memory-journal-mcp 7.7.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (531) hide show
  1. package/README.md +126 -56
  2. package/dist/chunk-6OHRCNYW.js +3231 -0
  3. package/dist/chunk-JFMITANR.js +5168 -0
  4. package/dist/{chunk-QCQPAF4I.js → chunk-MWNLAEHR.js} +301 -4321
  5. package/dist/{chunk-ARLYSFSI.js → chunk-UHSO65A4.js} +4242 -6092
  6. package/dist/cli.js +21 -3
  7. package/dist/index.d.ts +16 -13
  8. package/dist/index.js +4 -2
  9. package/dist/resources-IJVKDFGS.js +2 -0
  10. package/dist/tools-44DGXE3V.js +2 -0
  11. package/dist/worker-script.js +201 -20
  12. package/package.json +7 -4
  13. package/skills/README.md +62 -25
  14. package/skills/adversarial-performance/SKILL.md +139 -0
  15. package/skills/adversarial-performance/references/audit-categories.md +462 -0
  16. package/skills/adversarial-performance/references/copilot-performance-prompts.md +44 -0
  17. package/skills/adversarial-performance/references/copilot-usage.md +16 -0
  18. package/skills/adversarial-performance/references/feedback-loop.md +177 -0
  19. package/skills/adversarial-performance/references/multi-pass-performance-protocol.md +398 -0
  20. package/skills/adversarial-planner/SKILL.md +23 -54
  21. package/skills/adversarial-planner/references/copilot-integration.md +25 -40
  22. package/skills/adversarial-planner/references/copilot-usage.md +16 -0
  23. package/skills/adversarial-planner/references/multi-pass-protocol.md +4 -0
  24. package/skills/adversarial-security/SKILL.md +149 -0
  25. package/skills/adversarial-security/references/adversarial-base-protocol.md +44 -0
  26. package/skills/adversarial-security/references/audit-categories.md +723 -0
  27. package/skills/adversarial-security/references/copilot-security-prompts.md +142 -0
  28. package/skills/adversarial-security/references/copilot-usage.md +16 -0
  29. package/skills/adversarial-security/references/feedback-loop.md +206 -0
  30. package/skills/adversarial-security/references/journal-opt-out.md +7 -0
  31. package/skills/adversarial-security/references/multi-pass-security-protocol.md +403 -0
  32. package/skills/adversarial-skill-audit/SKILL.md +118 -0
  33. package/skills/adversarial-skill-audit/references/audit-categories.md +308 -0
  34. package/skills/adversarial-skill-audit/references/copilot-skill-prompts.md +68 -0
  35. package/skills/adversarial-skill-audit/references/copilot-usage.md +16 -0
  36. package/skills/adversarial-skill-audit/references/feedback-loop.md +155 -0
  37. package/skills/adversarial-skill-audit/references/multi-pass-skill-protocol.md +367 -0
  38. package/skills/adversarial-skill-audit/scripts/check-skills.ps1 +48 -0
  39. package/skills/adversarial-skill-audit/scripts/run-copilot.ps1 +52 -0
  40. package/skills/adversarial-workflow-audit/SKILL.md +82 -0
  41. package/skills/adversarial-workflow-audit/references/audit-categories.md +28 -0
  42. package/skills/adversarial-workflow-audit/references/copilot-usage.md +16 -0
  43. package/skills/adversarial-workflow-audit/scripts/check-workflows.ps1 +24 -0
  44. package/skills/agents-sdk/SKILL.md +220 -0
  45. package/skills/agents-sdk/references/callable.md +92 -0
  46. package/skills/agents-sdk/references/codemode.md +209 -0
  47. package/skills/agents-sdk/references/email.md +144 -0
  48. package/skills/agents-sdk/references/mcp/SKILL.md +65 -0
  49. package/skills/agents-sdk/references/mcp/code-mode-reference.md +245 -0
  50. package/skills/agents-sdk/references/mcp/oauth-reference.md +359 -0
  51. package/skills/agents-sdk/references/mcp/references/architecture-reference.md +208 -0
  52. package/skills/agents-sdk/references/mcp/references/cloudflare-quickstart.md +156 -0
  53. package/skills/agents-sdk/references/mcp/references/error-handling.md +343 -0
  54. package/skills/agents-sdk/references/mcp/references/http-security.md +164 -0
  55. package/skills/agents-sdk/references/mcp/references/implementation-guide.md +507 -0
  56. package/skills/agents-sdk/references/mcp/references/testing-reference.md +171 -0
  57. package/skills/agents-sdk/references/mcp.md +157 -0
  58. package/skills/agents-sdk/references/state-scheduling.md +164 -0
  59. package/skills/agents-sdk/references/streaming-chat.md +168 -0
  60. package/skills/agents-sdk/references/workflows.md +136 -0
  61. package/skills/auth-identity/SKILL.md +48 -0
  62. package/skills/autonomous-dev/SKILL.md +46 -23
  63. package/skills/autonomous-dev/references/workflow_orchestration.md +22 -0
  64. package/skills/aws/SKILL.md +39 -0
  65. package/skills/azure/SKILL.md +38 -0
  66. package/skills/bin/sync.js +7 -1
  67. package/skills/biome/SKILL.md +59 -0
  68. package/skills/bun/SKILL.md +8 -2
  69. package/skills/cloudflare/SKILL.md +37 -0
  70. package/skills/cloudflare/references/agents-sdk/README.md +95 -0
  71. package/skills/cloudflare/references/agents-sdk/api.md +195 -0
  72. package/skills/cloudflare/references/agents-sdk/configuration.md +178 -0
  73. package/skills/cloudflare/references/agents-sdk/gotchas.md +173 -0
  74. package/skills/cloudflare/references/agents-sdk/patterns.md +215 -0
  75. package/skills/cloudflare/references/ai-gateway/README.md +176 -0
  76. package/skills/cloudflare/references/ai-gateway/configuration.md +117 -0
  77. package/skills/cloudflare/references/ai-gateway/dynamic-routing.md +88 -0
  78. package/skills/cloudflare/references/ai-gateway/features.md +96 -0
  79. package/skills/cloudflare/references/ai-gateway/sdk-integration.md +110 -0
  80. package/skills/cloudflare/references/ai-gateway/troubleshooting.md +90 -0
  81. package/skills/cloudflare/references/ai-search/README.md +145 -0
  82. package/skills/cloudflare/references/ai-search/api.md +87 -0
  83. package/skills/cloudflare/references/ai-search/configuration.md +91 -0
  84. package/skills/cloudflare/references/ai-search/gotchas.md +92 -0
  85. package/skills/cloudflare/references/ai-search/patterns.md +87 -0
  86. package/skills/cloudflare/references/analytics-engine/README.md +96 -0
  87. package/skills/cloudflare/references/analytics-engine/api.md +112 -0
  88. package/skills/cloudflare/references/analytics-engine/configuration.md +107 -0
  89. package/skills/cloudflare/references/analytics-engine/gotchas.md +87 -0
  90. package/skills/cloudflare/references/analytics-engine/patterns.md +83 -0
  91. package/skills/cloudflare/references/api/README.md +66 -0
  92. package/skills/cloudflare/references/api/api.md +205 -0
  93. package/skills/cloudflare/references/api/configuration.md +158 -0
  94. package/skills/cloudflare/references/api/gotchas.md +231 -0
  95. package/skills/cloudflare/references/api/patterns.md +208 -0
  96. package/skills/cloudflare/references/api-shield/README.md +44 -0
  97. package/skills/cloudflare/references/api-shield/api.md +153 -0
  98. package/skills/cloudflare/references/api-shield/configuration.md +210 -0
  99. package/skills/cloudflare/references/api-shield/gotchas.md +132 -0
  100. package/skills/cloudflare/references/api-shield/patterns.md +185 -0
  101. package/skills/cloudflare/references/argo-smart-routing/README.md +96 -0
  102. package/skills/cloudflare/references/argo-smart-routing/api.md +253 -0
  103. package/skills/cloudflare/references/argo-smart-routing/configuration.md +205 -0
  104. package/skills/cloudflare/references/argo-smart-routing/gotchas.md +115 -0
  105. package/skills/cloudflare/references/argo-smart-routing/patterns.md +107 -0
  106. package/skills/cloudflare/references/bindings/README.md +127 -0
  107. package/skills/cloudflare/references/bindings/api.md +214 -0
  108. package/skills/cloudflare/references/bindings/configuration.md +200 -0
  109. package/skills/cloudflare/references/bindings/gotchas.md +210 -0
  110. package/skills/cloudflare/references/bindings/patterns.md +205 -0
  111. package/skills/cloudflare/references/bot-management/README.md +95 -0
  112. package/skills/cloudflare/references/bot-management/api.md +175 -0
  113. package/skills/cloudflare/references/bot-management/configuration.md +175 -0
  114. package/skills/cloudflare/references/bot-management/gotchas.md +116 -0
  115. package/skills/cloudflare/references/bot-management/patterns.md +181 -0
  116. package/skills/cloudflare/references/browser-rendering/README.md +84 -0
  117. package/skills/cloudflare/references/browser-rendering/api.md +108 -0
  118. package/skills/cloudflare/references/browser-rendering/configuration.md +78 -0
  119. package/skills/cloudflare/references/browser-rendering/gotchas.md +91 -0
  120. package/skills/cloudflare/references/browser-rendering/patterns.md +93 -0
  121. package/skills/cloudflare/references/c3/README.md +111 -0
  122. package/skills/cloudflare/references/c3/api.md +71 -0
  123. package/skills/cloudflare/references/c3/configuration.md +85 -0
  124. package/skills/cloudflare/references/c3/gotchas.md +97 -0
  125. package/skills/cloudflare/references/c3/patterns.md +84 -0
  126. package/skills/cloudflare/references/cache-reserve/README.md +150 -0
  127. package/skills/cloudflare/references/cache-reserve/api.md +184 -0
  128. package/skills/cloudflare/references/cache-reserve/configuration.md +170 -0
  129. package/skills/cloudflare/references/cache-reserve/gotchas.md +136 -0
  130. package/skills/cloudflare/references/cache-reserve/patterns.md +197 -0
  131. package/skills/cloudflare/references/containers/README.md +87 -0
  132. package/skills/cloudflare/references/containers/api.md +197 -0
  133. package/skills/cloudflare/references/containers/configuration.md +191 -0
  134. package/skills/cloudflare/references/containers/gotchas.md +182 -0
  135. package/skills/cloudflare/references/containers/patterns.md +204 -0
  136. package/skills/cloudflare/references/cron-triggers/README.md +101 -0
  137. package/skills/cloudflare/references/cron-triggers/api.md +224 -0
