@jagilber-org/index-server 1.22.1 → 1.26.4

package/CHANGELOG.md

@@ -4,6 +4,87 @@ All notable changes to this project will be documented in this file.
 
 The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
 
+## [Unreleased]
+
+## [1.26.1] - 2026-04-27
+
+### Fixed
+
+- **CI**: Pinned `gitleaks` to v8.30.1 with SHA256 verification across all 3 jobs (PR, manual, scheduled). The previous `releases/latest` API lookup was racy and broke the workflow when GitHub returned an empty/malformed payload.
+- **Tests**: `certInit.spec.ts` now accepts both `CN=localhost` and `CN = localhost` formats from `openssl x509 -text` (modern openssl emits the spaced form).
+- **Tests**: `bugfixBatch1.spec.ts #135` no longer asserts that `instructions.groom.ts` directly references `isJunkCategory`; it is correctly used transitively via `normalizeCategories`.
+
+## [1.26.0] - 2026-04-26
+
+### Added
+
+- **`--init-cert` CLI switch on `index-server`** to bootstrap a self-signed
+  TLS certificate + key for the admin dashboard via OpenSSL. Exits after
+  generation by default; pair with `--start` to continue normal startup using
+  the generated material (auto-wires `--dashboard-tls`). Supports `--cert-dir`,
+  `--cert-file`, `--key-file`, `--cn`, `--san`, `--days`, `--key-bits`,
+  `--force`, and `--print-env[=posix|powershell|both|auto]`. Path-traversal
+  guarded (SH-4); private key permissions set to `0600` on POSIX. See
+  `docs/cert_init.md`.
+
+### Changed
+
+- `health_check` now reports audit-log health counters while exposing only sanitized audit persistence error messages.
+
+### Removed (breaking — MCP feedback surface)
+
+- **MCP feedback tools collapsed to `feedback_submit` only (#111)**. The following MCP tools have been removed with no deprecation alias and no compatibility shim: `feedback_list`, `feedback_get`, `feedback_update`, `feedback_delete`, `feedback_stats`, `feedback_health`, `feedback_dispatch`. Agents must use `feedback_submit` to file entries. Human-operator CRUD now lives behind dashboard authentication at `GET/POST /admin/feedback`, `GET/PATCH/DELETE /admin/feedback/:id`, sharing the same `feedback/feedback-entries.json` store as the MCP submit path. GitHub issue handoff from the dashboard is browser-side, human-triggered, token-free, and targets `jagilber-org/index-server`. Spec: `specs/111-feedback-mcp-rip-down.md`.
+
+## [1.24.0] - 2026-04-24
+
+### Added
+
+- `IEmbeddingStore` interface with pluggable embedding storage backends.
+- `SqliteEmbeddingStore` — sqlite-vec backed embedding storage with native KNN search via `vec0` virtual table.
+- `JsonEmbeddingStore` — file-based embedding storage adapter with brute-force cosine similarity search.
+- `INDEX_SERVER_SQLITE_VEC_ENABLED` env var — opt-in toggle for sqlite-vec embedding storage (default: off).
+- `INDEX_SERVER_SQLITE_VEC_PATH` env var — custom sqlite-vec native binary path override.
+- `createEmbeddingStore()` factory function with automatic JSON fallback when sqlite-vec is unavailable.
+- `resolveDevice()` — ONNX Runtime backend probe with injectable fallback chain (cuda → dml → cpu).
+- `checkModelReadiness()` — startup check that warns when embedding model is missing with LOCAL_ONLY enabled.
+- `checkNodeVersion()` — runtime version gate with clear error messages for feature-specific Node.js requirements.
+- Embedding migration support: `migrateJsonEmbeddingsToStore()` for JSON → SQLite migration.
+- 62 new embedding-related tests across 8 test files (contract, unit, integration, scenario).
+- Documentation for all new env vars in configuration.md, mcp_configuration.md, vscode_mcp.md, deployment.md, docker_deployment.md, docker-compose.yml, runtime_config_mapping.md.
+- Architecture docs updated with embedding store abstraction diagram and IEmbeddingStore interface reference.
+
+### Fixed
+
+- Fixed dual-write stderr that caused duplicate log entries in VS Code Output panel.
+- Fixed `.Count` on `$null` in `New-CleanRoomCopy.ps1` by wrapping collections in `@()`.
+- Fixed tag-wiping in `Publish-ToMirror.ps1` and `publish-direct-to-remote.cjs` — publish scripts no longer delete existing remote tags (template-repo#47).
+
+### Changed
+
+- Replaced 137 `console.*` calls with structured logger (`logError`/`logWarn`/`logInfo`/`logDebug`) across 27 server-side TypeScript files.
+- Fixed severity misassignment in `promptReviewService.ts` — `logError` → `logWarn`/`logInfo` for non-error messages.
+- Added embedding stress tests and `/api/embeddings/compute` route tests.
+- Fixed `logInfo('')` empty-string calls in `performanceBaseline.ts` — replaced with `logInfo('---')` separators.
+- Fixed `factory.ts` formatting defect (multi-statement single line in sqlite case block).
+- Docker deployment docs now note Alpine/musl limitation for sqlite-vec native binary.
+
+## [1.23.1] - 2026-04-23
+
+### Changed
+
+- Added MCP Registry metadata and aligned the package manifest for MCP-native distribution surfaces.
+- Reworked install and configuration guidance so the MCP-native `npx --setup` flow is primary.
+- Updated release automation for the migration handoff and tightened the private-repo release path so `jagilber-dev` releases do not attempt public npm or MCP Registry publication.
+- Added minimal read-only MCP prompts and resources for setup, configuration, and verification guidance.
+
+### Removed
+
+- Removed the legacy VS Code extension source tree, VSIX workflow, packaged VSIX artifacts, and extension-only release docs.
+
+### Migration Notes
+
+- Existing deployments that previously relied on the unset mutation flag as an implicit read-only default must audit their runtime configuration before upgrading. If a deployment should remain read-only after upgrade, set `INDEX_SERVER_MUTATION=0` explicitly.
+
 ## [1.21.0] - 2026-04-17
 
