@jagilber-org/index-server 1.28.10 → 1.28.19

package/dist/services/handlers/instructions.add.js

@@ -13,6 +13,7 @@ const schemaVersion_1 = require("../../versioning/schemaVersion");
 const classificationService_1 = require("../classificationService");
 const ownershipService_1 = require("../ownershipService");
 const auditLog_1 = require("../auditLog");
+const logger_1 = require("../logger");
 const toolRegistry_1 = require("../toolRegistry");
 const runtimeConfig_1 = require("../../config/runtimeConfig");
 const canonical_1 = require("../canonical");
@@ -274,6 +275,12 @@ const instructions_shared_1 = require("./instructions.shared");
             }
         }
     }
+    // Caller-required minimum for index_add. Other canonical-required fields
+    // (categories, contentType, etc.) are defaulted by normalization further
+    // down (categories → 'uncategorized'; classifier fills contentType /
+    // classification / status). Do not derive this from REQUIRED_INPUT_KEYS —
+    // canonical required[] reflects the on-disk record, not the smallest
+    // payload a caller may submit.
     const requiredFieldErrors = [
         !e.id ? 'id: missing required field' : undefined,
         e.title === undefined ? 'title: missing required field' : undefined,
@@ -580,6 +587,17 @@ const instructions_shared_1 = require("./instructions.shared");
             return { id: e.id, success: true, skipped: true, created: false, overwritten: false, hash: st0.hash, repaired: repaired ? true : undefined };
         }
         // Catch-all: never expose raw Node error text (ENOENT, null-byte path errors, stack frames) to MCP clients.
+        const writeError = err instanceof Error ? err : new Error(String(err));
+        (0, logger_1.logError)('[add] instruction write failed', {
+            id: e.id,
+            error: writeError.message,
+            stack: writeError.stack,
+        });
+        (0, auditLog_1.logAudit)('add_write_failed', e.id, {
+            error: writeError.message,
+            errorName: writeError.name,
+            overwrite: Boolean(overwrite),
+        });
         return fail('write_failed', {
             id: e.id,
             message: 'Instruction write failed due to an internal error. The error details are not exposed to clients.',

package/dist/services/handlers/instructions.groom.js

@@ -159,7 +159,12 @@ const instructionRecordValidation_1 = require("../instructionRecordValidation");
     const skippedErrors = [];
     try {
         const dir = (0, indexContext_1.getInstructionsDir)();
-        const diskFiles = fs_1.default.readdirSync(dir).filter(f => f.endsWith('.json') && !f.startsWith('_'));
+        // Exclude internal manifest (_*) and bootstrap gating state files. These
+        // are runtime bookkeeping owned by bootstrapGating.ts, not instructions.
+        // Without this filter they surface as 'missing required fields' noise in
+        // every index_repair response. RCA 2026-05-07.
+        const STATE_FILES = new Set(['bootstrap.confirmed.json', 'bootstrap.pending.json']);
+        const diskFiles = fs_1.default.readdirSync(dir).filter(f => f.endsWith('.json') && !f.startsWith('_') && !STATE_FILES.has(f));
         // Use the compiled-in schema property set so disk-resident vs static-import
         // schemas can never diverge (review #211 finding 9).
         const schemaProps = (0, loaderSchemaValidator_1.getSchemaPropertyNames)();

package/dist/services/handlers/instructions.import.js

@@ -14,6 +14,7 @@ const classificationService_1 = require("../classificationService");
 const ownershipService_1 = require("../ownershipService");
 const instructionRecordValidation_1 = require("../instructionRecordValidation");
 const instructionRecordValidation_2 = require("../instructionRecordValidation");
+const instructionSchema_1 = require("../../schemas/instructionSchema");
 const auditLog_1 = require("../auditLog");
 const logger_1 = require("../logger");
 // Structured WARN without auto-attached call stack: the log-hygiene gate
@@ -149,10 +150,36 @@ function parseInlineEntries(rawEntries) {
     let imported = 0, skipped = 0, overwritten = 0;
     const errors = [];
     const classifier = new classificationService_1.ClassificationService();
+    // Aggregate counts of server-managed fields we silently dropped from caller-supplied
+    // entries. Reported back so callers can see the implicit normalisation. The split is
+    // driven by SERVER_MANAGED_KEYS (annotated x-fieldClass on the canonical schema), so
+    // export→import is naturally round-trippable: server-owned timestamps/hashes are
+    // partitioned out of the input contract before validation.
