npm - @misterhuydo/cairn-mcp - Versions diffs - 1.6.8 → 1.6.10 - Mend

@misterhuydo/cairn-mcp 1.6.8 → 1.6.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +38 -1
package/index.js +7 -2
package/package.json +1 -1
package/src/indexer/liveIndex.js +51 -0
package/src/indexer/securityScanner.js +2 -2
package/src/tools/checkpoint.js +5 -0
package/src/tools/resume.js +5 -0

package/README.md CHANGED Viewed

@@ -70,12 +70,49 @@ No manual steps. The index lives in `.cairn/index.db` inside your project — li
 | `cairn_resume` | Restore last session + re-index only changed files |
 | `cairn_search` | Find classes, functions, components by name or concept |
 | `cairn_describe` | Summarize what a folder or module does |
-| `cairn_outline` | Project-wide structural outline + heuristic issue detection (god classes, lifecycle gaps, naming inconsistencies, missing tests) |
+| `cairn_outline` | Structural outline + heuristic issue detection. On large federated projects returns a per-service summary; use `repo` param to drill into one service |
 | `cairn_code_graph` | Dependency health — instability, cycles, load-bearing modules |
 | `cairn_security` | Scan for XSS, SQLi, hardcoded secrets, weak crypto, and more |
 | `cairn_todos` | Scan codebase for TODO/FIXME/HACK comments, add manual items, resolve and list them |
 | `cairn_bundle` | Minified source snapshot (auto-handled by hooks) |
 | `cairn_checkpoint` | Save session state (auto-handled by hooks) |
+| `cairn_minify` | Minify a single file on demand (fallback when hooks are not installed) |
+| `cairn_switch` | Switch active project root mid-session (use for maintenance on a sibling service) |
+| `cairn_memo` | Save a preference, decision, or discovery to the project's persistent memory |
+| `cairn_employ_memory` | Recall stored memories explicitly (call only when asked) |
+---
+## Multi-service / monorepo support
+Cairn understands workspace structures where multiple services or packages live under a common parent folder.
+**How it works:**
+- Each service has its own `.cairn/index.db` — it is the authoritative index for that service
+- When `cairn_maintain` runs at the **parent** folder, it skips files already covered by a sub-project and instead federates all sub-indexes via SQLite `ATTACH` — no duplication
+- When a session opens **inside a subfolder** (e.g. `elprint-component-service/`), Cairn automatically discovers and mounts siblings:
+  1. If the parent folder has a `.cairn/index.db` (already initialized) → uses its registry
+  2. Otherwise → scans the parent directory for any sibling folders that already have a `.cairn/index.db`
+The result: every service session has full cross-service visibility for search, outline, and bundle — no manual setup required.
+**Drilling into a service from a federated session:**
+```
+cairn_outline { repo: "elprint-component-service" }   → outline one service
+cairn_search  { query: "PartRepository" }             → searches all services
+```
+**When you need to re-index a sibling service:**
+```
+cairn_switch  { path: "/path/to/elprint-project-service" }
+cairn_maintain
+cairn_switch  { path: "/path/to/elprint-component-service" }
+```
+`cairn_switch` is the explicit escape hatch for maintenance — it changes the active project root so `cairn_maintain` and `cairn_checkpoint` target the right service.
 ---

package/index.js CHANGED Viewed

@@ -17,8 +17,10 @@ import { todos }        from './src/tools/todos.js';
 import { memo }         from './src/tools/memo.js';
 import { switchProject } from './src/tools/switch.js';
 import { employMemory } from './src/tools/employMemory.js';
+import { startBackgroundWatcher, deltaReindex, markFullyIndexed } from './src/indexer/liveIndex.js';
 const db = openDB();
+startBackgroundWatcher(db);
 const server = new Server(
   { name: 'cairn', version: '1.0.0' },
@@ -281,17 +283,20 @@ Use to: get a project-wide bird's-eye view, triage code quality, find where to l
   ],
 }));
+const READ_TOOLS = new Set(['cairn_search', 'cairn_bundle', 'cairn_describe', 'cairn_outline', 'cairn_code_graph', 'cairn_security']);
 server.setRequestHandler(CallToolRequestSchema, async (request) => {
   const { name, arguments: args } = request.params;
+  if (READ_TOOLS.has(name)) await deltaReindex(db);
   switch (name) {
-    case 'cairn_maintain':    return await maintain(db, args);
+    case 'cairn_maintain':    { const r = await maintain(db, args); markFullyIndexed(); return r; }
     case 'cairn_search':      return search(db, args);
     case 'cairn_describe':    return describe(db, args);
     case 'cairn_code_graph':  return codeGraph(db, args);
     case 'cairn_security':    return security(db, args);
     case 'cairn_bundle':      return await bundle(db, args);
     case 'cairn_checkpoint':  return checkpoint(db, args);
-    case 'cairn_resume':      return await resume(db);
+    case 'cairn_resume':      { const r = await resume(db); markFullyIndexed(); return r; }
     case 'cairn_outline':     return outlineProject(db, args);
     case 'cairn_minify':      return minify(db, args);
     case 'cairn_todos':          return await todos(db, args);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/cairn-mcp",
-  "version": "1.6.8",
+  "version": "1.6.10",
   "description": "MCP server that gives Claude Code persistent memory across sessions. Index your codebase once, search symbols, bundle source, scan for vulnerabilities, and checkpoint/resume work — across Java, TypeScript, Vue, Python, SQL and more.",
   "type": "module",
   "main": "index.js",

