@jagilber-org/index-server 1.22.0 → 1.26.1

package/dist/services/toolRegistry.js

@@ -10,8 +10,55 @@ exports.getToolRegistry = getToolRegistry;
  */
 const schemas_1 = require("../schemas");
 const featureFlags_1 = require("./featureFlags");
+const envUtils_1 = require("../utils/envUtils");
+const runtimeConfig_1 = require("../config/runtimeConfig");
 // Input schema helpers (keep intentionally permissive if params optional)
 const stringReq = (name) => ({ type: 'object', additionalProperties: false, required: [name], properties: { [name]: { type: 'string' } } });
+const extensionsInputSchema = {
+    type: 'object',
+    additionalProperties: {
+        anyOf: [
+            { type: 'string' },
+            { type: 'number' },
+            { type: 'boolean' },
+            { type: 'array', items: {} },
+            { type: 'object', additionalProperties: true },
+        ],
+    },
+};
+const DANGEROUS_DIAGNOSTIC_TOOLS = new Set([
+    'diagnostics_block',
+    'diagnostics_microtaskFlood',
+    'diagnostics_memoryPressure',
+]);
+function buildInstructionBodyInputSchema(baseDescription) {
+    const maxLength = (0, runtimeConfig_1.getRuntimeConfig)().index.bodyWarnLength;
+    return {
+        type: 'string',
+        maxLength,
+        description: `${baseDescription} Current write limit: ${maxLength} characters via INDEX_SERVER_BODY_WARN_LENGTH. Split oversized content into cross-linked instructions.`,
+    };
+}
+function withDynamicInstructionBodyLimits(name, inputSchema) {
+    const schema = JSON.parse(JSON.stringify(inputSchema));
+    if (name === 'index_add') {
+        const entryProps = schema.properties?.entry?.properties ?? {};
+        entryProps.body = buildInstructionBodyInputSchema('Instruction body.');
+    }
+    else if (name === 'index_import') {
+        const entries = schema.properties?.entries?.oneOf;
+        const arrayVariant = Array.isArray(entries) ? entries.find((candidate) => candidate.type === 'array') : undefined;
+        const itemProps = arrayVariant?.items?.properties ?? {};
+        itemProps.body = buildInstructionBodyInputSchema('Instruction body.');
+    }
+    else if (name === 'index_dispatch') {
+        const props = schema.properties ?? {};
+        const entryProps = props.entry?.properties ?? {};
+        entryProps.body = buildInstructionBodyInputSchema('Instruction body for action="add".');
+        props.body = buildInstructionBodyInputSchema('Flat instruction body for action="add".');
+    }
+    return schema;
+}
 // Explicit param schemas derived from handlers in toolHandlers.ts
 const INPUT_SCHEMAS = {
     // graph export (Phase 1 + Phase 2 enrichment). All params optional.
@@ -47,7 +94,7 @@ const INPUT_SCHEMAS = {
             keywords: { type: 'array', items: { type: 'string' }, description: 'Explicit keyword array for search action when the caller wants direct token control.' },
             ids: { type: 'array', items: { type: 'string' }, description: 'Array of instruction IDs for remove or export actions.' },
             category: { type: 'string', description: 'Filter by category for list action.' },
-            contentType: { type: 'string', description: 'Filter by content type for list, search, or query actions.' },
+            contentType: { type: 'string', enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'], description: 'Filter by content type for list, search, or query actions, or specify the entry content type for add action.' },
             text: { type: 'string', description: 'Full-text search within query action.' },
             includeCategories: { type: 'boolean', description: 'Search categories in addition to id/title/semanticSummary/body for search action.' },
             caseSensitive: { type: 'boolean', description: 'Enable case-sensitive matching for search action.' },
@@ -59,6 +106,15 @@ const INPUT_SCHEMAS = {
             offset: { type: 'number', description: 'Pagination offset (query action).' },
             // Mutation params for add action (flat-param support: agents can pass these at top level instead of nested entry wrapper)
             entry: { type: 'object', description: 'Instruction entry object for add action. Alternatively, pass id/body/title as top-level params.', additionalProperties: true, properties: { id: { type: 'string' }, title: { type: 'string' }, body: { type: 'string' } } },
+            priority: { type: 'number' },
+            audience: { type: 'string' },
+            requirement: { type: 'string' },
+            categories: { type: 'array', items: { type: 'string' } },
+            deprecatedBy: { type: 'string' },
+            riskScore: { type: 'number' },
+            version: { type: 'string' },
+            priorityTier: { type: 'string', enum: ['P1', 'P2', 'P3', 'P4'] },
+            classification: { type: 'string', enum: ['public', 'internal', 'restricted'] },
             overwrite: { type: 'boolean', description: 'Allow overwriting existing instruction (add action).' },
             lax: { type: 'boolean', description: 'Enable lax mode with default fills for missing optional fields (add action).' },
             // Import action params
