@graphmemory/server 1.3.0 → 1.3.1

package/dist/api/index.js

@@ -47,6 +47,7 @@ const embedder_1 = require("../lib/embedder");
 const index_1 = require("../api/rest/index");
 const websocket_1 = require("../api/rest/websocket");
 const access_1 = require("../lib/access");
+const defaults_1 = require("../lib/defaults");
 const multi_config_1 = require("../lib/multi-config");
 const docs_1 = require("../graphs/docs");
 const code_1 = require("../graphs/code");
@@ -314,13 +315,12 @@ function createMcpServer(docGraph, codeGraph, knowledgeGraph, fileIndexGraph, ta
 // ---------------------------------------------------------------------------
 // HTTP transport (Streamable HTTP)
 // ---------------------------------------------------------------------------
-const MAX_BODY_SIZE = 10 * 1024 * 1024; // 10 MB
 async function collectBody(req) {
     const chunks = [];
     let size = 0;
     for await (const chunk of req) {
         size += chunk.length;
-        if (size > MAX_BODY_SIZE)
+        if (size > defaults_1.MAX_BODY_SIZE)
             throw new Error('Request body too large');
         chunks.push(chunk);
     }
@@ -338,7 +338,7 @@ async function startHttpServer(host, port, sessionTimeoutMs, docGraph, codeGraph
                 process.stderr.write(`[http] Session ${sid} timed out\n`);
             }
         }
-    }, 60_000);
+    }, defaults_1.SESSION_SWEEP_INTERVAL_MS);
     sweepInterval.unref();
     const httpServer = http_1.default.createServer(async (req, res) => {
         try {
@@ -401,7 +401,7 @@ async function startMultiProjectHttpServer(host, port, sessionTimeoutMs, project
                 process.stderr.write(`[http] Session ${sid} (project: ${s.projectId}) timed out\n`);
             }
         }
-    }, 60_000);
+    }, defaults_1.SESSION_SWEEP_INTERVAL_MS);
     sweepInterval.unref();
     // Express app handles /api/* routes
     const restApp = (0, index_1.createRestApp)(projectManager, restOptions);

package/dist/api/rest/code.js

@@ -50,7 +50,8 @@ function createCodeRouter() {
             const symbol = p.codeManager.getSymbol(symbolId);
             if (!symbol)
                 return res.status(404).json({ error: 'Symbol not found' });
-            res.json(symbol);
+            const { embedding: _, fileEmbedding: _fe, ...rest } = symbol;
+            res.json(rest);
         }
         catch (err) {
             next(err);

package/dist/api/rest/docs.js

@@ -52,7 +52,8 @@ function createDocsRouter() {
             const node = p.docManager.getNode(nodeId);
             if (!node)
                 return res.status(404).json({ error: 'Node not found' });
-            res.json(node);
+            const { embedding: _, ...rest } = node;
+            res.json(rest);
         }
         catch (err) {
             next(err);

package/dist/api/rest/embed.js

@@ -8,6 +8,7 @@ const crypto_1 = __importDefault(require("crypto"));
 const express_1 = require("express");
 const zod_1 = require("zod");
 const embedder_1 = require("../../lib/embedder");
+const embedding_codec_1 = require("../../lib/embedding-codec");
 /**
  * Create an Express router for the embedding API.
  * POST /api/embed — embed texts using the server's embedding model.
@@ -16,6 +17,7 @@ function createEmbedRouter(apiConfig, modelName) {
     const router = (0, express_1.Router)();
     const embedRequestSchema = zod_1.z.object({
         texts: zod_1.z.array(zod_1.z.string().max(apiConfig.maxTextChars)).min(1).max(apiConfig.maxTexts),
+        format: zod_1.z.enum(['json', 'base64']).optional().default('json'),
     });
     router.post('/', async (req, res, next) => {
         try {
@@ -34,7 +36,12 @@ function createEmbedRouter(apiConfig, modelName) {
             const parsed = embedRequestSchema.parse(req.body);
             const inputs = parsed.texts.map(text => ({ title: text, content: '' }));
             const embeddings = await (0, embedder_1.embedBatch)(inputs, modelName);
-            res.json({ embeddings });
+            if (parsed.format === 'base64') {
+                res.json({ embeddings: embeddings.map(e => (0, embedding_codec_1.float32ToBase64)(e)), format: 'base64' });
+            }
+            else {
+                res.json({ embeddings });
+            }
         }
         catch (err) {
             if (err?.name === 'ZodError') {

