memory-journal-mcp 4.4.2 → 4.5.0

package/.github/workflows/lint-and-test.yml

@@ -47,7 +47,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v6
         with:
-          node-version: '22.x'
+          node-version: '24.x'
           cache: 'npm'
 
       - name: Install dependencies

package/.github/workflows/security-update.yml

@@ -61,7 +61,7 @@ jobs:
 
       - name: Upload Trivy scan results
         uses: github/codeql-action/upload-sarif@v4
-        if: always()
+        if: always() && hashFiles('trivy-results.sarif') != ''
         with:
           sarif_file: 'trivy-results.sarif'
 

package/CHANGELOG.md

@@ -5,7 +5,87 @@ All notable changes to Memory Journal MCP will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [4.5.0] - 2026-03-02
+
+### Fixed
+
+- **Session Start briefing in Cursor** — Added Cursor-specific `FetchMcpResource` server name (`user-memory-journal-mcp`) to the Session Start instructions. Cursor prefixes MCP server names with `user-`, so agents using the generic name would get "Server not found" errors when fetching `memory://briefing`.
+- **`deleteOldBackups` Test Isolation** — Fixed flaky `should delete old backups keeping only keepCount` test by cleaning up pre-existing backups before creating test backups. Previously, leftover backups from other tests caused the assertion to fail non-deterministically.
+- **`deleteOldBackups` NaN Guard** — `keepCount` parameter now rejects `NaN` values. Previously, `NaN < 1` evaluated to `false`, bypassing the guard. With `NaN`, `backups.slice(0, NaN)` returns an empty array and `backups.slice(NaN)` returns all backups, causing every backup to be deleted.
+- **`restoreFromFile` Foreign Key Enforcement** — `PRAGMA foreign_keys = ON` is now applied after restoring a database from backup. Previously, `restoreFromFile()` bypassed `initialize()`, so `ON DELETE CASCADE` constraints in `entry_tags`, `relationships`, and `embeddings` tables were silently unenforced for the rest of the server's lifetime.
+
+### Improved
+
+- **Test Coverage → 92%** — Expanded test suite from 549 → 590 tests, raising line coverage from 88.59% → 92.06%. Key areas covered:
+  - SIGINT shutdown handlers for stdio, stateless HTTP, and stateful HTTP transports
+  - Prompt handlers with proper arguments (`analyze-period`, `find-related`, `goal-tracker`, `get-context-bundle`, `prepare-retro`)
+  - `SqliteAdapter` backup edge cases (missing backups dir, invalid keepCount, missing backup file)
+  - `create_github_milestone` no-GitHub integration error path
+  - Kanban diagram resource no-GitHub fallback
+
+### Added
+
+- **Automated Scheduler (HTTP/SSE only)** — New in-process scheduler runs periodic maintenance jobs for long-running HTTP/SSE server processes. Configured via CLI flags:
+  - `--backup-interval <minutes>` — Automated backup interval (0 = disabled, default: 0). Backups are created with `exportToFile()` and old backups cleaned up automatically.
+  - `--keep-backups <count>` — Max backups to retain during automated cleanup (default: 5).
+  - `--vacuum-interval <minutes>` — Database optimize interval (0 = disabled, default: 0). Runs `PRAGMA optimize` and flushes the database to disk.
+  - `--rebuild-index-interval <minutes>` — Vector index rebuild interval (0 = disabled, default: 0). Full vector index rebuild from all entries.
+  - Scheduler status is reported in the `memory://health` resource under the `scheduler` field.
+  - Stdio transport ignores scheduler options with a warning log — use OS-level scheduling for stdio.
+  - Each job is error-isolated: failures are logged but don't affect other scheduled jobs.
+  - New module: `src/server/Scheduler.ts` — clean separation from `McpServer.ts`.
+
+### Changed
+
+- **Dependency Updates**
+  - `@types/node`: 25.3.2 → 25.3.3 (patch)
+  - `globals`: 17.3.0 → 17.4.0 (minor)
+  - `minimatch` override: 10.2.3 → 10.2.4 (patch) — npm + Docker layers
+  - `tar` override: 7.5.8 → 7.5.9 (patch) — npm + Docker layers
+
+### Security
+
+- **Wire Dead-Code Security Utilities (F-001)** — `sanitizeSearchQuery()` and `assertNoPathTraversal()` from `security-utils.ts` were defined but never imported or called. Now wired into active code paths:
+  - `SqliteAdapter.searchEntries()` applies `sanitizeSearchQuery()` to LIKE patterns with `ESCAPE '\\\\'` clause, preventing wildcard injection (F-002)
+  - `SqliteAdapter.restoreFromFile()` uses `assertNoPathTraversal()` instead of inline checks, throwing `PathTraversalError`
+- **HTTP Security Headers (F-003)** — Added three additional security headers to HTTP transport middleware:
+  - `Content-Security-Policy: default-src 'none'; frame-ancestors 'none'` — prevents XSS and framing
+  - `Cache-Control: no-store` — prevents caching of sensitive journal data
+  - `Referrer-Policy: no-referrer` — prevents referrer leakage
+- **PRAGMA foreign_keys = ON (F-005)** — SQLite foreign key enforcement now enabled on database initialization. `ON DELETE CASCADE` constraints in `entry_tags`, `relationships`, and `embeddings` tables are now enforced at the database level.
+- **CORS Wildcard Warning (F-006)** — Server now logs a warning when HTTP transport CORS origin is `*` (the default), advising operators to set `--cors-origin` or `MCP_CORS_ORIGIN` for production deployments.
+- **Constrain `entry_type` / `significance_type` to Enums** — `entry_type` now validated against 13 allowed values and `significance_type` against 7 allowed values via Zod enums. Previously accepted arbitrary strings; invalid types now rejected at schema validation. Removes unsafe `as EntryType` / `as SignificanceType` casts.