package/src/indexer/liveIndex.js ADDED Viewed

@@ -0,0 +1,51 @@
+import fs from 'fs';
+import { walkRepo } from './fileWalker.js';
+import { getProjectRoot } from '../graph/cwd.js';
+import { incrementalMaintain } from '../tools/maintain.js';
+let lastIndexedAt = Date.now();
+let reindexing = false;
+/**
+ * Call after cairn_maintain or cairn_resume so the background watcher
+ * doesn't redundantly re-scan files that were just fully indexed.
+ */
+export function markFullyIndexed() {
+  lastIndexedAt = Date.now();
+}
+/**
+ * Scan for files modified since lastIndexedAt and reindex them.
+ * Safe to call concurrently — skips if a run is already in progress.
+ */
+export async function deltaReindex(db) {
+  if (reindexing) return;
+  reindexing = true;
+  const checkFrom = lastIndexedAt;
+  lastIndexedAt = Date.now();
+  try {
+    const allFiles = await walkRepo(getProjectRoot());
+    const stale = [];
+    for (const filePath of allFiles) {
+      try {
+        if (fs.statSync(filePath).mtimeMs > checkFrom) stale.push(filePath);
+      } catch {
+        // deleted or inaccessible — ignore
+      }
+    }
+    if (stale.length > 0) {
+      await incrementalMaintain(db, stale);
+    }
+  } finally {
+    reindexing = false;
+  }
+}
+/**
+ * Start a background interval that keeps the DB in sync with the filesystem.
+ * Uses unref() so the interval won't prevent clean process exit.
+ */
+export function startBackgroundWatcher(db, intervalMs = 30_000) {
+  const timer = setInterval(() => deltaReindex(db), intervalMs);
+  if (timer.unref) timer.unref();
+}

package/src/indexer/securityScanner.js CHANGED Viewed

@@ -8,7 +8,7 @@ export const VULN_PATTERNS = [
   { id: 'CWE-89',  lang: ['java'],                          severity: 'HIGH',
     name: 'SQL Injection',
-    pattern: /"SELECT|INSERT|UPDATE|DELETE.*"\s*\+/i,
+    pattern: /"(SELECT|INSERT|UPDATE|DELETE)\b.*"\s*\+/i,
     fix: 'Use PreparedStatement with parameterized queries' },
   { id: 'CWE-326', lang: ['java'],                          severity: 'HIGH',
@@ -34,7 +34,7 @@ export const VULN_PATTERNS = [
   { id: 'CWE-89',  lang: ['javascript', 'typescript'],       severity: 'HIGH',
     name: 'SQL Injection (JS)',
-    pattern: /`\s*(SELECT|INSERT|UPDATE|DELETE).*\$\{/i,
+    pattern: /`\s*(SELECT|INSERT|UPDATE|DELETE)\b.*\$\{/i,
     fix: 'Use parameterized queries or an ORM' },
   { id: 'CWE-798', lang: ['javascript', 'typescript', 'vue'], severity: 'HIGH',

package/src/tools/checkpoint.js CHANGED Viewed

@@ -3,6 +3,11 @@ import path from 'path';
 import { getCairnDir } from '../graph/cwd.js';
 export function checkpoint(_db, { message, active_files = [], notes = [] }) {
+  // Coerce notes to array in case the caller passed a pre-serialized JSON string
+  if (typeof notes === 'string') {
+    try { notes = JSON.parse(notes); } catch { notes = notes ? [notes] : []; }
+  }
+  if (!Array.isArray(notes)) notes = [];
   const cairnDir = getCairnDir();
   const sessionPath = path.join(cairnDir, 'session.json');

package/src/tools/resume.js CHANGED Viewed

@@ -31,6 +31,11 @@ export async function resume(db) {
   }
   const session = JSON.parse(fs.readFileSync(sessionPath, 'utf8'));
+  // Guard against double-serialized notes (stored as JSON string instead of array)
+  if (typeof session.notes === 'string') {
+    try { session.notes = JSON.parse(session.notes); } catch { session.notes = []; }
+  }
+  if (!Array.isArray(session.notes)) session.notes = [];
   // Detect and auto-repair project relocation before any path comparisons
   let relocation = null;