package/dist/api/rest/index.js

@@ -24,6 +24,7 @@ const graph_1 = require("../../api/rest/graph");
 const tools_1 = require("../../api/rest/tools");
 const embed_1 = require("../../api/rest/embed");
 const team_1 = require("../../lib/team");
+const defaults_1 = require("../../lib/defaults");
 /**
  * Express middleware: reject if accessLevel (set by requireGraphAccess) is not 'rw'.
  * Use on POST/PUT/DELETE routes inside domain routers.
@@ -59,10 +60,10 @@ function createRestApp(projectManager, options) {
     const rl = serverConfig?.rateLimit;
     const rateLimitMsg = { error: 'Too many requests, please try again later' };
     if (rl && rl.global > 0) {
-        app.use('/api/', (0, express_rate_limit_1.default)({ windowMs: 60_000, max: rl.global, standardHeaders: true, legacyHeaders: false, message: rateLimitMsg }));
+        app.use('/api/', (0, express_rate_limit_1.default)({ windowMs: defaults_1.RATE_LIMIT_WINDOW_MS, max: rl.global, standardHeaders: true, legacyHeaders: false, message: rateLimitMsg }));
     }
     if (rl && rl.search > 0) {
-        const searchLimiter = (0, express_rate_limit_1.default)({ windowMs: 60_000, max: rl.search, standardHeaders: true, legacyHeaders: false, message: rateLimitMsg });
+        const searchLimiter = (0, express_rate_limit_1.default)({ windowMs: defaults_1.RATE_LIMIT_WINDOW_MS, max: rl.search, standardHeaders: true, legacyHeaders: false, message: rateLimitMsg });
         app.use('/api/projects/:projectId/knowledge/search', searchLimiter);
         app.use('/api/projects/:projectId/tasks/search', searchLimiter);
         app.use('/api/projects/:projectId/skills/search', searchLimiter);
@@ -72,7 +73,7 @@ function createRestApp(projectManager, options) {
         app.use('/api/embed', searchLimiter);
     }
     if (rl && rl.auth > 0) {
-        app.use('/api/auth/login', (0, express_rate_limit_1.default)({ windowMs: 60_000, max: rl.auth, standardHeaders: true, legacyHeaders: false, message: rateLimitMsg }));
+        app.use('/api/auth/login', (0, express_rate_limit_1.default)({ windowMs: defaults_1.RATE_LIMIT_WINDOW_MS, max: rl.auth, standardHeaders: true, legacyHeaders: false, message: rateLimitMsg }));
     }
     const jwtSecret = serverConfig?.jwtSecret;
     const accessTokenTtl = serverConfig?.accessTokenTtl ?? '15m';

package/dist/api/rest/knowledge.js

@@ -11,7 +11,8 @@ const multer_1 = __importDefault(require("multer"));
 const validation_1 = require("../../api/rest/validation");
 const index_1 = require("../../api/rest/index");
 const manager_types_1 = require("../../graphs/manager-types");
-const upload = (0, multer_1.default)({ storage: multer_1.default.memoryStorage(), limits: { fileSize: 50 * 1024 * 1024 } });
+const defaults_1 = require("../../lib/defaults");
+const upload = (0, multer_1.default)({ storage: multer_1.default.memoryStorage(), limits: { fileSize: defaults_1.MAX_UPLOAD_SIZE } });
 function createKnowledgeRouter() {
     const router = (0, express_1.Router)({ mergeParams: true });
     function getProject(req) {
@@ -52,7 +53,8 @@ function createKnowledgeRouter() {
             const note = p.knowledgeManager.getNote(req.params.noteId);
             if (!note)
                 return res.status(404).json({ error: 'Note not found' });
-            res.json(note);
+            const { embedding: _, ...rest } = note;
+            res.json(rest);
         }
         catch (err) {
             next(err);

package/dist/api/rest/skills.js

@@ -11,7 +11,8 @@ const multer_1 = __importDefault(require("multer"));
 const validation_1 = require("../../api/rest/validation");
 const index_1 = require("../../api/rest/index");
 const manager_types_1 = require("../../graphs/manager-types");
-const upload = (0, multer_1.default)({ storage: multer_1.default.memoryStorage(), limits: { fileSize: 50 * 1024 * 1024 } });
+const defaults_1 = require("../../lib/defaults");
+const upload = (0, multer_1.default)({ storage: multer_1.default.memoryStorage(), limits: { fileSize: defaults_1.MAX_UPLOAD_SIZE } });
 function createSkillsRouter() {
     const router = (0, express_1.Router)({ mergeParams: true });
     function getProject(req) {