+    const stripped = {};
     const skippedIds = new Set();
     const formatImportValidationError = (validationErrors) => `invalid_instruction: ${validationErrors.join('; ')}`;
-    for (const e of entries) {
-        const id = e?.id || 'unknown';
+    for (const rawEntry of entries) {
+        const id = rawEntry?.id || 'unknown';
+        // Partition server-managed fields out of the input. Preserves usageCount /
+        // firstSeenTs / lastUsedAt for restore scenarios; discards the rest (server
+        // recomputes sourceHash, schemaVersion, createdAt, updatedAt on write).
+        const partition = (0, instructionSchema_1.splitEntry)(rawEntry);
+        const carryForward = {};
+        for (const key of Object.keys(partition.serverManaged)) {
+            stripped[key] = (stripped[key] || 0) + 1;
+            // Carry-forward fields that represent observed usage history rather than
+            // server-derived integrity. The server will re-derive sourceHash,
+            // schemaVersion, createdAt, updatedAt regardless of input.
+            if (key === 'usageCount' || key === 'firstSeenTs' || key === 'lastUsedAt' || key === 'archivedAt') {
+                carryForward[key] = partition.serverManaged[key];
+            }
+        }
+        const e = { ...partition.input, ...partition.unknown };
+        // Caller-required minimum for index_import. Other canonical-required
+        // fields (categories → 'uncategorized'; classifier-filled contentType)
+        // are defaulted by normalization further down. Do not derive this from
+        // REQUIRED_INPUT_KEYS — canonical required[] reflects the on-disk
+        // record, not the smallest payload a caller may submit.
         const requiredFieldErrors = [
             !e?.id ? 'id: missing required field' : undefined,
             e?.title === undefined ? 'title: missing required field' : undefined,
@@ -224,7 +251,14 @@ function parseInlineEntries(rawEntries) {
             skippedIds.add(e.id);
             continue;
         }
-        const base = existing ? { ...existing, title: e.title, body: bodyTrimmed, rationale: e.rationale, priority: e.priority, audience: e.audience, requirement: e.requirement, categories, primaryCategory: effectivePrimary, updatedAt: now } : { id: e.id, title: e.title, body: bodyTrimmed, rationale: e.rationale, priority: e.priority, audience: e.audience, requirement: e.requirement, categories, primaryCategory: effectivePrimary, sourceHash: newBodyHash, schemaVersion: schemaVersion_1.SCHEMA_VERSION, deprecatedBy: e.deprecatedBy, createdAt: now, updatedAt: now, riskScore: e.riskScore, createdByAgent: instructionsCfg.agentId, sourceWorkspace: instructionsCfg.workspaceId, extensions: e.extensions };
+        // For overwrites we still apply carryForward AFTER spreading `existing` so a
+        // caller-supplied usageCount / firstSeenTs / lastUsedAt / archivedAt (e.g. a
+        // restored export) wins over what's currently in the store. For new entries
+        // the same spread provides defaults from the export. carryForward is empty
+        // when the caller did not supply any of those keys.
+        const base = existing
+            ? { ...existing, title: e.title, body: bodyTrimmed, rationale: e.rationale, priority: e.priority, audience: e.audience, requirement: e.requirement, categories, primaryCategory: effectivePrimary, updatedAt: now, ...carryForward }
+            : { id: e.id, title: e.title, body: bodyTrimmed, rationale: e.rationale, priority: e.priority, audience: e.audience, requirement: e.requirement, categories, primaryCategory: effectivePrimary, sourceHash: newBodyHash, schemaVersion: schemaVersion_1.SCHEMA_VERSION, deprecatedBy: e.deprecatedBy, createdAt: now, updatedAt: now, riskScore: e.riskScore, createdByAgent: instructionsCfg.agentId, sourceWorkspace: instructionsCfg.workspaceId, extensions: e.extensions, ...carryForward };
         (0, instructions_shared_1.applyGovernanceKeys)(base, e, instructions_shared_1.IMPORT_GOVERNANCE_KEYS);
         if (!base.sourceWorkspace)
             base.sourceWorkspace = instructionsCfg.workspaceId;
@@ -254,9 +288,10 @@ function parseInlineEntries(rawEntries) {
                 (0, logger_1.logError)('[import] entry write rejected', { id: e.id, reason: 'validation-failed-at-write', error: errMsg });
                 continue;
             }
-            const writeMsg = err.message || 'unknown';
-            errors.push({ id: e.id, error: `write-failed: ${writeMsg}` });