 ### Added
@@ -203,11 +284,9 @@ The format is based on Keep a Changelog and this project adheres to Semantic Ver
 
 ### Fixed
 
-- **VSIX extension**: Renamed all "Catalog" references to "Index"/"Index Server" in extension UI (commands, walkthrough, settings, README, icon).
 
 ### Added
 
-- **Azure DevOps pipeline**: `azure-pipelines.yml` for private VSIX publishing via ADO.
 
 ## [1.16.0] - 2026-04-01
 
@@ -1352,3 +1431,13 @@ No client changes required. Enable `INDEX_SERVER_MEMOIZE=1` (and optionally `IND
 - Rename catalog_* MCP tools to index_*, add dashboard panel help docs, fix restore script zip support
 
 ## [1.16.2] - 2026-04-02
+
+## [1.26.0] - 2026-04-27
+
+### Added
+
+- Add --init-cert CLI switch for self-signed dashboard TLS bootstrap (PR #233, issue #232)
+
+## [1.26.2] - 2026-04-27
+
+## [1.26.4] - 2026-04-28

package/CODE_OF_CONDUCT.md

@@ -32,6 +32,8 @@ This Code of Conduct applies within all community spaces, including GitHub repos
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer via [GitHub Issues](https://github.com/jagilber-org/index-server/issues) or by contacting the maintainer directly.
 
+> **Private reporting:** If you do not feel comfortable reporting publicly, you may contact the maintainer privately using the email listed in the repository's GitHub profile. Reports will be kept confidential to the extent permitted by law and project operational needs.
+
 All complaints will be reviewed and investigated promptly and fairly. The project maintainer is obligated to respect the privacy and security of the reporter of any incident.
 
 ### Enforcement Guidelines

package/CONTRIBUTING.md

@@ -23,13 +23,43 @@ Maintainers may use additional private development and publishing workflows inte
 
 Use feature branches. Submit PRs to `main`.
 
