memory-journal-mcp 7.4.0 → 7.6.0

package/dist/worker-script.js

@@ -1,8 +1,36 @@
-import { transformAutoReturn } from './chunk-OKOVZ5QE.js';
-import { workerData, parentPort } from 'worker_threads';
+import { parentPort } from 'worker_threads';
 import * as vm from 'vm';
 
-var { code, methodList, timeoutMs, rpcPort: workerRpcPort } = workerData;
+// src/codemode/worker-script.ts
+
+// src/codemode/auto-return.ts
+var NON_RETURNABLE = /^\s*(return|throw|const |let |var |if\b|else\b|for\b|while\b|do\b|switch\b|try\b|catch\b|finally\b|class |function |\/\/|\/\*|\{|\})/;
+function transformAutoReturn(code) {
+  const trimmed = code.trimEnd();
+  if (!trimmed) return code;
+  let depth = 0;
+  let splitIndex = -1;
+  for (let i = trimmed.length - 1; i >= 0; i--) {
+    const ch = trimmed.charAt(i);
+    if (ch === "}" || ch === "]" || ch === ")") depth++;
+    else if (ch === "{" || ch === "[" || ch === "(") depth--;
+    if (depth === 0 && (ch === ";" || ch === "\n")) {
+      splitIndex = i;
+      break;
+    }
+  }
+  const lastStmt = (splitIndex >= 0 ? trimmed.slice(splitIndex + 1) : trimmed).trim();
+  if (!lastStmt) return code;
+  if (NON_RETURNABLE.test(lastStmt)) return code;
+  if (splitIndex >= 0) {
+    const before = trimmed.slice(0, splitIndex + 1);
+    return `${before}
+return ${lastStmt}`;
+  }
+  return `return ${trimmed}`;
+}
+
+// src/codemode/worker-script.ts
 var rpcPort = null;
 var rpcIdCounter = 0;
 var pendingRpcRequests = /* @__PURE__ */ new Map();
@@ -62,7 +90,7 @@ function buildApiProxy(methods) {
   };
   return api;
 }
-async function executeCode() {
+async function executeCode(code, methodList, timeoutMs) {
   const startCpu = process.cpuUsage();
   const startTime = performance.now();
   try {
@@ -76,7 +104,6 @@ async function executeCode() {
         info: (...args) => args,
         debug: (...args) => args
       },
-      // Nulled globals
       setTimeout: void 0,
       setInterval: void 0,
       setImmediate: void 0,
@@ -88,7 +115,11 @@ async function executeCode() {
       globalThis: void 0
     };
     const context = vm.createContext(sandbox, {
-      name: "codemode-worker-sandbox"
+      name: "codemode-worker-sandbox",
+      codeGeneration: {
+        strings: false,
+        wasm: false
+      }
     });
     const wrappedCode = `(async () => { ${transformAutoReturn(code)} })()`;
     const script = new vm.Script(wrappedCode, {
@@ -104,7 +135,6 @@ async function executeCode() {
       wallTimeMs: Math.round(endTime - startTime),
       cpuTimeMs: Math.round((endCpu.user + endCpu.system) / 1e3),
       memoryUsedMb: 0
-      // Measured on host side via RSS delta
     };
     return { success: true, result, metrics };
   } catch (err) {
@@ -124,21 +154,81 @@ async function executeCode() {
     };
   }
 }
-rpcPort = workerRpcPort;
-rpcPort.ref();
-rpcPort.on("message", (response) => {
-  const pending = pendingRpcRequests.get(response.id);
-  if (pending) {
-    pendingRpcRequests.delete(response.id);
-    if (response.error) {
-      pending.reject(new Error(response.error));
-    } else {
-      pending.resolve(response.result);
+parentPort?.on("message", (msg) => {
+  void (async () => {
+    if (msg !== null && msg !== void 0 && typeof msg === "object" && "type" in msg && msg.type === "EXECUTE") {
+      const executeMsg = msg;
+      const {
+        id,
+        code,
+        methodList,
+        timeoutMs,
+        maxResultSize,
+        rpcPort: newRpcPort
+      } = executeMsg;
+      rpcPort = newRpcPort;
+      rpcIdCounter = 0;
+      pendingRpcRequests.clear();
+      rpcPort?.on("message", (response) => {
+        const pending = pendingRpcRequests.get(response.id);
+        if (pending) {
+          pendingRpcRequests.delete(response.id);
+          if (response.error) {
+            pending.reject(new Error(response.error));
+          } else {
+            pending.resolve(response.result);
+          }
+        }
+      });
+      const result = await executeCode(code, methodList, timeoutMs ?? 3e4);
+      if (result.success) {
+        try {
+          const egressLimit = maxResultSize ?? 100 * 1024;
+          let bytes = 0;
+          const cache = /* @__PURE__ */ new Set();
+          const resultJson = JSON.stringify(
+            result.result,
+            (_key, value) => {
+              if (typeof value === "object" && value !== null) {
+                if (cache.has(value)) return "[Circular]";
+                cache.add(value);
+              }
+              if (typeof value === "string") {
+                bytes += Buffer.byteLength(value, "utf8") + 2;
+              } else if (typeof value === "number" || typeof value === "boolean") {
+                bytes += Buffer.byteLength(String(value), "utf8");
+              } else {
+                bytes += 5;
+              }
+              if (bytes > egressLimit) {
+                throw new Error(`EgressLimitExceeded:${bytes}`);
+              }
+              return value;
+            }
+          );
+          if (resultJson !== void 0) {
+            const byteLength = Buffer.byteLength(resultJson, "utf8");
+            if (byteLength > egressLimit) {
+              throw new Error(`EgressLimitExceeded:${byteLength}`);
+            }
+          }
+        } catch (err) {
+          result.success = false;
+          const egressLimit = maxResultSize ?? 100 * 1024;
+          if (err instanceof Error && err.message.startsWith("EgressLimitExceeded:")) {
+            const actualBytesStr = err.message.split(":")[1];
+            const actualBytes = actualBytesStr !== void 0 ? Number(actualBytesStr) : egressLimit + 1;
+            const actualKb = (actualBytes / 1024).toFixed(1);
+            result.error = `Output limit exceeded: Result serialization exceeded the ${Math.round(egressLimit / 1024)}KB boundary (Actual size: >${actualKb}KB). Please aggregate or filter your results to reduce the payload size.`;
+          } else {
+            result.error = `Result could not be serialized or exceeded memory limits: ${err instanceof Error ? err.message : String(err)}`;
+          }
+          result.result = void 0;
+        }
+      }
+      rpcPort?.close();
+      rpcPort = null;
+      parentPort?.postMessage({ type: "RESULT", id, result });
     }
-  }
-});
-void executeCode().then((result) => {
-  rpcPort?.unref();
-  rpcPort?.close();
-  parentPort?.postMessage(result);
+  })();
 });

