memory-journal-mcp 7.7.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (531) hide show
  1. package/README.md +126 -56
  2. package/dist/chunk-6OHRCNYW.js +3231 -0
  3. package/dist/chunk-JFMITANR.js +5168 -0
  4. package/dist/{chunk-QCQPAF4I.js → chunk-MWNLAEHR.js} +301 -4321
  5. package/dist/{chunk-ARLYSFSI.js → chunk-UHSO65A4.js} +4242 -6092
  6. package/dist/cli.js +21 -3
  7. package/dist/index.d.ts +16 -13
  8. package/dist/index.js +4 -2
  9. package/dist/resources-IJVKDFGS.js +2 -0
  10. package/dist/tools-44DGXE3V.js +2 -0
  11. package/dist/worker-script.js +201 -20
  12. package/package.json +7 -4
  13. package/skills/README.md +62 -25
  14. package/skills/adversarial-performance/SKILL.md +139 -0
  15. package/skills/adversarial-performance/references/audit-categories.md +462 -0
  16. package/skills/adversarial-performance/references/copilot-performance-prompts.md +44 -0
  17. package/skills/adversarial-performance/references/copilot-usage.md +16 -0
  18. package/skills/adversarial-performance/references/feedback-loop.md +177 -0
  19. package/skills/adversarial-performance/references/multi-pass-performance-protocol.md +398 -0
  20. package/skills/adversarial-planner/SKILL.md +23 -54
  21. package/skills/adversarial-planner/references/copilot-integration.md +25 -40
  22. package/skills/adversarial-planner/references/copilot-usage.md +16 -0
  23. package/skills/adversarial-planner/references/multi-pass-protocol.md +4 -0
  24. package/skills/adversarial-security/SKILL.md +149 -0
  25. package/skills/adversarial-security/references/adversarial-base-protocol.md +44 -0
  26. package/skills/adversarial-security/references/audit-categories.md +723 -0
  27. package/skills/adversarial-security/references/copilot-security-prompts.md +142 -0
  28. package/skills/adversarial-security/references/copilot-usage.md +16 -0
  29. package/skills/adversarial-security/references/feedback-loop.md +206 -0
  30. package/skills/adversarial-security/references/journal-opt-out.md +7 -0
  31. package/skills/adversarial-security/references/multi-pass-security-protocol.md +403 -0
  32. package/skills/adversarial-skill-audit/SKILL.md +118 -0
  33. package/skills/adversarial-skill-audit/references/audit-categories.md +308 -0
  34. package/skills/adversarial-skill-audit/references/copilot-skill-prompts.md +68 -0
  35. package/skills/adversarial-skill-audit/references/copilot-usage.md +16 -0
  36. package/skills/adversarial-skill-audit/references/feedback-loop.md +155 -0
  37. package/skills/adversarial-skill-audit/references/multi-pass-skill-protocol.md +367 -0
  38. package/skills/adversarial-skill-audit/scripts/check-skills.ps1 +48 -0
  39. package/skills/adversarial-skill-audit/scripts/run-copilot.ps1 +52 -0
  40. package/skills/adversarial-workflow-audit/SKILL.md +82 -0
  41. package/skills/adversarial-workflow-audit/references/audit-categories.md +28 -0
  42. package/skills/adversarial-workflow-audit/references/copilot-usage.md +16 -0
  43. package/skills/adversarial-workflow-audit/scripts/check-workflows.ps1 +24 -0
  44. package/skills/agents-sdk/SKILL.md +220 -0
  45. package/skills/agents-sdk/references/callable.md +92 -0
  46. package/skills/agents-sdk/references/codemode.md +209 -0
  47. package/skills/agents-sdk/references/email.md +144 -0
  48. package/skills/agents-sdk/references/mcp/SKILL.md +65 -0
  49. package/skills/agents-sdk/references/mcp/code-mode-reference.md +245 -0
  50. package/skills/agents-sdk/references/mcp/oauth-reference.md +359 -0
  51. package/skills/agents-sdk/references/mcp/references/architecture-reference.md +208 -0
  52. package/skills/agents-sdk/references/mcp/references/cloudflare-quickstart.md +156 -0
  53. package/skills/agents-sdk/references/mcp/references/error-handling.md +343 -0
  54. package/skills/agents-sdk/references/mcp/references/http-security.md +164 -0
  55. package/skills/agents-sdk/references/mcp/references/implementation-guide.md +507 -0
  56. package/skills/agents-sdk/references/mcp/references/testing-reference.md +171 -0
  57. package/skills/agents-sdk/references/mcp.md +157 -0
  58. package/skills/agents-sdk/references/state-scheduling.md +164 -0
  59. package/skills/agents-sdk/references/streaming-chat.md +168 -0
  60. package/skills/agents-sdk/references/workflows.md +136 -0
  61. package/skills/auth-identity/SKILL.md +48 -0
  62. package/skills/autonomous-dev/SKILL.md +46 -23
  63. package/skills/autonomous-dev/references/workflow_orchestration.md +22 -0
  64. package/skills/aws/SKILL.md +39 -0
  65. package/skills/azure/SKILL.md +38 -0
  66. package/skills/bin/sync.js +7 -1
  67. package/skills/biome/SKILL.md +59 -0
  68. package/skills/bun/SKILL.md +8 -2
  69. package/skills/cloudflare/SKILL.md +37 -0
  70. package/skills/cloudflare/references/agents-sdk/README.md +95 -0
  71. package/skills/cloudflare/references/agents-sdk/api.md +195 -0
  72. package/skills/cloudflare/references/agents-sdk/configuration.md +178 -0
  73. package/skills/cloudflare/references/agents-sdk/gotchas.md +173 -0
  74. package/skills/cloudflare/references/agents-sdk/patterns.md +215 -0
  75. package/skills/cloudflare/references/ai-gateway/README.md +176 -0
  76. package/skills/cloudflare/references/ai-gateway/configuration.md +117 -0
  77. package/skills/cloudflare/references/ai-gateway/dynamic-routing.md +88 -0
  78. package/skills/cloudflare/references/ai-gateway/features.md +96 -0
  79. package/skills/cloudflare/references/ai-gateway/sdk-integration.md +110 -0
  80. package/skills/cloudflare/references/ai-gateway/troubleshooting.md +90 -0
  81. package/skills/cloudflare/references/ai-search/README.md +145 -0
  82. package/skills/cloudflare/references/ai-search/api.md +87 -0
  83. package/skills/cloudflare/references/ai-search/configuration.md +91 -0
  84. package/skills/cloudflare/references/ai-search/gotchas.md +92 -0
  85. package/skills/cloudflare/references/ai-search/patterns.md +87 -0
  86. package/skills/cloudflare/references/analytics-engine/README.md +96 -0
  87. package/skills/cloudflare/references/analytics-engine/api.md +112 -0
  88. package/skills/cloudflare/references/analytics-engine/configuration.md +107 -0
  89. package/skills/cloudflare/references/analytics-engine/gotchas.md +87 -0
  90. package/skills/cloudflare/references/analytics-engine/patterns.md +83 -0
  91. package/skills/cloudflare/references/api/README.md +66 -0
  92. package/skills/cloudflare/references/api/api.md +205 -0
  93. package/skills/cloudflare/references/api/configuration.md +158 -0
  94. package/skills/cloudflare/references/api/gotchas.md +231 -0
  95. package/skills/cloudflare/references/api/patterns.md +208 -0
  96. package/skills/cloudflare/references/api-shield/README.md +44 -0
  97. package/skills/cloudflare/references/api-shield/api.md +153 -0
  98. package/skills/cloudflare/references/api-shield/configuration.md +210 -0
  99. package/skills/cloudflare/references/api-shield/gotchas.md +132 -0
  100. package/skills/cloudflare/references/api-shield/patterns.md +185 -0
  101. package/skills/cloudflare/references/argo-smart-routing/README.md +96 -0
  102. package/skills/cloudflare/references/argo-smart-routing/api.md +253 -0
  103. package/skills/cloudflare/references/argo-smart-routing/configuration.md +205 -0
  104. package/skills/cloudflare/references/argo-smart-routing/gotchas.md +115 -0
  105. package/skills/cloudflare/references/argo-smart-routing/patterns.md +107 -0
  106. package/skills/cloudflare/references/bindings/README.md +127 -0
  107. package/skills/cloudflare/references/bindings/api.md +214 -0
