@jagilber-org/index-server 1.27.2 → 1.28.1

package/dist/dashboard/server/routes/sqlite.routes.js

@@ -566,5 +566,79 @@ function createSqliteRoutes() {
             return res.status(code).json({ success: false, error: err.message });
         }
     });
+    // ── Validation ────────────────────────────────────────────────────────
+    /** GET /sqlite/validate — Comprehensive database validation (read-only) */
+    router.get('/sqlite/validate', adminAuth_js_1.dashboardAdminAuth, (_req, res) => {
+        try {
+            assertSqliteActive();
+            const sqlitePath = getSqlitePath();
+            const db = new node_sqlite_1.DatabaseSync(sqlitePath, { readOnly: true });
+            const checks = [];
+            try {
+                // 1. Integrity check
+                const intRows = db.prepare('PRAGMA integrity_check').all();
+                const intOk = intRows.length === 1 && intRows[0].integrity_check === 'ok';
+                checks.push({ name: 'integrity_check', pass: intOk, detail: intOk ? 'ok' : JSON.stringify(intRows) });
+                // 2. Table counts
+                const instrCount = db.prepare('SELECT COUNT(*) as cnt FROM instructions').get()?.cnt ?? 0;
+                checks.push({ name: 'instructions_exist', pass: instrCount >= 0, detail: `count=${instrCount}` });
+                // 3. FTS5 sync
+                let ftsCount = -1;
+                try {
+                    ftsCount = db.prepare('SELECT COUNT(*) as cnt FROM instructions_fts').get()?.cnt ?? -1;
+                    checks.push({ name: 'fts5_sync', pass: ftsCount === instrCount, detail: `instructions=${instrCount}, fts=${ftsCount}` });
+                }
+                catch {
+                    checks.push({ name: 'fts5_sync', pass: false, detail: 'FTS5 table not accessible' });
+                }
+                // 4. Orphaned usage records
+                try {
+                    const orphanUsage = db.prepare('SELECT COUNT(*) as cnt FROM usage WHERE instruction_id NOT IN (SELECT id FROM instructions)').get()?.cnt ?? 0;
+                    checks.push({ name: 'usage_no_orphans', pass: orphanUsage === 0, detail: `orphans=${orphanUsage}` });
+                }
+                catch {
+                    checks.push({ name: 'usage_no_orphans', pass: true, detail: 'usage table not present (ok)' });
+                }
+                // 5. Embedding consistency
+                try {
+                    const embCount = db.prepare('SELECT COUNT(*) as cnt FROM embeddings').get()?.cnt ?? 0;
+                    const embMetaCount = db.prepare('SELECT COUNT(*) as cnt FROM embedding_meta').get()?.cnt ?? 0;
+                    checks.push({ name: 'embedding_meta_sync', pass: embCount === embMetaCount, detail: `embeddings=${embCount}, meta=${embMetaCount}` });
+                    const orphanEmb = db.prepare('SELECT COUNT(*) as cnt FROM embedding_meta WHERE instruction_id NOT IN (SELECT id FROM instructions)').get()?.cnt ?? 0;
+                    checks.push({ name: 'embedding_no_orphans', pass: orphanEmb === 0, detail: `orphans=${orphanEmb}` });
+                }
+                catch {
+                    checks.push({ name: 'embedding_meta_sync', pass: true, detail: 'embedding tables not present (ok)' });
+                }
+                // 6. NULL required fields
+                const nullIds = db.prepare("SELECT COUNT(*) as cnt FROM instructions WHERE id IS NULL OR id = ''").get()?.cnt ?? 0;
+                checks.push({ name: 'no_null_ids', pass: nullIds === 0, detail: `count=${nullIds}` });
+                const nullTitles = db.prepare("SELECT COUNT(*) as cnt FROM instructions WHERE title IS NULL OR title = ''").get()?.cnt ?? 0;
+                checks.push({ name: 'no_null_titles', pass: nullTitles === 0, detail: `count=${nullTitles}` });
+                const nullBodies = db.prepare("SELECT COUNT(*) as cnt FROM instructions WHERE body IS NULL OR body = ''").get()?.cnt ?? 0;
+                checks.push({ name: 'no_null_bodies', pass: nullBodies === 0, detail: `count=${nullBodies}` });
+                // 7. WAL mode
+                const jm = db.prepare('PRAGMA journal_mode').get();
+                const isWal = jm?.journal_mode === 'wal';
+                checks.push({ name: 'wal_mode', pass: isWal, detail: `journal_mode=${jm?.journal_mode ?? 'unknown'}` });
+                const allPass = checks.every(c => c.pass);
+                return res.json({
+                    success: true,
+                    valid: allPass,
+                    totalChecks: checks.length,
+                    passed: checks.filter(c => c.pass).length,
+                    failed: checks.filter(c => !c.pass).length,
+                    checks,
+                });
+            }
+            finally {
+                db.close();
+            }
+        }
+        catch (err) {
+            const code = err.statusCode ?? 500;
+            return res.status(code).json({ success: false, error: err.message });
+        }
+    });
     return router;
 }