+## Pull Request Review
+
+Fill out the PR template completely before requesting review.
+
+### Mandatory AI-Generated Code/Test Review
+
+If any code or tests in the PR were generated or materially edited by an AI agent, reviewers MUST confirm all of the following before merge:
+
+- [ ] No placeholder tests: no `placeholder`, `expect(true)`, `expect(1).toBe(1)`, or empty `() => {}` test bodies were introduced
+- [ ] No new `it.skip()` or `describe.skip()` without a linked issue and inline justification
+- [ ] Negative tests exist for handler changes, including invalid input, missing required fields, and non-existent resources where applicable
+- [ ] Mutation-handler tests verify disk truth independently (for example, by reading the filesystem) rather than trusting only the server response
+- [ ] No new `SKIP_OK` markers were added to normalize permanently skipped coverage
+- [ ] Claimed test counts match real coverage and assertions
+- [ ] No hardcoded success values such as `verified: true` or `created: true` were added unless computed from a real check
+- [ ] Agent attestation metadata present on agent-authored commits (AG-4)
+- [ ] Copilot `Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>` trailer present on Copilot-authored commits
+- [ ] Tests added for behavioral changes (unit + integration where the change crosses a layer boundary)
+- [ ] No hardcoded paths or secrets — all tunables routed through `src/config/runtimeConfig.ts` (`npm run guard:env` passes)
+- [ ] `logAudit()` invoked on every mutation success and side-effecting error path
+- [ ] `src/services/toolRegistry.ts` updated for new/changed tools (INPUT_SCHEMAS + STABLE + MUTATION + describeTool) and registered via `src/services/toolHandlers.ts`
+- [ ] Conventional Commit subjects on every commit
+- [ ] If `constitution.json` changed: `pwsh -File scripts/sync-constitution.ps1 -Check` passes and rendered `.md` files are regenerated
+- [ ] Security-sensitive changes carry explicit Morpheus + Tank consensus approvals or a linked `.squad/decisions/` record
+- [ ] Imported external code has a documented source and a `LICENSE`-compatible license, with attribution recorded in `THIRD-PARTY-LICENSES.md` where required
+
+PRs that fail any AI-generated code/test review item must be sent back for correction before merge.
+
+> **Full policy with examples, grep commands, and constitution references:** [`docs/pr_review_checklist.md`](docs/pr_review_checklist.md)
+
 ## Commit Messages
 
 Use conventional style where practical (feat:, fix:, docs:, chore:).
 
 ## Tests
 
-Include unit tests for new logic. Run `npm test` and ensure coverage not reduced.
+Include unit tests for new logic. Run `npm test` for the default fast suite, and use `npm run test:slow` or `npm run test:all` when your change touches heavy integration/perf coverage.
 
 ### Repo Root Policy
 
@@ -50,7 +80,7 @@ All runtime and test tunables must flow through `src/config/runtimeConfig.ts`:
 
 1. If you need a new timing / wait value, extend `INDEX_SERVER_TIMING_JSON` key usage (e.g. `{"featureX.startupWait":5000}`) instead of adding `FEATUREX_STARTUP_WAIT_MS`.
 2. For logging verbosity, use `INDEX_SERVER_LOG_LEVEL` (levels: silent,error,warn,info,debug,trace) or add a trace token to `INDEX_SERVER_TRACE` (comma-separated) rather than a new boolean flag.
-3. For mutation gating, rely on `INDEX_SERVER_MUTATION` (legacy `INDEX_SERVER_MUTATION` is auto-mapped; do not reintroduce it).
+3. For mutation control, rely on `INDEX_SERVER_MUTATION` (`0` forces read-only mode; do not introduce alternate flags).
 4. Fast coverage paths use `INDEX_SERVER_TEST_MODE=coverage-fast`; legacy `FAST_COVERAGE` accepted but should not appear in new code.
 