-            (0, logger_1.logError)('[import] entry write failed', { id: e.id, error: writeMsg, stack: err.stack });
+            const writeError = err instanceof Error ? err : new Error(String(err));
+            errors.push({ id: e.id, error: 'write_failed: Instruction write failed due to an internal error. The error details are not exposed to clients.' });
+            (0, logger_1.logError)('[import] entry write failed', { id: e.id, error: writeError.message, stack: writeError.stack });
+            (0, auditLog_1.logAudit)('import_write_failed', e.id, { error: writeError.message, errorName: writeError.name, mode });
             continue;
         }
         if (fileExists && mode === 'overwrite')
@@ -283,7 +318,7 @@ function parseInlineEntries(rawEntries) {
         (0, logger_1.logError)('[import] verification failed', { missingAfterReload: verificationErrors.length, ids: verificationErrors.map(v => v.id) });
     }
     const verifiedCount = writtenIds.length - verificationErrors.length;
-    const summary = { hash: st.hash, imported, skipped, overwritten, total: entries.length, errors, verified: verificationErrors.length === 0, verifiedCount, verificationErrorCount: verificationErrors.length };
+    const summary = { hash: st.hash, imported, skipped, overwritten, total: entries.length, errors, verified: verificationErrors.length === 0, verifiedCount, verificationErrorCount: verificationErrors.length, stripped };
     (0, auditLog_1.logAudit)('import', entries.map(e => e.id), { imported, skipped, overwritten, errors: errors.length, verified: verificationErrors.length === 0 });
     if (errors.length) {
         warnStruct('[import] complete with errors', { imported, skipped, overwritten, total: entries.length, errorCount: errors.length, verifiedCount, verificationErrorCount: verificationErrors.length, errorIds: errors.map(e => e.id) });

package/dist/services/handlers.activation.js

@@ -73,10 +73,11 @@ const ACTIVATION_GUIDE_VERSION = '1.0.0';
             function: 'activate_feedback_and_health_monitoring_tools()',
             description: 'Feedback submission and system health monitoring',
             tools: [
+                'feedback_manage',
                 'feedback_submit',
                 'health_check'
             ],
-            toolCount: 2
+            toolCount: 3
         }
     };
     if (diagnosticsEnabled) {
@@ -171,6 +172,7 @@ const ACTIVATION_GUIDE_VERSION = '1.0.0';
         'bootstrap_request': { category: 'bootstrap', function: 'activate_bootstrap_management_tools' },
         'bootstrap_confirmFinalize': { category: 'bootstrap', function: 'activate_bootstrap_management_tools' },
         'bootstrap_status': { category: 'bootstrap', function: 'activate_bootstrap_management_tools' },
+        'feedback_manage': { category: 'health', function: 'activate_feedback_and_health_monitoring_tools' },
         'feedback_submit': { category: 'health', function: 'activate_feedback_and_health_monitoring_tools' },
         'health_check': { category: 'health', function: 'activate_feedback_and_health_monitoring_tools' }
     };

package/dist/services/handlers.dashboardConfig.js

@@ -56,6 +56,7 @@ exports.FLAG_REGISTRY = [
     { name: 'INDEX_SERVER_DISABLE_EARLY_STDIN_BUFFER', category: 'diagnostics', description: 'Disable early stdin buffering (compare fragmentation behavior).', stability: 'diagnostic', default: 'off', type: 'boolean', since: '1.1.1' },
     { name: 'INDEX_SERVER_FATAL_EXIT_DELAY_MS', category: 'diagnostics', description: 'Delay before forced fatal exit (ms).', stability: 'diagnostic', default: '15', type: 'number', since: '1.1.1' },
     { name: 'INDEX_SERVER_IDLE_KEEPALIVE_MS', category: 'diagnostics', description: 'Keepalive interval for idle transports.', stability: 'stable', default: '30000', type: 'number', since: '1.0.0' },
+    { name: 'INDEX_SERVER_DISABLE_PPID_WATCHDOG', category: 'diagnostics', description: 'Disable parent-process watchdog. Required for dev sandbox launchers that spawn through a transient shell (e.g. cmd /c start /B node).', stability: 'experimental', default: 'off', type: 'boolean', since: '1.28.14' },
     { name: 'INDEX_SERVER_ADD_TIMING', category: 'diagnostics', description: 'Embed per-tool timing phase marks in response envelope.', stability: 'diagnostic', default: 'off', type: 'boolean', since: '1.1.1' },