  108. package/skills/cloudflare/references/bindings/configuration.md +200 -0
  109. package/skills/cloudflare/references/bindings/gotchas.md +210 -0
  110. package/skills/cloudflare/references/bindings/patterns.md +205 -0
  111. package/skills/cloudflare/references/bot-management/README.md +95 -0
  112. package/skills/cloudflare/references/bot-management/api.md +175 -0
  113. package/skills/cloudflare/references/bot-management/configuration.md +175 -0
  114. package/skills/cloudflare/references/bot-management/gotchas.md +116 -0
  115. package/skills/cloudflare/references/bot-management/patterns.md +181 -0
  116. package/skills/cloudflare/references/browser-rendering/README.md +84 -0
  117. package/skills/cloudflare/references/browser-rendering/api.md +108 -0
  118. package/skills/cloudflare/references/browser-rendering/configuration.md +78 -0
  119. package/skills/cloudflare/references/browser-rendering/gotchas.md +91 -0
  120. package/skills/cloudflare/references/browser-rendering/patterns.md +93 -0
  121. package/skills/cloudflare/references/c3/README.md +111 -0
  122. package/skills/cloudflare/references/c3/api.md +71 -0
  123. package/skills/cloudflare/references/c3/configuration.md +85 -0
  124. package/skills/cloudflare/references/c3/gotchas.md +97 -0
  125. package/skills/cloudflare/references/c3/patterns.md +84 -0
  126. package/skills/cloudflare/references/cache-reserve/README.md +150 -0
  127. package/skills/cloudflare/references/cache-reserve/api.md +184 -0
  128. package/skills/cloudflare/references/cache-reserve/configuration.md +170 -0
  129. package/skills/cloudflare/references/cache-reserve/gotchas.md +136 -0
  130. package/skills/cloudflare/references/cache-reserve/patterns.md +197 -0
  131. package/skills/cloudflare/references/containers/README.md +87 -0
  132. package/skills/cloudflare/references/containers/api.md +197 -0
  133. package/skills/cloudflare/references/containers/configuration.md +191 -0
  134. package/skills/cloudflare/references/containers/gotchas.md +182 -0
  135. package/skills/cloudflare/references/containers/patterns.md +204 -0
  136. package/skills/cloudflare/references/cron-triggers/README.md +101 -0
  137. package/skills/cloudflare/references/cron-triggers/api.md +224 -0
  138. package/skills/cloudflare/references/cron-triggers/configuration.md +190 -0
  139. package/skills/cloudflare/references/cron-triggers/gotchas.md +207 -0
  140. package/skills/cloudflare/references/cron-triggers/patterns.md +274 -0
  141. package/skills/cloudflare/references/d1/README.md +137 -0
  142. package/skills/cloudflare/references/d1/api.md +213 -0
  143. package/skills/cloudflare/references/d1/configuration.md +198 -0
  144. package/skills/cloudflare/references/d1/gotchas.md +98 -0
  145. package/skills/cloudflare/references/d1/patterns.md +240 -0
  146. package/skills/cloudflare/references/ddos/README.md +42 -0
  147. package/skills/cloudflare/references/ddos/api.md +158 -0
  148. package/skills/cloudflare/references/ddos/configuration.md +94 -0
  149. package/skills/cloudflare/references/ddos/gotchas.md +114 -0
  150. package/skills/cloudflare/references/ddos/patterns.md +220 -0
  151. package/skills/cloudflare/references/decision-trees.md +95 -0
  152. package/skills/cloudflare/references/do-storage/README.md +79 -0
  153. package/skills/cloudflare/references/do-storage/api.md +107 -0
  154. package/skills/cloudflare/references/do-storage/configuration.md +114 -0
  155. package/skills/cloudflare/references/do-storage/gotchas.md +153 -0
  156. package/skills/cloudflare/references/do-storage/patterns.md +210 -0
  157. package/skills/cloudflare/references/do-storage/testing.md +186 -0
  158. package/skills/cloudflare/references/durable-objects/README.md +194 -0
  159. package/skills/cloudflare/references/durable-objects/api.md +205 -0
  160. package/skills/cloudflare/references/durable-objects/configuration.md +160 -0
  161. package/skills/cloudflare/references/durable-objects/gotchas.md +200 -0
  162. package/skills/cloudflare/references/durable-objects/patterns.md +205 -0
  163. package/skills/cloudflare/references/email-routing/README.md +89 -0
  164. package/skills/cloudflare/references/email-routing/api.md +192 -0
  165. package/skills/cloudflare/references/email-routing/configuration.md +187 -0
  166. package/skills/cloudflare/references/email-routing/gotchas.md +203 -0
  167. package/skills/cloudflare/references/email-routing/patterns.md +241 -0
  168. package/skills/cloudflare/references/email-workers/README.md +153 -0
  169. package/skills/cloudflare/references/email-workers/api.md +227 -0
  170. package/skills/cloudflare/references/email-workers/configuration.md +115 -0
  171. package/skills/cloudflare/references/email-workers/gotchas.md +133 -0
  172. package/skills/cloudflare/references/email-workers/patterns.md +108 -0
  173. package/skills/cloudflare/references/graphql-api/README.md +147 -0
  174. package/skills/cloudflare/references/graphql-api/api.md +175 -0
  175. package/skills/cloudflare/references/graphql-api/configuration.md +151 -0
  176. package/skills/cloudflare/references/graphql-api/gotchas.md +111 -0
  177. package/skills/cloudflare/references/graphql-api/patterns.md +276 -0
  178. package/skills/cloudflare/references/hyperdrive/README.md +84 -0
  179. package/skills/cloudflare/references/hyperdrive/api.md +149 -0
  180. package/skills/cloudflare/references/hyperdrive/configuration.md +166 -0
  181. package/skills/cloudflare/references/hyperdrive/gotchas.md +77 -0
  182. package/skills/cloudflare/references/hyperdrive/patterns.md +203 -0
  183. package/skills/cloudflare/references/images/README.md +65 -0
  184. package/skills/cloudflare/references/images/api.md +101 -0
  185. package/skills/cloudflare/references/images/configuration.md +206 -0
  186. package/skills/cloudflare/references/images/gotchas.md +106 -0
  187. package/skills/cloudflare/references/images/patterns.md +126 -0
  188. package/skills/cloudflare/references/kv/README.md +90 -0
  189. package/skills/cloudflare/references/kv/api.md +163 -0
  190. package/skills/cloudflare/references/kv/configuration.md +148 -0
  191. package/skills/cloudflare/references/kv/gotchas.md +133 -0
  192. package/skills/cloudflare/references/kv/patterns.md +195 -0
  193. package/skills/cloudflare/references/miniflare/README.md +113 -0
  194. package/skills/cloudflare/references/miniflare/api.md +204 -0
  195. package/skills/cloudflare/references/miniflare/configuration.md +174 -0
  196. package/skills/cloudflare/references/miniflare/gotchas.md +179 -0
  197. package/skills/cloudflare/references/miniflare/patterns.md +187 -0
  198. package/skills/cloudflare/references/network-interconnect/README.md +104 -0
  199. package/skills/cloudflare/references/network-interconnect/api.md +220 -0
  200. package/skills/cloudflare/references/network-interconnect/configuration.md +123 -0
  201. package/skills/cloudflare/references/network-interconnect/gotchas.md +175 -0
  202. package/skills/cloudflare/references/network-interconnect/patterns.md +174 -0
  203. package/skills/cloudflare/references/observability/README.md +93 -0
  204. package/skills/cloudflare/references/observability/api.md +168 -0
  205. package/skills/cloudflare/references/observability/configuration.md +178 -0
  206. package/skills/cloudflare/references/observability/gotchas.md +125 -0
  207. package/skills/cloudflare/references/observability/patterns.md +105 -0
  208. package/skills/cloudflare/references/pages/README.md +92 -0
  209. package/skills/cloudflare/references/pages/api.md +205 -0