package/dist/api/rest/tasks.js

@@ -11,7 +11,8 @@ const multer_1 = __importDefault(require("multer"));
 const validation_1 = require("../../api/rest/validation");
 const index_1 = require("../../api/rest/index");
 const manager_types_1 = require("../../graphs/manager-types");
-const upload = (0, multer_1.default)({ storage: multer_1.default.memoryStorage(), limits: { fileSize: 50 * 1024 * 1024 } });
+const defaults_1 = require("../../lib/defaults");
+const upload = (0, multer_1.default)({ storage: multer_1.default.memoryStorage(), limits: { fileSize: defaults_1.MAX_UPLOAD_SIZE } });
 function createTasksRouter() {
     const router = (0, express_1.Router)({ mergeParams: true });
     function getProject(req) {

package/dist/api/rest/validation.js

@@ -4,6 +4,7 @@ exports.attachmentFilenameSchema = exports.linkedQuerySchema = exports.graphExpo
 exports.validateBody = validateBody;
 exports.validateQuery = validateQuery;
 const zod_1 = require("zod");
+const defaults_1 = require("../../lib/defaults");
 function validateBody(schema) {
     return (req, _res, next) => {
         req.body = schema.parse(req.body);
@@ -20,14 +21,14 @@ function validateQuery(schema) {
 // Knowledge schemas
 // ---------------------------------------------------------------------------
 exports.createNoteSchema = zod_1.z.object({
-    title: zod_1.z.string().min(1).max(500),
-    content: zod_1.z.string().max(1_000_000),
-    tags: zod_1.z.array(zod_1.z.string().max(100)).max(100).optional().default([]),
+    title: zod_1.z.string().min(1).max(defaults_1.MAX_TITLE_LEN),
+    content: zod_1.z.string().max(defaults_1.MAX_NOTE_CONTENT_LEN),
+    tags: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_TAG_LEN)).max(defaults_1.MAX_TAGS_COUNT).optional().default([]),
 });
 exports.updateNoteSchema = zod_1.z.object({
-    title: zod_1.z.string().min(1).max(500).optional(),
-    content: zod_1.z.string().max(1_000_000).optional(),
-    tags: zod_1.z.array(zod_1.z.string().max(100)).max(100).optional(),
+    title: zod_1.z.string().min(1).max(defaults_1.MAX_TITLE_LEN).optional(),
+    content: zod_1.z.string().max(defaults_1.MAX_NOTE_CONTENT_LEN).optional(),
+    tags: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_TAG_LEN)).max(defaults_1.MAX_TAGS_COUNT).optional(),
     version: zod_1.z.number().int().positive().optional(),
 });
 exports.createRelationSchema = zod_1.z.object({
@@ -38,8 +39,8 @@ exports.createRelationSchema = zod_1.z.object({
     projectId: zod_1.z.string().min(1).optional(),
 });
 exports.noteSearchSchema = zod_1.z.object({
-    q: zod_1.z.string().min(1).max(2000),
-    topK: zod_1.z.coerce.number().int().positive().max(500).optional(),
+    q: zod_1.z.string().min(1).max(defaults_1.MAX_SEARCH_QUERY_LEN),
+    topK: zod_1.z.coerce.number().int().positive().max(defaults_1.MAX_SEARCH_TOP_K).optional(),
     minScore: zod_1.z.coerce.number().min(0).max(1).optional(),
     searchMode: zod_1.z.enum(['hybrid', 'vector', 'keyword']).optional(),
 });
@@ -52,24 +53,24 @@ exports.noteListSchema = zod_1.z.object({
 // Task schemas
 // ---------------------------------------------------------------------------
 exports.createTaskSchema = zod_1.z.object({
-    title: zod_1.z.string().min(1).max(500),
-    description: zod_1.z.string().max(500_000).default(''),
+    title: zod_1.z.string().min(1).max(defaults_1.MAX_TITLE_LEN),
+    description: zod_1.z.string().max(defaults_1.MAX_DESCRIPTION_LEN).default(''),
     status: zod_1.z.enum(['backlog', 'todo', 'in_progress', 'review', 'done', 'cancelled']).default('todo'),
     priority: zod_1.z.enum(['critical', 'high', 'medium', 'low']).default('medium'),
-    tags: zod_1.z.array(zod_1.z.string().max(100)).max(100).optional().default([]),
+    tags: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_TAG_LEN)).max(defaults_1.MAX_TAGS_COUNT).optional().default([]),
     dueDate: zod_1.z.number().nullable().optional(),