 If an absolutely new capability requires configuration:

package/README.md

@@ -6,8 +6,6 @@
 [![npm version](https://img.shields.io/github/v/tag/jagilber-org/index-server?label=GitHub%20Packages)](https://github.com/jagilber-org/index-server/packages)
 [![Node.js Version](https://img.shields.io/badge/node-%3E%3D22%20LTS-brightgreen)](package.json)
 [![codecov](https://codecov.io/gh/jagilber-org/index-server/graph/badge.svg)](https://codecov.io/gh/jagilber-org/index-server)
-[![VS Code Marketplace](https://img.shields.io/visual-studio-marketplace/v/jagilber-org.index-server?label=VS%20Code%20Marketplace)](https://marketplace.visualstudio.com/items?itemName=jagilber-org.index-server)
-[![Open VSX](https://img.shields.io/open-vsx/v/jagilber-org/index-server?label=Open%20VSX)](https://open-vsx.org/extension/jagilber-org/index-server)
 
 ---
 
@@ -21,19 +19,45 @@ Index Server is a central knowledge base that AI agents connect to via the [Mode
 
 ---
 
-## Quick Start
+## Quick Start Options
 
-### Path A: npx (zero install)
+### Option A: MCP-native via `npx` (recommended)
+
+Run the latest published package without cloning the repo. Choose this when you want the fastest local start and already have Node.js installed.
+
+Start with the setup wizard so it can generate the right MCP client config for VS Code, Copilot CLI, or Claude Desktop:
+
+```bash
+npx -y @jagilber-org/index-server@latest --setup
+```
+
+To launch the server directly without the wizard:
+
+```bash
+npx -y @jagilber-org/index-server@latest --dashboard
+```
+
+#### Bootstrap HTTPS for the dashboard
+
+Generate a self-signed TLS cert+key in one command (requires `openssl` on PATH):
 
 ```bash
-npx @jagilber-org/index-server@latest --dashboard
+# Generate at ~/.index-server/certs/, then start with HTTPS automatically
+npx -y @jagilber-org/index-server@latest --init-cert --start --dashboard
 ```
 
-### Path B: VS Code Extension
+`--init-cert` alone exits after generation. `--init-cert --start` continues
+into normal startup with the generated cert wired into `--dashboard-tls`
+automatically. See [`docs/cert_init.md`](docs/cert_init.md) for the full
+flag reference, security notes, and troubleshooting.
 
-Install **Index Server** from the [VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=jagilber-org.index-server) or [Open VSX](https://open-vsx.org/extension/jagilber-org/index-server).
+### Option B: VS Code MCP configuration
 
-### Path C: Docker
+Use VS Code's built-in MCP support with `.vscode/mcp.json` or your global `mcp.json`. You can add the server entry manually or run `npx -y @jagilber-org/index-server@latest --setup` to generate the config for you.
+
+### Option C: Docker
+
+Run the server in a container. Choose this when you want isolated runtime dependencies or you are preparing a container-based deployment.
 
 ```bash
 docker compose up        # HTTP on :8787
@@ -42,7 +66,9 @@ docker compose up tls    # HTTPS on :8787 with self-signed certs
 
 See [Docker Deployment Guide](docs/docker_deployment.md) for volumes, environment variables, and production configuration.
 
-### Path D: From source
+### Option D: From source
+
+Clone and build the repository yourself. Choose this when you want to modify the server, run tests locally, or work from the latest source.
 
 ```bash
 git clone https://github.com/jagilber-org/index-server.git
@@ -51,9 +77,12 @@ npm install
 npm run build
 ```
 
-### Configure your MCP client
+## Configure Your MCP Client
 
-Add to VS Code (`.vscode/mcp.json`):
+> **Best practice:** set `INDEX_SERVER_DIR` to a well-known data folder such as `C:/mcp/index-data/instructions` or `~/.index-server/instructions`. Keep it outside VS Code and MCP client config paths so backups and reinstalls do not move or overwrite your catalog.
+
+<details>
+<summary>VS Code (`.vscode/mcp.json`)</summary>
 
 ```jsonc
 {
@@ -62,15 +91,23 @@ Add to VS Code (`.vscode/mcp.json`):
       "type": "stdio",
       "command": "npx",
       "args": [
+        "-y",
         "@jagilber-org/index-server@latest",
         "--dashboard"
-      ]
+      ],
+      "env": {
+        "INDEX_SERVER_DIR": "C:/mcp/index-data/instructions",
+        "INDEX_SERVER_LOG_LEVEL": "info"
+      }
     }
   }
 }
 ```
 
-Copilot CLI (`~/.copilot/mcp-config.json`):
+</details>
+
+<details>
+<summary>Copilot CLI (`~/.copilot/mcp-config.json`)</summary>
 
