npm - @jagilber-org/index-server - Versions diffs - 1.22.1 → 1.26.4 - Mend

@jagilber-org/index-server 1.22.1 → 1.26.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

package/CHANGELOG.md +91 -2
package/CODE_OF_CONDUCT.md +2 -0
package/CONTRIBUTING.md +32 -2
package/README.md +82 -19
package/SECURITY.md +17 -5
package/dist/config/dashboardConfig.d.ts +3 -0
package/dist/config/dashboardConfig.js +3 -0
package/dist/config/defaultValues.d.ts +1 -1
package/dist/config/defaultValues.js +1 -1
package/dist/config/featureConfig.d.ts +2 -0
package/dist/config/featureConfig.js +6 -1
package/dist/config/runtimeConfig.d.ts +1 -1
package/dist/config/runtimeConfig.js +8 -9
package/dist/dashboard/client/admin.html +170 -53
package/dist/dashboard/client/css/admin.css +132 -0
package/dist/dashboard/client/js/admin.auth.js +25 -11
package/dist/dashboard/client/js/admin.config.js +1 -1
package/dist/dashboard/client/js/admin.feedback.js +328 -0
package/dist/dashboard/client/js/admin.graph.js +120 -18
package/dist/dashboard/client/js/admin.instructions.js +27 -13
package/dist/dashboard/client/js/admin.logs.js +1 -5
package/dist/dashboard/client/js/admin.maintenance.js +53 -8
package/dist/dashboard/client/js/admin.messaging.js +1 -4
package/dist/dashboard/client/js/admin.overview.js +5 -1
package/dist/dashboard/client/js/admin.sessions.js +1 -1
package/dist/dashboard/client/js/admin.utils.js +43 -1
package/dist/dashboard/client/js/mermaid.min.js +813 -537
package/dist/dashboard/export/DataExporter.js +2 -1
package/dist/dashboard/server/AdminPanel.d.ts +3 -0
package/dist/dashboard/server/AdminPanel.js +132 -35
package/dist/dashboard/server/ApiRoutes.js +40 -9
package/dist/dashboard/server/DashboardServer.js +1 -1
package/dist/dashboard/server/FileMetricsStorage.d.ts +19 -0
package/dist/dashboard/server/FileMetricsStorage.js +52 -5
package/dist/dashboard/server/HttpTransport.js +6 -0
package/dist/dashboard/server/InstanceManager.js +7 -2
package/dist/dashboard/server/KnowledgeStore.js +7 -2
package/dist/dashboard/server/MetricsCollector.d.ts +16 -0
package/dist/dashboard/server/MetricsCollector.js +113 -17
package/dist/dashboard/server/legacyDashboardHtml.js +7 -2
package/dist/dashboard/server/middleware/ensureLoadedMiddleware.d.ts +1 -1
package/dist/dashboard/server/middleware/ensureLoadedMiddleware.js +8 -3
package/dist/dashboard/server/routes/admin.feedback.routes.d.ts +15 -0
package/dist/dashboard/server/routes/admin.feedback.routes.js +188 -0
package/dist/dashboard/server/routes/admin.routes.js +35 -27
package/dist/dashboard/server/routes/alerts.routes.js +4 -3
package/dist/dashboard/server/routes/api.feedback.routes.js +2 -1
package/dist/dashboard/server/routes/api.usage.routes.js +8 -7
package/dist/dashboard/server/routes/embeddings.routes.d.ts +2 -1
package/dist/dashboard/server/routes/embeddings.routes.js +18 -9
package/dist/dashboard/server/routes/graph.routes.js +10 -13
package/dist/dashboard/server/routes/index.d.ts +1 -0
package/dist/dashboard/server/routes/index.js +74 -39
package/dist/dashboard/server/routes/instances.routes.js +2 -1
package/dist/dashboard/server/routes/instructions.routes.js +46 -27
package/dist/dashboard/server/routes/knowledge.routes.js +4 -3
package/dist/dashboard/server/routes/logs.routes.js +5 -4
package/dist/dashboard/server/routes/messaging.routes.js +15 -14
package/dist/dashboard/server/routes/metrics.routes.js +14 -13
package/dist/dashboard/server/routes/scripts.routes.js +6 -3
package/dist/dashboard/server/routes/status.routes.js +5 -4
package/dist/dashboard/server/routes/synthetic.routes.js +3 -2
package/dist/dashboard/server/routes/usage.routes.js +2 -1
package/dist/dashboard/server/utils/escapeHtml.d.ts +1 -0
package/dist/dashboard/server/utils/escapeHtml.js +11 -0
package/dist/dashboard/server/utils/pathContainment.d.ts +1 -0
package/dist/dashboard/server/utils/pathContainment.js +15 -0
package/dist/dashboard/server/wsInit.js +2 -2
package/dist/lib/mcpStdioLogging.d.ts +165 -0
package/dist/lib/mcpStdioLogging.js +287 -0
package/dist/schemas/index.d.ts +37 -2
package/dist/schemas/index.js +27 -3
package/dist/server/backgroundServicesStartup.d.ts +7 -1
package/dist/server/backgroundServicesStartup.js +25 -8
package/dist/server/certInit.d.ts +97 -0
package/dist/server/certInit.js +359 -0
package/dist/server/certInit.types.d.ts +92 -0
package/dist/server/certInit.types.js +34 -0
package/dist/server/handshake/fallbackFrames.d.ts +31 -0
package/dist/server/handshake/fallbackFrames.js +38 -0
package/dist/server/handshake/initializeDetector.d.ts +31 -0
package/dist/server/handshake/initializeDetector.js +88 -0
package/dist/server/handshake/protocol.d.ts +15 -0
package/dist/server/handshake/protocol.js +37 -0
package/dist/server/handshake/readyEmitter.d.ts +6 -0
package/dist/server/handshake/readyEmitter.js +88 -0
package/dist/server/handshake/safetyFallbacks.d.ts +1 -0
package/dist/server/handshake/safetyFallbacks.js +134 -0
package/dist/server/handshake/stdinSniffer.d.ts +1 -0