+- **Date Format Validation** — All date string fields (`start_date`, `end_date`) across `SearchByDateRangeSchema`, `GetStatisticsSchema`, `ExportEntriesSchema`, and `CrossProjectInsightsSchema` now validate `YYYY-MM-DD` format via regex. Prevents malformed dates from reaching the database layer.
+- **HTTP Rate Limiting** — Added `express-rate-limit` middleware for HTTP transport (100 requests/minute per IP). Returns `429 Too Many Requests` on excess. Only applies to HTTP mode; stdio transport unaffected.
+- **Remove Dead SQL Injection Detection Code** — Removed `containsSqlInjection()`, `assertNoSqlInjection()`, `SqlInjectionError`, and `SQL_INJECTION_PATTERNS` from `security-utils.ts`. These regex-based detection functions were never called anywhere and provided a false sense of security. Parameterized queries (used consistently throughout) are the actual defense.
+- **`exportToFile()` Path Traversal Protection** — Added `assertNoPathTraversal()` check to backup export, matching the pattern already used in `restoreFromFile()`. Rejects malicious backup names containing `/`, `\\`, or `..`.
+- **`getRawDb()` Safety Documentation** — Added `@internal` JSDoc tag warning callers to use parameterized queries when accessing the raw database handle.
+- **Logger `LOG_LEVEL` Validation (L1)** — `LOG_LEVEL` environment variable is now validated against known levels (`debug`, `info`, `notice`, `warning`, `error`, `critical`). Invalid values fall back to `info` instead of silently setting `minLevel` to `undefined`, which would disable all logging.
+- **Logger `setLevel()` Guard (L2)** — `Logger.setLevel()` now validates the level parameter before applying, preventing invalid values from disabling logging.
+- **CI `security-scan` Node Version Alignment (L3)** — Updated Node.js version in `security-scan` job from 22.x to 24.x to match `engines.node: >=24.0.0`.
+- **CI Trivy SARIF Upload Guard** — `security-update.yml` upload-sarif step now checks that `trivy-results.sarif` exists before attempting upload. Previously, `if: always()` caused the step to fail when the Docker build failed upstream and no SARIF file was produced.
+
+### Documentation
+
+- **Cursor Rule for Session Management** — Added `hooks/cursor/memory-journal.mdc`, an `alwaysApply` Cursor rule that instructs agents to read `memory://briefing` at session start and create a retrospective summary at session end. This is the most reliable mechanism for session behavior in Cursor, replacing the previous reliance on MCP server instructions alone.
+- **Fixed Cursor sessionEnd Hook Format** — Rewrote `hooks/cursor/hooks.json` from a non-standard format to Cursor's documented `version: 1` schema. Added companion `hooks/cursor/session-end.sh` audit script. Corrected documentation: Cursor's `sessionEnd` hook is fire-and-forget (cannot inject messages); session summary creation is handled by the Cursor rule and server instructions.
+- **Revised hooks/README.md** — Rewritten to accurately describe progressive enhancement: Cursor rule (primary) > server instructions (fallback) > hooks (audit only). Removed incorrect claim that Cursor `sessionEnd` does message injection. Added rule setup as Step 1 for Cursor users.
+- **Updated Session Management in README.md and DOCKER_README.md** — Session Management sections now lead with the Cursor rule as the primary setup mechanism, with a three-column table showing primary (agent behavior) vs optional (audit/logging) configurations per IDE.
+- **SECURITY.md Accuracy (F-004)** — Rewrote Database Security section to accurately reflect sql.js in-memory architecture. Removed false claims about WAL mode and 7 PRAGMAs that are not applicable to sql.js. Updated security checklist to reference actual function names (`assertNoPathTraversal`, `sanitizeSearchQuery`, `validateDateFormatPattern`). Updated HTTP security headers list to include CSP, Cache-Control, and Referrer-Policy.
+- **SECURITY.md Tag Filtering Correction** — Replaced inaccurate claim that dangerous characters are blocked in tags with accurate statement that tags are safely handled via parameterized queries.
+- **Team Collaboration in READMEs** — Added team collaboration feature to Key Benefits in both `README.md` and `DOCKER_README.md`, with links to the wiki [Team-Collaboration](https://github.com/neverinfamous/memory-journal-mcp/wiki/Team-Collaboration) page. DOCKER_README notes that team collaboration requires npm installation.
+- **Wiki Security Page Updates** — Added LIKE pattern sanitization, path traversal protection, HTTP security headers, rate limiting, and team database security note to the wiki Security.md page. Expanded self-audit checklist from 10 to 16 items.
+- **Rate Limiting Documentation** — Added rate limiting mention to README.md Security section.
+
+### Fixed
+
+- **Path Traversal Test Assertion** — Updated `sql-injection.test.ts` to assert `PathTraversalError` type instead of old inline error message string, matching refactored `assertNoPathTraversal()` usage.
+- **Tool Handler Test Fix** — Updated `tool-handlers.test.ts` to use valid entry_type enum value (`project_decision` instead of `decision`), matching the new enum constraint.
+- **`share_with_team` Not Setting `isPersonal`** — `create_entry` with `share_with_team: true` now correctly sets `isPersonal: false`, making the entry visible in team-scoped resources like `memory://team/recent`. Previously, the `share_with_team` parameter was parsed but never applied to the `isPersonal` field.
+
+### Removed
+
+- **Unused `cors` Dependency** — Removed `cors` and `@types/cors` packages. CORS is handled by custom middleware in `McpServer.ts`.
 