     estimate: zod_1.z.number().nullable().optional(),
-    assignee: zod_1.z.string().max(100).nullable().optional(),
+    assignee: zod_1.z.string().max(defaults_1.MAX_ASSIGNEE_LEN).nullable().optional(),
 });
 exports.updateTaskSchema = zod_1.z.object({
-    title: zod_1.z.string().min(1).max(500).optional(),
-    description: zod_1.z.string().max(500_000).optional(),
+    title: zod_1.z.string().min(1).max(defaults_1.MAX_TITLE_LEN).optional(),
+    description: zod_1.z.string().max(defaults_1.MAX_DESCRIPTION_LEN).optional(),
     status: zod_1.z.enum(['backlog', 'todo', 'in_progress', 'review', 'done', 'cancelled']).optional(),
     priority: zod_1.z.enum(['critical', 'high', 'medium', 'low']).optional(),
-    tags: zod_1.z.array(zod_1.z.string().max(100)).max(100).optional(),
+    tags: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_TAG_LEN)).max(defaults_1.MAX_TAGS_COUNT).optional(),
     dueDate: zod_1.z.number().nullable().optional(),
     estimate: zod_1.z.number().nullable().optional(),
-    assignee: zod_1.z.string().max(100).nullable().optional(),
+    assignee: zod_1.z.string().max(defaults_1.MAX_ASSIGNEE_LEN).nullable().optional(),
     version: zod_1.z.number().int().positive().optional(),
 });
 exports.moveTaskSchema = zod_1.z.object({
@@ -84,8 +85,8 @@ exports.createTaskLinkSchema = zod_1.z.object({
     projectId: zod_1.z.string().min(1).optional(),
 });
 exports.taskSearchSchema = zod_1.z.object({
-    q: zod_1.z.string().min(1).max(2000),
-    topK: zod_1.z.coerce.number().int().positive().max(500).optional(),
+    q: zod_1.z.string().min(1).max(defaults_1.MAX_SEARCH_QUERY_LEN),
+    topK: zod_1.z.coerce.number().int().positive().max(defaults_1.MAX_SEARCH_TOP_K).optional(),
     minScore: zod_1.z.coerce.number().min(0).max(1).optional(),
     searchMode: zod_1.z.enum(['hybrid', 'vector', 'keyword']).optional(),
 });
@@ -101,8 +102,8 @@ exports.taskListSchema = zod_1.z.object({
 // Search schemas (docs, code, files)
 // ---------------------------------------------------------------------------
 exports.searchQuerySchema = zod_1.z.object({
-    q: zod_1.z.string().min(1).max(2000),
-    topK: zod_1.z.coerce.number().int().positive().max(500).optional(),
+    q: zod_1.z.string().min(1).max(defaults_1.MAX_SEARCH_QUERY_LEN),
+    topK: zod_1.z.coerce.number().int().positive().max(defaults_1.MAX_SEARCH_TOP_K).optional(),
     minScore: zod_1.z.coerce.number().min(0).max(1).optional(),
     searchMode: zod_1.z.enum(['hybrid', 'vector', 'keyword']).optional(),
 });
@@ -127,24 +128,24 @@ exports.fileListSchema = zod_1.z.object({
 // Skill schemas
 // ---------------------------------------------------------------------------
 exports.createSkillSchema = zod_1.z.object({
-    title: zod_1.z.string().min(1).max(500),
-    description: zod_1.z.string().max(500_000).default(''),
-    steps: zod_1.z.array(zod_1.z.string().max(10_000)).max(100).optional().default([]),
-    triggers: zod_1.z.array(zod_1.z.string().max(500)).max(50).optional().default([]),
-    inputHints: zod_1.z.array(zod_1.z.string().max(500)).max(50).optional().default([]),
-    filePatterns: zod_1.z.array(zod_1.z.string().max(500)).max(50).optional().default([]),
-    tags: zod_1.z.array(zod_1.z.string().max(100)).max(100).optional().default([]),
+    title: zod_1.z.string().min(1).max(defaults_1.MAX_TITLE_LEN),
+    description: zod_1.z.string().max(defaults_1.MAX_DESCRIPTION_LEN).default(''),
+    steps: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_SKILL_STEP_LEN)).max(defaults_1.MAX_SKILL_STEPS_COUNT).optional().default([]),
+    triggers: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_SKILL_TRIGGER_LEN)).max(defaults_1.MAX_SKILL_TRIGGERS_COUNT).optional().default([]),
+    inputHints: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_SKILL_TRIGGER_LEN)).max(defaults_1.MAX_SKILL_TRIGGERS_COUNT).optional().default([]),