package/dist/server/handshake/stdinSniffer.js +260 -0
package/dist/server/handshake/tracing.d.ts +16 -0
package/dist/server/handshake/tracing.js +95 -0
package/dist/server/handshakeManager.d.ts +23 -23
package/dist/server/handshakeManager.js +36 -466
package/dist/server/index-server.d.ts +23 -0
package/dist/server/index-server.js +194 -9
package/dist/server/mcpReadOnlySurfaces.d.ts +44 -0
package/dist/server/mcpReadOnlySurfaces.js +297 -0
package/dist/server/sdkServer.js +69 -7
package/dist/server/transport.d.ts +5 -6
package/dist/server/transport.js +46 -64
package/dist/server/transportFactory.d.ts +3 -9
package/dist/server/transportFactory.js +18 -380
package/dist/services/atomicFs.d.ts +3 -0
package/dist/services/atomicFs.js +171 -13
package/dist/services/auditLog.d.ts +17 -2
package/dist/services/auditLog.js +75 -14
package/dist/services/bootstrapGating.js +1 -1
package/dist/services/categoryRules.d.ts +10 -0
package/dist/services/categoryRules.js +17 -0
package/dist/services/classificationService.js +7 -5
package/dist/services/embeddingService.d.ts +27 -11
package/dist/services/embeddingService.js +51 -14
package/dist/services/feedbackStorage.d.ts +39 -0
package/dist/services/feedbackStorage.js +88 -0
package/dist/services/handlers/instructions.add.js +429 -317
package/dist/services/handlers/instructions.groom.js +128 -31
package/dist/services/handlers/instructions.import.js +56 -23
package/dist/services/handlers/instructions.patch.js +43 -32
package/dist/services/handlers/instructions.query.js +20 -29
package/dist/services/handlers/instructions.shared.d.ts +54 -0
package/dist/services/handlers/instructions.shared.js +126 -1
package/dist/services/handlers.activation.js +83 -81
package/dist/services/handlers.dashboardConfig.d.ts +2 -2
package/dist/services/handlers.dashboardConfig.js +1 -2
package/dist/services/handlers.diagnostics.js +75 -54
package/dist/services/handlers.feedback.d.ts +4 -11
package/dist/services/handlers.feedback.js +11 -333
package/dist/services/handlers.gates.js +69 -37
package/dist/services/handlers.graph.js +2 -2
package/dist/services/handlers.help.js +2 -2
package/dist/services/handlers.instructionSchema.js +4 -2
package/dist/services/handlers.integrity.js +42 -22
package/dist/services/handlers.messaging.js +1 -1
package/dist/services/handlers.metrics.js +51 -6
package/dist/services/handlers.prompt.js +10 -2
package/dist/services/handlers.search.js +94 -44
package/dist/services/handlers.trace.js +1 -1
package/dist/services/handlers.usage.js +38 -7
package/dist/services/indexContext.d.ts +21 -1
package/dist/services/indexContext.js +263 -78
package/dist/services/indexLoader.d.ts +1 -0
package/dist/services/indexLoader.js +28 -8
package/dist/services/instructionRecordValidation.d.ts +39 -0
package/dist/services/instructionRecordValidation.js +388 -0
package/dist/services/instructions.dispatcher.js +4 -4
package/dist/services/loaderSchemaValidator.d.ts +15 -0
package/dist/services/loaderSchemaValidator.js +69 -0
package/dist/services/logger.js +11 -2
package/dist/services/mcpLogBridge.d.ts +49 -0
package/dist/services/mcpLogBridge.js +83 -0
package/dist/services/ownershipService.js +18 -8
package/dist/services/performanceBaseline.js +23 -22
package/dist/services/promptReviewService.d.ts +3 -1
package/dist/services/promptReviewService.js +41 -13
package/dist/services/regexSafety.d.ts +6 -0
package/dist/services/regexSafety.js +46 -0
package/dist/services/seedBootstrap.js +1 -1
package/dist/services/storage/factory.d.ts +14 -1
package/dist/services/storage/factory.js +61 -1
package/dist/services/storage/jsonEmbeddingStore.d.ts +15 -0
package/dist/services/storage/jsonEmbeddingStore.js +83 -0
package/dist/services/storage/jsonFileStore.d.ts +3 -1
package/dist/services/storage/jsonFileStore.js +8 -6
package/dist/services/storage/migrationEngine.d.ts +13 -0
package/dist/services/storage/migrationEngine.js +31 -0
package/dist/services/storage/sqliteEmbeddingStore.d.ts +30 -0
package/dist/services/storage/sqliteEmbeddingStore.js +222 -0
package/dist/services/storage/sqliteStore.d.ts +3 -1
package/dist/services/storage/sqliteStore.js +2 -2
package/dist/services/storage/types.d.ts +48 -1
package/dist/services/toolRegistry.js +77 -67
package/dist/services/toolRegistry.zod.js +89 -86
package/dist/services/tracing.js +5 -4
package/dist/utils/envUtils.d.ts +4 -0
package/dist/utils/envUtils.js +7 -0
package/dist/utils/memoryMonitor.js +11 -10
package/package.json +12 -4
package/schemas/instruction.schema.json +38 -1
package/scripts/copy-dashboard-assets.mjs +1 -1
package/scripts/dist/README.md +1 -1
package/scripts/generate-certs.mjs +201 -0
package/scripts/setup-wizard.mjs +781 -0
package/server.json +20 -0
package/dist/externalClientLib.d.ts +0 -1
package/dist/externalClientLib.js +0 -2
package/dist/portableClientWrapper.d.ts +0 -1
package/dist/portableClientWrapper.js +0 -2
package/dist/services/indexingService.d.ts +0 -1
package/dist/services/indexingService.js +0 -2

