top.push(standard);
-            if (top.length >= 10) break;
-        }
-    }
-
-    // Format injection markdown
-    const formattedInjection = formatInjection(sessionId, top);
-
-    // Fire-and-forget: record session + standards
-    executeQuery(`
-        INSERT INTO rapport.sessions (session_id, project_id, email_address, started_at, session_data)
-        VALUES ($1, $2, $3, NOW(), $4)
-        ON CONFLICT (session_id) DO NOTHING
-    `, [sessionId, projectId, user.email, JSON.stringify({ source: 'mcp', task_description: task_description || null })])
-        .catch(err => console.error('[MCP] Session record failed:', err.message));
-
-    for (const standard of top) {
-        executeQuery(`
-            INSERT INTO rapport.session_standards (session_id, standard_id, standard_name, relevance_score, created_at)
-            VALUES ($1, $2, $3, $4, NOW())
-            ON CONFLICT (session_id, standard_id) DO UPDATE SET relevance_score = EXCLUDED.relevance_score
-        `, [sessionId, standard.pattern_id, standard.element, standard.relevance_score])
-            .catch(err => console.error('[MCP] Standard record failed:', err.message));
-    }
-
-    // Get corpus size for summary
-    let corpusSize = result.rows.length;
-    try {
-        const countResult = await executeQuery('SELECT COUNT(*) as cnt FROM rapport.standards_patterns');
-        corpusSize = parseInt(countResult.rows[0].cnt, 10);
-    } catch (err) {
-        // Use result count as fallback
-    }
-
-    const response = {
-        session_id: sessionId,
-        injected_rules: top.map(s => ({
-            rule_id: s.pattern_id,
-            standard: s.element,
-            maturity: s.maturity,
-            text: s.rule,
-            relevance_score: s.relevance_score
-        })),
-        injection_summary: {
-            rule_count: top.length,
-            token_estimate: Math.ceil(formattedInjection.length / 4),
-            standards_matched: ranked.length,
-            corpus_size: corpusSize
-        },
-        formatted_injection: formattedInjection
-    };
-
-    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
-}
-
-async function toolRecordCorrection(args, user) {
-    const { session_id, original_output, corrected_output, correction_note, file_context } = args;
-    const correctionId = crypto.randomUUID();
-
-    // Simple pattern match: check if correction keywords match any existing standard rules
-    let matchedStandardId = null;
-    let patternDetected = false;
-    try {
-        // Extract significant words from the correction
-        const correctionWords = corrected_output.toLowerCase().split(/\s+/).filter(w => w.length > 4);
-        if (correctionWords.length > 0) {
-            const searchTerms = correctionWords.slice(0, 5).join(' | ');
-            const matchResult = await executeQuery(`
-                SELECT pattern_id, element FROM rapport.standards_patterns
-                WHERE to_tsvector('english', rule) @@ to_tsquery('english', $1)
-                LIMIT 1
-            `, [searchTerms]);
-            if (matchResult.rows.length > 0) {
-                matchedStandardId = matchResult.rows[0].pattern_id;
-                patternDetected = true;
-            }
-        }
-    } catch (err) {
-        console.error('[MCP] Pattern match failed:', err.message);
-    }
-
-    // Store correction
-    await executeQuery(`
-        INSERT INTO rapport.mcp_corrections
-            (correction_id, session_id, email_address, company_id, original_output,
-             corrected_output, correction_note, file_context, matched_standard_id, status)
-        VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, 'recorded')
-    `, [correctionId, session_id, user.email, user.company_id,
-        original_output, corrected_output, correction_note || null,
-        file_context || null, matchedStandardId]);
-
-    const response = {
-        correction_id: correctionId,
-        pattern_detected: patternDetected,
-        matched_standard: matchedStandardId,
-        status: 'recorded'
-    };
-
-    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
-}
-
-async function toolGetStandards(args, user) {
-    const filter = args.filter || {};
-    const limit = Math.min(parseInt(filter.limit) || 20, 100);
-    const maturityFilter = filter.maturity;
-    const nameFilter = filter.standard_name;
-
-    let query = `
-        SELECT pattern_id as standard_id, element as name, maturity,
-               COUNT(*) OVER() as total_count,
-               (SELECT COUNT(*) FROM rapport.session_standards WHERE standard_id = sp.pattern_id) as session_count
-        FROM rapport.standards_patterns sp
-        WHERE 1=1
-    `;
