memory-journal-mcp 7.2.0 → 7.4.0

package/dist/{chunk-IWKLHSPU.js → chunk-WXDEVIFL.js}

@@ -35,7 +35,7 @@ var ERROR_SUGGESTIONS = [
   {
     pattern: /SQLITE_CONSTRAINT|unique constraint/i,
     suggestion: "A uniqueness or integrity constraint was violated. Check input values.",
-    code: "VALIDATION_FAILED"
+    code: "VALIDATION_ERROR"
   },
   // Disk / space patterns
   {
@@ -46,18 +46,18 @@ var ERROR_SUGGESTIONS = [
   {
     pattern: /malformed|invalid json|unexpected token/i,
     suggestion: "The input appears malformed. Check the format and try again.",
-    code: "VALIDATION_FAILED"
+    code: "VALIDATION_ERROR"
   },
   // Schema / types patterns
   {
     pattern: /invalid input syntax for type|requires a.*column/i,
     suggestion: "The provided value is not valid for the assigned type.",
-    code: "VALIDATION_FAILED"
+    code: "VALIDATION_ERROR"
   },
   {
     pattern: /^Missing required parameters:/i,
     suggestion: "Provide all required parameters in your request.",
-    code: "VALIDATION_FAILED"
+    code: "VALIDATION_ERROR"
   },
   // Codemode / Sandbox patterns
   {
@@ -68,7 +68,7 @@ var ERROR_SUGGESTIONS = [
   {
     pattern: /code validation failed/i,
     suggestion: "Check for blocked patterns. Use mj.* API instead.",
-    code: "VALIDATION_FAILED"
+    code: "VALIDATION_ERROR"
   },
   {
     pattern: /sandbox.*not initialized/i,
@@ -148,7 +148,7 @@ var QueryError = class extends MemoryJournalMcpError {
 };
 var ValidationError = class extends MemoryJournalMcpError {
   constructor(message, details) {
-    super(message, "VALIDATION_FAILED", "validation" /* VALIDATION */, {
+    super(message, "VALIDATION_ERROR", "validation" /* VALIDATION */, {
       suggestion: "Check input parameters against the tool schema",
       recoverable: false,
       details

package/dist/cli.js

@@ -1,7 +1,7 @@
-import { VERSION, createServer } from './chunk-GR4T3SRW.js';
-import { DEFAULT_AUDIT_LOG_MAX_SIZE_BYTES } from './chunk-ORV7ZZOE.js';
+import { VERSION, createServer } from './chunk-5ZA77VUW.js';
+import { DEFAULT_AUDIT_LOG_MAX_SIZE_BYTES } from './chunk-P5V2VY6N.js';
 import './chunk-OKOVZ5QE.js';
-import { logger } from './chunk-IWKLHSPU.js';
+import { logger } from './chunk-WXDEVIFL.js';
 import { Command } from 'commander';
 import * as fs from 'fs';
 
@@ -35,6 +35,10 @@ program.name("memory-journal-mcp").description("Project context management for A
   "--rebuild-index-interval <minutes>",
   "Vector index rebuild interval in minutes, HTTP only (0 = disabled)",
   "0"
+).option(
+  "--digest-interval <minutes>",
+  "Analytics digest interval in minutes, HTTP only (0 = disabled; recommended: 1440 for daily)",
+  "0"
 ).option(
   "--sandbox-mode <mode>",
   'Code Mode sandbox: "worker" (production, default) or "vm" (lightweight)',
@@ -150,7 +154,8 @@ program.name("memory-journal-mcp").description("Project context management for A
           backupIntervalMinutes: parseInt(options.backupInterval, 10),
           keepBackups: parseInt(options.keepBackups, 10),
           vacuumIntervalMinutes: parseInt(options.vacuumInterval, 10),
-          rebuildIndexIntervalMinutes: parseInt(options.rebuildIndexInterval, 10)
+          rebuildIndexIntervalMinutes: parseInt(options.rebuildIndexInterval, 10),
+          digestIntervalMinutes: parseInt(options.digestInterval, 10)
         },
         sandboxMode: options.sandboxMode,
         // OAuth 2.1