  138. package/skills/cloudflare/references/cron-triggers/configuration.md +190 -0
  139. package/skills/cloudflare/references/cron-triggers/gotchas.md +207 -0
  140. package/skills/cloudflare/references/cron-triggers/patterns.md +274 -0
  141. package/skills/cloudflare/references/d1/README.md +137 -0
  142. package/skills/cloudflare/references/d1/api.md +213 -0
  143. package/skills/cloudflare/references/d1/configuration.md +198 -0
  144. package/skills/cloudflare/references/d1/gotchas.md +98 -0
  145. package/skills/cloudflare/references/d1/patterns.md +240 -0
  146. package/skills/cloudflare/references/ddos/README.md +42 -0
  147. package/skills/cloudflare/references/ddos/api.md +158 -0
  148. package/skills/cloudflare/references/ddos/configuration.md +94 -0
  149. package/skills/cloudflare/references/ddos/gotchas.md +114 -0
  150. package/skills/cloudflare/references/ddos/patterns.md +220 -0
  151. package/skills/cloudflare/references/decision-trees.md +95 -0
  152. package/skills/cloudflare/references/do-storage/README.md +79 -0
  153. package/skills/cloudflare/references/do-storage/api.md +107 -0
  154. package/skills/cloudflare/references/do-storage/configuration.md +114 -0
  155. package/skills/cloudflare/references/do-storage/gotchas.md +153 -0
  156. package/skills/cloudflare/references/do-storage/patterns.md +210 -0
  157. package/skills/cloudflare/references/do-storage/testing.md +186 -0
  158. package/skills/cloudflare/references/durable-objects/README.md +194 -0
  159. package/skills/cloudflare/references/durable-objects/api.md +205 -0
  160. package/skills/cloudflare/references/durable-objects/configuration.md +160 -0
  161. package/skills/cloudflare/references/durable-objects/gotchas.md +200 -0
  162. package/skills/cloudflare/references/durable-objects/patterns.md +205 -0
  163. package/skills/cloudflare/references/email-routing/README.md +89 -0
  164. package/skills/cloudflare/references/email-routing/api.md +192 -0
  165. package/skills/cloudflare/references/email-routing/configuration.md +187 -0
  166. package/skills/cloudflare/references/email-routing/gotchas.md +203 -0
  167. package/skills/cloudflare/references/email-routing/patterns.md +241 -0
  168. package/skills/cloudflare/references/email-workers/README.md +153 -0
  169. package/skills/cloudflare/references/email-workers/api.md +227 -0
  170. package/skills/cloudflare/references/email-workers/configuration.md +115 -0
  171. package/skills/cloudflare/references/email-workers/gotchas.md +133 -0
  172. package/skills/cloudflare/references/email-workers/patterns.md +108 -0
  173. package/skills/cloudflare/references/graphql-api/README.md +147 -0
  174. package/skills/cloudflare/references/graphql-api/api.md +175 -0
  175. package/skills/cloudflare/references/graphql-api/configuration.md +151 -0
  176. package/skills/cloudflare/references/graphql-api/gotchas.md +111 -0
  177. package/skills/cloudflare/references/graphql-api/patterns.md +276 -0
  178. package/skills/cloudflare/references/hyperdrive/README.md +84 -0
  179. package/skills/cloudflare/references/hyperdrive/api.md +149 -0
  180. package/skills/cloudflare/references/hyperdrive/configuration.md +166 -0
  181. package/skills/cloudflare/references/hyperdrive/gotchas.md +77 -0
  182. package/skills/cloudflare/references/hyperdrive/patterns.md +203 -0
  183. package/skills/cloudflare/references/images/README.md +65 -0
  184. package/skills/cloudflare/references/images/api.md +101 -0
  185. package/skills/cloudflare/references/images/configuration.md +206 -0
  186. package/skills/cloudflare/references/images/gotchas.md +106 -0
  187. package/skills/cloudflare/references/images/patterns.md +126 -0
  188. package/skills/cloudflare/references/kv/README.md +90 -0
  189. package/skills/cloudflare/references/kv/api.md +163 -0
  190. package/skills/cloudflare/references/kv/configuration.md +148 -0
  191. package/skills/cloudflare/references/kv/gotchas.md +133 -0
  192. package/skills/cloudflare/references/kv/patterns.md +195 -0
  193. package/skills/cloudflare/references/miniflare/README.md +113 -0
  194. package/skills/cloudflare/references/miniflare/api.md +204 -0
  195. package/skills/cloudflare/references/miniflare/configuration.md +174 -0
  196. package/skills/cloudflare/references/miniflare/gotchas.md +179 -0
  197. package/skills/cloudflare/references/miniflare/patterns.md +187 -0
  198. package/skills/cloudflare/references/network-interconnect/README.md +104 -0
  199. package/skills/cloudflare/references/network-interconnect/api.md +220 -0
  200. package/skills/cloudflare/references/network-interconnect/configuration.md +123 -0
  201. package/skills/cloudflare/references/network-interconnect/gotchas.md +175 -0
  202. package/skills/cloudflare/references/network-interconnect/patterns.md +174 -0
  203. package/skills/cloudflare/references/observability/README.md +93 -0
  204. package/skills/cloudflare/references/observability/api.md +168 -0
  205. package/skills/cloudflare/references/observability/configuration.md +178 -0
  206. package/skills/cloudflare/references/observability/gotchas.md +125 -0
  207. package/skills/cloudflare/references/observability/patterns.md +105 -0
  208. package/skills/cloudflare/references/pages/README.md +92 -0
  209. package/skills/cloudflare/references/pages/api.md +205 -0
  210. package/skills/cloudflare/references/pages/configuration.md +216 -0
  211. package/skills/cloudflare/references/pages/gotchas.md +218 -0
  212. package/skills/cloudflare/references/pages/patterns.md +215 -0
  213. package/skills/cloudflare/references/pages-functions/README.md +104 -0
  214. package/skills/cloudflare/references/pages-functions/api.md +159 -0
  215. package/skills/cloudflare/references/pages-functions/configuration.md +130 -0
  216. package/skills/cloudflare/references/pages-functions/gotchas.md +102 -0
  217. package/skills/cloudflare/references/pages-functions/patterns.md +148 -0
  218. package/skills/cloudflare/references/pipelines/README.md +109 -0
  219. package/skills/cloudflare/references/pipelines/api.md +214 -0
  220. package/skills/cloudflare/references/pipelines/configuration.md +98 -0
  221. package/skills/cloudflare/references/pipelines/gotchas.md +84 -0
  222. package/skills/cloudflare/references/pipelines/patterns.md +87 -0
  223. package/skills/cloudflare/references/product-index.md +112 -0
  224. package/skills/cloudflare/references/pulumi/README.md +113 -0
  225. package/skills/cloudflare/references/pulumi/api.md +230 -0
  226. package/skills/cloudflare/references/pulumi/configuration.md +213 -0
  227. package/skills/cloudflare/references/pulumi/gotchas.md +205 -0
  228. package/skills/cloudflare/references/pulumi/patterns.md +260 -0
  229. package/skills/cloudflare/references/queues/README.md +99 -0
  230. package/skills/cloudflare/references/queues/api.md +211 -0
  231. package/skills/cloudflare/references/queues/configuration.md +151 -0
  232. package/skills/cloudflare/references/queues/gotchas.md +210 -0
  233. package/skills/cloudflare/references/queues/patterns.md +220 -0
  234. package/skills/cloudflare/references/r2/README.md +97 -0
  235. package/skills/cloudflare/references/r2/api.md +235 -0
  236. package/skills/cloudflare/references/r2/configuration.md +176 -0
  237. package/skills/cloudflare/references/r2/gotchas.md +190 -0
  238. package/skills/cloudflare/references/r2/patterns.md +203 -0
  239. package/skills/cloudflare/references/r2-data-catalog/README.md +157 -0
  240. package/skills/cloudflare/references/r2-data-catalog/api.md +199 -0
  241. package/skills/cloudflare/references/r2-data-catalog/configuration.md +205 -0
  242. package/skills/cloudflare/references/r2-data-catalog/gotchas.md +170 -0
  243. package/skills/cloudflare/references/r2-data-catalog/patterns.md +191 -0
  244. package/skills/cloudflare/references/r2-sql/README.md +138 -0
  245. package/skills/cloudflare/references/r2-sql/SKILL.md.backup +512 -0
  246. package/skills/cloudflare/references/r2-sql/api.md +159 -0
  247. package/skills/cloudflare/references/r2-sql/configuration.md +152 -0
  248. package/skills/cloudflare/references/r2-sql/gotchas.md +228 -0
  249. package/skills/cloudflare/references/r2-sql/patterns.md +230 -0
  250. package/skills/cloudflare/references/realtime-sfu/README.md +66 -0
  251. package/skills/cloudflare/references/realtime-sfu/api.md +164 -0
  252. package/skills/cloudflare/references/realtime-sfu/configuration.md +141 -0
  253. package/skills/cloudflare/references/realtime-sfu/gotchas.md +138 -0
  254. package/skills/cloudflare/references/realtime-sfu/patterns.md +187 -0
  255. package/skills/cloudflare/references/realtimekit/README.md +118 -0
  256. package/skills/cloudflare/references/realtimekit/api.md +234 -0
  257. package/skills/cloudflare/references/realtimekit/configuration.md +226 -0
  258. package/skills/cloudflare/references/realtimekit/gotchas.md +206 -0
  259. package/skills/cloudflare/references/realtimekit/patterns.md +240 -0
  260. package/skills/cloudflare/references/sandbox/README.md +104 -0
  261. package/skills/cloudflare/references/sandbox/api.md +200 -0
  262. package/skills/cloudflare/references/sandbox/configuration.md +154 -0
  263. package/skills/cloudflare/references/sandbox/gotchas.md +201 -0
  264. package/skills/cloudflare/references/sandbox/patterns.md +195 -0
  265. package/skills/cloudflare/references/secrets-store/README.md +77 -0
  266. package/skills/cloudflare/references/secrets-store/api.md +199 -0
  267. package/skills/cloudflare/references/secrets-store/configuration.md +187 -0
  268. package/skills/cloudflare/references/secrets-store/gotchas.md +97 -0
  269. package/skills/cloudflare/references/secrets-store/patterns.md +218 -0