package/dist/models/instruction.d.ts

@@ -1,6 +1,6 @@
 export type AudienceScope = 'individual' | 'group' | 'all';
 export type RequirementLevel = 'mandatory' | 'critical' | 'recommended' | 'optional' | 'deprecated';
-export type ContentType = 'instruction' | 'template' | 'chat-session' | 'reference' | 'example' | 'agent';
+export type ContentType = 'instruction' | 'template' | 'workflow' | 'reference' | 'example' | 'agent';
 export interface InstructionEntry {
     id: string;
     title: string;

package/dist/schemas/index.d.ts

@@ -98,7 +98,7 @@ export declare const instructionEntry: {
             };
         };
         readonly contentType: {
-            readonly enum: readonly ["instruction", "template", "chat-session", "reference", "example", "agent"];
+            readonly enum: readonly ["instruction", "template", "workflow", "reference", "example", "agent"];
         };
         readonly version: {
             readonly type: "string";

package/dist/schemas/index.js

@@ -44,7 +44,7 @@ exports.instructionEntry = {
         workspaceId: { type: 'string' },
         userId: { type: 'string' },
         teamIds: { type: 'array', items: { type: 'string' } },
-        contentType: { enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'] },
+        contentType: { enum: ['instruction', 'template', 'workflow', 'reference', 'example', 'agent'] },
         version: { type: 'string' },
         status: { enum: ['draft', 'review', 'approved', 'deprecated'] },
         owner: { type: 'string' },

package/dist/server/index-server.js

@@ -365,7 +365,7 @@ function parseArgs(argv) {
     return config;
 }
 function launchSetupWizard(argv) {
-    const wizardPath = path_1.default.join(__dirname, '..', '..', 'scripts', 'setup-wizard.mjs');
+    const wizardPath = path_1.default.join(__dirname, '..', '..', 'scripts', 'build', 'setup-wizard.mjs');
     // Forward all args after --setup/--configure to the wizard
     const setupIdx = argv.findIndex(a => a === '--setup' || a === '--configure');
     const forwardArgs = setupIdx >= 0 ? argv.slice(setupIdx + 1) : [];

package/dist/services/auditLog.d.ts

@@ -4,7 +4,7 @@ export declare function runWithCorrelation<T>(correlationId: string, fn: () => T
 export declare function getCurrentCorrelationId(): string | undefined;
 /** Reset the cached audit log path, forcing re-resolution on next write. */
 export declare function resetAuditLogCache(): void;
-export type AuditKind = 'mutation' | 'read' | 'http';
+export type AuditKind = 'mutation' | 'read' | 'http' | 'feedback';
 export interface AuditEntry {
     ts: string;
     kind: AuditKind;

package/dist/services/auditLog.js

@@ -19,7 +19,7 @@ const logger_1 = require("./logger");
 const toolRegistry_1 = require("./toolRegistry");
 // Append-only JSONL audit log for all server operations.
 // Each line: { ts, kind, action, ids?, meta? }
-// kind: 'mutation' | 'read' | 'http' — classifies the entry type.
+// kind: 'mutation' | 'read' | 'http' | 'feedback' — classifies the entry type.
 // Path and enablement are driven by runtime configuration (instructions.auditLog).
 // AsyncLocalStorage carries the correlation ID from registry wrapper into handler scope.
 // This lets logAudit() calls inside handlers automatically include correlationId

package/dist/services/feedbackStorage.js

@@ -83,6 +83,6 @@ function saveFeedbackStorage(storage) {
 }
 function generateFeedbackId(type, timestamp) {
     const hash = (0, crypto_1.createHash)('sha256');
-    hash.update(`${type}-${timestamp}-${Math.random()}`);
+    hash.update(`${type}-${timestamp}-${(0, crypto_1.randomBytes)(8).toString('hex')}`);
     return hash.digest('hex').substring(0, 16);
 }

