@oomkapwn/enquire-mcp 3.9.0-rc.21 → 3.9.0-rc.23

package/CHANGELOG.md

@@ -2,6 +2,66 @@
 
 All notable changes to this project will be documented here. The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and the project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.9.0-rc.23] — 2026-05-29
+
+> **TL;DR:** **Test-infra rigor (full-audit batch 3/3 — closes the audit).** The test auditor found the project's structural-enforcement apparatus was weaker than CLAUDE.md claimed: (HIGH) the META-invariant — the enforcer of the "every invariant has a NEGATIVE control" rule — passed if the token `NEGATIVE` appeared **anywhere, including a TODO comment** (reproduced), and its `*-invariant.test.ts` glob **silently excluded** real structural invariants (`no-internal-imports`, `lint`) and even itself; (MED) `security.test.ts` + `fts5.test.ts` had silent `return`-skips (the exact T1 anti-pattern rc.8 fixed) on security surfaces with no CI-GUARD; (LOW) `vault.ts` — the most security-critical module — had **no per-file coverage floor**, and `ocr.ts` floored only branches while its line coverage rotted to 44%. All closed. **1002 tests** (+5).
+
+**Patch — test-infrastructure rigor (full-audit batch 3/3). Tests/scripts only; no `src/` runtime change.**
+
+### Fixed
+
+- **META-invariant comment-bypass (HIGH).** `checkInvariantHasNegativeCoverage` accepted the `NEGATIVE`/`negative-control` token **anywhere in the file** — so `// TODO: add a negative-control later` + a vacuous test satisfied the rule (reproduced by the auditor). Path (a) now requires the token inside an actual **test declaration** (`it`/`test`/`describe` title) — a real inline negative control; a bare comment no longer counts. Files whose coverage lives in siblings or that delegate to a tool use the explicit `META-INVARIANT-EXEMPT` marker (path b).
+- **META-invariant glob-miss (HIGH).** The scan only walked `tests/*-invariant.test.ts`, silently excluding real structural invariants (`no-internal-imports.test.ts`, `lint.test.ts`) and the meta file itself — a dev could dodge the rule by filename. The scan now also covers a curated `EXTRA_STRUCTURAL_FILES` set (`docs-consistency`, `cli-parity`, `lint`, `no-internal-imports`, `meta-invariant-coverage`). `no-internal-imports` got a **real inline NEGATIVE control** (extracted a pure `restrictedImportViolations` matcher; a synthetic restricted-import is flagged, an allowed one isn't); `lint` + `k1-class` carry `META-INVARIANT-EXEMPT` markers (delegation-to-biome / sibling-coverage).
+- **Silent-skip security surfaces (MED).** `security.test.ts` (symlink-escape privacy) + `fts5.test.ts` (FTS5 injection-escaping) `return`ed silently with zero assertions when their precondition (symlink support / better-sqlite3) was absent — green-passing a security surface. Added **CI-GUARD tripwires** (fail loud in CI if the precondition vanishes) + converted the 3 `security.test.ts` symlink skips to visible `ctx.skip()`. Also added a CI-GUARD to `e2e-handlers.test.ts` (the 401-no-bearer auth E2E). Same fix as rc.8's T1.
+- **Per-file FLOORS gaps (LOW).** Added `src/vault.ts` (`branches: 75`; actual 78.03%) — the most security-critical module (path-traversal/symlink/privacy), previously the lone critical module with no per-file gate. Added an `ocr.ts` `lines: 40` floor (actual 44.44%) so the #16 offline-enforcement surface's line coverage can't silently rot under a branches-only floor.
+
+### Tests (1002, +5)
+
++1 META-invariant self-test proving the comment/TODO-only bypass is now **rejected** (positive: the EXEMPT path still works); +1 `no-internal-imports` NEGATIVE control; +3 CI-GUARD tripwires (`security`, `fts5`, `e2e-handlers`).
+
+### Files changed
+