+    filePatterns: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_SKILL_TRIGGER_LEN)).max(defaults_1.MAX_SKILL_TRIGGERS_COUNT).optional().default([]),
+    tags: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_TAG_LEN)).max(defaults_1.MAX_TAGS_COUNT).optional().default([]),
     source: zod_1.z.enum(['user', 'learned']).default('user'),
     confidence: zod_1.z.number().min(0).max(1).default(1),
 });
 exports.updateSkillSchema = zod_1.z.object({
-    title: zod_1.z.string().min(1).max(500).optional(),
-    description: zod_1.z.string().max(500_000).optional(),
-    steps: zod_1.z.array(zod_1.z.string().max(10_000)).max(100).optional(),
-    triggers: zod_1.z.array(zod_1.z.string().max(500)).max(50).optional(),
-    inputHints: zod_1.z.array(zod_1.z.string().max(500)).max(50).optional(),
-    filePatterns: zod_1.z.array(zod_1.z.string().max(500)).max(50).optional(),
-    tags: zod_1.z.array(zod_1.z.string().max(100)).max(100).optional(),
+    title: zod_1.z.string().min(1).max(defaults_1.MAX_TITLE_LEN).optional(),
+    description: zod_1.z.string().max(defaults_1.MAX_DESCRIPTION_LEN).optional(),
+    steps: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_SKILL_STEP_LEN)).max(defaults_1.MAX_SKILL_STEPS_COUNT).optional(),
+    triggers: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_SKILL_TRIGGER_LEN)).max(defaults_1.MAX_SKILL_TRIGGERS_COUNT).optional(),
+    inputHints: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_SKILL_TRIGGER_LEN)).max(defaults_1.MAX_SKILL_TRIGGERS_COUNT).optional(),
+    filePatterns: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_SKILL_TRIGGER_LEN)).max(defaults_1.MAX_SKILL_TRIGGERS_COUNT).optional(),
+    tags: zod_1.z.array(zod_1.z.string().max(defaults_1.MAX_TAG_LEN)).max(defaults_1.MAX_TAGS_COUNT).optional(),
     source: zod_1.z.enum(['user', 'learned']).optional(),
     confidence: zod_1.z.number().min(0).max(1).optional(),
     version: zod_1.z.number().int().positive().optional(),
@@ -157,8 +158,8 @@ exports.createSkillLinkSchema = zod_1.z.object({
     projectId: zod_1.z.string().min(1).optional(),
 });
 exports.skillSearchSchema = zod_1.z.object({
-    q: zod_1.z.string().min(1).max(2000),
-    topK: zod_1.z.coerce.number().int().positive().max(500).optional(),
+    q: zod_1.z.string().min(1).max(defaults_1.MAX_SEARCH_QUERY_LEN),
+    topK: zod_1.z.coerce.number().int().positive().max(defaults_1.MAX_SEARCH_TOP_K).optional(),
     minScore: zod_1.z.coerce.number().min(0).max(1).optional(),
     searchMode: zod_1.z.enum(['hybrid', 'vector', 'keyword']).optional(),
 });
@@ -179,9 +180,9 @@ exports.graphExportSchema = zod_1.z.object({
 // ---------------------------------------------------------------------------
 exports.linkedQuerySchema = zod_1.z.object({
     targetGraph: zod_1.z.enum(['docs', 'code', 'files', 'knowledge', 'tasks', 'skills']),
-    targetNodeId: zod_1.z.string().min(1).max(500),
-    kind: zod_1.z.string().max(100).optional(),
-    projectId: zod_1.z.string().max(200).optional(),
+    targetNodeId: zod_1.z.string().min(1).max(defaults_1.MAX_TARGET_NODE_ID_LEN),
+    kind: zod_1.z.string().max(defaults_1.MAX_LINK_KIND_LEN).optional(),
+    projectId: zod_1.z.string().max(defaults_1.MAX_PROJECT_ID_LEN).optional(),
 });
 // ---------------------------------------------------------------------------
 // Attachment schemas
@@ -189,7 +190,7 @@ exports.linkedQuerySchema = zod_1.z.object({
 /** Validates an attachment filename (path param). No path separators, no .., no dangerous chars. */
 exports.attachmentFilenameSchema = zod_1.z.string()
     .min(1)
-    .max(255)
+    .max(defaults_1.MAX_ATTACHMENT_FILENAME_LEN)
     .refine(s => !/[/\\]/.test(s), 'Filename must not contain path separators')
     .refine(s => !s.includes('..'), 'Filename must not contain ..')
     .refine(s => !s.includes('\0'), 'Filename must not contain null bytes')