@@ -66,8 +122,8 @@ const INPUT_SCHEMAS = {
             source: { type: 'string', description: 'Directory path containing .json instruction files to import (import action).' },
             mode: { description: 'Import conflict resolution mode (import action) or groom mode object (groom action).' },
             // Governance update params
-            owner: { type: 'string', description: 'Owner identifier for governanceUpdate action.' },
-            status: { type: 'string', description: 'Governance status for governanceUpdate action.', enum: ['approved', 'draft', 'deprecated'] },
+            owner: { type: 'string', description: 'Owner identifier for governanceUpdate action or add action.' },
+            status: { type: 'string', description: 'Governance status for governanceUpdate action or add action.', enum: ['approved', 'draft', 'review', 'deprecated'] },
             bump: { type: 'string', description: 'Version bump level for governanceUpdate action.', enum: ['patch', 'minor', 'major', 'none'] },
             lastReviewedAt: { type: 'string', description: 'Last review date (ISO 8601) for governanceUpdate action.' },
             nextReviewDue: { type: 'string', description: 'Next review due date (ISO 8601) for governanceUpdate action.' },
@@ -91,8 +147,8 @@ const INPUT_SCHEMAS = {
     // legacy read-only instruction method schemas removed in favor of dispatcher
     'index_import': { type: 'object', additionalProperties: false, properties: {
             entries: { oneOf: [
-                    { type: 'array', minItems: 1, items: { type: 'object', required: ['id', 'title', 'body', 'priority', 'audience', 'requirement'], additionalProperties: true, properties: {
-                                id: { type: 'string' }, title: { type: 'string' }, body: { type: 'string', maxLength: 1000000, description: 'Instruction body (default limit 20K chars, absolute max 1MB). Split oversized content into cross-linked instructions.' }, rationale: { type: 'string' }, priority: { type: 'number' }, audience: { type: 'string' }, requirement: { type: 'string' }, categories: { type: 'array', items: { type: 'string' } }, extensions: { type: 'object', additionalProperties: true }, mode: { type: 'string' }
+                    { type: 'array', minItems: 1, items: { type: 'object', required: ['id', 'title', 'body', 'priority', 'audience', 'requirement'], additionalProperties: false, properties: {
+                                id: { type: 'string' }, title: { type: 'string' }, body: { type: 'string' }, rationale: { type: 'string' }, priority: { type: 'number' }, audience: { type: 'string' }, requirement: { type: 'string' }, categories: { type: 'array', items: { type: 'string' } }, version: { type: 'string' }, owner: { type: 'string' }, status: { type: 'string', enum: ['approved', 'draft', 'review', 'deprecated'] }, priorityTier: { type: 'string', enum: ['P1', 'P2', 'P3', 'P4'] }, classification: { type: 'string', enum: ['public', 'internal', 'restricted'] }, lastReviewedAt: { type: 'string' }, nextReviewDue: { type: 'string' }, semanticSummary: { type: 'string' }, changeLog: { type: 'array', items: { type: 'object', additionalProperties: true } }, contentType: { type: 'string', enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'] }, extensions: extensionsInputSchema, mode: { type: 'string' }
                             } } },
                     { type: 'string', description: 'Stringified JSON array of instruction entries, or a file path to a JSON array of instruction entries' }
                 ] },
@@ -100,8 +156,8 @@ const INPUT_SCHEMAS = {
             mode: { enum: ['skip', 'overwrite'] }
         } },
     'index_add': { type: 'object', additionalProperties: false, required: ['entry'], properties: {
-            entry: { type: 'object', required: ['id', 'body'], additionalProperties: true, properties: {
-                    id: { type: 'string' }, title: { type: 'string' }, body: { type: 'string', maxLength: 1000000, description: 'Instruction body (default limit 20K chars, absolute max 1MB). If content exceeds the limit, split into multiple cross-linked instructions with shared categories.' }, rationale: { type: 'string' }, priority: { type: 'number' }, audience: { type: 'string' }, requirement: { type: 'string' }, categories: { type: 'array', items: { type: 'string' } }, deprecatedBy: { type: 'string' }, riskScore: { type: 'number' }, extensions: { type: 'object', additionalProperties: true }
+            entry: { type: 'object', required: ['id', 'body'], additionalProperties: false, properties: {
+                    id: { type: 'string', maxLength: 120 }, title: { type: 'string' }, body: { type: 'string' }, rationale: { type: 'string' }, priority: { type: 'number' }, audience: { type: 'string' }, requirement: { type: 'string' }, categories: { type: 'array', items: { type: 'string' } }, deprecatedBy: { type: 'string' }, riskScore: { type: 'number' }, version: { type: 'string' }, owner: { type: 'string' }, status: { type: 'string', enum: ['approved', 'draft', 'review', 'deprecated'] }, priorityTier: { type: 'string', enum: ['P1', 'P2', 'P3', 'P4'] }, classification: { type: 'string', enum: ['public', 'internal', 'restricted'] }, lastReviewedAt: { type: 'string' }, nextReviewDue: { type: 'string' }, semanticSummary: { type: 'string' }, changeLog: { type: 'array', items: { type: 'object', additionalProperties: true } }, contentType: { type: 'string', enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'] }, extensions: extensionsInputSchema
