memory-journal-mcp 3.1.5 → 4.1.0

package/.github/pull_request_template.md

@@ -1,7 +1,9 @@
 ## 📋 Summary
+
 Brief description of the changes in this PR.
 
 ## 🎯 Type of Change
+
 - [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
 - [ ] ✨ New feature (non-breaking change which adds functionality)
 - [ ] 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
@@ -11,58 +13,71 @@ Brief description of the changes in this PR.
 - [ ] 🧪 Test addition or improvement
 
 ## 🔗 Related Issues
+
 - Fixes #(issue number)
 - Addresses #(issue number)
 - Related to #(issue number)
 
 ## 🔄 Changes Made
+
 **Detailed description of changes:**
+
 - Change 1: Description
-- Change 2: Description  
+- Change 2: Description
 - Change 3: Description
 
 ## 🧪 Testing Performed
+
 **How did you test these changes?**
+
 - [ ] Manual testing in Cursor
 - [ ] Docker lite build tested
-- [ ] Docker full build tested  
+- [ ] Docker full build tested
 - [ ] Database migration tested
 - [ ] Existing functionality verified
 - [ ] New functionality tested
 
 **Test scenarios covered:**
+
 1. Scenario 1: Description and result
 2. Scenario 2: Description and result
 3. Scenario 3: Description and result
 
 ## 📱 Environment Tested
+
 - **OS:** [e.g. Windows 11, macOS 14, Ubuntu 22.04]
 - **Python:** [e.g. 3.11.5]
 - **Docker:** [e.g. 24.0.6]
 - **MCP Client:** [e.g. Cursor 0.42.3]
 
 ## 🔄 Breaking Changes
+
 **Are there any breaking changes?**
+
 - [ ] No breaking changes
 - [ ] Yes, breaking changes (describe below)
 
 **If yes, describe the breaking changes:**
+
 - What will break?
 - How should users migrate?
 - What's the impact?
 
 ## 📊 Database Changes
+
 - [ ] No database schema changes
 - [ ] Schema changes included (describe below)
 - [ ] Migration script provided
 - [ ] Backward compatibility maintained
 
 **If schema changes, describe:**
+
 - What tables/columns are affected?
 - Is there a migration path?
 - Any data loss potential?
 
 ## 🐳 Docker Impact
+
 - [ ] No Docker changes
 - [ ] Dockerfile.lite updated
 - [ ] Dockerfile updated
@@ -70,6 +85,7 @@ Brief description of the changes in this PR.
 - [ ] Image size impact: [increase/decrease by X MB]
 
 ## 📚 Documentation
+
 - [ ] No documentation changes needed
 - [ ] README.md updated
 - [ ] CONTRIBUTING.md updated
@@ -77,7 +93,9 @@ Brief description of the changes in this PR.
 - [ ] Examples updated
 
 ## ✅ Checklist
+
 **Before submitting this PR:**
+
 - [ ] Code follows the project's coding standards
 - [ ] Self-review of the code completed
 - [ ] Comments added to hard-to-understand areas
@@ -87,24 +105,31 @@ Brief description of the changes in this PR.
 - [ ] Changes work in both lite and full Docker variants
 
 ## 🖼️ Screenshots
+
 **If applicable, add screenshots to help explain your changes:**
 [Add screenshots here]
 
 ## 🚀 Deployment Notes
+
 **Anything special needed for deployment?**
+
 - Special configuration required?
 - Migration steps needed?
 - Rollback considerations?
 
 ## 📝 Additional Notes
+
 **Any other information that reviewers should know:**
+
 - Implementation decisions made
 - Trade-offs considered
 - Future improvements planned
 - Known limitations
 
 ## 🙋 Questions for Reviewers
+
 **Specific areas where you'd like feedback:**
+
 1. Question 1?
 2. Question 2?
-3. Question 3?
+3. Question 3?

package/.github/workflows/DOCKER_DEPLOYMENT_SETUP.md

@@ -1,6 +1,6 @@
 # Docker Deployment Setup Guide
 
-*Last Updated: December 8, 2025 - Production/Stable v2.2.0*
+_Last Updated: December 8, 2025 - Production/Stable v2.2.0_
 
 ## 🚀 Automated Docker Deployment
 
@@ -9,6 +9,7 @@ This repository is configured for **automatic Docker image deployment** to Docke
 ## 📋 Current Status
 
 ### ✅ Production-Ready Deployment
+
 - **Version**: v2.2.0 (Production/Stable)
 - **Base Image**: `python:3.13-alpine` (Alpine Linux 3.22)
 - **Docker Hub**: `writenotenow/memory-journal-mcp`
@@ -16,6 +17,7 @@ This repository is configured for **automatic Docker image deployment** to Docke
 - **Platforms**: `linux/amd64`, `linux/arm64` (Apple Silicon support)
 
 ### 🔒 Security Posture
+
 - **OpenSSL**: 3.5.4-r0 (latest)
 - **curl**: 8.14.1-r2 (latest)
 - **expat**: 2.7.3-r0 (latest)
@@ -27,6 +29,7 @@ This repository is configured for **automatic Docker image deployment** to Docke
 Before the Docker deployment workflow can run, you need to add these secrets to your GitHub repository:
 
 ### 1. Navigate to Repository Settings
+
 1. Go to your repository on GitHub: https://github.com/neverinfamous/memory-journal-mcp
 2. Click **Settings** → **Secrets and variables** → **Actions**
 3. Click **New repository secret**
@@ -34,11 +37,13 @@ Before the Docker deployment workflow can run, you need to add these secrets to
 ### 2. Required Secrets
 
 #### `DOCKER_USERNAME`
+
 - **Value**: `writenotenow` (Docker Hub username)
 - **Description**: Docker Hub username for authentication
 - **Status**: ✅ Configured
 
 #### `DOCKER_PASSWORD`
+
 - **Value**: Docker Hub access token (NOT your password)
 - **Description**: Docker Hub access token for secure authentication
 - **Status**: ✅ Configured
@@ -56,6 +61,7 @@ Before the Docker deployment workflow can run, you need to add these secrets to
 ## 🏗️ What Gets Built
 
 ### Image Configuration
+
 - **Single Variant**: Alpine-based full-featured image (225MB)
 - **ML Support**: Optional semantic search with graceful degradation
   - ARM64: ML dependencies fail to install, continues without semantic search ✅
@@ -63,11 +69,14 @@ Before the Docker deployment workflow can run, you need to add these secrets to
 - **Base**: Python 3.13 on Alpine Linux 3.22
 
 ### Supported Platforms
+
 - **linux/amd64** - x86_64 architecture (full features)
 - **linux/arm64** - Apple Silicon / ARM64 (core features, optional ML)
 
 ### Tags Generated on Each Push
+
 When you push to `main` branch, the workflow automatically creates:
+
 - `latest` - Always points to most recent main branch build
 - `v2.2.0` - Current version from pyproject.toml (automatically extracted)
 - `sha-XXXXXXX` - Git commit SHA pinned tag (short format)
@@ -75,11 +84,13 @@ When you push to `main` branch, the workflow automatically creates:
 ## 🔄 Deployment Triggers
 
 ### Automatic Deployment
+
 - ✅ **Push to main** → Builds and pushes all tags
 - ✅ **Create git tag** → Builds and pushes versioned tags (e.g., `v1.1.3`)
 - ✅ **Pull requests** → Builds images for testing (doesn't push to Docker Hub)
 
