memory-journal-mcp 6.3.0 → 7.0.0

package/README.md

@@ -10,9 +10,9 @@
 [![MCP Registry](https://img.shields.io/badge/MCP_Registry-Published-green)](https://registry.modelcontextprotocol.io/v0/servers?search=io.github.neverinfamous/memory-journal-mcp)
 [![Security](https://img.shields.io/badge/Security-Enhanced-green.svg)](SECURITY.md)
 [![TypeScript](https://img.shields.io/badge/TypeScript-Strict-blue.svg)](https://github.com/neverinfamous/memory-journal-mcp)
-![Coverage](https://img.shields.io/badge/Coverage-96.7%25-brightgreen.svg)
+![Coverage](https://img.shields.io/badge/Coverage-97.52%25-brightgreen.svg)
 ![Tests](https://img.shields.io/badge/Tests-1782_passed-brightgreen.svg)
-![E2E Tests](https://img.shields.io/badge/E2E_Tests-377_passed-brightgreen.svg)
+![E2E Tests](https://img.shields.io/badge/E2E_Tests-391_passed-brightgreen.svg)
 [![CI](https://github.com/neverinfamous/memory-journal-mcp/actions/workflows/gatekeeper.yml/badge.svg)](https://github.com/neverinfamous/memory-journal-mcp/actions/workflows/gatekeeper.yml)
 
 🎯 **AI Context + Project Intelligence:** Bridge disconnected AI sessions with persistent project memory and **automatic session handoff** — with full GitHub workflow integration.
@@ -28,7 +28,7 @@
 
 ### What Sets Us Apart
 
-**61 MCP Tools** · **17 Workflow Prompts** · **33 Resources** · **10 Tool Groups** · **Code Mode** · **GitHub Commander** (Issue Triage, PR Review, Milestone Sprints, Security/Quality/Perf Audits) · **GitHub Integration** (Issues, PRs, Actions, Kanban, Milestones, Insights) · **Team Collaboration** (Shared DB, Vector Search, Cross-Project Insights)
+**61 MCP Tools** · **17 Workflow Prompts** · **38 Resources** · **10 Tool Groups** · **Code Mode** · **GitHub Commander** (Issue Triage, PR Review, Milestone Sprints, Security/Quality/Perf Audits) · **GitHub Integration** (Issues, PRs, Actions, Kanban, Milestones, Insights) · **Team Collaboration** (Shared DB, Vector Search, Cross-Project Insights)
 
 | Feature                       | Description                                                                                                                                                    |
 | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -36,7 +36,7 @@
 | **GitHub Integration**        | 16 tools for Issues, PRs, Actions, Kanban, Milestones (%), Copilot Reviews, and 14-day Insights                                                                |
 | **Dynamic Project Routing**   | Seamlessly switch contexts and access CI/Issue tracking across multiple repositories using a single server instance via `PROJECT_REGISTRY`                     |
 | **Knowledge Graphs**          | 8 relationship types linking specs → implementations → tests → PRs with Mermaid visualization                                                                  |
-| **Triple Search**             | Full-text (FTS5), semantic (`@huggingface/transformers` + `sqlite-vec`), and date-range search                                                                 |
+| **Hybrid Search**             | Reciprocal Rank Fusion combining FTS5 keywords, semantic vector similarity, auto-heuristics, and date-range filters                                            |
 | **Code Mode**                 | Execute multi-step operations in a secure sandbox — up to 90% token savings via `mj.*` API                                                                     |
 | **Configurable Briefing**     | 12 env vars / CLI flags control `memory://briefing` content — entries, team, GitHub detail, skills awareness                                                   |
 | **Reports & Analytics**       | Standups, retrospectives, PR summaries, digests, period analyses, and milestone tracking                                                                       |
@@ -85,10 +85,11 @@ flowchart TB
         Link["Link Entries"]
     end
 
