memory-journal-mcp 4.4.2 → 4.5.0

package/hooks/README.md

@@ -0,0 +1,107 @@
+# IDE Hook & Rule Configurations
+
+Ready-to-use configurations for automatic session management with memory-journal-mcp.
+
+## How It Works
+
+Memory Journal bridges AI sessions with two behaviors:
+
+- **Session start** — Agent reads `memory://briefing` and shows the user a project context summary
+- **Session end** — Agent creates a `retrospective` entry tagged `session-summary` capturing what was done, what's pending, and context for the next session
+
+The next session's briefing automatically includes the previous session's summary.
+
+## Progressive Enhancement
+
+```
+┌─────────────────────────────────────────────────────┐
+│  Cursor Rule (most reliable for agent behavior)     │
+│  .cursor/rules/memory-journal.mdc                   │
+│  ↓ always-apply rule instructs agent directly       │
+├─────────────────────────────────────────────────────┤
+│  Server Instructions (fallback for any MCP client)  │
+│  Embedded in MCP server initialization              │
+│  ↓ agent follows Session Start / Session End steps  │
+├─────────────────────────────────────────────────────┤
+│  IDE Hooks (audit & logging)                        │
+│  Cursor sessionEnd · Kiro hooks · Kilo Code modes   │
+│  ↓ fire-and-forget observation on session close     │
+├─────────────────────────────────────────────────────┤
+│  User opt-out                                       │
+│  User says "skip the summary" → agent skips          │
+└─────────────────────────────────────────────────────┘
+```
+
+## Setup by IDE
+
+### Cursor
+
+#### Step 1: Cursor Rule (handles session start + end behavior)
+
+Copy `cursor/memory-journal.mdc` to your project's `.cursor/rules/`:
+
+```powershell
+# From your project root
+mkdir -p .cursor/rules
+cp <path-to-memory-journal-mcp>/hooks/cursor/memory-journal.mdc .cursor/rules/memory-journal.mdc
+```
+
+This `alwaysApply` rule instructs the agent to:
+
+- Read `memory://briefing` and show project context at session start
+- Create a session summary entry when the conversation wraps up
+
+**Requirements**: Cursor with Rules support (`.cursor/rules/` directory).
+
+#### Step 2: sessionEnd Hook (optional — audit logging)
+
+Copy `cursor/hooks.json` and `cursor/session-end.sh` to your project's `.cursor/`:
+
+```powershell
+cp <path-to-memory-journal-mcp>/hooks/cursor/hooks.json .cursor/hooks.json
+mkdir -p .cursor/hooks
+cp <path-to-memory-journal-mcp>/hooks/cursor/session-end.sh .cursor/hooks/session-end.sh
+chmod +x .cursor/hooks/session-end.sh
+```
+
+The `sessionEnd` hook is **fire-and-forget** — Cursor does not use its output. It logs session metadata to `/tmp/memory-journal-sessions.log`. Customize the script for your own auditing needs.
+
+> **Note:** Cursor's `sessionEnd` hook cannot inject messages or trigger agent actions. Session summary creation is handled by the Cursor rule and server instructions, not the hook.
+
+**Requirements**: Cursor v1.7+ with Hooks enabled.
+
+### Kiro (AWS)
+
+Copy `kiro/session-end.md` to your project's `.kiro/hooks/` directory:
+
+```powershell
+mkdir -p .kiro/hooks
+cp <path-to-memory-journal-mcp>/hooks/kiro/session-end.md .kiro/hooks/
+```
+
+Kiro hooks use markdown files with YAML frontmatter. The `manual` trigger means you activate it from the Kiro hook panel when ending a session.
+
+### Kilo Code
+
+Copy `kilo-code/session-end-mode.json` to your Kilo Code settings:
+
+```powershell
+# Import via Kilo Code settings UI, or add to your modes configuration
+cp <path-to-memory-journal-mcp>/hooks/kilo-code/session-end-mode.json ~/.kilocode/modes/
+```
+
+This creates a `session-end` custom mode. Switch to it at the end of a session and Kilo Code will create the summary entry using MCP tools.
+
+### VS Code + GitHub Copilot
+
+Agent hooks are in **preview** (early 2026). When stabilized, a configuration will be added here. In the meantime, the server instructions fallback handles session management.
+
+### AntiGravity
+
+Does not currently support hooks or rules. The server instructions fallback handles session management automatically. For session-start behavior, add to your user rules: "At session start, read `memory://briefing` from memory-journal-mcp."
+
+## No Rules or Hooks? No Problem
+
+The `server-instructions.md` in this project includes **Session Start** and **Session End** behavior sections that instruct any MCP-connected agent to manage sessions automatically. This works in **every** MCP client, regardless of rule or hook support — though reliability varies by client.
+
+To **disable** session-end entries, tell the agent: "Skip the session summary" or "Don't create an end-of-session entry."

