@oomkapwn/enquire-mcp 3.7.11 → 3.7.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (176) hide show
  1. package/CHANGELOG.md +105 -0
  2. package/README.md +5 -5
  3. package/dist/bases.d.ts +14 -0
  4. package/dist/bases.d.ts.map +1 -1
  5. package/dist/bases.js +34 -4
  6. package/dist/bases.js.map +1 -1
  7. package/dist/http-transport.d.ts +29 -0
  8. package/dist/http-transport.d.ts.map +1 -1
  9. package/dist/http-transport.js +68 -1
  10. package/dist/http-transport.js.map +1 -1
  11. package/dist/index.d.ts +1 -1
  12. package/dist/index.js +1 -1
  13. package/dist/pdf.d.ts +22 -1
  14. package/dist/pdf.d.ts.map +1 -1
  15. package/dist/pdf.js +9 -2
  16. package/dist/pdf.js.map +1 -1
  17. package/dist/tool-registry.d.ts.map +1 -1
  18. package/dist/tool-registry.js +26 -1
  19. package/dist/tool-registry.js.map +1 -1
  20. package/dist/tools/media.d.ts.map +1 -1
  21. package/dist/tools/media.js +20 -7
  22. package/dist/tools/media.js.map +1 -1
  23. package/dist/tools/search.d.ts.map +1 -1
  24. package/dist/tools/search.js +12 -1
  25. package/dist/tools/search.js.map +1 -1
  26. package/dist/tools/write.d.ts.map +1 -1
  27. package/dist/tools/write.js +46 -10
  28. package/dist/tools/write.js.map +1 -1
  29. package/dist/tools.d.ts +980 -0
  30. package/dist/tools.d.ts.map +1 -0
  31. package/dist/tools.js +3132 -0
  32. package/dist/tools.js.map +1 -0
  33. package/dist/vault.d.ts.map +1 -1
  34. package/dist/vault.js +38 -14
  35. package/dist/vault.js.map +1 -1
  36. package/docs/COMPARISON.md +1 -1
  37. package/docs/QUICKSTART.md +3 -3
  38. package/docs/api-reference/.nojekyll +1 -0
  39. package/docs/api-reference/assets/hierarchy.js +1 -0
  40. package/docs/api-reference/assets/highlight.css +71 -0
  41. package/docs/api-reference/assets/icons.js +18 -0
  42. package/docs/api-reference/assets/icons.svg +1 -0
  43. package/docs/api-reference/assets/main.js +60 -0
  44. package/docs/api-reference/assets/navigation.js +1 -0
  45. package/docs/api-reference/assets/search.js +1 -0
  46. package/docs/api-reference/assets/style.css +1633 -0
  47. package/docs/api-reference/functions/index.buildEmbedText.html +15 -0
  48. package/docs/api-reference/functions/index.buildMcpServer.html +4 -0
  49. package/docs/api-reference/functions/index.formatReadyBanner.html +4 -0
  50. package/docs/api-reference/functions/index.main.html +1 -0
  51. package/docs/api-reference/functions/index.parsePositiveInt.html +1 -0
  52. package/docs/api-reference/functions/index.parseQuantizationMode.html +5 -0
  53. package/docs/api-reference/functions/index.prepareServerDeps.html +5 -0
  54. package/docs/api-reference/functions/index.startServer.html +1 -0
  55. package/docs/api-reference/functions/tools.appendToNote.html +17 -0
  56. package/docs/api-reference/functions/tools.archiveNote.html +15 -0
  57. package/docs/api-reference/functions/tools.assertHnswModelMatchesEmbedder.html +13 -0
  58. package/docs/api-reference/functions/tools.chatThreadAppend.html +22 -0
  59. package/docs/api-reference/functions/tools.chatThreadRead.html +16 -0
  60. package/docs/api-reference/functions/tools.contextPack.html +21 -0
