couchloop-eq-mcp 1.1.4 → 1.2.0

package/dist/tools/primary-tools.js

@@ -0,0 +1,355 @@
+/**
+ * MCP Tools - Public API
+ *
+ * This module exports only the PRIMARY tools that users should see.
+ * All granular tools are internal engines used by these primary tools.
+ *
+ * PUBLIC TOOLS (8):
+ * 0. couchloop        - Intent router (discoverability layer for loose commands)
+ * 1. verify           - Pre-delivery verification (catches AI hallucinations, validates packages)
+ * 2. status           - Dashboard (session progress, history, context, protection)
+ * 3. conversation     - Therapeutic AI conversation with governance
+ * 4. code_review      - Complete code analysis (security, quality, AI errors)
+ * 5. package_audit    - Complete dependency audit (validation, versions, upgrades)
+ * 6. remember         - Smart context capture (checkpoints, insights, decisions)
+ * 7. protect          - File protection and safety features
+ */
+import { intentRouterTool, registerTools } from './intent-router.js';
+import { sendMessage } from './sendMessage.js';
+import { createSession, resumeSession } from './session.js';
+import { endSession } from './session-manager.js';
+import { handleComprehensiveCodeReview } from './comprehensive-code-review.js';
+import { handleComprehensivePackageAudit } from './comprehensive-package-audit.js';
+import { handleSmartContext } from './smart-context.js';
+import { protectFiles, getProtectionStatus, listBackups, rollbackFile, enableCodeFreeze, disableCodeFreeze, } from './protect-files.js';
+import { listJourneys, getJourneyStatus } from './journey.js';
+import { getCheckpoints } from './checkpoint.js';
+import { getInsights, getUserContext } from './insight.js';
+import { verifyTool } from './verify.js';
+import { statusTool } from './status.js';
+import { logger } from '../utils/logger.js';
+// ============================================================
+// PRIMARY TOOL DEFINITIONS
+// These are the only tools visible to users
+// ============================================================
+// Brainstorm system prompt - reflective questioning to help developers arrive at their own solutions
+const BRAINSTORM_SYSTEM_PROMPT = `You are a reflective thinking partner for developers. Your primary role is to ask insightful questions that help developers discover their own best solution — but you also provide concrete analysis when they've narrowed down options.
+
+DETECT THE MODE:
+1. EXPLORATION: User has a vague idea or open-ended problem → Ask questions to help them think
+2. COMPARISON: User presents 2-3 specific options (e.g., "Redis vs Memcached?") → Clarify context briefly, then provide analysis
+
+FOR EXPLORATION MODE:
+- Ask clarifying questions before suggesting anything
+- Surface assumptions they may not have questioned
+- Break complex problems into smaller, answerable pieces
+- Ask 1-3 focused questions per response (not a barrage)
+
+QUESTION PATTERNS:
+1. SCOPE: "What problem are you really trying to solve?" / "Who is this for?"
+2. CONSTRAINTS: "What's your timeline?" / "What existing systems does this need to work with?"
+3. TRADE-OFFS: "If you had to choose between X and Y, which matters more?"
+4. ASSUMPTIONS: "What are you assuming about the user?" / "Have you validated that?"
+5. DECOMPOSITION: "What's the riskiest part?" / "What could you build first to learn more?"
+
+FOR COMPARISON MODE (user asks "A vs B?" or "should I use X or Y?"):
+1. Ask 1-2 quick clarifying questions about their specific context (scale, team experience, existing stack)
+2. Then provide a structured comparison:
+   - Key differences that matter for their use case
+   - When to choose each option
+   - Your recommendation given what you know about their context
+   - Caveats or "it depends" factors they should verify
+3. Be direct. Don't just list pros/cons — give them an actionable recommendation with reasoning.