package/dist/api/rest/websocket.js

@@ -3,10 +3,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.attachWebSocket = attachWebSocket;
 const ws_1 = require("ws");
 const jwt_1 = require("../../lib/jwt");
+const defaults_1 = require("../../lib/defaults");
 /**
  * Attach a WebSocket server to the HTTP server at /api/ws.
  * Broadcasts all ProjectManager events to connected clients.
  * Each event includes projectId — clients filter on their side.
+ * Returns a handle with a cleanup function to remove all listeners.
  */
 function attachWebSocket(httpServer, projectManager, options) {
     const wss = new ws_1.WebSocketServer({ noServer: true });
@@ -55,7 +57,8 @@ function attachWebSocket(httpServer, projectManager, options) {
             }
         }
     }
-    // Subscribe to ProjectManager events
+    // Subscribe to ProjectManager events (track handlers for cleanup)
+    const listeners = [];
     const events = [
         'note:created', 'note:updated', 'note:deleted',
         'note:attachment:added', 'note:attachment:deleted',
@@ -66,14 +69,16 @@ function attachWebSocket(httpServer, projectManager, options) {
         'project:indexed',
     ];
     for (const eventType of events) {
-        projectManager.on(eventType, (data) => {
+        const handler = (data) => {
             broadcast({ projectId: data.projectId, type: eventType, data });
-        });
+        };
+        projectManager.on(eventType, handler);
+        listeners.push([eventType, handler]);
     }
     // Debounced graph:updated from indexer
     let graphUpdateTimer;
     let pendingGraphUpdates = new Map();
-    projectManager.on('graph:updated', (data) => {
+    const graphHandler = (data) => {
         const key = data.projectId;
         if (!pendingGraphUpdates.has(key))
             pendingGraphUpdates.set(key, []);
@@ -85,8 +90,20 @@ function attachWebSocket(httpServer, projectManager, options) {
                 }
                 pendingGraphUpdates = new Map();
                 graphUpdateTimer = undefined;
-            }, 1000);
+            }, defaults_1.WS_DEBOUNCE_MS);
         }
-    });
-    return wss;
+    };
+    projectManager.on('graph:updated', graphHandler);
+    listeners.push(['graph:updated', graphHandler]);
+    function cleanup() {
+        for (const [event, handler] of listeners) {
+            projectManager.removeListener(event, handler);
+        }
+        if (graphUpdateTimer) {
+            clearTimeout(graphUpdateTimer);
+            graphUpdateTimer = undefined;
+        }
+        pendingGraphUpdates.clear();
+    }
+    return { wss, cleanup };
 }

package/dist/api/tools/knowledge/add-attachment.js

@@ -7,6 +7,7 @@ exports.register = register;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
 const zod_1 = require("zod");
+const defaults_1 = require("../../../lib/defaults");
 function register(server, mgr) {
     server.registerTool('add_note_attachment', {
         description: 'Attach a file to a note. Provide the absolute path to a local file. ' +
@@ -28,7 +29,7 @@ function register(server, mgr) {
         if (!stat.isFile()) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'Path is not a regular file' }) }], isError: true };
         }
-        if (stat.size > 50 * 1024 * 1024) {
+        if (stat.size > defaults_1.MAX_UPLOAD_SIZE) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'File exceeds 50 MB limit' }) }], isError: true };
         }
         const data = fs_1.default.readFileSync(resolved);

package/dist/api/tools/skills/add-attachment.js

@@ -7,6 +7,7 @@ exports.register = register;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
 const zod_1 = require("zod");
+const defaults_1 = require("../../../lib/defaults");
 function register(server, mgr) {
     server.registerTool('add_skill_attachment', {
         description: 'Attach a file to a skill. Provide the absolute path to a local file. ' +
@@ -28,7 +29,7 @@ function register(server, mgr) {
         if (!stat.isFile()) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'Path is not a regular file' }) }], isError: true };
         }
-        if (stat.size > 50 * 1024 * 1024) {
+        if (stat.size > defaults_1.MAX_UPLOAD_SIZE) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'File exceeds 50 MB limit' }) }], isError: true };
         }
         const data = fs_1.default.readFileSync(resolved);