package/dist/services/toolRegistry.zod.js CHANGED Viewed

@@ -5,6 +5,7 @@ exports.getZodSchema = getZodSchema;
 exports.hasZodSchema = hasZodSchema;
 const zod_1 = require("zod");
 const toolRegistry_1 = require("./toolRegistry");
+const runtimeConfig_1 = require("../config/runtimeConfig");
 /**
  * Complete Zod schema registry for all MCP index tools.
  * Zod schemas provide runtime validation with richer type inference.
@@ -13,6 +14,13 @@ const toolRegistry_1 = require("./toolRegistry");
 // ── Reusable primitives ──────────────────────────────────────────────────────
 const zEmpty = zod_1.z.object({}).passthrough();
 const zStringId = zod_1.z.object({ id: zod_1.z.string().min(1) }).strict();
+const zExtensionValue = zod_1.z.lazy(() => zod_1.z.union([
+    zod_1.z.string(),
+    zod_1.z.number(),
+    zod_1.z.boolean(),
+    zod_1.z.array(zExtensionValue),
+    zod_1.z.record(zod_1.z.string(), zExtensionValue),
+]));
 // ── Index dispatcher ───────────────────────────────────────────────────────
 const zDispatch = zod_1.z.object({
     action: zod_1.z.enum([
@@ -27,7 +35,7 @@ const zDispatch = zod_1.z.object({
     keywords: zod_1.z.array(zod_1.z.string()).optional(),
     ids: zod_1.z.array(zod_1.z.string()).optional(),
     category: zod_1.z.string().optional(),
-    contentType: zod_1.z.string().optional(),
+    contentType: zod_1.z.enum(['instruction', 'template', 'chat-session', 'reference', 'example', 'agent']).optional(),
     text: zod_1.z.string().optional(),
     includeCategories: zod_1.z.boolean().optional(),
     caseSensitive: zod_1.z.boolean().optional(),
@@ -38,13 +46,26 @@ const zDispatch = zod_1.z.object({
     limit: zod_1.z.number().optional(),
     offset: zod_1.z.number().optional(),
     entry: zod_1.z.object({}).passthrough().optional(),
+    title: zod_1.z.string().optional(),
+    body: zod_1.z.string().optional(),
+    rationale: zod_1.z.string().optional(),
+    priority: zod_1.z.number().optional(),
+    audience: zod_1.z.string().optional(),
+    requirement: zod_1.z.string().optional(),
+    categories: zod_1.z.array(zod_1.z.string()).optional(),
+    deprecatedBy: zod_1.z.string().optional(),
+    riskScore: zod_1.z.number().optional(),
+    priorityTier: zod_1.z.enum(['P1', 'P2', 'P3', 'P4']).optional(),
+    classification: zod_1.z.enum(['public', 'internal', 'restricted']).optional(),
+    semanticSummary: zod_1.z.string().optional(),
+    changeLog: zod_1.z.array(zod_1.z.object({}).passthrough()).optional(),
     overwrite: zod_1.z.boolean().optional(),
     lax: zod_1.z.boolean().optional(),
     entries: zod_1.z.union([zod_1.z.array(zod_1.z.object({}).passthrough()), zod_1.z.string()]).optional(),
     source: zod_1.z.string().optional(),
     mode: zod_1.z.unknown().optional(),
     owner: zod_1.z.string().optional(),
-    status: zod_1.z.string().optional(),
+    status: zod_1.z.enum(['approved', 'draft', 'review', 'deprecated']).optional(),
     bump: zod_1.z.enum(['patch', 'minor', 'major', 'none']).optional(),
     lastReviewedAt: zod_1.z.string().optional(),
     nextReviewDue: zod_1.z.string().optional(),
@@ -53,43 +74,62 @@ const zDispatch = zod_1.z.object({
     dryRun: zod_1.z.boolean().optional()
 }).passthrough();
 // ── Index CRUD ─────────────────────────────────────────────────────────────
-const zIndexEntry = zod_1.z.object({
-    id: zod_1.z.string().min(1),
-    title: zod_1.z.string().min(1).optional(),
-    body: zod_1.z.string().min(1).max(1000000),
-    rationale: zod_1.z.string().optional(),
-    priority: zod_1.z.number().int().min(1).max(100).optional(),
-    audience: zod_1.z.string().optional(),
-    requirement: zod_1.z.string().optional(),
-    categories: zod_1.z.array(zod_1.z.string()).max(50).optional(),
-    deprecatedBy: zod_1.z.string().optional(),
-    riskScore: zod_1.z.number().optional(),
-    extensions: zod_1.z.record(zod_1.z.string(), zod_1.z.unknown()).optional()
-}).strict();
-const zAdd = zod_1.z.object({
-    entry: zIndexEntry,
-    overwrite: zod_1.z.boolean().optional(),