+- `tests/meta-invariant-coverage.test.ts` (tightened path-a check + broadened scan + bypass-rejected self-test), `tests/no-internal-imports.test.ts` (pure matcher + NEGATIVE control), `tests/lint.test.ts` + `tests/k1-class-invariant.test.ts` (EXEMPT markers), `tests/security.test.ts` (CI-GUARD + 3 `ctx.skip()`), `tests/fts5.test.ts` + `tests/e2e-handlers.test.ts` (CI-GUARDs), `scripts/check-per-file-coverage.mjs` (vault.ts + ocr.ts floors).
+- version bump 3.9.0-rc.22 → 3.9.0-rc.23 (7 surfaces); test count 997 → 1002.
+
+### Full-audit closure
+
+This completes the 3-batch response to the multi-agent state-driven audit: **rc.21** (security — verified ReDoS), **rc.22** (docs drift + structural guards), **rc.23** (test-infra rigor). The automated 10-gate baseline was clean throughout; the `src/` runtime audited exceptionally clean (the only `src/` finding was the rc.21 ReDoS). Net: 4 HIGH + 1 security-MED + several LOW closed, each with a structural defense where one was missing.
+
+---
+
+## [3.9.0-rc.22] — 2026-05-29
+
+> **TL;DR:** **Docs-drift + structural guards (full-audit batch 2/3).** The docs auditor found 2 claim-vs-reality drifts the gates didn't catch: (HIGH) `STABILITY.md` stated the `--reranker-model` default alias is `rerank-multilingual` — but the code default is `rerank-bge` (the **3rd instance** of the exact α-class drift fixed in rc.15 TSDoc + rc.16 CLI help, now in a *packaged semver-contract doc*); (MED) `ROADMAP.md` said "**8** state-driven OIA drift checks" when the canonical count is **10** (Check 9 rc.14, Check 10 rc.20). Both fixed AND each gets a structural guard in `tests/docs-consistency.test.ts` so the class can't recur. **997 tests** (+2 docs-consistency guards).
+
+**Patch — docs-drift + structural defense (full-audit batch 2/3). Docs/tests only.**
+
+### Fixed
+
+- **`STABILITY.md` reranker default α-drift (HIGH).** The "Default models" bullet named `rerank-multilingual` as the `--reranker-model` default; `src/embeddings.ts` defines `DEFAULT_RERANKER_ALIAS = "rerank-bge"` (`rerank-multilingual` is a *valid* catalog alias but NOT the default). Same drift rc.15 fixed in `loadReranker`'s TSDoc and rc.16 in the CLI `--enable-reranker` help — this 3rd instance lived on the packaged semver-contract doc. → `rerank-bge`.
+- **`ROADMAP.md` OIA-check undercount (MED).** "8 state-driven OIA drift checks" → **10** (the lone count straggler; AGENTS/CLAUDE/CHANGELOG were already correct).
+
+### Changed (structural defenses — close both classes)
+
+- **`tests/docs-consistency.test.ts` (+2 invariants):**
+  - **reranker-default α-guard** — reads `DEFAULT_RERANKER_ALIAS` from `src/embeddings.ts` and asserts STABILITY's "Default models" bullet names it AND does not present `rerank-multilingual` as the default. Pins the 3rd-instance class structurally.
+  - **OIA-count consistency** — derives the canonical count from `scripts/oia-walk.mjs`'s self-declared `canonical count is "N"` (cross-checked it's ≥10) and asserts every count-stating surface (`AGENTS.md` ×2, `ROADMAP.md`) matches it — so adding an OIA check forces a docs sync.
+
+### Tests (997)
+
++2 `it()` in `tests/docs-consistency.test.ts` (the two guards above). Test count 995 → 997 across surfaces.
+
+### Files changed
+
+- `STABILITY.md` (reranker default → rerank-bge), `ROADMAP.md` (OIA 8→10 + test-count 997), `tests/docs-consistency.test.ts` (+2 guards), test-count surfaces (README/COMPARISON/llms.txt/AGENTS/package.json) → 997.
+- version bump 3.9.0-rc.21 → 3.9.0-rc.22 (7 surfaces).
+
+### Deferred to rc.23 (same audit, batch 3/3)
+
+Test-infra rigor: meta-invariant comment-bypass + glob-miss (HIGH×2), silent-`return`→`ctx.skip()`+CI-GUARD propagation (security.test.ts/fts5.test.ts), `vault.ts`/`ocr.ts` per-file FLOORS.
+
+---
+
 ## [3.9.0-rc.21] — 2026-05-29
 