package/dist/services/handlers/instructions.add.js

@@ -96,6 +96,22 @@ const instructions_shared_1 = require("./instructions.shared");
             return { error: priorLoad };
         return { error: { code: 'unknown', detail: 'missing-existing-entry', raw: 'missing-existing-entry' } };
     };
+    const validateExistingCollisionFile = (filePath) => {
+        if (!fs_1.default.existsSync(filePath))
+            return [];
+        try {
+            const raw = JSON.parse(fs_1.default.readFileSync(filePath, 'utf8'));
+            const validationCandidate = { ...raw, schemaVersion: schemaVersion_1.SCHEMA_VERSION };
+            const validation = (0, instructionRecordValidation_1.validateInstructionRecord)(validationCandidate);
+            return validation.validationErrors
+                .filter((issue) => issue.includes('/classification'))
+                .map((issue) => (0, instructionRecordValidation_1.sanitizeErrorDetail)(issue) || 'existing entry failed validation');
+        }
+        catch (err) {
+            const sanitized = (0, instructionRecordValidation_1.sanitizeLoadError)(err, 'parse_failed');
+            return [sanitized.detail];
+        }
+    };
     const verifyReadBack = async (id, filePath, requestedCategories) => {
         try {
             (0, indexContext_1.invalidate)();
@@ -222,6 +238,12 @@ const instructions_shared_1 = require("./instructions.shared");
             mutable.requirement = 'optional';
         if (mutable.categories === undefined)
             mutable.categories = [];
+        if (mutable.contentType === undefined)
+            mutable.contentType = 'instruction';
+    }
+    const surfaceValidation = (0, instructionRecordValidation_1.validateInstructionInputSurface)(e);
+    if (surfaceValidation.validationErrors.length) {
+        return failValidation('invalid_instruction', surfaceValidation.validationErrors, surfaceValidation.hints, { id: e.id });
     }
     const dir = (0, indexContext_1.getInstructionsDir)();
     if (!fs_1.default.existsSync(dir))
@@ -257,9 +279,8 @@ const instructions_shared_1 = require("./instructions.shared");
         e.title === undefined ? 'title: missing required field' : undefined,
         e.body === undefined ? 'body: missing required field' : undefined,
     ].filter((issue) => !!issue);
-    const surfaceValidation = (0, instructionRecordValidation_1.validateInstructionInputSurface)(e);
-    if (requiredFieldErrors.length || surfaceValidation.validationErrors.length) {
-        return failValidation(requiredFieldErrors.length ? 'missing required fields' : 'invalid_instruction', [...requiredFieldErrors, ...surfaceValidation.validationErrors], surfaceValidation.hints, { id: e.id });
+    if (requiredFieldErrors.length) {
+        return failValidation('missing required fields', requiredFieldErrors, surfaceValidation.hints, { id: e.id });
     }
     const overwrite = !!p.overwrite;
     const exists = overwrite ? ((await (0, indexContext_1.ensureLoadedAsync)()).byId.has(e.id) || fs_1.default.existsSync(file)) : false;
@@ -503,6 +524,18 @@ const instructions_shared_1 = require("./instructions.shared");
             return failValidation('invalid_instruction', err.validationErrors, err.hints, { id: e.id });
         }
         if (!overwrite && (0, indexContext_1.isDuplicateInstructionWriteError)(err)) {
+            const existingValidationErrors = validateExistingCollisionFile(file);
+            if (existingValidationErrors.length) {
+                return {
+                    id: e.id,
+                    success: false,
+                    skipped: false,
+                    created: false,
+                    overwritten: false,
+                    error: 'existing_instruction_invalid',
+                    validationErrors: existingValidationErrors,
+                };
+            }
             let st0 = await (0, indexContext_1.ensureLoadedAsync)();
             let visible = st0.byId.has(e.id);
             let repaired = false;

package/dist/services/handlers.feedback.js

@@ -43,7 +43,7 @@ const feedbackStorage_1 = require("./feedbackStorage");
         type: entry.type,
         severity: entry.severity,
         title: entry.title
-    });
+    }, 'feedback');
     (0, logger_1.logInfo)('[feedback] Feedback submitted', {
         id: entry.id,
         type: entry.type,

package/dist/services/handlers.instructionSchema.js

@@ -71,7 +71,7 @@ function buildMinimalExample() {
         categories: ["example", "documentation"],
         primaryCategory: "example",
         contentType: "instruction",
-        schemaVersion: "4"
+        schemaVersion: "5"
     };
 }
 /**
@@ -89,7 +89,7 @@ function _buildComprehensiveExample() {
         categories: ["example", "documentation", "governance"],
         primaryCategory: "governance",
         contentType: "instruction",
-        schemaVersion: "4",
+        schemaVersion: "5",
         version: "1.0.0",
         status: "approved",
         owner: "platform-team",
@@ -170,8 +170,8 @@ function defineValidationRules() {
         { field: 'requirement', rule: 'Enum', constraint: 'One of: mandatory, critical, recommended, optional, deprecated' },
         { field: 'categories', rule: 'Array', constraint: '0-25 items, each 1-49 chars, lowercase, pattern: ^[a-z0-9][a-z0-9-_]{0,48}$' },
         { field: 'primaryCategory', rule: 'Reference', constraint: 'Must be a member of categories array if present' },
-        { field: 'contentType', rule: 'Enum', constraint: 'One of: instruction (default), template, chat-session, reference, example, agent' },
-        { field: 'schemaVersion', rule: 'Enum', constraint: 'Currently "4"' },
+        { field: 'contentType', rule: 'Enum', constraint: 'One of: instruction (default), template, workflow, reference, example, agent' },
+        { field: 'schemaVersion', rule: 'Enum', constraint: 'Currently "5"' },
         { field: 'sourceHash', rule: 'Pattern', constraint: 'SHA256 hex string (64 chars) when present' },
         { field: 'version', rule: 'Pattern', constraint: 'Semantic version: ^\\d+\\.\\d+\\.\\d+$ (e.g., "1.0.0")' },
         { field: 'status', rule: 'Enum', constraint: 'One of: draft, review, approved, deprecated' },