-    lax: zod_1.z.boolean().optional()
-}).strict();
-const zImport = zod_1.z.object({
-    entries: zod_1.z.union([
-        zod_1.z.array(zod_1.z.object({
-            id: zod_1.z.string(),
-            title: zod_1.z.string(),
-            body: zod_1.z.string().max(1000000),
-            rationale: zod_1.z.string().optional(),
-            priority: zod_1.z.number(),
-            audience: zod_1.z.string(),
-            requirement: zod_1.z.string(),
-            categories: zod_1.z.array(zod_1.z.string()).optional(),
-            extensions: zod_1.z.record(zod_1.z.string(), zod_1.z.unknown()).optional(),
-            mode: zod_1.z.string().optional()
-        }).passthrough()).min(1),
-        zod_1.z.string()
-    ]).optional(),
-    source: zod_1.z.string().optional(),
-    mode: zod_1.z.enum(['skip', 'overwrite']).optional()
-}).strict();
+function zInstructionBody() {
+    return zod_1.z.string().min(1).max((0, runtimeConfig_1.getRuntimeConfig)().index.bodyWarnLength);
+}
+function buildZIndexEntry() {
+    return zod_1.z.object({
+        id: zod_1.z.string().min(1),
+        title: zod_1.z.string().min(1).optional(),
+        body: zInstructionBody(),
+        rationale: zod_1.z.string().optional(),
+        priority: zod_1.z.number().int().min(1).max(100).optional(),
+        audience: zod_1.z.string().optional(),
+        requirement: zod_1.z.string().optional(),
+        categories: zod_1.z.array(zod_1.z.string()).max(50).optional(),
+        deprecatedBy: zod_1.z.string().optional(),
+        riskScore: zod_1.z.number().optional(),
+        version: zod_1.z.string().optional(),
+        owner: zod_1.z.string().optional(),
+        status: zod_1.z.enum(['approved', 'draft', 'review', 'deprecated']).optional(),
+        priorityTier: zod_1.z.enum(['P1', 'P2', 'P3', 'P4']).optional(),
+        classification: zod_1.z.enum(['public', 'internal', 'restricted']).optional(),
+        lastReviewedAt: zod_1.z.string().optional(),
+        nextReviewDue: zod_1.z.string().optional(),
+        semanticSummary: zod_1.z.string().optional(),
+        changeLog: zod_1.z.array(zod_1.z.object({}).passthrough()).optional(),
+        contentType: zod_1.z.enum(['instruction', 'template', 'chat-session', 'reference', 'example', 'agent']).optional(),
+        extensions: zod_1.z.record(zod_1.z.string(), zExtensionValue).optional()
+    }).strict();
+}
+function buildZAdd() {
+    return zod_1.z.object({
+        entry: buildZIndexEntry(),
+        overwrite: zod_1.z.boolean().optional(),
+        lax: zod_1.z.boolean().optional()
+    }).strict();
+}
+function buildZImport() {
+    return zod_1.z.object({
+        entries: zod_1.z.union([
+            zod_1.z.array(zod_1.z.object({
+                id: zod_1.z.string(),
+                title: zod_1.z.string(),
+                body: zInstructionBody(),
+                rationale: zod_1.z.string().optional(),
+                priority: zod_1.z.number(),
+                audience: zod_1.z.string(),
+                requirement: zod_1.z.string(),
+                categories: zod_1.z.array(zod_1.z.string()).optional(),
+                extensions: zod_1.z.record(zod_1.z.string(), zExtensionValue).optional(),
+                mode: zod_1.z.string().optional()
+            }).passthrough()).min(1),
+            zod_1.z.string()
+        ]).optional(),
+        source: zod_1.z.string().optional(),
+        mode: zod_1.z.enum(['skip', 'overwrite']).optional()
+    }).strict();
+}
 const zRemove = zod_1.z.object({
     ids: zod_1.z.array(zod_1.z.string()).min(1),
     missingOk: zod_1.z.boolean().optional(),
@@ -142,42 +182,6 @@ const zFeedbackSubmit = zod_1.z.object({
     metadata: zod_1.z.object({}).passthrough().optional(),
     tags: zod_1.z.array(zod_1.z.string()).max(10).optional()
 }).strict();
-const zFeedbackList = zod_1.z.object({
-    type: zod_1.z.enum(['issue', 'status', 'security', 'feature-request', 'bug-report', 'performance', 'usability', 'other']).optional(),
-    severity: zod_1.z.enum(['low', 'medium', 'high', 'critical']).optional(),
