couchloop-eq-mcp 2.0.2 → 2.0.4

package/dist/tools/primary-tools.js

@@ -2,146 +2,133 @@
  * MCP Tools - Public API
  *
  * This module exports only the PRIMARY tools that users should see.
- * All granular tools are internal engines used by these primary tools.
+ * Consolidated from 10 → 4 tools for clarity and reduced LLM misrouting.
  *
- * PUBLIC TOOLS (10):
- * 0. couchloop        - Intent router (discoverability layer for loose commands)
- * 1. guard            - Invisible per-turn governance (called automatically by companion skill)
- * 2. verify           - Pre-delivery verification (catches AI hallucinations, validates packages)
- * 2. status           - Dashboard (session progress, history, context, protection)
- * 3. conversation     - AI conversation with guided journeys and session memory
- * 4. brainstorm       - Dev thinking partner (reflective questioning, architecture, trade-offs)
- * 5. code_review      - Complete code analysis (security, quality, AI errors)
- * 6. package_audit    - Complete dependency audit (validation, versions, upgrades)
- * 7. remember         - Smart context capture (checkpoints, insights, decisions)
- * 8. protect          - File protection and safety features
+ * PUBLIC TOOLS (4):
+ * 1. memory           - HERO: save & recall insights, checkpoints, decisions (Supabase-backed)
+ * 2. conversation     - Emotional support, guided journeys, crisis detection (shrink-chat backend)
+ * 3. review           - Unified: code review + package audit + pre-delivery verification
+ * 4. status           - Dashboard (session progress, history, context, preferences)
+ *
+ * INTERNAL (auto-triggered, not user-facing):
+ * - guard             - Per-response governance (runs in withPolicy wrapper)
+ *
+ * REMOVED:
+ * - couchloop         - Router added latency; LLMs route directly with good descriptions
+ * - brainstorm        - Returned static system prompt; LLMs brainstorm natively
+ * - protect           - Broken on Railway (read-only /app filesystem)
  */
-// V2 Orchestration imports
-import { couchloopV2Tool } from './couchloop-v2.js';
-import { registerTools } from './intent-router.js';
+import { z } from 'zod';
 import { ToolRegistry } from '../core/registry/registry.js';
-// Legacy tool imports (will be registered in V2 registry)
+// Tool handler imports
 import { sendMessage } from './sendMessage.js';
 import { createSession, resumeSession } from './session.js';
 import { endSession } from './session-manager.js';
 import { handleComprehensiveCodeReview } from './comprehensive-code-review.js';
 import { handleComprehensivePackageAudit } from './comprehensive-package-audit.js';
 import { handleSmartContext } from './smart-context.js';
-import { protectFiles, getProtectionStatus, listBackups, rollbackFile, enableCodeFreeze, disableCodeFreeze, } from './protect-files.js';
 import { listJourneys, getJourneyStatus } from './journey.js';
 import { getCheckpoints } from './checkpoint.js';
 import { getInsights, getUserContext } from './insight.js';
-import { verifyTool } from './verify.js';
+import { handleVerify } from './verify.js';
 import { statusTool } from './status.js';
-import { guardTool } from './guard.js';
 import { runToolWithPolicy } from '../policy/index.js';
 import { logger } from '../utils/logger.js';
 // ============================================================
-// PRIMARY TOOL DEFINITIONS
-// These are the only tools visible to users
+// PRIMARY TOOL DEFINITIONS (4 public tools)
 // ============================================================
-// Brainstorm system prompt - reflective questioning to help developers arrive at their own solutions
-const BRAINSTORM_SYSTEM_PROMPT = `You are a reflective thinking partner for developers. Your primary role is to ask insightful questions that help developers discover their own best solution — but you also provide concrete analysis when they've narrowed down options.
-
-DETECT THE MODE:
-1. EXPLORATION: User has a vague idea or open-ended problem → Ask questions to help them think
-2. COMPARISON: User presents 2-3 specific options (e.g., "Redis vs Memcached?") → Clarify context briefly, then provide analysis
-
-FOR EXPLORATION MODE:
-- Ask clarifying questions before suggesting anything
-- Surface assumptions they may not have questioned
-- Break complex problems into smaller, answerable pieces
-- Ask 1-3 focused questions per response (not a barrage)
-
-QUESTION PATTERNS:
-1. SCOPE: "What problem are you really trying to solve?" / "Who is this for?"