package/dist/github-integration-YODGZH3K.js

@@ -0,0 +1 @@
+export { GitHubIntegration } from './chunk-WXDEVIFL.js';

package/dist/index.d.ts

@@ -383,7 +383,7 @@ interface IDatabaseAdapter {
     getEntryByIdIncludeDeleted(id: number): JournalEntry | null;
     getEntriesByIds(ids: number[]): Map<number, JournalEntry>;
     calculateImportance(entryId: number): ImportanceResult;
-    getRecentEntries(limit?: number, isPersonal?: boolean): JournalEntry[];
+    getRecentEntries(limit?: number, isPersonal?: boolean, sortBy?: 'timestamp' | 'importance'): JournalEntry[];
     getEntriesPage(offset: number, limit: number): JournalEntry[];
     getActiveEntryCount(): number;
     updateEntry(id: number, updates: {
@@ -405,6 +405,7 @@ interface IDatabaseAdapter {
         entryType?: EntryType;
         startDate?: string;
         endDate?: string;
+        sortBy?: 'timestamp' | 'importance';
     }): JournalEntry[];
     searchByDateRange(startDate: string, endDate: string, options?: {
         entryType?: EntryType;
@@ -415,6 +416,7 @@ interface IDatabaseAdapter {
         prNumber?: number;
         workflowRunId?: number;
         limit?: number;
+        sortBy?: 'timestamp' | 'importance';
     }): JournalEntry[];
     getStatistics(groupBy?: 'day' | 'week' | 'month' | 'year', startDate?: string, endDate?: string, projectBreakdown?: boolean): Record<string, unknown>;
     getTagsForEntry(entryId: number): string[];
@@ -468,6 +470,17 @@ interface IDatabaseAdapter {
     getRawDb(): unknown;
     pragma(command: string): void;
     executeRawQuery(sql: string, params?: unknown[]): QueryResult[];
+    saveAnalyticsSnapshot(type: string, data: Record<string, unknown>): number;
+    getLatestAnalyticsSnapshot(type: string): {
+        id: number;
+        createdAt: string;
+        data: Record<string, unknown>;
+    } | null;
+    getAnalyticsSnapshots(type: string, limit?: number): {
+        id: number;
+        createdAt: string;
+        data: Record<string, unknown>;
+    }[];
 }
 
 /**
@@ -488,6 +501,8 @@ interface SchedulerOptions {
     vacuumIntervalMinutes: number;
     /** Vector index rebuild interval in minutes (0 = disabled) */
     rebuildIndexIntervalMinutes: number;
+    /** Analytics digest interval in minutes (0 = disabled; recommended: 1440 for daily) */
+    digestIntervalMinutes: number;
 }
 
 /**
@@ -510,7 +525,7 @@ type SandboxMode = 'vm' | 'worker';
 /**
  * Tool group definitions mapping group names to tool names
  *
- * All 67 tools are categorized here for filtering support.
+ * All 68 tools are categorized here for filtering support.
  */
 declare const TOOL_GROUPS: Record<ToolGroup, string[]>;
 /**

package/dist/index.js

@@ -1,7 +1,7 @@
-export { VERSION, createServer } from './chunk-GR4T3SRW.js';
-export { META_GROUPS, TOOL_GROUPS, calculateTokenSavings, filterTools, getAllToolNames, getFilterSummary, getToolFilterFromEnv, getToolGroup, isToolEnabled, parseToolFilter } from './chunk-ORV7ZZOE.js';
+export { VERSION, createServer } from './chunk-5ZA77VUW.js';
+export { META_GROUPS, TOOL_GROUPS, calculateTokenSavings, filterTools, getAllToolNames, getFilterSummary, getToolFilterFromEnv, getToolGroup, isToolEnabled, parseToolFilter } from './chunk-P5V2VY6N.js';
 import './chunk-OKOVZ5QE.js';
-export { logger } from './chunk-IWKLHSPU.js';
+export { logger } from './chunk-WXDEVIFL.js';
 