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "memory-journal-mcp",
-    "version": "7.4.0",
+    "version": "7.6.0",
     "description": "Project context management for AI-assisted development - Persistent knowledge graphs and intelligent context recall across fragmented AI threads",
     "type": "module",
     "main": "dist/index.js",
@@ -25,8 +25,10 @@
         "test:watch": "vitest",
         "test:coverage": "vitest run --coverage && npx tsx scripts/update-badges.ts",
         "bench": "vitest bench --run",
+        "pretest:e2e": "node -e \"fs.rmSync('.test-output/e2e', { recursive: true, force: true })\"",
         "test:e2e": "playwright test",
-        "generate:instructions": "node scripts/generate-server-instructions.ts"
+        "generate:instructions": "node scripts/generate-server-instructions.ts",
+        "prepublishOnly": "npm run check && npm run test && npm run build"
     },
     "keywords": [
         "mcp",
@@ -88,6 +90,7 @@
     "overrides": {
         "axios": "^1.13.6",
         "brace-expansion": "^2.0.2",
+        "diff": "9.0.0",
         "glob": "^11.1.0",
         "onnxruntime-web": "npm:empty-npm-package@1.0.0",
         "sharp": "npm:empty-npm-package@1.0.0",

package/skills/README.md

@@ -45,6 +45,7 @@ The markdown body contains the full instructions the agent follows once the skil
 | `docker`               | Production-grade Docker — multi-stage builds, security hardening, Compose v2, BuildKit, and CI/CD integration         |
 | `github-actions`       | GitHub Actions CI/CD — SHA pinning, reusable workflows, caching, matrix strategies, and artifacts v4                  |
 | `github-commander`     | GitHub pipeline workflows for orchestrating issues, regressions, and deployments                                      |
+| `github-copilot-cli`   | Adversarial pre-push validation and full repository code audits driven by the @github/copilot terminal harness        |
 | `gitlab`               | Specialized assistant skill for managing repositories, code search, and CI/CD in GitLab                               |
 | `golang`               | Master Go development with production-grade best practices from Google and Uber style guides                          |
 | `mysql`                | Enterprise MySQL production rules — query safety, connection pooling, strict schema configurations                    |
@@ -67,6 +68,7 @@ This package natively bundles the `github-commander` skill, which equips your AI
 - **`issue-triage`**: End-to-end bug replication, PR submission, and Kanban lifecycle linking.
 - **`milestone-sprint`**: Sequential traversal of all open issues mapped to a specific release target.
 - **`pr-review`**: Exhaustive local execution, typechecking, and heuristic code reviews against base branches.
+- **`copilot-audit`**: AI-evaluating-AI adversarial evaluations covering localized diffs and whole codebases.
 - **`security-audit`**: Deep Trivy/CodeQL supply chain matrix evaluation.
 - **`code-quality-audit`**: Enforcement of project guidelines, strict-typing boundaries, and import normalization.
 - **`perf-audit`**: Bundle-size constraints, runtime hot-path execution, and CI/CD cache-hit evaluations.