-2. CONSTRAINTS: "What's your timeline?" / "What existing systems does this need to work with?"
-3. TRADE-OFFS: "If you had to choose between X and Y, which matters more?"
-4. ASSUMPTIONS: "What are you assuming about the user?" / "Have you validated that?"
-5. DECOMPOSITION: "What's the riskiest part?" / "What could you build first to learn more?"
-
-FOR COMPARISON MODE (user asks "A vs B?" or "should I use X or Y?"):
-1. Ask 1-2 quick clarifying questions about their specific context (scale, team experience, existing stack)
-2. Then provide a structured comparison:
-   - Key differences that matter for their use case
-   - When to choose each option
-   - Your recommendation given what you know about their context
-   - Caveats or "it depends" factors they should verify
-3. Be direct. Don't just list pros/cons — give them an actionable recommendation with reasoning.
-
-RESPONSE STYLE:
-- Start with understanding, not solutioning
-- Summarize their thinking back periodically
-- When they present options, acknowledge you'll help them decide (not just explore forever)
-- Be concise — developers want signal, not fluff
-
-Remember: The best solutions come from the developer's own understanding of their context. Your job is to help them think clearly AND give them useful analysis when they're ready for it.`;
-const conversationTool = {
+// ── 1. MEMORY (hero feature — registered first) ─────────────────────────────
+// Zod schemas for handler validation (CLAUDE.md Key Invariant #1)
+const MemoryInputSchema = z.object({
+    action: z.enum(['save', 'recall', 'list']).optional(),
+    content: z.unknown().optional(),
+    type: z.string().optional(),
+    tags: z.array(z.string()).optional(),
+    session_id: z.string().optional(),
+    auth: z.record(z.unknown()).optional(),
+});
+const ConversationInputSchema = z.object({
+    action: z.enum(['send', 'start', 'end', 'resume', 'status']).optional(),
+    message: z.string().optional(),
+    journey: z.string().optional(),
+    session_id: z.string().optional(),
+    auth: z.record(z.unknown()).optional(),
+});
+const memoryTool = {
     definition: {
-        name: 'conversation',
-        description: 'Start or continue an AI conversation with built-in crisis detection, guided self-reflection journeys, and session memory. Includes brainstorm mode for dev ideation. Triggers: "end session", "start session", "wrap up", "done for now", "talk", "chat", "feeling", "stressed", "help me", "brainstorm", "think through", "map out feature".',
+        name: 'memory',
+        description: 'Save and retrieve context, insights, checkpoints, and decisions across conversations. Prevents AI amnesia. Use action "save" to store, "recall" to retrieve, "list" to browse.',
         annotations: {
             readOnlyHint: false,
             destructiveHint: false,
             idempotentHint: false,
-            openWorldHint: true,
+            openWorldHint: false,
         },
         inputSchema: {
             type: 'object',
             properties: {
-                message: {
+                content: {
                     type: 'string',
-                    description: 'Your message',
+                    description: 'What to save or search for when recalling',
                 },
                 action: {
                     type: 'string',
-                    enum: ['send', 'start', 'end', 'resume', 'status'],
-                    description: 'Action: send (default), start new session, end session, resume previous, or get status',
+                    enum: ['save', 'recall', 'list'],
+                    description: 'save: store new context. recall: retrieve previously stored insights/checkpoints/decisions. list: browse all saved items.',
                 },
-                journey: {
+                type: {
                     type: 'string',
-                    description: 'Optional journey to follow (e.g., "daily-reflection")',
+                    enum: ['checkpoint', 'insight', 'decision', 'requirement', 'constraint', 'pattern'],
+                    description: 'Type of context (for save action — affects categorization)',
+                },
+                tags: {
+                    type: 'array',
+                    items: { type: 'string' },
+                    description: 'Tags for categorization (for save action)',
                 },
                 session_id: {
                     type: 'string',