+
+RESPONSE STYLE:
+- Start with understanding, not solutioning
+- Summarize their thinking back periodically
+- When they present options, acknowledge you'll help them decide (not just explore forever)
+- Be concise — developers want signal, not fluff
+
+Remember: The best solutions come from the developer's own understanding of their context. Your job is to help them think clearly AND give them useful analysis when they're ready for it.`;
+const conversationTool = {
+    definition: {
+        name: 'conversation',
+        description: 'Start or continue an AI conversation with built-in crisis detection, emotional support, and session memory. Includes brainstorm mode for dev ideation. Triggers: "end session", "start session", "wrap up", "done for now", "talk", "chat", "feeling", "stressed", "help me", "brainstorm", "think through", "map out feature".',
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            openWorldHint: true,
+        },
+        inputSchema: {
+            type: 'object',
+            properties: {
+                message: {
+                    type: 'string',
+                    description: 'Your message',
+                },
+                action: {
+                    type: 'string',
+                    enum: ['send', 'start', 'end', 'resume', 'status', 'brainstorm'],
+                    description: 'Action: send (default), start new session, end session, resume previous, get status, or brainstorm (dev thinking partner)',
+                },
+                journey: {
+                    type: 'string',
+                    description: 'Optional journey to follow (e.g., "daily-reflection")',
+                },
+                session_id: {
+                    type: 'string',
+                    description: 'Session ID (auto-managed if not provided)',
+                },
+            },
+            required: ['message'],
+        },
+    },
+    handler: async (args) => {
+        const action = args.action || 'send';
+        switch (action) {
+            case 'start':
+                return createSession({
+                    journey_slug: args.journey,
+                    context: args.message,
+                });
+            case 'end':
+                return endSession(args.session_id);
+            case 'resume':
+                return resumeSession({ session_id: args.session_id });
+            case 'status':
+                if (args.session_id) {
+                    return getJourneyStatus({ session_id: args.session_id });
+                }
+                return listJourneys({});
+            case 'brainstorm':
+                // Dev thinking partner - reflective questioning mode
+                return sendMessage({
+                    message: args.message,
+                    session_id: args.session_id,
+                    system_prompt: BRAINSTORM_SYSTEM_PROMPT,
+                    conversation_type: 'brainstorm',
+                    save_checkpoint: true,
+                });
+            case 'send':
+            default:
+                return sendMessage({
+                    message: args.message,
+                    session_id: args.session_id,
+                    save_checkpoint: true,
+                    include_memory: true,
+                });
+        }
+    },
+};
+const codeReviewTool = {
+    definition: {
+        name: 'code_review',
+        description: 'Complete code review: security vulnerabilities (SQL injection, XSS, secrets), code quality (console.logs, TODOs, error handling), code smells (complexity, bloat), and AI-generated errors (hallucinated APIs, build context issues). One call, full analysis. Triggers: "review", "check code", "analyze", "security check", "lint", "find bugs", "is this safe".',
+        annotations: {
+            readOnlyHint: true,
+            destructiveHint: false,
+            openWorldHint: false,
+        },
+        inputSchema: {
+            type: 'object',
+            properties: {
+                code: {
+                    type: 'string',
+                    description: 'Code to review',
+                },
+                language: {
+                    type: 'string',
+                    description: 'Programming language (auto-detected if not specified)',
+                },
+                auto_fix: {
+                    type: 'boolean',
+                    description: 'Attempt to auto-fix issues (default: false)',
+                },
+            },
+            required: ['code'],