package/skills/github-commander/SKILL.md

@@ -39,6 +39,7 @@ Load this skill when any of these apply:
 | ----------------------- | --------------------------------- | ------------------------------------------- |
 | **Issue Triage**        | `workflows/issue-triage.md`       | Fix a single GitHub issue end-to-end        |
 | **PR Review**           | `workflows/pr-review.md`          | Review a PR with validation pipeline        |
+| **Copilot Audit**       | `workflows/copilot-audit.md`      | Adversarial Copilot CLI repo/PR review      |
 | **Milestone Sprint**    | `workflows/milestone-sprint.md`   | Work through milestone issues sequentially  |
 | **Roadmap Kickoff**     | `workflows/roadmap-kickoff.md`    | Translate planning epics into Kanban issues |
 | **Update Dependencies** | `workflows/update-deps.md`        | Dependency update with audit trail          |

package/skills/github-commander/workflows/copilot-audit.md

@@ -0,0 +1,50 @@
+# GitHub Copilot CLI Pre-Push Audit Workflow
+
+This workflow orchestrates an AI-driven adversarial review using the GitHub Copilot CLI (`@github/copilot`). It acts as a strict secondary validation layer (a "second opinion") across both localized logic changes (PR reviews) and full repository inspections.
+
+## Phase 1: Environment Readiness & Authentication
+
+1. **Verify Copilot CLI Presence**:
+   Run `npm list -g @github/copilot`.
+   If missing, install it automatically: `npm i -g @github/copilot`.
+
+2. **Verify Authentication**:
+   Ensure the CLI is authenticated via `copilot auth`. If the user has not authenticated, pause the agentic execution and prompt them to authorize via the browser endpoint.
+
+## Phase 2: Execution Targeting (The Audit Context)
+
+Determine whether this is a localized Feature Branch (Pre-Push PR) review or a whole Codebase Audit.
+
+### Path A: Pre-Push PR Review
+
+1. Diff the current working branch against the primary target (e.g., `main` or `master`).
+2. **Execute Single-Shot Evaluation Buffer**:
+   ```bash
+   git diff main | copilot "Act as an extremely strict, senior PR reviewer. Review this submitted git diff. Analyze edge cases, logic gaps, unhandled bounds, typescript compliance, and security flaws. Produce a Markdown-formatted table of defects."
+   ```
+
+### Path B: Comprehensive Codebase Review
+
+1. **Execute Single-Shot Codebase Buffer**:
+   ```bash
+   echo "Act as an adversarial security and performance auditor. Perform a comprehensive analysis of all files in this repository. Point out bad architectural couplings, injection vectors, unhandled error flows, and data boundaries that are not explicit. Output as a detailed Markdown report." | copilot
+   ```
+
+## Phase 3: Journal Archival (Verification Sync)
+
+1. Capture the exact Markdown payload generated by Copilot.
+2. Persist this via `memory-journal-mcp`:
+   - Tool: `create_entry` (or `team_create_entry` if shared).
+   - Type: `audit_finding` or `triage`.
+   - Title: "Copilot CLI Adversarial Review: [Topic]"
+   - Content: The generated JSON/Markdown from the terminal stdout.
+   - Tags: `copilot`, `review`, `github-commander`.
+
+## Phase 4: Human-in-the-Loop Gateway
+
+1. Analyze and summarize the Copilot payload.
+2. Present the summarized critique directly to the User.
+3. Pause and Wait. Do not commit or push the code.
+4. **Branching Action**:
+   - If User approves changes: Remediate the code directly based on Copilot's findings using local agent tool capabilities (`replace_file_content`, etc).
+   - If User rejects/ignores the findings: Proceed to standard commit and push pipelines.