-                    description: 'Session ID (auto-managed if not provided)',
+                    description: 'Session to associate with',
+                },
+                auth: {
+                    type: 'object',
+                    description: 'Authentication context for user identification',
                 },
             },
-            required: ['message'],
+            required: [],
         },
     },
     handler: async (args) => {
-        const action = args.action || 'send';
+        const parsed = MemoryInputSchema.parse(args);
+        const action = parsed.action ?? 'save';
+        const sessionId = parsed.session_id;
+        const auth = parsed.auth;
         switch (action) {
-            case 'start':
-                return createSession({
-                    journey_slug: args.journey,
-                    context: args.message,
-                });
-            case 'end':
-                return endSession(args.session_id);
-            case 'resume':
-                return resumeSession({ session_id: args.session_id });
-            case 'status':
-                if (args.session_id) {
-                    return getJourneyStatus({ session_id: args.session_id });
-                }
-                return listJourneys({});
-            case 'send':
+            case 'recall': {
+                const checkpointData = await getCheckpoints({ session_id: sessionId, auth });
+                const insightData = await getInsights({ session_id: sessionId, limit: 10, auth });
+                const userContext = await getUserContext({ include_recent_insights: true, include_session_history: true, auth });
+                return { checkpoints: checkpointData, insights: insightData, user_context: userContext };
+            }
+            case 'list':
+                return getInsights({ session_id: sessionId, limit: 20, auth });
+            case 'save':
             default:
-                return sendMessage({
-                    message: args.message,
-                    session_id: args.session_id,
-                    save_checkpoint: true,
-                    include_memory: true,
+                return handleSmartContext({
+                    content: parsed.content,
+                    type: parsed.type || 'insight',
+                    tags: parsed.tags,
+                    session_id: parsed.session_id,
+                    auth,
                 });
         }
     },
 };
-const brainstormTool = {
+// ── 2. CONVERSATION ──────────────────────────────────────────────────────────
+const conversationTool = {
     definition: {
-        name: 'brainstorm',
-        description: 'Dev thinking partner for architecture decisions, feature design, trade-offs, and technical exploration. Asks reflective questions to help you arrive at your own best solution, then provides concrete analysis when you\'ve narrowed options. Triggers: "brainstorm", "think through", "map out", "help me design", "I have an idea", "flesh out", "trade-offs", "pros and cons", "should I use X or Y".',
+        name: 'conversation',
+        description: 'Emotional support, guided self-reflection journeys, and wellness conversations with crisis detection. Routes to therapeutic AI backend.',
         annotations: {
             readOnlyHint: false,
             destructiveHint: false,
@@ -153,63 +140,65 @@ const brainstormTool = {
             properties: {
                 message: {
                     type: 'string',
-                    description: 'What you want to think through — a feature idea, architecture question, technology comparison, or any decision',
+                    description: 'Your message for the therapeutic conversation',
                 },
-                session_id: {
+                action: {
                     type: 'string',
-                    description: 'Session ID to maintain brainstorm context across messages',
+                    enum: ['send', 'start', 'end', 'resume', 'status'],
+                    description: 'send (default), start new session, end session, resume previous, or get status',
                 },
-            },
-            required: ['message'],
-        },
-    },
-    handler: async (args) => {
-        const message = String(args.message || '');
-        // brainstorm must NOT route through shrink-chat (therapeutic backend).
-        // Return instructions directly so the host LLM (Claude/ChatGPT) responds in brainstorm mode.