 ## [4.4.2] - 2026-02-27
 

package/DOCKER_README.md

@@ -1,6 +1,6 @@
 # Memory Journal MCP Server
 
-**Last Updated February 27, 2026**
+**Last Updated March 2, 2026**
 
 [![GitHub](https://img.shields.io/badge/GitHub-neverinfamous/memory--journal--mcp-blue?logo=github)](https://github.com/neverinfamous/memory-journal-mcp)
 [![Docker Pulls](https://img.shields.io/docker/pulls/writenotenow/memory-journal-mcp)](https://hub.docker.com/r/writenotenow/memory-journal-mcp)
@@ -10,12 +10,12 @@
 [![Security](https://img.shields.io/badge/Security-Enhanced-green.svg)](https://github.com/neverinfamous/memory-journal-mcp/blob/main/SECURITY.md)
 [![GitHub Stars](https://img.shields.io/github/stars/neverinfamous/memory-journal-mcp?style=social)](https://github.com/neverinfamous/memory-journal-mcp)
 [![TypeScript](https://img.shields.io/badge/TypeScript-Strict-blue.svg)](https://github.com/neverinfamous/memory-journal-mcp)
-![Coverage](https://img.shields.io/badge/Coverage-80.7%25-brightgreen.svg)
-![Tests](https://img.shields.io/badge/Tests-479_passed-brightgreen.svg)
+![Coverage](https://img.shields.io/badge/Coverage-92%25-brightgreen.svg)
+![Tests](https://img.shields.io/badge/Tests-590_passed-brightgreen.svg)
 
-🎯 **AI Context + Project Intelligence:** Bridge disconnected AI sessions with persistent project memory, while integrating your complete GitHub workflow — Issues, PRs, Actions, Kanban boards, Milestones, Repository Insights, and Knowledge Graphs into every conversation.
+🎯 **AI Context + Project Intelligence:** Bridge disconnected AI sessions with persistent project memory and **automatic session handoff**. Integrates your complete GitHub workflow — Issues, PRs, Actions, Kanban boards, Milestones, Repository Insights, and Knowledge Graphs — into every conversation.
 
-**[GitHub](https://github.com/neverinfamous/memory-journal-mcp)** • **[Wiki](https://github.com/neverinfamous/memory-journal-mcp/wiki)** • **[Changelog](https://github.com/neverinfamous/memory-journal-mcp/wiki/CHANGELOG)** • **[Release Article](https://adamic.tech/articles/memory-journal-mcp-server)**
+**[GitHub](https://github.com/neverinfamous/memory-journal-mcp)** • **[Wiki](https://github.com/neverinfamous/memory-journal-mcp/wiki)** • **[Changelog](https://github.com/neverinfamous/memory-journal-mcp/blob/main/CHANGELOG.md)** • **[Release Article](https://adamic.tech/articles/memory-journal-mcp-server)**
 
 ## 🎯 What This Does
 
@@ -28,6 +28,10 @@
 - 📊 **Generate reports** (standups, retrospectives, PR summaries, status)
 - 📈 **Track repository insights** — stars, forks, clones, views, top referrers, and popular paths (14-day rolling)
 - 🗄️ **Backup & restore** your journal data with one command
+- ⏰ **Automated maintenance** — scheduled backups, database optimization, and vector index rebuilds for long-running containers
+- 👥 **Team collaboration** — opt-in sharing of context via Git-tracked team database (requires npm install; see [wiki](https://github.com/neverinfamous/memory-journal-mcp/wiki/Team-Collaboration))
+- 🔄 **Session continuity** — automatic end-of-session summaries flow into the next session's briefing
+- 💡 **Rule & skill suggestions** — agents offer to codify your recurring patterns with your approval
 
 ### Deployment Options
 
@@ -76,6 +80,14 @@
         |  - Standups & Retros      |
         |  - Knowledge Graphs       |
         |  - Project Timelines      |
+        +-------------+-------------+
+                      |
+                      v
+        +---------------------------+
+        | 🔄 Session End            |
+        |---------------------------|
+        |  - Auto-summary entry     |
+        |  - Flows to next briefing |
         +---------------------------+
 ```
 
@@ -88,6 +100,7 @@
 - **8 tool groups** - `core`, `search`, `analytics`, `relationships`, `export`, `admin`, `github`, `backup`
 - **Knowledge graphs** - 8 relationship types, Mermaid visualization
 - **Semantic search** - AI-powered conceptual search via `@xenova/transformers`
+- **Automated maintenance** - Scheduled backups, database optimization, and vector index rebuilds (HTTP/SSE only)
 
 ---
 
@@ -198,6 +211,18 @@ When GitHub tools cannot auto-detect repository information:
 
 - **Prompts not available**: AntiGravity does not currently support MCP prompts. The 15 workflow prompts are not accessible.
 
+### 🔄 Session Management
+
+Memory Journal bridges AI sessions automatically — the agent reads project context at session start and captures a summary at session end.
+
+1. Session starts → agent reads `memory://briefing` and shows you a project context summary
+2. Session ends → agent creates a `retrospective` entry tagged `session-summary`
+3. Next session's briefing includes the previous summary — context flows seamlessly
+
+**Cursor users:** Copy the [`memory-journal.mdc`](https://github.com/neverinfamous/memory-journal-mcp/blob/main/hooks/cursor/memory-journal.mdc) rule to `.cursor/rules/` for the most reliable session management. Optional audit hooks for Cursor, Kiro, and Kilo Code are available in the [hooks/](https://github.com/neverinfamous/memory-journal-mcp/tree/main/hooks) directory.
+
+**No rules or hooks?** The built-in server instructions handle both session start and end in any MCP client. This is **opt-out**: tell the agent "skip the summary" to disable session-end entries.
+
 ### HTTP/SSE Transport (Remote Access)
 
 For remote access, web-based clients, or HTTP-compatible MCP hosts:
@@ -233,6 +258,31 @@ docker run --rm -p 3000:3000 \
 | Stateful (default)        | ✅ Yes                 | ✅ Yes        | ⚠️ Complex |
 | Stateless (`--stateless`) | ❌ No                  | ❌ No         | ✅ Native  |
 
+#### Automated Scheduling (HTTP Only)
+
+Enable periodic maintenance jobs for long-running containers. These jobs run in-process on `setInterval` — no external cron needed.
+
+> **Note:** These flags only work with HTTP/SSE transport. Stdio transport (used by IDE integrations like Cursor and AntiGravity) ignores scheduler flags because those sessions are short-lived. For stdio, use the `backup_journal` and `cleanup_backups` tools manually.
+
+```bash
+docker run --rm -p 3000:3000 \
+  -v ./data:/app/data \
+  writenotenow/memory-journal-mcp:latest \
+  --transport http --port 3000 --server-host 0.0.0.0 \
+  --backup-interval 60 --keep-backups 10 \
+  --vacuum-interval 1440 \
+  --rebuild-index-interval 720
+```
+
+| Flag                             | Default | Description                                                          |
+| -------------------------------- | ------- | -------------------------------------------------------------------- |
+| `--backup-interval <min>`        | 0 (off) | Create timestamped database backups and prune old ones automatically |
+| `--keep-backups <count>`         | 5       | Max backups retained during automated cleanup                        |
+| `--vacuum-interval <min>`        | 0 (off) | Run `PRAGMA optimize` and flush database to disk                     |
+| `--rebuild-index-interval <min>` | 0 (off) | Full vector index rebuild to maintain semantic search quality        |
+
+Each job is error-isolated — a failure in one job won't affect the others. Scheduler status (last run, result, next run) is visible via `memory://health`.
+
 **Example with curl (stateful):**
 