  210. package/skills/cloudflare/references/pages/configuration.md +216 -0
  211. package/skills/cloudflare/references/pages/gotchas.md +218 -0
  212. package/skills/cloudflare/references/pages/patterns.md +215 -0
  213. package/skills/cloudflare/references/pages-functions/README.md +104 -0
  214. package/skills/cloudflare/references/pages-functions/api.md +159 -0
  215. package/skills/cloudflare/references/pages-functions/configuration.md +130 -0
  216. package/skills/cloudflare/references/pages-functions/gotchas.md +102 -0
  217. package/skills/cloudflare/references/pages-functions/patterns.md +148 -0
  218. package/skills/cloudflare/references/pipelines/README.md +109 -0
  219. package/skills/cloudflare/references/pipelines/api.md +214 -0
  220. package/skills/cloudflare/references/pipelines/configuration.md +98 -0
  221. package/skills/cloudflare/references/pipelines/gotchas.md +84 -0
  222. package/skills/cloudflare/references/pipelines/patterns.md +87 -0
  223. package/skills/cloudflare/references/product-index.md +112 -0
  224. package/skills/cloudflare/references/pulumi/README.md +113 -0
  225. package/skills/cloudflare/references/pulumi/api.md +230 -0
  226. package/skills/cloudflare/references/pulumi/configuration.md +213 -0
  227. package/skills/cloudflare/references/pulumi/gotchas.md +205 -0
  228. package/skills/cloudflare/references/pulumi/patterns.md +260 -0
  229. package/skills/cloudflare/references/queues/README.md +99 -0
  230. package/skills/cloudflare/references/queues/api.md +211 -0
  231. package/skills/cloudflare/references/queues/configuration.md +151 -0
  232. package/skills/cloudflare/references/queues/gotchas.md +210 -0
  233. package/skills/cloudflare/references/queues/patterns.md +220 -0
  234. package/skills/cloudflare/references/r2/README.md +97 -0
  235. package/skills/cloudflare/references/r2/api.md +235 -0
  236. package/skills/cloudflare/references/r2/configuration.md +176 -0
  237. package/skills/cloudflare/references/r2/gotchas.md +190 -0
  238. package/skills/cloudflare/references/r2/patterns.md +203 -0
  239. package/skills/cloudflare/references/r2-data-catalog/README.md +157 -0
  240. package/skills/cloudflare/references/r2-data-catalog/api.md +199 -0
  241. package/skills/cloudflare/references/r2-data-catalog/configuration.md +205 -0
  242. package/skills/cloudflare/references/r2-data-catalog/gotchas.md +170 -0
  243. package/skills/cloudflare/references/r2-data-catalog/patterns.md +191 -0
  244. package/skills/cloudflare/references/r2-sql/README.md +138 -0
  245. package/skills/cloudflare/references/r2-sql/SKILL.md.backup +512 -0
  246. package/skills/cloudflare/references/r2-sql/api.md +159 -0
  247. package/skills/cloudflare/references/r2-sql/configuration.md +152 -0
  248. package/skills/cloudflare/references/r2-sql/gotchas.md +228 -0
  249. package/skills/cloudflare/references/r2-sql/patterns.md +230 -0
  250. package/skills/cloudflare/references/realtime-sfu/README.md +66 -0
  251. package/skills/cloudflare/references/realtime-sfu/api.md +164 -0
  252. package/skills/cloudflare/references/realtime-sfu/configuration.md +141 -0
  253. package/skills/cloudflare/references/realtime-sfu/gotchas.md +138 -0
  254. package/skills/cloudflare/references/realtime-sfu/patterns.md +187 -0
  255. package/skills/cloudflare/references/realtimekit/README.md +118 -0
  256. package/skills/cloudflare/references/realtimekit/api.md +234 -0
  257. package/skills/cloudflare/references/realtimekit/configuration.md +226 -0
  258. package/skills/cloudflare/references/realtimekit/gotchas.md +206 -0
  259. package/skills/cloudflare/references/realtimekit/patterns.md +240 -0
  260. package/skills/cloudflare/references/sandbox/README.md +104 -0
  261. package/skills/cloudflare/references/sandbox/api.md +200 -0
  262. package/skills/cloudflare/references/sandbox/configuration.md +154 -0
  263. package/skills/cloudflare/references/sandbox/gotchas.md +201 -0
  264. package/skills/cloudflare/references/sandbox/patterns.md +195 -0
  265. package/skills/cloudflare/references/secrets-store/README.md +77 -0
  266. package/skills/cloudflare/references/secrets-store/api.md +199 -0
  267. package/skills/cloudflare/references/secrets-store/configuration.md +187 -0
  268. package/skills/cloudflare/references/secrets-store/gotchas.md +97 -0
  269. package/skills/cloudflare/references/secrets-store/patterns.md +218 -0
  270. package/skills/cloudflare/references/smart-placement/README.md +143 -0
  271. package/skills/cloudflare/references/smart-placement/api.md +192 -0
  272. package/skills/cloudflare/references/smart-placement/configuration.md +202 -0
  273. package/skills/cloudflare/references/smart-placement/gotchas.md +180 -0
  274. package/skills/cloudflare/references/smart-placement/patterns.md +190 -0
  275. package/skills/cloudflare/references/snippets/README.md +74 -0
  276. package/skills/cloudflare/references/snippets/api.md +214 -0
  277. package/skills/cloudflare/references/snippets/configuration.md +239 -0
  278. package/skills/cloudflare/references/snippets/gotchas.md +104 -0
  279. package/skills/cloudflare/references/snippets/patterns.md +135 -0
  280. package/skills/cloudflare/references/spectrum/README.md +52 -0
  281. package/skills/cloudflare/references/spectrum/api.md +184 -0
  282. package/skills/cloudflare/references/spectrum/configuration.md +203 -0
  283. package/skills/cloudflare/references/spectrum/gotchas.md +155 -0
  284. package/skills/cloudflare/references/spectrum/patterns.md +206 -0
  285. package/skills/cloudflare/references/static-assets/README.md +65 -0
  286. package/skills/cloudflare/references/static-assets/api.md +201 -0
  287. package/skills/cloudflare/references/static-assets/configuration.md +186 -0
  288. package/skills/cloudflare/references/static-assets/gotchas.md +164 -0
  289. package/skills/cloudflare/references/static-assets/patterns.md +189 -0
  290. package/skills/cloudflare/references/stream/README.md +123 -0
  291. package/skills/cloudflare/references/stream/api-live.md +202 -0
  292. package/skills/cloudflare/references/stream/api.md +206 -0
  293. package/skills/cloudflare/references/stream/configuration.md +151 -0
  294. package/skills/cloudflare/references/stream/gotchas.md +139 -0
  295. package/skills/cloudflare/references/stream/patterns.md +217 -0
  296. package/skills/cloudflare/references/tail-workers/README.md +92 -0
  297. package/skills/cloudflare/references/tail-workers/api.md +203 -0
  298. package/skills/cloudflare/references/tail-workers/configuration.md +178 -0
  299. package/skills/cloudflare/references/tail-workers/gotchas.md +206 -0
  300. package/skills/cloudflare/references/tail-workers/patterns.md +190 -0
  301. package/skills/cloudflare/references/terraform/README.md +100 -0
  302. package/skills/cloudflare/references/terraform/api.md +178 -0
  303. package/skills/cloudflare/references/terraform/configuration.md +197 -0
  304. package/skills/cloudflare/references/terraform/gotchas.md +150 -0
  305. package/skills/cloudflare/references/terraform/patterns.md +174 -0
  306. package/skills/cloudflare/references/tunnel/README.md +137 -0
  307. package/skills/cloudflare/references/tunnel/api.md +205 -0
  308. package/skills/cloudflare/references/tunnel/configuration.md +163 -0
  309. package/skills/cloudflare/references/tunnel/gotchas.md +159 -0
  310. package/skills/cloudflare/references/tunnel/networking.md +174 -0
  311. package/skills/cloudflare/references/tunnel/patterns.md +199 -0
  312. package/skills/cloudflare/references/turn/README.md +86 -0
  313. package/skills/cloudflare/references/turn/api.md +236 -0