 // src/types/index.ts
 var DEFAULT_CONFIG = {

package/dist/{tools-CXR2FEB2.js → tools-WZUENKJ6.js}

@@ -1,3 +1,3 @@
-export { callTool, getGlobalAuditLogger, getTools, initializeAuditLogger } from './chunk-ORV7ZZOE.js';
+export { callTool, getGlobalAuditLogger, getTools, initializeAuditLogger } from './chunk-P5V2VY6N.js';
 import './chunk-OKOVZ5QE.js';
-import './chunk-IWKLHSPU.js';
+import './chunk-WXDEVIFL.js';

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "memory-journal-mcp",
-    "version": "7.2.0",
+    "version": "7.4.0",
     "description": "Project context management for AI-assisted development - Persistent knowledge graphs and intelligent context recall across fragmented AI threads",
     "type": "module",
     "main": "dist/index.js",
@@ -17,8 +17,8 @@
     "scripts": {
         "build": "tsup",
         "dev": "tsc --watch",
-        "lint": "eslint src/",
-        "lint:fix": "eslint src/ --fix",
+        "lint": "eslint src/ tests/",
+        "lint:fix": "eslint src/ tests/ --fix",
         "typecheck": "tsc --noEmit",
         "check": "npm run lint && npm run typecheck",
         "test": "vitest run",
@@ -76,7 +76,7 @@
         "@playwright/test": "^1.59.1",
         "@types/better-sqlite3": "^7.6.13",
         "@types/express": "^5.0.6",
-        "@types/node": "^25.5.2",
+        "@types/node": "^25.6.0",
         "@vitest/coverage-v8": "^4.1.3",
         "eslint": "^10.2.0",
         "globals": "^17.4.0",

package/skills/README.md

@@ -42,18 +42,22 @@ The markdown body contains the full instructions the agent follows once the skil
 | ---------------------- | --------------------------------------------------------------------------------------------------------------------- |
 | `autonomous-dev`       | Harness for autonomous software development — alignment gates, adversarial agents, Git workflows, and CI/CD pipelines |
 | `bun`                  | Master the Bun all-in-one toolkit — runtime, package manager, test runner, and bundler                                |
+| `docker`               | Production-grade Docker — multi-stage builds, security hardening, Compose v2, BuildKit, and CI/CD integration         |
+| `github-actions`       | GitHub Actions CI/CD — SHA pinning, reusable workflows, caching, matrix strategies, and artifacts v4                  |
 | `github-commander`     | GitHub pipeline workflows for orchestrating issues, regressions, and deployments                                      |
 | `gitlab`               | Specialized assistant skill for managing repositories, code search, and CI/CD in GitLab                               |
 | `golang`               | Master Go development with production-grade best practices from Google and Uber style guides                          |
-| `typescript`           | Enterprise-grade TypeScript development with type-safe patterns, Zod validation, and modern tooling                   |
 | `mysql`                | Enterprise MySQL production rules — query safety, connection pooling, strict schema configurations                    |
 | `playwright-standard`  | Opinionated guidance for Playwright E2E/API tests, Page Object Models, and CI/CD resilience                           |
 | `postgres`             | Advanced PostgreSQL patterns — indexing layouts, JSONB querying, transactional guardrails, and RLS                    |
+| `python`               | Modern Python engineering — uv, ruff, type hints, pytest, Pydantic v2, and src/ layout project structure              |
 | `react-best-practices` | Vercel engineering guidelines for React/Next.js performance, hooks, and bundle optimization                           |
 | `rust`                 | Master Rust development using a layer-based "meta-cognition" framework for borrowing, lifetimes, and architecture     |
 | `shadcn-ui`            | Deep knowledge of shadcn/ui components, patterns, forms, and best practices                                           |
 | `skill-builder`        | Guide for creating, evaluating, and refining agent skills — progressive disclosure, triggers, and testing             |
 | `sqlite`               | Production configurations for concurrency (WAL), typing (STRICT), and data integrity                                  |
+| `tailwind-css`         | Tailwind CSS v4 — CSS-first configuration, @theme directive, dark mode, responsive design, and v3 migration           |
+| `typescript`           | Enterprise-grade TypeScript development with type-safe patterns, Zod validation, and modern tooling                   |
 | `vitest-standard`      | Comprehensive unit testing expertise covering Vitest, TDD, mocking strategies, and test architecture                  |
 
