Compare commits

..

31 Commits

Author SHA1 Message Date
agent_coder 3a521ada4d refactor(tools): updatePageContent → updatePageMarkdown; внешний MCP: +updatePageMarkdown, −import_page_markdown (#411)
Поверхности записи «целым телом» были несимметричны: у in-app агента полная
замена тела markdown называлась updatePageContent (имя не про формат, тогда как
парный updatePageJson — про JSON), а у внешнего MCP голого plain-body-replace
не было вовсе (только import_page_markdown — на деле парсер round-trip к
export_page_markdown, не plain-replace). Пара должна быть updatePageMarkdown /
updatePageJson.

Пост-Фаза-1б архитектура (реестр + циклы по обоим хостам):
- новая shared-спека updatePageMarkdown (mcpName update_page_markdown, inAppKey
  updatePageMarkdown, tier как у updatePageJson) с execute (client, {pageId,
  content, title}) => client.updatePage(...) — тот же путь updatePageContentRealtime
  → markdownToProseMirrorCanonical, ^[...]-сноски парсятся. Реестровый цикл
  регистрирует её на ОБОИХ хостах автоматически. Добавлен 'updatePage' в
  Pick DocmostClientLike.
- import_page_markdown убран с внешнего MCP через inAppOnly:true у спеки
  importPageMarkdown — MCP-цикл и генератор инвентаря её пропускают, in-app
  агент сохраняет importPageMarkdown; спека и client-метод НЕ удалены.
- удалён inline in-app updatePageContent tool (теперь из реестра под inAppKey
  updatePageMarkdown) + его INLINE_TOOL_TIERS-энтри.
- ROUTING_PROSE: bulk-rewrite ссылается на update_page_markdown|update_page_json;
  убрано упоминание import_page_markdown; инвентарь генерируется из catalogLine.
- лейбл-мапы chat-markdown.util (en/ru), человекочитаемые метки не тронуты.
- НЕ тронуты одноимённые внутренности: PageService.updatePageContent,
  updatePageContentRealtime, collaboration.handler — переименовано только имя тула.

Тесты: updatePageMarkdown на обеих поверхностях с идентичной схемой, forward в
client.updatePage; import_page_markdown ОТСУТСТВУЕТ на MCP, присутствует in-app;
^[...]→сноски покрыт через collaboration.test. CHANGELOG BREAKING + миграция;
README/README.ru пакета обновлены. Гейт: mcp node --test 646/646, server jest
259, tsc чисто. Первый линк breaking-окна #416 (#411→#412→#413→#415).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 18:33:20 +03:00
vvzvlad 576db3c8f9 Merge pull request 'feat(mcp): drawio стадия 2 — guide, каталог фигур, ELK-лейаут, quality-warnings (#424)' (#440) from feat/424-drawio-rules into develop
Reviewed-on: #440
2026-07-10 18:29:46 +03:00
agent_coder ddb37376a4 refactor(mcp): вписать drawio-тулы в реестровый цикл (Фаза 1б смержена) (#440)
Фаза 1б (#445/#446/#447/#448) влилась ПЕРЕД этим PR, поэтому явная проводка
drawio через registerShared/sharedTool конфликтовала с реестровыми циклами.
Фолд:
- drawioGet/Create/Update → канонический execute в спеке (это client-методы):
  execute возвращает сырой результат, цикл оборачивает jsonContent на MCP и
  отдаёт как есть in-app — байт-в-байт как старые тела, overrides не нужны.
  layout сохранён: добавлен в buildShape create/update + 5-м аргументом
  (layout as 'elk'|undefined) в обоих execute.
- drawioShapes/drawioGuide → остаются inline на ОБОИХ хостах. Гайд архитектора
  «execute в спеке с импортом searchShapes/getGuideSection в tool-specs.ts»
  оказался невозможен: drawio-shapes.ts использует import.meta.url, а
  tool-specs.ts тайпчекается из исходника под module:commonjs (contract-спека)
  → TS1343 на статический value-import, а import.meta не индиректится. Введён
  флаг спеки inlineBothHosts: спеки остаются в SHARED_TOOL_SPECS (contract
  пинит имя/описание/схему), но без execute; ОБА цикла их пропускают (добавлен
  симметричный guard в MCP-цикл), каждый хост регистрирует их inline через
  чистые хелперы — поведение байт-в-байт как до ребейза.
- docmost-client.loader: взята develop-форма DocmostClientLike = Pick<
  DocmostClient> (#446); ручное зеркало убрано, паритет layout наследуется из
  реальной сигнатуры client.
- ROUTING_PROSE: drawio intent-подсказки (shapes-first, guide, layout:elk);
  инвентарные строки убраны (генерируются из catalogLine).