  61. package/docs/api-reference/functions/tools.createNote.html +19 -0
  62. package/docs/api-reference/functions/tools.dataviewQuery.html +16 -0
  63. package/docs/api-reference/functions/tools.embeddingsSearch.html +40 -0
  64. package/docs/api-reference/functions/tools.findPath.html +23 -0
  65. package/docs/api-reference/functions/tools.findSimilar.html +21 -0
  66. package/docs/api-reference/functions/tools.frontmatterGet.html +15 -0
  67. package/docs/api-reference/functions/tools.frontmatterSearch.html +16 -0
  68. package/docs/api-reference/functions/tools.frontmatterSet.html +19 -0
  69. package/docs/api-reference/functions/tools.getBacklinks.html +15 -0
  70. package/docs/api-reference/functions/tools.getNoteNeighbors.html +16 -0
  71. package/docs/api-reference/functions/tools.getOpenQuestions.html +19 -0
  72. package/docs/api-reference/functions/tools.getOutboundLinks.html +16 -0
  73. package/docs/api-reference/functions/tools.getRecentEdits.html +14 -0
  74. package/docs/api-reference/functions/tools.getUnresolvedWikilinks.html +14 -0
  75. package/docs/api-reference/functions/tools.getVaultStats.html +13 -0
  76. package/docs/api-reference/functions/tools.lintWiki.html +20 -0
  77. package/docs/api-reference/functions/tools.listCanvases.html +16 -0
  78. package/docs/api-reference/functions/tools.listNotes.html +19 -0
  79. package/docs/api-reference/functions/tools.listPdfs.html +15 -0
  80. package/docs/api-reference/functions/tools.listTags.html +14 -0
  81. package/docs/api-reference/functions/tools.ocrPdf.html +18 -0
  82. package/docs/api-reference/functions/tools.openInUi.html +17 -0
  83. package/docs/api-reference/functions/tools.paperAudit.html +16 -0
  84. package/docs/api-reference/functions/tools.pickEmbedTextForHyde.html +8 -0
  85. package/docs/api-reference/functions/tools.readCanvas.html +19 -0
  86. package/docs/api-reference/functions/tools.readNote.html +20 -0
  87. package/docs/api-reference/functions/tools.readPdf.html +18 -0
  88. package/docs/api-reference/functions/tools.renameNote.html +24 -0
  89. package/docs/api-reference/functions/tools.replaceInNotes.html +20 -0
  90. package/docs/api-reference/functions/tools.resolveTarget.html +24 -0
  91. package/docs/api-reference/functions/tools.resolveWikilink.html +20 -0
  92. package/docs/api-reference/functions/tools.searchHybrid.html +62 -0
  93. package/docs/api-reference/functions/tools.searchText.html +19 -0
  94. package/docs/api-reference/functions/tools.semanticSearch.html +19 -0
  95. package/docs/api-reference/functions/tools.validateNoteProposal.html +19 -0
  96. package/docs/api-reference/hierarchy.html +1 -0
  97. package/docs/api-reference/index.html +1 -0
  98. package/docs/api-reference/interfaces/index.ServeOptions.html +74 -0
  99. package/docs/api-reference/interfaces/index.ServerDeps.html +27 -0
  100. package/docs/api-reference/interfaces/tool-manifest.ToolManifestEntry.html +33 -0
  101. package/docs/api-reference/interfaces/tools.ArchiveNoteArgs.html +12 -0
  102. package/docs/api-reference/interfaces/tools.BacklinkHit.html +15 -0
  103. package/docs/api-reference/interfaces/tools.CanvasEdge.html +19 -0