     { name: 'INDEX_SERVER_TRACE_DISPATCH_DIAG', category: 'diagnostics', description: 'Extra dispatcher timing/phase logs (use INDEX_SERVER_TRACE=dispatchDiag).', stability: 'diagnostic', default: 'off', type: 'boolean', since: '1.1.1' },
     // Stress / adversarial
@@ -90,7 +91,7 @@ exports.FLAG_REGISTRY = [
     { name: 'INDEX_SERVER_SQLITE_PATH', category: 'storage', description: 'SQLite database file path.', stability: 'experimental', default: './data/index.db', type: 'string', since: '1.25.0' },
     { name: 'INDEX_SERVER_SQLITE_WAL', category: 'storage', description: 'Enable SQLite WAL journaling.', stability: 'experimental', default: 'on', type: 'boolean', since: '1.25.0' },
     { name: 'INDEX_SERVER_SQLITE_MIGRATE_ON_START', category: 'storage', description: 'Run schema migrations at startup.', stability: 'experimental', default: 'on', type: 'boolean', since: '1.25.0' },
-    { name: 'INDEX_SERVER_SQLITE_VEC_ENABLED', category: 'storage', description: 'Enable sqlite-vec extension for embeddings.', stability: 'experimental', default: 'off', type: 'boolean', since: '1.25.0' },
+    { name: 'INDEX_SERVER_SQLITE_VEC_ENABLED', category: 'storage', description: 'Enable sqlite-vec extension for embeddings. Auto-enabled when INDEX_SERVER_STORAGE_BACKEND=sqlite; set 0 to opt out. Falls back to JSON if native extension fails.', stability: 'experimental', default: 'on (when backend=sqlite), off otherwise', type: 'boolean', since: '1.25.0' },
     { name: 'INDEX_SERVER_SQLITE_VEC_PATH', category: 'storage', description: 'Path to sqlite-vec loadable extension.', stability: 'experimental', default: '(unset)', type: 'string', since: '1.25.0' },
     // Feedback & messaging
     { name: 'INDEX_SERVER_FEEDBACK_DIR', category: 'feedback', description: 'Feedback storage directory.', stability: 'stable', default: './feedback', type: 'string', since: '1.10.0' },

package/dist/services/handlers.feedback.d.ts

@@ -1,8 +1,8 @@
 /**
- * MCP feedback handler — submit-only surface.
+ * MCP feedback handlers.
  *
- * Only feedback_submit is exposed via MCP.
- * Storage I/O is delegated to the shared feedbackStorage module so the
- * dashboard CRUD phase can use the same persisted file without duplicating logic.
+ * feedback_submit remains a standalone alias for quick agent reporting.
+ * feedback_manage is the single action-dispatch management surface for
+ * submit/list/get/update/delete/stats.
  */
 export {};

package/dist/services/handlers.feedback.js

@@ -1,67 +1,430 @@
 "use strict";
 /**
- * MCP feedback handler — submit-only surface.
+ * MCP feedback handlers.
  *
- * Only feedback_submit is exposed via MCP.
- * Storage I/O is delegated to the shared feedbackStorage module so the
- * dashboard CRUD phase can use the same persisted file without duplicating logic.
+ * feedback_submit remains a standalone alias for quick agent reporting.
+ * feedback_manage is the single action-dispatch management surface for
+ * submit/list/get/update/delete/stats.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 const registry_1 = require("../server/registry");
 const logger_1 = require("./logger");
 const auditLog_1 = require("./auditLog");
 const feedbackStorage_1 = require("./feedbackStorage");
-(0, registry_1.registerHandler)('feedback_submit', (params) => {
-    if (!params.type || !params.severity || !params.title || !params.description) {
-        throw new Error('Missing required parameters: type, severity, title, description');
+const VALID_TYPES = ['issue', 'status', 'security', 'feature-request', 'bug-report', 'performance', 'usability', 'other'];
+const VALID_SEVERITIES = ['low', 'medium', 'high', 'critical'];
+const VALID_STATUSES = ['new', 'acknowledged', 'in-progress', 'resolved', 'closed'];
+const MAX_TITLE_LENGTH = 200;
+const MAX_DESCRIPTION_LENGTH = 10_000;
+const MAX_TAGS = 10;
+const MAX_LIST_LIMIT = 200;
+function errorEnvelope(action, error, message, opts = {}) {
+    return {
+        action: action || 'unknown',
+        success: false,
+        error,
+        message,
+        ...opts,
+    };
+}
+function isFeedbackType(value) {
+    return VALID_TYPES.includes(value);
+}
+function isFeedbackSeverity(value) {
+    return VALID_SEVERITIES.includes(value);
+}
+function isFeedbackStatus(value) {
+    return VALID_STATUSES.includes(value);
+}
+function sanitizeTags(value) {
+    if (!Array.isArray(value))
+        return undefined;
+    const tags = value
+        .filter((tag) => typeof tag === 'string')
+        .map(tag => tag.trim())
+        .filter(Boolean)
+        .slice(0, MAX_TAGS);