 ```bash
@@ -466,8 +516,8 @@ Memory Journal is designed for extremely low overhead during AI task execution.
 
 **Available Tags:**
 
-- `4.4.2` - Specific version (recommended for production)
-- `4.4` - Latest patch in 4.4.x series
+- `4.5.0` - Specific version (recommended for production)
+- `4.5` - Latest patch in 4.5.x series
 - `4` - Latest minor in 4.x series
 - `latest` - Always the newest version
 - `sha256-<digest>` - SHA-pinned for maximum security

package/Dockerfile

@@ -23,21 +23,21 @@ RUN cd /usr/local/lib/node_modules/npm && \
     mv package node_modules/diff && \
     rm diff-8.0.3.tgz
 
-# Fix CVE-2026-23950, CVE-2026-24842, CVE-2026-26960: Manually update npm's bundled tar to 7.5.8
+# Fix CVE-2026-23950, CVE-2026-24842, CVE-2026-26960: Manually update npm's bundled tar to 7.5.9
 RUN cd /usr/local/lib/node_modules/npm && \
-    npm pack tar@7.5.8 && \
+    npm pack tar@7.5.9 && \
     rm -rf node_modules/tar && \
-    tar -xzf tar-7.5.8.tgz && \
+    tar -xzf tar-7.5.9.tgz && \
     mv package node_modules/tar && \
-    rm tar-7.5.8.tgz
+    rm tar-7.5.9.tgz
 
-# Fix CVE-2026-27903, CVE-2026-27904: Manually update npm's bundled minimatch to 10.2.3
+# Fix CVE-2026-27903, CVE-2026-27904: Manually update npm's bundled minimatch to 10.2.4
 RUN cd /usr/local/lib/node_modules/npm && \
-    npm pack minimatch@10.2.3 && \
+    npm pack minimatch@10.2.4 && \
     rm -rf node_modules/minimatch && \
-    tar -xzf minimatch-10.2.3.tgz && \
+    tar -xzf minimatch-10.2.4.tgz && \
     mv package node_modules/minimatch && \
-    rm minimatch-10.2.3.tgz
+    rm minimatch-10.2.4.tgz
 
 # Copy package files first for better layer caching
 COPY package*.json .npmrc ./
@@ -78,21 +78,21 @@ RUN cd /usr/local/lib/node_modules/npm && \
     mv package node_modules/diff && \
     rm diff-8.0.3.tgz
 
-# Fix CVE-2026-23950, CVE-2026-24842, CVE-2026-26960: Manually update npm's bundled tar to 7.5.8
+# Fix CVE-2026-23950, CVE-2026-24842, CVE-2026-26960: Manually update npm's bundled tar to 7.5.9
 RUN cd /usr/local/lib/node_modules/npm && \
-    npm pack tar@7.5.8 && \
+    npm pack tar@7.5.9 && \
     rm -rf node_modules/tar && \
-    tar -xzf tar-7.5.8.tgz && \
+    tar -xzf tar-7.5.9.tgz && \
     mv package node_modules/tar && \
-    rm tar-7.5.8.tgz
+    rm tar-7.5.9.tgz
 
-# Fix CVE-2026-27903, CVE-2026-27904: Manually update npm's bundled minimatch to 10.2.3
+# Fix CVE-2026-27903, CVE-2026-27904: Manually update npm's bundled minimatch to 10.2.4
 RUN cd /usr/local/lib/node_modules/npm && \
-    npm pack minimatch@10.2.3 && \
+    npm pack minimatch@10.2.4 && \
     rm -rf node_modules/minimatch && \
-    tar -xzf minimatch-10.2.3.tgz && \
+    tar -xzf minimatch-10.2.4.tgz && \
     mv package node_modules/minimatch && \
-    rm minimatch-10.2.3.tgz
+    rm minimatch-10.2.4.tgz
 