                 } },
             overwrite: { type: 'boolean' },
             lax: { type: 'boolean' }
@@ -152,46 +208,6 @@ const INPUT_SCHEMAS = {
             metadata: { type: 'object', additionalProperties: true },
             tags: { type: 'array', maxItems: 10, items: { type: 'string' } }
         } },
-    'feedback_list': { type: 'object', additionalProperties: false, properties: {
-            type: { type: 'string', enum: ['issue', 'status', 'security', 'feature-request', 'bug-report', 'performance', 'usability', 'other'] },
-            severity: { type: 'string', enum: ['low', 'medium', 'high', 'critical'] },
-            status: { type: 'string', enum: ['new', 'acknowledged', 'in-progress', 'resolved', 'closed'] },
-            limit: { type: 'number', minimum: 1, maximum: 200 },
-            offset: { type: 'number', minimum: 0 },
-            since: { type: 'string' },
-            tags: { type: 'array', items: { type: 'string' } }
-        } },
-    'feedback_get': { type: 'object', additionalProperties: false, required: ['id'], properties: {
-            id: { type: 'string' }
-        } },
-    'feedback_update': { type: 'object', additionalProperties: false, required: ['id'], properties: {
-            id: { type: 'string' },
-            status: { type: 'string', enum: ['new', 'acknowledged', 'in-progress', 'resolved', 'closed'] },
-            metadata: { type: 'object', additionalProperties: true }
-        } },
-    'feedback_stats': { type: 'object', additionalProperties: false, properties: {
-            since: { type: 'string' }
-        } },
-    'feedback_health': { type: 'object', additionalProperties: true },
-    // Unified feedback dispatch (002 Phase 2a)
-    'feedback_dispatch': { type: 'object', additionalProperties: true, required: ['action'], properties: {
-            action: { type: 'string', enum: ['submit', 'list', 'get', 'update', 'stats', 'health', 'rate'], description: 'Feedback action to perform.' },
-            instructionId: { type: 'string', description: 'Instruction ID to rate (rate action).' },
-            rating: { type: 'string', enum: ['useful', 'not-useful', 'outdated', 'incomplete'], description: 'Rating value (rate action).' },
-            comment: { type: 'string', maxLength: 1000, description: 'Optional comment with rating (rate action).' },
-            type: { type: 'string', enum: ['issue', 'status', 'security', 'feature-request', 'bug-report', 'performance', 'usability', 'other'] },
-            severity: { type: 'string', enum: ['low', 'medium', 'high', 'critical'] },
-            title: { type: 'string', maxLength: 200 },
-            description: { type: 'string', maxLength: 10000, description: 'Feedback description/body text (submit).' },
-            body: { type: 'string', maxLength: 10000, description: 'Alias for description (submit).' },
-            id: { type: 'string' },
-            status: { type: 'string', enum: ['new', 'acknowledged', 'in-progress', 'resolved', 'closed'] },
-            limit: { type: 'number', minimum: 1, maximum: 200 },
-            offset: { type: 'number', minimum: 0 },
-            since: { type: 'string' },
-            tags: { type: 'array', items: { type: 'string' } },
-            metadata: { type: 'object', additionalProperties: true }
-        } },
     // instructions search tool - PRIMARY discovery mechanism
     'index_search': { type: 'object', additionalProperties: false, required: ['keywords'], properties: {
             keywords: {
@@ -226,9 +242,9 @@ const INPUT_SCHEMAS = {
             token: { type: 'string', description: 'Token for confirm action.' }
         } },
     // diagnostics / test-only tools (not stable)
-    'diagnostics_block': { type: 'object', additionalProperties: false, required: ['ms'], properties: { ms: { type: 'number', minimum: 0, maximum: 10000 } } },
-    'diagnostics_microtaskFlood': { type: 'object', additionalProperties: false, properties: { count: { type: 'number', minimum: 0, maximum: 200000 } } },
-    'diagnostics_memoryPressure': { type: 'object', additionalProperties: false, properties: { mb: { type: 'number', minimum: 1, maximum: 512 } } }
+    'diagnostics_block': { type: 'object', additionalProperties: false, required: ['ms'], properties: { ms: { type: 'number', minimum: 0, maximum: 1000 } } },
+    'diagnostics_microtaskFlood': { type: 'object', additionalProperties: false, properties: { count: { type: 'number', minimum: 0, maximum: 25000 } } },
+    'diagnostics_memoryPressure': { type: 'object', additionalProperties: false, properties: { mb: { type: 'number', minimum: 1, maximum: 64 } } }
 };
 // Inject new schema after definition block (kept outside literal to avoid large diff churn if ordering changes)
 // Provide permissive object with optional includeTrace boolean.