Гейт: mcp node --test 674/674; server jest ai-chat-tools.service + contract
(211, все 5 drawio на обоих хостах, идентичная схема) + tool-tiers → 264;
tsc чисто; layout-passthrough тест 3/3. ELK DoS-кап и layout-фикс из round 3/4
сохранены.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 16:34:54 +03:00
agent_coder dc58974b31 fix(ai-chat): пробросить layout:elk в in-app drawioCreate/drawioUpdate — паритет с MCP (ревью #440)
In-app хендлеры drawio_create/drawio_update деструктурировали args БЕЗ layout и
не передавали его клиенту 5-м аргументом → layout:"elk" (схема его принимает —
общий buildShape) ТИХО терялся, ELK-автолейаут работал только по MCP-хосту.
Корень: ручное зеркало DocmostClientLike (loader) отстало от реального client.ts
— у его drawioCreate/drawioUpdate не было параметра layout (то, что #446 чинит
деривацией типа, но #446 ещё не влит). Добавил layout?:'elk' в обе сигнатуры
зеркала + проброс в обоих хендлерах.

Тест (пропущенный зелёным гейтом пробел — не было теста на in-app passthrough):
in-app drawioCreate/drawioUpdate с layout:'elk' → фейк-клиент получает layout
5-м позиционным аргументом; omit-кейс → undefined. Мутационно: убрать проброс
в drawioCreate → layout-create-тест краснеет.

Гейт: mcp build чисто; tsc -p apps/server без новых ошибок; jest
ai-chat-tools.service (35) + shared-tool-specs.contract + tool-tiers +
comment-signal-inapp → 273 passed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 16:16:19 +03:00
agent_coder c917dcc3c1 fix(mcp): ограничить ELK-лейаут (кап узлов/рёбер + таймаут) — untrusted-граф DoS (ревью #440)
applyElkLayout крутит elkjs СИНХРОННО в процессе на mxGraph-XML от LLM
(layout:'elk' в drawio_create/update) без лимита размера и без таймаута —
большой граф (тысячи узлов, ~1МБ XML проходит stage-1 cap 16МБ) блокирует
event-loop MCP-сервера на секунды-минуты. try/catch ловил только брошенную
ошибку, но не зависание.

- кап ДО построения графа: >500 узлов или >1000 рёбер → вернуть исходный XML
  (best-effort, как существующий catch); синхронный elkjs → кап и есть
  реальная защита;
- Promise.race с 5s-таймаутом (defense-in-depth на случай async-elkjs); таймер
  гасится в finally → нет утечки хендла и unhandled-rejection (проигравший
  timeout остаётся pending с погашенным таймером);
- тест: 600-узловой граф возвращается без изменений и быстро (<2s) — кап-путь.

79/79 drawio-тестов зелёные.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 16:15:06 +03:00
agent_coder eddc3b5c33 feat(ai-chat): пробросить drawio_shapes/drawio_guide in-app — восстановить SHARED_TOOL_SPECS-паритет (#424)
Стадия-1 (#434) уже была довяжена in-app в develop (f46d89ea, agent_vscode)
для CRUD-тулов; два новых чистых read-only хелпера стадии-2 остались
незаброшенными → contract-parity спека падала 6 ассертами (по 3 на
drawio_shapes/drawio_guide). В отличие от CRUD-тулов это ЧИСТЫЕ функции без
сетевого вызова, поэтому НЕ client-методы:

- реэкспорт searchShapes / getGuideSection (+ тип SearchShapesOptions) из
  entry пакета @docmost/mcp; loadDocmostMcp() пробрасывает их так же, как
  sharedToolSpecs (типы SearchShapesFn/GetGuideSectionFn);
- две записи sharedTool(...) в forUser() после drawioUpdate: drawioShapes
  повторяет серверный вызов searchShapes(query,{category,limit}) и форму
  { query, count, results }; drawioGuide — getGuideSection(section)
  (omit section -> index); голый объект без jsonContent-envelope, как у
  соседних in-app хендлеров;
- DocmostClientLike и HOST_CONTRACT_METHODS-вайтлист НЕ тронуты (это не
  методы клиента);
- три тест-мока (contract/service/tool-tiers) получили type-only no-op
  заглушки под расширенный тип loadDocmostMcp() — тела инструментов в этих
  тестах не исполняются, contract-спека реально гоняет настоящий
  SHARED_TOOL_SPECS.

Внутреннее ревью обвязки: APPROVE, 0 находок. shared-tool-specs.contract:
211/211 (было 6 падений); client-host-contract drift-guard 3/0; tsc EXIT 0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 16:15:06 +03:00
agent_coder e454fe189c feat(mcp): drawio стадия 2 — правила качества, каталог фигур, guide, ELK-лейаут, warnings (#424)
Надстройка над стадией-1 (сырой mxGraph XML) — помогает агенту рисовать
корректные диаграммы без бэкенд-рендеринга:

- hard-rules в описаниях drawio_create/drawio_update (геометрия, parent-
  relative координаты, стили);
- drawio_guide (5 секций: skeleton / layout / containers / icons-aws /
  icons-azure, каждая ≤4KB) — по требованию, не раздувает контекст;
- drawio_shapes — реальный jgraph shape-index (10446 фигур, gzip 437KB,
  ленивый node:zlib gunzip) + курируемый оверлей (service-level паттерны
  AWS/Azure, note-подсказки на пустые resIcon, палитра категорий);
  ранжирование aws4>aws3; escapeRe в score (не ReDoS);
- layout:"elk" через elkjs (чистый JS, dependencies:{}) — compound-nesting,
  best-effort (на сбое ELK возвращает нормализованный вход), 73→0 warnings
  на 12-узловом графе;
- 6 типов quality-warnings в линтере (overlap, out-of-bounds, edge-cross,
  и т.п.), геометрия Liang-Barsky; warnings НИКОГДА не блокируют write.