 > **TL;DR:** **Security — close a verified ReDoS hole the rc.9 guard missed (full-audit response, batch 1/3).** A fresh multi-agent state-driven audit (code + docs + tests, all green on the 10-gate baseline) reproduced ONE genuine exploit: `obsidian_open_questions`'s `isCatastrophicRegex` (rc.9) catches *nested* quantifiers (`(a+)+`) but **not overlapping-alternation** (`(a|a)+`) — the auditor hung V8 >8s with a 200-char-cap-legal pattern, and the tool is always-registered, so any bearer-authenticated `serve-http` client could freeze the event loop (remote DoS). The guard now also rejects **unbounded-quantified AMBIGUOUS alternations** via leading-atom overlap analysis — catching `(a|a)+`, `(a|ab)*`, `(.|a)+`, `((a|a))+`, `(a|)+` while keeping DISJOINT ones like `(a|b|c)+` / `(cat|dog)+` accepted (they match linearly) and the unquantified default-pattern alternation unaffected. **995 tests** (+2 integration; +13 detector cases via the existing data-driven loops). **No CRITICAL/HIGH code findings otherwise — the codebase audited exceptionally clean.**

package/README.md

@@ -13,7 +13,7 @@
 [![CI](https://github.com/oomkapwn/enquire-mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/oomkapwn/enquire-mcp/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/@oomkapwn/enquire-mcp.svg?label=npm&color=cb3837)](https://www.npmjs.com/package/@oomkapwn/enquire-mcp)
 [![downloads](https://img.shields.io/npm/dm/@oomkapwn/enquire-mcp.svg?color=cb3837)](https://www.npmjs.com/package/@oomkapwn/enquire-mcp)
-[![tests](https://img.shields.io/badge/tests-995%20passing-brightgreen.svg)](#trust)
+[![tests](https://img.shields.io/badge/tests-1002%20passing-brightgreen.svg)](#trust)
 [![stable](https://img.shields.io/badge/v3.8.x-stable-brightgreen.svg)](./STABILITY.md)
 [![build provenance](https://img.shields.io/badge/build_provenance-SLSA_L2-blue.svg)](https://slsa.dev/spec/v1.0/levels#build-l2)
 [![MCP](https://img.shields.io/badge/MCP-1.29-8A2BE2.svg)](https://modelcontextprotocol.io/)
@@ -38,7 +38,7 @@ Your Obsidian vault becomes **persistent, queryable long-term memory** for any M
 > 2. **Best-in-class retrieval.** Hybrid BM25 + multilingual embeddings + BGE cross-encoder reranker fused via RRF, scaled with HNSW + int8 quantization. The same IR stack a search startup would build — open-sourced, in one binary.
 > 3. **Zero cloud calls during serve.** Models cached locally (one-time download from HuggingFace). Your vault content never leaves your machine. Air-gap-safe by default.
 
-**44 tools · 19 MCP prompts · 995 unit tests · 50+ languages · v3.8.x stable · semver-bound · MIT · npm build provenance (SLSA L2).**
+**44 tools · 19 MCP prompts · 1002 unit tests · 50+ languages · v3.8.x stable · semver-bound · MIT · npm build provenance (SLSA L2).**
 
 ---
 
@@ -176,7 +176,7 @@ Auto-generated **[API reference at oomkapwn.github.io/enquire-mcp](https://oomka
 | **GraphRAG-light** (wikilink community detection via Louvain modularity) | ✅ **only here** | ❌ | ❌ |
 | **Standalone `.base` query execution** (works without Obsidian running) | ✅ **only here** | ❌ | ❌ delegates to Obsidian |
 | **HyDE retrieval** (Gao et al 2023) + sub-question decomposition | ✅ **only here** | ❌ | ❌ |
-| **995 unit tests · 9 required + 4 advisory CI gates per PR** | ✅ | n/a | rare |
+| **1002 unit tests · 9 required + 4 advisory CI gates per PR** | ✅ | n/a | rare |
 | **Signed build provenance** (npm + Sigstore, SLSA Build L2) | ✅ | n/a | ❌ |
 | **Semver-bound public surface** ([STABILITY.md](./STABILITY.md)) | ✅ | n/a | ❌ |
 | Standalone (no Obsidian plugin needed) | ✅ | ❌ requires Obsidian | varies |
@@ -286,7 +286,7 @@ Channel: `npm install @oomkapwn/enquire-mcp` → latest stable (`@latest` = v3.8
 ```bash
 git clone https://github.com/oomkapwn/enquire-mcp.git
 cd enquire-mcp && npm install
-npm test       # full suite (995 tests, ~12s)
+npm test       # full suite (1002 tests, ~12s)
 npm run lint   # zero warnings
 npm run build  # tsc → dist/
 ```

package/STABILITY.md

@@ -60,7 +60,7 @@ Anything not listed here (private fields, internal helpers, test fixtures) is **
 