+        },
+    },
+    handler: handleComprehensiveCodeReview,
+};
+const packageAuditTool = {
+    definition: {
+        name: 'package_audit',
+        description: 'Complete dependency audit: validates packages exist and are legitimate (catches typosquatting), checks for outdated versions and security vulnerabilities, generates upgrade reports with migration guides and breaking changes. Triggers: "audit", "check dependencies", "outdated", "vulnerable packages", "upgrade", "npm audit", "security scan".',
+        annotations: {
+            readOnlyHint: true,
+            destructiveHint: false,
+            openWorldHint: true,
+        },
+        inputSchema: {
+            type: 'object',
+            properties: {
+                packages: {
+                    type: 'array',
+                    items: { type: 'string' },
+                    description: 'Package names to audit',
+                },
+                registry: {
+                    type: 'string',
+                    enum: ['npm', 'pypi', 'maven', 'cargo', 'go', 'nuget', 'gem'],
+                    description: 'Package registry (default: npm)',
+                },
+            },
+            required: ['packages'],
+        },
+    },
+    handler: handleComprehensivePackageAudit,
+};
+const rememberTool = {
+    definition: {
+        name: 'remember',
+        description: 'Capture and preserve important context from conversations. Automatically routes to the right storage: checkpoints for progress, insights for realizations, context for technical decisions. Prevents AI amnesia across conversations. Triggers: "save", "remember this", "checkpoint", "note", "don\'t forget", "keep track", "save progress", "log this".',
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            openWorldHint: false,
+        },
+        inputSchema: {
+            type: 'object',
+            properties: {
+                content: {
+                    type: 'string',
+                    description: 'What to remember',
+                },
+                type: {
+                    type: 'string',
+                    enum: ['checkpoint', 'insight', 'decision', 'requirement', 'constraint', 'pattern'],
+                    description: 'Type of context (affects where it\'s stored)',
+                },
+                tags: {
+                    type: 'array',
+                    items: { type: 'string' },
+                    description: 'Tags for categorization',
+                },
+                action: {
+                    type: 'string',
+                    enum: ['save', 'recall', 'list'],
+                    description: 'Action: save (default), recall previous context, or list saved items',
+                },
+                session_id: {
+                    type: 'string',
+                    description: 'Session to associate with',
+                },
+            },
+            required: ['content'],
+        },
+    },
+    handler: async (args) => {
+        const action = args.action || 'save';
+        const sessionId = args.session_id;
+        switch (action) {
+            case 'recall': {
+                // Get checkpoints and insights
+                const checkpoints = await getCheckpoints({ session_id: sessionId });
+                const insights = await getInsights({ session_id: sessionId, limit: 10 });
+                const userContext = await getUserContext({ include_recent_insights: true, include_session_history: true });
+                return {
+                    checkpoints,
+                    insights,
+                    user_context: userContext,
+                };
+            }
+            case 'list':
+                return getInsights({ session_id: sessionId, limit: 20 });
+            case 'save':
+            default:
+                return handleSmartContext({
+                    content: args.content,
+                    type: args.type || 'insight',
+                    tags: args.tags,
+                    session_id: args.session_id,
+                });
+        }
+    },
+};
+const protectTool = {
+    definition: {
+        name: 'protect',
+        description: 'File protection and safety: prevent accidental deletions, create automatic backups, rollback changes, enable code freeze mode. Essential for safe AI-assisted development. Triggers: "backup", "protect", "freeze", "rollback", "undo", "restore", "safe mode".',
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            openWorldHint: false,