Оба новых инструмента в SHARED_TOOL_SPECS (tier:deferred) + SERVER_
INSTRUCTIONS; drift-guards зелёные. elkjs ^0.11.1 — единственный новый
рантайм-деп; lockfile синхронизирован (--frozen-lockfile --offline EXIT 0).
data/ едет с воркспейсом (.gitignore-негация !packages/mcp/data/).

Внутренний цикл: 1 проход внутреннего ревью (APPROVE WITH SUGGESTIONS);
все 59 профильных тестов зелёные.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 16:12:37 +03:00
vvzvlad ea99d4fe63 Merge pull request 'feat(mcp): внятная диагностика ошибок тулов + fail-fast валидация comment-id (#437, #436)' (#441) from feat/437-error-diagnostics into develop
Reviewed-on: #441
2026-07-10 16:03:44 +03:00
vvzvlad 23966ce51c Merge pull request 'fix(ai-chat): «send now» во время detached-run — серверный stop + ограниченный ретрай 409 (#396)' (#456) from fix/396-sendnow-detached-run into develop
Reviewed-on: #456
2026-07-10 16:03:18 +03:00
vvzvlad a53b2f454e Merge pull request 'fix(delivery): immutable-кэш ассетов — отключить дефолтный cacheControl @fastify/static (#452)' (#455) from fix/452-immutable-cache-control into develop
Reviewed-on: #455
2026-07-10 16:03:03 +03:00
vvzvlad d219eb7525 Merge pull request 'fix(ai-chat): защита от петель агента — lockdown под тоггл + детектор деградации + бюджет шагов (#444)' (#454) from fix/444-agent-loop-guards into develop
Reviewed-on: #454
2026-07-10 16:02:48 +03:00
vvzvlad 93d244478e Merge pull request 'refactor(tools): генерировать инвентарь SERVER_INSTRUCTIONS из реестра + guard имён тулов (#448)' (#460) from refactor/448-generate-inventory into develop
Reviewed-on: #460
2026-07-10 16:02:17 +03:00
vvzvlad 791f709c18 Merge pull request 'refactor(tools): execute-маппинг в SHARED_TOOL_SPECS + автопроводка обоих хостов (#445)' (#459) from refactor/445-execute-mapping into develop
Reviewed-on: #459
2026-07-10 16:02:01 +03:00
vvzvlad f8a27cba91 Merge pull request 'refactor(mcp): вывести DocmostClientLike/SharedToolSpec из реального типа — убить ручные зеркала (#446)' (#458) from refactor/446-derive-client-types into develop
Reviewed-on: #458
2026-07-10 16:01:48 +03:00
vvzvlad 61dc9b50c1 Merge pull request 'fix(ci,mcp): REGISTRY_STAMP в билде + кросс-пакетный CI — закрыть skew build/vs/src (#447)' (#457) from fix/447-registry-stamp-ci into develop
Reviewed-on: #457
2026-07-10 16:01:38 +03:00
vvzvlad cebb1cca87 Merge pull request 'fix(mcp): pre-validate node JSON против схемы + путь битого узла (#409)' (#461) from fix/409-invalid-node-validation into develop
Reviewed-on: #461
2026-07-10 16:01:25 +03:00
vvzvlad 605c0f3dda Merge pull request 'docs(mcp): поправить устаревшую ссылку footnote-authoring.ts в комментариях' (#453) from docs/footnote-authoring-comment-cleanup into develop
Reviewed-on: #453
2026-07-10 15:49:35 +03:00
agent_coder 4cb762b039 docs(mcp): обновить AGENTS.md + коммент под генерируемый инвентарь (ревью #460)
Две доковые правки по ревью: (1) AGENTS.md-буллет описывал ДО-#448 мир (ручная
правка SERVER_INSTRUCTIONS, enforced server-instructions.test.mjs, EXCEPTIONS) —
переписан: shared-спеки авто-обновляют генерируемый <tool_inventory>, только
inline-тул требует строки в INLINE_MCP_INVENTORY, enforced tool-inventory.test.mjs,
EXCEPTIONS больше нет; (2) коммент в server-instructions.ts называл гард окольно
('tool-specs.test.mjs's sibling test') → назван tool-inventory.test.mjs напрямую.
Единственная оставшаяся ссылка на удалённый тест устранена. Только доки/комменты.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 09:55:30 +03:00
agent_coder d0f99052cf refactor(tools): генерировать инвентарь SERVER_INSTRUCTIONS из реестра + guard имён тулов в промпте (#448)
Финальный линк Фазы 1б. Инвентарь тулов жил в 4 рукописных прозаических копиях
(SERVER_INSTRUCTIONS под regex-тестом; <tool_catalog>; имена в ai-chat.prompt.ts
без гарда; README) — роадмап #416 планировал 4 последовательных ручных правки
этого текста (#411/#412/#413/#415).