 ## GitHub Commander Workflows

package/skills/docker/SKILL.md

@@ -0,0 +1,262 @@
+---
+name: docker
+description: |
+  Production-grade Docker and container best practices. Use when writing
+  Dockerfiles, configuring Docker Compose, optimizing image size and build
+  speed, implementing security hardening, or debugging container issues.
+  Triggers on "Docker", "Dockerfile", "container", "Compose", "BuildKit",
+  "multi-stage build", "image size", "docker-compose".
+---
+
+# Docker & Container Engineering Standards
+
+This skill codifies 2026 Docker best practices — secure, minimal, reproducible container images using BuildKit, multi-stage builds, and Compose v2.
+
+## 1. Dockerfile Fundamentals
+
+### Always Start With BuildKit Syntax
+
+```dockerfile
+# syntax=docker/dockerfile:1
+```
+
+Place this as the **first line** of every Dockerfile. It enables:
+
+- Parallel stage execution
+- Cache mounts (`--mount=type=cache`)
+- Secret mounts (`--mount=type=secret`)
+- Reproducible builds across Docker versions
+
+### Base Image Selection
+
+| Use Case    | Recommended Base          | Why                                     |
+| ----------- | ------------------------- | --------------------------------------- |
+| **Node.js** | `node:22-slim`            | Debian Slim — small, has essential libs |
+| **Python**  | `python:3.13-slim`        | Minimal Debian, no build tools          |
+| **Go**      | `scratch` or `distroless` | Static binary needs nothing             |
+| **General** | `debian:bookworm-slim`    | Stable, well-patched, small             |
+
+- **NEVER** use `:latest` — always pin to a specific version tag
+- **Prefer `-slim` variants** over full images to reduce attack surface
+- **Consider `distroless`** for production — no shell, no package manager = minimal attack surface
+
+## 2. Multi-Stage Builds (Required for Production)
+
+Multi-stage builds are **mandatory** for any production image. They separate build-time dependencies from runtime.
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ── Stage 1: Build ─────────────────────────────
+FROM node:22-slim AS builder
+WORKDIR /app
+COPY package.json pnpm-lock.yaml ./
+RUN corepack enable && pnpm install --frozen-lockfile
+COPY . .
+RUN pnpm run build
+
+# ── Stage 2: Runtime ───────────────────────────
+FROM node:22-slim AS runtime
+WORKDIR /app
+ENV NODE_ENV=production
+
+# Create non-root user
+RUN groupadd -r appgroup && useradd -r -g appgroup appuser
+
+# Copy ONLY production artifacts
+COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/node_modules ./node_modules
+COPY --from=builder /app/package.json ./
+
+USER appuser
+EXPOSE 3000
+CMD ["node", "dist/index.js"]
+```
+
+### Key Rules
+
+- **Name every stage**: `FROM ... AS builder` — makes builds readable and targetable
+- **Copy only artifacts**: Use `COPY --from=builder` to cherry-pick built files
+- **Never install dev dependencies in the runtime stage**
+- **The runtime stage should have ZERO build tools** (no compilers, no git, no curl)
+
+## 3. Security Hardening
+
+### Non-Root Execution (Mandatory)
+
+```dockerfile
+# Create a system user with no home directory, no login shell
+RUN groupadd -r appgroup && useradd -r -g appgroup -s /usr/sbin/nologin appuser
+
+# Switch to the non-root user BEFORE CMD
+USER appuser
+```
+
+- **NEVER** run containers as root in production
+- **NEVER** use `--privileged` flag unless absolutely required
+- **Set `USER` as late as possible** — after all `RUN` commands that need root
+
+### Secret Handling
+
+```dockerfile
+# ✅ Good: BuildKit secret mount (never stored in layers)
+RUN --mount=type=secret,id=npm_token \
+    NPM_TOKEN=$(cat /run/secrets/npm_token) \
+    npm config set //registry.npmjs.org/:_authToken=$NPM_TOKEN
+
+# ❌ Bad: ARG/ENV secrets (visible in image history)
+ARG NPM_TOKEN
+ENV NPM_TOKEN=$NPM_TOKEN
+```
+
+- **NEVER** use `ARG` or `ENV` for secrets — they are baked into image layers
+- **NEVER** `COPY` `.env` files into the image
+- Use `--mount=type=secret` (BuildKit) for build-time secrets
+- Use Docker Compose `secrets:` or orchestrator secrets for runtime
+
+### Vulnerability Scanning
+
+```bash
+docker scout cves <image>          # Docker Scout