+        },
+        inputSchema: {
+            type: 'object',
+            properties: {
+                action: {
+                    type: 'string',
+                    enum: ['check', 'backup', 'rollback', 'freeze', 'unfreeze', 'status', 'history'],
+                    description: 'Action to perform',
+                },
+                path: {
+                    type: 'string',
+                    description: 'File path (for check, backup, rollback)',
+                },
+                operation: {
+                    type: 'string',
+                    enum: ['delete', 'overwrite', 'move'],
+                    description: 'Operation type (for check)',
+                },
+                backup_id: {
+                    type: 'string',
+                    description: 'Backup ID (for rollback)',
+                },
+            },
+            required: ['action'],
+        },
+    },
+    handler: async (args) => {
+        const action = args.action;
+        switch (action) {
+            case 'check':
+                return protectFiles({
+                    operation: args.operation,
+                    path: args.path,
+                });
+            case 'status':
+                return getProtectionStatus({});
+            case 'history':
+                return listBackups({});
+            case 'rollback':
+                return rollbackFile({ backup_id: args.backup_id });
+            case 'freeze':
+                return enableCodeFreeze({});
+            case 'unfreeze':
+                return disableCodeFreeze({});
+            case 'backup':
+                // Create a backup by doing a protected check
+                return protectFiles({
+                    operation: 'overwrite',
+                    path: args.path,
+                });
+            default:
+                return { error: `Unknown action: ${action}` };
+        }
+    },
+};
+// ============================================================
+// EXPORT ONLY PRIMARY TOOLS
+// ============================================================
+export async function setupTools() {
+    // Domain-specific tools (order matters for some clients)
+    const domainTools = [
+        verifyTool, // Pre-delivery verification (critical for catching AI errors)
+        statusTool, // Dashboard and status checks
+        conversationTool,
+        codeReviewTool,
+        packageAuditTool,
+        rememberTool,
+        protectTool,
+    ];
+    // Register domain tools with intent router for internal invocation
+    registerTools(domainTools);
+    // Intent router (couchloop) goes FIRST for maximum discoverability
+    const tools = [
+        intentRouterTool,
+        ...domainTools,
+    ];
+    logger.info(`Prepared ${tools.length} primary MCP tools (including intent router)`);
+    return tools;
+}
+// Also export for internal use
+export { handleComprehensiveCodeReview, handleComprehensivePackageAudit, handleSmartContext, };
+//# sourceMappingURL=primary-tools.js.map

package/dist/tools/primary-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"primary-tools.js","sourceRoot":"","sources":["../../src/tools/primary-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,6BAA6B,EAAE,MAAM,gCAAgC,CAAC;AAC/E,OAAO,EAAE,+BAA+B,EAAE,MAAM,kCAAkC,CAAC;AACnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,+DAA+D;AAC/D,2BAA2B;AAC3B,4CAA4C;AAC5C,+DAA+D;AAE/D,qGAAqG;AACrG,MAAM,wBAAwB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2LAkC0J,CAAC;AAE5L,MAAM,gBAAgB,GAAG;IACvB,UAAU,EAAE;QACV,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,iUAAiU;QAC9U,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,cAAc;iBAC5B;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,CAAC;oBAChE,WAAW,EAAE,2HAA2H;iBACzI;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uDAAuD;iBACrE;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,2CAA2C;iBACzD;aACF;YACD,QAAQ,EAAE,CAAC,SAAS,CAAC;SACtB;KACF;IACD,OAAO,EAAE,KAAK,EAAE,IAA6B,EAAE,EAAE;QAC/C,MAAM,MAAM,GAAI,IAAI,CAAC,MAAiB,IAAI,MAAM,CAAC;QAEjD,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,OAAO;gBACV,OAAO,aAAa,CAAC;oBACnB,YAAY,EAAE,IAAI,CAAC,OAAiB;oBACpC,OAAO,EAAE,IAAI,CAAC,OAAiB;iBAChC,CAAC,CAAC;YACL,KAAK,KAAK;gBACR,OAAO,UAAU,CAAC,IAAI,CAAC,UAAoB,CAAC,CAAC;YAC/C,KAAK,QAAQ;gBACX,OAAO,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAoB,EAAE,CAAC,CAAC;YAClE,KAAK,QAAQ;gBACX,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBACpB,OAAO,gBAAgB,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAoB,EAAE,CAAC,CAAC;gBACrE,CAAC;gBACD,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;YAC1B,KAAK,YAAY;gBACf,qDAAqD;gBACrD,OAAO,WAAW,CAAC;oBACjB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,aAAa,EAAE,wBAAwB;oBACvC,iBAAiB,EAAE,YAAY;oBAC/B,eAAe,EAAE,IAAI;iBACtB,CAAC,CAAC;YACL,KAAK,MAAM,CAAC;YACZ;gBACE,OAAO,WAAW,CAAC;oBACjB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,eAAe,EAAE,IAAI;oBACrB,cAAc,EAAE,IAAI;iBACrB,CAAC,CAAC;QACP,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,cAAc,GAAG;IACrB,UAAU,EAAE;QACV,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,oWAAoW;QACjX,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,KAAK;SACrB;QACD,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,gBAAgB;iBAC9B;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uDAAuD;iBACrE;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,6CAA6C;iBAC3D;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;KACF;IACD,OAAO,EAAE,6BAA6B;CACvC,CAAC;AAEF,MAAM,gBAAgB,GAAG;IACvB,UAAU,EAAE;QACV,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,uVAAuV;QACpW,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,QAAQ,EAAE;oBACR,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,wBAAwB;iBACtC;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC;oBAC7D,WAAW,EAAE,iCAAiC;iBAC/C;aACF;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;KACF;IACD,OAAO,EAAE,+BAA+B;CACzC,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,UAAU,EAAE;QACV,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,4VAA4V;QACzW,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,KAAK;SACrB;QACD,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,kBAAkB;iBAChC;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,SAAS,CAAC;oBACnF,WAAW,EAAE,8CAA8C;iBAC5D;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,yBAAyB;iBACvC;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC;oBAChC,WAAW,EAAE,sEAAsE;iBACpF;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,2BAA2B;iBACzC;aACF;YACD,QAAQ,EAAE,CAAC,SAAS,CAAC;SACtB;KACF;IACD,OAAO,EAAE,KAAK,EAAE,IAA6B,EAAE,EAAE;QAC/C,MAAM,MAAM,GAAI,IAAI,CAAC,MAAiB,IAAI,MAAM,CAAC;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAgC,CAAC;QAExD,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,+BAA+B;gBAC/B,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;gBACpE,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;gBACzE,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,EAAE,uBAAuB,EAAE,IAAI,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC3G,OAAO;oBACL,WAAW;oBACX,QAAQ;oBACR,YAAY,EAAE,WAAW;iBAC1B,CAAC;YACJ,CAAC;YACD,KAAK,MAAM;gBACT,OAAO,WAAW,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC;YACZ;gBACE,OAAO,kBAAkB,CAAC;oBACxB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,SAAS;oBAC5B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC5B,CAAC,CAAC;QACP,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,WAAW,GAAG;IAClB,UAAU,EAAE;QACV,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,iQAAiQ;QAC9Q,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,KAAK;SACrB;QACD,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC;oBAChF,WAAW,EAAE,mBAAmB;iBACjC;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,yCAAyC;iBACvD;gBACD,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC;oBACrC,WAAW,EAAE,4BAA4B;iBAC1C;gBACD,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,0BAA0B;iBACxC;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;KACF;IACD,OAAO,EAAE,KAAK,EAAE,IAA6B,EAAE,EAAE;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAgB,CAAC;QAErC,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,SAAmB;oBACnC,IAAI,EAAE,IAAI,CAAC,IAAc;iBAC1B,CAAC,CAAC;YACL,KAAK,QAAQ;gBACX,OAAO,mBAAmB,CAAC,EAAE,CAAC,CAAC;YACjC,KAAK,SAAS;gBACZ,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;YACzB,KAAK,UAAU;gBACb,OAAO,YAAY,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAmB,EAAE,CAAC,CAAC;YAC/D,KAAK,QAAQ;gBACX,OAAO,gBAAgB,CAAC,EAAE,CAAC,CAAC;YAC9B,KAAK,UAAU;gBACb,OAAO,iBAAiB,CAAC,EAAE,CAAC,CAAC;YAC/B,KAAK,QAAQ;gBACX,6CAA6C;gBAC7C,OAAO,YAAY,CAAC;oBAClB,SAAS,EAAE,WAAW;oBACtB,IAAI,EAAE,IAAI,CAAC,IAAc;iBAC1B,CAAC,CAAC;YACL;gBACE,OAAO,EAAE,KAAK,EAAE,mBAAmB,MAAM,EAAE,EAAE,CAAC;QAClD,CAAC;IACH,CAAC;CACF,CAAC;AAEF,+DAA+D;AAC/D,4BAA4B;AAC5B,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,yDAAyD;IACzD,MAAM,WAAW,GAAG;QAClB,UAAU,EAAM,8DAA8D;QAC9E,UAAU,EAAM,8BAA8B;QAC9C,gBAAgB;QAChB,cAAc;QACd,gBAAgB;QAChB,YAAY;QACZ,WAAW;KACZ,CAAC;IAEF,mEAAmE;IACnE,aAAa,CAAC,WAAW,CAAC,CAAC;IAE3B,mEAAmE;IACnE,MAAM,KAAK,GAAG;QACZ,gBAAgB;QAChB,GAAG,WAAW;KACf,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,MAAM,8CAA8C,CAAC,CAAC;IACpF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+BAA+B;AAC/B,OAAO,EACL,6BAA6B,EAC7B,+BAA+B,EAC/B,kBAAkB,GACnB,CAAC"}