- SERVER_INSTRUCTIONS разбит (новый модуль server-instructions.ts): ROUTING_
  PROSE (рукописные intent-подсказки «когда что» — осмысленно ручные, перенесены
  ДОСЛОВНО со всеми предостережениями: <=250 у create_comment, soft-delete у
  delete_page, baseHash у drawio_update, PUBLIC у share_page) + buildToolInventory()
  — генерирует <tool_inventory> из реестра (mcpName + purpose из catalogLine,
  группировка по TOOL_FAMILY, бакет OTHER ловит незамаппленное → тул нельзя
  тихо потерять) + 5 inline MCP-only (INLINE_MCP_INVENTORY). Детерминирован
  (семейства FAMILY_ORDER, имена localeCompare). regex-тест server-instructions
  удалён; структурные гарантии — в новом tool-inventory.test.mjs (точное
  членство множества сильнее старого \b-скрейпа).
- Имена тулов в ai-chat.prompt.ts → через экспорт PROMPT_TOOL_NAMES; новый гард
  ai-chat.prompt.tool-names.spec.ts: каждое имя — реальный тул реестра, скан
  guidance-нот на camelCase-токены падает на несуществующем (escape-
  нейтрализация против ложных nThe-токенов).
- INLINE_TOOL_TIERS уже содержал ровно 8 genuinely-inline тулов (после #445) —
  сжатие не потребовалось.

Критерий: добавление/переименование спека меняет инвентарь БЕЗ правки прозы.
Внутреннее ревью: APPROVE — фактическим прогоном подтверждено, что НИ ОДИН тул
из старого SERVER_INSTRUCTIONS не выпал (диф старый-vs-новый пуст; добавился
get_workspace, раньше прятавшийся в EXCEPTIONS); проза дословна; инвентарь
полон/детерминирован/без фантомов; гард краснеет на обеих ветках провала.
613 node + 289 jest зелёные. Стоит на #445 — мержить последним в стопке 1б.

README-каталоги вне обязательного скоупа (docs-скрипт) — в чек-лист #412.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 09:21:28 +03:00
agent_coder 8c74659d91 refactor(tools): execute-маппинг в SHARED_TOOL_SPECS + автопроводка обоих хостов (#445)
Ядро Фазы 1б. Реестр (#294) шарил только метаданные (имя/схема/описание/tier),
но НЕ execute-логику — у каждого shared-тула было ДВА рукописных execute-тела
с копией маппинга аргументов (MCP registerShared в index.ts; in-app sharedTool
в ai-chat-tools.service, зеркалящий MCP-транспорт вручную). Корень
повторяющихся parity-багов (f46d89ea drawio, f8d26420 stashPage, fc9088b7
node-args): добавление одного тула = 7-9 согласованных ручных правок в двух
пакетах.

- SharedToolSpec расширен: канонический execute(client, args) (чистый JS —
  свободно пересекает zod-мажорную границу v3/v4) + оверрайды
  mcpExecute/inAppExecute/mcpOnly/inAppOnly для ОСОЗНАННЫХ per-layer различий.
  client: DocmostClientLike (Pick из #446). Канон возвращает СЫРЬЁ, каждый хост
  накладывает свой конверт (MCP jsonContent, in-app как есть); override владеет
  результатом хоста целиком.
- Оба хоста → циклы по Object.values(SHARED_TOOL_SPECS): index.ts registerShared
  39→0 (цикл), ai-chat-tools.service sharedTool ~40→1 (цикл). Добавление спека
  автоматически регистрирует тул в ОБОИХ хостах — сценарий PR #434 невозможен
  по построению.
- Осознанные различия через overrides (ни одно не сплющено к одному хосту):
  оба mcpExecute+inAppExecute — createPage/movePage/deletePage/
  exportPageMarkdown/createComment (guardrails, конверты, проекции, тексты
  ошибок); execute+inAppExecute — getPage/renamePage/resolveComment;
  execute+mcpExecute — stashPage (resource_link+structuredContent),
  checkNewComments (since-guard только на MCP).
- Оставлены inline (по делу): update_comment/delete_comment (MCP-only, in-app
  не даёт хард-правку/удаление комментов), search/transformPage (per-transport
  дивергенция — hybrid RRF / без deleteComments), table_get (noun-vs-verb
  naming clash — уедет после camelCase #412), getCurrentPage/updatePageContent/
  listSidebarPages/getComment/getPageHistory (in-app-only, per-request state).
- Guard-тесты (contract-parity, phantom-catalog) сохранены — теперь инварианты,
  не «последняя линия».