package/dist/api/tools/tasks/add-attachment.js

@@ -7,6 +7,7 @@ exports.register = register;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
 const zod_1 = require("zod");
+const defaults_1 = require("../../../lib/defaults");
 function register(server, mgr) {
     server.registerTool('add_task_attachment', {
         description: 'Attach a file to a task. Provide the absolute path to a local file. ' +
@@ -28,7 +29,7 @@ function register(server, mgr) {
         if (!stat.isFile()) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'Path is not a regular file' }) }], isError: true };
         }
-        if (stat.size > 50 * 1024 * 1024) {
+        if (stat.size > defaults_1.MAX_UPLOAD_SIZE) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'File exceeds 50 MB limit' }) }], isError: true };
         }
         const data = fs_1.default.readFileSync(resolved);

package/dist/cli/index.js

@@ -14,11 +14,12 @@ const jwt_1 = require("../lib/jwt");
 const project_manager_1 = require("../lib/project-manager");
 const embedder_1 = require("../lib/embedder");
 const index_1 = require("../api/index");
+const defaults_1 = require("../lib/defaults");
 const program = new commander_1.Command();
 program
     .name('graphmemory')
     .description('MCP server for semantic graph memory from markdown docs and source code')
-    .version('1.3.0');
+    .version('1.3.1');
 const parseIntArg = (v) => parseInt(v, 10);
 // ---------------------------------------------------------------------------
 // Helper: load config from file, or fall back to default (cwd as single project)
@@ -211,7 +212,7 @@ program
         const forceTimer = setTimeout(() => {
             process.stderr.write('[serve] Shutdown timeout, force exit\n');
             process.exit(1);
-        }, 5000);
+        }, defaults_1.GRACEFUL_SHUTDOWN_TIMEOUT_MS);
         try {
             httpServer.close();
             // Destroy all open connections (including WebSocket) so the server can close
@@ -324,8 +325,8 @@ usersCmd
             process.stderr.write('Invalid email format\n');
             process.exit(1);
         }
-        if (password.length > 256) {
-            process.stderr.write('Password too long (max 256)\n');
+        if (password.length > defaults_1.MAX_PASSWORD_LEN) {
+            process.stderr.write(`Password too long (max ${defaults_1.MAX_PASSWORD_LEN})\n`);
             process.exit(1);
         }
         const pwHash = await (0, jwt_1.hashPassword)(password);

package/dist/cli/indexer.js

@@ -13,6 +13,7 @@ const docs_2 = require("../graphs/docs");
 const code_1 = require("../lib/parsers/code");
 const code_2 = require("../graphs/code");
 const watcher_1 = require("../lib/watcher");
+const defaults_1 = require("../lib/defaults");
 const knowledge_1 = require("../graphs/knowledge");
 const task_1 = require("../graphs/task");
 const skill_1 = require("../graphs/skill");
@@ -103,7 +104,7 @@ function createProjectIndexer(docGraph, codeGraph, config, knowledgeGraph, fileI
         const rootChunk = chunks.find(c => c.level === 1);
         const embedText = rootChunk?.title
             ? `${fileId} ${rootChunk.title}`
-            : `${fileId} ${rootChunk?.content.slice(0, 200) ?? ''}`;
+            : `${fileId} ${rootChunk?.content.slice(0, defaults_1.INDEXER_PREVIEW_LEN) ?? ''}`;
         batchInputs.push({ title: embedText, content: '' });
         const embeddings = await (0, embedder_1.embedBatch)(batchInputs, config.docsModelName);
         for (let i = 0; i < chunks.length; i++) {

package/dist/graphs/attachment-types.js

@@ -36,10 +36,15 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_ATTACHMENTS_PER_ENTITY = exports.MAX_ATTACHMENT_SIZE = void 0;
 exports.scanAttachments = scanAttachments;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const mime_1 = __importDefault(require("mime"));
+/** Maximum size of a single attachment in bytes (10 MB). */
+exports.MAX_ATTACHMENT_SIZE = 10 * 1024 * 1024;
+/** Maximum number of attachments per entity (note/task/skill). */
+exports.MAX_ATTACHMENTS_PER_ENTITY = 20;
 /**
  * Scan the attachments/ subdirectory of an entity directory.
  * Returns metadata for each file found.