package/dist/tools/protect-files.d.ts

@@ -150,7 +150,7 @@ export declare function getOperationHistory(args: any): Promise<{
         path: string;
         target_path: string | null;
         timestamp: Date;
-        status: "approved" | "pending" | "denied" | "executed" | "rolled_back";
+        status: "pending" | "approved" | "denied" | "executed" | "rolled_back";
         force: boolean;
         backup_path: string | null;
         error: string | null;

package/dist/tools/sendMessage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sendMessage.d.ts","sourceRoot":"","sources":["../../src/tools/sendMessage.ts"],"names":[],"mappings":"AAyDA;;;GAGG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,OAAO,oBAE9C"}
+{"version":3,"file":"sendMessage.d.ts","sourceRoot":"","sources":["../../src/tools/sendMessage.ts"],"names":[],"mappings":"AAqEA;;;GAGG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,OAAO,oBAE9C"}

package/dist/tools/sendMessage.js

@@ -1,15 +1,16 @@
 import { z } from 'zod';
-import { eq, desc } from 'drizzle-orm';
+import { eq } from 'drizzle-orm';
 import { getDb } from '../db/client.js';
 import { getShrinkChatClient } from '../clients/shrinkChatClient.js';
 import { sessions, checkpoints, journeys, crisisEvents, governanceEvaluations } from '../db/schema.js';
 import { logger } from '../utils/logger.js';
+import { sanitizeResponse } from '../utils/sanitize.js';
 import { NotFoundError } from '../utils/errors.js';
 import { v4 as uuidv4 } from 'uuid';
 import { EvaluationEngine } from '../governance/evaluationEngine.js';
 import { getOrCreateSession } from './session-manager.js';
-// Overall timeout for sendMessage - must be shorter than Smithery/proxy timeout
-const SEND_MESSAGE_TIMEOUT = parseInt(process.env.SEND_MESSAGE_TIMEOUT || '25000');
+// Overall timeout for sendMessage - increased to 60s for slow AI responses
+const SEND_MESSAGE_TIMEOUT = parseInt(process.env.SEND_MESSAGE_TIMEOUT || '60000');
 async function withTimeout(promise, timeoutMs, label) {
     let timeoutId;
     const timeoutPromise = new Promise((_, reject) => {
@@ -61,23 +62,11 @@ async function sendMessageInternal(args) {
         // Get or create session implicitly if not provided
         const { sessionId, isNew } = await getOrCreateSession(input.session_id, undefined, 'Message session');
         logger.info(`Sending message for session ${sessionId}${isNew ? ' (newly created)' : ''}`);
-        // Parallelize session and checkpoint queries (saves ~150ms)
-        // These can run simultaneously since both just need the session ID
-        const [sessionResult, checkpointsResult] = await Promise.all([
-            // Get session
-            db.select()
-                .from(sessions)
-                .where(eq(sessions.id, sessionId))
-                .limit(1),
-            // Get conversation history - optimized with limit
-            db.select()
-                .from(checkpoints)
-                .where(eq(checkpoints.sessionId, sessionId))
-                .orderBy(desc(checkpoints.createdAt))
-                .limit(30) // Fetch enough to get 10 message pairs after filtering
-        ]);
-        const [session] = sessionResult;
-        const previousCheckpoints = checkpointsResult;
+        // Query session only - message history is owned by shrink-chat
+        const [session] = await db.select()
+            .from(sessions)
+            .where(eq(sessions.id, sessionId))
+            .limit(1);
         if (!session) {
             throw new NotFoundError(`Session ${sessionId} not found`);
         }
@@ -97,7 +86,7 @@ async function sendMessageInternal(args) {
         const memoryContext = JSON.stringify({
             userId: session.userId || 'anonymous',
             conversationType: input.conversation_type || 'supportive',
-            sessionGoals: journey?.metadata?.goals || [],
+            sessionGoals: [],
             emotionalState: session.metadata?.emotionalState || 'neutral',
         });
         const enhancedContext = {
@@ -106,47 +95,8 @@ async function sendMessageInternal(args) {
                 : null,
             progressIndicators: session.metadata?.progressIndicators || [],
         };
-        const history = previousCheckpoints
-            .filter(cp => {
-            if (!cp.value || typeof cp.value !== 'object')