  314. package/skills/cloudflare/references/turn/configuration.md +181 -0
  315. package/skills/cloudflare/references/turn/gotchas.md +236 -0
  316. package/skills/cloudflare/references/turn/patterns.md +228 -0
  317. package/skills/cloudflare/references/turnstile/README.md +102 -0
  318. package/skills/cloudflare/references/turnstile/api.md +253 -0
  319. package/skills/cloudflare/references/turnstile/configuration.md +242 -0
  320. package/skills/cloudflare/references/turnstile/gotchas.md +253 -0
  321. package/skills/cloudflare/references/turnstile/patterns.md +195 -0
  322. package/skills/cloudflare/references/vectorize/README.md +133 -0
  323. package/skills/cloudflare/references/vectorize/api.md +89 -0
  324. package/skills/cloudflare/references/vectorize/configuration.md +91 -0
  325. package/skills/cloudflare/references/vectorize/gotchas.md +83 -0
  326. package/skills/cloudflare/references/vectorize/patterns.md +92 -0
  327. package/skills/cloudflare/references/waf/README.md +125 -0
  328. package/skills/cloudflare/references/waf/api.md +203 -0
  329. package/skills/cloudflare/references/waf/configuration.md +215 -0
  330. package/skills/cloudflare/references/waf/gotchas.md +208 -0
  331. package/skills/cloudflare/references/waf/patterns.md +236 -0
  332. package/skills/cloudflare/references/web-analytics/README.md +149 -0
  333. package/skills/cloudflare/references/web-analytics/configuration.md +81 -0
  334. package/skills/cloudflare/references/web-analytics/gotchas.md +86 -0
  335. package/skills/cloudflare/references/web-analytics/integration.md +63 -0
  336. package/skills/cloudflare/references/web-analytics/patterns.md +98 -0
  337. package/skills/cloudflare/references/workerd/README.md +85 -0
  338. package/skills/cloudflare/references/workerd/api.md +219 -0
  339. package/skills/cloudflare/references/workerd/configuration.md +200 -0
  340. package/skills/cloudflare/references/workerd/gotchas.md +151 -0
  341. package/skills/cloudflare/references/workerd/patterns.md +205 -0
  342. package/skills/cloudflare/references/workers/README.md +110 -0
  343. package/skills/cloudflare/references/workers/api.md +197 -0
  344. package/skills/cloudflare/references/workers/configuration.md +184 -0
  345. package/skills/cloudflare/references/workers/frameworks.md +200 -0
  346. package/skills/cloudflare/references/workers/gotchas.md +145 -0
  347. package/skills/cloudflare/references/workers/patterns.md +220 -0
  348. package/skills/cloudflare/references/workers-ai/README.md +206 -0
  349. package/skills/cloudflare/references/workers-ai/api.md +115 -0
  350. package/skills/cloudflare/references/workers-ai/configuration.md +98 -0
  351. package/skills/cloudflare/references/workers-ai/gotchas.md +130 -0
  352. package/skills/cloudflare/references/workers-ai/patterns.md +122 -0
  353. package/skills/cloudflare/references/workers-for-platforms/README.md +95 -0
  354. package/skills/cloudflare/references/workers-for-platforms/api.md +212 -0
  355. package/skills/cloudflare/references/workers-for-platforms/configuration.md +178 -0
  356. package/skills/cloudflare/references/workers-for-platforms/gotchas.md +134 -0
  357. package/skills/cloudflare/references/workers-for-platforms/patterns.md +210 -0
  358. package/skills/cloudflare/references/workers-playground/README.md +131 -0
  359. package/skills/cloudflare/references/workers-playground/api.md +101 -0
  360. package/skills/cloudflare/references/workers-playground/configuration.md +169 -0
  361. package/skills/cloudflare/references/workers-playground/gotchas.md +88 -0
  362. package/skills/cloudflare/references/workers-playground/patterns.md +134 -0
  363. package/skills/cloudflare/references/workers-vpc/README.md +130 -0
  364. package/skills/cloudflare/references/workers-vpc/api.md +196 -0
  365. package/skills/cloudflare/references/workers-vpc/configuration.md +151 -0
  366. package/skills/cloudflare/references/workers-vpc/gotchas.md +171 -0
  367. package/skills/cloudflare/references/workers-vpc/patterns.md +235 -0
  368. package/skills/cloudflare/references/workflows/README.md +72 -0
  369. package/skills/cloudflare/references/workflows/api.md +237 -0
  370. package/skills/cloudflare/references/workflows/configuration.md +158 -0
  371. package/skills/cloudflare/references/workflows/gotchas.md +97 -0
  372. package/skills/cloudflare/references/workflows/patterns.md +245 -0
  373. package/skills/cloudflare/references/wrangler/README.md +143 -0
  374. package/skills/cloudflare/references/wrangler/api.md +188 -0
  375. package/skills/cloudflare/references/wrangler/configuration.md +198 -0
  376. package/skills/cloudflare/references/wrangler/gotchas.md +212 -0
  377. package/skills/cloudflare/references/wrangler/patterns.md +211 -0
  378. package/skills/cloudflare/references/zaraz/IMPLEMENTATION_SUMMARY.md +131 -0
  379. package/skills/cloudflare/references/zaraz/README.md +114 -0
  380. package/skills/cloudflare/references/zaraz/api.md +118 -0
  381. package/skills/cloudflare/references/zaraz/configuration.md +94 -0
  382. package/skills/cloudflare/references/zaraz/gotchas.md +88 -0
  383. package/skills/cloudflare/references/zaraz/patterns.md +77 -0
  384. package/skills/docker/SKILL.md +7 -101
  385. package/skills/docker/references/advanced-examples.md +71 -0
  386. package/skills/docker/references/templates.md +34 -0
  387. package/skills/docs-marketer/SKILL.md +178 -0
  388. package/skills/docs-marketer/references/audit-categories.md +328 -0
  389. package/skills/docs-marketer/references/copilot-docs-prompts.md +88 -0
  390. package/skills/docs-marketer/references/copilot-usage.md +16 -0
  391. package/skills/docs-marketer/references/feedback-loop.md +155 -0
  392. package/skills/docs-marketer/references/multi-pass-docs-protocol.md +410 -0
  393. package/skills/drizzle-orm/SKILL.md +82 -0
  394. package/skills/durable-objects/SKILL.md +167 -0
  395. package/skills/durable-objects/references/advanced_features.md +29 -0
  396. package/skills/durable-objects/references/rules.md +300 -0
  397. package/skills/durable-objects/references/testing.md +261 -0
  398. package/skills/durable-objects/references/workers.md +336 -0
  399. package/skills/gcp/SKILL.md +37 -0
  400. package/skills/github-actions/SKILL.md +5 -58
  401. package/skills/github-actions/references/templates.md +65 -0
  402. package/skills/github-commander/SKILL.md +13 -21
  403. package/skills/github-commander/workflows/copilot-audit.md +12 -12
  404. package/skills/github-copilot-cli/SKILL.md +21 -26
  405. package/skills/github-repo-setup/SKILL.md +136 -0
  406. package/skills/github-repo-setup/references/community-standards.md +136 -0
  407. package/skills/github-repo-setup/references/github-automation.md +490 -0
  408. package/skills/github-repo-setup/references/inline-templates.md +205 -0
  409. package/skills/github-repo-setup/references/project-config.md +320 -0
  410. package/skills/gitlab/SKILL.md +7 -2
  411. package/skills/gitlab/package-lock.json +389 -389
  412. package/skills/golang/SKILL.md +8 -1
  413. package/skills/graphql/SKILL.md +30 -0
  414. package/skills/hono/SKILL.md +82 -0
  415. package/skills/journal-optimizer/SKILL.md +206 -0
  416. package/skills/journal-optimizer/references/optimizer-scripts.md +169 -0
  417. package/skills/llm-app-engineering/SKILL.md +18 -0
  418. package/skills/monorepo/SKILL.md +56 -0
  419. package/skills/multi-agent-orchestration/SKILL.md +14 -0
  420. package/skills/mysql/SKILL.md +6 -2
  421. package/skills/next-best-practices/SKILL.md +86 -0