 ### Manual Deployment
+
 ```bash
 # Create and push a release tag
 git tag v2.2.0
@@ -94,6 +105,7 @@ git push origin v2.2.0
 ## 🛡️ Security Features
 
 ### Multi-Layer Security Scanning
+
 1. **Docker Scout CLI** - Runs during build, blocks critical/high vulnerabilities
    - Scans single-platform (linux/amd64) image locally
    - 8-minute timeout for efficient CI/CD
@@ -107,6 +119,7 @@ git push origin v2.2.0
    - Exit code 1 on critical/high/medium issues
 
 ### Image Optimization
+
 - **Multi-stage builds** keep images lean (225MB)
 - **Layer caching** speeds up builds significantly
 - **GitHub Actions cache** reduces build times by ~60%
@@ -114,6 +127,7 @@ git push origin v2.2.0
 - **WAL mode** for better concurrency and crash recovery
 
 ### Supply Chain Security
+
 - **Attestations**: Enabled for all images
 - **Provenance**: Full build provenance tracking
 - **SBOM**: Software Bill of Materials generated
@@ -140,12 +154,14 @@ htmlcov/                # Coverage reports
 ## 🎯 Docker Hub Integration
 
 ### Automatic Updates
+
 - **Tags**: Automatically created and pushed
 - **Attestations**: Supply chain metadata attached to all tags
 - **SBOM**: Software Bill of Materials for each build
 - **Multi-arch manifests**: Single tag works on AMD64 and ARM64
 
 ### Repository Information
+
 - **Repository**: `writenotenow/memory-journal-mcp`
 - **Visibility**: Public
 - **URL**: https://hub.docker.com/r/writenotenow/memory-journal-mcp
@@ -154,6 +170,7 @@ htmlcov/                # Coverage reports
 ## ⚡ Build Performance
 
 ### Optimizations Implemented
+
 - **Parallel builds** for AMD64 and ARM64
 - **GitHub Actions cache** for Docker layers
 - **Multi-platform builds** using QEMU and Buildx
@@ -161,6 +178,7 @@ htmlcov/                # Coverage reports
 - **Strategic layer ordering** (requirements → dependencies → code)
 
 ### Build Times (Actual)
+
 - **AMD64 build**: ~3-4 minutes (with cache)
 - **ARM64 build**: ~2-3 minutes (without ML dependencies)
 - **Multi-platform total**: ~5-7 minutes
@@ -168,6 +186,7 @@ htmlcov/                # Coverage reports
 - **First build (no cache)**: ~10-15 minutes
 
 ### Caching Strategy
+
 - **Layer caching**: Maximizes Docker layer reuse
 - **Package caching**: pip packages cached between builds
 - **Base image caching**: Python Alpine image cached locally
@@ -177,12 +196,14 @@ htmlcov/                # Coverage reports
 ### Automated CI/CD Tests
 
 #### Test Matrix (Python 3.10, 3.11, 3.12)
+
 - ✅ **Dependency installation** - All required packages
 - ✅ **Linting** - flake8 code quality checks
 - ✅ **Server import** - Python module loads correctly
 - ✅ **Database schema** - SQLite schema validation
 
 #### Docker Image Tests
+
 - ✅ **Security scan** - Docker Scout CVE detection
 - ✅ **Import test** - Server imports successfully in container
 - ✅ **Multi-platform** - Both AMD64 and ARM64 verified
@@ -191,6 +212,7 @@ htmlcov/                # Coverage reports
 ### Manual Testing
 
 #### Quick Verification
+
 ```bash
 # Test latest build
 docker pull writenotenow/memory-journal-mcp:latest
@@ -198,6 +220,7 @@ docker run --rm writenotenow/memory-journal-mcp:latest python -c "import sys; sy
 ```
 
 #### Full Functional Test
+
 ```bash
 # Create data directory
 mkdir -p data
@@ -210,6 +233,7 @@ docker run --rm -i \
 ```
 
 #### Test Specific Version
+
 ```bash
 # Test by version tag
 docker pull writenotenow/memory-journal-mcp:v2.2.0
@@ -224,28 +248,35 @@ docker pull writenotenow/memory-journal-mcp:sha-XXXXXXX
 ### Common Issues
 
 #### 1. Build fails with authentication error
+
 **Symptoms**: `Error saving credentials: error storing credentials`
-**Solution**: 
+**Solution**:
+
 - Verify `DOCKER_USERNAME` and `DOCKER_PASSWORD` secrets in GitHub
 - Check Docker Hub access token hasn't expired
 - Ensure token has Read, Write, Delete permissions
 