-                return false;
-            const val = cp.value;
-            // Include checkpoints with role field (individual messages)
-            if ('role' in val && 'message' in val)
-                return true;
-            // Include checkpoints with both message and response (combined format)
-            if ('message' in val && 'response' in val)
-                return true;
-            return false;
-        })
-            .flatMap(cp => {
-            const val = cp.value;
-            // Handle individual message checkpoints (with role field)
-            if ('role' in val && 'message' in val) {
-                return [{ role: val.role, content: val.message }];
-            }
-            // Handle combined checkpoints (with both message and response)
-            if ('message' in val && 'response' in val) {
-                return [
-                    { role: 'user', content: val.message },
-                    { role: 'assistant', content: val.response },
-                ];
-            }
-            return [];
-        })
-            .slice(-10);
-        // Save user message
-        await db.insert(checkpoints).values({
-            sessionId: session.id,
-            stepId: session.currentStep.toString(),
-            key: 'user-message',
-            value: {
-                message: input.message,
-                messageId: uuidv4(),
-                role: 'user',
-                timestamp: new Date().toISOString(),
-            },
-        });
+        // Message history is owned by shrink-chat (via threadId) - no need to build from checkpoints
+        const history = [];
         // Get shrink-chat client
         const client = getShrinkChatClient();
         // Send message
@@ -175,8 +125,6 @@ async function sendMessageInternal(args) {
         // If shrink-chat says intervention is required, ask for revision
         if (needsIntervention) {
             logger.info(`[Self-Correction] Shrink-chat detected crisis requiring intervention`);
-            // Log the initial response
-            await logGovernanceEvaluation(session.id, response.content || response.reply || '', 'revision_requested', `Crisis level ${response.crisis_level}: ${response.crisis_indicators?.join(', ') || 'intervention required'}`, response.crisis_confidence || 0);
             // Ask LLM to revise based on shrink-chat's own assessment
             const revisionPrompt = `The previous response may escalate the user's distress (crisis level: ${response.crisis_level}).
 Please provide a safer, more supportive response to: "${input.message}"
@@ -195,31 +143,12 @@ Suggested approach: ${response.crisis_suggested_actions?.join(', ') || 'De-escal
                 conversationType: 'revision',
                 idempotencyKey: uuidv4(),
             });
-            // Log revised response
-            await logGovernanceEvaluation(session.id, revisedResponse.content || revisedResponse.reply || '', 'revision_applied', 'Self-corrected based on crisis detection', revisedResponse.crisis_confidence || 0);
             response = revisedResponse;
             selfCorrected = true;
             logger.info(`[Self-Correction] Applied revised response`);
         }
-        else {
-            // Log approved response
-            await logGovernanceEvaluation(session.id, response.content || response.reply || '', 'approved', 'No intervention required', response.crisis_confidence || 0);
-        }
-        // Save assistant response
+        // Extract response content
         const responseContent = response.content || response.reply || response.response_text || '';
-        await db.insert(checkpoints).values({
-            sessionId: session.id,
-            stepId: session.currentStep.toString(),
-            key: 'assistant-message',
-            value: {
-                message: responseContent,
-                messageId: response.messageId || uuidv4(),
-                role: 'assistant',
-                crisisLevel: response.crisis_level || response.crisisLevel,
-                selfCorrected,
-                timestamp: new Date().toISOString(),
-            },
-        });
         // Handle high crisis even after revision (for resources/escalation)
         if (response.crisis_level && (typeof response.crisis_level === 'string' ? response.crisis_level !== 'none' : response.crisis_level > 7)) {
             await handleCrisisDetection(session.id, threadId, response);
@@ -254,8 +183,8 @@ Suggested approach: ${response.crisis_suggested_actions?.join(', ') || 'De-escal