  422. package/skills/next-best-practices/references/cache-components-examples.md +234 -0
  423. package/skills/next-best-practices/references/cache-components.md +210 -0
  424. package/skills/next-best-practices/references/upgrade-decision-tree.md +33 -0
  425. package/skills/next-best-practices/references/upgrade.md +43 -0
  426. package/skills/next-cache-components/SKILL.md +441 -0
  427. package/skills/next-upgrade/SKILL.md +43 -0
  428. package/skills/next-upgrade/references/decision-tree.md +33 -0
  429. package/skills/nodejs/SKILL.md +46 -0
  430. package/skills/opentelemetry/SKILL.md +62 -0
  431. package/skills/package.json +39 -4
  432. package/skills/playwright-standard/SKILL.md +6 -11
  433. package/skills/playwright-standard/references/locators.md +7 -0
  434. package/skills/postgres/SKILL.md +6 -1
  435. package/skills/python/SKILL.md +8 -70
  436. package/skills/python/references/advanced-patterns.md +37 -0
  437. package/skills/python/references/config-templates.md +48 -0
  438. package/skills/rag-pipelines/SKILL.md +14 -0
  439. package/skills/redis/SKILL.md +31 -0
  440. package/skills/render/SKILL.md +35 -0
  441. package/skills/rust/SKILL.md +15 -25
  442. package/skills/rust/references/borrow-checker.md +13 -0
  443. package/skills/rust/references/ecosystem.md +11 -0
  444. package/skills/sandbox-sdk/SKILL.md +186 -0
  445. package/skills/sandbox-sdk/references/api-quick-ref.md +113 -0
  446. package/skills/sandbox-sdk/references/examples.md +52 -0
  447. package/skills/shadcn-ui/SKILL.md +22 -57
  448. package/skills/skill-builder/SKILL.md +23 -424
  449. package/skills/skill-builder/references/tutorial.md +457 -0
  450. package/skills/sqlite/SKILL.md +16 -5
  451. package/skills/table.md +59 -0
  452. package/skills/tailwind-css/SKILL.md +11 -60
  453. package/skills/tailwind-css/references/component-patterns.md +52 -0
  454. package/skills/trpc/SKILL.md +56 -0
  455. package/skills/typescript/SKILL.md +30 -433
  456. package/skills/typescript/references/tutorial.md +453 -0
  457. package/skills/vercel-ai-sdk/SKILL.md +48 -0
  458. package/skills/vitest-standard/SKILL.md +5 -11
  459. package/skills/vitest-standard/references/assertions.md +11 -0
  460. package/skills/web-perf/SKILL.md +207 -0
  461. package/skills/workers-best-practices/SKILL.md +120 -0
  462. package/skills/workers-best-practices/references/anti-patterns.md +18 -0
  463. package/skills/workers-best-practices/references/review.md +174 -0
  464. package/skills/workers-best-practices/references/rules.md +485 -0
  465. package/skills/wrangler/SKILL.md +43 -0
  466. package/skills/wrangler/references/cli-commands.md +861 -0
  467. package/skills/zod/SKILL.md +48 -0
  468. package/dist/tools-P4VGG4FH.js +0 -1
  469. package/skills/react-best-practices/AGENTS.md +0 -2883
  470. package/skills/react-best-practices/SKILL.md +0 -138
  471. /package/skills/{react-best-practices → next-best-practices}/README.md +0 -0
  472. /package/skills/{react-best-practices → next-best-practices}/metadata.json +0 -0
  473. /package/skills/{react-best-practices → next-best-practices}/rules/_sections.md +0 -0
  474. /package/skills/{react-best-practices → next-best-practices}/rules/_template.md +0 -0
  475. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-event-handler-refs.md +0 -0
  476. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-init-once.md +0 -0
  477. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-use-latest.md +0 -0
  478. /package/skills/{react-best-practices → next-best-practices}/rules/async-api-routes.md +0 -0
  479. /package/skills/{react-best-practices → next-best-practices}/rules/async-defer-await.md +0 -0
  480. /package/skills/{react-best-practices → next-best-practices}/rules/async-dependencies.md +0 -0
  481. /package/skills/{react-best-practices → next-best-practices}/rules/async-parallel.md +0 -0
  482. /package/skills/{react-best-practices → next-best-practices}/rules/async-suspense-boundaries.md +0 -0
  483. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-barrel-imports.md +0 -0
  484. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-conditional.md +0 -0
  485. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-defer-third-party.md +0 -0
  486. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-dynamic-imports.md +0 -0
  487. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-preload.md +0 -0
  488. /package/skills/{react-best-practices → next-best-practices}/rules/client-event-listeners.md +0 -0
  489. /package/skills/{react-best-practices → next-best-practices}/rules/client-localstorage-schema.md +0 -0
  490. /package/skills/{react-best-practices → next-best-practices}/rules/client-passive-event-listeners.md +0 -0
  491. /package/skills/{react-best-practices → next-best-practices}/rules/client-swr-dedup.md +0 -0
  492. /package/skills/{react-best-practices → next-best-practices}/rules/js-batch-dom-css.md +0 -0
  493. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-function-results.md +0 -0
  494. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-property-access.md +0 -0
  495. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-storage.md +0 -0
  496. /package/skills/{react-best-practices → next-best-practices}/rules/js-combine-iterations.md +0 -0
  497. /package/skills/{react-best-practices → next-best-practices}/rules/js-early-exit.md +0 -0
  498. /package/skills/{react-best-practices → next-best-practices}/rules/js-hoist-regexp.md +0 -0
  499. /package/skills/{react-best-practices → next-best-practices}/rules/js-index-maps.md +0 -0
  500. /package/skills/{react-best-practices → next-best-practices}/rules/js-length-check-first.md +0 -0
  501. /package/skills/{react-best-practices → next-best-practices}/rules/js-min-max-loop.md +0 -0
  502. /package/skills/{react-best-practices → next-best-practices}/rules/js-set-map-lookups.md +0 -0
  503. /package/skills/{react-best-practices → next-best-practices}/rules/js-tosorted-immutable.md +0 -0
  504. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-activity.md +0 -0
  505. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-animate-svg-wrapper.md +0 -0
  506. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-conditional-render.md +0 -0
  507. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-content-visibility.md +0 -0
  508. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hoist-jsx.md +0 -0
  509. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hydration-no-flicker.md +0 -0
  510. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hydration-suppress-warning.md +0 -0
  511. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-svg-precision.md +0 -0
  512. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-usetransition-loading.md +0 -0
  513. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-defer-reads.md +0 -0
  514. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-dependencies.md +0 -0
  515. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-derived-state-no-effect.md +0 -0
  516. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-derived-state.md +0 -0
  517. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-functional-setstate.md +0 -0
  518. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-lazy-state-init.md +0 -0
  519. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-memo-with-default-value.md +0 -0
  520. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-memo.md +0 -0
  521. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-move-effect-to-event.md +0 -0
  522. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-simple-expression-in-memo.md +0 -0