+    return tags.length > 0 ? tags : undefined;
+}
+function validateSubmitParams(params) {
+    const missing = ['type', 'severity', 'title', 'description'].filter((field) => {
+        const value = params[field];
+        return typeof value !== 'string' || !value.trim();
+    });
+    if (missing.length) {
+        return errorEnvelope('submit', 'missing_required', `Missing required parameter(s): ${missing.join(', ')}`, {
+            hint: 'Submit requires type, severity, title, and description.',
+        });
     }
-    const validTypes = ['issue', 'status', 'security', 'feature-request', 'bug-report', 'performance', 'usability', 'other'];
-    const validSeverities = ['low', 'medium', 'high', 'critical'];
-    if (!validTypes.includes(params.type)) {
-        throw new Error(`Invalid type. Must be one of: ${validTypes.join(', ')}`);
+    if (!isFeedbackType(params.type)) {
+        return errorEnvelope('submit', 'invalid_param', `Invalid type. Must be one of: ${VALID_TYPES.join(', ')}`);
     }
-    if (!validSeverities.includes(params.severity)) {
-        throw new Error(`Invalid severity. Must be one of: ${validSeverities.join(', ')}`);
+    if (!isFeedbackSeverity(params.severity)) {
+        return errorEnvelope('submit', 'invalid_param', `Invalid severity. Must be one of: ${VALID_SEVERITIES.join(', ')}`);
     }
+    if (params.tags !== undefined && !Array.isArray(params.tags)) {
+        return errorEnvelope('submit', 'invalid_param', 'Invalid tags. Must be an array of strings.');
+    }
+    return undefined;
+}
+function createFeedbackEntry(params) {
     const timestamp = new Date().toISOString();
     const entry = {
         id: (0, feedbackStorage_1.generateFeedbackId)(params.type, timestamp),
         timestamp,
         type: params.type,
         severity: params.severity,
-        title: params.title.substring(0, 200),
-        description: params.description.substring(0, 10000),
+        title: params.title.trim().slice(0, MAX_TITLE_LENGTH),
+        description: params.description.slice(0, MAX_DESCRIPTION_LENGTH),
         context: params.context,
         metadata: params.metadata,
-        tags: params.tags?.slice(0, 10),
-        status: 'new'
+        tags: sanitizeTags(params.tags),
+        status: 'new',
     };
+    return entry;
+}
+function emitCriticalFeedbackNotice(entry) {
+    if (entry.type !== 'security' && entry.severity !== 'critical')
+        return;
+    try {
+        process.stderr.write(`[SECURITY/CRITICAL] Feedback ID: ${entry.id}, Type: ${entry.type}, Title: ${entry.title}\n`);
+    }
+    catch {
+        // Ignore stderr write failures.
+    }
+}
+function persistSubmittedFeedback(params) {
+    const entry = createFeedbackEntry(params);
     const storage = (0, feedbackStorage_1.loadFeedbackStorage)();
     storage.entries.push(entry);
     (0, feedbackStorage_1.saveFeedbackStorage)(storage);
     (0, auditLog_1.logAudit)('feedback_submit', [entry.id], {
         type: entry.type,
         severity: entry.severity,
-        title: entry.title
+        title: entry.title,
     }, 'feedback');
     (0, logger_1.logInfo)('[feedback] Feedback submitted', {
         id: entry.id,
         type: entry.type,
         severity: entry.severity,
-        title: entry.title
+        title: entry.title,
     });
-    if (entry.type === 'security' || entry.severity === 'critical') {
-        try {
-            process.stderr.write(`[SECURITY/CRITICAL] Feedback ID: ${entry.id}, Type: ${entry.type}, Title: ${entry.title}\n`);
+    emitCriticalFeedbackNotice(entry);
+    return entry;
+}
+function submitFeedbackOrThrow(params) {
+    const validationError = validateSubmitParams(params);
+    if (validationError)
+        throw new Error(validationError.message);
+    const entry = persistSubmittedFeedback(params);
+    return {
+        success: true,
+        feedbackId: entry.id,
+        timestamp: entry.timestamp,
+        message: 'Feedback submitted successfully',
+    };
+}
+function submitFeedbackManaged(params) {
+    const validationError = validateSubmitParams(params);
+    if (validationError)
+        return validationError;
+    try {
+        const entry = persistSubmittedFeedback(params);
+        return {
+            action: 'submit',
+            success: true,
+            feedbackId: entry.id,
+            entry,
+            timestamp: entry.timestamp,
+            message: 'Feedback submitted successfully',
+        };
+    }
+    catch (error) {