-    const params = [];
-
-    if (maturityFilter && Array.isArray(maturityFilter) && maturityFilter.length > 0) {
-        params.push(maturityFilter);
-        query += ` AND maturity = ANY($${params.length}::varchar[])`;
-    }
-
-    if (nameFilter) {
-        params.push(`%${nameFilter}%`);
-        query += ` AND (element ILIKE $${params.length} OR title ILIKE $${params.length})`;
-    }
-
-    query += ` ORDER BY maturity DESC, element ASC`;
-    params.push(limit);
-    query += ` LIMIT $${params.length}`;
-
-    const result = await executeQuery(query, params);
-
-    // Corpus summary
-    const summaryResult = await executeQuery(`
-        SELECT
-            COUNT(*) as total_standards,
-            COUNT(*) FILTER (WHERE maturity = 'enforced') as reinforced_count,
-            COUNT(*) FILTER (WHERE maturity = 'validated') as solidified_count,
-            COUNT(*) FILTER (WHERE maturity IN ('recommended', 'provisional')) as provisional_count
-        FROM rapport.standards_patterns
-    `);
-    const summary = summaryResult.rows[0] || {};
-
-    const response = {
-        standards: result.rows.map(r => ({
-            standard_id: r.standard_id,
-            name: r.name,
-            maturity: r.maturity,
-            rule_count: 1,
-            session_count: parseInt(r.session_count, 10) || 0,
-        })),
-        corpus_summary: {
-            total_standards: parseInt(summary.total_standards, 10) || 0,
-            total_rules: parseInt(summary.total_standards, 10) || 0,
-            reinforced_count: parseInt(summary.reinforced_count, 10) || 0,
-            solidified_count: parseInt(summary.solidified_count, 10) || 0,
-            provisional_count: parseInt(summary.provisional_count, 10) || 0,
-        }
-    };
-
-    return { content: [{ type: 'text', text: JSON.stringify(response, null, 2) }] };
-}
-
-// ============================================================
-// JSON-RPC Message Router
-// ============================================================
-
-async function handleJsonRpc(message, user) {
-    const { method, params, id } = message;
-
-    switch (method) {
-        case 'initialize':
-            return {
-                jsonrpc: '2.0',
-                id,
-                result: {
-                    protocolVersion: PROTOCOL_VERSION,
-                    capabilities: {
-                        tools: { listChanged: false }
-                    },
-                    serverInfo: SERVER_INFO
-                }
-            };
-
-        case 'notifications/initialized':
-            return null;
-
-        case 'ping':
-            return { jsonrpc: '2.0', id, result: {} };
-
-        case 'tools/list':
-            return { jsonrpc: '2.0', id, result: { tools: TOOLS } };
-
-        case 'tools/call': {
-            const { name, arguments: args } = params;
-            try {
-                const result = await callTool(name, args || {}, user);
-                return { jsonrpc: '2.0', id, result };
-            } catch (error) {
-                console.error(`[MCP] Tool ${name} error:`, error.message);
-                return {
-                    jsonrpc: '2.0',
-                    id,
-                    result: {
-                        content: [{ type: 'text', text: JSON.stringify({ error: 'timeout', message: error.message }) }],
-                        isError: true
-                    }
-                };
-            }
-        }
-
-        default:
-            return {
-                jsonrpc: '2.0',
-                id,
-                error: { code: -32601, message: `Method not found: ${method}` }
-            };
-    }
-}
-
-// ============================================================
-// Lambda Handler
-// ============================================================
+const { validateApiToken, handleJsonRpc, CORS_HEADERS } = require('./mindmeldMcpCore');
 
 exports.handler = async (event) => {
     const method = event.httpMethod;
@@ -590,14 +25,14 @@ exports.handler = async (event) => {
         };
     }
 
-    // GET — SSE not supported in Lambda
+    // GET — direct clients to the streaming Function URL
     if (method === 'GET') {
         return {
             statusCode: 405,
             headers: { ...CORS_HEADERS, 'Content-Type': 'application/json', Allow: 'POST, DELETE, OPTIONS' },
             body: JSON.stringify({
                 jsonrpc: '2.0',
-                error: { code: -32000, message: 'SSE streaming not supported. Use POST for JSON-RPC requests.' },
+                error: { code: -32000, message: 'SSE streaming not supported on this endpoint. Use POST for JSON-RPC requests.' },
                 id: null
             })
         };