package/dist/services/handlers.search.js

@@ -41,7 +41,7 @@ const SEARCH_SCHEMA = {
         limit: { type: 'number', minimum: 1, maximum: 100, default: 50 },
         includeCategories: { type: 'boolean', default: false },
         caseSensitive: { type: 'boolean', default: false },
-        contentType: { type: 'string', enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'] }
+        contentType: { type: 'string', enum: ['instruction', 'template', 'workflow', 'reference', 'example', 'agent'] }
     },
     example: { keywords: ['build', 'validate', 'discipline'], limit: 10, includeCategories: true }
 };
@@ -394,7 +394,7 @@ function performSearch(params) {
     const caseSensitive = params.caseSensitive ?? false;
     const contentType = params.contentType;
     // Validate contentType if provided
-    const validContentTypes = ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'];
+    const validContentTypes = ['instruction', 'template', 'workflow', 'reference', 'example', 'agent'];
     if (contentType && !validContentTypes.includes(contentType)) {
         throw new Error(`Invalid contentType: must be one of ${validContentTypes.join(', ')}`);
     }
@@ -556,7 +556,7 @@ async function handleInstructionsSearch(params) {
             if (typeof params.contentType !== 'string') {
                 throw new Error('contentType must be a string');
             }
-            const validContentTypes = ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'];
+            const validContentTypes = ['instruction', 'template', 'workflow', 'reference', 'example', 'agent'];
             if (!validContentTypes.includes(params.contentType)) {
                 throw new Error(`contentType must be one of: ${validContentTypes.join(', ')}`);
             }

package/dist/services/instructionRecordValidation.d.ts

@@ -14,6 +14,9 @@ export declare class InstructionValidationError extends Error {
     constructor(validationErrors: string[], hints?: string[], schemaRef?: string);
 }
 export declare const INSTRUCTION_ID_MAX_LENGTH = 120;
+export declare const INSTRUCTION_ID_PATTERN: RegExp;
+export declare function validateInstructionIdSurface(id: unknown): string[];
+export declare function validateInstructionInputEnumMembership(entry: Record<string, unknown>): string[];
 export declare function validateInstructionInputSurface(entry: Record<string, unknown>): InstructionValidationResult;
 export declare function validateInstructionRecord(entry: InstructionEntry): InstructionValidationResult;
 export declare function assertValidInstructionRecord(entry: InstructionEntry): InstructionEntry;