package/hooks/cursor/hooks.json

@@ -0,0 +1,10 @@
+{
+    "version": 1,
+    "hooks": {
+        "sessionEnd": [
+            {
+                "command": ".cursor/hooks/session-end.sh"
+            }
+        ]
+    }
+}

package/hooks/cursor/memory-journal.mdc

@@ -0,0 +1,22 @@
+---
+description: Memory Journal MCP - session start briefing and session end summary
+alwaysApply: true
+---
+
+# Memory Journal MCP
+
+## Session Start
+
+Before responding to the first user message in every conversation:
+
+1. Fetch `memory://briefing` from the memory-journal-mcp server
+2. Show the `userMessage` field to the user (it contains a formatted project context summary)
+3. Then proceed with the user's request
+
+## Session End
+
+When the conversation is wrapping up (user says "thanks," final deliverable complete, no more work planned):
+
+1. Create a journal entry summarizing: what was accomplished, what's unfinished, and context for the next session
+2. Use `entry_type: "retrospective"` and tag with `session-summary`
+3. This is opt-out — ALWAYS create the entry, even for short/trivial sessions, unless the user explicitly says to skip it

package/hooks/cursor/session-end.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# session-end.sh — Fire-and-forget sessionEnd hook for memory-journal-mcp
+#
+# Cursor's sessionEnd hook is observational only (output is not used).
+# Session summary creation is handled by the Cursor rule + server instructions,
+# not this hook. Customize this script for logging or cleanup.
+#
+# Input (JSON via stdin): session_id, reason, duration_ms, is_background_agent, etc.
+
+input=$(cat)
+
+timestamp=$(date '+%Y-%m-%d %H:%M:%S')
+session_id=$(echo "$input" | grep -o '"session_id":"[^"]*"' | head -1 | cut -d'"' -f4)
+reason=$(echo "$input" | grep -o '"reason":"[^"]*"' | head -1 | cut -d'"' -f4)
+
+echo "[$timestamp] session=$session_id reason=$reason" >> /tmp/memory-journal-sessions.log 2>/dev/null
+
+exit 0

package/hooks/kilo-code/session-end-mode.json

@@ -0,0 +1,11 @@
+{
+    "customModes": [
+        {
+            "slug": "session-end",
+            "name": "Session End",
+            "roleDefinition": "You are wrapping up a coding session. Create a memory-journal-mcp entry summarizing the session.",
+            "customInstructions": "Create a memory-journal-mcp entry summarizing this session:\n- What was accomplished (key changes, decisions, files modified)\n- What's unfinished or blocked (pending items, open questions)\n- Context for next session (relevant entry IDs, branch names, PR numbers)\n\nUse entry_type 'retrospective' and tag with 'session-summary'.",
+            "groups": ["mcp"]
+        }
+    ]
+}

package/hooks/kiro/session-end.md

@@ -0,0 +1,13 @@
+---
+title: Session End Journal Entry
+description: Creates a session summary journal entry via memory-journal-mcp
+trigger: manual
+---
+
+Create a memory-journal-mcp entry summarizing this session:
+
+- **What was accomplished** (key changes, decisions, files modified)
+- **What's unfinished or blocked** (pending items, open questions)
+- **Context for next session** (relevant entry IDs, branch names, PR numbers)
+
+Use `entry_type: "retrospective"` and tag with `session-summary`.