  523. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-transitions.md +0 -0
  524. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-use-ref-transient-values.md +0 -0
  525. /package/skills/{react-best-practices → next-best-practices}/rules/server-after-nonblocking.md +0 -0
  526. /package/skills/{react-best-practices → next-best-practices}/rules/server-auth-actions.md +0 -0
  527. /package/skills/{react-best-practices → next-best-practices}/rules/server-cache-lru.md +0 -0
  528. /package/skills/{react-best-practices → next-best-practices}/rules/server-cache-react.md +0 -0
  529. /package/skills/{react-best-practices → next-best-practices}/rules/server-dedup-props.md +0 -0
  530. /package/skills/{react-best-practices → next-best-practices}/rules/server-parallel-fetching.md +0 -0
  531. /package/skills/{react-best-practices → next-best-practices}/rules/server-serialization.md +0 -0
package/skills/agents-sdk/references/mcp/SKILL.md ADDED
@@ -0,0 +1,65 @@
1
+ ---
2
+ name: mcp-builder
3
+ description: |
4
+ Core rules for code quality and specifications of Model Context Protocol (MCP) servers. Use when reviewing MCP code quality, enforcing specification rules, or checking schemas/error responses. Must see the explicit keyword "MCP" or "Model Context Protocol". NOT for general REST APIs or Cloudflare Workers. Do NOT trigger for generic 'build a server' requests unless the type is explicitly specified as an MCP server. (Invoke explicitly with `/mcp-builder` — does not auto-trigger).
5
+ disable-model-invocation: true
6
+ ---
7
+
8
+ # MCP Server Builder Guidelines
9
+
10
+ This skill defines the high-integrity requirements for building MCP servers in this ecosystem.
11
+
12
+ ## 1. Core Requirements
13
+
14
+ When building or modifying MCP servers, follow these prioritized rules:
15
+
16
+ - **Must**: Use Zod for all tool argument validation. Do not blindly trust MCP client inputs.
17
+ - **Must**: Return structured errors (`{ isError: true, content: [...] }`) from tools rather than throwing raw unhandled exceptions that crash the server.
18
+ - **Should**: Wrap handlers in try/catch blocks that gracefully surface errors to the LLM context.
19
+ - **Should**: Centralize error logging using standard prefixes (e.g., `[MCP Error]`).
20
+ - **Optional**: Depending on the repository, implement integration testing via Playwright for dual HTTP/SSE verification.
21
+
22
+ ## 2. Security (Defense-in-Depth)
23
+
24
+ - **Blocklists are Defense-in-Depth**: A blocklist (e.g., forbidding `rm -rf` in a terminal tool) is not a primary security boundary. Your primary security is the sandbox, container, or strict schema validation.
25
+ - **No Secrets in Config**: MCP servers must rely on the environment variables for API keys and secrets, never hardcoded files inside the server repository.
26
+ - **Rate Limiting & Input Sanitization**: Aggressively sanitize path arguments to prevent directory traversal (`../../`), and apply basic rate-limiting to tools that trigger heavy compute or external API calls.
27
+
28
+ ## 3. Deep References
29
+
30
+ For the complete MCP implementation guide, architecture diagrams, and detailed tooling patterns, consult the full reference:
31
+
32
+ - **[MCP Implementation Guide](references/implementation-guide.md)**: Contains transport selection (stdio vs. SSE), auth patterns, and multi-tool orchestration diagrams.
33
+
34
+ ## 4. Scaffold Reference
35
+
36
+ When you need a minimal, fully compliant MCP server scaffold, use this structure:
37
+
38
+ ```typescript
39
+ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
40
+ import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
41
+ import { z } from 'zod'
42
+
43
+ // Initialize the modern McpServer pattern
44
+ const server = new McpServer({ name: 'my-mcp', version: '1.0.0' })
45
+
46
+ // Define tools using server.tool() which auto-registers schemas and handlers
47
+ server.tool(
48
+ 'my_tool',
49
+ 'Does something using an ID',
50
+ { id: z.string().describe('The user ID to process') },
51
+ async ({ id }) => {
52
+ try {
53
+ // Logic here (input is already validated by Zod)
54
+ return { content: [{ type: 'text', text: `Got ID: ${id}` }] }
55
+ } catch (err) {
56
+ // Graceful error return
57
+ return { isError: true, content: [{ type: 'text', text: `Error: ${err}` }] }
58
+ }
59
+ }
60
+ )
61
+
62
+ // Connect via standard I/O
63
+ const transport = new StdioServerTransport()
64
+ await server.connect(transport)
65
+ ```
package/skills/agents-sdk/references/mcp/code-mode-reference.md ADDED
@@ -0,0 +1,245 @@
1
+ # Code Mode Reference — MCP Builder Skill
2
+
3
+ > Comprehensive implementation guide for adding Code Mode (sandboxed JS execution) to MCP servers. This is the standard pattern for all servers with 15+ tools.
4
+
5
+ ## Architecture Overview
6
+
7
+ ```
8
+ ┌─────────────────────────────────────────────────────────────┐
9
+ │ Main Thread │
10
+ │ │
11
+ │ MCP Client ──► {prefix}_execute_code tool handler │
12
+ │ │ │
13
+ │ ▼ │
14
+ │ 1. Security validation (blocked patterns, rate limit) │
15
+ │ 2. Build API bridge from ToolDefinition[] │
16
+ │ 3. Serialize method names ──► Worker Thread │
17
+ │ │ │
18
+ │ ┌──── RPC Host ◄──── MessagePort ─┘ │
19
+ │ │ │
20
+ │ │ Dispatches tool.handler() calls │
21
+ │ │ Returns results via RpcResponse │
22
+ │ └──────────────────────────────────────────────────────────┘
23
+
24
+ │ ┌──── Worker Thread (V8 Isolate) ──────────────────────────┐
25
+ │ │ │
26
+ │ │ workerData: { code, methodList, timeoutMs, rpcPort } │
27
+ │ │ │
28
+ │ │ 1. Build mj.* Proxy from methodList │
29
+ │ │ 2. vm.createContext (secondary isolation) │
30
+ │ │ 3. Execute: (async () => { transformAutoReturn(code) })() │
31
+ │ │ 4. RPC calls ──► MessagePort ──► Main thread │
32
+ │ │ 5. Return result/error + ExecutionMetrics │
33
+ │ │ │
34
+ │ │ resourceLimits: maxOldGenerationSizeMb │
35
+ │ │ Hard timeout: worker.terminate() from main thread │
36
+ │ └──────────────────────────────────────────────────────────┘
37
+ ```
38
+
39
+ ## File-by-File Breakdown
40
+
41
+ ### `types.ts`
42
+
43
+ Core type definitions. Key interfaces:
44
+
45
+ - **`SandboxOptions`** — `memoryLimitMb` (128), `timeoutMs` (30000), `cpuLimitMs` (10000)
46
+ - **`PoolOptions`** — `minInstances` (2), `maxInstances` (10), `idleTimeoutMs` (60000)
47
+ - **`SandboxResult`** — `{ success, result?, error?, stack?, metrics }`
48
+ - **`SecurityConfig`** — `maxCodeLength`, `maxExecutionsPerMinute`, `maxResultSize`, `blockedPatterns`
49
+ - **`RpcRequest`** — `{ id, group, method, args }` (worker → main thread)
50
+ - **`RpcResponse`** — `{ id, result?, error? }` (main → worker thread)
51
+ - **`ExecuteCodeOptions`** — `{ code, timeout?, readonly? }` (tool input)
52
+
53
+ ### `security.ts`
54
+
55
+ Pre-execution security validation:
56
+
57
+ - **Code validation** — length check, empty check, blocked pattern scan
58
+ - **Rate limiting** — sliding 1-minute window per client ID, configurable limit
59
+ - **Result validation** — post-execution JSON serialization size check
60
+ - **Cleanup** — periodic `cleanupRateLimits()` to prevent memory leaks
61
+ - **Additional blocked patterns** — `Reflect.*`, `Symbol.*`, `new Proxy` (escape aids), `(SELECT` (WHERE clause subquery injection)
62
+
63
+ > [!IMPORTANT]
64
+ > The `(SELECT` pattern prevents blind data exfiltration via `CASE WHEN (SELECT ...) THEN ... ELSE ...` in WHERE clauses passed to Code Mode tools. This is distinct from the semicolon-chained patterns in `validateWhereClause()` — both layers are required.