  270. package/skills/cloudflare/references/smart-placement/README.md +143 -0
  271. package/skills/cloudflare/references/smart-placement/api.md +192 -0
  272. package/skills/cloudflare/references/smart-placement/configuration.md +202 -0
  273. package/skills/cloudflare/references/smart-placement/gotchas.md +180 -0
  274. package/skills/cloudflare/references/smart-placement/patterns.md +190 -0
  275. package/skills/cloudflare/references/snippets/README.md +74 -0
  276. package/skills/cloudflare/references/snippets/api.md +214 -0
  277. package/skills/cloudflare/references/snippets/configuration.md +239 -0
  278. package/skills/cloudflare/references/snippets/gotchas.md +104 -0
  279. package/skills/cloudflare/references/snippets/patterns.md +135 -0
  280. package/skills/cloudflare/references/spectrum/README.md +52 -0
  281. package/skills/cloudflare/references/spectrum/api.md +184 -0
  282. package/skills/cloudflare/references/spectrum/configuration.md +203 -0
  283. package/skills/cloudflare/references/spectrum/gotchas.md +155 -0
  284. package/skills/cloudflare/references/spectrum/patterns.md +206 -0
  285. package/skills/cloudflare/references/static-assets/README.md +65 -0
  286. package/skills/cloudflare/references/static-assets/api.md +201 -0
  287. package/skills/cloudflare/references/static-assets/configuration.md +186 -0
  288. package/skills/cloudflare/references/static-assets/gotchas.md +164 -0
  289. package/skills/cloudflare/references/static-assets/patterns.md +189 -0
  290. package/skills/cloudflare/references/stream/README.md +123 -0
  291. package/skills/cloudflare/references/stream/api-live.md +202 -0
  292. package/skills/cloudflare/references/stream/api.md +206 -0
  293. package/skills/cloudflare/references/stream/configuration.md +151 -0
  294. package/skills/cloudflare/references/stream/gotchas.md +139 -0
  295. package/skills/cloudflare/references/stream/patterns.md +217 -0
  296. package/skills/cloudflare/references/tail-workers/README.md +92 -0
  297. package/skills/cloudflare/references/tail-workers/api.md +203 -0
  298. package/skills/cloudflare/references/tail-workers/configuration.md +178 -0
  299. package/skills/cloudflare/references/tail-workers/gotchas.md +206 -0
  300. package/skills/cloudflare/references/tail-workers/patterns.md +190 -0
  301. package/skills/cloudflare/references/terraform/README.md +100 -0
  302. package/skills/cloudflare/references/terraform/api.md +178 -0
  303. package/skills/cloudflare/references/terraform/configuration.md +197 -0
  304. package/skills/cloudflare/references/terraform/gotchas.md +150 -0
  305. package/skills/cloudflare/references/terraform/patterns.md +174 -0
  306. package/skills/cloudflare/references/tunnel/README.md +137 -0
  307. package/skills/cloudflare/references/tunnel/api.md +205 -0
  308. package/skills/cloudflare/references/tunnel/configuration.md +163 -0
  309. package/skills/cloudflare/references/tunnel/gotchas.md +159 -0
  310. package/skills/cloudflare/references/tunnel/networking.md +174 -0
  311. package/skills/cloudflare/references/tunnel/patterns.md +199 -0
  312. package/skills/cloudflare/references/turn/README.md +86 -0
  313. package/skills/cloudflare/references/turn/api.md +236 -0
  314. package/skills/cloudflare/references/turn/configuration.md +181 -0
  315. package/skills/cloudflare/references/turn/gotchas.md +236 -0
  316. package/skills/cloudflare/references/turn/patterns.md +228 -0
  317. package/skills/cloudflare/references/turnstile/README.md +102 -0
  318. package/skills/cloudflare/references/turnstile/api.md +253 -0
  319. package/skills/cloudflare/references/turnstile/configuration.md +242 -0
  320. package/skills/cloudflare/references/turnstile/gotchas.md +253 -0
  321. package/skills/cloudflare/references/turnstile/patterns.md +195 -0
  322. package/skills/cloudflare/references/vectorize/README.md +133 -0
  323. package/skills/cloudflare/references/vectorize/api.md +89 -0
  324. package/skills/cloudflare/references/vectorize/configuration.md +91 -0
  325. package/skills/cloudflare/references/vectorize/gotchas.md +83 -0
  326. package/skills/cloudflare/references/vectorize/patterns.md +92 -0
  327. package/skills/cloudflare/references/waf/README.md +125 -0
  328. package/skills/cloudflare/references/waf/api.md +203 -0
  329. package/skills/cloudflare/references/waf/configuration.md +215 -0
  330. package/skills/cloudflare/references/waf/gotchas.md +208 -0
  331. package/skills/cloudflare/references/waf/patterns.md +236 -0
  332. package/skills/cloudflare/references/web-analytics/README.md +149 -0
  333. package/skills/cloudflare/references/web-analytics/configuration.md +81 -0
  334. package/skills/cloudflare/references/web-analytics/gotchas.md +86 -0
  335. package/skills/cloudflare/references/web-analytics/integration.md +63 -0
  336. package/skills/cloudflare/references/web-analytics/patterns.md +98 -0
  337. package/skills/cloudflare/references/workerd/README.md +85 -0
  338. package/skills/cloudflare/references/workerd/api.md +219 -0
  339. package/skills/cloudflare/references/workerd/configuration.md +200 -0
  340. package/skills/cloudflare/references/workerd/gotchas.md +151 -0
  341. package/skills/cloudflare/references/workerd/patterns.md +205 -0
  342. package/skills/cloudflare/references/workers/README.md +110 -0
  343. package/skills/cloudflare/references/workers/api.md +197 -0
  344. package/skills/cloudflare/references/workers/configuration.md +184 -0
  345. package/skills/cloudflare/references/workers/frameworks.md +200 -0
  346. package/skills/cloudflare/references/workers/gotchas.md +145 -0
  347. package/skills/cloudflare/references/workers/patterns.md +220 -0
  348. package/skills/cloudflare/references/workers-ai/README.md +206 -0
  349. package/skills/cloudflare/references/workers-ai/api.md +115 -0
  350. package/skills/cloudflare/references/workers-ai/configuration.md +98 -0
  351. package/skills/cloudflare/references/workers-ai/gotchas.md +130 -0
  352. package/skills/cloudflare/references/workers-ai/patterns.md +122 -0
  353. package/skills/cloudflare/references/workers-for-platforms/README.md +95 -0
  354. package/skills/cloudflare/references/workers-for-platforms/api.md +212 -0
  355. package/skills/cloudflare/references/workers-for-platforms/configuration.md +178 -0
  356. package/skills/cloudflare/references/workers-for-platforms/gotchas.md +134 -0
  357. package/skills/cloudflare/references/workers-for-platforms/patterns.md +210 -0
  358. package/skills/cloudflare/references/workers-playground/README.md +131 -0
  359. package/skills/cloudflare/references/workers-playground/api.md +101 -0
  360. package/skills/cloudflare/references/workers-playground/configuration.md +169 -0
  361. package/skills/cloudflare/references/workers-playground/gotchas.md +88 -0
  362. package/skills/cloudflare/references/workers-playground/patterns.md +134 -0
  363. package/skills/cloudflare/references/workers-vpc/README.md +130 -0
  364. package/skills/cloudflare/references/workers-vpc/api.md +196 -0
  365. package/skills/cloudflare/references/workers-vpc/configuration.md +151 -0
  366. package/skills/cloudflare/references/workers-vpc/gotchas.md +171 -0
  367. package/skills/cloudflare/references/workers-vpc/patterns.md +235 -0
  368. package/skills/cloudflare/references/workflows/README.md +72 -0
  369. package/skills/cloudflare/references/workflows/api.md +237 -0
  370. package/skills/cloudflare/references/workflows/configuration.md +158 -0
  371. package/skills/cloudflare/references/workflows/gotchas.md +97 -0
  372. package/skills/cloudflare/references/workflows/patterns.md +245 -0
  373. package/skills/cloudflare/references/wrangler/README.md +143 -0
  374. package/skills/cloudflare/references/wrangler/api.md +188 -0
  375. package/skills/cloudflare/references/wrangler/configuration.md +198 -0
  376. package/skills/cloudflare/references/wrangler/gotchas.md +212 -0
  377. package/skills/cloudflare/references/wrangler/patterns.md +211 -0
  378. package/skills/cloudflare/references/zaraz/IMPLEMENTATION_SUMMARY.md +131 -0
  379. package/skills/cloudflare/references/zaraz/README.md +114 -0
  380. package/skills/cloudflare/references/zaraz/api.md +118 -0
  381. package/skills/cloudflare/references/zaraz/configuration.md +94 -0
  382. package/skills/cloudflare/references/zaraz/gotchas.md +88 -0
  383. package/skills/cloudflare/references/zaraz/patterns.md +77 -0
  384. package/skills/docker/SKILL.md +7 -101
  385. package/skills/docker/references/advanced-examples.md +71 -0
  386. package/skills/docker/references/templates.md +34 -0
  387. package/skills/docs-marketer/SKILL.md +178 -0
  388. package/skills/docs-marketer/references/audit-categories.md +328 -0
  389. package/skills/docs-marketer/references/copilot-docs-prompts.md +88 -0
  390. package/skills/docs-marketer/references/copilot-usage.md +16 -0
  391. package/skills/docs-marketer/references/feedback-loop.md +155 -0
  392. package/skills/docs-marketer/references/multi-pass-docs-protocol.md +410 -0
  393. package/skills/drizzle-orm/SKILL.md +82 -0
  394. package/skills/durable-objects/SKILL.md +167 -0
  395. package/skills/durable-objects/references/advanced_features.md +29 -0
  396. package/skills/durable-objects/references/rules.md +300 -0
  397. package/skills/durable-objects/references/testing.md +261 -0
  398. package/skills/durable-objects/references/workers.md +336 -0
  399. package/skills/gcp/SKILL.md +37 -0
  400. package/skills/github-actions/SKILL.md +5 -58
  401. package/skills/github-actions/references/templates.md +65 -0
  402. package/skills/github-commander/SKILL.md +13 -21
  403. package/skills/github-commander/workflows/copilot-audit.md +12 -12
  404. package/skills/github-copilot-cli/SKILL.md +21 -26
  405. package/skills/github-repo-setup/SKILL.md +136 -0