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "memory-journal-mcp",
-    "version": "4.4.2",
+    "version": "4.5.0",
     "description": "Project context management for AI-assisted development - Persistent knowledge graphs and intelligent context recall across fragmented AI threads",
     "type": "module",
     "main": "dist/index.js",
@@ -18,7 +18,8 @@
         "test": "vitest run",
         "test:watch": "vitest",
         "test:coverage": "vitest run --coverage",
-        "bench": "vitest bench --run"
+        "bench": "vitest bench --run",
+        "generate:instructions": "node scripts/generate-server-instructions.ts"
     },
     "keywords": [
         "mcp",
@@ -55,8 +56,8 @@
         "@octokit/rest": "^22.0.1",
         "@xenova/transformers": "^2.17.2",
         "commander": "^14.0.3",
-        "cors": "^2.8.6",
         "express": "^5.2.1",
+        "express-rate-limit": "^8.2.1",
         "simple-git": "^3.32.3",
         "sql.js": "^1.14.0",
         "vectra": "^0.12.3",
@@ -64,12 +65,11 @@
     },
     "devDependencies": {
         "@eslint/js": "^10.0.1",
-        "@types/cors": "^2.8.19",
         "@types/express": "^5.0.6",
-        "@types/node": "^25.3.2",
+        "@types/node": "^25.3.3",
         "@vitest/coverage-v8": "^4.0.18",
         "eslint": "^10.0.2",
-        "globals": "^17.3.0",
+        "globals": "^17.4.0",
         "typescript": "^5.9.3",
         "typescript-eslint": "^8.56.1",
         "vitest": "^4.0.17"
@@ -78,8 +78,8 @@
         "axios": "^1.13.5",
         "brace-expansion": "^2.0.2",
         "glob": "^11.1.0",
-        "minimatch": "^10.2.3",
-        "tar": "^7.5.8",
+        "minimatch": "^10.2.4",
+        "tar": "^7.5.9",
         "tmp": "^0.2.4"
     }
 }