65
+
66
+ ### `sandbox.ts` (VM-based — dev/test only)
67
+
68
+ Lightweight sandbox using `node:vm`. Use only for testing environments as it does not securely isolate memory or CPU execution boundaries:
69
+
70
+ - **LRU script cache** (50 entries) — avoid recompilation
71
+ - **Nulled globals** — `process`, `require`, `global`, `globalThis`, `setTimeout`, `setInterval`
72
+ - **Frozen built-in prototypes** — All built-in prototypes (`Object`, `Function`, `Error`, `Array`, `Promise`, `String`, `Number`, `Boolean`, `RegExp`, `Map`, `Set`, typed arrays) must be frozen inside the `vm` context to prevent constructor chain escapes via string concatenation (e.g., `'con'+'structor'` bypasses static blocked pattern scanning)
73
+ - **`microtaskMode: "afterEvaluate"`** — prevents async escapes (safe here because VM sandbox doesn't use async IIFE execution)
74
+ - **`SandboxPool`** — concurrent execution with max instances guard
75
+ - **Auto-return transform** — applies `transformAutoReturn()` before IIFE wrapping so bare expressions surface their return value
76
+
77
+ > ⚠️ **Do NOT use `microtaskMode: 'afterEvaluate'` in the worker-thread sandbox** — it prevents async function Promises from resolving, causing the worker to hang forever.
78
+
79
+ ### `worker-sandbox.ts` (Production Standard)
80
+
81
+ True V8 isolate via `node:worker_threads` (Mandatory for production release):
82
+
83
+ - **`WorkerSandbox.execute(code, apiBindings)`** — spawns fresh worker per execution
84
+ - **RPC bridge** — `MessageChannel` with `hostPort` (main) and `workerPort` (worker)
85
+ - **MessagePort transfer** — pass `workerPort` via `workerData.rpcPort` + `transferList: [workerPort]` in the constructor. **Never** double-transfer with a separate `postMessage` — the port becomes detached after the first transfer.
86
+ - **Binding serialization** — separate group objects → method name arrays and top-level function aliases → `_topLevel` key. The RPC handler must dispatch `_topLevel` methods from `apiBindings` root.
87
+ - **Resource limits** — `maxOldGenerationSizeMb` and `maxYoungGenerationSizeMb`
88
+ - **Hard timeout** — `worker.terminate()` after `timeoutMs + 1000ms` grace
89
+ - **Two message channels**: `hostPort.on('message')` for RPC only; `worker.on('message')` for completion results
90
+ - **Timeout forwarding** — The tool handler **must** destructure `timeout` from the parsed Zod input and pass it as `timeoutMs` to `pool.execute()`. If omitted, all executions silently use the default 30s regardless of user input. This was a production bug in memory-journal-mcp (March 2026). The pattern is: `const { code, timeout, readonly } = Schema.parse(params); await pool.execute(code, bindings, { timeoutMs: timeout ?? DEFAULT_TIMEOUT });`
91
+ - **Negative `memoryUsedMb` clamping** — Worker memory metrics can report negative values due to GC timing. Always clamp: `memoryUsedMb: Math.max(0, (rss - baseline) / 1048576)`. This prevents confusing negative memory usage in execution metrics returned to the client.
92
+
93
+ ### `worker-script.ts` (Worker entry point)
94
+
95
+ Runs inside the worker thread:
96
+
97
+ - Receives `{ code, methodList, timeoutMs, rpcPort }` via `workerData`
98
+ - Builds **async Proxy API** — each method sends `RpcRequest` over `rpcPort`, awaits `RpcResponse`. Readonly mode wraps undefined mutation methods in a Proxy `'get'` trap that rejects the promise, natively catching and returning a structured `{ success: false, error }` response.
99
+ - `_topLevel` methods are mounted directly on the API root (e.g., `mj.createEntry`)
100
+ - Wraps code in `(async () => { transformAutoReturn(user_code) })()` for async support — `transformAutoReturn()` prepends `return` to the last expression statement so bare expressions surface their value (Node REPL semantics)
101
+ - Secondary `vm.createContext` isolation within the worker — **do NOT use `microtaskMode: 'afterEvaluate'`** and **do NOT explicitly inject built-ins** (`Promise`, `JSON`, etc.) — they inherit from the worker's global scope
102
+ - **Frozen built-in prototypes** — Same freezing as `sandbox.ts`. Apply `Object.freeze(builtin.prototype)` to all built-ins inside the `vm` context before executing user code
103
+ - **Result path**: close `rpcPort` with `unref()` + `close()`, then send result via `parentPort.postMessage()`
104
+ - Measures CPU time via `process.cpuUsage()`
105
+
106
+ ### `sandbox-factory.ts`
107
+
108
+ Runtime mode selection:
109
+
110
+ - `createSandbox(mode)` → `CodeModeSandbox` or `WorkerSandbox`
111
+ - `createSandboxPool(mode)` → `SandboxPool` or `WorkerSandboxPool`
112
+ - `getSandboxModeInfo()` → description, security level, isolation type
113
+ - Default mode: `'worker'`
114
+
115
+ ### `api.ts`
116
+
117
+ The API bridge — transforms `ToolDefinition[]` into the namespaced API object:
118
+
119
+ **Key functions:**
120
+
121
+ - `toolNameToMethodName(name, group)` — strips prefix, converts snake_case → camelCase
122
+ - `normalizeParams(method, args)` — maps positional args to named params using `POSITIONAL_PARAM_MAP`. Handles multiple input types: string, number, boolean single args (not just strings). For non-string primitives passed as a single positional arg, wraps into the first parameter name.
123
+ - `createGroupApi(group, tools)` — builds one group namespace with handlers, aliases, and `help()`
124
+ - `{Api}.createSandboxBindings()` — assembles the complete `{prefix}.*` object
125
+ - `{prefix}.reportProgress(current, total, message)` — utility for sandboxed code to emit MCP progress notifications. Bridges to the main thread's `sendProgress()` via the RPC channel. Silently no-ops when the client doesn't request progress
126
+
127
+ **`help()` behavior:** The `help()` method at both top level and per group lists **ALL methods regardless of the `readonly` flag**. Write methods are wrapped with readonly guards that return structured errors when called in readonly mode, but they still appear in the `help()` listing for discoverability.