Внутреннее ревью: APPROVE, построчная BEFORE/AFTER-сверка по каждому shared-тулу
на обоих хостах — ни одного изменённого per-host поведения (порядок/дефолты
аргументов, guard'ы, конверты, проекции сохранены), множества тулов побайтово
совпадают (48 in-app, 45 MCP), кросс-zod-граница чистая (нет z. в execute),
611 mcp + 260 server тестов зелёные. Ядро Фазы 1б, стоит на #446 — мержить после.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 08:59:40 +03:00
agent_coder fe5b6ecd8c refactor(mcp): вывести DocmostClientLike/SharedToolSpec из реального типа клиента — убить ручные зеркала (#446)
Восстановленный отложенный долг #294: @docmost/mcp не отдавал .d.ts, поэтому в
сервере жили ТРИ дрейфующие ручные копии одних и тех же имён/сигнатур
(DocmostClientLike ~230 строк, копия SharedToolSpec, name-only HOST_CONTRACT_
METHODS-тест). In-app execute-тела зовут клиент ПОЗИЦИОННО, так что перестановка
параметра в client.ts доезжала до прода рантайм-ошибкой без сигнала на компиляции.

- declaration:true (+declarationMap) в packages/mcp/tsconfig.json; types-экспорт
  в package.json (exports → conditional {types, default} для . и ./http;
  require.resolve/dynamic-import резолвят default → build/index.js, рантайм не
  тронут). build/index.d.ts эмитится, реэкспортит DocmostClient + SharedToolSpec.
  Правок исходников пакета для эмита НЕ потребовалось.
- DocmostClientLike → Pick<DocmostClient, 48 методов> из type-only import
  (стёрт на компиляции, ESM/CJS-границу не задевает); ручное зеркало удалено.
- SharedToolSpec → type-only реэкспорт из пакета; ручная копия удалена.
- client-host-contract.test.mjs удалён целиком — имена И сигнатуры теперь
  проверяет tsc.
- Позиционная безопасность: never-called __assertClientCallContract(client:
  DocmostClientLike) воспроизводит каждый позиционный вызов с типизированными
  плейсхолдерами (AI-SDK стирает вход execute-замыканий в any, иначе позиционные
  вызовы не проверялись). Перестановка параметров client.ts → ошибка компиляции
  сервера ровно тут. Loose as-касты в ai-chat-tools.service не потребовали
  правок; as any не добавлялся.

Внутреннее ревью: APPROVE. Runtime resolution через conditional exports не сломан
(разобрано для прод-инсталляции, не только symlink); покрытие
__assertClientCallContract полное (48 call-sites == union == assert, сверено
программно); Pick полон; демонстрация reorder → TS2345 в assert. Единственная
находка (Promise<any> в части возвратов) предсуществующая в client.ts, вне
цели PR. Стоит на #447 (закрытие skew build/vs/src) — мержить после него.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 08:29:46 +03:00
agent_coder 2e6f1c3de5 fix(ci,mcp): REGISTRY_STAMP в билд-артефакте + кросс-пакетный CI — закрыть skew build/ vs src/ (#447)
Два структурных слепых пятна: (1) сервер грузит СКОМПИЛИРОВАННЫЙ
packages/mcp/build/index.js, а серверные guard-тесты читают src/tool-specs.ts —
правка src без пересборки оставляет тесты зелёными, но рантайм расходится со
спеками; (2) спеки добавляют в packages/mcp, а parity-тесты живут в jest-сьюте
apps/server — PR, трогающий только пакет, проходит зелёным, сломанная in-app-
проводка всплывает уже на develop (кейс f46d89ea).

- REGISTRY_STAMP: codegen (scripts/gen-registry-stamp.mjs) считает sha256 от
  нормализованного (CRLF→LF, один хвостовой \n снят) сырого текста
  src/tool-specs.ts, пишет src/registry-stamp.generated.ts (gitignored),
  index.ts реэкспортит → попадает в build/. Вшит в build/pretest/watch ДО tsc.
- Loader (dev/test): computeSrcRegistryStamp пересчитывает стамп из src рядом с
  build/index.js (dev-vs-prod по existsSync, любая ошибка → null), сверяет с
  build-стампом → при рассинхроне бросает «build is stale — rebuild». В prod
  (src нет) и на pre-#447 билдах (нет REGISTRY_STAMP) — чистый no-op.
- CI: job mcp-server-parity собирает shared-deps+mcp (регенерит стамп) и гоняет
  ОБА сьюта вместе (mcp node:test + server guard-спеки) — именованный гейт, его
  нельзя случайно расщепить.
- AGENTS.md: правка спеков требует ребилда @docmost/mcp.