 - **Stderr log format.** We add diagnostic lines, change wording, and adjust verbosity in minor releases. Don't grep stderr for control flow.
 - **On-disk file formats.** SQLite schemas, HNSW sidecar layouts, embedding model versions, and persistent-cache shapes can evolve. v2.17 demonstrated the policy: schema bumps trigger automatic rebuild via the meta-table contamination guard. You don't need to migrate manually.
-- **Default models.** `--embedding-model` and `--reranker-model` default aliases (`multilingual` / `rerank-multilingual`) point at the recommended HuggingFace repos for the current release. We may change which underlying repo a default alias resolves to in a minor release if a better one becomes available; the alias name itself is stable.
+- **Default models.** `--embedding-model` and `--reranker-model` default aliases (`multilingual` / `rerank-bge`) point at the recommended HuggingFace repos for the current release. We may change which underlying repo a default alias resolves to in a minor release if a better one becomes available; the alias name itself is stable.
 - **Internal HTTP routes** other than `/mcp` and `/health` (which are configurable via `--mcp-path` / `--health-path`).
 - **Test infrastructure** under `tests/` and helper scripts under `scripts/`.
 

package/dist/index.d.ts

@@ -7,7 +7,7 @@
  * + `McpServer({version})`) and `src/tool-registry.ts` (used in the
  * `vault-info` resource payload).
  */
-export declare const VERSION = "3.9.0-rc.21";
+export declare const VERSION = "3.9.0-rc.23";
 export { main } from "./cli.js";
 export { buildEmbedText, buildMcpServer, formatReadyBanner, prepareServerDeps, type ServeOptions, type ServerDeps, startServer } from "./server.js";
 export { parsePositiveInt, parseQuantizationMode } from "./tool-registry.js";

package/dist/index.js

@@ -40,7 +40,7 @@ import { main } from "./cli.js";
  * + `McpServer({version})`) and `src/tool-registry.ts` (used in the
  * `vault-info` resource payload).
  */
-export const VERSION = "3.9.0-rc.21";
+export const VERSION = "3.9.0-rc.23";
 // Re-exports — preserve the v3.5.x public surface so http-transport.ts and
 // tests don't need to know about the new module layout. The set below
 // exactly matches the v3.5.x `export` declarations: `main`,

package/docs/COMPARISON.md

@@ -43,7 +43,7 @@ The four axes the external audit (#3, 2026-05) called out as decisive — **REST
 | Read open editor state, active note, etc.     | **No**              | **Yes**          | Limited          | No               | No               |
 | Zero outbound network calls in serve mode     | **Yes** (default)   | Local-only (REST)| Local-only (REST)| Yes              | Yes              |
 | Signed build provenance on releases (SLSA L2) | **Yes**             | No               | No               | No               | No               |
-| Test count (public)                           | **995**             | (varies)         | (varies)         | (varies)         | (varies)         |
+| Test count (public)                           | **1002**             | (varies)         | (varies)         | (varies)         | (varies)         |
 | Tool count                                    | 44                  | ~25              | ~8               | ~10              | 3–5              |
 | MCP prompt count                              | 19                  | 0                | 0                | 0                | 0                |
 | License                                       | MIT                 | Apache-2.0       | MIT              | MIT              | (varies)         |

package/package.json

@@ -1,9 +1,9 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "@oomkapwn/enquire-mcp",
-  "version": "3.9.0-rc.21",
+  "version": "3.9.0-rc.23",
   "mcpName": "io.github.oomkapwn/enquire-mcp",
-  "description": "MCP server giving AI agents (Claude Code, Claude Desktop, Cursor, ChatGPT, Codex, OpenClaw) persistent long-term memory backed by your local Obsidian markdown vault. Hybrid retrieval (BM25 + ML embeddings + BGE reranker, RRF-fused), HNSW + int8 quantization, agentic RAG (HyDE + sub-question decomposition), GraphRAG-light (Louvain), standalone Obsidian Bases, PDFs + Tesseract OCR. Vendor-neutral memory layer for any MCP-compatible agent. 44 tools, 19 MCP prompts, 995 tests, signed npm build provenance (SLSA L2), semver-bound, MIT, zero cloud calls during serve.",
+  "description": "MCP server giving AI agents (Claude Code, Claude Desktop, Cursor, ChatGPT, Codex, OpenClaw) persistent long-term memory backed by your local Obsidian markdown vault. Hybrid retrieval (BM25 + ML embeddings + BGE reranker, RRF-fused), HNSW + int8 quantization, agentic RAG (HyDE + sub-question decomposition), GraphRAG-light (Louvain), standalone Obsidian Bases, PDFs + Tesseract OCR. Vendor-neutral memory layer for any MCP-compatible agent. 44 tools, 19 MCP prompts, 1002 tests, signed npm build provenance (SLSA L2), semver-bound, MIT, zero cloud calls during serve.",
   "type": "module",
   "bin": {
     "enquire-mcp": "dist/index.js"