-    subgraph Search["🔍 Triple Search"]
-        FTS["Full-Text"]
+    subgraph Search["🔍 Hybrid Search"]
+        FTS["Keyword (FTS5)"]
         Semantic["Semantic (Vector)"]
         DateRange["Date Range"]
+        RRF["Reciprocal Rank Fusion"]
     end
 
     subgraph GitHub["🐙 GitHub Integration"]
@@ -114,23 +115,28 @@ flowchart TB
 
 ---
 
-## Suggested Rule (Add to AGENTS.md, GEMINI.md, etc)
-
-**ALWAYS PERFORM AT START OF CHATS**: Read `memory://briefing` by default and present the `userMessage` to the user as a formatted bullet list of key facts, including all available fields. When the user prompt or existing briefing clearly indicates a specific repository, additionally read `memory://briefing/{repo}` for that repo.
-
-**CREATE JOURNAL ENTRIES** at natural checkpoints:
-
-- After pushing to main (`milestone` or `technical_note`, tag with version)
-- After significant design decisions or learnings (`project_decision`)
-- After resolving non-trivial bugs (`bug_fix`, link to issue number)
-- Entries should only cover work done in present thread.
-
-**USE PROJECT AND CROSS-PROJECT INSIGHTS** when appropriate:
-
-- Run `get_cross_project_insights` before defining major architectures, new abstractions, or starting cross-cutting work to align with broader repository patterns.
-- Fetch `memory://github/insights` or run `get_repo_insights` to gauge project traction, health, and recent traffic.
-
-**SUGGEST CREATING OR IMPROVING RULES AND SKILLS** as you notice workflow opportunities.
+Suggested Rule (Add to AGENTS.md, GEMINI.md, etc):
+
+🛑 MANDATORY SESSION START ROUTINE
+
+Execute BEFORE fulfilling any user request in a new session:
+
+1. **TARGET**: Infer `repo_name` from the active workspace context or user prompt. If the task is not associated with a specific project, fallback to using the generic resource without a repo name (which defaults to the first registered workspace).
+2. **FETCH**: Use the MCP `read_resource` tool (Server: `memory-journal-mcp`) to read `memory://briefing/{repo_name}` (or `memory://briefing` if falling back).
+   - **RESTRICTION**: Do NOT use `execute_code` for this step.
+3. **RENDER TABLE**: Extract `userMessage` and output it EXCLUSIVELY as a vertical Markdown Table (2 columns: Field and Value).
+   - **RESTRICTION**: NO bulleted lists. NO truncation of arrays or lists.
+   - **REQUIRED MAP**: Output all data comprehensively. Map these fields to the "Field" column:
+     - Application / Project
+     - Journal Entries
+     - Team DB Entries
+     - Latest Entry (Journal)
+     - Latest Entry (Team)
+     - GitHub (Include Repo, Branch, CI Status, Issues, PRs, Insights on separate lines in the Value column)
+     - Milestone Progress
+     - Template Resources (Output count only, not URLs)
+     - Registered Workspaces (Output FULL list of project names)
+     - Available Extensions (Rules, Skills, Workflows)
 
 ---
 
@@ -201,7 +207,7 @@ Control which tools are exposed via `MEMORY_JOURNAL_MCP_TOOL_FILTER` (or CLI: `-
 
 **[Complete prompts guide →](https://github.com/neverinfamous/memory-journal-mcp/wiki/Prompts)**
 
-### 📡 **33 Resources** (20 Static + 13 Template)
+### 📡 **38 Resources** (25 Static + 13 Template)
 
 **Static Resources** (appear in resource lists):
 
@@ -225,6 +231,11 @@ Control which tools are exposed via `MEMORY_JOURNAL_MCP_TOOL_FILTER` (or CLI: `-
 - `memory://team/statistics` - Team entry counts, types, and author breakdown
 - `memory://help` - Tool group index with descriptions and tool counts
 - `memory://help/gotchas` - Field notes, edge cases, and critical usage patterns
+- `memory://metrics/summary` - Aggregate tool call metrics since server start (calls, errors, token estimates, duration) — HIGH priority
+- `memory://metrics/tokens` - Per-tool token usage breakdown sorted by output token cost — MEDIUM priority
+- `memory://metrics/system` - Process-level metrics: memory (MB), uptime (s), Node.js version, platform — MEDIUM priority
+- `memory://metrics/users` - Per-user call counts (populated when OAuth user identifiers are present) — LOW priority
+- `memory://audit` - Last 50 write/admin tool call entries from the JSONL audit log (requires `AUDIT_LOG_PATH`)
 
 **Template Resources** (require parameters, fetch directly by URI):
 
@@ -460,52 +471,58 @@ Each job is error-isolated — a failure in one job won't affect the others. Sch
 