 # Copy built artifacts and production dependencies
 COPY --from=builder /app/dist ./dist
@@ -126,6 +126,6 @@ CMD ["node", "dist/cli.js"]
 # Labels for Docker Hub
 LABEL maintainer="Adamic.tech"
 LABEL description="Memory Journal MCP Server - Project context management for AI-assisted development"
-LABEL version="4.4.2"
+LABEL version="4.5.0"
 LABEL org.opencontainers.image.source="https://github.com/neverinfamous/memory-journal-mcp"
 LABEL io.modelcontextprotocol.server.name="io.github.neverinfamous/memory-journal-mcp"

package/README.md

@@ -1,6 +1,6 @@
 # Memory Journal MCP Server
 
-**Last Updated February 27, 2026**
+**Last Updated March 2, 2026**
 
 <!-- mcp-name: io.github.neverinfamous/memory-journal-mcp -->
 
@@ -12,12 +12,12 @@
 [![MCP Registry](https://img.shields.io/badge/MCP_Registry-Published-green)](https://registry.modelcontextprotocol.io/v0/servers?search=io.github.neverinfamous/memory-journal-mcp)
 [![Security](https://img.shields.io/badge/Security-Enhanced-green.svg)](SECURITY.md)
 [![TypeScript](https://img.shields.io/badge/TypeScript-Strict-blue.svg)](https://github.com/neverinfamous/memory-journal-mcp)
-![Coverage](https://img.shields.io/badge/Coverage-80.7%25-brightgreen.svg)
-![Tests](https://img.shields.io/badge/Tests-479_passed-brightgreen.svg)
+![Coverage](https://img.shields.io/badge/Coverage-92%25-brightgreen.svg)
+![Tests](https://img.shields.io/badge/Tests-590_passed-brightgreen.svg)
 
-🎯 **AI Context + Project Intelligence:** Bridge disconnected AI sessions with persistent project memory, while integrating your complete GitHub workflow — Issues, PRs, Actions, Kanban boards, Milestones, Repository Insights, and Knowledge Graphs — into every conversation.
+🎯 **AI Context + Project Intelligence:** Bridge disconnected AI sessions with persistent project memory and **automatic session handoff**. Integrates your complete GitHub workflow — Issues, PRs, Actions, Kanban boards, Milestones, Repository Insights, and Knowledge Graphs — into every conversation.
 
-**[GitHub](https://github.com/neverinfamous/memory-journal-mcp)** • **[Wiki](https://github.com/neverinfamous/memory-journal-mcp/wiki)** • **[Changelog](https://github.com/neverinfamous/memory-journal-mcp/wiki/CHANGELOG)** • **[Release Article](https://adamic.tech/articles/memory-journal-mcp-server)**
+**[GitHub](https://github.com/neverinfamous/memory-journal-mcp)** • **[Wiki](https://github.com/neverinfamous/memory-journal-mcp/wiki)** • **[Changelog](CHANGELOG.md)** • **[Release Article](https://adamic.tech/articles/memory-journal-mcp-server)**
 
 **🚀 Quick Deploy:**
 
@@ -35,6 +35,10 @@
 - 📊 **Generate reports** (standups, retrospectives, PR summaries, status)
 - 📈 **Track repository insights** — stars, forks, clones, views, top referrers, and popular paths (14-day rolling)
 - 🗄️ **Backup & restore** your journal data with one command
+- ⏰ **Automated maintenance** — scheduled backups, database optimization, and vector index rebuilds for long-running HTTP deployments
+- 👥 **Team collaboration** — opt-in sharing of context via Git-tracked team database ([wiki →](https://github.com/neverinfamous/memory-journal-mcp/wiki/Team-Collaboration))
+- 🔄 **Session continuity** — automatic end-of-session summaries flow into the next session's briefing
+- 💡 **Rule & skill suggestions** — agents offer to codify your recurring patterns with your approval
 
 ```mermaid
 flowchart TB
@@ -59,6 +63,7 @@ flowchart TB
         PRs["Pull Requests"]
         Actions["GitHub Actions"]
         Kanban["Kanban Boards"]
+        Insights["Repository Insights"]
     end
 
     subgraph Outputs["📊 Outputs"]
@@ -67,11 +72,17 @@ flowchart TB
         Timeline["Project Timelines"]
     end
 
+    subgraph SessionEnd["🔄 Session End"]
+        Summary["Session Summary Entry<br/>(retrospective + session-summary tag)"]
+    end
+
     Session --> Core
     Core --> Search
     Core <--> GitHub
     Search --> Outputs
     GitHub --> Outputs
+    Core --> SessionEnd
+    SessionEnd -.->|"next session"| Briefing
 ```
 
 ### 📈 **Current Capabilities**
@@ -83,6 +94,8 @@ flowchart TB
 - **8 tool groups** - `core`, `search`, `analytics`, `relationships`, `export`, `admin`, `github`, `backup`
 - **Knowledge graphs** - 8 relationship types, Mermaid visualization
 - **Semantic search** - AI-powered conceptual search via `@xenova/transformers`
+- **IDE Hooks** - Ready-to-use session-end configs for Cursor, Kiro, and Kilo Code ([setup →](hooks/))
+- **Automated maintenance** - Scheduled backups, database optimization, and vector index rebuilds (HTTP/SSE only)
 
 ---
 
@@ -230,6 +243,28 @@ memory-journal-mcp --transport http --port 3000 --stateless
 | Stateful (default)        | ✅ Yes                 | ✅ Yes        | ⚠️ Complex |
 | Stateless (`--stateless`) | ❌ No                  | ❌ No         | ✅ Native  |
 
+#### Automated Scheduling (HTTP Only)
+
+When running in HTTP/SSE mode, enable periodic maintenance jobs with CLI flags. These jobs run in-process on `setInterval` — no external cron needed.
+
+> **Note:** These flags are ignored for stdio transport because stdio sessions are short-lived (tied to your IDE session). For stdio, use OS-level scheduling (Task Scheduler, cron) or run the backup/cleanup tools manually.
+
+```bash
+memory-journal-mcp --transport http --port 3000 \
+  --backup-interval 60 --keep-backups 10 \
+  --vacuum-interval 1440 \
+  --rebuild-index-interval 720
+```
+
+| Flag                             | Default | Description                                                          |
+| -------------------------------- | ------- | -------------------------------------------------------------------- |
+| `--backup-interval <min>`        | 0 (off) | Create timestamped database backups and prune old ones automatically |
+| `--keep-backups <count>`         | 5       | Max backups retained during automated cleanup                        |
+| `--vacuum-interval <min>`        | 0 (off) | Run `PRAGMA optimize` and flush database to disk                     |
+| `--rebuild-index-interval <min>` | 0 (off) | Full vector index rebuild to maintain semantic search quality        |
+
+Each job is error-isolated — a failure in one job won't affect the others. Scheduler status (last run, result, next run) is visible via `memory://health`.
+
 ### GitHub Integration Configuration
 