@@ -305,20 +321,19 @@ INPUT_SCHEMAS['trace_dump'] = { type: 'object', additionalProperties: false, pro
         file: { type: 'string', description: 'Optional path to write the trace buffer JSON file' }
     } };
 // Stable & mutation classification lists (mirrors usage in toolHandlers; exported to remove duplication there).
-exports.STABLE = new Set(['health_check', 'graph_export', 'index_dispatch', 'index_search', 'index_governanceHash', 'prompt_review', 'integrity_verify', 'usage_track', 'usage_hotset', 'metrics_snapshot', 'gates_evaluate', 'meta_tools', 'help_overview', 'index_schema', 'feedback_list', 'feedback_get', 'feedback_stats', 'feedback_health', 'manifest_status', 'index_diagnostics', 'meta_activation_guide', 'meta_check_activation', 'feedback_dispatch', 'bootstrap', 'bootstrap_status', 'feature_status', 'index_health', 'index_inspect', 'index_debug', 'integrity_manifest', 'diagnostics_block', 'diagnostics_microtaskFlood', 'diagnostics_memoryPressure', 'messaging_read', 'messaging_list_channels', 'messaging_stats', 'messaging_get', 'messaging_thread', 'trace_dump']);
-exports.MUTATION = new Set(['index_add', 'index_import', 'index_repair', 'index_reload', 'index_remove', 'index_groom', 'index_enrich', 'index_governanceUpdate', 'index_normalize', 'usage_flush', 'feedback_submit', 'feedback_update', 'manifest_refresh', 'manifest_repair', 'promote_from_repo', 'bootstrap_request', 'bootstrap_confirmFinalize', 'messaging_send', 'messaging_ack', 'messaging_update', 'messaging_purge', 'messaging_reply']);
+exports.STABLE = new Set(['health_check', 'graph_export', 'index_dispatch', 'index_search', 'index_governanceHash', 'prompt_review', 'integrity_verify', 'usage_track', 'usage_hotset', 'metrics_snapshot', 'gates_evaluate', 'meta_tools', 'help_overview', 'index_schema', 'manifest_status', 'index_diagnostics', 'meta_activation_guide', 'meta_check_activation', 'bootstrap', 'bootstrap_status', 'feature_status', 'index_health', 'index_inspect', 'index_debug', 'integrity_manifest', 'messaging_read', 'messaging_list_channels', 'messaging_stats', 'messaging_get', 'messaging_thread', 'trace_dump']);
+exports.MUTATION = new Set(['index_add', 'index_import', 'index_repair', 'index_reload', 'index_remove', 'index_groom', 'index_enrich', 'index_governanceUpdate', 'index_normalize', 'usage_flush', 'feedback_submit', 'manifest_refresh', 'manifest_repair', 'promote_from_repo', 'bootstrap_request', 'bootstrap_confirmFinalize', 'messaging_send', 'messaging_ack', 'messaging_update', 'messaging_purge', 'messaging_reply', 'diagnostics_block', 'diagnostics_microtaskFlood', 'diagnostics_memoryPressure']);
 // Tool tier classification (002-tool-consolidation spec)
 // core: always visible, essential daily use
 // extended: opt-in via INDEX_SERVER_FLAG_TOOLS_EXTENDED=1 or flags.json tools_extended:true
 // admin: opt-in via INDEX_SERVER_FLAG_TOOLS_ADMIN=1, rarely needed ops/debug tools
 const TOOL_TIERS = {
-    // Core (7)
+    // Core (7 → 6 after feedback_dispatch removal)
     'health_check': 'core',
     'index_dispatch': 'core',
     'index_search': 'core',
     'prompt_review': 'core',
     'help_overview': 'core',
-    'feedback_dispatch': 'core',
     'bootstrap': 'core',
     // Extended (14)
     'graph_export': 'extended',
@@ -337,8 +352,6 @@ const TOOL_TIERS = {
     'index_schema': 'extended',
     // Admin (everything else)
     'feedback_submit': 'admin',
-    'feedback_list': 'admin',
-    'feedback_get': 'admin',
     'meta_tools': 'admin',
     'meta_activation_guide': 'admin',
     'meta_check_activation': 'admin',
@@ -350,9 +363,6 @@ const TOOL_TIERS = {
     'index_enrich': 'admin',
     'index_normalize': 'admin',
     'usage_flush': 'admin',
-    'feedback_update': 'admin',
-    'feedback_stats': 'admin',
-    'feedback_health': 'admin',
     'manifest_status': 'admin',
     'manifest_refresh': 'admin',
     'manifest_repair': 'admin',
@@ -391,12 +401,18 @@ function resolveActiveTier() {
 function getToolRegistry(filter) {
     const maxTier = filter?.tier ?? resolveActiveTier();
     const maxLevel = TIER_LEVEL[maxTier];
+    const diagnosticsEnabled = (0, envUtils_1.dangerousDiagnosticsEnabled)();
     const entries = [];
     const names = new Set([...exports.STABLE, ...exports.MUTATION]);
     // Ensure we also expose any tools that have schemas even if not in STABLE/MUTATION lists.