 ### GitHub Integration Configuration
 
-The GitHub tools (`get_github_issues`, `get_github_prs`, etc.) auto-detect the repository from your git context when `GITHUB_REPO_PATH` is configured (shown in the Quick Start config above).
-
-| Environment Variable              | Description                                                                                       |
-| --------------------------------- | ------------------------------------------------------------------------------------------------- |
-| `DB_PATH`                         | Database file location (CLI: `--db`; default: `./memory_journal.db`)                              |
-| `TEAM_DB_PATH`                    | Team database file location (CLI: `--team-db`)                                                    |
-| `TEAM_AUTHOR`                     | Override author name for team entries (default: `git config user.name`)                           |
-| `GITHUB_TOKEN`                    | GitHub personal access token for API access                                                       |
-| `GITHUB_REPO_PATH`                | Path to the git repository for auto-detecting owner/repo                                          |
-| `DEFAULT_PROJECT_NUMBER`          | Default GitHub Project number for auto-assignment when creating issues                            |
-| `PROJECT_REGISTRY`                | JSON map of repos to `{ path, project_number }` for multi-project auto-detection and routing      |
-| `AUTO_REBUILD_INDEX`              | Set to `true` to rebuild vector index on server startup                                           |
-| `MCP_HOST`                        | Server bind host (`0.0.0.0` for containers, default: `localhost`)                                 |
-| `MCP_AUTH_TOKEN`                  | Bearer token for HTTP transport authentication (CLI: `--auth-token`)                              |
-| `MCP_CORS_ORIGIN`                 | Allowed CORS origins for HTTP transport, comma-separated (default: `*`)                           |
-| `MCP_RATE_LIMIT_MAX`              | Max requests per minute per client IP, HTTP only (default: `100`)                                 |
-| `LOG_LEVEL`                       | Log verbosity: `error`, `warn`, `info`, `debug` (default: `info`; CLI: `--log-level`)             |
-| `MCP_ENABLE_HSTS`                 | Enable HSTS security header on HTTP responses (CLI: `--enable-hsts`; default: `false`)            |
-| `OAUTH_ENABLED`                   | Set to `true` to enable OAuth 2.1 authentication (HTTP only)                                      |
-| `OAUTH_ISSUER`                    | OAuth issuer URL (e.g., `https://auth.example.com/realms/mcp`)                                    |
-| `OAUTH_AUDIENCE`                  | Expected JWT audience claim                                                                       |
-| `OAUTH_JWKS_URI`                  | JWKS endpoint for token signature verification                                                    |
-| `BRIEFING_ENTRY_COUNT`            | Journal entries in briefing (CLI: `--briefing-entries`; default: `3`)                             |
-| `BRIEFING_INCLUDE_TEAM`           | Include team DB entries in briefing (`true`/`false`; default: `false`)                            |
-| `BRIEFING_ISSUE_COUNT`            | Issues to list in briefing; `0` = count only (default: `0`)                                       |
-| `BRIEFING_PR_COUNT`               | PRs to list in briefing; `0` = count only (default: `0`)                                          |
-| `BRIEFING_PR_STATUS`              | Show PR status breakdown (open/merged/closed; default: `false`)                                   |
-| `BRIEFING_WORKFLOW_COUNT`         | Workflow runs to list in briefing; `0` = status only (default: `0`)                               |
-| `BRIEFING_WORKFLOW_STATUS`        | Show workflow status breakdown in briefing (default: `false`)                                     |
-| `BRIEFING_COPILOT_REVIEWS`        | Aggregate Copilot review state in briefing (default: `false`)                                     |
-| `RULES_FILE_PATH`                 | Path to user rules file for agent awareness (CLI: `--rules-file`)                                 |
-| `SKILLS_DIR_PATH`                 | Path to skills directory for agent awareness (CLI: `--skills-dir`)                                |
-| `MEMORY_JOURNAL_WORKFLOW_SUMMARY` | Free-text workflow summary for `memory://workflows` (CLI: `--workflow-summary`)                   |
-| `INSTRUCTION_LEVEL`               | Briefing depth: `essential`, `standard`, `full` (CLI: `--instruction-level`; default: `standard`) |
-| `PROJECT_LINT_CMD`                | Project lint command for GitHub Commander validation gates (default: `npm run lint`)              |
-| `PROJECT_TYPECHECK_CMD`           | Project typecheck command (default: `npm run typecheck`; empty = skip)                            |
-| `PROJECT_BUILD_CMD`               | Project build command (default: `npm run build`; empty = skip)                                    |
-| `PROJECT_TEST_CMD`                | Project test command (default: `npm run test`)                                                    |
-| `PROJECT_E2E_CMD`                 | Project E2E test command (default: empty = skip)                                                  |
-| `PROJECT_PACKAGE_MANAGER`         | Package manager override: `npm`, `yarn`, `pnpm`, `bun` (default: auto-detect from lockfile)       |
-| `PROJECT_HAS_DOCKERFILE`          | Enable Docker audit steps (default: auto-detect)                                                  |