Тесты (20): mcp-сайд (детерминизм, нормализация, desync-гард стамп-vs-билд) +
server-сайд (null при отсутствии src = prod no-op; mismatch → throw точного
сообщения; pre-#447 no-op). Кросс-импл equality-гард: один фиксированный вход →
один хэш на ОБЕИХ сторонах, ловит рассинхрон двух нормализаций. Внутреннее
ревью: APPROVE WITH SUGGESTIONS (обе — покрытие guard'а — закрыты этим тестом).
Мутационно: любой из двух normalize-имплов расходится → equality-тест краснеет.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:58:37 +03:00
agent_coder e24ddf6b3e test(ai-chat): покрыть safety-путь детектора деградации + границы (ревью #454)
Ревью: дизайн LGTM, но safety-фича недотестирована. Добавлено (только тесты,
прод-код не тронут):
- e2e-реакция детектора: streamText эмитит degenerate-чанки → union abortSignal
  срабатывает с 'Output degeneration detected' (отличимо от Stop) → onAbort
  пишет status:error + OUTPUT_DEGENERATION_ERROR + усечённый content, лиза MCP
  закрыта. Именно ДЕЙСТВИЕ на детект (детектит-но-не-действует = защиты нет);
- граница monochar-порога: hasPeriodicTail('x'×59)=false, ('x'×60)=true
  (мутация >=→> раньше выживала);
- empty-turn маркер (шаги исчерпаны + без текста → STEP_LIMIT_NO_ANSWER_MARKER;
  негативы на нормальный текст-ход и на исчерпание-с-текстом — гардят AND);
- различение degeneration-onAbort vs user-Stop (Stop → status:aborted, без
  error/усечения).

Мутационно: (a) >=→> роняет 60-границу; (b) нейтрализация onAbort-ветки роняет
reaction-тест; (c) нейтрализация маркера роняет empty-turn-тест. +7 тестов,
137 passed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:54:34 +03:00
agent_coder 3cba551800 fix(ai-chat): «send now» во время detached-run — авторитетный серверный stop + ограниченный ретрай 409 (#396)
В автономном режиме «Interrupt and send now» во время живого detached-run делал
только локальный stop() (abort SSE), который сервер игнорирует (run живёт по
дизайну #184/#234), поэтому onFinish→flush новый POST упирался в гейт «один
активный run на чат» → 409 A_RUN_ALREADY_ACTIVE, новый turn не стартовал.
handleStop делает правильно (доп. onServerStop), sendNow — нет. Вариант A
(клиентский, горячий путь сервера не тронут):

- sendNow в автономном режиме дополнительно зовёт onServerStop(chatId) (или
  откладывает через stopPendingRef, если chatId ещё не усыновлён — как
  handleStop) и взводит one-shot supersedeRetryRef ДО stop();
- транспорт-fetch на supersede-отправке (и только на ней) ретраит РОВНО 409 с
  body.code===A_RUN_ALREADY_ACTIVE до 4 попыток с бэкоффом 150/300/600ms;
  onServerStop гарантирует осадку run → ретрай сходится. Обычная отправка (не
  взведён флаг) падает на 409 мгновенно. isRunAlreadyActive читает
  response.clone() → тело оригинала возвращается потребителю нетронутым.
  409 всегда до записи user-строки (pre-check/beginRun раньше insert) → повтор
  POST безопасен, дублей нет.

Внутренний цикл: 2 прохода. Ревью нашло CRITICAL: supersedeRetryRef застревал
взведённым, когда sendNow взвёл, но POST не ушёл (promoted head удалён →
flushNext() false; либо wasResumed-return) — следующая обычная отправка молча
ретраила настоящий 409. Починка: разоружать флаг симметрично остальным one-shot
(в ветке !flushNext() и в isStreaming-defuse-эффекте); транспорт read-and-clear
на входе каждой отправки. Мутационно: убрать disarm → strand-тест краснеет
(4 вызова вместо 1). Легаси-режим не тронут (регресс-гард).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:50:04 +03:00
agent_coder 15a9eba562 fix(delivery): immutable-кэш ассетов — отключить дефолтный cacheControl @fastify/static (#452)
Хэшированные ассеты отдавали 'cache-control: public, max-age=0' вместо
'public, max-age=31536000, immutable' → повторные заходы ревалидировали каждый
ассет (десятки 304 × мобильный RTT), главный выигрыш #346 не реализовывался.
Причина: у @fastify/static опция cacheControl:true по умолчанию пишет свой
Cache-Control (из maxAge, дефолт 0) ПОСЛЕ setHeaders-колбэка, затирая immutable-
заголовок из resolveStaticAssetHeaders. Фикс — cacheControl:false, колбэк
владеет заголовком. preCompressed не конфликтовал, потому баг был только в
заголовках.

Крайние случаи проверены: locales/vad/иконки получают только vary (без
cache-control → браузер ревалидирует по etag — ок); index.html отдаётся
отдельным wildcard-роутом со своим no-cache (не затронут); preCompressed .br
получает путь с /assets/ → маппинг матчит, immutable ставится.