 #### 2. ARM64 build warnings about ML dependencies
+
 **Status**: ✅ Expected behavior, not an error
 **Details**:
+
 - PyTorch CPU builds not available for ARM64 Alpine
 - Server continues without semantic search features
 - Core functionality fully operational
 
 #### 3. Security scan fails
+
 **Symptoms**: Build blocked with "Critical or high severity vulnerabilities detected"
 **Solution**:
+
 1. Review Docker Scout output in Actions logs
 2. Update base image in Dockerfile (`FROM python:3.13-alpine`)
 3. Update pinned packages (openssl, curl, expat)
 4. Commit and push changes to trigger new build
 
 #### 4. Cache-related build failures
+
 **Symptoms**: "Failed to save: Unable to reserve cache"
 **Status**: ✅ Informational warning, not an error
 **Details**: Another concurrent job may be writing to cache, image still builds successfully
@@ -253,17 +284,20 @@ docker pull writenotenow/memory-journal-mcp:sha-XXXXXXX
 ### Monitoring
 
 #### GitHub Actions
+
 - **Build Status**: https://github.com/neverinfamous/memory-journal-mcp/actions
 - **Workflow File**: `.github/workflows/docker-publish.yml`
 - **Security Scans**: `.github/workflows/security-update.yml`
 
 #### Docker Hub
+
 - **Repository**: https://hub.docker.com/r/writenotenow/memory-journal-mcp
 - **Tags**: View all available tags
 - **Image Layers**: Inspect layer sizes and contents
 - **Security**: Docker Scout recommendations
 
 #### GitHub Security Tab
+
 - **SARIF Results**: Trivy scanner uploads
 - **Dependabot Alerts**: Dependency vulnerabilities
 - **Code Scanning**: Security analysis results
@@ -273,11 +307,13 @@ docker pull writenotenow/memory-journal-mcp:sha-XXXXXXX
 ### Metrics to Monitor
 
 #### Docker Hub (Public)
+
 - **Pull count** - Total downloads
 - **Tag popularity** - Most-used versions
 - **Geographic distribution** - User locations
 
 #### GitHub (Private)
+
 - **Build success rate** - CI/CD health
 - **Build duration trends** - Performance monitoring
 - **Security scan results** - Vulnerability tracking
@@ -287,23 +323,27 @@ docker pull writenotenow/memory-journal-mcp:sha-XXXXXXX
 ### Regular Updates (Recommended Monthly)
 
 1. **Check for base image updates**
+
    ```bash
    docker pull python:3.13-alpine
    docker inspect python:3.13-alpine --format '{{.Created}}'
    ```
 
 2. **Update pinned packages in Dockerfile**
+
    ```bash
    # Check latest Alpine package versions
    docker run --rm python:3.13-alpine sh -c "apk update && apk info openssl curl expat"
    ```
 
 3. **Update Dockerfile with new versions**
+
    ```dockerfile
    RUN apk add --no-cache --upgrade openssl=<version> curl=<version> expat=<version>
    ```
 
 4. **Commit and push to trigger rebuild**
+
    ```bash
    git add Dockerfile
    git commit -m "Update Docker base image with security fixes"
@@ -339,6 +379,7 @@ If Docker Scout or Trivy detects critical vulnerabilities:
 ## 🏆 Current Build Status
 
 ✅ **Production/Stable** - All systems operational
+
 - Latest version: v2.2.0
 - Docker Scout: ✅ No critical/high vulnerabilities
 - Multi-platform: ✅ AMD64 + ARM64 support

package/.github/workflows/codeql.yml

@@ -2,9 +2,9 @@ name: CodeQL
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
   schedule:
     - cron: '23 2 * * 1'
 
@@ -23,7 +23,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript-typescript' ]
+        language: ['javascript-typescript']
 
     steps:
       - name: Checkout repository

package/.github/workflows/dependabot-auto-merge.yml

@@ -19,7 +19,7 @@ jobs:
         id: metadata
         uses: dependabot/fetch-metadata@v2
         with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          github-token: '${{ secrets.GITHUB_TOKEN }}'
 
       - name: Enable auto-merge for Dependabot PRs
         if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' }}