+        (0, logger_1.logError)('[feedback] feedback_manage submit storage failure', error instanceof Error ? error : { error: String(error) });
+        (0, auditLog_1.logAudit)('feedback_manage_storage_error', undefined, { action: 'submit' }, 'feedback');
+        return errorEnvelope('submit', 'storage_error', 'Feedback submit failed due to a storage error. The error details are not exposed to clients.');
+    }
+}
+function loadStorageManaged(action) {
+    try {
+        return (0, feedbackStorage_1.loadFeedbackStorage)();
+    }
+    catch (error) {
+        (0, logger_1.logError)('[feedback] feedback_manage storage load failure', error instanceof Error ? error : { error: String(error), action });
+        (0, auditLog_1.logAudit)('feedback_manage_storage_error', undefined, { action }, 'feedback');
+        return errorEnvelope(action, 'storage_error', 'Feedback storage could not be loaded. The error details are not exposed to clients.');
+    }
+}
+function saveStorageManaged(action, storage, id) {
+    try {
+        (0, feedbackStorage_1.saveFeedbackStorage)(storage);
+        return undefined;
+    }
+    catch (error) {
+        (0, logger_1.logError)('[feedback] feedback_manage storage save failure', error instanceof Error ? error : { error: String(error), action, id });
+        (0, auditLog_1.logAudit)('feedback_manage_storage_error', id ? [id] : undefined, { action }, 'feedback');
+        return errorEnvelope(action, 'storage_error', 'Feedback update failed due to a storage error. The error details are not exposed to clients.', { id });
+    }
+}
+function requireId(action, id) {
+    if (typeof id !== 'string' || !id.trim()) {
+        return errorEnvelope(action, 'missing_required', 'Missing required parameter: id', {
+            hint: `${action} requires a feedback entry id.`,
+        });
+    }
+    return id;
+}
+function listFeedback(params) {
+    const storage = loadStorageManaged('list');
+    if ('success' in storage)
+        return storage;
+    let entries = [...storage.entries];
+    if (params.type !== undefined) {
+        if (!isFeedbackType(String(params.type)))
+            return errorEnvelope('list', 'invalid_param', `Invalid type. Must be one of: ${VALID_TYPES.join(', ')}`);
+        entries = entries.filter(entry => entry.type === params.type);
+    }
+    if (params.severity !== undefined) {
+        if (!isFeedbackSeverity(String(params.severity)))
+            return errorEnvelope('list', 'invalid_param', `Invalid severity. Must be one of: ${VALID_SEVERITIES.join(', ')}`);
+        entries = entries.filter(entry => entry.severity === params.severity);
+    }
+    if (params.status !== undefined) {
+        if (!isFeedbackStatus(String(params.status)))
+            return errorEnvelope('list', 'invalid_param', `Invalid status. Must be one of: ${VALID_STATUSES.join(', ')}`);
+        entries = entries.filter(entry => entry.status === params.status);
+    }
+    if (params.since !== undefined) {
+        if (Number.isNaN(Date.parse(params.since)))
+            return errorEnvelope('list', 'invalid_param', 'Invalid since. Must be an ISO-compatible date string.');
+        entries = entries.filter(entry => entry.timestamp >= params.since);
+    }
+    if (params.tags !== undefined) {
+        if (!Array.isArray(params.tags))
+            return errorEnvelope('list', 'invalid_param', 'Invalid tags. Must be an array of strings.');
+        const tags = sanitizeTags(params.tags) ?? [];
+        if (tags.length) {
+            entries = entries.filter(entry => entry.tags?.some(tag => tags.includes(tag)));
         }
-        catch {
-            // Ignore stderr write failures
+    }
+    entries.sort((a, b) => b.timestamp.localeCompare(a.timestamp));
+    const limit = params.limit === undefined ? 50 : params.limit;
+    const offset = params.offset === undefined ? 0 : params.offset;
+    if (!Number.isInteger(limit) || limit < 1 || limit > MAX_LIST_LIMIT) {
+        return errorEnvelope('list', 'invalid_param', `Invalid limit. Must be an integer from 1 to ${MAX_LIST_LIMIT}.`);
+    }
+    if (!Number.isInteger(offset) || offset < 0) {
+        return errorEnvelope('list', 'invalid_param', 'Invalid offset. Must be a non-negative integer.');
+    }
+    return {
+        action: 'list',
+        success: true,
+        entries: entries.slice(offset, offset + limit),
+        total: entries.length,
+        limit,
+        offset,
+        hasMore: offset + limit < entries.length,
