@massu/core 0.1.1 → 0.4.0

package/src/memory-tools.ts

@@ -2,8 +2,7 @@
 // Licensed under BSL 1.1 - see LICENSE file for details.
 
 import type Database from 'better-sqlite3';
-import type { ToolDefinition, ToolResult } from './tool-helpers.ts';
-import { p, text } from './tool-helpers.ts';
+import type { ToolDefinition, ToolResult } from './tools.ts';
 import {
   searchObservations,
   getRecentObservations,
@@ -16,21 +15,15 @@ import {
 } from './memory-db.ts';
 import { getConfig } from './config.ts';
 
+/** Prefix a base tool name with the configured tool prefix. */
+function p(baseName: string): string {
+  return `${getConfig().toolPrefix}_${baseName}`;
+}
+
 // ============================================================
 // P4-001 through P4-006: MCP Memory Tools
 // ============================================================
 
-const MEMORY_BASE_NAMES = new Set([
-  'memory_search', 'memory_timeline', 'memory_detail',
-  'memory_sessions', 'memory_failures', 'memory_ingest',
-]);
-
-export function isMemoryTool(name: string): boolean {
-  const pfx = getConfig().toolPrefix + '_';
-  const baseName = name.startsWith(pfx) ? name.slice(pfx.length) : name;
-  return MEMORY_BASE_NAMES.has(baseName);
-}
-
 /**
  * Get all memory tool definitions.
  */
@@ -45,7 +38,7 @@ export function getMemoryToolDefinitions(): ToolDefinition[] {
         properties: {
           query: { type: 'string', description: 'Search text (FTS5 query syntax supported)' },
           type: { type: 'string', description: 'Filter by observation type (decision, bugfix, feature, failed_attempt, cr_violation, vr_check, etc.)' },
-          cr_rule: { type: 'string', description: 'Filter by CR rule (e.g., CR-16)' },
+          cr_rule: { type: 'string', description: 'Filter by CR rule (e.g., CR-9)' },
           date_from: { type: 'string', description: 'Start date (ISO format)' },
           limit: { type: 'number', description: 'Max results (default: 20)' },
         },
@@ -122,7 +115,7 @@ export function getMemoryToolDefinitions(): ToolDefinition[] {
           title: { type: 'string', description: 'Short description' },
           detail: { type: 'string', description: 'Full context' },
           importance: { type: 'number', description: 'Override importance (1-5, default: auto-assigned)' },
-          cr_rule: { type: 'string', description: 'Link to CR rule (e.g., CR-16)' },
+          cr_rule: { type: 'string', description: 'Link to CR rule (e.g., CR-9)' },
           plan_item: { type: 'string', description: 'Link to plan item (e.g., P2-003)' },
           files: {
             type: 'array',
@@ -381,7 +374,13 @@ function handleIngest(args: Record<string, unknown>, db: Database.Database): Too
   return text(`Observation #${id} recorded successfully.\nType: ${type}\nTitle: ${title}\nImportance: ${importance}\nSession: ${activeSession.session_id.slice(0, 8)}...`);
 }
 
+// ============================================================
+// Helpers
+// ============================================================
 
+function text(content: string): ToolResult {
+  return { content: [{ type: 'text', text: content }] };
+}
 
 function safeParseJson(json: string, fallback: unknown): unknown {
   try {

package/src/observability-tools.ts

@@ -2,8 +2,7 @@
 // Licensed under BSL 1.1 - see LICENSE file for details.
 
 import type Database from 'better-sqlite3';
-import type { ToolDefinition, ToolResult } from './tool-helpers.ts';
-import { p, text } from './tool-helpers.ts';
+import type { ToolDefinition, ToolResult } from './tools.ts';
 import {
   getConversationTurns,
   searchConversationTurns,
@@ -14,6 +13,11 @@ import {
 } from './memory-db.ts';
 import { getConfig } from './config.ts';
 