  104. package/docs/api-reference/interfaces/tools.CanvasSummary.html +16 -0
  105. package/docs/api-reference/interfaces/tools.ChatThreadAppendArgs.html +10 -0
  106. package/docs/api-reference/interfaces/tools.ChatThreadMessage.html +14 -0
  107. package/docs/api-reference/interfaces/tools.ChatThreadReadResult.html +10 -0
  108. package/docs/api-reference/interfaces/tools.ContextPackArgs.html +12 -0
  109. package/docs/api-reference/interfaces/tools.ContextPackResult.html +20 -0
  110. package/docs/api-reference/interfaces/tools.EmbedHit.html +21 -0
  111. package/docs/api-reference/interfaces/tools.EmbedSearchResponse.html +14 -0
  112. package/docs/api-reference/interfaces/tools.FindPathResult.html +17 -0
  113. package/docs/api-reference/interfaces/tools.FrontmatterSearchArgs.html +20 -0
  114. package/docs/api-reference/interfaces/tools.FrontmatterSetArgs.html +13 -0
  115. package/docs/api-reference/interfaces/tools.HnswSearchContext.html +21 -0
  116. package/docs/api-reference/interfaces/tools.LintWikiArgs.html +14 -0
  117. package/docs/api-reference/interfaces/tools.LintWikiFinding.html +14 -0
  118. package/docs/api-reference/interfaces/tools.LintWikiResult.html +9 -0
  119. package/docs/api-reference/interfaces/tools.NoteNeighbors.html +17 -0
  120. package/docs/api-reference/interfaces/tools.NoteReadFull.html +20 -0
  121. package/docs/api-reference/interfaces/tools.NoteReadMap.html +25 -0
  122. package/docs/api-reference/interfaces/tools.NoteSummary.html +14 -0
  123. package/docs/api-reference/interfaces/tools.OcrPdfArgs.html +16 -0
  124. package/docs/api-reference/interfaces/tools.OcrPdfPage.html +15 -0
  125. package/docs/api-reference/interfaces/tools.OcrPdfResult.html +18 -0
  126. package/docs/api-reference/interfaces/tools.OpenInUiResult.html +11 -0
  127. package/docs/api-reference/interfaces/tools.OpenQuestion.html +20 -0
  128. package/docs/api-reference/interfaces/tools.OutboundLink.html +20 -0
  129. package/docs/api-reference/interfaces/tools.PaperAuditFinding.html +17 -0
  130. package/docs/api-reference/interfaces/tools.PathStep.html +9 -0
  131. package/docs/api-reference/interfaces/tools.PdfSummary.html +9 -0
  132. package/docs/api-reference/interfaces/tools.ReadCanvasResult.html +15 -0
  133. package/docs/api-reference/interfaces/tools.ReadPdfArgs.html +8 -0
  134. package/docs/api-reference/interfaces/tools.ReadPdfPage.html +13 -0
  135. package/docs/api-reference/interfaces/tools.ReadPdfResult.html +18 -0
  136. package/docs/api-reference/interfaces/tools.RenameNoteResult.html +14 -0
  137. package/docs/api-reference/interfaces/tools.RenameProposal.html +13 -0
  138. package/docs/api-reference/interfaces/tools.ReplaceInNotesArgs.html +15 -0
  139. package/docs/api-reference/interfaces/tools.ReplaceInNotesFileResult.html +6 -0
  140. package/docs/api-reference/interfaces/tools.ReplaceInNotesResult.html +21 -0
  141. package/docs/api-reference/interfaces/tools.SearchHit.html +16 -0
  142. package/docs/api-reference/interfaces/tools.SearchHybridHit.html +30 -0
  143. package/docs/api-reference/interfaces/tools.SearchHybridResponse.html +23 -0