Тест: bare-fastify + inject() — /assets/<hashed>.js содержит immutable+
max-age=31536000, /locales/en.json — нет. Мутационно: cacheControl:true роняет
ассерт immutable. jest static.module → 5/5.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:30:44 +03:00
agent_coder 2c03fefa9d fix(ai-chat): защита от петель агента — lockdown под тоггл, детектор деградации, бюджет шагов (#444)
Третий класс петли (инцидент 2026-07-10): ран упёрся в 20-шаговый кап, спалив
все шаги на чтение; на 20-м шаге final-step lockdown отнял инструменты
(toolChoice:'none') посреди незаконченной работы → модель выродилась в
текст-повтор («loadTools.» ×20416, 255КБ). Пакет защит по дизайну владельца:

- MAX_AGENT_STEPS 20→50; спеки выводятся из константы (нет захардкоженных 19/20).
- Final-step lockdown под env-тогглом AI_CHAT_FINAL_STEP_LOCKDOWN (дефолт OFF,
  по образцу AI_CHAT_DEFERRED_TOOLS): OFF — инструменты доступны на всех шагах +
  мягкий финальный нудж; ON — легаси toolChoice:'none'+FINAL_STEP_INSTRUCTION.
  Спеки параметризованы по тогглу. .env.example задокументирован.
- Пустой ход (все шаги без текста, шаги исчерпаны) получает синтетический
  маркер-текст — виден в UI и реплее.
- Детектор токен-деградации в onChunk (единственная защита от болтовни, БЕЗ
  maxOutputTokens — tool-аргументы это выходные токены): чистые правила
  (≥25 одинаковых строк ИЛИ периодический хвост), при срабатывании abort через
  внутренний AbortController ∪ effectiveSignal (AbortSignal.any), финализация в
  onAbort: усечение хвоста, ai_chat_runs.error=Output degeneration detected,
  лизы MCP/снапшоты освобождаются (существующий lifecycle).
- Предупреждение о бюджете шагов на MAX-6…MAX-2 с убывающим N.
- loadTools-описание и преамбула каталога явно говорят, что CORE-тулы всегда
  активны (список из CORE_TOOL_KEYS динамически).

Внутренний цикл: 2 прохода. Ревью нашло data-loss-риск: правило периодичности
детектора ложно срабатывало на markdown-разделителях/setext-подчёркиваниях/
хвостовых пробелах (монохар-хвост p-периодичен при ЛЮБОМ p → ложный abort с
пометкой error и усечением). Починка: отдельная монохар-проверка (порог 60,
выше любого реального разделителя) + требование ≥2 различных символов в
периодическом блоке при p≥2. Реальный loadTools-цикл (период ~10) ловится.
Мутационно: 59 одинаковых — не флаг, 60 — флаг; loadTools×20416 — флаг.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:28:48 +03:00
agent_coder 76af4f692e docs(mcp): поправить устаревшую ссылку footnote-authoring.ts -> @docmost/prosemirror-markdown
#429 (дедуп node-ops) перенёс footnoteContentKey в @docmost/prosemirror-markdown
и удалил footnote-authoring.ts, но два docstring-комментария в
footnote-normalize-merge.ts всё ещё ссылались на старое имя файла. Только
комментарии, на сборку/поведение не влияет.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:26:42 +03:00
agent_coder 4809348457 test(mcp): ассертить collab-hint (pageId + transient/retry) в reject-текстах (ревью #441)
Enrichment collab-ошибок из Phase C (#437) дописывает
'(pageId …; transient — retry once; …)' к connect-timeout/connection-closed,
но reject-регекспы матчили только базовый текст → проходили и С hint, и БЕЗ
(vacuous). Ужесточил два ассерта (connection-closed, connect-timeout) до
'<база> (pageId page-1; transient' — теперь рефактор, убравший hint(), их
роняет. Мутационно: hint()->'' → ровно эти 2 теста краснеют (18->16).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:14:39 +03:00
agent_coder d3d32d637b fix(mcp): no-response диагностика — не отдавать сырой error.message (утечка host в модель) (внутр. ревью #437)
no-response ветка формата использовала error.code ?? error.message: при
отсутствии code axios-сообщения сетевых ошибок содержат host:port
('connect ECONNREFUSED 127.0.0.1:3000', 'getaddrinfo ENOTFOUND host'), что
нарушает инвариант #437 «host никогда не попадает в видимое модели сообщение».
Теперь только error.code (?? 'network error'); полный нативный текст уходит в
stderr под DEBUG. code проставлен фактически для всех реальных no-response
ошибок. Тест обновлён: сырое host-содержащее сообщение -> нейтральный reason,
плюс ассерт что host в сообщении отсутствует.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:12:37 +03:00
agent_coder 9a435201b8 feat(mcp): enrich collab connect/persist/closed error texts with pageId + retry hint (#437)
Append `(pageId <id>; transient — retry once; persistent failures mean the
collab server is unreachable/overloaded)` to the connect-timeout, persist-timeout
and connection-closed error texts in CollabSession, so the agent can self-correct
instead of blind-looping. The Yjs-encode error is left untouched (it already names
the offending attribute).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:12:37 +03:00
agent_coder d6827b9210 feat(mcp): actionable tool errors — central axios diagnostics + fail-fast comment-id guard (#437)
Phase A: add ONE response interceptor on DocmostClient's axios instance,
registered AFTER the re-login interceptor, that reformats a failed request's
error.message IN PLACE (never a custom Error subclass, so the live
axios.isAxiosError / error.response?.status / config._retry checks keep working)
into `<METHOD> <path> failed (<status> <statusText>): <serverMessage>`, or the
no-response variant. serverMessage is built ONLY from the whitelisted
message/error fields or statusText — raw string/HTML bodies, headers and config
never appear; an arraybuffer body is size-capped JSON.parsed; the full body goes
to stderr only under DEBUG (parity with downloadImage). A _docmostFormatted flag
guards against double-processing.