-    for (const k of Object.keys(INPUT_SCHEMAS))
+    for (const k of Object.keys(INPUT_SCHEMAS)) {
+        if (!diagnosticsEnabled && DANGEROUS_DIAGNOSTIC_TOOLS.has(k))
+            continue;
         names.add(k);
+    }
     for (const name of Array.from(names).sort()) {
+        if (!diagnosticsEnabled && DANGEROUS_DIAGNOSTIC_TOOLS.has(name))
+            continue;
         const tier = TOOL_TIERS[name] || 'admin';
         if (TIER_LEVEL[tier] > maxLevel)
             continue;
@@ -407,7 +423,7 @@ function getToolRegistry(filter) {
             stable: exports.STABLE.has(name),
             mutation: exports.MUTATION.has(name),
             tier,
-            inputSchema: INPUT_SCHEMAS[name] || { type: 'object' },
+            inputSchema: withDynamicInstructionBodyLimits(name, INPUT_SCHEMAS[name] || { type: 'object' }),
             outputSchema,
             // zodSchema to be attached incrementally by a forthcoming zodRegistry enhancer.
         });
@@ -443,12 +459,6 @@ function describeTool(name) {
         case 'meta_tools': return 'Enumerate available tools & their metadata.';
         // feedback system descriptions
         case 'feedback_submit': return 'Submit feedback entry (issue, status report, security alert, feature request, etc.).';
-        case 'feedback_list': return 'List feedback entries with filtering options (type, severity, status, date range).';
-        case 'feedback_get': return 'Get specific feedback entry by ID with full details.';
-        case 'feedback_update': return 'Update feedback entry status and metadata (admin function).';
-        case 'feedback_stats': return 'Get feedback system statistics and metrics dashboard.';
-        case 'feedback_health': return 'Health check for feedback system storage and configuration.';
-        case 'feedback_dispatch': return 'Unified feedback dispatcher. Actions: submit, list, get, update, stats, health, rate.';
         case 'bootstrap': return 'Unified bootstrap dispatcher. Actions: request, confirm, status.';
         case 'manifest_status': return 'Report index manifest presence and drift summary.';
         case 'manifest_refresh': return 'Rewrite manifest from current index state.';

package/dist/services/toolRegistry.zod.js

@@ -5,6 +5,7 @@ exports.getZodSchema = getZodSchema;
 exports.hasZodSchema = hasZodSchema;
 const zod_1 = require("zod");
 const toolRegistry_1 = require("./toolRegistry");
+const runtimeConfig_1 = require("../config/runtimeConfig");
 /**
  * Complete Zod schema registry for all MCP index tools.
  * Zod schemas provide runtime validation with richer type inference.
@@ -13,6 +14,13 @@ const toolRegistry_1 = require("./toolRegistry");
 // ── Reusable primitives ──────────────────────────────────────────────────────
 const zEmpty = zod_1.z.object({}).passthrough();
 const zStringId = zod_1.z.object({ id: zod_1.z.string().min(1) }).strict();
+const zExtensionValue = zod_1.z.lazy(() => zod_1.z.union([
+    zod_1.z.string(),
+    zod_1.z.number(),
+    zod_1.z.boolean(),
+    zod_1.z.array(zExtensionValue),
+    zod_1.z.record(zod_1.z.string(), zExtensionValue),
+]));
 // ── Index dispatcher ───────────────────────────────────────────────────────
 const zDispatch = zod_1.z.object({
     action: zod_1.z.enum([
@@ -27,7 +35,7 @@ const zDispatch = zod_1.z.object({
     keywords: zod_1.z.array(zod_1.z.string()).optional(),
     ids: zod_1.z.array(zod_1.z.string()).optional(),
     category: zod_1.z.string().optional(),
-    contentType: zod_1.z.string().optional(),
+    contentType: zod_1.z.enum(['instruction', 'template', 'chat-session', 'reference', 'example', 'agent']).optional(),
     text: zod_1.z.string().optional(),
     includeCategories: zod_1.z.boolean().optional(),
     caseSensitive: zod_1.z.boolean().optional(),
@@ -38,13 +46,26 @@ const zDispatch = zod_1.z.object({
     limit: zod_1.z.number().optional(),
     offset: zod_1.z.number().optional(),
     entry: zod_1.z.object({}).passthrough().optional(),
+    title: zod_1.z.string().optional(),
+    body: zod_1.z.string().optional(),
+    rationale: zod_1.z.string().optional(),
+    priority: zod_1.z.number().optional(),
+    audience: zod_1.z.string().optional(),
+    requirement: zod_1.z.string().optional(),
+    categories: zod_1.z.array(zod_1.z.string()).optional(),
+    deprecatedBy: zod_1.z.string().optional(),