         }))).catch(err => {
             logger.error('[Governance] Async evaluation failed:', err);
         });
-        // Return response
-        return {
+        // Build full response (for internal logging)
+        const fullResponse = {
             success: true,
             content: responseContent,
             messageId: response.messageId,
@@ -271,6 +200,8 @@ Suggested approach: ${response.crisis_suggested_actions?.join(', ') || 'De-escal
             },
             timestamp: new Date().toISOString(),
         };
+        // Return sanitized response (strips sensitive metadata)
+        return sanitizeResponse(fullResponse);
     }
     catch (error) {
         logger.error('Error in sendMessage:', error);
@@ -284,60 +215,6 @@ Suggested approach: ${response.crisis_suggested_actions?.join(', ') || 'De-escal
         throw error;
     }
 }
-/**
- * Log governance evaluation - accepts real evaluation results
- */
-async function logGovernanceEvaluation(sessionId, content, action, reason, confidence, evaluationResult) {
-    const db = getDb();
-    try {
-        await db.insert(governanceEvaluations).values({
-            sessionId,
-            draftResponse: content.substring(0, 1000),
-            evaluationResults: evaluationResult ? {
-                hallucination: {
-                    detected: evaluationResult.hallucination.detected,
-                    confidence: evaluationResult.hallucination.confidence,
-                    patterns: evaluationResult.hallucination.patterns || []
-                },
-                inconsistency: {
-                    detected: evaluationResult.inconsistency.detected,
-                    confidence: evaluationResult.inconsistency.confidence,
-                    patterns: evaluationResult.inconsistency.patterns || []
-                },
-                toneDrift: {
-                    detected: evaluationResult.toneDrift.detected,
-                    confidence: evaluationResult.toneDrift.confidence,
-                    patterns: evaluationResult.toneDrift.patterns || []
-                },
-                unsafeReasoning: {
-                    detected: evaluationResult.unsafeReasoning.detected,
-                    confidence: evaluationResult.unsafeReasoning.confidence,
-                    patterns: evaluationResult.unsafeReasoning.patterns || []
-                },
-                overallRisk: evaluationResult.overallRisk,
-                recommendedAction: evaluationResult.recommendedAction,
-                confidence: evaluationResult.confidence
-            } : {
-                hallucination: { detected: false, confidence: 0, patterns: [] },
-                inconsistency: { detected: false, confidence: 0, patterns: [] },
-                toneDrift: { detected: false, confidence: 0, patterns: [] },
-                unsafeReasoning: {
-                    detected: action === 'revision_requested',
-                    confidence,
-                    patterns: [reason]
-                },
-                overallRisk: action === 'revision_requested' ? 'high' : 'low',
-                recommendedAction: action === 'revision_requested' ? 'modify' : 'allow',
-                confidence: confidence
-            },
-            interventionApplied: action === 'revision_requested' ? 'revision' : null,
-            finalResponse: action === 'revision_applied' ? content.substring(0, 1000) : null,
-        });
-    }
-    catch (error) {
-        logger.error('Failed to log governance evaluation:', error);
-    }
-}
 /**
  * Run async governance evaluation in the background
  * This evaluates the response for hallucination, inconsistency, tone drift, and unsafe reasoning
@@ -439,18 +316,6 @@ async function handleLocalFallback(args) {
         return { success: false, error: 'Session not found' };
     }
     const fallbackContent = "I understand you're trying to communicate. The therapeutic service is temporarily unavailable, but your message has been noted. Please try again shortly.";
-    await db.insert(checkpoints).values({
-        sessionId: session.id,
-        stepId: session.currentStep.toString(),
-        key: 'assistant-message',
-        value: {
-            message: fallbackContent,
-            messageId: uuidv4(),
-            role: 'assistant',
-            fallbackMode: true,
-            timestamp: new Date().toISOString(),
-        },
-    });
     return {
         success: true,
         content: fallbackContent,