 The GitHub tools (`get_github_issues`, `get_github_prs`, etc.) can auto-detect the repository from your git context. However, MCP clients may run the server from a different directory than your project.
@@ -296,6 +331,30 @@ When GitHub tools cannot auto-detect repository information:
 
 ---
 
+### 🔄 Session Management
+
+Memory Journal bridges AI sessions automatically — the agent reads project context at session start and captures a summary at session end.
+
+**How it works:**
+
+1. Session starts → agent reads `memory://briefing` and shows you a project context summary
+2. Session ends → agent creates a `retrospective` entry tagged `session-summary`
+3. Next session's briefing includes the previous summary — context flows seamlessly
+
+**Setup by IDE:** Ready-to-use rules and hooks in [`hooks/`](hooks/):
+
+| Client         | Primary (agent behavior)                                                                      | Optional (audit/logging)                                                                   |
+| -------------- | --------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
+| **Cursor**     | Copy [`hooks/cursor/memory-journal.mdc`](hooks/cursor/memory-journal.mdc) to `.cursor/rules/` | Copy [`hooks/cursor/hooks.json`](hooks/cursor/hooks.json) + `session-end.sh` to `.cursor/` |
+| **Kiro (AWS)** | Server instructions (automatic)                                                               | Copy [`hooks/kiro/session-end.md`](hooks/kiro/session-end.md) to `.kiro/hooks/`            |
+| **Kilo Code**  | Server instructions (automatic)                                                               | Import [`hooks/kilo-code/session-end-mode.json`](hooks/kilo-code/session-end-mode.json)    |
+
+**No rules or hooks?** The built-in server instructions handle both session start and end in any MCP client. The Cursor rule improves reliability by giving the agent explicit always-on instructions. This is **opt-out**: tell the agent "skip the summary" to disable session-end entries.
+
+See [`hooks/README.md`](hooks/README.md) for detailed setup instructions.
+
+---
+
 ## 📋 Core Capabilities
 
 ### 🛠️ **39 MCP Tools** (8 Groups)
@@ -545,7 +604,7 @@ npm run bench
 - **Input validation** - Zod schemas, content size limits, SQL injection prevention
 - **Path traversal protection** - Backup filenames validated
 - **MCP 2025-11-25 annotations** - Behavioral hints (`readOnlyHint`, `destructiveHint`, etc.)
-- **HTTP transport hardening** - Configurable CORS, 1MB body limit, security headers, 30-min session timeout
+- **HTTP transport hardening** - Configurable CORS, 1MB body limit, security headers, 30-min session timeout, rate limiting (100 req/min)
 - **Token scrubbing** - GitHub tokens and credentials automatically redacted from error logs
 
 ### Data & Privacy

package/SECURITY.md

@@ -4,29 +4,19 @@ The Memory Journal MCP server implements comprehensive security measures to prot
 
 ## 🛡️ **Database Security**
 
-### **WAL Mode Enabled**
-
-- ✅ **Write-Ahead Logging (WAL)** enabled for better concurrency and crash recovery
-- ✅ **Atomic transactions** ensure data consistency
-- ✅ **Better performance** with concurrent read/write operations
-
-### **Optimized PRAGMA Settings**
-
-```sql
-PRAGMA foreign_keys = ON          -- Enforce referential integrity
-PRAGMA journal_mode = WAL         -- Enable WAL mode
-PRAGMA synchronous = NORMAL       -- Balance safety and performance
-PRAGMA cache_size = -64000        -- 64MB cache for better performance
-PRAGMA mmap_size = 268435456      -- 256MB memory-mapped I/O
-PRAGMA temp_store = MEMORY        -- Store temp tables in memory
-PRAGMA busy_timeout = 30000       -- 30-second timeout for busy database
-```
+### **sql.js In-Memory Architecture**
+
+The server uses **sql.js** (pure JavaScript SQLite compiled to WebAssembly) which operates on an in-memory database copy with periodic flushing to disk. This differs from native SQLite:
 
-### **File Permissions**
+- ✅ **PRAGMA foreign_keys = ON** — enforces referential integrity and `ON DELETE CASCADE`
+- ✅ **Parameterized queries** — all user input bound via `?` placeholders
+- ✅ **Debounced disk writes** — periodic flushing with immediate flush on critical operations
+- ⚠️ WAL mode, mmap, busy_timeout, and other file-level PRAGMAs are **not applicable** to sql.js
 
-- ✅ **Database files**: `600` (read/write for owner only)
-- ✅ **Data directory**: `700` (full access for owner only)
-- ✅ **Automatic permission setting** on database creation
+### **File Permissions (Docker)**
+
+- ✅ **Data directory**: `700` (full access for owner only) in Docker
+- ✅ **Non-root user** (`appuser:appgroup`) owns data directory
 
 ## 🔐 **Input Validation**
 
@@ -38,11 +28,10 @@ PRAGMA busy_timeout = 30000       -- 30-second timeout for busy database
 - **Significance types**: 50 characters maximum
 - **HTTP request body**: 1MB maximum (prevents memory exhaustion)
 
-### **Character Filtering**
-
-Dangerous characters are blocked in tags:
+### **Character Handling**
 
-- `<` `>` `"` `'` `&` `\x00`
+Tags are stored as-is via parameterized queries. Special characters in tags
+are safely handled by the database layer and do not pose injection risks.
 