+    riskScore: zod_1.z.number().optional(),
+    priorityTier: zod_1.z.enum(['P1', 'P2', 'P3', 'P4']).optional(),
+    classification: zod_1.z.enum(['public', 'internal', 'restricted']).optional(),
+    semanticSummary: zod_1.z.string().optional(),
+    changeLog: zod_1.z.array(zod_1.z.object({}).passthrough()).optional(),
     overwrite: zod_1.z.boolean().optional(),
     lax: zod_1.z.boolean().optional(),
     entries: zod_1.z.union([zod_1.z.array(zod_1.z.object({}).passthrough()), zod_1.z.string()]).optional(),
     source: zod_1.z.string().optional(),
     mode: zod_1.z.unknown().optional(),
     owner: zod_1.z.string().optional(),
-    status: zod_1.z.string().optional(),
+    status: zod_1.z.enum(['approved', 'draft', 'review', 'deprecated']).optional(),
     bump: zod_1.z.enum(['patch', 'minor', 'major', 'none']).optional(),
     lastReviewedAt: zod_1.z.string().optional(),
     nextReviewDue: zod_1.z.string().optional(),
@@ -53,43 +74,62 @@ const zDispatch = zod_1.z.object({
     dryRun: zod_1.z.boolean().optional()
 }).passthrough();
 // ── Index CRUD ─────────────────────────────────────────────────────────────
-const zIndexEntry = zod_1.z.object({
-    id: zod_1.z.string().min(1),
-    title: zod_1.z.string().min(1).optional(),
-    body: zod_1.z.string().min(1).max(1000000),
-    rationale: zod_1.z.string().optional(),
-    priority: zod_1.z.number().int().min(1).max(100).optional(),
-    audience: zod_1.z.string().optional(),
-    requirement: zod_1.z.string().optional(),
-    categories: zod_1.z.array(zod_1.z.string()).max(50).optional(),
-    deprecatedBy: zod_1.z.string().optional(),
-    riskScore: zod_1.z.number().optional(),
-    extensions: zod_1.z.record(zod_1.z.string(), zod_1.z.unknown()).optional()
-}).strict();
-const zAdd = zod_1.z.object({
-    entry: zIndexEntry,
-    overwrite: zod_1.z.boolean().optional(),
-    lax: zod_1.z.boolean().optional()
-}).strict();
-const zImport = zod_1.z.object({
-    entries: zod_1.z.union([
-        zod_1.z.array(zod_1.z.object({
-            id: zod_1.z.string(),
-            title: zod_1.z.string(),
-            body: zod_1.z.string().max(1000000),
-            rationale: zod_1.z.string().optional(),
-            priority: zod_1.z.number(),
-            audience: zod_1.z.string(),
-            requirement: zod_1.z.string(),
-            categories: zod_1.z.array(zod_1.z.string()).optional(),
-            extensions: zod_1.z.record(zod_1.z.string(), zod_1.z.unknown()).optional(),
-            mode: zod_1.z.string().optional()
-        }).passthrough()).min(1),
-        zod_1.z.string()
-    ]).optional(),
-    source: zod_1.z.string().optional(),
-    mode: zod_1.z.enum(['skip', 'overwrite']).optional()
-}).strict();
+function zInstructionBody() {
+    return zod_1.z.string().min(1).max((0, runtimeConfig_1.getRuntimeConfig)().index.bodyWarnLength);
+}
+function buildZIndexEntry() {
+    return zod_1.z.object({
+        id: zod_1.z.string().min(1),
+        title: zod_1.z.string().min(1).optional(),
+        body: zInstructionBody(),
+        rationale: zod_1.z.string().optional(),
+        priority: zod_1.z.number().int().min(1).max(100).optional(),
+        audience: zod_1.z.string().optional(),
+        requirement: zod_1.z.string().optional(),
+        categories: zod_1.z.array(zod_1.z.string()).max(50).optional(),
+        deprecatedBy: zod_1.z.string().optional(),
+        riskScore: zod_1.z.number().optional(),
+        version: zod_1.z.string().optional(),
+        owner: zod_1.z.string().optional(),
+        status: zod_1.z.enum(['approved', 'draft', 'review', 'deprecated']).optional(),
+        priorityTier: zod_1.z.enum(['P1', 'P2', 'P3', 'P4']).optional(),
+        classification: zod_1.z.enum(['public', 'internal', 'restricted']).optional(),
+        lastReviewedAt: zod_1.z.string().optional(),
+        nextReviewDue: zod_1.z.string().optional(),
+        semanticSummary: zod_1.z.string().optional(),
+        changeLog: zod_1.z.array(zod_1.z.object({}).passthrough()).optional(),
+        contentType: zod_1.z.enum(['instruction', 'template', 'chat-session', 'reference', 'example', 'agent']).optional(),
+        extensions: zod_1.z.record(zod_1.z.string(), zExtensionValue).optional()
+    }).strict();
+}
+function buildZAdd() {
+    return zod_1.z.object({
+        entry: buildZIndexEntry(),