package/releases/v4.5.0.md

@@ -0,0 +1,116 @@
+# v4.5.0 - Automated Scheduling, Security Hardening & Quality Improvements
+
+**Released: March 2, 2026**
+
+## Highlights
+
+### ⏰ Automated Scheduler (HTTP/SSE Only)
+
+New in-process scheduler runs periodic maintenance jobs for long-running HTTP/SSE server processes:
+
+- `--backup-interval <minutes>` — Automated database backups with cleanup
+- `--keep-backups <count>` — Max backups to retain (default: 5)
+- `--vacuum-interval <minutes>` — Database optimization (`PRAGMA optimize`)
+- `--rebuild-index-interval <minutes>` — Full vector index rebuild
+
+Each job is error-isolated. Status visible via `memory://health`.
+
+### 🔒 Security Hardening
+
+Comprehensive security improvements across the entire stack:
+
+- **HTTP Transport** — Rate limiting (100 req/min), CSP headers, Cache-Control, Referrer-Policy, CORS wildcard warning
+- **Input Validation** — `entry_type` and `significance_type` now constrained to Zod enums; date format validation via regex
+- **Dead Code Wiring** — `sanitizeSearchQuery()` and `assertNoPathTraversal()` now active in code paths
+- **Foreign Keys** — `PRAGMA foreign_keys = ON` enforced at database initialization
+- **Path Traversal** — `exportToFile()` now protected with `assertNoPathTraversal()`
+- **Logger Hardening** — `LOG_LEVEL` validated; `setLevel()` guarded against invalid values
+- **Removed dead code** — SQL injection detection functions that provided false sense of security
+- **CI** — Blocking `npm audit` and TruffleHog steps; Node.js test matrix aligned to `>=24.0.0`
+
+### ✅ Test Coverage → 92%
+
+Expanded test suite from 549 → 590 tests, raising line coverage from 88.59% → 92.06%:
+
+- SIGINT shutdown handlers for all three transport modes
+- Prompt handlers with proper arguments
+- `SqliteAdapter` backup edge cases
+- GitHub integration error paths
+
+### 📝 Cursor Rule for Session Management
+
+Added `hooks/cursor/memory-journal.mdc` — an `alwaysApply` Cursor rule that instructs agents to read `memory://briefing` at session start and create a retrospective at session end. This is the most reliable mechanism for session behavior in Cursor.
+
+## Added
+
+- **Automated Scheduler** — `Scheduler.ts` module with CLI flags for backup, vacuum, and index rebuild intervals
+- **Cursor Rule** — `hooks/cursor/memory-journal.mdc` for reliable session management
+- **Cursor `sessionEnd` Hook** — `hooks/cursor/hooks.json` + `session-end.sh` audit script
+
+## Improved
+
+- **Test Coverage** — 88.59% → 92.06% line coverage (549 → 590 tests)
+- **Database I/O** — Debounced `scheduleSave()` reduces disk writes on rapid mutations
+- **Vector Index Rebuild** — Paginated fetching (200/page) + parallel batch embedding (5 at a time)
+- **Server Startup** — Eliminated duplicate `getTools()` call
+- **GitHub API** — TTL response cache (5 min) with automatic invalidation on mutations
+
+## Fixed
+
+- **Session Start briefing in Cursor** — Added `user-memory-journal-mcp` server name for Cursor compatibility
+- **`deleteOldBackups` Test Isolation** — Fixed flaky test by cleaning up pre-existing backups
+- **`share_with_team` Not Setting `isPersonal`** — `create_entry` with `share_with_team: true` now correctly sets `isPersonal: false`
+- **Path Traversal Test Assertion** — Updated to assert `PathTraversalError` type
+- **Tool Handler Test Fix** — Updated to use valid `entry_type` enum value
+
+## Security
+
+- Wire dead-code security utilities (F-001, F-002)
+- HTTP security headers: CSP, Cache-Control, Referrer-Policy (F-003)
+- `PRAGMA foreign_keys = ON` (F-005)
+- CORS wildcard warning (F-006)
+- `entry_type` / `significance_type` enum constraints
+- Date format validation on all date string fields
+- HTTP rate limiting (100 req/min per IP)
+- Remove dead SQL injection detection code
+- `exportToFile()` path traversal protection
+- `getRawDb()` safety documentation
+- Logger `LOG_LEVEL` validation (L1) and `setLevel()` guard (L2)
+- CI `security-scan` Node version alignment (L3)
+
+## Changed
+
+- `@types/node`: 25.3.2 → 25.3.3 (patch)
+- `globals`: 17.3.0 → 17.4.0 (minor)
+- `minimatch` override: 10.2.3 → 10.2.4 (patch)
+- `tar` override: 7.5.8 → 7.5.9 (patch)
+
+## Removed
+
+- **Unused `cors` dependency** — CORS handled by custom middleware
+
+## CI/CD
+
+- Removed Dependabot auto-merge workflow
+- Trivy Action updated to 0.34.0
+- Node.js test matrix aligned: `[24.x, 25.x]`
+- Blocking `npm audit` in CI pipeline
+- Blocking TruffleHog secret scanning
+
+## Documentation
+
+- Revised `hooks/README.md` with progressive enhancement model
+- Updated Session Management in README.md and DOCKER_README.md
+- SECURITY.md rewrite for TypeScript era
+- Team collaboration in READMEs with wiki links
+- Rate limiting documentation
+
+---
+
+```bash
+# npm
+npm install -g memory-journal-mcp@4.5.0
+
+# Docker
+docker pull writenotenow/memory-journal-mcp:v4.5.0
+```