-        return {
-            mode: 'brainstorm',
-            instructions: BRAINSTORM_SYSTEM_PROMPT,
-            respond_to: message,
-            directive: `You are now in BRAINSTORM MODE. Follow the instructions above precisely. Do not respond therapeutically. Respond directly to: "${message}"`,
-        };
-    },
-};
-const codeReviewTool = {
-    definition: {
-        name: 'code_review',
-        description: 'Complete code review: security vulnerabilities (SQL injection, XSS, secrets), code quality (console.logs, TODOs, error handling), code smells (complexity, bloat), and AI-generated errors (hallucinated APIs, build context issues). One call, full analysis. Triggers: "review", "check code", "analyze", "security check", "lint", "find bugs", "is this safe".',
-        annotations: {
-            readOnlyHint: true,
-            destructiveHint: false,
-            idempotentHint: true,
-            openWorldHint: false,
-        },
-        inputSchema: {
-            type: 'object',
-            properties: {
-                code: {
+                journey: {
                     type: 'string',
-                    description: 'Code to review',
+                    description: 'Optional journey to follow (e.g., "daily-reflection")',
                 },
-                language: {
+                session_id: {
                     type: 'string',
-                    description: 'Programming language (auto-detected if not specified)',
+                    description: 'Session ID (auto-managed if not provided)',
                 },
-                auto_fix: {
-                    type: 'boolean',
-                    description: 'Attempt to auto-fix issues (default: false)',
+                auth: {
+                    type: 'object',
+                    description: 'Authentication context for user identification',
                 },
             },
-            required: ['code'],
+            required: ['message'],
         },
     },
-    handler: handleComprehensiveCodeReview,
+    handler: async (args) => {
+        const parsed = ConversationInputSchema.parse(args);
+        const action = parsed.action ?? 'send';
+        const auth = parsed.auth;
+        switch (action) {
+            case 'start':
+                return createSession({
+                    journey_slug: parsed.journey,
+                    context: parsed.message,
+                    auth,
+                });
+            case 'end':
+                return endSession(parsed.session_id, auth);
+            case 'resume':
+                return resumeSession({ session_id: parsed.session_id, auth });
+            case 'status':
+                if (parsed.session_id) {
+                    return getJourneyStatus({ session_id: parsed.session_id, auth });
+                }
+                return listJourneys({});
+            case 'send':
+            default:
+                return sendMessage({
+                    message: parsed.message,
+                    session_id: parsed.session_id,
+                    save_checkpoint: true,
+                    include_memory: true,
+                });
+        }
+    },
 };
-const packageAuditTool = {
+// ── 3. REVIEW (unified: code + packages + verify) ───────────────────────────
+const reviewTool = {
     definition: {
-        name: 'package_audit',
-        description: 'Complete dependency audit: validates packages exist and are legitimate (catches typosquatting), checks for outdated versions and security vulnerabilities, generates upgrade reports with migration guides and breaking changes. Triggers: "audit", "check dependencies", "outdated", "vulnerable packages", "upgrade", "npm audit", "security scan".',
+        name: 'review',
+        description: 'Unified code review, package audit, and pre-delivery verification. Use mode to select: "code" for security/quality/AI-error analysis, "packages" for dependency audit and validation, "verify" for hallucination and fact checking, "full" for all checks.',
         annotations: {
             readOnlyHint: true,
             destructiveHint: false,
@@ -219,175 +208,106 @@ const packageAuditTool = {
         inputSchema: {
             type: 'object',
             properties: {
-                packages: {
-                    type: 'array',
-                    items: { type: 'string' },
-                    description: 'Package names to audit',
-                },
-                registry: {
+                mode: {
                     type: 'string',
-                    enum: ['npm', 'pypi', 'maven', 'cargo', 'go', 'nuget', 'gem'],
-                    description: 'Package registry (default: npm)',
+                    enum: ['code', 'packages', 'verify', 'full'],
+                    description: 'code: security vulnerabilities, code smells, AI-generated errors. packages: validate existence, audit versions, find vulnerabilities. verify: pre-delivery hallucination/fact check. full: all checks.',
                 },
-            },
-            required: ['packages'],
-        },
-    },
-    handler: handleComprehensivePackageAudit,
-};
-const rememberTool = {
-    definition: {
-        name: 'remember',
-        description: 'Capture and preserve important context from conversations. Automatically routes to the right storage: checkpoints for progress, insights for realizations, context for technical decisions. Prevents AI amnesia across conversations. Triggers: "save", "remember this", "checkpoint", "note", "don\'t forget", "keep track", "save progress", "log this".',
-        annotations: {
-            readOnlyHint: false,
-            destructiveHint: false,
-            idempotentHint: false,
-            openWorldHint: false,
-        },
-        inputSchema: {