+/** Prefix a base tool name with the configured tool prefix. */
+function p(baseName: string): string {
+  return `${getConfig().toolPrefix}_${baseName}`;
+}
+
 // ============================================================
 // Observability MCP Tools (P3-001 through P3-004)
 // ============================================================
@@ -330,3 +334,10 @@ function handleSessionStats(args: Record<string, unknown>, db: Database.Database
   return text(lines.join('\n'));
 }
 
+// ============================================================
+// Helpers
+// ============================================================
+
+function text(content: string): ToolResult {
+  return { content: [{ type: 'text', text: content }] };
+}

package/src/observation-extractor.ts

@@ -14,7 +14,8 @@ import {
 import type { AddObservationOpts } from './memory-db.ts';
 import { assignImportance } from './memory-db.ts';
 import { detectDecisionPatterns } from './adr-generator.ts';
-import { getProjectRoot } from './config.ts';
+import { getProjectRoot, getConfig, getResolvedPaths } from './config.ts';
+import { homedir } from 'os';
 
 // ============================================================
 // P2-002: Observation Extractor
@@ -209,8 +210,10 @@ function classifyToolCall(tc: ParsedToolCall): ExtractedObservation | null {
 
     case 'Read': {
       const filePath = tc.input.file_path as string ?? 'unknown';
-      // Only keep reads of interesting files (plan files, CLAUDE.md, etc.)
-      if (filePath.includes('/plans/') || filePath.includes('CLAUDE.md') || filePath.includes('CURRENT.md')) {
+      // Only keep reads of interesting files (plan files, knowledge source files, etc.)
+      const knowledgeSourceFiles = getConfig().conventions?.knowledgeSourceFiles ?? ['CLAUDE.md', 'MEMORY.md', 'corrections.md'];
+      const plansDir = getResolvedPaths().plansDir;
+      if (filePath.includes(plansDir) || knowledgeSourceFiles.some(f => filePath.includes(f))) {
         const title = `Read: ${shortenPath(filePath)}`;
         return {
           type: 'discovery',
@@ -352,7 +355,11 @@ function shortenPath(filePath: string): string {
   if (filePath.startsWith(root + '/')) {
     return filePath.slice(root.length + 1);
   }
-  return filePath.replace(/^\/Users\/\w+\//, '~/');
+  const home = homedir();
+  if (filePath.startsWith(home + '/')) {
+    return '~/' + filePath.slice(home.length + 1);
+  }
+  return filePath;
 }
 
 /**

package/src/page-deps.ts

@@ -5,6 +5,7 @@ import { readFileSync, existsSync } from 'fs';
 import { resolve } from 'path';
 import type Database from 'better-sqlite3';
 import { getConfig, getProjectRoot } from './config.ts';
+import { ensureWithinRoot } from './security-utils.ts';
 
 export interface PageChain {
   page: string;
@@ -89,7 +90,7 @@ function findRouterCalls(files: string[]): string[] {
   const projectRoot = getProjectRoot();
 
   for (const file of files) {
-    const absPath = resolve(projectRoot, file);
+    const absPath = ensureWithinRoot(resolve(projectRoot, file), projectRoot);
     if (!existsSync(absPath)) continue;
 
     try {
@@ -120,7 +121,7 @@ function findTablesFromRouters(routerNames: string[], dataDb: Database.Database)
     ).all(routerName) as { router_file: string }[];
 
     for (const proc of procs) {
-      const absPath = resolve(getProjectRoot(), proc.router_file);
+      const absPath = ensureWithinRoot(resolve(getProjectRoot(), proc.router_file), getProjectRoot());
       if (!existsSync(absPath)) continue;
 
       try {

package/src/prompt-analyzer.ts

@@ -2,8 +2,7 @@
 // Licensed under BSL 1.1 - see LICENSE file for details.
 
 import type Database from 'better-sqlite3';
-import type { ToolDefinition, ToolResult } from './tool-helpers.ts';
-import { p, text } from './tool-helpers.ts';
+import type { ToolDefinition, ToolResult } from './tools.ts';
 import { createHash } from 'crypto';
 import { getConfig } from './config.ts';
 import { escapeRegex, redactSensitiveContent } from './security-utils.ts';
@@ -12,6 +11,11 @@ import { escapeRegex, redactSensitiveContent } from './security-utils.ts';
 // Prompt Effectiveness Analysis
 // ============================================================
 
+/** Prefix a base tool name with the configured tool prefix. */
+function p(baseName: string): string {
+  return `${getConfig().toolPrefix}_${baseName}`;
+}
+
 /** Default success/failure indicators. Can be overridden via config.analytics.prompts */
 const DEFAULT_SUCCESS_INDICATORS = ['committed', 'approved', 'looks good', 'perfect', 'great', 'thanks'];
 const DEFAULT_FAILURE_INDICATORS = ['revert', 'wrong', "that's not", 'undo', 'incorrect'];
@@ -323,3 +327,6 @@ function handleSuggestions(args: Record<string, unknown>, db: Database.Database)
   return text(lines.join('\n'));
 }
 
+function text(content: string): ToolResult {
+  return { content: [{ type: 'text', text: content }] };
+}

package/src/python/coupling-detector.ts

@@ -0,0 +1,124 @@
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+import { readFileSync, readdirSync } from 'fs';
+import { join, relative } from 'path';
+import type Database from 'better-sqlite3';
+import { getProjectRoot, getConfig } from '../config.ts';
+
+interface CouplingMatch {
+  frontendFile: string;
+  line: number;
+  callPattern: string;
+  routeId: number;
+}
+
+/**
+ * Scan frontend files for API calls matching Python routes.
+ * Stores matches in massu_py_route_callers.
+ */
+export function buildPythonCouplingIndex(dataDb: Database.Database): number {
+  const projectRoot = getProjectRoot();
+  const config = getConfig();
+  const srcDir = join(projectRoot, config.paths.source);
+
+  // Get all routes from DB
+  const routes = dataDb.prepare('SELECT id, method, path FROM massu_py_routes').all() as {
+    id: number; method: string; path: string;
+  }[];
+
+  if (routes.length === 0) return 0;
+
+  // Clear existing callers
+  dataDb.exec('DELETE FROM massu_py_route_callers');
+
+  // Walk frontend files (TS/TSX/JS/JSX)
+  const frontendFiles = walkFrontendFiles(srcDir);
+
+  const insertStmt = dataDb.prepare(
+    'INSERT INTO massu_py_route_callers (route_id, frontend_file, line, call_pattern) VALUES (?, ?, ?, ?)'
+  );
+
+  let count = 0;
+
+  // API call patterns to detect
+  const apiPatterns = [
+    /fetch\s*\(\s*[`'"](\/api\/[^`'"]*)[`'"]/g,           // fetch('/api/...')
+    /fetch\s*\(\s*[`'"]([^`'"]*\/api\/[^`'"]*)[`'"]/g,     // fetch('http.../api/...')
+    /axios\.\w+\s*\(\s*[`'"](\/api\/[^`'"]*)[`'"]/g,       // axios.get('/api/...')
+    /\.get\s*\(\s*[`'"](\/api\/[^`'"]*)[`'"]/g,             // client.get('/api/...')
+    /\.post\s*\(\s*[`'"](\/api\/[^`'"]*)[`'"]/g,            // client.post('/api/...')
+    /\.put\s*\(\s*[`'"](\/api\/[^`'"]*)[`'"]/g,             // client.put('/api/...')
+    /\.delete\s*\(\s*[`'"](\/api\/[^`'"]*)[`'"]/g,          // client.delete('/api/...')
+    /\.patch\s*\(\s*[`'"](\/api\/[^`'"]*)[`'"]/g,           // client.patch('/api/...')
+  ];
+
+  dataDb.transaction(() => {
+    for (const absFile of frontendFiles) {
+      const relFile = relative(projectRoot, absFile);
+      let source: string;
+      try { source = readFileSync(absFile, 'utf-8'); } catch { continue; }
+
+      const lines = source.split('\n');
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of apiPatterns) {
+          pattern.lastIndex = 0;
+          let match;
+          while ((match = pattern.exec(line)) !== null) {
+            const urlPath = match[1];
+            // Try to match against routes
+            const matchedRoute = findMatchingRoute(urlPath, routes);
+            if (matchedRoute) {
+              insertStmt.run(matchedRoute.id, relFile, i + 1, match[0].slice(0, 200));
+              count++;
+            }
+          }
+        }
+      }
+    }
+  })();
+
+  return count;
+}
+
+function walkFrontendFiles(dir: string): string[] {
+  const files: string[] = [];
+  const exclude = ['node_modules', '.next', 'dist', '.git', '__pycache__', '.venv', 'venv'];
+  try {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.isDirectory()) {
+        if (exclude.includes(entry.name)) continue;
+        files.push(...walkFrontendFiles(join(dir, entry.name)));
+      } else if (/\.(tsx?|jsx?)$/.test(entry.name)) {
+        files.push(join(dir, entry.name));
+      }
+    }
+  } catch { /* dir not readable, skip */ }
+  return files;
+}
+
+/**
+ * Match a URL path against route definitions.
+ * Handles path parameters: /api/users/{id} matches /api/users/123
+ */
+/**
+ * Escape special regex characters in a string.
+ */
+function escapeRegex(s: string): string {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+
+function findMatchingRoute(urlPath: string, routes: { id: number; method: string; path: string }[]): { id: number } | null {
+  for (const route of routes) {
+    // Escape regex-special chars in route path, then replace param placeholders
+    const escaped = escapeRegex(route.path);
+    const pattern = escaped.replace(/\\\{[^}]+\\\}/g, '[^/]+');
+    const routeRegex = new RegExp('^' + pattern + '$');
+    if (routeRegex.test(urlPath)) {
+      return { id: route.id };
+    }
+  }
+  return null;
+}

package/src/python/domain-enforcer.ts

@@ -0,0 +1,83 @@
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+import type Database from 'better-sqlite3';
+import { getConfig } from '../config.ts';
+
+export interface DomainViolation {
+  sourceFile: string;
+  sourceDomain: string;
+  targetFile: string;
+  targetDomain: string;
+}
+
+/**
+ * Classify a Python file into its domain based on python.domains config.
+ */
+export function classifyPythonFileDomain(file: string): string {
+  const config = getConfig();
+  const domains = config.python?.domains || [];
+  const pythonRoot = config.python?.root || '';
+
+  let modulePath = file;
+  if (pythonRoot && modulePath.startsWith(pythonRoot + '/')) {
+    modulePath = modulePath.slice(pythonRoot.length + 1);
+  }
+  modulePath = modulePath.replace(/\/__init__\.py$/, '').replace(/\.py$/, '').replace(/\//g, '.');
+
+  for (const domain of domains) {
+    for (const pkg of domain.packages) {
+      if (modulePath.startsWith(pkg) || modulePath === pkg) {
+        return domain.name;
+      }
+    }
+  }
+  return 'Unknown';
+}
+
+/**
+ * Find all cross-domain import violations in the Python import graph.
+ */
+export function findPythonDomainViolations(dataDb: Database.Database): DomainViolation[] {
+  const config = getConfig();
+  const domains = config.python?.domains || [];
+  if (domains.length === 0) return [];
+
+  const imports = dataDb.prepare(
+    'SELECT source_file, target_file FROM massu_py_imports'
+  ).all() as { source_file: string; target_file: string }[];
+
+  const violations: DomainViolation[] = [];
+
+  for (const imp of imports) {
+    const srcDomain = classifyPythonFileDomain(imp.source_file);
+    const tgtDomain = classifyPythonFileDomain(imp.target_file);
+
+    if (srcDomain === tgtDomain || srcDomain === 'Unknown' || tgtDomain === 'Unknown') continue;
+
+    const srcConfig = domains.find(d => d.name === srcDomain);
+    if (srcConfig && !srcConfig.allowed_imports_from.includes(tgtDomain)) {
+      violations.push({
+        sourceFile: imp.source_file,
+        sourceDomain: srcDomain,
+        targetFile: imp.target_file,
+        targetDomain: tgtDomain,
+      });
+    }
+  }
+
+  return violations;
+}
+
+/**
+ * Get all Python files in a specific domain.
+ */
+export function getPythonFilesInDomain(dataDb: Database.Database, domainName: string): string[] {
+  const allFiles = dataDb.prepare(
+    'SELECT DISTINCT source_file as f FROM massu_py_imports UNION SELECT DISTINCT target_file as f FROM massu_py_imports'
+  ).all() as { f: string }[];
+
+  return allFiles
+    .map(row => row.f)
+    .filter(f => classifyPythonFileDomain(f) === domainName);
+}

package/src/python/impact-analyzer.ts

@@ -0,0 +1,95 @@
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+import type Database from 'better-sqlite3';
+import { classifyPythonFileDomain } from './domain-enforcer.ts';
+
+export interface PythonImpactReport {
+  file: string;
+  domain: string;
+  importedBy: string[];
+  routes: { method: string; path: string; functionName: string }[];
+  models: { className: string; tableName: string | null }[];
+  frontendCallers: string[];
+  domainCrossings: { file: string; domain: string }[];
+}
+
+/**
+ * Full impact analysis for a Python file.
+ * Cross-references import graph, routes, models, and frontend coupling.
+ */
+export function analyzePythonImpact(dataDb: Database.Database, file: string): PythonImpactReport {
+  const domain = classifyPythonFileDomain(file);
+
+  // 1. Who imports this file (direct + transitive)
+  const importedBy = collectTransitiveImporters(dataDb, file, 5);
+
+  // 2. Routes defined in this file
+  const routes = dataDb.prepare(
+    'SELECT method, path, function_name FROM massu_py_routes WHERE file = ?'
+  ).all(file) as { method: string; path: string; function_name: string }[];
+
+  // 3. Models defined in this file
+  const models = dataDb.prepare(
+    'SELECT class_name, table_name FROM massu_py_models WHERE file = ?'
+  ).all(file) as { class_name: string; table_name: string | null }[];
+
+  // 4. Frontend callers (via routes in this file)
+  const routeIds = dataDb.prepare('SELECT id FROM massu_py_routes WHERE file = ?').all(file) as { id: number }[];
+  const frontendCallers: string[] = [];
+  if (routeIds.length > 0) {
+    const placeholders = routeIds.map(() => '?').join(',');
+    const callers = dataDb.prepare(
+      `SELECT DISTINCT frontend_file FROM massu_py_route_callers WHERE route_id IN (${placeholders})`
+    ).all(...routeIds.map(r => r.id)) as { frontend_file: string }[];
+    frontendCallers.push(...callers.map(c => c.frontend_file));
+  }
+
+  // 5. Domain crossings
+  const imports = dataDb.prepare(
+    'SELECT target_file FROM massu_py_imports WHERE source_file = ?'
+  ).all(file) as { target_file: string }[];
+
+  const domainCrossings = imports
+    .map(imp => ({ file: imp.target_file, domain: classifyPythonFileDomain(imp.target_file) }))
+    .filter(imp => imp.domain !== domain && imp.domain !== 'Unknown');
+
+  return {
+    file,
+    domain,
+    importedBy,
+    routes: routes.map(r => ({ method: r.method, path: r.path, functionName: r.function_name })),
+    models: models.map(m => ({ className: m.class_name, tableName: m.table_name })),
+    frontendCallers,
+    domainCrossings,
+  };
+}
+
+function collectTransitiveImporters(dataDb: Database.Database, file: string, maxDepth: number): string[] {
+  const visited = new Set<string>();
+  const queue = [file];
+  let depth = 0;
+
+  const importerStmt = dataDb.prepare(
+    'SELECT source_file FROM massu_py_imports WHERE target_file = ?'
+  );
+
+  while (queue.length > 0 && depth < maxDepth) {
+    const batch = [...queue];
+    queue.length = 0;
+    for (const f of batch) {
+      if (visited.has(f)) continue;
+      visited.add(f);
+      const importers = importerStmt.all(f) as { source_file: string }[];
+      for (const imp of importers) {
+        if (!visited.has(imp.source_file)) {
+          queue.push(imp.source_file);
+        }
+      }
+    }
+    depth++;
+  }
+
+  visited.delete(file); // Don't include the file itself
+  return [...visited];
+}