 ### **SQL Injection Prevention**
 
@@ -77,8 +66,12 @@ export MCP_CORS_ORIGIN="http://localhost:3000"
 
 ### **Security Headers**
 
-- ✅ **X-Content-Type-Options: nosniff** - prevents MIME sniffing
-- ✅ **X-Frame-Options: DENY** - prevents clickjacking
+- ✅ **X-Content-Type-Options: nosniff** — prevents MIME sniffing
+- ✅ **X-Frame-Options: DENY** — prevents clickjacking
+- ✅ **Content-Security-Policy: default-src 'none'; frame-ancestors 'none'** — prevents XSS and framing
+- ✅ **Cache-Control: no-store** — prevents caching of sensitive journal data
+- ✅ **Referrer-Policy: no-referrer** — prevents referrer leakage
+- ⚠️ **CORS wildcard warning** — server logs a warning when CORS origin is `*`
 
 ### **Session Management (Stateful Mode)**
 
@@ -187,17 +180,16 @@ docker run --memory=1g --cpus=1 memory-journal-mcp
 
 ## 📋 **Security Checklist**
 
-- [x] WAL mode enabled for database consistency
-- [x] Proper file permissions (600/700)
+- [x] Foreign key enforcement (`PRAGMA foreign_keys = ON`)
 - [x] Input validation and length limits (Zod schemas)
 - [x] Parameterized SQL queries
-- [x] SQL injection detection heuristics
-- [x] Path traversal protection
-- [x] LIKE pattern sanitization
-- [x] Date format whitelisting
+- [x] SQL injection detection heuristics (defense-in-depth)
+- [x] Path traversal protection (`assertNoPathTraversal`)
+- [x] LIKE pattern sanitization (`sanitizeSearchQuery`)
+- [x] Date format whitelisting (`validateDateFormatPattern`)
 - [x] HTTP body size limit (1MB)
-- [x] Configurable CORS origin
-- [x] Security headers (X-Content-Type-Options, X-Frame-Options)
+- [x] Configurable CORS origin (with wildcard warning)
+- [x] Security headers (CSP, X-Content-Type-Options, X-Frame-Options, Cache-Control, Referrer-Policy)
 - [x] Session timeout (30 minutes)
 - [x] Non-root Docker user
 - [x] Multi-stage Docker build

package/dist/cli.js

@@ -20,6 +20,10 @@ program
     .option('--auto-rebuild-index', 'Rebuild vector index on server startup')
     .option('--cors-origin <origin>', 'CORS allowed origin for HTTP transport (default: *)')
     .option('--log-level <level>', 'Log level: debug, info, warning, error', 'info')
+    .option('--backup-interval <minutes>', 'Automated backup interval in minutes, HTTP only (0 = disabled)', '0')
+    .option('--keep-backups <count>', 'Max backups to retain during automated cleanup', '5')
+    .option('--vacuum-interval <minutes>', 'Database optimize interval in minutes, HTTP only (0 = disabled)', '0')
+    .option('--rebuild-index-interval <minutes>', 'Vector index rebuild interval in minutes, HTTP only (0 = disabled)', '0')
     .action(async (options) => {
     // Set log level
     logger.setLevel(options.logLevel);
@@ -47,6 +51,12 @@ program
                     : undefined,
             autoRebuildIndex: options.autoRebuildIndex ?? process.env['AUTO_REBUILD_INDEX'] === 'true',
             corsOrigin: options.corsOrigin,
+            scheduler: {
+                backupIntervalMinutes: parseInt(options.backupInterval, 10),
+                keepBackups: parseInt(options.keepBackups, 10),
+                vacuumIntervalMinutes: parseInt(options.vacuumInterval, 10),
+                rebuildIndexIntervalMinutes: parseInt(options.rebuildIndexInterval, 10),
+            },
         });
     }
     catch (error) {