+        overwrite: zod_1.z.boolean().optional(),
+        lax: zod_1.z.boolean().optional()
+    }).strict();
+}
+function buildZImport() {
+    return zod_1.z.object({
+        entries: zod_1.z.union([
+            zod_1.z.array(zod_1.z.object({
+                id: zod_1.z.string(),
+                title: zod_1.z.string(),
+                body: zInstructionBody(),
+                rationale: zod_1.z.string().optional(),
+                priority: zod_1.z.number(),
+                audience: zod_1.z.string(),
+                requirement: zod_1.z.string(),
+                categories: zod_1.z.array(zod_1.z.string()).optional(),
+                extensions: zod_1.z.record(zod_1.z.string(), zExtensionValue).optional(),
+                mode: zod_1.z.string().optional()
+            }).passthrough()).min(1),
+            zod_1.z.string()
+        ]).optional(),
+        source: zod_1.z.string().optional(),
+        mode: zod_1.z.enum(['skip', 'overwrite']).optional()
+    }).strict();
+}
 const zRemove = zod_1.z.object({
     ids: zod_1.z.array(zod_1.z.string()).min(1),
     missingOk: zod_1.z.boolean().optional(),
@@ -142,42 +182,6 @@ const zFeedbackSubmit = zod_1.z.object({
     metadata: zod_1.z.object({}).passthrough().optional(),
     tags: zod_1.z.array(zod_1.z.string()).max(10).optional()
 }).strict();
-const zFeedbackList = zod_1.z.object({
-    type: zod_1.z.enum(['issue', 'status', 'security', 'feature-request', 'bug-report', 'performance', 'usability', 'other']).optional(),
-    severity: zod_1.z.enum(['low', 'medium', 'high', 'critical']).optional(),
-    status: zod_1.z.enum(['new', 'acknowledged', 'in-progress', 'resolved', 'closed']).optional(),
-    limit: zod_1.z.number().int().min(1).max(200).optional(),
-    offset: zod_1.z.number().int().min(0).optional(),
-    since: zod_1.z.string().optional(),
-    tags: zod_1.z.array(zod_1.z.string()).optional()
-}).strict();
-const zFeedbackGet = zStringId;
-const zFeedbackUpdate = zod_1.z.object({
-    id: zod_1.z.string().min(1),
-    status: zod_1.z.enum(['new', 'acknowledged', 'in-progress', 'resolved', 'closed']).optional(),
-    metadata: zod_1.z.object({}).passthrough().optional()
-}).strict();
-const zFeedbackStats = zod_1.z.object({
-    since: zod_1.z.string().optional()
-}).strict();
-const zFeedbackDispatch = zod_1.z.object({
-    action: zod_1.z.enum(['submit', 'list', 'get', 'update', 'stats', 'health', 'rate']),
-    instructionId: zod_1.z.string().optional(),
-    rating: zod_1.z.enum(['useful', 'not-useful', 'outdated', 'incomplete']).optional(),
-    comment: zod_1.z.string().max(1000).optional(),
-    type: zod_1.z.enum(['issue', 'status', 'security', 'feature-request', 'bug-report', 'performance', 'usability', 'other']).optional(),
-    severity: zod_1.z.enum(['low', 'medium', 'high', 'critical']).optional(),
-    title: zod_1.z.string().max(200).optional(),
-    description: zod_1.z.string().max(10000).optional(),
-    body: zod_1.z.string().max(10000).optional(),
-    id: zod_1.z.string().optional(),
-    status: zod_1.z.enum(['new', 'acknowledged', 'in-progress', 'resolved', 'closed']).optional(),
-    limit: zod_1.z.number().int().min(1).max(200).optional(),
-    offset: zod_1.z.number().int().min(0).optional(),
-    since: zod_1.z.string().optional(),
-    tags: zod_1.z.array(zod_1.z.string()).optional(),
-    metadata: zod_1.z.object({}).passthrough().optional()
-}).passthrough();
 // ── Usage ────────────────────────────────────────────────────────────────────
 const zUsageTrack = zod_1.z.object({
     id: zod_1.z.string().min(1),
@@ -257,14 +261,11 @@ const zodMap = {
     'index_search': zSearch,
     'prompt_review': zPromptReview,
     'help_overview': zEmpty,
-    'feedback_dispatch': zFeedbackDispatch,
     'bootstrap': zBootstrap,
     // Extended tools
     'graph_export': zGraphExport,
     'usage_track': zUsageTrack,
     'usage_hotset': zHotset,
-    'index_add': zAdd,
-    'index_import': zImport,
     'index_remove': zRemove,
     'index_reload': zEmpty,
     'index_governanceHash': zEmpty,
@@ -276,11 +277,6 @@ const zodMap = {
     'index_schema': zEmpty,
     // Admin tools
     'feedback_submit': zFeedbackSubmit,
-    'feedback_list': zFeedbackList,
-    'feedback_get': zFeedbackGet,
-    'feedback_update': zFeedbackUpdate,
-    'feedback_stats': zFeedbackStats,