  406. package/skills/github-repo-setup/references/community-standards.md +136 -0
  407. package/skills/github-repo-setup/references/github-automation.md +490 -0
  408. package/skills/github-repo-setup/references/inline-templates.md +205 -0
  409. package/skills/github-repo-setup/references/project-config.md +320 -0
  410. package/skills/gitlab/SKILL.md +7 -2
  411. package/skills/gitlab/package-lock.json +389 -389
  412. package/skills/golang/SKILL.md +8 -1
  413. package/skills/graphql/SKILL.md +30 -0
  414. package/skills/hono/SKILL.md +82 -0
  415. package/skills/journal-optimizer/SKILL.md +206 -0
  416. package/skills/journal-optimizer/references/optimizer-scripts.md +169 -0
  417. package/skills/llm-app-engineering/SKILL.md +18 -0
  418. package/skills/monorepo/SKILL.md +56 -0
  419. package/skills/multi-agent-orchestration/SKILL.md +14 -0
  420. package/skills/mysql/SKILL.md +6 -2
  421. package/skills/next-best-practices/SKILL.md +86 -0
  422. package/skills/next-best-practices/references/cache-components-examples.md +234 -0
  423. package/skills/next-best-practices/references/cache-components.md +210 -0
  424. package/skills/next-best-practices/references/upgrade-decision-tree.md +33 -0
  425. package/skills/next-best-practices/references/upgrade.md +43 -0
  426. package/skills/next-cache-components/SKILL.md +441 -0
  427. package/skills/next-upgrade/SKILL.md +43 -0
  428. package/skills/next-upgrade/references/decision-tree.md +33 -0
  429. package/skills/nodejs/SKILL.md +46 -0
  430. package/skills/opentelemetry/SKILL.md +62 -0
  431. package/skills/package.json +39 -4
  432. package/skills/playwright-standard/SKILL.md +6 -11
  433. package/skills/playwright-standard/references/locators.md +7 -0
  434. package/skills/postgres/SKILL.md +6 -1
  435. package/skills/python/SKILL.md +8 -70
  436. package/skills/python/references/advanced-patterns.md +37 -0
  437. package/skills/python/references/config-templates.md +48 -0
  438. package/skills/rag-pipelines/SKILL.md +14 -0
  439. package/skills/redis/SKILL.md +31 -0
  440. package/skills/render/SKILL.md +35 -0
  441. package/skills/rust/SKILL.md +15 -25
  442. package/skills/rust/references/borrow-checker.md +13 -0
  443. package/skills/rust/references/ecosystem.md +11 -0
  444. package/skills/sandbox-sdk/SKILL.md +186 -0
  445. package/skills/sandbox-sdk/references/api-quick-ref.md +113 -0
  446. package/skills/sandbox-sdk/references/examples.md +52 -0
  447. package/skills/shadcn-ui/SKILL.md +22 -57
  448. package/skills/skill-builder/SKILL.md +23 -424
  449. package/skills/skill-builder/references/tutorial.md +457 -0
  450. package/skills/sqlite/SKILL.md +16 -5
  451. package/skills/table.md +59 -0
  452. package/skills/tailwind-css/SKILL.md +11 -60
  453. package/skills/tailwind-css/references/component-patterns.md +52 -0
  454. package/skills/trpc/SKILL.md +56 -0
  455. package/skills/typescript/SKILL.md +30 -433
  456. package/skills/typescript/references/tutorial.md +453 -0
  457. package/skills/vercel-ai-sdk/SKILL.md +48 -0
  458. package/skills/vitest-standard/SKILL.md +5 -11
  459. package/skills/vitest-standard/references/assertions.md +11 -0
  460. package/skills/web-perf/SKILL.md +207 -0
  461. package/skills/workers-best-practices/SKILL.md +120 -0
  462. package/skills/workers-best-practices/references/anti-patterns.md +18 -0
  463. package/skills/workers-best-practices/references/review.md +174 -0
  464. package/skills/workers-best-practices/references/rules.md +485 -0
  465. package/skills/wrangler/SKILL.md +43 -0
  466. package/skills/wrangler/references/cli-commands.md +861 -0
  467. package/skills/zod/SKILL.md +48 -0
  468. package/dist/tools-P4VGG4FH.js +0 -1
  469. package/skills/react-best-practices/AGENTS.md +0 -2883
  470. package/skills/react-best-practices/SKILL.md +0 -138
  471. /package/skills/{react-best-practices → next-best-practices}/README.md +0 -0
  472. /package/skills/{react-best-practices → next-best-practices}/metadata.json +0 -0
  473. /package/skills/{react-best-practices → next-best-practices}/rules/_sections.md +0 -0
  474. /package/skills/{react-best-practices → next-best-practices}/rules/_template.md +0 -0
  475. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-event-handler-refs.md +0 -0
  476. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-init-once.md +0 -0
  477. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-use-latest.md +0 -0
  478. /package/skills/{react-best-practices → next-best-practices}/rules/async-api-routes.md +0 -0
  479. /package/skills/{react-best-practices → next-best-practices}/rules/async-defer-await.md +0 -0
  480. /package/skills/{react-best-practices → next-best-practices}/rules/async-dependencies.md +0 -0
  481. /package/skills/{react-best-practices → next-best-practices}/rules/async-parallel.md +0 -0
  482. /package/skills/{react-best-practices → next-best-practices}/rules/async-suspense-boundaries.md +0 -0
  483. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-barrel-imports.md +0 -0
  484. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-conditional.md +0 -0
  485. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-defer-third-party.md +0 -0
  486. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-dynamic-imports.md +0 -0
  487. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-preload.md +0 -0
  488. /package/skills/{react-best-practices → next-best-practices}/rules/client-event-listeners.md +0 -0
  489. /package/skills/{react-best-practices → next-best-practices}/rules/client-localstorage-schema.md +0 -0
  490. /package/skills/{react-best-practices → next-best-practices}/rules/client-passive-event-listeners.md +0 -0
  491. /package/skills/{react-best-practices → next-best-practices}/rules/client-swr-dedup.md +0 -0
  492. /package/skills/{react-best-practices → next-best-practices}/rules/js-batch-dom-css.md +0 -0
  493. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-function-results.md +0 -0
  494. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-property-access.md +0 -0
  495. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-storage.md +0 -0
  496. /package/skills/{react-best-practices → next-best-practices}/rules/js-combine-iterations.md +0 -0
  497. /package/skills/{react-best-practices → next-best-practices}/rules/js-early-exit.md +0 -0
  498. /package/skills/{react-best-practices → next-best-practices}/rules/js-hoist-regexp.md +0 -0
  499. /package/skills/{react-best-practices → next-best-practices}/rules/js-index-maps.md +0 -0
  500. /package/skills/{react-best-practices → next-best-practices}/rules/js-length-check-first.md +0 -0
  501. /package/skills/{react-best-practices → next-best-practices}/rules/js-min-max-loop.md +0 -0
  502. /package/skills/{react-best-practices → next-best-practices}/rules/js-set-map-lookups.md +0 -0
  503. /package/skills/{react-best-practices → next-best-practices}/rules/js-tosorted-immutable.md +0 -0
  504. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-activity.md +0 -0
  505. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-animate-svg-wrapper.md +0 -0
  506. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-conditional-render.md +0 -0
  507. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-content-visibility.md +0 -0
  508. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hoist-jsx.md +0 -0
  509. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hydration-no-flicker.md +0 -0
  510. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hydration-suppress-warning.md +0 -0
  511. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-svg-precision.md +0 -0
  512. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-usetransition-loading.md +0 -0
  513. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-defer-reads.md +0 -0
  514. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-dependencies.md +0 -0
  515. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-derived-state-no-effect.md +0 -0
  516. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-derived-state.md +0 -0
  517. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-functional-setstate.md +0 -0
  518. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-lazy-state-init.md +0 -0
  519. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-memo-with-default-value.md +0 -0
  520. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-memo.md +0 -0
  521. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-move-effect-to-event.md +0 -0
  522. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-simple-expression-in-memo.md +0 -0
  523. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-transitions.md +0 -0
  524. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-use-ref-transient-values.md +0 -0
  525. /package/skills/{react-best-practices → next-best-practices}/rules/server-after-nonblocking.md +0 -0
  526. /package/skills/{react-best-practices → next-best-practices}/rules/server-auth-actions.md +0 -0
  527. /package/skills/{react-best-practices → next-best-practices}/rules/server-cache-lru.md +0 -0
  528. /package/skills/{react-best-practices → next-best-practices}/rules/server-cache-react.md +0 -0
  529. /package/skills/{react-best-practices → next-best-practices}/rules/server-dedup-props.md +0 -0
  530. /package/skills/{react-best-practices → next-best-practices}/rules/server-parallel-fetching.md +0 -0
  531. /package/skills/{react-best-practices → next-best-practices}/rules/server-serialization.md +0 -0
package/skills/agents-sdk/references/mcp/references/implementation-guide.md ADDED
@@ -0,0 +1,507 @@
1
+ ---
2
+ name: mcp-builder
3
+ description: |
4
+ Guide for creating high-quality MCP (Model Context Protocol) servers that
5
+ enable LLMs to interact with external services through well-designed tools.
6
+ Use when building MCP servers, designing tool schemas, implementing error
7
+ handling for agent consumption, adding OAuth or HTTP transport, or when the
8
+ user asks about MCP protocol compliance, tool annotations, output schemas,
9
+ or connecting AI to external APIs using Node/TypeScript (MCP SDK). Also use
10
+ when reviewing existing MCP server code for best practices.
11
+ ---
12
+
13
+ # MCP Server Development Guide
14
+
15
+ Create MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools.
16
+
17
+ ## Quick Reference Checklist
18
+
19
+ Scannable compliance table — see full sections below for details.
20
+
21
+ | Area | Required Pattern | Section |
22
+ | ----------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------- |
23
+ | Error handling | `ErrorCategory` enum (9), `{Server}McpError` base + 6 subclasses, single `formatHandlerError()` | §2.2.2 |
24
+ | Error auto-refinement | Constructor auto-refines generic codes → specific codes (e.g., `DB_QUERY_FAILED` → `TABLE_NOT_FOUND`) | §2.2.2 |
25
+ | Engine-specific error parser | Dedicated `error-parser.ts` maps DB-native error codes to structured errors (complementary to auto-refinement) | §2.2.2 |
26
+ | ErrorFieldsMixin | 6-field Zod mixin (`error`, `code`, `category`, `suggestion`, `recoverable`, `details`) on every `outputSchema` | §2.2.2 |
27
+ | `structuredContent` on errors | Error responses set `structuredContent` when tool has `outputSchema` | §2.2.2 |
28
+ | Success-path fields | All `.optional()` so error responses pass `outputSchema` validation | §2.2.2 |
29
+ | Input coercion | `z.preprocess(coerceNumber, ...)` (preferred) or `z.coerce.number()` + NaN guards for numerics | §2.3.1 |
30
+ | Limit coercion | `coerceLimit(raw, default)` + `buildLimitClause()` + `DEFAULT_QUERY_LIMIT` in `utils/query-helpers.ts` | §2.3.1 |
31
+ | `.partial().passthrough()` or dual-schema | Dual-schema (`XxxSchema` + `XxxSchemaMcp`) preferred; `.partial().passthrough()` for adapter servers | §2.3.2 |
32
+ | Existence validation | Proactive `validateTableExists/Column/Columns()` before DML | §2.3.3 |
33
+ | WHERE clause validation | Mandatory `validateWhereClause()` for all SQL interpolation tools | §2.3.4 |
34
+ | FTS config validation | `validateFtsConfig()` prevents SQL injection via FTS configuration names | §2.3.4 |
35
+ | Idempotent reporting | `alreadyExists: true` flag distinguishing created from no-op | §2.3.5 |
36
+ | Resource annotations | Centralized presets (`HIGH_PRIORITY`, `MEDIUM_PRIORITY`, etc.) in `utils/resource-annotations.ts` | §2.3 |
37
+ | Payload optimization | Use YAML/key-value instead of JSON for resource text payloads to save 20-30% tokens | §1.1 |
38
+ | Progress notifications | `sendProgress(ctx, current, total?, message?)` for long-running tools | §2.3 |
39
+ | Tool naming | `snake_case`, 1-128 chars, unique within server | §1.1 |
40
+ | Tool annotations | `readOnlyHint`, `destructiveHint`, `idempotentHint`, `openWorldHint` | §2.3 |
41
+ | Tool `title` | Human-readable display name on every tool | §2.3 |
42
+ | Tool icons | CDN-hosted SVG per tool group, attached at aggregation point | §2.4 |
43
+ | `outputSchema` + `structuredContent` | Co-located `schemas.ts` per group (non-adapter) or `schemas/` directory (adapter), `ErrorFieldsMixin.shape` extension | §2.3.6 |
44
+ | File naming | Kebab-case for all source files and directories (e.g., `database-adapter.ts`, `tool-filter.ts`) | §2.1 |
45
+ | HTTP security headers | 7 headers on every response (CSP, HSTS opt-in, X-Frame-Options, etc.) | §2.2.1 |
46
+ | Rate limiting | Built-in `Map<string, {count, resetTime}>`, health endpoint exempt, `.unref()` timers | §2.2.1 |
47
+ | Server timeouts | 120s request, 65s keep-alive, 66s headers | §2.2.1 |
48
+ | Body size limit | 1 MB default, configurable, 413 on excess | §2.2.1 |
49
+ | CORS | Deny-all default (`[]`), explicit `--cors-origin` for cross-origin access | §2.2.1 |
50
+ | DNS rebinding | `localhostHostValidation()` middleware from SDK ≥1.24.0 | §2.2.1 |
51
+ | 404 handler | `{ error: "Not found" }`, no stack traces | §2.2.1 |
52
+ | OAuth 2.1 | `src/auth/` — 11 files, opt-in, see [`oauth-reference.md`](./oauth-reference.md) | §2.2.0 |
53
+ | Code Mode | `src/codemode/` — 10 files, for servers with 15+ tools, see [`code-mode-reference.md`](./code-mode-reference.md) | §1.1 |
54
+ | Smart tool filtering | `--tool-filter` flag with predefined bundles for 50+ tool servers | §1.1 |
55
+ | Help Resources | Pull-based `{prefix}://help` + `{prefix}://help/{group}`, filtered by `--tool-filter` | §1.1 |
56
+ | FTS5 search | `content=` sync mode, `porter unicode61`, `bm25()` ranking, LIKE fallback | §1.1 |
57
+ | File size limits | ~500-600 lines per source file, split into sub-directories | §2.1 |
58
+ | Server extraction | Resources + prompts into `server/registration.ts` when main file >400 lines | §2.1 |
59
+ | Build tooling | `tsup` (esbuild) for production, `tsc --noEmit` for type checking | §2.1 |
60
+ | SHA-pinned CI | All GitHub Actions by SHA digest, not version tag | §3.1 |
61
+ | Dual-protocol HTTP | Streamable HTTP (`/mcp`) + Legacy SSE (`/sse`) on same port | §2.2.1 |
62
+ | Testing strategy | 4-layer model: Vitest unit (+ invariants) → Playwright E2E (+ zod sweeps) → Node.js integration → agent-driven | §3.2 |
63
+ | Protocol compliance testing | Invariant tests verify annotation coverage, `outputSchema` presence, `openWorldHint` correctness | §3.2 |
64
+ | Automated stewardship | Agentic workflows for deps, docs drift, CI health, entity cleanup | Phase 4 |
65
+ | Prompt `argsSchema` | Omit for zero-arg or all-optional prompts (SDK parses `undefined` as failure) | §1.4 |
66
+ | Briefing system | `{prefix}://briefing` resource for session initialization with modular sections | §1.1 |
67
+ | Instruction levels | `--instruction-level` flag (`essential`, `standard`, `full`) for token-constrained environments | §1.1 |
68
+ | Team DB / multi-database | Separate database with author attribution, mirrored `team_` prefixed tools, cross-DB merge | §2.2.3 |
69
+ | Token efficiency | Inject `_meta.tokenEstimate` (or `metrics.tokenEstimate` in Code Mode) into payload | §1.1 |
70
+ | Audit trails & Snapshots | Async-buffered JSONL logger, `AuditInterceptor` scope filtering, CLI/env config, `recent()` tail-read | §2.2.4 |
71
+ | Log rotation | Max size configuration (e.g. 10MB) keeping up to 5 historical archives (`.1` through `.5`) | §2.2.4 |
72
+ | Progress-path parity | Both cached and progress-token `callTool()` paths must apply identical interceptor wrapping | §2.2.4 |
73
+ | Frozen prototypes | Code Mode sandbox freezes all built-in prototypes (`Object`, `Function`, `Error`, etc.) | §2.2.1 |
74
+ | Fail-closed scope | `getRequiredScope()` defaults to `'admin'` for unmapped tools (`?? 'admin'`, not `'read'`) | §2.2.0 |
75
+ | Constant-time token | `crypto.timingSafeEqual` for simple bearer token validation — never raw `===` | §2.2.1 |
76
+ | JWT claims sanitization | Filter `__proto__`, `constructor`, `prototype` from JWT payload before spreading | §2.2.1 |
77
+ | Path traversal validation | `validateSameDirPath()` for tools that write files (backup, dump, restore, attach) | §2.2.1 |
78
+ | Filesystem boundaries | `ALLOWED_IO_ROOTS` fail-closed allowlist for file I/O tools | §2.2.1 |
79
+ | Subquery blocking | `(SELECT` pattern in WHERE clause `DANGEROUS_PATTERNS` blocklist | §2.2.1 |
80
+ | Sandbox escape patterns | `Reflect.*`, `Symbol.*`, `new Proxy` in Code Mode blocked patterns | §2.2.1 |
81
+ | Bearer auth scope warning | Startup warning when `--auth-token` used without OAuth (no per-tool scope enforcement) | §2.2.0 |
82
+
83
+ ---
84
+
85
+ ## Phase 1: Research and Planning
86
+
87
+ ### 1.1 Understand Modern MCP Design
88
+
89
+ **API Coverage vs. Workflow Tools:** Balance comprehensive API endpoint coverage with specialized workflow tools. When uncertain, prioritize comprehensive API coverage.
90
+
91
+ > [!TIP]
92
+ > LLM tool selection accuracy degrades with excessive tools. For 50+ tool
93
+ > servers, always implement `--tool-filter` and/or Code Mode to keep the
94
+ > active tool set manageable. Prefer focused, goal-oriented tools over raw
95
+ > endpoint wrappers.
96
+
97
+ **Code Mode (Standard for 15+ tool servers):** Sandboxed JS execution tool (e.g., `mj_execute_code`) exposing all tools as a namespaced API. **Must use true V8 isolates via `worker_threads`** for secure CPU/memory boundaries, not just the `node:vm` module. Enables 70-90% token reduction for multi-step operations. Named `{server_prefix}_execute_code`. Exposes `{prefix}.reportProgress(current, total, message)` utility for sandboxed code to emit MCP progress notifications.
98
+
99
+ > See [`code-mode-reference.md`](./code-mode-reference.md) for architecture, file structure, security requirements, API bridge strategy, pitfalls, and testing patterns.
100
+
101
+ **When to implement:** 15+ tools or 3+ tool groups; agents commonly chain 3+ calls; tool definition tokens consume significant context.
102
+
103
+ **Tool Naming (MCP 2025-11-25):** 1-128 characters, `A-Za-z0-9_-.`, case-sensitive, unique within server. Use consistent `snake_case` prefixes (e.g., `github_create_issue`).
104
+
105
+ **Smart Tool Filtering:** For 50+ tool servers, implement `--tool-filter` flag with predefined bundles. Complementary to Code Mode.
106
+
107
+ **Error Handling (Standard):** Every tool must return structured `ErrorResponse` — never throw raw exceptions. See §2.2.2 for the full pattern.
108
+
109
+ ```typescript
110
+ interface ErrorResponse {
111
+ success: false
112
+ error: string // Human-readable message
113
+ code: string // Machine-readable (e.g., 'TABLE_NOT_FOUND')
114
+ category: ErrorCategory // 9 categories: validation, connection, query, permission, config, resource, authentication, authorization, internal
115
+ suggestion?: string // Actionable fix hint
116
+ recoverable: boolean // true = user-fixable
117
+ details?: unknown
118
+ }
119
+ ```
120
+
121
+ **Observability Resources:** Use MCP `Resources` to expose system state snapshots (health, schemas, connections) — immediate context without tool call tokens.
122
+
123
+ **Token-Optimized Payloads:** Standard JSON is highly inefficient for LLM context windows because `{`, `}`, `"`, and `,` consume substantial tokens. While the MCP protocol natively transports JSON-RPC over the wire, the actual `text` content returned by resources (or large tool outputs) should be explicitly serialized as **YAML** or concise key-value text. This simple format switch saves 20-30% of tokens compared to `JSON.stringify()`. Additionally, every tool response should include a `_meta.tokenEstimate` field (`metrics.tokenEstimate` in Code Mode) using a ~4 bytes/token heuristic so the agent can monitor its context window usage proactively.
124
+
125
+ **Pull-Based Help Resources (Standard):** Replace push-based tiered instructions with on-demand help resources. The server sends a slim instructions payload (~680 chars) pointing agents to help resources, instead of a token-consuming dump.
126
+
127
+ **Three approaches** (dynamic preferred, hybrid as alternative, build-time for custom prose):
128
+
129
+ **Approach A — Dynamic (Preferred):** Runtime-generated help from live tool definitions. Content stays in sync automatically — no build step, no stale content risk.
130
+
131
+ | Component | Purpose |
132
+ | ---------------------------- | ------------------------------------------------------ |
133
+ | `handlers/resources/help.ts` | Generates help resources from live `getTools()` output |
134
+ | `{prefix}://help` | Root resource — lists all groups with tool counts |
135
+ | `{prefix}://help/{group}` | Per-group reference with parameters and annotations |
136
+
137
+ The help handler introspects Zod schemas at runtime to extract parameter names, types, required/optional status, and descriptions. No separate content files needed.
138
+
139
+ > [!IMPORTANT]
140
+ > **`group` field workaround:** The MCP SDK's `ToolRegistration` type doesn't include a `group` field — it's internal to `ToolDefinition`. Help resources need group info but can't import the internal tool registry (circular dep). Solution: maintain an `inferGroupFromName()` mapper with prefix-based rules (`team_*` → `team`, `mj_*` → `codemode`) and an explicit map for the remaining tools. Keep this map in sync when adding tools — an invariant test can verify coverage.
141
+
142
+ **Approach B — Hybrid (Single Source + Runtime Generation):** Single markdown source file with a runtime `generateInstructions()` function that produces tiered, filter-aware output. Tool reference is still served dynamically via `{prefix}://help/{group}`. Best for servers with behavioral guidance that varies by instruction level and enabled tool groups.
143
+
144
+ | Component | Purpose |
145
+ | -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
146
+ | `src/constants/server-instructions.md` | Single source markdown with 6 section markers (`CORE`, `COPILOT`, `CODE_MODE`, `GITHUB`, `HELP_POINTERS`, `SERVER_ACCESS`) |
147
+ | `npm run generate:instructions` | Parses `.md` sections → emits composable TS constants + builder functions |
148
+ | `src/constants/server-instructions.ts` | `generateInstructions(enabledTools, prompts, latestEntry, level, enabledGroups?)` + `GOTCHAS_CONTENT` + composable builders |
149
+ | `handlers/resources/help.ts` | Dynamic help from live tool definitions (same as Approach A) |
150
+ | `{prefix}://help/gotchas` | Gotchas resource served from `GOTCHAS_CONTENT` |
151
+
152
+ The `generateInstructions()` function accepts an optional `enabledGroups?: Set<ToolGroup>` parameter (derived from `getEnabledGroups(enabledTools)` if omitted, for backward compat) and conditionally includes sections:
153
+
154
+ - **Code Mode section + namespace table** — only when `codemode` group is enabled; namespace table rows filtered to enabled groups only
155
+ - **Copilot Review Patterns** — only when `github` group is enabled
156
+ - **GitHub Integration** (standard+ level) — only when `github` group is enabled
157
+ - **Quick Access `semantic_search` row** — only when `search` group is enabled
158
+
159
+ This avoids sending agents instructions for tools they can't use. Callers in `mcp-server.ts` and the `{prefix}://instructions` resource handler compute `enabledGroups` from the filter config and pass it through.
160
+
161
+ **Approach C — Build-Time:** For servers needing custom prose per group (e.g., detailed usage guides beyond auto-generated parameter lists).
162
+
163
+ | Component | Purpose |
164
+ | ------------------------------------ | ---------------------------------------------------------------------------------------------- |
165
+ | `src/constants/server-instructions/` | Per-group `.md` source files (human-readable) + `gotchas.md` (always-available reference) |
166
+ | `npm run generate:instructions` | Builds `HELP_CONTENT` map from source `.md` files, composable `CORE_INSTRUCTIONS` + builders |
167
+ | `server-instructions.ts` | Exported `generateInstructions(enabledGroups, level, toolCount?)` + `HELP_CONTENT` ReadonlyMap |
168
+ | `{prefix}://help` | Root resource — lists all available groups |
169
+ | `{prefix}://help/{group}` | Per-group reference (e.g., `sqlite://help/json`) |
170
+
171
+ **Key behaviors (all approaches):**
172
+
173
+ - Help resources are **filtered by `--tool-filter`** — only enabled groups get help resources registered
174
+ - The `instructions` field in the server capability contains a slim pointer, not the full content
175
+ - Agents discover capabilities on-demand via resources, not via upfront token dump
176
+ - Include a `{prefix}://help/gotchas` resource for common pitfalls and critical usage patterns
177
+
178
+ **MCP `instructions` field:** Pass the slim generated string to the server's `instructions` capability so clients receive it during `initialize`.
179
+
180
+ **FTS5 Full-Text Search (Database Servers):** Use SQLite FTS5 instead of `LIKE '%query%'`:
181
+
182
+ - `content=` sync mode with INSERT/UPDATE/DELETE triggers
183
+ - `porter unicode61` tokenizer, `bm25()` ranking
184
+ - Phrase queries, prefix matching, boolean operators
185
+ - Try/catch with LIKE fallback on syntax errors
186
+ - Auto-populate on first migration via `rebuild` command
187
+
188
+ **Briefing System (Standard for stateful servers):** Implement a `{prefix}://briefing` resource for session initialization. The briefing assembles modular sections (journal context, GitHub context, user message) into a structured snapshot (~300 tokens) that agents read at session start.
189
+
190
+ **Architecture:**
191
+
192
+ | Component | Purpose |
193
+ | ----------------------------------------------------- | --------------------------------------------------- |
194
+ | `handlers/resources/core/briefing/index.ts` | Assembles all sections, respects instruction level |
195
+ | `handlers/resources/core/briefing/context-section.ts` | Domain-specific context (entry count, recent data) |
196
+ | `handlers/resources/core/briefing/github-section.ts` | External integration status (repo, CI, issues, PRs) |
197
+ | `handlers/resources/core/briefing/user-message.ts` | User-facing message (rules file, skills awareness) |
198
+
199
+ **Key behaviors:**
200
+
201
+ - Returns structured `data` object + human-readable `userMessage` (formatted as a bullet list of key facts)
202
+ - Respects instruction levels to control depth: `essential` (~100 tokens), `standard` (~300), `full` (~500)
203
+ - Each section is a separate file for maintainability — add sections without modifying existing ones
204
+ - Agent should read `{prefix}://briefing` before processing any user request
205
+
206
+ **Briefing Configuration:** Expose env vars / CLI flags for fine-grained briefing control. Each flag has a corresponding `{PREFIX}_*` environment variable. Store as a `BriefingConfig` interface and pass through context:
207
+
208
+ | Flag / Env Var | Default | Purpose |
209
+ | -------------------------------------------------------- | ---------- | -------------------------------------------- |
210
+ | `--briefing-entries` / `BRIEFING_ENTRY_COUNT` | 3 | Journal entries included in briefing |
211
+ | `BRIEFING_INCLUDE_TEAM` | `false` | Include team DB entries |
212
+ | `BRIEFING_ISSUE_COUNT` | 0 | Issues to list (`0` = count only) |
213
+ | `BRIEFING_PR_COUNT` | 0 | PRs to list (`0` = count only) |
214
+ | `BRIEFING_PR_STATUS` | `false` | Show PR status breakdown |
215
+ | `BRIEFING_WORKFLOW_COUNT` | 0 | Workflow runs to list |
216
+ | `BRIEFING_WORKFLOW_STATUS` | `false` | Show workflow status breakdown |
217
+ | `BRIEFING_COPILOT_REVIEWS` | `false` | Aggregate Copilot review state |
218
+ | `--rules-file` / `RULES_FILE_PATH` | — | Path to user rules file for agent awareness |
219
+ | `--skills-dir` / `SKILLS_DIR_PATH` | — | Path to skills directory for agent awareness |
220
+ | `--workflow-summary` / `MEMORY_JOURNAL_WORKFLOW_SUMMARY` | — | Free-text workflow summary |
221
+ | `--instruction-level` / `INSTRUCTION_LEVEL` | `standard` | Briefing depth tier |
222
+
223
+ **Instruction Levels:** Implement `--instruction-level` flag (or `{PREFIX}_INSTRUCTION_LEVEL` env var) with three tiers:
224
+
225
+ - **`essential`** — Minimal context, lowest token cost. Suitable for fast single-turn queries
226
+ - **`standard`** (default) — Balanced context with key stats, GitHub status, and recent activity
227
+ - **`full`** — Complete information dump including detailed breakdowns and extended history
228
+
229
+ **Instructions Generation:** Three approaches:
230
+
231
+ | Approach | Pros | Cons |
232
+ | ----------------------------------------------------------- | ----------------------------------------------------------------- | -------------------------------------------------- |
233
+ | **Per-group `.md` source files** + build step | Human-editable, git-diffable | Requires `npm run generate:instructions` |
234
+ | **Single-source `.md`** + `generateInstructions()` (Hybrid) | Tiered + filter-aware output, gotchas export, composable sections | Requires build step to regenerate `.ts` from `.md` |
235
+ | **Dynamic only** (no source files) | Zero maintenance, always in sync | No custom prose, parameter-list only |
236
+
237
+ ### 1.4 Plan Your Implementation
238
+
239
+ **Understand the API:** Review the service's API documentation. Use web search and WebFetch as needed.
240
+
241
+ **Tool Selection:** Prioritize comprehensive API coverage. List endpoints to implement, starting with the most common operations.
242
+
243
+ **AI-Powered Prompts:** Plan guided, step-by-step prompt workflows for complex tasks (migrations, performance tuning).
244
+
245
+ **Prompt `argsSchema` Gotcha:** `z.object({focus: z.string().optional()}).parse(undefined)` fails with `MCP error -32602`. Fix:
246
+
247
+ ```typescript
248
+ // Zero args or ALL-optional → omit argsSchema entirely (SDK uses no-args callback)
249
+ server.registerPrompt('health_check', { description: '...' }, async () => handler({}, context))
250
+
251
+ // Has required args → set argsSchema
252
+ server.registerPrompt(
253
+ 'query_builder',
254
+ {
255
+ description: '...',
256
+ argsSchema: { tables: z.string(), operation: z.string() },
257
+ },
258
+ async (args) => handler(args, context)
259
+ )
260
+ ```
261
+
262
+ > [!CAUTION]
263
+ > Omitting `argsSchema` means `prompts/list` won't include argument metadata. Document optional parameters in the prompt `description` instead.
264
+
265
+ ---
266
+
267
+ ## Phase 2: Implementation
268
+
269
+ ### 2.1 Set Up Project Structure
270
+
271
+ **TypeScript SDK:** Fetch from https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.md. MCP spec: https://modelcontextprotocol.io/sitemap.xml (append `.md` for markdown).
272
+
273
+ **File Naming Convention:** All source files and directories use **kebab-case** (lowercase with dashes). Tests follow the same convention.
274
+
275
+ | Type | Example | Anti-pattern |
276
+ | --------- | ------------------------------------------------- | ------------------------------------- |
277
+ | Source | `database-adapter.ts`, `tool-filter.ts` | `DatabaseAdapter.ts`, `toolFilter.ts` |
278
+ | Test | `database-adapter.test.ts`, `tool-filter.test.ts` | `DatabaseAdapter.test.ts` |
279
+ | Directory | `json-operations/`, `sqlite-native/` | `jsonOperations/`, `SQLiteNative/` |
280
+
281
+ **File Modularity:** ~500-600 line soft limit. Proactively split into sub-directories with `index.ts` barrels. Group by functional cohesion.
282
+
283
+ **Server File Extraction:** When `mcp-server.ts` exceeds ~400 lines, extract resource and prompt registration into `server/registration.ts`.
284
+
285
+ **Build Tooling — tsup:** Replace `tsc` with `tsup` for production (tree-shaking, ~50% faster). Keep `tsc --noEmit` for type checking. Configure: `entry`, `format: ['esm']`, `target: 'node20'`, `clean: true`.
286
+
287
+ ### 2.2 Implement Core Infrastructure
288
+
289
+ - **API Client:** Secure auth, never hardcode secrets, prevent token passthrough.
290
+ - **Error Handling:** See §2.2.2 below.
291
+ - **Performance:** Connection pooling with health checks, metadata caching with configurable TTLs.
292
+ - **External API Caching:** Bounded TTL-aware LRU cache (max 100, 5-min TTL) for external APIs.
293
+ - **Access Control:** See §2.2.0 below.
294
+
295
+ #### 2.2.3 Team DB / Multi-Database Pattern (Optional)
296
+
297
+ For servers that support collaboration, implement a separate team database with shared state. The team DB uses the same schema as the personal DB but with author attribution.
298
+
299
+ **Architecture:**
300
+
301
+ - Separate SQLite file configured via `TEAM_DB_PATH` env var
302
+ - Mirrored tools with `team_` prefix (e.g., `team_create_entry`, `team_search`)
303
+ - `teamDb` and `teamVectorManager` passed through `ToolContext` alongside personal `db`/`vectorManager`
304
+ - Cross-DB merge with content-prefix deduplication when both DBs are queried
305
+ - Author resolution via `resolveAuthor()` utility (reads env vars or Git config)
306
+ - Graceful degradation — all `team_*` tools return structured `TEAM_DB_NOT_CONFIGURED` error when `TEAM_DB_PATH` is unset
307
+ - Team tools split into `handlers/tools/team/` subdirectory mirroring personal tool groups
308
+
309
+ #### 2.2.0 OAuth 2.1 + HTTP Transport Hardening
310
+
311
+ > See [`references/http-security.md`](references/http-security.md) for OAuth 2.1 authentication, HTTP transport hardening (7 security headers, rate limiting, CORS, DNS rebinding, dual-protocol), server timeouts, and CVE-2026-25536 mitigation.
312
+ >
313
+ > See [`oauth-reference.md`](./oauth-reference.md) for the full OAuth module structure, RFC compliance, scope model, and 8-file test suite.
314
+
315
+ #### 2.2.2 Enriched Error Handling Infrastructure
316
+
317
+ > See [`references/error-handling.md`](references/error-handling.md) for the full error handling infrastructure: `{Server}McpError` base class with auto-refinement, 6 standard subclasses, `formatHandlerError()` formatter, `ErrorFieldsMixin`, `structuredContent` on errors, and `outputSchema` pitfalls.
318
+ >
319
+ > **Key rule:** Every handler catch block uses `return formatHandlerError(error)` — never re-wrap the result. Input validation errors are Tool Execution Errors (`isError: true`), not Protocol Errors.
320
+
321
+ #### 2.2.4 Audit Logging and Snapshots
322
+
323
+ For database and infrastructure servers, implement an enterprise-grade audit subsystem:
324
+
325
+ **Architecture:**
326
+
327
+ - **Async-Buffered JSONL Logger**: Use a buffered writer (e.g., 50-entry high-water mark, 100ms auto-flush interval) to avoid blocking the tool execution path. The logger should be non-throwing — audit failures log to stderr but never propagate to callers.
328
+ - **AuditConfig Type**: Define a typed config (`enabled`, `logPath`, `redact`, `auditReads`, `maxSizeBytes`) constructed from CLI flags + env vars at startup.
329
+ - **AuditInterceptor**: Scope-based filter that wraps tool execution. Write/admin tools are audited by default; read tools are opt-in via `--audit-reads`. Each entry captures: tool name, scope, category, args (unless redacted), duration, token estimate, success/error status, user, and scopes.
330
+ - **Lifecycle**: The logger must support graceful `close()` that flushes the remaining buffer before process exit.
331
+
332
+ **CLI / Environment Integration:**
333
+
334
+ | Flag | Env Var | Default | Purpose |
335
+ | ---------------------- | -------------------- | ---------- | ------------------------------------------------- |
336
+ | `--audit-log <path>` | `AUDIT_LOG_PATH` | — | Enable audit logging; `stderr` for container mode |
337
+ | `--audit-redact` | `AUDIT_REDACT` | `false` | Omit tool arguments from log entries |
338
+ | `--audit-reads` | `AUDIT_READS` | `false` | Include read-scope tool calls |
339
+ | `--audit-log-max-size` | `AUDIT_LOG_MAX_SIZE` | `10485760` | Max file size before rotation (bytes) |
340
+
341
+ **Log Rotation:** Max size configurable (e.g., 10MB), keep 5 historical archives (`.1` through `.5`). Rotation triggered on flush when size threshold exceeded.
342
+
343
+ **Resource Tail-Read:** Implement a `recent(n)` method using a 64KB reverse-seek window for O(1) access to the last N entries, instead of reading the entire JSONL file.
344
+
345
+ **Audit Resource:** Expose `{prefix}://audit` returning the last 50 entries + session summary (total tokens, error count, total duration). Use `ASSISTANT_FOCUSED` annotation.
346
+
347
+ > [!WARNING]
348
+ > **Progress-Path Bypass:** If your `callTool()` has a separate code path for progress-token calls that rebuilds handlers from `getAllToolDefinitions()`, those fresh handlers bypass the cached instrumented handlers. Both the cached path AND the progress path must apply identical metrics + audit interceptor wrapping. This is a critical integration bug that causes silent data loss — the audit system appears configured but no entries are written.
349
+
350
+ **Pre-Mutation Snapshots** (database servers only): Before executing destructive or administrative mutations (caught via the `AuditInterceptor`), capture `.tar.gz` compressed DDL snapshots. Include metadata, schema DDL, and optionally row samples, tracking the snapshot generation latency.
351
+
352
+ ### 2.3 Implement Tools
353
+
354
+ **Tool Definition Fields (MCP 2025-11-25):** `name`, `title` (human-readable), `description`, `icons` (§2.4), `inputSchema` (JSON Schema 2020-12), `outputSchema`, `annotations`, `execution` (optional `taskSupport`).
355
+
356
+ **Input Schema:** Zod with constraints and descriptions. For no-param tools: `{ "type": "object", "additionalProperties": false }`. `inputSchema` must not be `null`.
357
+
358
+ **Output Schema:** Define where possible, use `structuredContent`. Return both text and structured data. Never echo secrets.
359
+
360
+ **Implementation:** Async/await, batch parallel queries, `formatHandlerError()` in every catch, pagination support. Sanitize all inputs against injection. Enforce least privilege.
361
+
362
+ **Annotations:** `readOnlyHint`, `destructiveHint`, `idempotentHint`, `openWorldHint`.
363
+
364
+ **`openWorldHint` semantics:**
365
+
366
+ - `false` — tool only accesses local resources (database, filesystem, in-memory state)
367
+ - `true` — tool makes external API calls (GitHub, Cloudflare, third-party services)
368
+ - Every tool must have an explicit `openWorldHint` value — verify 0 missing via `tools/list`
369
+
370
+ **Privacy & Security Annotations (MCP 2025-11-25):**
371
+
372
+ | Annotation | Values | When to Use |
373
+ | ----------------------- | --------------------------------- | ----------------------------------------------------------------------------- |
374
+ | `privateHint` | `boolean` | Tool accesses internal/private data (not necessarily sensitive) |
375
+ | `sensitiveHint` | `'low'` \| `'medium'` \| `'high'` | Data sensitivity level — clients should show warnings or require confirmation |
376
+ | `maliciousActivityHint` | `boolean` | Tool detected suspicious patterns in input/output |
377
+ | `attribution` | `Source[]` | Data provenance — list sources for responses containing third-party content |
378
+
379
+ > [!IMPORTANT]
380
+ > Servers are responsible for emitting privacy/security annotations — they have
381
+ > the most accurate context about their data. Clients must propagate and enforce them.
382
+ >
383
+ > **Adoption note:** These annotations (`privateHint`, `sensitiveHint`, `maliciousActivityHint`, `attribution`) are defined in the MCP 2025-11-25 spec but are not yet widely adopted by production servers. The practical required set remains `readOnlyHint`, `destructiveHint`, `idempotentHint`, and `openWorldHint`. Implement privacy/security annotations when your server handles genuinely sensitive data or third-party content requiring attribution.
384
+
385
+ **Resource Annotations:** Use centralized annotation presets in `utils/resource-annotations.ts`:
386
+
387
+ - `HIGH_PRIORITY` (`priority: 0.9`, audience: `['user', 'assistant']`) — critical state (health, schema, activity)
388
+ - `MEDIUM_PRIORITY` (`priority: 0.6`) — analysis/monitoring (performance, stats, indexes)
389
+ - `LOW_PRIORITY` (`priority: 0.4`) — supplementary (extension status, pool stats)
390
+ - `ASSISTANT_FOCUSED` (`priority: 0.5`, audience: `['assistant']`) — agent-only (capabilities, settings)
391
+ - Helpers: `withPriority(n, base?)`, `withTimestamp(base?)` for custom variants
392
+
393
+ **Progress Notifications:** For long-running tools, use `sendProgress()` from `utils/progress-utils.ts`. Build context via `buildProgressContext(requestContext)` — silently no-ops when the client doesn't request progress.
394
+
395
+ ```typescript
396
+ const progress = buildProgressContext(ctx)
397
+ for (let i = 0; i < tables.length; i++) {
398
+ await sendProgress(progress, i + 1, tables.length, `Processing ${tables[i]}`)
399
+ // ... work
400
+ }
401
+ ```
402
+
403
+ #### 2.3.1–2.3.6 Input Validation & Schema Patterns
404
+
405
+ > See [`references/error-handling.md`](references/error-handling.md) for all input validation patterns:
406
+ >
407
+ > - §Input Coercion — `z.preprocess` vs `z.coerce.number()`, coercion factories, `coerceLimit()`
408
+ > - §Schema Boundary — Dual-schema pattern (preferred) vs `.partial().passthrough()`
409
+ > - §Existence Validation — `validateTableExists/Column/Columns()` before DML
410
+ > - §WHERE Clause — SQL injection prevention via `validateWhereClause()`
411
+ > - §Idempotent Reporting — `alreadyExists` flag for create/drop operations
412
+ > - §Output Schema Architecture — Co-located `schemas.ts` vs top-level `schemas/` directory
413
+
414
+ ### Common Tool Design Anti-Patterns
415
+
416
+ | Anti-Pattern | Why It Fails | Fix |
417
+ | ---------------------------------- | ----------------------------------------------------- | --------------------------------------------------------------------- |
418
+ | **Kitchen-sink server** | 100+ tools overwhelm agent selection — accuracy drops | Use `--tool-filter` bundles, Code Mode, or split into focused servers |
419
+ | **Missing `openWorldHint`** | Agents can't assess security implications | Verify via invariant test: 0 tools with missing `openWorldHint` |
420
+ | **`readOnlyHint: true` on writes** | Agents bypass confirmation for destructive ops | Audit annotations match actual behavior |
421
+ | **Inline output schemas** | Schemas drift from handler reality, no reuse | Co-located `schemas.ts` or `schemas/` directory |
422
+ | **Swallowing errors** | Agent retries blindly, no diagnostic info | `formatHandlerError()` in every catch, structured error codes |
423
+ | **Echoing secrets** | API keys/tokens leak to conversation history | Never include credentials in tool output |
424
+ | **Generic error codes** | All errors return `INTERNAL` — agent can't triage | Use 9-category `ErrorCategory` with specific codes |
425
+
426
+ ### 2.4 Icons & Tool Registration (MCP 2025-11-25)
427
+
428
+ Tools, resources, prompts, and the server can include `icons: Icon[]` with `src` (URL/data URI), `mimeType`, `sizes`, `theme`.
429
+
430
+ **Pattern:** Central `icons.ts` mapping tool groups to CDN SVGs (e.g., jsDelivr + `@mdi/svg`). Attach at aggregation point, not in each tool file.
431
+
432
+ **`ToolDefinition` vs `ToolRegistration`:** Distinguish between internal and external tool types:
433
+
434
+ | Type | Contains | Used By |
435
+ | ------------------ | ------------------------------------------------------------------------------------------------ | ---------------------------------------------- |
436
+ | `ToolDefinition` | `name`, `title`, `description`, `group`, `handler`, `inputSchema`, `outputSchema`, `annotations` | Internal tool modules, `callTool()` dispatch |
437
+ | `ToolRegistration` | `name`, `title`, `description`, `inputSchema`, `outputSchema`, `annotations`, `icons` | External `getTools()` output, MCP `tools/list` |
438
+
439
+ Icons are attached in the `mapTool()` function that converts `ToolDefinition` → `ToolRegistration`. Handler files never import icon utilities — this keeps tool implementation decoupled from presentation.
440
+
441
+ ```typescript
442
+ // In getTools() — mapTool attaches icons and strips internal fields
443
+ const mapTool = (t: ToolDefinition): ToolRegistration => ({
444
+ name: t.name,
445
+ title: t.title,
446
+ description: t.description,
447
+ inputSchema: t.inputSchema,
448
+ ...(t.outputSchema !== undefined ? { outputSchema: t.outputSchema } : {}),
449
+ annotations: t.annotations,
450
+ icons: getToolIcon(t.group), // Icon lookup by group, not per-tool
451
+ })
452
+ ```
453
+
454
+ **SDK workaround** (type doesn't include `icons`):
455
+
456
+ ```typescript
457
+ const opts: Record<string, unknown> = { description: '...', icons: MY_ICONS }
458
+ server.registerTool('my_tool', opts as { description?: string }, handler)
459
+ ```
460
+
461
+ ### 2.5 Tasks API (MCP 2025-11-25 — Experimental)
462
+
463
+ Durable state machines for long-running operations (>30s). Tools declare `execution.taskSupport`: `"forbidden"` (default), `"optional"`, or `"required"`. Both server and client must declare `tasks` capability. Lifecycle: `running` → `completed` | `failed` | `cancelled`. Clients poll via `tasks/get` and `tasks/result`.
464
+
465
+ ---
466
+
467
+ ## Phase 3: Review and Test
468
+
469
+ > See [`references/testing-reference.md`](references/testing-reference.md) for the full 4-layer testing model (unit → E2E → integration → agent-driven), invariant tests, canonical E2E spec inventory, integration script conventions, and code quality patterns.
470
+
471
+ **Testing cadence per group:** invariant (vitest) → zod sweep (E2E) → payload correctness (E2E) → error paths (E2E).
472
+
473
+ **Key rules:**
474
+
475
+ - SHA-pinned CI Actions (by digest, not version tag)
476
+ - Version SSoT via `src/version.ts` (reads `package.json` at runtime)
477
+ - `JSON.stringify(result)` for tool responses (no pretty-print)
478
+ - Target ≥90% line coverage
479
+
480
+ ---
481
+
482
+ ## Phase 4: Automated Stewardship
483
+
484
+ For mature servers, set up agentic workflows via GitHub Copilot Coding Agent:
485
+
486
+ | Workflow | Trigger | Purpose |
487
+ | ---------------------- | ------- | ---------------------------------------- |
488
+ | Dependency maintenance | Weekly | npm + Docker dep updates, patch bump, PR |
489
+ | Docs drift detector | PR | Documentation accuracy audit |
490
+ | CI health monitor | Weekly | CI deprecation and action version checks |
491
+ | Entity cleanup | Daily | Expired/stale entity cleanup |
492
+
493
+ Document in `.github/workflows/README.md` with workflow map diagram.
494
+
495
+ ---
496
+
497
+ ## Reference Architecture
498
+
499
+ > See [`references/architecture-reference.md`](references/architecture-reference.md) for the canonical directory layout and structural rules (barrel exports, error hierarchy patterns, logger patterns, codemode API bridge patterns).
500
+
501
+ ---
502
+
503
+ ## Key Resources
504
+
505
+ - **MCP Specification:** https://modelcontextprotocol.io/sitemap.xml (append `.md` to any page URL for markdown)
506
+ - **TypeScript SDK:** https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.md
507
+ - **MCP Best Practices:** https://modelcontextprotocol.io/specification/draft/best-practices.md