package/dist/graphs/code.js

@@ -22,6 +22,8 @@ const code_1 = require("../lib/search/code");
 const files_1 = require("../lib/search/files");
 const bm25_1 = require("../lib/search/bm25");
 const embedding_codec_1 = require("../lib/embedding-codec");
+const graph_persistence_1 = require("../lib/graph-persistence");
+const defaults_1 = require("../lib/defaults");
 // ---------------------------------------------------------------------------
 // CRUD
 // ---------------------------------------------------------------------------
@@ -87,10 +89,10 @@ function resolvePendingImports(graph) {
 }
 /**
  * Resolve pending extends/implements edges after all files have been indexed.
- * Searches the entire graph for nodes matching toName (by symbol name).
+ * When multiple candidates share the same name, prefers the one whose file
+ * is imported by the source file (falls back to first match).
  */
 function resolvePendingEdges(graph) {
-    // Build name → nodeId index for fast lookup
     const nameIndex = new Map();
     graph.forEachNode((id, attrs) => {
         if (attrs.kind === 'class' || attrs.kind === 'interface') {
@@ -99,6 +101,18 @@ function resolvePendingEdges(graph) {
             nameIndex.set(attrs.name, list);
         }
     });
+    // Build file → imported file IDs index for disambiguation
+    const fileImports = new Map();
+    graph.forEachNode((id, attrs) => {
+        if (attrs.kind === 'file') {
+            const imported = new Set();
+            graph.forEachOutEdge(id, (_edge, edgeAttrs, _src, target) => {
+                if (edgeAttrs.kind === 'imports')
+                    imported.add(target);
+            });
+            fileImports.set(id, imported);
+        }
+    });
     let created = 0;
     graph.forEachNode((id, attrs) => {
         if (!attrs.pendingEdges || attrs.pendingEdges.length === 0)
@@ -107,8 +121,20 @@ function resolvePendingEdges(graph) {
         for (const edge of attrs.pendingEdges) {
             const candidates = nameIndex.get(edge.toName);
             if (candidates && candidates.length > 0 && graph.hasNode(edge.from)) {
-                // Use first match (ambiguity is rare in practice)
-                const toId = candidates[0];
+                let toId;
+                if (candidates.length === 1) {
+                    toId = candidates[0];
+                }
+                else {
+                    // Disambiguate: prefer candidate whose file is imported by edge.from's file
+                    const fromFileId = edge.from.split('::')[0];
+                    const imports = fileImports.get(fromFileId);
+                    const match = imports && candidates.find(c => {
+                        const cFileId = c.split('::')[0];
+                        return imports.has(cFileId);
+                    });
+                    toId = match ?? candidates[0];
+                }
                 if (toId !== edge.from && !graph.hasEdge(edge.from, toId)) {
                     graph.addEdgeWithKey(`${edge.from}→${toId}`, edge.from, toId, { kind: edge.kind });
                     created++;
@@ -142,7 +168,7 @@ function getCodeFileMtime(graph, fileId) {
     return graph.getNodeAttribute(nodes[0], 'mtime');
 }
 /** List all indexed files with symbol counts. */
-function listCodeFiles(graph, filter, limit = 20) {
+function listCodeFiles(graph, filter, limit = defaults_1.LIST_LIMIT_SMALL) {
     const files = new Map();
     const lowerFilter = filter?.toLowerCase();
     graph.forEachNode((_, attrs) => {
@@ -182,10 +208,10 @@ function loadCodeGraph(graphMemory, fresh = false, embeddingFingerprint) {
     if (fresh)
         return graph;
     const file = path_1.default.join(graphMemory, 'code.json');
-    if (!fs_1.default.existsSync(file))
+    const data = (0, graph_persistence_1.readJsonWithTmpFallback)(file);
+    if (!data)
         return graph;
     try {
-        const data = JSON.parse(fs_1.default.readFileSync(file, 'utf-8'));
         const stored = data.embeddingModel;
         if (embeddingFingerprint && stored !== embeddingFingerprint) {
             process.stderr.write(`[code-graph] Embedding config changed, re-indexing code graph\n`);
@@ -207,7 +233,7 @@ class CodeGraphManager {
     _graph;
     embedFns;
     ext;
-    _bm25Index = new bm25_1.BM25Index((attrs) => `${attrs.name} ${attrs.signature} ${attrs.docComment} ${attrs.body}`);
+    _bm25Index = new bm25_1.BM25Index((attrs) => `${attrs.name} ${attrs.signature} ${attrs.docComment} ${attrs.body.slice(0, defaults_1.BM25_BODY_MAX_CHARS)}`);
     constructor(_graph, embedFns, ext = {}) {
         this._graph = _graph;
         this.embedFns = embedFns;