package/dist/services/instructionRecordValidation.js

@@ -3,7 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.INSTRUCTION_INPUT_SCHEMA_REF = exports.INSTRUCTION_ID_MAX_LENGTH = exports.InstructionValidationError = void 0;
+exports.INSTRUCTION_INPUT_SCHEMA_REF = exports.INSTRUCTION_ID_PATTERN = exports.INSTRUCTION_ID_MAX_LENGTH = exports.InstructionValidationError = void 0;
+exports.validateInstructionIdSurface = validateInstructionIdSurface;
+exports.validateInstructionInputEnumMembership = validateInstructionInputEnumMembership;
 exports.validateInstructionInputSurface = validateInstructionInputSurface;
 exports.validateInstructionRecord = validateInstructionRecord;
 exports.assertValidInstructionRecord = assertValidInstructionRecord;
@@ -218,12 +220,16 @@ function applyWriteCompatibility(entry) {
         else if (legacyRequirementMap[upper])
             next.requirement = legacyRequirementMap[upper];
     }
+    if (next.contentType === 'chat-session') {
+        next.contentType = 'workflow';
+    }
     if (typeof next.priority !== 'number' || next.priority < 1 || next.priority > 100)
         next.priority = 50;
     return next;
 }
 // Matches the upper bound declared in schemas/instruction.schema.json (id maxLength).
 exports.INSTRUCTION_ID_MAX_LENGTH = 120;
+exports.INSTRUCTION_ID_PATTERN = /^[a-z0-9](?:[a-z0-9-_]{0,118}[a-z0-9])?$/;
 function findIllegalControlChar(id) {
     for (let i = 0; i < id.length; i++) {
         const code = id.charCodeAt(i);
@@ -235,7 +241,7 @@ function findIllegalControlChar(id) {
     }
     return undefined;
 }
-function validateIdSurface(id) {
+function validateInstructionIdSurface(id) {
     if (typeof id !== 'string' || !id.trim())
         return ['id: missing required field'];
     const illegal = findIllegalControlChar(id);
@@ -248,8 +254,48 @@ function validateIdSurface(id) {
     if (id.includes('..') || id.includes('/') || id.includes('\\') || /[:*?"<>|]/.test(id)) {
         return ['id: must be a safe instruction id without path traversal or path separators'];
     }
+    if (!exports.INSTRUCTION_ID_PATTERN.test(id)) {
+        return ['id: must match /^[a-z0-9](?:[a-z0-9-_]{0,118}[a-z0-9])?$/ using lower-case ASCII letters, digits, hyphen, or underscore'];
+    }
     return [];
 }
+// Enum membership checks for governance fields. These run at input-surface time so that
+// invalid enum values are rejected early, before applyWriteCompatibility can silently
+// coerce them (e.g. status:"active" → "approved", audience:"agents" → "group").
+// However, values that ARE coercible by applyWriteCompatibility are accepted here to
+// avoid rejecting inputs that would otherwise succeed after coercion.
+const VALID_STATUS = ['approved', 'draft', 'review', 'deprecated'];
+const COERCIBLE_STATUS = ['active'];
+const VALID_PRIORITY_TIER = ['P1', 'P2', 'P3', 'P4'];
+const VALID_CLASSIFICATION = ['public', 'internal', 'restricted'];
+const VALID_CONTENT_TYPE = ['instruction', 'template', 'workflow', 'reference', 'example', 'agent'];
+const COERCIBLE_CONTENT_TYPE = ['chat-session'];
+const VALID_AUDIENCE = ['individual', 'group', 'all'];
+const COERCIBLE_AUDIENCE = ['system', 'developers', 'developer', 'team', 'teams', 'users', 'dev', 'devs', 'testers', 'administrators', 'admins', 'agents', 'powershell script authors'];
+const VALID_REQUIREMENT = ['mandatory', 'critical', 'recommended', 'optional', 'deprecated'];
+const COERCIBLE_REQUIREMENT = ['MUST', 'SHOULD', 'MAY', 'CRITICAL', 'OPTIONAL', 'MANDATORY', 'DEPRECATED'];
+function validateInstructionInputEnumMembership(entry) {
+    const errs = [];
+    if (typeof entry.status === 'string' && !VALID_STATUS.includes(entry.status) && !COERCIBLE_STATUS.includes(entry.status)) {
+        errs.push(`/status: must be one of ${VALID_STATUS.join(', ')}`);
+    }
+    if (typeof entry.priorityTier === 'string' && !VALID_PRIORITY_TIER.includes(entry.priorityTier)) {
+        errs.push(`/priorityTier: must be one of ${VALID_PRIORITY_TIER.join(', ')}`);
+    }
+    if (typeof entry.classification === 'string' && !VALID_CLASSIFICATION.includes(entry.classification)) {
+        errs.push(`/classification: must be one of ${VALID_CLASSIFICATION.join(', ')}`);
+    }
+    if (typeof entry.contentType === 'string' && !VALID_CONTENT_TYPE.includes(entry.contentType) && !COERCIBLE_CONTENT_TYPE.includes(entry.contentType)) {
+        errs.push(`/contentType: must be one of ${VALID_CONTENT_TYPE.join(', ')}`);
+    }
+    if (typeof entry.audience === 'string' && !VALID_AUDIENCE.includes(entry.audience) && !COERCIBLE_AUDIENCE.includes(entry.audience.toLowerCase())) {
+        errs.push(`/audience: must be one of ${VALID_AUDIENCE.join(', ')}`);
+    }
+    if (typeof entry.requirement === 'string' && !VALID_REQUIREMENT.includes(entry.requirement) && !COERCIBLE_REQUIREMENT.includes(entry.requirement.toUpperCase())) {
+        errs.push(`/requirement: must be one of ${VALID_REQUIREMENT.join(', ')}`);
+    }
+    return errs;
+}
 // Typed-field shape checks. These run for both strict and lax callers so that lax mode
 // fills defaults for *missing* fields but never silently coerces wrong-typed inputs.
 function validateTypedInputShape(entry) {
@@ -257,9 +303,22 @@ function validateTypedInputShape(entry) {
     if (entry.priority !== undefined && typeof entry.priority !== 'number') {
         errs.push(`/priority: must be a number, received ${typeof entry.priority}`);
     }
+    else if (typeof entry.priority === 'number' && (!Number.isInteger(entry.priority) || entry.priority < 1 || entry.priority > 100)) {
+        errs.push('/priority: must be an integer from 1 to 100');
+    }
     if (entry.categories !== undefined && !Array.isArray(entry.categories)) {
         errs.push(`/categories: must be an array of strings, received ${typeof entry.categories}`);
     }
+    else if (Array.isArray(entry.categories)) {
+        for (const [index, category] of entry.categories.entries()) {
+            if (typeof category !== 'string') {
+                errs.push(`/categories/${index}: must be a string, received ${typeof category}`);
+            }
+            else if (!/^[a-z0-9][a-z0-9-_]{0,48}$/.test(category.toLowerCase())) {
+                errs.push(`/categories/${index}: must match /^[a-z0-9][a-z0-9-_]{0,48}$/`);
+            }
+        }
+    }
     if (entry.audience !== undefined && typeof entry.audience !== 'string') {
         errs.push(`/audience: must be a string, received ${typeof entry.audience}`);
     }
@@ -282,7 +341,7 @@ function validateTypedInputShape(entry) {
 }
 function validateInstructionInputSurface(entry) {
     const validationErrors = [];
-    validationErrors.push(...validateIdSurface(entry.id));
+    validationErrors.push(...validateInstructionIdSurface(entry.id));
     for (const key of Object.keys(entry)) {
         if (!ALLOWED_INPUT_KEYS.has(key)) {
             validationErrors.push(`/: unexpected property "${key}"`);
@@ -292,6 +351,7 @@ function validateInstructionInputSurface(entry) {
             validationErrors.push(`/${key}: null is not allowed`);
     }
     validationErrors.push(...validateTypedInputShape(entry));
+    validationErrors.push(...validateInstructionInputEnumMembership(entry));
     return {
         record: entry,
         validationErrors: dedupe(validationErrors),
@@ -311,7 +371,7 @@ function validateInstructionRecord(entry) {
     if (record.classification !== undefined && !['public', 'internal', 'restricted'].includes(record.classification)) {
         validationErrors.push(`/classification: invalid value "${String(record.classification)}"`);
     }
-    if (record.contentType !== undefined && !['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'].includes(record.contentType)) {
+    if (record.contentType !== undefined && !['instruction', 'template', 'workflow', 'reference', 'example', 'agent'].includes(record.contentType)) {
         validationErrors.push(`/contentType: invalid value "${String(record.contentType)}"`);
     }
     if (!validateInstructionSchema(record)) {