-            type: 'object',
-            properties: {
                 content: {
                     type: 'string',
-                    description: 'What to remember',
+                    description: 'Code to review, content to verify, or general input for analysis',
                 },
-                type: {
-                    type: 'string',
-                    enum: ['checkpoint', 'insight', 'decision', 'requirement', 'constraint', 'pattern'],
-                    description: 'Type of context (affects where it\'s stored)',
-                },
-                tags: {
+                packages: {
                     type: 'array',
                     items: { type: 'string' },
-                    description: 'Tags for categorization',
-                },
-                action: {
-                    type: 'string',
-                    enum: ['save', 'recall', 'list'],
-                    description: 'Action: save (default), recall previous context, or list saved items',
-                },
-                session_id: {
-                    type: 'string',
-                    description: 'Session to associate with',
+                    description: 'Package names to audit (for packages mode)',
                 },
-            },
-            required: ['content'],
-        },
-    },
-    handler: async (args) => {
-        const action = args.action || 'save';
-        const sessionId = args.session_id;
-        switch (action) {
-            case 'recall': {
-                // Get checkpoints and insights
-                const checkpoints = await getCheckpoints({ session_id: sessionId });
-                const insights = await getInsights({ session_id: sessionId, limit: 10 });
-                const userContext = await getUserContext({ include_recent_insights: true, include_session_history: true });
-                return {
-                    checkpoints,
-                    insights,
-                    user_context: userContext,
-                };
-            }
-            case 'list':
-                return getInsights({ session_id: sessionId, limit: 20 });
-            case 'save':
-            default:
-                return handleSmartContext({
-                    content: args.content,
-                    type: args.type || 'insight',
-                    tags: args.tags,
-                    session_id: args.session_id,
-                });
-        }
-    },
-};
-const protectTool = {
-    definition: {
-        name: 'protect',
-        description: 'File protection and safety: prevent accidental deletions, create automatic backups, rollback changes, enable code freeze mode. Essential for safe AI-assisted development. Triggers: "backup", "protect", "freeze", "rollback", "undo", "restore", "safe mode".',
-        annotations: {
-            readOnlyHint: false,
-            destructiveHint: false,
-            idempotentHint: false,
-            openWorldHint: false,
-        },
-        inputSchema: {
-            type: 'object',
-            properties: {
-                action: {
-                    type: 'string',
-                    enum: ['check', 'backup', 'rollback', 'freeze', 'unfreeze', 'status', 'history'],
-                    description: 'Action to perform',
-                },
-                path: {
+                language: {
                     type: 'string',
-                    description: 'File path (for check, backup, rollback)',
+                    description: 'Programming language (auto-detected if not specified)',
                 },
-                operation: {
+                registry: {
                     type: 'string',
-                    enum: ['delete', 'overwrite', 'move'],
-                    description: 'Operation type (for check)',
+                    enum: ['npm', 'pypi', 'maven', 'cargo', 'go', 'nuget', 'gem'],
+                    description: 'Package registry (default: npm)',
                 },
-                backup_id: {
-                    type: 'string',
-                    description: 'Backup ID (for rollback)',
+                auto_fix: {
+                    type: 'boolean',
+                    description: 'Attempt to auto-fix issues (default: false, code mode only)',
                 },
             },
-            required: ['action'],
+            required: ['mode'],
         },
     },
     handler: async (args) => {
-        const action = args.action;
-        // path is required for check and backup — validate before delegating
-        if ((action === 'check' || action === 'backup') && !args.path) {
-            return {
-                success: false,
-                error: `path is required for action='${action}'`,
-                action,
-            };
-        }
-        switch (action) {
-            case 'check':
-                return protectFiles({
-                    operation: args.operation,
-                    path: args.path,
+        const mode = args.mode;
+        switch (mode) {
+            case 'code':
+                if (!args.content) {
+                    return { success: false, error: 'content is required for code review mode' };
+                }
+                return handleComprehensiveCodeReview({
+                    code: args.content,
+                    language: args.language,
+                    auto_fix: args.auto_fix,
                 });
-            case 'status':
-                return getProtectionStatus({});
-            case 'history':
-                return listBackups({});
-            case 'rollback':
-                return rollbackFile({ backup_id: args.backup_id });
-            case 'freeze':
-                return enableCodeFreeze({});
-            case 'unfreeze':
-                return disableCodeFreeze({});