+        lastUpdated: storage.lastUpdated,
+    };
+}
+function getFeedback(params) {
+    const id = requireId('get', params.id);
+    if (typeof id !== 'string')
+        return id;
+    const storage = loadStorageManaged('get');
+    if ('success' in storage)
+        return storage;
+    const entry = storage.entries.find(item => item.id === id);
+    if (!entry) {
+        return errorEnvelope('get', 'not_found', `Feedback entry not found: ${id}`, {
+            id,
+            hint: 'Use feedback_manage with action=list to inspect available entries.',
+        });
+    }
+    return { action: 'get', success: true, entry };
+}
+function updateFeedback(params) {
+    const id = requireId('update', params.id);
+    if (typeof id !== 'string')
+        return id;
+    const storage = loadStorageManaged('update');
+    if ('success' in storage)
+        return storage;
+    const index = storage.entries.findIndex(item => item.id === id);
+    if (index === -1) {
+        return errorEnvelope('update', 'not_found', `Feedback entry not found: ${id}`, {
+            id,
+            hint: 'Use feedback_manage with action=list to inspect available entries.',
+        });
+    }
+    const entry = { ...storage.entries[index] };
+    const updatedFields = [];
+    if (params.status !== undefined) {
+        if (!isFeedbackStatus(String(params.status)))
+            return errorEnvelope('update', 'invalid_param', `Invalid status. Must be one of: ${VALID_STATUSES.join(', ')}`, { id });
+        entry.status = params.status;
+        updatedFields.push('status');
+    }
+    if (params.title !== undefined) {
+        if (typeof params.title !== 'string' || !params.title.trim())
+            return errorEnvelope('update', 'invalid_param', 'Invalid title. Must be a non-empty string.', { id });
+        entry.title = params.title.trim().slice(0, MAX_TITLE_LENGTH);
+        updatedFields.push('title');
+    }
+    if (params.description !== undefined) {
+        if (typeof params.description !== 'string')
+            return errorEnvelope('update', 'invalid_param', 'Invalid description. Must be a string.', { id });
+        entry.description = params.description.slice(0, MAX_DESCRIPTION_LENGTH);
+        updatedFields.push('description');
+    }
+    if (params.severity !== undefined) {
+        if (!isFeedbackSeverity(String(params.severity)))
+            return errorEnvelope('update', 'invalid_param', `Invalid severity. Must be one of: ${VALID_SEVERITIES.join(', ')}`, { id });
+        entry.severity = params.severity;
+        updatedFields.push('severity');
+    }
+    if (params.tags !== undefined) {
+        if (!Array.isArray(params.tags))
+            return errorEnvelope('update', 'invalid_param', 'Invalid tags. Must be an array of strings.', { id });
+        entry.tags = sanitizeTags(params.tags);
+        updatedFields.push('tags');
+    }
+    if (params.metadata !== undefined) {
+        if (!params.metadata || typeof params.metadata !== 'object' || Array.isArray(params.metadata)) {
+            return errorEnvelope('update', 'invalid_param', 'Invalid metadata. Must be an object.', { id });
         }
+        entry.metadata = { ...entry.metadata, ...params.metadata };
+        updatedFields.push('metadata');
     }
+    if (!updatedFields.length) {
+        return errorEnvelope('update', 'missing_required', 'No update fields provided.', {
+            id,
+            hint: 'Provide one or more of status, title, description, severity, tags, or metadata.',
+        });
+    }
+    storage.entries[index] = entry;
+    const saveError = saveStorageManaged('update', storage, id);
+    if (saveError)
+        return saveError;
+    (0, auditLog_1.logAudit)('feedback_manage_update', [id], { fields: updatedFields }, 'feedback');
+    (0, logger_1.logInfo)('[feedback] Feedback entry updated', { id, fields: updatedFields });
     return {
+        action: 'update',
         success: true,
-        feedbackId: entry.id,
-        timestamp: entry.timestamp,
-        message: 'Feedback submitted successfully'
+        entry,
+        message: 'Feedback entry updated successfully',
+    };
+}
+function deleteFeedback(params) {
+    const id = requireId('delete', params.id);
+    if (typeof id !== 'string')
+        return id;
+    const storage = loadStorageManaged('delete');
+    if ('success' in storage)
+        return storage;
+    const index = storage.entries.findIndex(item => item.id === id);