package/dist/services/seedBootstrap.js

@@ -162,7 +162,7 @@ For full configuration options: see \`docs/mcp_configuration.md\` and \`docs/con
             categories: ['bootstrap', 'mcp-activation', 'quick-start', 'documentation'],
             owner: 'system',
             version: 3,
-            schemaVersion: '4',
+            schemaVersion: '5',
             semanticSummary: 'Index Server quick start: search-first workflow, knowledge contribution, copilot instructions setup, and MCP client configuration for AI agents'
         }
     },
@@ -179,7 +179,7 @@ For full configuration options: see \`docs/mcp_configuration.md\` and \`docs/con
             categories: ['bootstrap', 'lifecycle'],
             owner: 'system',
             version: 1,
-            schemaVersion: '4',
+            schemaVersion: '5',
             semanticSummary: 'Lifecycle and promotion guardrails after bootstrap confirmation',
             reviewIntervalDays: 120
         }

package/dist/services/toolRegistry.js

@@ -94,7 +94,7 @@ const INPUT_SCHEMAS = {
             keywords: { type: 'array', items: { type: 'string' }, description: 'Explicit keyword array for search action when the caller wants direct token control.' },
             ids: { type: 'array', items: { type: 'string' }, description: 'Array of instruction IDs for remove or export actions.' },
             category: { type: 'string', description: 'Filter by category for list action.' },
-            contentType: { type: 'string', enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'], description: 'Filter by content type for list, search, or query actions, or specify the entry content type for add action.' },
+            contentType: { type: 'string', enum: ['instruction', 'template', 'workflow', 'reference', 'example', 'agent', 'chat-session'], description: 'Filter by content type for list, search, or query actions, or specify the entry content type for add action. Legacy "chat-session" write inputs are migrated to "workflow".' },
             text: { type: 'string', description: 'Full-text search within query action.' },
             includeCategories: { type: 'boolean', description: 'Search categories in addition to id/title/semanticSummary/body for search action.' },
             caseSensitive: { type: 'boolean', description: 'Enable case-sensitive matching for search action.' },
@@ -148,7 +148,7 @@ const INPUT_SCHEMAS = {
     'index_import': { type: 'object', additionalProperties: false, properties: {
             entries: { oneOf: [
                     { type: 'array', minItems: 1, items: { type: 'object', required: ['id', 'title', 'body', 'priority', 'audience', 'requirement'], additionalProperties: false, properties: {
-                                id: { type: 'string' }, title: { type: 'string' }, body: { type: 'string' }, rationale: { type: 'string' }, priority: { type: 'number' }, audience: { type: 'string' }, requirement: { type: 'string' }, categories: { type: 'array', items: { type: 'string' } }, version: { type: 'string' }, owner: { type: 'string' }, status: { type: 'string', enum: ['approved', 'draft', 'review', 'deprecated'] }, priorityTier: { type: 'string', enum: ['P1', 'P2', 'P3', 'P4'] }, classification: { type: 'string', enum: ['public', 'internal', 'restricted'] }, lastReviewedAt: { type: 'string' }, nextReviewDue: { type: 'string' }, semanticSummary: { type: 'string' }, changeLog: { type: 'array', items: { type: 'object', additionalProperties: true } }, contentType: { type: 'string', enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'] }, extensions: extensionsInputSchema, mode: { type: 'string' }
+                                id: { type: 'string' }, title: { type: 'string' }, body: { type: 'string' }, rationale: { type: 'string' }, priority: { type: 'number' }, audience: { type: 'string' }, requirement: { type: 'string' }, categories: { type: 'array', items: { type: 'string' } }, version: { type: 'string' }, owner: { type: 'string' }, status: { type: 'string', enum: ['approved', 'draft', 'review', 'deprecated'] }, priorityTier: { type: 'string', enum: ['P1', 'P2', 'P3', 'P4'] }, classification: { type: 'string', enum: ['public', 'internal', 'restricted'] }, lastReviewedAt: { type: 'string' }, nextReviewDue: { type: 'string' }, semanticSummary: { type: 'string' }, changeLog: { type: 'array', items: { type: 'object', additionalProperties: true } }, contentType: { type: 'string', enum: ['instruction', 'template', 'workflow', 'reference', 'example', 'agent', 'chat-session'] }, extensions: extensionsInputSchema, mode: { type: 'string' }
                             } } },
                     { type: 'string', description: 'Stringified JSON array of instruction entries, or a file path to a JSON array of instruction entries' }
                 ] },
@@ -157,7 +157,7 @@ const INPUT_SCHEMAS = {
         } },
     'index_add': { type: 'object', additionalProperties: false, required: ['entry'], properties: {
             entry: { type: 'object', required: ['id', 'body'], additionalProperties: false, properties: {
-                    id: { type: 'string', maxLength: 120 }, title: { type: 'string' }, body: { type: 'string' }, rationale: { type: 'string' }, priority: { type: 'number' }, audience: { type: 'string' }, requirement: { type: 'string' }, categories: { type: 'array', items: { type: 'string' } }, deprecatedBy: { type: 'string' }, riskScore: { type: 'number' }, version: { type: 'string' }, owner: { type: 'string' }, status: { type: 'string', enum: ['approved', 'draft', 'review', 'deprecated'] }, priorityTier: { type: 'string', enum: ['P1', 'P2', 'P3', 'P4'] }, classification: { type: 'string', enum: ['public', 'internal', 'restricted'] }, lastReviewedAt: { type: 'string' }, nextReviewDue: { type: 'string' }, semanticSummary: { type: 'string' }, changeLog: { type: 'array', items: { type: 'object', additionalProperties: true } }, contentType: { type: 'string', enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'] }, extensions: extensionsInputSchema
+                    id: { type: 'string', minLength: 1, maxLength: 120, pattern: '^[a-z0-9](?:[a-z0-9-_]{0,118}[a-z0-9])?$' }, title: { type: 'string' }, body: { type: 'string' }, rationale: { type: 'string' }, priority: { type: 'number', minimum: 1, maximum: 100 }, audience: { type: 'string', enum: ['individual', 'group', 'all'] }, requirement: { type: 'string', enum: ['mandatory', 'critical', 'recommended', 'optional', 'deprecated'] }, categories: { type: 'array', items: { type: 'string', pattern: '^[a-z0-9][a-z0-9-_]{0,48}$' } }, deprecatedBy: { type: 'string' }, riskScore: { type: 'number' }, version: { type: 'string' }, owner: { type: 'string' }, status: { type: 'string', enum: ['approved', 'draft', 'review', 'deprecated'] }, priorityTier: { type: 'string', enum: ['P1', 'P2', 'P3', 'P4'] }, classification: { type: 'string', enum: ['public', 'internal', 'restricted'] }, lastReviewedAt: { type: 'string' }, nextReviewDue: { type: 'string' }, semanticSummary: { type: 'string' }, changeLog: { type: 'array', items: { type: 'object', additionalProperties: true } }, contentType: { type: 'string', enum: ['instruction', 'template', 'workflow', 'reference', 'example', 'agent', 'chat-session'] }, extensions: extensionsInputSchema
                 } },
             overwrite: { type: 'boolean' },
             lax: { type: 'boolean' }
@@ -221,7 +221,7 @@ const INPUT_SCHEMAS = {
             limit: { type: 'number', minimum: 1, maximum: 100, default: 50, description: 'Maximum number of instruction IDs to return' },
             includeCategories: { type: 'boolean', default: false, description: 'Include categories in search scope' },
             caseSensitive: { type: 'boolean', default: false, description: 'Perform case-sensitive matching' },
-            contentType: { type: 'string', enum: ['instruction', 'template', 'chat-session', 'reference', 'example', 'agent'], description: 'Filter results by content type (optional)' }
+            contentType: { type: 'string', enum: ['instruction', 'template', 'workflow', 'reference', 'example', 'agent'], description: 'Filter results by content type (optional)' }
         } },
     // promote_from_repo tool
     'promote_from_repo': { type: 'object', additionalProperties: false, required: ['repoPath'], properties: {
@@ -321,15 +321,16 @@ INPUT_SCHEMAS['trace_dump'] = { type: 'object', additionalProperties: false, pro
         file: { type: 'string', description: 'Optional path to write the trace buffer JSON file' }
     } };
 // Stable & mutation classification lists (mirrors usage in toolHandlers; exported to remove duplication there).
-exports.STABLE = new Set(['health_check', 'graph_export', 'index_dispatch', 'index_search', 'index_governanceHash', 'prompt_review', 'integrity_verify', 'usage_track', 'usage_hotset', 'metrics_snapshot', 'gates_evaluate', 'meta_tools', 'help_overview', 'index_schema', 'manifest_status', 'index_diagnostics', 'meta_activation_guide', 'meta_check_activation', 'bootstrap', 'bootstrap_status', 'feature_status', 'index_health', 'index_inspect', 'index_debug', 'integrity_manifest', 'messaging_read', 'messaging_list_channels', 'messaging_stats', 'messaging_get', 'messaging_thread', 'trace_dump']);
-exports.MUTATION = new Set(['index_add', 'index_import', 'index_repair', 'index_reload', 'index_remove', 'index_groom', 'index_enrich', 'index_governanceUpdate', 'index_normalize', 'usage_flush', 'feedback_submit', 'manifest_refresh', 'manifest_repair', 'promote_from_repo', 'bootstrap_request', 'bootstrap_confirmFinalize', 'messaging_send', 'messaging_ack', 'messaging_update', 'messaging_purge', 'messaging_reply', 'diagnostics_block', 'diagnostics_microtaskFlood', 'diagnostics_memoryPressure']);
+exports.STABLE = new Set(['health_check', 'feedback_submit', 'graph_export', 'index_dispatch', 'index_search', 'index_governanceHash', 'prompt_review', 'integrity_verify', 'usage_track', 'usage_hotset', 'metrics_snapshot', 'gates_evaluate', 'meta_tools', 'help_overview', 'index_schema', 'manifest_status', 'index_diagnostics', 'meta_activation_guide', 'meta_check_activation', 'bootstrap', 'bootstrap_status', 'feature_status', 'index_health', 'index_inspect', 'index_debug', 'integrity_manifest', 'messaging_read', 'messaging_list_channels', 'messaging_stats', 'messaging_get', 'messaging_thread', 'trace_dump']);
+exports.MUTATION = new Set(['index_add', 'index_import', 'index_repair', 'index_reload', 'index_remove', 'index_groom', 'index_enrich', 'index_governanceUpdate', 'index_normalize', 'usage_flush', 'manifest_refresh', 'manifest_repair', 'promote_from_repo', 'bootstrap_request', 'bootstrap_confirmFinalize', 'messaging_send', 'messaging_ack', 'messaging_update', 'messaging_purge', 'messaging_reply', 'diagnostics_block', 'diagnostics_microtaskFlood', 'diagnostics_memoryPressure']);
 // Tool tier classification (002-tool-consolidation spec)
 // core: always visible, essential daily use
 // extended: opt-in via INDEX_SERVER_FLAG_TOOLS_EXTENDED=1 or flags.json tools_extended:true
 // admin: opt-in via INDEX_SERVER_FLAG_TOOLS_ADMIN=1, rarely needed ops/debug tools
 const TOOL_TIERS = {
-    // Core (7 → 6 after feedback_dispatch removal)
+    // Core (7 after feedback_dispatch removal; feedback_submit remains always visible for agent reporting)
     'health_check': 'core',
+    'feedback_submit': 'core',
     'index_dispatch': 'core',
     'index_search': 'core',
     'prompt_review': 'core',
@@ -351,7 +352,6 @@ const TOOL_TIERS = {
     'promote_from_repo': 'extended',
     'index_schema': 'extended',
     // Admin (everything else)
-    'feedback_submit': 'admin',
     'meta_tools': 'admin',
     'meta_activation_guide': 'admin',
     'meta_check_activation': 'admin',

package/dist/services/toolRegistry.zod.js

@@ -35,7 +35,7 @@ const zDispatch = zod_1.z.object({
     keywords: zod_1.z.array(zod_1.z.string()).optional(),
     ids: zod_1.z.array(zod_1.z.string()).optional(),
     category: zod_1.z.string().optional(),
-    contentType: zod_1.z.enum(['instruction', 'template', 'chat-session', 'reference', 'example', 'agent']).optional(),
+    contentType: zod_1.z.enum(['instruction', 'template', 'workflow', 'reference', 'example', 'agent', 'chat-session']).optional(),
     text: zod_1.z.string().optional(),
     includeCategories: zod_1.z.boolean().optional(),
     caseSensitive: zod_1.z.boolean().optional(),
@@ -98,7 +98,7 @@ function buildZIndexEntry() {
         nextReviewDue: zod_1.z.string().optional(),
         semanticSummary: zod_1.z.string().optional(),
         changeLog: zod_1.z.array(zod_1.z.object({}).passthrough()).optional(),
-        contentType: zod_1.z.enum(['instruction', 'template', 'chat-session', 'reference', 'example', 'agent']).optional(),
+        contentType: zod_1.z.enum(['instruction', 'template', 'workflow', 'reference', 'example', 'agent', 'chat-session']).optional(),
         extensions: zod_1.z.record(zod_1.z.string(), zExtensionValue).optional()
     }).strict();
 }
@@ -166,7 +166,7 @@ const zSearch = zod_1.z.object({
     limit: zod_1.z.number().int().min(1).max(100).default(50).optional(),
     includeCategories: zod_1.z.boolean().default(false).optional(),
     caseSensitive: zod_1.z.boolean().default(false).optional(),
-    contentType: zod_1.z.enum(['instruction', 'template', 'chat-session', 'reference', 'example', 'agent']).optional()
+    contentType: zod_1.z.enum(['instruction', 'template', 'workflow', 'reference', 'example', 'agent']).optional()
 }).strict();
 // ── Diagnostics ──────────────────────────────────────────────────────────────
 const zDiagnostics = zod_1.z.object({

package/dist/versioning/schemaVersion.d.ts

@@ -1,4 +1,4 @@
-export declare const SCHEMA_VERSION = "4";
+export declare const SCHEMA_VERSION = "5";
 export interface MigrationResult {
     changed: boolean;
     notes?: string[];