-            case 'backup':
-                // Create a backup by doing a protected check
-                return protectFiles({
-                    operation: 'overwrite',
-                    path: args.path,
+            case 'packages':
+                if (!args.packages) {
+                    return { success: false, error: 'packages array is required for packages mode' };
+                }
+                return handleComprehensivePackageAudit({
+                    packages: args.packages,
+                    registry: args.registry,
                 });
+            case 'verify':
+                if (!args.content) {
+                    return { success: false, error: 'content is required for verify mode' };
+                }
+                return handleVerify({
+                    type: 'all',
+                    content: args.content,
+                    language: args.language,
+                    registry: args.registry,
+                });
+            case 'full': {
+                const results = {};
+                if (args.content) {
+                    results.code_review = await handleComprehensiveCodeReview({
+                        code: args.content,
+                        language: args.language,
+                        auto_fix: args.auto_fix,
+                    });
+                    results.verification = await handleVerify({
+                        type: 'all',
+                        content: args.content,
+                        language: args.language,
+                    });
+                }
+                if (args.packages) {
+                    results.package_audit = await handleComprehensivePackageAudit({
+                        packages: args.packages,
+                        registry: args.registry,
+                    });
+                }
+                if (!args.content && !args.packages) {
+                    return { success: false, error: 'content or packages required for full mode' };
+                }
+                return { success: true, mode: 'full', results };
+            }
             default:
-                return { error: `Unknown action: ${action}` };
+                return { success: false, error: `Unknown mode: ${mode}. Use: code, packages, verify, or full` };
         }
     },
 };
 // ============================================================
-// EXPORT ONLY PRIMARY TOOLS
+// EXPORT ONLY PRIMARY TOOLS (4 tools)
 // ============================================================
 // ─────────────────────────────────────────────────────────────────────────────
 // Policy wrapper helpers
 // ─────────────────────────────────────────────────────────────────────────────
 /**
  * Wrap a tool handler so every call goes through:
- *   execute → sanitize → verify-if-required → normalize → log
- *
- * The wrapped handler is used for BOTH direct MCP calls and intent-router
- * (couchloop) delegated calls, since registerTools() stores references to
- * these same handler functions.
+ *   execute → sanitize → guard-if-clinical → verify-if-required → normalize → log
  */
 function withPolicy(toolName, handler, routedVia = 'direct') {
     return async (args, _routedVia) => {
@@ -402,30 +322,21 @@ function withPolicy(toolName, handler, routedVia = 'direct') {
     };
 }
 export async function setupTools() {
-    // Register tools with V2 registry for health tracking
     const registry = ToolRegistry.getInstance();
-    // Domain-specific tools — handlers wrapped with the policy layer.
+    // 4 public tools — memory first (hero feature), then conversation, review, status
     const rawDomainTools = [
-        guardTool,
-        verifyTool,
-        statusTool,
+        memoryTool,
         conversationTool,
-        brainstormTool,
-        codeReviewTool,
-        packageAuditTool,
-        rememberTool,
-        protectTool,
+        reviewTool,
+        statusTool,
     ];
     const domainTools = rawDomainTools.map((tool) => {
         const wrappedHandler = withPolicy(tool.definition.name, tool.handler);
-        // Register real handler into V2 registry.
-        // Uses existing metadata if already registered (from initializeToolRegistry),
-        // otherwise falls back to a minimal metadata stub so health tracking still works.
         const toolName = tool.definition.name;
         const existing = registry.getTool(toolName);
         const metadata = existing?.metadata ?? {
             toolName,
-            version: '2.0.0',
+            version: '2.1.0',
             capabilities: [],
             latencyProfile: { p50Ms: 500, p95Ms: 1000 },
             constraints: { idempotent: false, safeParallel: false, supportsCache: false },
@@ -437,18 +348,9 @@ export async function setupTools() {
             handler: wrappedHandler,
         };
     });
-    // Register domain tools for legacy compatibility (will be removed later)
-    registerTools(domainTools);
-    // V2 ORCHESTRATION: couchloopV2 replaces the old intent router
-    // It now handles routing through the new modular pipeline:
-    // Request → Classify → Policy → Plan → Execute → Compose
-    const tools = [
-        couchloopV2Tool, // V2 orchestration with 100% rollout!
-        ...domainTools,
-    ];
-    logger.info(`🚀 V2 ORCHESTRATION ACTIVE: ${tools.length} primary MCP tools`);
-    logger.info('Architecture: Request → Classify → Policy → Plan → Execute → Compose');
-    logger.info('Performance: 60%+ direct routing, 33% faster P95 latency');
+    // No router tool — LLMs route directly with clear descriptions
+    const tools = [...domainTools];
+    logger.info(`Registered ${tools.length} public MCP tools: ${tools.map(t => t.definition.name).join(', ')}`);
     return tools;
 }
 // Also export for internal use