+    if (index === -1) {
+        return errorEnvelope('delete', 'not_found', `Feedback entry not found: ${id}`, {
+            id,
+            hint: 'Use feedback_manage with action=list to inspect available entries.',
+        });
+    }
+    storage.entries.splice(index, 1);
+    const saveError = saveStorageManaged('delete', storage, id);
+    if (saveError)
+        return saveError;
+    (0, auditLog_1.logAudit)('feedback_manage_delete', [id], undefined, 'feedback');
+    (0, logger_1.logInfo)('[feedback] Feedback entry deleted', { id });
+    return {
+        action: 'delete',
+        success: true,
+        deleted: true,
+        id,
+        message: 'Feedback entry deleted successfully',
+    };
+}
+function feedbackStats(params) {
+    const storage = loadStorageManaged('stats');
+    if ('success' in storage)
+        return storage;
+    if (params.since !== undefined && Number.isNaN(Date.parse(params.since))) {
+        return errorEnvelope('stats', 'invalid_param', 'Invalid since. Must be an ISO-compatible date string.');
+    }
+    const entries = params.since ? storage.entries.filter(entry => entry.timestamp >= params.since) : storage.entries;
+    const now = Date.now();
+    const day = 24 * 60 * 60 * 1000;
+    const stats = {
+        total: entries.length,
+        byType: {},
+        bySeverity: {},
+        byStatus: {},
+        recentActivity: {
+            last24h: 0,
+            last7d: 0,
+            last30d: 0,
+        },
     };
+    for (const entry of entries) {
+        stats.byType[entry.type] = (stats.byType[entry.type] || 0) + 1;
+        stats.bySeverity[entry.severity] = (stats.bySeverity[entry.severity] || 0) + 1;
+        stats.byStatus[entry.status] = (stats.byStatus[entry.status] || 0) + 1;
+        const age = now - new Date(entry.timestamp).getTime();
+        if (age <= day)
+            stats.recentActivity.last24h += 1;
+        if (age <= 7 * day)
+            stats.recentActivity.last7d += 1;
+        if (age <= 30 * day)
+            stats.recentActivity.last30d += 1;
+    }
+    return {
+        action: 'stats',
+        success: true,
+        stats,
+        storageInfo: {
+            lastUpdated: storage.lastUpdated,
+            version: storage.version,
+            maxEntries: (0, feedbackStorage_1.getMaxEntries)(),
+        },
+    };
+}
+(0, registry_1.registerHandler)('feedback_submit', (params) => {
+    try {
+        return submitFeedbackOrThrow(params);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (!message.startsWith('Missing required parameter') && !message.startsWith('Invalid ')) {
+            (0, logger_1.logError)('[feedback] feedback_submit storage failure', error instanceof Error ? error : { error: message });
+            (0, auditLog_1.logAudit)('feedback_submit_storage_error', undefined, {}, 'feedback');
+            throw new Error('Feedback submit failed due to a storage error. The error details are not exposed to clients.');
+        }
+        throw error;
+    }
+});
+(0, registry_1.registerHandler)('feedback_manage', (params) => {
+    try {
+        const action = params?.action;
+        if (!action) {
+            return errorEnvelope('unknown', 'missing_required', 'Missing required parameter: action', {
+                hint: 'Use one of: submit, list, get, update, delete, stats.',
+            });
+        }
+        if (!['submit', 'list', 'get', 'update', 'delete', 'stats'].includes(action)) {
+            return errorEnvelope(action, 'invalid_param', 'Invalid action. Must be one of: submit, list, get, update, delete, stats.');
+        }
+        switch (action) {
+            case 'submit': return submitFeedbackManaged(params);
+            case 'list': return listFeedback(params);
+            case 'get': return getFeedback(params);
+            case 'update': return updateFeedback(params);
+            case 'delete': return deleteFeedback(params);
+            case 'stats': return feedbackStats(params);
+        }
+    }
+    catch (error) {
+        const action = params?.action || 'unknown';
+        (0, logger_1.logError)('[feedback] feedback_manage unexpected failure', error instanceof Error ? error : { error: String(error), action });
+        (0, auditLog_1.logAudit)('feedback_manage_storage_error', undefined, { action }, 'feedback');
+        return errorEnvelope(action, 'storage_error', 'Feedback management failed due to a storage error. The error details are not exposed to clients.');
+    }
 });