package/skills/github-copilot-cli/SKILL.md

@@ -0,0 +1,64 @@
+---
+name: github-copilot-cli
+description: |
+  Documentation and instructions for integrating the GitHub Copilot CLI (`copilot`)
+  into agentic workflows. Use this skill when you need a "second opinion" adversarial
+  review of a local codebase, a pre-push PR review using alternative advanced models,
+  or shell suggestion capabilities from GitHub. Activates on "Copilot CLI", "local PR review",
+  or "codebase Copilot review".
+---
+
+# GitHub Copilot CLI
+
+The GitHub Copilot CLI (`@github/copilot`) acts as an interactive, terminal-native representation of the Copilot agentic ecosystem.
+
+When integrated into an AI workflow (AI evaluating AI), it acts as a robust secondary reviewer mapping against different context windows and potentially different foundational models than the primary agent, significantly reducing confirmation bias during PR or full-repository reviews.
+
+## Installation & Authentication Baseline
+
+Before using the CLI in automated pipelines, ensure the terminal environment is equipped and authenticated:
+
+```bash
+# 1. Verify availability
+npm list -g @github/copilot
+
+# 2. Install if missing
+npm i -g @github/copilot
+
+# 3. Authenticate (Requires human interaction/browser approval)
+copilot auth
+```
+
+## Agentic Interaction Strategies
+
+Because the Copilot CLI launches an interactive REPL (`? What would you like to do?`), standalone non-interactive agents cannot easily navigate its interactive curses UI natively.
+
+To effectively harness it during automated reviews, you must format non-interactive input buffers or leverage its single-shot explanation endpoints:
+
+### Non-Interactive Command Piping
+
+While primarily interactive, you can echo requests directly into the tool for one-shot evaluation loops.
+
+```bash
+# Full Repository Security Audit
+echo "Please perform a comprehensive security analysis of all files in this repository. Point out unchecked injections, logic flaws, and credential leaks. Present it in markdown." | copilot
+
+# Pre-Push PR Diff Review
+git diff main | copilot "Act as a strict PR reviewer. Here is my local diff against main. List specifically what will break, style issues, and any unhandled edge cases."
+```
+
+### Direct Tool Commands
+
+For precise shell suggestions or file explanations:
+
+```bash
+# Shell Suggestion (Evaluates context and produces command)
+gh copilot suggest "find all files over 5mb in the current directory"
+
+# File Explanation
+gh copilot explain "src/utils/crypto.ts"
+```
+
+## Workflows Integration
+
+This skill works synergistically with `github-commander`. Use the `copilot-audit` workflow via `github-commander` to execute a structured, auditable validation loop utilizing this CLI before generating PRs.

package/skills/package.json

@@ -1,6 +1,6 @@
 {
     "name": "neverinfamous-agent-skills",
-    "version": "1.1.1",
+    "version": "1.1.2",
     "description": "Foundational AI agent metacognitive skills and workflows for the Adamic ecosystem.",
     "type": "module",
     "main": "README.md",
@@ -15,6 +15,7 @@
         "docker/",
         "github-actions/",
         "github-commander/",
+        "github-copilot-cli/",
         "gitlab/",
         "golang/",
         "mysql/",

package/dist/chunk-OKOVZ5QE.js

@@ -1,28 +0,0 @@
-// src/codemode/auto-return.ts
-var NON_RETURNABLE = /^\s*(return|throw|const |let |var |if\b|else\b|for\b|while\b|do\b|switch\b|try\b|catch\b|finally\b|class |function |\/\/|\/\*|\{|\})/;
-function transformAutoReturn(code) {
-  const trimmed = code.trimEnd();
-  if (!trimmed) return code;
-  let depth = 0;
-  let splitIndex = -1;
-  for (let i = trimmed.length - 1; i >= 0; i--) {
-    const ch = trimmed.charAt(i);
-    if (ch === "}" || ch === "]" || ch === ")") depth++;
-    else if (ch === "{" || ch === "[" || ch === "(") depth--;
-    if (depth === 0 && (ch === ";" || ch === "\n")) {
-      splitIndex = i;
-      break;
-    }
-  }
-  const lastStmt = (splitIndex >= 0 ? trimmed.slice(splitIndex + 1) : trimmed).trim();
-  if (!lastStmt) return code;
-  if (NON_RETURNABLE.test(lastStmt)) return code;
-  if (splitIndex >= 0) {
-    const before = trimmed.slice(0, splitIndex + 1);
-    return `${before}
-return ${lastStmt}`;
-  }
-  return `return ${trimmed}`;
-}
-
-export { transformAutoReturn };