  144. package/docs/api-reference/interfaces/tools.SearchResponse.html +13 -0
  145. package/docs/api-reference/interfaces/tools.SemanticHit.html +15 -0
  146. package/docs/api-reference/interfaces/tools.SimilarNote.html +15 -0
  147. package/docs/api-reference/interfaces/tools.TagSummary.html +13 -0
  148. package/docs/api-reference/interfaces/tools.UnresolvedWikilink.html +22 -0
  149. package/docs/api-reference/interfaces/tools.ValidateProposalArgs.html +10 -0
  150. package/docs/api-reference/interfaces/tools.ValidateProposalResult.html +14 -0
  151. package/docs/api-reference/interfaces/tools.VaultStats.html +26 -0
  152. package/docs/api-reference/modules/index.html +1 -0
  153. package/docs/api-reference/modules/tool-manifest.html +1 -0
  154. package/docs/api-reference/modules/tools.html +1 -0
  155. package/docs/api-reference/types/tools.CanvasNode.html +7 -0
  156. package/docs/api-reference/types/tools.SearchMode.html +7 -0
  157. package/docs/api-reference/variables/index.VERSION.html +9 -0
  158. package/docs/api-reference/variables/tool-manifest.TOOL_MANIFEST.html +1 -0
  159. package/docs/api.md +1 -1
  160. package/docs/benchmarks.md +16 -9
  161. package/docs/http-transport.md +12 -4
  162. package/package.json +13 -4
  163. package/docs/audits/findings/L1-code-quality.md +0 -213
  164. package/docs/audits/findings/L2-architecture.md +0 -245
  165. package/docs/audits/findings/L3-tests.md +0 -339
  166. package/docs/audits/findings/L4-cicd.md +0 -290
  167. package/docs/audits/findings/L5-security.md +0 -350
  168. package/docs/audits/findings/L6-documentation.md +0 -347
  169. package/docs/audits/findings/L7-operational.md +0 -50
  170. package/docs/audits/findings/L8-reproducibility.md +0 -64
  171. package/docs/audits/findings/L9-process.md +0 -84
  172. package/docs/audits/findings/baseline.json +0 -19
  173. package/docs/audits/v3.6.0-external-anonymous-audit.md +0 -163
  174. package/docs/audits/v3.6.0-final-audit.md +0 -171
  175. package/docs/audits/v3.6.0-rc.4-rootcause.md +0 -134
  176. package/docs/audits/v3.6.0-system-audit-plan.md +0 -199
package/docs/audits/v3.6.0-system-audit-plan.md DELETED
@@ -1,199 +0,0 @@
1
- # v3.6.0 — Full-System Audit Plan
2
-
3
- **Status**: scheduled for execution **after v3.6.0 stable is shipped** (`npm view @oomkapwn/enquire-mcp dist-tags` shows `latest = 3.6.0` and the GH release "v3.6.0" is marked Latest).
4
-
5
- **Estimated effort**: ~12 hours of audit work, ~3 hours wall-clock with 7 parallel sub-agents.
6
-
7
- **Trigger condition**:
8
- ```bash
9
- [ "$(npm view @oomkapwn/enquire-mcp version)" = "3.6.0" ] && \
10
- [ "$(gh release view --repo oomkapwn/enquire-mcp --json isLatest --jq '.isLatest')" = "true" ]
11
- ```
12
-
13
- ## Why this audit
14
-
15
- By the time we ship v3.6.0 stable, the project has been through 5 external audits (Mavis ×2, MiniMax, plus 2 internal self-audits) and 15+ patch releases. Each audit has been **per-RC** — it caught drift in the surfaces it touched, but didn't sweep the whole system.
16
-
17
- The full-system audit closes that gap: every surface, every workflow, every doc, every script verified against reality in one coordinated pass.
18
-
19
- ## Scope — 9 layers
20
-
21
- | # | Layer | Owner | Output |
22
- |---|---|---|---|
23
- | L1 | Code quality | Sub-agent C1 | `docs/audits/v3.6.0-L1-code.md` |
24
- | L2 | Architecture | Sub-agent C2 | `docs/audits/v3.6.0-L2-arch.md` |
25
- | L3 | Tests & coverage | Sub-agent C3 | `docs/audits/v3.6.0-L3-tests.md` |
26
- | L4 | CI/CD pipeline | Sub-agent C4 | `docs/audits/v3.6.0-L4-cicd.md` |
27
- | L5 | Security | Sub-agent C5 | `docs/audits/v3.6.0-L5-security.md` |
28
- | L6 | Documentation | Sub-agent C6 | `docs/audits/v3.6.0-L6-docs.md` |
29
- | L7 | Operational | Self | `docs/audits/v3.6.0-L7-ops.md` |
30
- | L8 | Reproducibility | Sub-agent C7 (clean clone) | `docs/audits/v3.6.0-L8-repro.md` |
31
- | L9 | Process audit | Self | `docs/audits/v3.6.0-L9-process.md` |
32
-
33
- ### L1 — Code quality (Sub-agent C1)
34
-
35
- For every file under `src/`:
36
- - TSDoc present on every public export (44 tools + 19 prompts + ~30 types/interfaces + ~20 modules)
37
- - `@param` / `@returns` / `@throws` complete
38
- - Error paths handled (no silent `try { } catch {}` swallowing)
39
- - No `any` types in public signatures
40
- - No commented-out dead code (`// TODO` / `// FIXME` OK; commented imports/blocks BAD)
41
- - Internal helpers properly marked `@internal`
42
-
43
- For every file under `tests/`:
44
- - Each test name is specific (not "test 1", "should work")
45
- - Edge cases covered: empty input, malformed input, oversized input, concurrent access
46
- - Error paths exercised (assert thrown error type + message)
47
- - No `.skip` / `.todo` left without context comment
48
- - Fixtures don't drift from production schemas
49
-
50
- Output: severity-graded list of findings + suggested class fixes.
51
-
52
- ### L2 — Architecture (Sub-agent C2)
53
-
54
- - **Module dependency graph**: generate via `madge --image deps.svg` or similar. Confirm no unexpected cycles.
55
- - **`package.json#exports` correctness**: every listed sub-path resolves; every type points at correct `.d.ts`; no broken paths.
56
- - **TOOL_MANIFEST vs reality**: 44 entries; every `name` matches a `registerTool()` call in `src/tool-registry.ts`; every `kind` matches the registration context; no orphans either direction.
57
- - **PROMPT** (no manifest yet — possible v3.7 work): every `registerPrompt()` in `src/prompts.ts` is documented in README + STABILITY.
58
- - **CLI flag → behavior mapping**: every `program.command(X).option(Y)` in `src/cli.ts` has a documented behavior in `docs/api.md`.
59
- - **Configuration surface stability**: every option in `ServeOptions` interface (`src/server.ts`) maps to a CLI flag.
60
-
61
- ### L3 — Tests & coverage (Sub-agent C3)
62
-
63
- - **Test count**: 713+ (whatever the actual count at v3.6.0 stable). Verify across README + package.json + SVG + CHANGELOG agreement.
64
- - **Per-file coverage**: regenerate via `npm run test:coverage`. Identify files below 85% lines, 75% branches, 80% functions. Per-file list of uncovered branches with line numbers.
65
- - **Flake detection**: run `npm test` 3 times in fresh processes. Any non-deterministic results = flake. Identify which tests.
66
- - **Snapshot integrity**: any snapshot files in `tests/__snapshots__/` (if any) — regenerate + diff = 0.
67
- - **Fixture freshness**: `tests/fixtures/*` — compare against current schema definitions (Zod schemas in src/) for any drift.
68
- - **Coverage threshold safety margin**: `vitest.config.ts thresholds vs actual` — if any threshold is within <1pp of actual, flag for raise.
69
-
70
- ### L4 — CI/CD pipeline (Sub-agent C4)
71
-
72
- - **`.github/workflows/ci.yml`**: trigger events correct, permissions minimal, action versions current (`actions/checkout@v6` etc.), Node matrix matches `engines` + reality.
73
- - **`.github/workflows/release.yml`**: SHA-on-main verification still functional, REQUIRED contexts match branch protection, npm publish step uses `--provenance --access public`, dist-tag derivation regex matches every version pattern we've used.
74
- - **`.github/workflows/publish-docs.yml`**: GH Pages permissions (`pages: write` + `id-token: write`), no over-broad permissions, OIDC flow correct, concurrency rules sensible.
75
- - **`.github/workflows/dist-tag-cleanup.yml`** (if exists): triggers, permissions.
76
- - **Branch protection vs ruleset alignment**: query both APIs, confirm same 7 required checks listed in both.
77
- - **GitHub Actions runner usage**: any deprecation warnings in recent runs? (e.g. `set-output` deprecated.)
78
-
79
- ### L5 — Security (Sub-agent C5)
80
-
81
- - **CodeQL**: `0 open` confirmed, each dismissed alert has a `dismissed_comment` that's still accurate.
82
- - **Dependabot**: `0 open`. Check the upgrade policy is reasonable (not auto-merging without CI).
83
- - **npm audit**: `--audit-level=moderate` for prod + `--audit-level=high` for dev. Zero findings expected.
84
- - **SLSA-3 provenance**: confirm latest `npm publish` actually emitted provenance attestation. `npm view <pkg>@latest --json | jq '.dist'` should show `attestations` field.
85
- - **Bearer auth**: confirm `timingSafeEqual` is used in `src/http-transport.ts`. No string `===` comparison anywhere.
86
- - **Path traversal**: every `vault.readFile` / `vault.writeFile` callsite uses `resolveInside()` first. Grep for `fs.readFile` / `fs.writeFile` direct calls that bypass `Vault` class.
87
- - **Privacy filters**: `--exclude-glob` + `--read-paths` applied at FTS5 indexing, at embeddings build, at every search result filter, at chunker output.
88
- - **Cache permissions**: `chmod 0600` for cache files, `chmod 0700` for parent dirs — verify in `src/embed-db.ts`, `src/fts5.ts`.
89
-
90
- ### L6 — Documentation (Sub-agent C6)
91
-
92
- For each markdown file in `docs/` + root-level `*.md`:
93
- - Every link → 200 OK (no 404s on github.com / npmjs.com URLs)
94
- - Every command snippet → runs without error against the actual project
95
- - Every claim about "we do X" → verifiable via `grep` in src/
96
- - Every claim about "we don't do Y" → no contradicting code
97
-
98
- Specific checks:
99
- - **README.md**: 44 tools count, 19 prompts count, 713 tests count, branches ≥74% claim, all alive
100
- - **CHANGELOG.md**: every entry has TL;DR blockquote (per v3.5.14+ convention), every coverage stat within 0.5pp (per `check-changelog-coverage.mjs`)
101
- - **STABILITY.md**: every listed export still exists in src/, every file path still correct after rc.2 split
102
- - **docs/api.md**: 44/44 tool sections present, first-paragraph counts match, write-tool-count word matches
103
- - **docs/COMPARISON.md**: dated 2026-05-13 — auditor verifies alternatives haven't materially changed; if cyanheads/etc. shipped new features, note them
104
- - **docs/QUICKSTART.md**: `enquire-mcp serve --vault <path>` example actually works on the synthetic vault
105
- - **docs/benchmarks.md**: numbers reproducible via `npm run bench:retrieval`
106
- - **docs/api-reference/** (TypeDoc): every function page renders, no broken `@link` annotations
107
- - **CLAUDE.md**: goal still accurate post-v3.6.0; non-goals still apply; anti-patterns still relevant
108
-
109
- ### L7 — Operational (Self)
110
-
111
- - **Daily-check launchd**: `launchctl list | grep enquire` — loaded, no errors in stderr.log
112
- - **Daily-check history**: `~/.local/share/enquire-mcp-monitor/history/*.md` — last 7 days present, all parseable, no 5xx errors
113
- - **Log retention**: 30 days as designed — verify `find ... -mtime +30` cleanup actually runs
114
- - **npm token rotation**: token < 60 days old, no upcoming expiry
115
- - **All git tags reachable from main**: `git tag --merged main | wc -l` matches `git tag | wc -l`
116
- - **npm registry hygiene**: every published version still installable
117
- - **GH releases hygiene**: every tag has a corresponding GH release, every release has notes
118
-
119
- ### L8 — Reproducibility (Sub-agent C7, clean clone)
120
-
121
- Sub-agent gets a fresh clone in an isolated worktree:
122
- ```bash
123
- git worktree add /tmp/audit-repro main
124
- cd /tmp/audit-repro
125
- npm ci
126
- npm test
127
- npm run lint
128
- npm run build
129
- npm run test:coverage
130
- npm run check:changelog-coverage
131
- npm run docs:api
132
- npm run bench:retrieval
133
- # Also: smoke test with synthetic vault
134
- VAULT=$(node scripts/synthetic-vault.mjs)
135
- node scripts/smoke.mjs "$VAULT"
136
- node scripts/smoke.mjs "$VAULT" --with-fts
137
- ```
138
- Any step that fails on a clean clone = HIGH severity finding.