-| `COMMANDER_HITL_FILE_THRESHOLD`   | Human-in-the-loop checkpoint if changes touch > N files (default: `10`)                           |
-| `COMMANDER_SECURITY_TOOLS`        | Override security tool auto-detection (comma-separated; default: auto-detect)                     |
-| `COMMANDER_BRANCH_PREFIX`         | Branch naming prefix for PRs (default: `fix`)                                                     |
-
-**Multi-Project Workflows**: For agents to seamlessly support multiple projects, provide **`PROJECT_REGISTRY`** and omit `GITHUB_REPO_PATH`.
+The GitHub tools (`get_github_issues`, `get_github_prs`, etc.) auto-detect the repository from your git context when `PROJECT_REGISTRY` is configured or the MCP server is run inside a git repository.
+
+| Environment Variable | Description                                                             |
+| -------------------- | ----------------------------------------------------------------------- |
+| `DB_PATH`            | Database file location (CLI: `--db`; default: `./memory_journal.db`)    |
+| `TEAM_DB_PATH`       | Team database file location (CLI: `--team-db`)                          |
+| `TEAM_AUTHOR`        | Override author name for team entries (default: `git config user.name`) |
+| `GITHUB_TOKEN`       | GitHub personal access token for API access                             |
+
+| `DEFAULT_PROJECT_NUMBER` | Default GitHub Project number for auto-assignment when creating issues |
+| `GITHUB_REPO_PATH` | Path to a git repository for auto-detecting owner/repo |
+| `PROJECT_REGISTRY` | JSON map of repos to `{ path, project_number }` for multi-project auto-detection and routing |
+| `AUTO_REBUILD_INDEX` | Set to `true` to rebuild vector index on server startup |
+| `MCP_HOST` | Server bind host (`0.0.0.0` for containers, default: `localhost`) |
+| `MCP_AUTH_TOKEN` | Bearer token for HTTP transport authentication (CLI: `--auth-token`) |
+| `MCP_CORS_ORIGIN` | Allowed CORS origins for HTTP transport, comma-separated (default: `*`) |
+| `MCP_RATE_LIMIT_MAX` | Max requests per minute per client IP, HTTP only (default: `100`) |
+| `LOG_LEVEL` | Log verbosity: `error`, `warn`, `info`, `debug` (default: `info`; CLI: `--log-level`) |
+| `MCP_ENABLE_HSTS` | Enable HSTS security header on HTTP responses (CLI: `--enable-hsts`; default: `false`) |
+| `OAUTH_ENABLED` | Set to `true` to enable OAuth 2.1 authentication (HTTP only) |
+| `OAUTH_ISSUER` | OAuth issuer URL (e.g., `https://auth.example.com/realms/mcp`) |
+| `OAUTH_AUDIENCE` | Expected JWT audience claim |
+| `OAUTH_JWKS_URI` | JWKS endpoint for token signature verification |
+| `BRIEFING_ENTRY_COUNT` | Journal entries in briefing (CLI: `--briefing-entries`; default: `3`) |
+| `BRIEFING_INCLUDE_TEAM` | Include team DB entries in briefing (`true`/`false`; default: `false`) |
+| `BRIEFING_ISSUE_COUNT` | Issues to list in briefing; `0` = count only (default: `0`) |
+| `BRIEFING_PR_COUNT` | PRs to list in briefing; `0` = count only (default: `0`) |
+| `BRIEFING_PR_STATUS` | Show PR status breakdown (open/merged/closed; default: `false`) |
+| `BRIEFING_WORKFLOW_COUNT` | Workflow runs to list in briefing; `0` = status only (default: `0`) |
+| `BRIEFING_WORKFLOW_STATUS` | Show workflow status breakdown in briefing (default: `false`) |
+| `BRIEFING_COPILOT_REVIEWS` | Aggregate Copilot review state in briefing (default: `false`) |
+| `RULES_FILE_PATH` | Path to user rules file for agent awareness (CLI: `--rules-file`) |
+| `SKILLS_DIR_PATH` | Path to skills directory for agent awareness (CLI: `--skills-dir`) |
+| `MEMORY_JOURNAL_WORKFLOW_SUMMARY` | Free-text workflow summary for `memory://workflows` (CLI: `--workflow-summary`) |
+| `INSTRUCTION_LEVEL` | Briefing depth: `essential`, `standard`, `full` (CLI: `--instruction-level`; default: `standard`) |
+| `PROJECT_LINT_CMD` | Project lint command for GitHub Commander validation gates (default: `npm run lint`) |
+| `PROJECT_TYPECHECK_CMD` | Project typecheck command (default: `npm run typecheck`; empty = skip) |
+| `PROJECT_BUILD_CMD` | Project build command (default: `npm run build`; empty = skip) |
+| `PROJECT_TEST_CMD` | Project test command (default: `npm run test`) |
+| `PROJECT_E2E_CMD` | Project E2E test command (default: empty = skip) |
+| `PROJECT_PACKAGE_MANAGER` | Package manager override: `npm`, `yarn`, `pnpm`, `bun` (default: auto-detect from lockfile) |
+| `PROJECT_HAS_DOCKERFILE` | Enable Docker audit steps (default: auto-detect) |
+| `COMMANDER_HITL_FILE_THRESHOLD` | Human-in-the-loop checkpoint if changes touch > N files (default: `10`) |
+| `COMMANDER_SECURITY_TOOLS` | Override security tool auto-detection (comma-separated; default: auto-detect) |
+| `COMMANDER_BRANCH_PREFIX` | Branch naming prefix for PRs (default: `fix`) |
+| `AUDIT_LOG_PATH` | Path for the JSONL audit log of write/admin tool calls. Rotates at 10 MB (keeps 5 archives). Omit to disable audit logging. |
+| `AUDIT_REDACT` | Set to `true` to omit tool arguments from audit log entries for privacy (default: `false`) |
+| `AUDIT_READS` | Log read-scoped tool calls in addition to write/admin (CLI: `--audit-reads`; default: `false`) |
+| `AUDIT_LOG_MAX_SIZE` | Maximum audit log file size in bytes before rotation (CLI: `--audit-log-max-size`; default: `10485760`) |
+| `MCP_METRICS_ENABLED` | Set to `false` to disable in-memory tool call metrics accumulation (default: `true`) |
+
+**Multi-Project Workflows**: For agents to seamlessly support multiple projects, provide **`PROJECT_REGISTRY`**.
 