-    status: zod_1.z.enum(['new', 'acknowledged', 'in-progress', 'resolved', 'closed']).optional(),
-    limit: zod_1.z.number().int().min(1).max(200).optional(),
-    offset: zod_1.z.number().int().min(0).optional(),
-    since: zod_1.z.string().optional(),
-    tags: zod_1.z.array(zod_1.z.string()).optional()
-}).strict();
-const zFeedbackGet = zStringId;
-const zFeedbackUpdate = zod_1.z.object({
-    id: zod_1.z.string().min(1),
-    status: zod_1.z.enum(['new', 'acknowledged', 'in-progress', 'resolved', 'closed']).optional(),
-    metadata: zod_1.z.object({}).passthrough().optional()
-}).strict();
-const zFeedbackStats = zod_1.z.object({
-    since: zod_1.z.string().optional()
-}).strict();
-const zFeedbackDispatch = zod_1.z.object({
-    action: zod_1.z.enum(['submit', 'list', 'get', 'update', 'stats', 'health', 'rate']),
-    instructionId: zod_1.z.string().optional(),
-    rating: zod_1.z.enum(['useful', 'not-useful', 'outdated', 'incomplete']).optional(),
-    comment: zod_1.z.string().max(1000).optional(),
-    type: zod_1.z.enum(['issue', 'status', 'security', 'feature-request', 'bug-report', 'performance', 'usability', 'other']).optional(),
-    severity: zod_1.z.enum(['low', 'medium', 'high', 'critical']).optional(),
-    title: zod_1.z.string().max(200).optional(),
-    description: zod_1.z.string().max(10000).optional(),
-    body: zod_1.z.string().max(10000).optional(),
-    id: zod_1.z.string().optional(),
-    status: zod_1.z.enum(['new', 'acknowledged', 'in-progress', 'resolved', 'closed']).optional(),
-    limit: zod_1.z.number().int().min(1).max(200).optional(),
-    offset: zod_1.z.number().int().min(0).optional(),
-    since: zod_1.z.string().optional(),
-    tags: zod_1.z.array(zod_1.z.string()).optional(),
-    metadata: zod_1.z.object({}).passthrough().optional()
-}).passthrough();
 // ── Usage ────────────────────────────────────────────────────────────────────
 const zUsageTrack = zod_1.z.object({
     id: zod_1.z.string().min(1),
@@ -257,14 +261,11 @@ const zodMap = {
     'index_search': zSearch,
     'prompt_review': zPromptReview,
     'help_overview': zEmpty,
-    'feedback_dispatch': zFeedbackDispatch,
     'bootstrap': zBootstrap,
     // Extended tools
     'graph_export': zGraphExport,
     'usage_track': zUsageTrack,
     'usage_hotset': zHotset,
-    'index_add': zAdd,
-    'index_import': zImport,
     'index_remove': zRemove,
     'index_reload': zEmpty,
     'index_governanceHash': zEmpty,
@@ -276,11 +277,6 @@ const zodMap = {
     'index_schema': zEmpty,
     // Admin tools
     'feedback_submit': zFeedbackSubmit,
-    'feedback_list': zFeedbackList,
-    'feedback_get': zFeedbackGet,
-    'feedback_update': zFeedbackUpdate,
-    'feedback_stats': zFeedbackStats,
-    'feedback_health': zEmpty,
     'meta_tools': zEmpty,
     'meta_activation_guide': zEmpty,
     'meta_check_activation': zMetaCheckActivation,
@@ -305,10 +301,17 @@ const zodMap = {
     'diagnostics_microtaskFlood': zDiagnosticsMicrotaskFlood,
     'diagnostics_memoryPressure': zDiagnosticsMemoryPressure,
 };
+function getZodSchemaForTool(toolName) {
+    if (toolName === 'index_add')
+        return buildZAdd();
+    if (toolName === 'index_import')
+        return buildZImport();
+    return zodMap[toolName];
+}
 function getZodEnhancedRegistry() {
     const base = (0, toolRegistry_1.getToolRegistry)({ tier: 'admin' });
     for (const e of base) {
-        const zSchema = zodMap[e.name];
+        const zSchema = getZodSchemaForTool(e.name);
         if (zSchema) {
             e.zodSchema = zSchema;
         }
@@ -317,9 +320,9 @@ function getZodEnhancedRegistry() {
 }
 /** Get the Zod schema for a specific tool by name */
 function getZodSchema(toolName) {
-    return zodMap[toolName];
+    return getZodSchemaForTool(toolName);
 }
 /** Check if a tool has a Zod schema registered */
 function hasZodSchema(toolName) {
-    return toolName in zodMap;
+    return toolName === 'index_add' || toolName === 'index_import' || toolName in zodMap;
 }