139
-
140
- ### L9 — Process audit (Self)
141
-
142
- - **CLAUDE.md goal compliance**: re-read goal, verify every requirement met
143
- - **Anti-pattern compliance**: no big-bang refactor, no copy-paste coverage stats, no hardcoded paths, no dismissed-without-reasoning auditor recs
144
- - **Per-RC quality gates**: every rc (rc.1 → rc.4 → stable) had all 10 quality bar items green at merge time
145
- - **Method note discipline**: every CHANGELOG entry from v3.5.9 onward has a method note section
146
- - **External audit response**: every external audit finding has a documented response (fixed / rejected with reasoning / deferred with rationale)
147
-
148
- ## Severity grading
149
-
150
- - **Critical**: blocks production use (security, data loss, broken install)
151
- - **High**: ship blocker for the next release (must-fix before v3.6.1)
152
- - **Medium**: fix in v3.6.2 (improves quality but not critical)
153
- - **Low**: backlog or reject with reasoning
154
- - **Info**: notable but not actionable
155
-
156
- ## Class identification
157
-
158
- For each finding, identify:
159
- 1. **Class**: the underlying pattern (e.g., "hardcoded paths to internal files", "drift between docs and code")
160
- 2. **Other instances**: grep for the same class elsewhere — fix them all in one pass
161
- 3. **Class fix**: prevent the class going forward (invariant, gate, lint rule)
162
- 4. **Per-instance backfill**: fix each existing instance
163
-
164
- ## Failure handling
165
-
166
- - **During audit**: don't stop on findings, complete the layer + report
167
- - **Critical found**: pause Phase D, ship the fix as v3.6.1 emergency patch, then resume
168
- - **High found**: ship as v3.6.1 normal patch, batch with other Highs
169
- - **Medium found**: batch into v3.6.2
170
-
171
- ## Sign-off criteria
172
-
173
- After Phase D fixes shipped:
174
- 1. Every Critical resolved
175
- 2. Every High resolved
176
- 3. Medium acknowledged + scheduled or rejected with reasoning
177
- 4. Daily-check shows clean state for 7 consecutive days
178
- 5. External re-audit (if requested) returns ≥4.8/5.0
179
-
180
- ## Outputs
181
-
182
- - `docs/audits/v3.6.0-final-audit.md` — synthesized report, public
183
- - `docs/audits/v3.6.0-L<N>-*.md` — per-layer raw findings (kept for traceability)
184
- - `~/.claude/projects/.../memory/method_full_system_audit.md` — methodology note for future repeats
185
- - v3.6.1+ release(s) — class fixes shipped
186
-
187
- ## Twitter announcement (if verdict ≥ 4.8/5)
188
-
189
- ```
190
- v3.6.0 enquire-mcp shipped — passed a 9-layer comprehensive system audit:
191
- - 44 tools fully TSDoc'd → public API reference at github.io
192
- - 713 tests, branches 75%+
193
- - 5 external audits passed clean
194
- - public benchmarks (MRR / NDCG@10 / Recall@10) published
195
-
196
- still the only Obsidian MCP with hybrid retrieval + BGE rerank + Bases. MIT. SLSA-3.
197
-
198
- github.com/oomkapwn/enquire-mcp
199
- ```