package/scripts/generate-server-instructions.ts

@@ -0,0 +1,176 @@
+/**
+ * Generates src/constants/ServerInstructions.ts from src/constants/server-instructions.md
+ *
+ * Reads the markdown source file, splits it by section delimiters,
+ * escapes for template literals, and produces the full TypeScript module
+ * with types, constants, and the generateInstructions function.
+ *
+ * Usage: node scripts/generate-server-instructions.ts
+ */
+
+import { readFileSync, writeFileSync } from 'node:fs'
+import { dirname, resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const projectRoot = resolve(__dirname, '..')
+
+const mdPath = resolve(projectRoot, 'src/constants/server-instructions.md')
+const tsPath = resolve(projectRoot, 'src/constants/ServerInstructions.ts')
+
+// Read plain markdown source
+const markdown = readFileSync(mdPath, 'utf-8')
+
+// Section names in order
+const SECTION_NAMES = ['ESSENTIAL', 'GITHUB', 'SERVER_ACCESS', 'TOOL_PARAMETER_REFERENCE']
+
+/**
+ * Parse sections from markdown using <!-- SECTION:NAME --> delimiters
+ */
+function parseSections(content) {
+    const sections = {}
+
+    for (let i = 0; i < SECTION_NAMES.length; i++) {
+        const name = SECTION_NAMES[i]
+        const startMarker = '<!-- SECTION:' + name + ' -->'
+        const startIdx = content.indexOf(startMarker)
+
+        if (startIdx === -1) {
+            throw new Error('Missing section marker: ' + startMarker)
+        }
+
+        const contentStart = startIdx + startMarker.length
+
+        // Find next section marker or end of file
+        let contentEnd
+        if (i + 1 < SECTION_NAMES.length) {
+            const nextMarker = '<!-- SECTION:' + SECTION_NAMES[i + 1] + ' -->'
+            contentEnd = content.indexOf(nextMarker)
+            if (contentEnd === -1) {
+                throw new Error('Missing section marker: ' + nextMarker)
+            }
+        } else {
+            contentEnd = content.length
+        }
+
+        // Trim leading/trailing whitespace but preserve internal structure
+        sections[name] = content.slice(contentStart, contentEnd).trim()
+    }
+
+    return sections
+}
+
+/**
+ * Escape content for use inside a JS/TS template literal
+ */
+function escapeForTemplateLiteral(content) {
+    return content.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\$\{/g, '\\${')
+}
+
+const sections = parseSections(markdown)
+
+// Read the function body template (static TypeScript code after the constants)
+const FUNCTION_BODY = readFileSync(
+    resolve(projectRoot, 'scripts/server-instructions-function-body.ts'),
+    'utf-8'
+)
+
+// Build the TypeScript file using string concatenation to avoid nested escaping
+const lines = []
+
+lines.push('/**')
+lines.push(' * Server instructions for Memory Journal MCP.')
+lines.push(' *')
+lines.push(' * ⚠️  AUTO-GENERATED — DO NOT EDIT THIS FILE DIRECTLY')
+lines.push(' *     Edit src/constants/server-instructions.md instead,')
+lines.push(' *     then run: npm run generate:instructions')
+lines.push(' *')
+lines.push(' * These instructions are automatically sent to MCP clients during initialization,')
+lines.push(' * providing guidance for AI agents on tool usage.')
+lines.push(' *')
+lines.push(' * Optimized for token efficiency with tiered instruction levels.')
+lines.push(' */')
+lines.push('')
+lines.push("import type { ToolGroup } from '../types/index.js'")
+lines.push("import { TOOL_GROUPS } from '../filtering/ToolFilter.js'")
+lines.push('')
+lines.push('/**')
+lines.push(' * Resource definition for instruction generation')
+lines.push(' */')
+lines.push('export interface ResourceDefinition {')
+lines.push('    uri: string')
+lines.push('    name: string')
+lines.push('    description?: string')
+lines.push('}')
+lines.push('')
+lines.push('/**')
+lines.push(' * Prompt definition for instruction generation')
+lines.push(' */')
+lines.push('export interface PromptDefinition {')
+lines.push('    name: string')
+lines.push('    description?: string')
+lines.push('}')
+lines.push('')
+lines.push('/**')
+lines.push(' * Latest entry snapshot for initial briefing')
+lines.push(' */')
+lines.push('export interface LatestEntrySnapshot {')
+lines.push('    id: number')
+lines.push('    timestamp: string')
+lines.push('    entryType: string')
+lines.push('    content: string')
+lines.push('}')
+lines.push('')
+lines.push('/**')
+lines.push(' * Instruction detail level for token efficiency')
+lines.push(' * - essential: ~200 tokens - Core behaviors only (for token-constrained clients)')
+lines.push(' * - standard: ~400 tokens - + GitHub patterns (default)')
+lines.push(' * - full: ~600 tokens - + tool/resource listings')
+lines.push(' */')
+lines.push("export type InstructionLevel = 'essential' | 'standard' | 'full'")
+lines.push('')
+lines.push('/**')
+lines.push(' * Essential behavioral guidance (~200 tokens)')
+lines.push(' * Core patterns every AI agent should follow.')
+lines.push(' */')
+lines.push(
+    'const ESSENTIAL_INSTRUCTIONS = `' + escapeForTemplateLiteral(sections.ESSENTIAL) + '\n`'
+)
+lines.push('')
+lines.push('/**')
+lines.push(' * GitHub integration patterns (~150 additional tokens)')
+lines.push(' */')
+lines.push('const GITHUB_INSTRUCTIONS = `\n' + escapeForTemplateLiteral(sections.GITHUB) + '\n`')
+lines.push('')
+lines.push('/**')
+lines.push(' * Server access instructions - critical for AI agents to call tools correctly')
+lines.push(' */')
+lines.push(
+    'const SERVER_ACCESS_INSTRUCTIONS = `\n' +
+        escapeForTemplateLiteral(sections.SERVER_ACCESS) +
+        '\n`'
+)
+lines.push('')
+lines.push('/**')
+lines.push(' * Tool parameter reference - essential for correct tool invocation')
+lines.push(' */')
+lines.push(
+    'const TOOL_PARAMETER_REFERENCE = `\n' +
+        escapeForTemplateLiteral(sections.TOOL_PARAMETER_REFERENCE) +
+        '\n`'
+)
+lines.push('')
+lines.push(FUNCTION_BODY)
+lines.push('')
+
+const tsContent = lines.join('\n')
+
+writeFileSync(tsPath, tsContent, 'utf-8')
+
+process.stderr.write(
+    '✅ Generated ServerInstructions.ts (' +
+        tsContent.length.toLocaleString() +
+        ' bytes) from server-instructions.md (' +
+        markdown.length.toLocaleString() +
+        ' bytes)\n'
+)

package/scripts/server-instructions-function-body.ts

@@ -0,0 +1,77 @@
+/**
+ * Generate dynamic instructions based on enabled tools, resources, prompts, and latest entry
+ *
+ * @param enabledTools - Set of enabled tool names
+ * @param resources - Available resource definitions
+ * @param prompts - Available prompt definitions
+ * @param latestEntry - Optional latest entry for context snapshot
+ * @param level - Instruction detail level (default: 'standard')
+ */
+export function generateInstructions(
+    enabledTools: Set<string>,
+    _resources: ResourceDefinition[],
+    prompts: PromptDefinition[],
+    latestEntry?: LatestEntrySnapshot,
+    level: InstructionLevel = 'standard'
+): string {
+    let instructions = ESSENTIAL_INSTRUCTIONS
+
+    // Add latest entry snapshot for immediate context (compact format)
+    if (latestEntry) {
+        const preview = latestEntry.content.slice(0, 120)
+        instructions += `\n**Latest**: #${String(latestEntry.id)} (${latestEntry.timestamp}) ${latestEntry.entryType}\n> ${preview}${latestEntry.content.length > 120 ? '...' : ''}\n`
+    }
+
+    // Standard and full levels include GitHub patterns
+    if (level === 'standard' || level === 'full') {
+        instructions += GITHUB_INSTRUCTIONS
+    }
+
+    // Full level includes server access instructions and tool parameter reference
+    if (level === 'full') {
+        instructions += SERVER_ACCESS_INSTRUCTIONS
+        instructions += TOOL_PARAMETER_REFERENCE
+
+        // Add active tools summary
+        const activeGroups = getActiveToolGroups(enabledTools)
+        if (activeGroups.length > 0) {
+            instructions += `\n## Active Tools (${String(enabledTools.size)})\n`
+            for (const { group, tools } of activeGroups) {
+                instructions += `**${group}**: ${tools.map((t) => `\`${t}\``).join(', ')}\n`
+            }
+        }
+
+        // Add prompts section
+        if (prompts.length > 0) {
+            instructions += `\n## Prompts (${String(prompts.length)})\n`
+            instructions += 'Pre-built templates and guided workflows:\n'
+            for (const prompt of prompts) {
+                instructions += `- \`${prompt.name}\` - ${prompt.description ?? ''}\n`
+            }
+        }
+    }
+
+    return instructions
+}
+
+/**
+ * Get active tool groups with their enabled tools
+ */
+function getActiveToolGroups(enabledTools: Set<string>): { group: ToolGroup; tools: string[] }[] {
+    const activeGroups: { group: ToolGroup; tools: string[] }[] = []
+
+    for (const [group, allTools] of Object.entries(TOOL_GROUPS) as [ToolGroup, string[]][]) {
+        const enabledInGroup = allTools.filter((tool) => enabledTools.has(tool))
+        if (enabledInGroup.length > 0) {
+            activeGroups.push({ group, tools: enabledInGroup })
+        }
+    }
+
+    return activeGroups
+}
+
+/**
+ * Static instructions for backward compatibility
+ * @deprecated Use generateInstructions() instead for dynamic content
+ */
+export const SERVER_INSTRUCTIONS = ESSENTIAL_INSTRUCTIONS + GITHUB_INSTRUCTIONS

package/server.json

@@ -3,12 +3,12 @@
     "name": "io.github.neverinfamous/memory-journal-mcp",
     "title": "Memory Journal MCP",
     "description": "MCP server– Project memory system with GitHub-aware context, knowledge graphs, and CI/PR timelines",
-    "version": "4.4.2",
+    "version": "4.5.0",
     "packages": [
         {
             "registryType": "oci",
-            "identifier": "docker.io/writenotenow/memory-journal-mcp:v4.4.2",
-            "version": "4.4.2",
+            "identifier": "docker.io/writenotenow/memory-journal-mcp:v4.5.0",
+            "version": "4.5.0",
             "transport": {
                 "type": "stdio"
             }

package/src/cli.ts

@@ -23,6 +23,22 @@ program
     .option('--auto-rebuild-index', 'Rebuild vector index on server startup')
     .option('--cors-origin <origin>', 'CORS allowed origin for HTTP transport (default: *)')
     .option('--log-level <level>', 'Log level: debug, info, warning, error', 'info')
+    .option(
+        '--backup-interval <minutes>',
+        'Automated backup interval in minutes, HTTP only (0 = disabled)',
+        '0'
+    )
+    .option('--keep-backups <count>', 'Max backups to retain during automated cleanup', '5')
+    .option(
+        '--vacuum-interval <minutes>',
+        'Database optimize interval in minutes, HTTP only (0 = disabled)',
+        '0'
+    )
+    .option(
+        '--rebuild-index-interval <minutes>',
+        'Vector index rebuild interval in minutes, HTTP only (0 = disabled)',
+        '0'
+    )
     .action(
         async (options: {
             transport: string
@@ -35,6 +51,10 @@ program
             autoRebuildIndex?: boolean
             corsOrigin?: string
             logLevel: string
+            backupInterval: string
+            keepBackups: string
+            vacuumInterval: string
+            rebuildIndexInterval: string
         }) => {
             // Set log level
             logger.setLevel(options.logLevel as 'debug' | 'info' | 'warning' | 'error')
@@ -67,6 +87,12 @@ program
                     autoRebuildIndex:
                         options.autoRebuildIndex ?? process.env['AUTO_REBUILD_INDEX'] === 'true',
                     corsOrigin: options.corsOrigin,
+                    scheduler: {
+                        backupIntervalMinutes: parseInt(options.backupInterval, 10),
+                        keepBackups: parseInt(options.keepBackups, 10),
+                        vacuumIntervalMinutes: parseInt(options.vacuumInterval, 10),
+                        rebuildIndexIntervalMinutes: parseInt(options.rebuildIndexInterval, 10),
+                    },
                 })
             } catch (error) {
                 logger.error('Failed to start server', {