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAC1C,OAAO,GAAG,MAAM,iBAAiB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAA;AAEvD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAA;AAE7B,OAAO;KACF,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CAAC,wDAAwD,CAAC;KACrE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;KACpB,MAAM,CAAC,oBAAoB,EAAE,+BAA+B,EAAE,OAAO,CAAC;KACtE,MAAM,CAAC,iBAAiB,EAAE,gCAAgC,EAAE,MAAM,CAAC;KACnE,MAAM,CAAC,sBAAsB,EAAE,0DAA0D,CAAC;KAC1F,MAAM,CAAC,aAAa,EAAE,iDAAiD,CAAC;KACxE,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,qBAAqB,CAAC;KAC7D,MAAM,CAAC,wBAAwB,EAAE,qDAAqD,CAAC;KACvF,MAAM,CAAC,4BAA4B,EAAE,+BAA+B,CAAC;KACrE,MAAM,CAAC,sBAAsB,EAAE,wCAAwC,CAAC;KACxE,MAAM,CAAC,wBAAwB,EAAE,qDAAqD,CAAC;KACvF,MAAM,CAAC,qBAAqB,EAAE,wCAAwC,EAAE,MAAM,CAAC;KAC/E,MAAM,CACH,KAAK,EAAE,OAWN,EAAE,EAAE;IACD,gBAAgB;IAChB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAkD,CAAC,CAAA;IAE3E,yDAAyD;IACzD,MAAM,IAAI,GACN,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAA;IAErF,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;QAC9C,MAAM,EAAE,KAAK;QACb,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,KAAK;QACrC,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5B,CAAC,CAAA;IAEF,IAAI,CAAC;QACD,MAAM,YAAY,CAAC;YACf,SAAS,EAAE,OAAO,CAAC,SAA6B;YAChD,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YAChC,IAAI;YACJ,aAAa,EAAE,OAAO,CAAC,SAAS,KAAK,IAAI;YACzC,MAAM,EAAE,OAAO,CAAC,EAAE;YAClB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,oBAAoB,EAAE,OAAO,CAAC,cAAc;gBACxC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;gBACtC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;oBACrC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,EAAE,EAAE,CAAC;oBACrD,CAAC,CAAC,SAAS;YACjB,gBAAgB,EACZ,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,MAAM;YAC5E,UAAU,EAAE,OAAO,CAAC,UAAU;SACjC,CAAC,CAAA;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;YACnC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC,CAAA;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACnB,CAAC;AACL,CAAC,CACJ,CAAA;AAEL,OAAO,CAAC,KAAK,EAAE,CAAA"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAC1C,OAAO,GAAG,MAAM,iBAAiB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAA;AAEvD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAA;AAE7B,OAAO;KACF,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CAAC,wDAAwD,CAAC;KACrE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;KACpB,MAAM,CAAC,oBAAoB,EAAE,+BAA+B,EAAE,OAAO,CAAC;KACtE,MAAM,CAAC,iBAAiB,EAAE,gCAAgC,EAAE,MAAM,CAAC;KACnE,MAAM,CAAC,sBAAsB,EAAE,0DAA0D,CAAC;KAC1F,MAAM,CAAC,aAAa,EAAE,iDAAiD,CAAC;KACxE,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,qBAAqB,CAAC;KAC7D,MAAM,CAAC,wBAAwB,EAAE,qDAAqD,CAAC;KACvF,MAAM,CAAC,4BAA4B,EAAE,+BAA+B,CAAC;KACrE,MAAM,CAAC,sBAAsB,EAAE,wCAAwC,CAAC;KACxE,MAAM,CAAC,wBAAwB,EAAE,qDAAqD,CAAC;KACvF,MAAM,CAAC,qBAAqB,EAAE,wCAAwC,EAAE,MAAM,CAAC;KAC/E,MAAM,CACH,6BAA6B,EAC7B,gEAAgE,EAChE,GAAG,CACN;KACA,MAAM,CAAC,wBAAwB,EAAE,gDAAgD,EAAE,GAAG,CAAC;KACvF,MAAM,CACH,6BAA6B,EAC7B,iEAAiE,EACjE,GAAG,CACN;KACA,MAAM,CACH,oCAAoC,EACpC,oEAAoE,EACpE,GAAG,CACN;KACA,MAAM,CACH,KAAK,EAAE,OAeN,EAAE,EAAE;IACD,gBAAgB;IAChB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAkD,CAAC,CAAA;IAE3E,yDAAyD;IACzD,MAAM,IAAI,GACN,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAA;IAErF,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;QAC9C,MAAM,EAAE,KAAK;QACb,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,KAAK;QACrC,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5B,CAAC,CAAA;IAEF,IAAI,CAAC;QACD,MAAM,YAAY,CAAC;YACf,SAAS,EAAE,OAAO,CAAC,SAA6B;YAChD,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YAChC,IAAI;YACJ,aAAa,EAAE,OAAO,CAAC,SAAS,KAAK,IAAI;YACzC,MAAM,EAAE,OAAO,CAAC,EAAE;YAClB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,oBAAoB,EAAE,OAAO,CAAC,cAAc;gBACxC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;gBACtC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;oBACrC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,EAAE,EAAE,CAAC;oBACrD,CAAC,CAAC,SAAS;YACjB,gBAAgB,EACZ,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,MAAM;YAC5E,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,SAAS,EAAE;gBACP,qBAAqB,EAAE,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC3D,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC9C,qBAAqB,EAAE,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC3D,2BAA2B,EAAE,QAAQ,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC;aAC1E;SACJ,CAAC,CAAA;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;YACnC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC,CAAA;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACnB,CAAC;AACL,CAAC,CACJ,CAAA;AAEL,OAAO,CAAC,KAAK,EAAE,CAAA"}

package/dist/constants/ServerInstructions.d.ts

@@ -1,10 +1,14 @@
 /**
  * Server instructions for Memory Journal MCP.
  *
+ * ⚠️  AUTO-GENERATED — DO NOT EDIT THIS FILE DIRECTLY
+ *     Edit src/constants/server-instructions.md instead,
+ *     then run: npm run generate:instructions
+ *
  * These instructions are automatically sent to MCP clients during initialization,
  * providing guidance for AI agents on tool usage.
  *
- * Unreleased: Optimized for token efficiency with tiered instruction levels.
+ * Optimized for token efficiency with tiered instruction levels.
  */
 /**
  * Resource definition for instruction generation

package/dist/constants/ServerInstructions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ServerInstructions.d.ts","sourceRoot":"","sources":["../../src/constants/ServerInstructions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAC/B,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC,EAAE,EAAE,MAAM,CAAA;IACV,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;CAClB;AAED;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,UAAU,GAAG,MAAM,CAAA;AAmOhE;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAChC,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EACzB,UAAU,EAAE,kBAAkB,EAAE,EAChC,OAAO,EAAE,gBAAgB,EAAE,EAC3B,WAAW,CAAC,EAAE,mBAAmB,EACjC,KAAK,GAAE,gBAA6B,GACrC,MAAM,CAuCR;AAkBD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAA+C,CAAA"}
+{"version":3,"file":"ServerInstructions.d.ts","sourceRoot":"","sources":["../../src/constants/ServerInstructions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAC/B,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC,EAAE,EAAE,MAAM,CAAA;IACV,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;CAClB;AAED;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,UAAU,GAAG,MAAM,CAAA;AAqRhE;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAChC,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EACzB,UAAU,EAAE,kBAAkB,EAAE,EAChC,OAAO,EAAE,gBAAgB,EAAE,EAC3B,WAAW,CAAC,EAAE,mBAAmB,EACjC,KAAK,GAAE,gBAA6B,GACrC,MAAM,CAuCR;AAkBD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAA+C,CAAA"}