-    'feedback_health': zEmpty,
     'meta_tools': zEmpty,
     'meta_activation_guide': zEmpty,
     'meta_check_activation': zMetaCheckActivation,
@@ -305,10 +301,17 @@ const zodMap = {
     'diagnostics_microtaskFlood': zDiagnosticsMicrotaskFlood,
     'diagnostics_memoryPressure': zDiagnosticsMemoryPressure,
 };
+function getZodSchemaForTool(toolName) {
+    if (toolName === 'index_add')
+        return buildZAdd();
+    if (toolName === 'index_import')
+        return buildZImport();
+    return zodMap[toolName];
+}
 function getZodEnhancedRegistry() {
     const base = (0, toolRegistry_1.getToolRegistry)({ tier: 'admin' });
     for (const e of base) {
-        const zSchema = zodMap[e.name];
+        const zSchema = getZodSchemaForTool(e.name);
         if (zSchema) {
             e.zodSchema = zSchema;
         }
@@ -317,9 +320,9 @@ function getZodEnhancedRegistry() {
 }
 /** Get the Zod schema for a specific tool by name */
 function getZodSchema(toolName) {
-    return zodMap[toolName];
+    return getZodSchemaForTool(toolName);
 }
 /** Check if a tool has a Zod schema registered */
 function hasZodSchema(toolName) {
-    return toolName in zodMap;
+    return toolName === 'index_add' || toolName === 'index_import' || toolName in zodMap;
 }

package/dist/services/tracing.js

@@ -12,7 +12,9 @@ exports.getTraceFile = getTraceFile;
 exports.summarizeTraceEnv = summarizeTraceEnv;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
+const crypto_1 = __importDefault(require("crypto"));
 const runtimeConfig_1 = require("../config/runtimeConfig");
+const logger_js_1 = require("./logger.js");
 let cachedLevel = 0;
 let lastLevelCheck = 0;
 let traceStream = null;
@@ -72,7 +74,7 @@ function resolveSessionId() {
         return cachedSessionId;
     const tracing = (0, runtimeConfig_1.getRuntimeConfig)().tracing;
     const provided = tracing.sessionId && tracing.sessionId.trim().length ? tracing.sessionId.trim() : undefined;
-    cachedSessionId = provided || Math.random().toString(36).slice(2, 10); // lgtm[js/insecure-randomness] — trace ID for correlation, not security
+    cachedSessionId = provided || crypto_1.default.randomBytes(4).toString('hex');
     return cachedSessionId;
 }
 function categoriesAllow(label, categories) {
@@ -218,8 +220,7 @@ function emitTrace(label, data, min = 1) {
         rec.func = caller;
     pushBuffer(rec, tracing.buffer);
     try {
-        // eslint-disable-next-line no-console
-        console.error(label, JSON.stringify(rec));
+        (0, logger_js_1.logError)(label, JSON.stringify(rec));
     }
     catch { /* ignore */ }
     if (!(tracing.persist || tracing.file))
@@ -230,7 +231,7 @@ function emitTrace(label, data, min = 1) {
         return;
     const line = `${label} ${JSON.stringify(rec)}\n`;
     try {
-        stream.write(line);
+        stream.write(line); // lgtm[js/http-to-file-access] — trace stream targets config-controlled trace file
         traceBytesWritten += Buffer.byteLength(line);
         rotateIfNeeded();
         if (tracing.fsync) {

package/dist/utils/envUtils.d.ts

@@ -40,3 +40,7 @@ export declare function parseBooleanEnv(envVar: string | undefined, defaultValue
  * @returns boolean value
  */
 export declare function getBooleanEnv(name: string, defaultValue?: boolean): boolean;
+/**
+ * Dangerous diagnostics are only available in explicit debug / stress sessions.
+ */
+export declare function dangerousDiagnosticsEnabled(): boolean;

package/dist/utils/envUtils.js

@@ -10,6 +10,7 @@ exports.isFalsyExtended = isFalsyExtended;
 exports.isDebugOrVerbose = isDebugOrVerbose;
 exports.parseBooleanEnv = parseBooleanEnv;
 exports.getBooleanEnv = getBooleanEnv;
+exports.dangerousDiagnosticsEnabled = dangerousDiagnosticsEnabled;
 // ── Canonical truthy / falsy value sets ──────────────────────────────
 exports.TRUTHY_VALUES = ['1', 'true', 'yes', 'on'];
 exports.FALSY_VALUES = ['0', 'false', 'no', 'off'];
@@ -78,3 +79,9 @@ function parseBooleanEnv(envVar, defaultValue = false) {
 function getBooleanEnv(name, defaultValue = false) {
     return parseBooleanEnv(process.env[name], defaultValue);
 }
+/**
+ * Dangerous diagnostics are only available in explicit debug / stress sessions.
+ */
+function dangerousDiagnosticsEnabled() {
+    return getBooleanEnv('INDEX_SERVER_STRESS_DIAG') || getBooleanEnv('INDEX_SERVER_DEBUG');
+}