 ```json
 {
@@ -78,14 +115,21 @@ Copilot CLI (`~/.copilot/mcp-config.json`):
     "index-server": {
       "type": "stdio",
       "command": "npx",
-      "args": ["@jagilber-org/index-server@latest", "--dashboard"],
+      "args": ["-y", "@jagilber-org/index-server@latest", "--dashboard"],
+      "env": {
+        "INDEX_SERVER_DIR": "C:/mcp/index-data/instructions",
+        "INDEX_SERVER_LOG_LEVEL": "info"
+      },
       "tools": ["*"]
     }
   }
 }
 ```
 
-Claude Desktop (`claude_desktop_config.json`):
+</details>
+
+<details>
+<summary>Claude Desktop (`claude_desktop_config.json`)</summary>
 
 ```json
 {
@@ -93,21 +137,38 @@ Claude Desktop (`claude_desktop_config.json`):
     "index-server": {
       "type": "stdio",
       "command": "npx",
-      "args": ["@jagilber-org/index-server@latest", "--dashboard"],
+      "args": ["-y", "@jagilber-org/index-server@latest", "--dashboard"],
+      "env": {
+        "INDEX_SERVER_DIR": "C:/mcp/index-data/instructions",
+        "INDEX_SERVER_LOG_LEVEL": "info"
+      },
       "tools": ["*"]
     }
   }
 }
 ```
 
+</details>
+
 See [MCP Configuration Guide](docs/mcp_configuration.md) for advanced patterns, environment variables, and TLS setup.
 
 ### Verify
 
 - Server appears in your MCP client's server list
 - Run `tools/list` to see 40+ available tools
+- Run `prompts/list` to discover setup/config/verification prompts
+- Run `resources/list` to discover quickstart and configuration guides
 - Dashboard (if enabled) at `http://localhost:8787`
 
+### Built-in MCP prompts and resources
+
+Clients that support MCP prompts/resources can use the built-in read-only setup guidance surface:
+
+- Prompts: `setup_index_server`, `configure_index_server`, `verify_index_server`
+- Resources: `index://guides/quickstart`, `index://guides/client-config`, `index://guides/verification`
+
+These surfaces are intentionally static and read-only. Use them for setup help, config review, and verification/troubleshooting without changing server state.
+
 ### Enable Semantic Search (optional)
 
 Add one env variable to any MCP config above to get embedding-based similarity search:
@@ -199,9 +260,9 @@ See [dashboard.md](docs/dashboard.md) for full details. REST client scripts (`sc
 
 ## Security
 
-Index Server makes **zero telemetry calls** and sends **no data to external services** during normal operation. The dashboard binds to **localhost only** by default. All mutations require explicit enablement and are audit-logged. Fresh installations gate mutations until human confirmation via the bootstrap workflow.
+Index Server makes **zero telemetry calls** and sends **no data to external services** during normal operation. The dashboard binds to **localhost only** by default. Mutations are audit-logged, can be forced read-only with `INDEX_SERVER_MUTATION=0`, and fresh installations gate writes until human confirmation via the bootstrap workflow.
 
-See [SECURITY.md](SECURITY.md) for vulnerability reporting and [Network Privacy Guide](docs/network-privacy.md) for offline deployment and verification.
+See [SECURITY.md](SECURITY.md) for vulnerability reporting, [PRIVACY.md](PRIVACY.md) for data collection policy and optional outbound connections, and [Network Privacy Guide](docs/network-privacy.md) for offline deployment and verification.
 
 ---
 
@@ -210,7 +271,9 @@ See [SECURITY.md](SECURITY.md) for vulnerability reporting and [Network Privacy
 ```bash
 npm install          # Install dependencies
 npm run build        # Build TypeScript
-npm test             # Run test suite
+npm test             # Run the fast default suite
+npm run test:slow    # Run heavy integration/perf tests
+npm run test:all     # Run the full Vitest suite
 npm run typecheck    # Type checking
 npm run lint         # Linting
 ```

package/SECURITY.md

@@ -13,7 +13,7 @@
 
 Please report suspected vulnerabilities privately using one of these methods:
 
-1. **GitHub Security Advisories** (preferred) — create a new advisory on the [public repository](https://github.com/jagilber-org/index-server/security/advisories).
+1. **GitHub Security Advisories** (preferred) — create a new advisory on the [public repository](https://github.com/jagilber-org/index-server/security/advisories). Advisories are always filed against the public mirror (`jagilber-org/index-server`), not the private dev repo.
 2. **Email** — contact the maintainer at the email listed in the repository's GitHub profile.
 
 When reporting, include:
@@ -25,7 +25,7 @@ When reporting, include:
 ### Response Timeline
 
 - **Acknowledgement**: within 48 hours of receipt
-- **Detailed response**: within 7 business days
+- **Detailed response**: within 5 business days
 - **Fix or mitigation**: coordinated with reporter before public disclosure
 
 ## Vulnerability Disclosure
@@ -36,15 +36,27 @@ We follow responsible disclosure practices:
 - Prepare a fix and coordinate a release timeline with the reporter.
 - Credit reporters who wish to be acknowledged in the advisory and changelog.
 
+## Urgent Security Merge Policy
+
+Critical or actively-exploited vulnerabilities may be merged with **zero pre-merge review** when delay would increase exposure risk. The following conditions apply:
+
+1. **Post-merge audit required** — a full code review MUST occur within 24 hours of the merge.
+2. **Commit or PR rationale** — the merge commit and/or PR description must document why the normal review process was bypassed (for example, active exploitation, severity, or blast radius).
+3. **Async reviewer sign-off** — at least one maintainer must provide a reviewing sign-off within 24 hours, confirming the fix is correct and complete.
+4. **Reference the vulnerability** — the commit and/or PR must reference the relevant CVE, advisory, or issue number.
+5. **Scope limit** — this policy applies **only** to critical and actively-exploited vulnerabilities. Non-critical security issues follow the standard review process.
+
+If the post-merge audit reveals problems, a follow-up fix must be prioritized immediately. Abuse of this policy to bypass review for non-critical changes is a process violation.
+
 ## Security Practices
 
 - **Pre-commit hooks** scan for secrets and PII before code leaves the developer machine
 - **Bootstrap gating** — all mutation operations require explicit bootstrap confirmation
 - **Audit logging** — every Index mutation is logged with timestamp, action, and actor
 - **Content scanning** — automated checks before public publishing via dual-repo workflow
-- **Mutation controls** — `INDEX_SERVER_MUTATION` environment variable gates write operations
-- **Auth key support** — optional `INDEX_SERVER_AUTH_KEY` for securing dashboard and API access
+- **Mutation controls** — `INDEX_SERVER_MUTATION=0` forces a read-only runtime when you need to disable write operations explicitly
+- **Auth key support** — `INDEX_SERVER_AUTH_KEY` is documented as an environment variable for dashboard and API access but is **not enforced at runtime** — the server does not check or validate this key on any request path. This is an experimental placeholder. Do not rely on this setting for access control. See [CODE_SECURITY_REVIEW.md](CODE_SECURITY_REVIEW.md) § Security Gaps for implementation status.
 
 ## Hardening Notes
 
-This project includes enterprise hardening (see `HARDENING-DESIGN.md`). Keep auth secrets (`INDEX_SERVER_AUTH_KEY`) private. Avoid committing credentials or tokens.
+This project includes enterprise hardening features (localhost-only dashboard binding, bootstrap gating, audit logging, mutation controls, pre-commit secret scanning). Keep any future auth secrets private. Avoid committing credentials or tokens.

package/dist/config/dashboardConfig.d.ts

@@ -16,6 +16,9 @@ interface DashboardHttpConfig {
     mutationEnabled: boolean;
     adminApiKey?: string;
     rateLimitEnabled: boolean;
+    rateLimitWindowMs: number;
+    rateLimitMax: number;
+    rateLimitMutationMax: number;
     tls: DashboardTlsConfig;
 }
 interface DashboardAdminConfig {

package/dist/config/dashboardConfig.js

@@ -37,6 +37,9 @@ function parseDashboardConfig(mutationEnabled, instructionsBaseDir) {
             mutationEnabled,
             adminApiKey: process.env.INDEX_SERVER_ADMIN_API_KEY || undefined,
             rateLimitEnabled: !(0, envUtils_1.getBooleanEnv)('INDEX_SERVER_DISABLE_RATE_LIMIT'),
+            rateLimitWindowMs: Math.max(1, (0, configUtils_1.numberFromEnv)('INDEX_SERVER_RATE_LIMIT_WINDOW_MS', 60_000)),
+            rateLimitMax: Math.max(0, (0, configUtils_1.numberFromEnv)('INDEX_SERVER_RATE_LIMIT_MAX', 100)),
+            rateLimitMutationMax: Math.max(0, (0, configUtils_1.numberFromEnv)('INDEX_SERVER_RATE_LIMIT_MUTATION_MAX', 20)),
             tls: {
                 enabled: (0, envUtils_1.getBooleanEnv)('INDEX_SERVER_DASHBOARD_TLS'),
                 certPath: process.env.INDEX_SERVER_DASHBOARD_TLS_CERT || undefined,

package/dist/config/defaultValues.d.ts

@@ -25,7 +25,7 @@ export declare const DEFAULT_LIMITS: {
     readonly MAX_FEEDBACK_ENTRIES: 1000;
     readonly MAX_MESSAGES: 10000;
     readonly MAX_SESSION_HISTORY: 200;
-    readonly BODY_WARN_LENGTH: 100000;
+    readonly BODY_WARN_LENGTH: 50000;
     readonly BODY_MIN_LENGTH: 1000;
     readonly BODY_MAX_LENGTH: 1000000;
     readonly AUTO_BACKUP_MAX_COUNT: 10;

package/dist/config/defaultValues.js

@@ -30,7 +30,7 @@ exports.DEFAULT_LIMITS = {
     MAX_FEEDBACK_ENTRIES: 1000,
     MAX_MESSAGES: 10000,
     MAX_SESSION_HISTORY: 200,
-    BODY_WARN_LENGTH: 100000,
+    BODY_WARN_LENGTH: 50000,
     BODY_MIN_LENGTH: 1000,
     BODY_MAX_LENGTH: 1000000,
     AUTO_BACKUP_MAX_COUNT: 10,

package/dist/config/featureConfig.d.ts

@@ -56,6 +56,8 @@ export interface StorageConfig {
     sqlitePath: string;
     sqliteWal: boolean;
     sqliteMigrateOnStart: boolean;
+    sqliteVecEnabled: boolean;
+    sqliteVecPath: string;
 }
 export declare function parseStorageConfig(): StorageConfig;
 export {};

package/dist/config/featureConfig.js

@@ -110,12 +110,17 @@ function parseStorageConfig() {
     const raw = (process.env.INDEX_SERVER_STORAGE_BACKEND || 'json').toLowerCase();
     const backend = (raw === 'sqlite' ? 'sqlite' : 'json');
     if (backend === 'sqlite') {
-        console.warn('[config] ⚠️  EXPERIMENTAL: SQLite storage backend selected. Limited testing has been performed. Use at your own risk.');
+        try {
+            process.stderr.write(JSON.stringify({ ts: new Date().toISOString(), level: 'WARN', msg: '[config] EXPERIMENTAL: SQLite storage backend selected. Limited testing has been performed. Use at your own risk.', pid: process.pid }) + '\n');
+        }
+        catch { /* ignore */ }
     }
     return {
         backend,
         sqlitePath: (0, configUtils_1.toAbsolute)(process.env.INDEX_SERVER_SQLITE_PATH, path_1.default.join(configUtils_1.CWD, dirConstants_1.DIR.DATA_SQLITE)),
         sqliteWal: (0, envUtils_1.parseBooleanEnv)(process.env.INDEX_SERVER_SQLITE_WAL, true),
         sqliteMigrateOnStart: (0, envUtils_1.parseBooleanEnv)(process.env.INDEX_SERVER_SQLITE_MIGRATE_ON_START, true),
+        sqliteVecEnabled: (0, envUtils_1.parseBooleanEnv)(process.env.INDEX_SERVER_SQLITE_VEC_ENABLED, false),
+        sqliteVecPath: process.env.INDEX_SERVER_SQLITE_VEC_PATH || '',
     };
 }

package/dist/config/runtimeConfig.d.ts

@@ -45,7 +45,7 @@ interface IndexConfig {
     govHash: IndexGovernanceConfig;
     maxFiles?: number;
     loadWarningThreshold?: number;
-    /** Configurable warn/truncate/reject threshold for instruction body length (default 100000). */
+    /** Configurable warn/truncate/reject threshold for instruction body length (default 50000). */
     bodyWarnLength: number;
     /** Hard maximum body character length — schema reject ceiling, always 1MB. Not configurable. */
     bodyMaxLength: number;

package/dist/config/runtimeConfig.js

@@ -105,12 +105,10 @@ function parseBufferRing() {
     return { append: append ?? true, preload };
 }
 function parseMutation() {
-    if (process.env.INDEX_SERVER_MUTATION) {
-        if (process.env.INDEX_SERVER_MUTATION === '1' || process.env.INDEX_SERVER_MUTATION === 'true')
-            return true;
-        return false;
-    }
-    return false;
+    const raw = process.env.INDEX_SERVER_MUTATION;
+    if (raw === undefined)
+        return true;
+    return (0, envUtils_1.parseBooleanEnv)(raw, false);
 }
 function parseCoverage() {
     const fast = process.env.INDEX_SERVER_COVERAGE_FAST === '1' || process.env.INDEX_SERVER_TEST_MODE === 'coverage-fast';
@@ -171,7 +169,10 @@ function parseIndexConfig() {
     const bodyMaxLength = defaultValues_1.DEFAULT_LIMITS.BODY_MAX_LENGTH;
     // Warn about removed legacy env var
     if (process.env.INDEX_SERVER_BODY_MAX_LENGTH !== undefined) {
-        console.warn('[runtimeConfig] INDEX_SERVER_BODY_MAX_LENGTH is no longer recognized. Use INDEX_SERVER_BODY_WARN_LENGTH instead (default: 100000).');
+        try {
+            process.stderr.write(JSON.stringify({ ts: new Date().toISOString(), level: 'WARN', msg: '[runtimeConfig] INDEX_SERVER_BODY_MAX_LENGTH is no longer recognized. Use INDEX_SERVER_BODY_WARN_LENGTH instead (default: 50000).', pid: process.pid }) + '\n');
+        }
+        catch { /* ignore */ }
     }
     return {
         mode: deriveIndexMode(),
@@ -271,7 +272,6 @@ function applyProfileDefaults(profile) {
         setDefault('INDEX_SERVER_SEMANTIC_ENABLED', '1');
         setDefault('INDEX_SERVER_SEMANTIC_LOCAL_ONLY', '0');
         setDefault('INDEX_SERVER_LOG_FILE', '1');
-        setDefault('INDEX_SERVER_MUTATION', '1');
         setDefault('INDEX_SERVER_DASHBOARD_TLS', '1');
         setDefault('INDEX_SERVER_METRICS_FILE_STORAGE', '1');
         setDefault('INDEX_SERVER_FEATURES', 'usage');
@@ -280,7 +280,6 @@ function applyProfileDefaults(profile) {
         setDefault('INDEX_SERVER_SEMANTIC_ENABLED', '1');
         setDefault('INDEX_SERVER_SEMANTIC_LOCAL_ONLY', '0');
         setDefault('INDEX_SERVER_LOG_FILE', '1');
-        setDefault('INDEX_SERVER_MUTATION', '1');
         setDefault('INDEX_SERVER_DASHBOARD_TLS', '1');
         setDefault('INDEX_SERVER_METRICS_FILE_STORAGE', '1');
         setDefault('INDEX_SERVER_FEATURES', 'usage');