package/dist/services/tracing.js CHANGED Viewed

@@ -12,7 +12,9 @@ exports.getTraceFile = getTraceFile;
 exports.summarizeTraceEnv = summarizeTraceEnv;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
+const crypto_1 = __importDefault(require("crypto"));
 const runtimeConfig_1 = require("../config/runtimeConfig");
+const logger_js_1 = require("./logger.js");
 let cachedLevel = 0;
 let lastLevelCheck = 0;
 let traceStream = null;
@@ -72,7 +74,7 @@ function resolveSessionId() {
         return cachedSessionId;
     const tracing = (0, runtimeConfig_1.getRuntimeConfig)().tracing;
     const provided = tracing.sessionId && tracing.sessionId.trim().length ? tracing.sessionId.trim() : undefined;
-    cachedSessionId = provided || Math.random().toString(36).slice(2, 10); // lgtm[js/insecure-randomness] — trace ID for correlation, not security
+    cachedSessionId = provided || crypto_1.default.randomBytes(4).toString('hex');
     return cachedSessionId;
 }
 function categoriesAllow(label, categories) {
@@ -218,8 +220,7 @@ function emitTrace(label, data, min = 1) {
         rec.func = caller;
     pushBuffer(rec, tracing.buffer);
     try {
-        // eslint-disable-next-line no-console
-        console.error(label, JSON.stringify(rec));
+        (0, logger_js_1.logError)(label, JSON.stringify(rec));
     }
     catch { /* ignore */ }
     if (!(tracing.persist || tracing.file))
@@ -230,7 +231,7 @@ function emitTrace(label, data, min = 1) {
         return;
     const line = `${label} ${JSON.stringify(rec)}\n`;
     try {
-        stream.write(line);
+        stream.write(line); // lgtm[js/http-to-file-access] — trace stream targets config-controlled trace file
         traceBytesWritten += Buffer.byteLength(line);
         rotateIfNeeded();
         if (tracing.fsync) {

package/dist/utils/envUtils.d.ts CHANGED Viewed

@@ -40,3 +40,7 @@ export declare function parseBooleanEnv(envVar: string | undefined, defaultValue
  * @returns boolean value
  */
 export declare function getBooleanEnv(name: string, defaultValue?: boolean): boolean;
+/**
+ * Dangerous diagnostics are only available in explicit debug / stress sessions.
+ */
+export declare function dangerousDiagnosticsEnabled(): boolean;

package/dist/utils/envUtils.js CHANGED Viewed

@@ -10,6 +10,7 @@ exports.isFalsyExtended = isFalsyExtended;
 exports.isDebugOrVerbose = isDebugOrVerbose;
 exports.parseBooleanEnv = parseBooleanEnv;
 exports.getBooleanEnv = getBooleanEnv;
+exports.dangerousDiagnosticsEnabled = dangerousDiagnosticsEnabled;
 // ── Canonical truthy / falsy value sets ──────────────────────────────
 exports.TRUTHY_VALUES = ['1', 'true', 'yes', 'on'];
 exports.FALSY_VALUES = ['0', 'false', 'no', 'off'];
@@ -78,3 +79,9 @@ function parseBooleanEnv(envVar, defaultValue = false) {
 function getBooleanEnv(name, defaultValue = false) {
     return parseBooleanEnv(process.env[name], defaultValue);
 }
+/**
+ * Dangerous diagnostics are only available in explicit debug / stress sessions.
+ */
+function dangerousDiagnosticsEnabled() {
+    return getBooleanEnv('INDEX_SERVER_STRESS_DIAG') || getBooleanEnv('INDEX_SERVER_DEBUG');
+}