 #### Dynamic Context Resolution & Auto-Detection
 
@@ -642,7 +659,7 @@ flowchart TB
 ┌─────────────────────────────────────────────────────────────┐
 │ MCP Server Layer (TypeScript)                               │
 │  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────┐  │
-│  │ Tools (61)      │  │ Resources (33)  │  │ Prompts (17)│  │
+│  │ Tools (61)      │  │ Resources (38)  │  │ Prompts (17)│  │
 │  │ with Annotations│  │ with Annotations│  │             │  │
 │  └─────────────────┘  └─────────────────┘  └─────────────┘  │
 ├─────────────────────────────────────────────────────────────┤
@@ -674,9 +691,9 @@ flowchart TB
 
 Memory Journal is designed for extremely low overhead during AI task execution. We include a `vitest bench` suite to maintain these baseline guarantees:
 
-- **Database Reads**: Operations execute in fractions of a millisecond. `calculateImportance` is ~13x faster than retrieving 50 recent entries.
-- **Vector Search Engine**: Both search (~220 ops/sec) and indexing (~1600+ ops/sec) are high-throughput via `sqlite-vec` with SQL-native KNN queries.
-- **Core MCP Routines**: `getTools` uses cached O(1) dispatch (~4800x faster than `get_recent_entries`). `create_entry` and `search_entries` execute through the full MCP layer with sub-millisecond overhead.
+- **Database Reads**: Operations execute in fractions of a millisecond. `calculateImportance` is ~13-14x faster than retrieving 50 recent entries.
+- **Vector Search Engine**: Both search (~140-220 ops/sec) and indexing (~1600-1900+ ops/sec) are high-throughput via `sqlite-vec` with SQL-native KNN queries.
+- **Core MCP Routines**: `getTools` uses cached O(1) dispatch (~4800-7000x faster than `get_recent_entries`). `create_entry` and `search_entries` execute through the full MCP layer with sub-millisecond overhead.
 
 To run the benchmarking suite locally: