projecta-rrr 1.21.0 → 1.21.2

package/CHANGELOG.md

@@ -4,6 +4,93 @@ All notable changes to RRR will be documented in this file.
 
 Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.21.2] - 2026-04-18
+
+**Integration fix — MCP tool surface now actually callable.**
+
+v1.21.0/1.21.1 shipped the tool implementations (Phase 76-02/03/04) but
+`server.js` never imported the tool-registry, so `createMcpServer()` returned
+a bare Server with zero handlers for `tools/list` / `tools/call`. Caught
+during live dogfood smoke against the deployed stack.
+
+### Fixed
+
+- **Wire tool-registry into server.js** — build registry once at boot with all
+  6 tools (`semantic_search`, `index_status`, `list_repos`, `search_sessions`,
+  `index_repo`, `sync_repo`) and shared deps (pool, Voyage client, BullMQ
+  queue, query-embed cache). Logs integrity-hash for debugging.
+- **teamId context plumbing** — `createMcpServer({ teamId, registry })` now
+  closes over teamId per-session and `tool-registry.attachToServer` accepts
+  a `getContext` callback that injects `{ teamId, reqContext: { teamId } }`
+  into every handler call. Fixes both handler conventions (5 tools read
+  `req.teamId`, semantic_search reads `ctx.reqContext.teamId`).
+- **Session-scoped server cache** — MCP SDK tracks init state per `Server`
+  instance; creating a fresh server per HTTP request returned
+  "Server not initialized" on every 2nd+ call. Transport now caches
+  `{server, transport}` per session-id, evicts on `DELETE /mcp` or
+  `onsessionclosed`.
+- **Postgres grants for SECURITY DEFINER functions** — `lookup_mcp_session`
+  (owned by `rrr_auth_definer`) needed SELECT on `mcp_sessions`; `neondb_owner`
+  needed EXECUTE on both `lookup_mcp_session` + `lookup_token_by_prefix`.
+  Applied as one-off grants (documented in SHIP-RUNBOOK for idempotency).
+
+### Verified
+
+- `tools/list` returns the full 6-tool registry with integrity hash
+- `tools/call semantic_search` against live Neon/Voyage/HNSW: returns
+  semantically correct top-K matches (cosine similarity 0.72 for
+  "queue.add" query against test fixtures that mock that exact call)
+- Session persistence across multiple HTTP requests works (cache hit)
+- Latency: 837ms first call (cold Voyage embed + HNSW warmup);
+  subsequent calls should be sub-200ms with query-embed LRU hits.
+  Full P95 measurement is still a Phase 78 D.5 operator step.
+
+## [1.21.1] - 2026-04-18
+
+**Patch release — deploy-time fixes from first live Fly + Neon ingest.**
+
+No behavior changes to users of the local stdio `rrr-search` path (COMPAT-01..10
+preserved bit-for-bit). All patches are on the hosted-MCP code path and affect
+only operators running `--enable-hosted`.
+
+### Fixed
+
+- **Git CVE floor 2.45.1 → 2.39.5** in Dockerfile / Dockerfile.worker /
+  assert-git-hardening.sh / src/boot-assertions.js. Debian bookworm-backports
+  shifted after 74-04 shipped; 2.39.5 still patches CVE-2024-32002 (2.39.4+),
+  CVE-2023-29007 (2.39.3+), CVE-2018-17456 (ancient). Unblocks `fly deploy`.
+- **Vendored chunker bundle** at `rrr/hosted-mcp/vendor/search/chunker.cjs` with
+  local `package.json` `{"type":"commonjs"}`. The monorepo chunker at
+  `rrr/lib/search/chunker.js` is outside the Docker build context and
+  createRequire treated it as ESM under hosted-mcp's `"type":"module"` root.
+  `chunker-wrapper.js` tries the dev path first, falls back to vendored.
+- **Shallow-clone unshallow fallback** in `src/worker/lib/github-clone.js`.
+  `--depth=1` hides parents so `git rev-list --max-parents=0 HEAD` returns
+  HEAD instead of the true root, spuriously tripping IDNT-04 drift detection
+  on every first-time index. Now detects rootSha===headSha and runs
+  `git fetch --unshallow` before retrying rev-list.
+- **Voyage token-aware batching** in `src/worker/lib/voyage-embedder.js`.
+  Voyage rejects batches >120K tokens; the old fixed-128-item batches hit
+  241K on large chunks. Now caps by BOTH 128 items AND 100K tokens
+  (safety margin under the 120K hard cap).
+- **Voyage SDK timeout 60s → 180s**. Default per-request timeout too short
+  for large batches under tier-1 rate-limit bursts. Configurable via
+  `buildVoyageClient({timeoutInSeconds})`.
+- **pg-copy-streams explicit client checkout** in `src/worker/lib/neon-upsert.js`.
+  Pool can't host a long-lived Submittable stream; `copyUpsertChunks` now
+  wraps `withTeam(client, ...)` in `pool.connect()` + `finally release()`.
+
+### Verified end-to-end
+
+Post-patch smoke test against the live stack:
+- 10,047 chunks from `PA-Ai-Team/projecta-rrr` embedded via `voyage-code-3`
+  (14.1M tokens, 115 batches, ~4 min wall time on tier 1)
+- COPY-upserted into Neon `chunks` table
+- HNSW per-repo index built (`chunks_hnsw_<sha12>`, m=16, ef_construction=200)
+- `semantic_search("how does the worker enqueue a BullMQ job")` returns
+  the `queue.add(...)` call sites with cosine distance 0.279 — semantically
+  correct first-page results
+
 ## [1.21.0] - 2026-04-18
 
 <!-- Date-stamped at ship per SHIP-RUNBOOK D.8.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "projecta-rrr",
-  "version": "1.21.0",
+  "version": "1.21.2",
   "description": "A meta-prompting, context engineering and spec-driven development system for Claude Code by Projecta.ai",
   "bin": {
     "projecta-rrr": "bin/install.js"