package/dist/utils/memoryMonitor.js CHANGED Viewed

@@ -15,6 +15,7 @@ exports.checkListeners = checkListeners;
  * Use while attached to debugger for real-time memory analysis.
  */
 const envUtils_1 = require("./envUtils");
+const logger_js_1 = require("../services/logger.js");
 class MemoryMonitor {
     snapshots = [];
     maxSnapshots = 1000;
@@ -25,10 +26,10 @@ class MemoryMonitor {
      */
     startMonitoring(intervalMs = 5000) {
         if (this.isMonitoring) {
-            console.error('[MemoryMonitor] Already monitoring');
+            (0, logger_js_1.logError)('[MemoryMonitor] Already monitoring');
             return;
         }
-        console.error(`[MemoryMonitor] Starting memory monitoring (interval: ${intervalMs}ms)`);
+        (0, logger_js_1.logError)(`[MemoryMonitor] Starting memory monitoring (interval: ${intervalMs}ms)`);
         this.isMonitoring = true;
         this.intervalId = setInterval(() => {
             this.takeSnapshot();
@@ -45,7 +46,7 @@ class MemoryMonitor {
             this.intervalId = undefined;
         }
         this.isMonitoring = false;
-        console.error('[MemoryMonitor] Stopped monitoring');
+        (0, logger_js_1.logError)('[MemoryMonitor] Stopped monitoring');
     }
     /**
      * Take a memory snapshot
@@ -87,11 +88,11 @@ class MemoryMonitor {
                 const wantStructured = (0, envUtils_1.isDebugOrVerbose)();
                 try {
                     if (wantStructured) {
-                        console.error(JSON.stringify(payload));
+                        (0, logger_js_1.logError)(JSON.stringify(payload));
                     }
                     else {
                         // Fallback concise plain text (single line) to preserve readability and avoid multi-line noise.
-                        console.error(`[MemoryMonitor] heapDelta=${this.formatBytes(heapGrowth)} heapUsed=${this.formatBytes(snapshot.heapUsed)} rssDelta=${this.formatBytes(rssGrowth)} rss=${this.formatBytes(snapshot.rss)}`);
+                        (0, logger_js_1.logError)(`[MemoryMonitor] heapDelta=${this.formatBytes(heapGrowth)} heapUsed=${this.formatBytes(snapshot.heapUsed)} rssDelta=${this.formatBytes(rssGrowth)} rss=${this.formatBytes(snapshot.rss)}`);
                     }
                 }
                 catch { /* swallow */ }
@@ -182,7 +183,7 @@ Leak Detected: ${trend.leakDetected ? 'YES' : 'NO'}
         try {
             if (typeof global.gc === 'function') {
                 global.gc();
-                console.error('[MemoryMonitor] Forced garbage collection');
+                (0, logger_js_1.logError)('[MemoryMonitor] Forced garbage collection');
             }
             // Note: This would require v8 module for actual heap snapshots
             // For now, just return memory usage after GC
@@ -230,7 +231,7 @@ function getMemoryMonitor() {
  * Quick memory status check
  */
 function memStatus() {
-    console.error(getMemoryMonitor().getCurrentStatus());
+    (0, logger_js_1.logError)(getMemoryMonitor().getCurrentStatus());
 }
 /**
  * Start memory monitoring
@@ -248,20 +249,20 @@ function stopMemWatch() {
  * Get memory report
  */
 function memReport() {
-    console.error(getMemoryMonitor().getDetailedReport());
+    (0, logger_js_1.logError)(getMemoryMonitor().getDetailedReport());
 }
 /**
  * Force garbage collection and show memory
  */
 function forceGC() {
     const result = getMemoryMonitor().takeHeapSnapshot();
-    console.error(result);
+    (0, logger_js_1.logError)(result ?? '');
 }
 /**
  * Check event listeners
  */
 function checkListeners() {
-    console.error(getMemoryMonitor().checkEventListeners());
+    (0, logger_js_1.logError)(getMemoryMonitor().checkEventListeners());
 }
 // Global exports for debugger console
 if (typeof global !== 'undefined') {

package/package.json CHANGED Viewed

@@ -1,6 +1,7 @@
 {
   "name": "@jagilber-org/index-server",
-  "version": "1.22.1",
+  "version": "1.26.4",
+  "mcpName": "io.github.jagilber-org/index-server",
   "description": "MCP instruction indexing server for AI assistant governance — search, CRUD, schema validation, usage tracking, and cross-repo knowledge promotion.",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
@@ -17,6 +18,9 @@
     "templates/",
     "scripts/copy-dashboard-assets.mjs",
     "scripts/setup-hooks.cjs",
+    "scripts/generate-certs.mjs",
+    "scripts/setup-wizard.mjs",
+    "server.json",
     "README.md",
     "LICENSE",
     "CHANGELOG.md",
@@ -29,6 +33,7 @@
     "index-server": "dist/server/index-server.js"
   },
   "scripts": {
+    "setup": "node scripts/setup-wizard.mjs",
     "instructions:normalize": "node scripts/normalize-instructions.js",
     "build": "tsc -p tsconfig.json && node scripts/copy-dashboard-assets.mjs",
     "start": "node dist/server/index-server.js",
@@ -45,7 +50,8 @@
     "manifest:generate": "node scripts/generate-manifest.mjs",
     "contract:tools": "node scripts/generate-tools-snapshot.mjs",
     "verify:manifest": "node scripts/verify-manifest.mjs",
-    "test": "vitest run",
+    "test": "npm run test:fast",
+    "test:all": "vitest run",
     "test:watch": "vitest",
     "test:contracts": "vitest run src/tests/contractSchemas.spec.ts",
     "test:diag": "cross-env INDEX_SERVER_HEALTH_MIXED_DIAG=1 vitest run src/tests/handshakeFlakeRepro.spec.ts src/tests/healthMixedReproLoop.spec.ts src/tests/healthHangExploration.spec.ts",
@@ -58,8 +64,7 @@
     "format": "prettier --write .",
     "prepare": "node scripts/setup-hooks.cjs",
     "audit": "npm audit --omit=dev --audit-level=high",
-    "prepack": "npm run audit",
-    "prepublishOnly": "npm run build && npm run typecheck",
+    "prepublishOnly": "npm run build && npm run typecheck && npm run audit",
     "scan:security": "node scripts/security-scan.mjs",
     "release:patch": "node scripts/bump-version.mjs patch",
     "release:minor": "node scripts/bump-version.mjs minor",
@@ -115,6 +120,7 @@
   },
   "dependencies": {
     "@huggingface/transformers": "^3.8.1",
+    "@inquirer/prompts": "^8.4.2",
     "@mermaid-js/layout-elk": "^0.2.1",
     "@modelcontextprotocol/sdk": "^1.28.0",
     "adm-zip": "^0.5.17",
@@ -122,6 +128,8 @@
     "ajv-formats": "^2.1.1",
     "express": "^5.2.1",
     "express-rate-limit": "^8.3.2",
+    "safe-regex2": "^5.1.1",
+    "sqlite-vec": "0.1.9",
     "ws": "^8.19.0",
     "zod": "^3.23.8"
   },

package/schemas/instruction.schema.json CHANGED Viewed

@@ -30,6 +30,31 @@
           "description": "Human readable summary of change"
         }
       }
+    },
+    "extensionValue": {
+      "anyOf": [
+        {
+          "type": "string"
+        },
+        {
+          "type": "number"
+        },
+        {
+          "type": "boolean"
+        },
+        {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/extensionValue"
+          }
+        },
+        {
+          "type": "object",
+          "additionalProperties": {
+            "$ref": "#/definitions/extensionValue"
+          }
+        }
+      ]
     }
   },
   "required": [
@@ -148,6 +173,11 @@
       "minimum": 0,
       "description": "Number of tracked usage events"
     },
+    "firstSeenTs": {
+      "type": "string",
+      "format": "date-time",
+      "description": "Timestamp when usage was first observed (ISO 8601)"
+    },
     "lastUsedAt": {
       "type": "string",
       "format": "date-time",
@@ -237,6 +267,11 @@
       "type": "string",
       "description": "ID of instruction this one replaces"
     },
+    "archivedAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "Timestamp when archived (ISO 8601)"
+    },
     "semanticSummary": {
       "type": "string",
       "maxLength": 600,
@@ -255,7 +290,9 @@
     "extensions": {
       "type": "object",
       "description": "Future-proof vendor / experimental fields",
-      "additionalProperties": true
+      "additionalProperties": {
+        "$ref": "#/definitions/extensionValue"
+      }
     }
   },
   "additionalProperties": false

package/scripts/copy-dashboard-assets.mjs CHANGED Viewed

@@ -54,7 +54,7 @@ function copyAssets() {
       try {
         const srcStat = statSync(srcPath);
         let needsCopy = true;
-        let reason = 'new';
+        let reason;
         try {
           const destStat = statSync(destPath);
           if (destStat.size === srcStat.size) {

package/scripts/dist/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # scripts/dist/
-User-facing utility scripts bundled into the VSIX extension package.
+User-facing utility scripts bundled into distributable runtime packages.
 These are copied from `scripts/` during the build. Edit the originals in `scripts/`, not here.