+trivy image <image>                # Trivy (open source)
+grype <image>                      # Grype (Anchore)
+```
+
+- Run scanning in CI — **hard-fail** on HIGH/CRITICAL vulnerabilities
+- Never use `continue-on-error: true` for security gates
+
+## 4. Layer Optimization
+
+### Instruction Ordering
+
+Docker caches each layer. Order instructions from **least-changing to most-changing**:
+
+```dockerfile
+# 1. Base image (rarely changes)
+FROM node:22-slim
+
+# 2. System deps (changes infrequently)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    dumb-init \
+    && rm -rf /var/lib/apt/lists/*
+
+# 3. Application deps (changes when lock file changes)
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
+# 4. Application code (changes most frequently)
+COPY . .
+RUN pnpm build
+```
+
+### Cache Mounts (BuildKit)
+
+```dockerfile
+# Cache package manager downloads between builds
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install -r requirements.txt
+```
+
+### `.dockerignore` (Required)
+
+Create a `.dockerignore` in every project with a Dockerfile:
+
+```
+.git
+.github
+node_modules
+dist
+*.md
+.env*
+.vscode
+.idea
+tmp/
+coverage/
+```
+
+- **ALWAYS** exclude `.git` — it can be hundreds of MB
+- **ALWAYS** exclude `node_modules` — reinstall inside the container
+- **ALWAYS** exclude `.env*` — prevents secret leaks
+
+## 5. Docker Compose v2
+
+### Structure
+
+```yaml
+# docker-compose.yml
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      target: runtime # Target a specific stage
+    ports:
+      - '3000:3000'
+    environment:
+      NODE_ENV: production
+    depends_on:
+      db:
+        condition: service_healthy
+    restart: unless-stopped
+
+  db:
+    image: postgres:17-alpine
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
+    secrets:
+      - db_password
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -U postgres']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  pgdata:
+
+secrets:
+  db_password:
+    file: ./secrets/db_password.txt
+```
+
+### Best Practices
+
+- **Use `depends_on` with health checks** — not just service start order
+- **Use named volumes** for persistent data — never bind-mount the entire project in production
+- **Use environment files** (`env_file:`) for non-secret config
+- **Use `secrets:`** for credentials — they are mounted as files, not env vars
+- **Pin image versions** — `postgres:17-alpine`, not `postgres:latest`
+
+## 6. CI/CD Integration
+
+### GitHub Actions Pattern
+
+```yaml
+- name: Build and push
+  uses: docker/build-push-action@<sha>
+  with:
+    context: .
+    push: true
+    tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
+    cache-from: type=gha
+    cache-to: type=gha,mode=max
+```
+
+- **Use GitHub Actions cache** (`type=gha`) for CI builds
+- **Tag with commit SHA** — never `:latest` for production
+- **Scan before push** — run vulnerability scanning as a build step
+
+## 7. Anti-Patterns (Never Do These)
+
+| Anti-Pattern               | Why It's Wrong                          | Do This Instead                                 |
+| -------------------------- | --------------------------------------- | ----------------------------------------------- |
+| `FROM ubuntu:latest`       | Unpinned, large, unpredictable          | Pin version, use `-slim`                        |
+| `RUN apt-get update` alone | Cache goes stale across builds          | Combine with `install` in one `RUN`             |
+| `ADD` for local files      | Unpredictable (auto-extracts)           | Use `COPY` explicitly                           |
+| Multiple `RUN apt-get`     | Creates unnecessary layers              | Chain with `&&` in one `RUN`                    |
+| `COPY . .` before deps     | Breaks layer cache on every code change | Copy lock file first, install, then copy source |
+| Running as root            | Security vulnerability                  | Create and switch to `appuser`                  |
+| Secrets in `ENV`/`ARG`     | Visible in image history                | Use `--mount=type=secret`                       |
+| No `.dockerignore`         | Bloated context, potential secret leaks | Always create one                               |