128
+
129
+ **Positional parameter completeness:** When adding new tools or groups, verify that the `POSITIONAL_PARAM_MAP` covers all methods that accept a single "primary" argument. Missing mappings force agents to use verbose object syntax even for simple calls.
130
+
131
+ **Recursion prevention:** Filters out `codemode` group tools during construction.
132
+
133
+ ### `api-constants.ts`
134
+
135
+ Static configuration maps:
136
+
137
+ - **`METHOD_ALIASES`** — shorthand names per group (e.g., `core.create` → `createEntry`). Ensure semantic correctness: `log` and `record` aliases must point to the right methods.
138
+ - **`GROUP_EXAMPLES`** — usage examples for `help()` output
139
+ - **`POSITIONAL_PARAM_MAP`** — enables `mj.core.createEntry("note")` → `{ content: "note" }`
140
+ - **`GROUP_PREFIX_MAP`** — prefix stripping rules per group
141
+ - **`KEEP_PREFIX_GROUPS`** — groups that retain meaningful prefixes (e.g., `github`, `team`)
142
+
143
+ ### `api/` Subdirectory Variant (Adapter Servers)
144
+
145
+ For adapter-based servers with large tool sets (50+ tools, extensive aliases), the single `api.ts` + `api-constants.ts` pattern becomes unwieldy. Split into a dedicated subdirectory:
146
+
147
+ ```
148
+ src/codemode/api/
149
+ index.ts — Main API bridge — exposes tools to sandbox
150
+ maps.ts — Tool name → handler function mapping (can grow to 20KB+)
151
+ group-api.ts — Per-group API surface generation
152
+ aliases.ts — Tool alias resolution (can grow to 15KB+)
153
+ normalize.ts — Parameter normalization utilities
154
+ ```
155
+
156
+ **When to split:** When `api.ts` exceeds ~500 lines or `api-constants.ts` exceeds ~300 lines. Adapter servers with 200+ tools (postgres-mcp, mysql-mcp) should always use the subdirectory pattern.
157
+
158
+ **Key difference from single-file:** The `maps.ts` file replaces the `POSITIONAL_PARAM_MAP` and `METHOD_ALIASES` constants, while `group-api.ts` replaces the `createGroupApi()` function. The `normalize.ts` file extracts parameter normalization from `api.ts`.
159
+
160
+ ## Tool Handler Pattern
161
+
162
+ The `{prefix}_execute_code` tool handler sits in `src/handlers/tools/codemode.ts`:
163
+
164
+ ```typescript
165
+ // Key flow:
166
+ // 1. Parse input (code, timeout, readonly)
167
+ // 2. Security validation → early return if blocked
168
+ // 3. Rate limit check → early return if exceeded
169
+ // 4. Collect non-codemode tools from all group modules
170
+ // 5. Optional readonly filter (only readOnlyHint: true tools)
171
+ // 6. Build API bridge from tool definitions
172
+ // 7. Execute in sandbox pool
173
+ // 8. Validate result size → return structured result
174
+ ```
175
+
176
+ > [!CAUTION]
177
+ > **`outputSchema` pitfall**: Do NOT define `outputSchema` with `z.unknown()` on the Code Mode tool. It produces a bare `{}` JSON Schema that crashes AntiGravity's `structuredContent` processing. Omit `outputSchema` entirely — dynamically-typed results should use the plain text JSON response path.
178
+
179
+ **Import strategy:** Import from leaf tool group modules (e.g., `./core.js`, `./search.js`) directly — NOT from the tool barrel `./index.js` to avoid circular dependencies.
180
+
181
+ ## Integration Checklist
182
+
183
+ When adding Code Mode to a new MCP server:
184
+
185
+ - [ ] Create `src/codemode/` directory with all 10 files (or 5 + `api/` subdir for adapter servers)
186
+ - [ ] Add `'codemode'` to the `ToolGroup` union type
187
+ - [ ] Create `src/handlers/tools/codemode.ts` handler
188
+ - [ ] Wire `getCodeModeTools()` into `getAllToolDefinitions()`
189
+ - [ ] Add `codemode` to `TOOL_GROUPS` record in `ToolFilter`
190
+ - [ ] Add `'codemode'` to the `'full'` meta-group
191
+ - [ ] Add codemode icon to the icon map
192
+ - [ ] Add `--sandbox-mode` CLI flag (optional)
193
+ - [ ] Update `server-instructions.ts` with Code Mode preference guidance
194
+ - [ ] Update README, code-map, and tool-reference docs
195
+ - [ ] Write tests: API bridge, security, sandbox, worker sandbox, handler integration
196
+
197
+ ## Testing Patterns
198
+
199
+ ### API Bridge Tests (`tests/codemode/api.test.ts`)
200
+
201
+ - `toolNameToMethodName()` — verify snake_case → camelCase for all groups
202
+ - `normalizeParams()` — test positional args, object passthrough, multi-arg mapping
203
+ - `JournalApi` construction — verify group count, method count, alias resolution
204
+ - `createSandboxBindings()` — verify all namespaces present, `help()` returns valid info
205
+
206
+ ### Security Tests (`tests/codemode/security.test.ts`)
207
+
208
+ - Blocked patterns — each pattern individually and in combinations
209
+ - Code length limits — boundary values (exactly at, one over)
210
+ - Rate limiting — within limit, at limit, over limit, window reset
211
+ - Result size — within limit, over limit, non-serializable results
212
+
213
+ ### Sandbox Tests (`tests/codemode/sandbox.test.ts`)
214
+
215
+ - Basic execution — `return 1 + 1`
216
+ - Async execution — `return await Promise.resolve(42)`
217
+ - Nulled globals — `process`, `require`, `eval` should be undefined
218
+ - Timeout enforcement — infinite loop should terminate
219
+ - Script cache — verify cache hit on repeated execution
220
+
221
+ ### Worker Sandbox Tests (`tests/codemode/worker-sandbox.test.ts`)
222
+
223
+ - RPC bridge — verify tool calls route to main thread and return results
224
+ - Resource limits — OOM should terminate worker gracefully
225
+ - Hard timeout — long-running code should be terminated
226
+ - Fresh state — each execution gets a clean worker
227
+
228
+ ### Handler Integration Tests (`tests/handlers/codemode-tool-handlers.test.ts`)
229
+
230
+ - Happy path — simple code execution returns result
231
+ - Error path — invalid code returns `{ success: false, error }`
232
+ - Readonly mode — write tools should be filtered out
233
+ - Cross-group workflow — code that uses multiple API groups
234
+ - Security rejection — blocked patterns return structured error
235
+
236
+ ## AntiGravity Agent Considerations
237
+
238
+ When deploying an MCP server with Code Mode inside AntiGravity:
239
+
240
+ - AntiGravity defaults to raw parameter schemas and doesn't implicitly know about internal API mappings or aliases
241
+ - **Always provide a reference** to the injected API bindings via `server-instructions.ts` — include group namespaces, method signatures, and positional argument examples
242
+ - Add a system prompt rule instructing the agent to prefer Code Mode for multi-step operations:
243
+ > _"When using this server, prefer `{prefix}_execute_code` (Code Mode) for multi-step operations to minimize token usage."_
244
+ - The `help()` method at top level and per group provides runtime discoverability as a fallback
245
+ - **`outputSchema` pitfall**: Do NOT define `outputSchema` with `z.unknown()` on the Code Mode tool. It produces a bare `{}` JSON Schema that crashes AntiGravity's `structuredContent` processing. Omit `outputSchema` entirely — dynamically-typed results should use the plain text JSON response path. (Also documented above in Tool Handler Pattern.)