Phase B (#436): assertFullUuid throws an actionable error BEFORE any network
call at all five commentId sites (resolve/update/delete/get_comment and
create_comment's parentCommentId when provided), so a truncated id can no longer
loop as an opaque 400/404.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:12:37 +03:00
60 changed files with 6385 additions and 1690 deletions
+11
View File
@@ -217,6 +217,17 @@ MCP_DOCMOST_PASSWORD=
# active" behavior. # active" behavior.
# AI_CHAT_DEFERRED_TOOLS=true # AI_CHAT_DEFERRED_TOOLS=true
# Final-step lockdown for the in-app agent loop (#444). Default OFF. When ON
# (legacy), the LAST allowed step forces a text-only answer: the model's tools are
# stripped (toolChoice=none) and a synthesis instruction is appended. That
# tool-stripping caused a token-degeneration incident — robbed of its tools on the
# final step mid-work, the model emitted a ~255KB block repeating a single token —
# so the default is now OFF: the last step keeps its tools and gets only a SOFT
# nudge to finish with a text summary, and a token-degeneration detector is the
# universal anti-babble guard. Enable this ONLY for a model that reliably ends its
# turns with a clear text answer.
# AI_CHAT_FINAL_STEP_LOCKDOWN=false
# --- Autonomous / detached agent runs (settings.ai.autonomousRuns) --- # --- Autonomous / detached agent runs (settings.ai.autonomousRuns) ---
# Opt-in per workspace (AI settings; off by default). When on, a chat turn becomes # Opt-in per workspace (AI settings; off by default). When on, a chat turn becomes
# a server-side RUN that survives a browser disconnect — only an explicit Stop ends # a server-side RUN that survives a browser disconnect — only an explicit Stop ends
+58
View File
@@ -1,5 +1,13 @@
name: Test name: Test
# NO `paths:` filter on purpose (issue #447). The tool-spec REGISTRY is split
# across two packages that MUST stay in sync: the specs live in `packages/mcp`
# but the parity/tier guard tests that read them live in the `apps/server` jest
# suite. A PR touching only `packages/mcp/**` must therefore still run the SERVER
# suite (and vice-versa), or an in-app wiring break slips through green and only
# surfaces on develop after merge. The `test` job below runs BOTH suites via
# `pnpm -r test` on every PR; the dedicated `mcp-server-parity` job makes that
# cross-package gate explicit and fast. Do not add a `paths:` filter here.
on: on:
pull_request: pull_request:
workflow_call: workflow_call:
@@ -132,3 +140,53 @@ jobs:
# isolated `docmost_test` DB and migrates it to latest. # isolated `docmost_test` DB and migrates it to latest.
- name: Run server integration tests - name: Run server integration tests
run: pnpm --filter server test:int run: pnpm --filter server test:int
# Cross-package tool-spec parity gate (issue #447). The tool-spec registry lives
# in `packages/mcp` but its parity/tier guard tests live in the `apps/server`
# jest suite, so a PR touching ONLY one of the two packages must still run BOTH
# sides — otherwise an in-app wiring break (e.g. PR #434 drawio) passes the mcp
# suite green and only surfaces on develop after merge. The `test` job already
# runs everything via `pnpm -r test`; this job is a fast, explicitly-named guard
# that runs the mcp `node --test` suite AND the server tool-guard jest specs
# together, so the coupling is visible and can never be accidentally split by a
# path filter. No Postgres/Redis needed: these specs mock the DB/loader.
mcp-server-parity:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up pnpm
uses: pnpm/action-setup@v4
- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: 22
cache: pnpm
- name: Install dependencies
run: pnpm install --frozen-lockfile
# Shared deps first (build/ dirs are gitignored; see test.yml build order).
- name: Build editor-ext
run: pnpm --filter @docmost/editor-ext build
- name: Build prosemirror-markdown
run: pnpm --filter @docmost/prosemirror-markdown build
# Build the mcp package so build/ carries a FRESH REGISTRY_STAMP (#447): the
# build runs gen-registry-stamp.mjs before tsc, so a build/ vs src/ skew
# cannot slip into the tests that exercise the loader's stale-check.
- name: Build mcp (regenerates REGISTRY_STAMP)
run: pnpm --filter @docmost/mcp build
# mcp side: the standalone MCP server's own tool-spec / instructions guards.
- name: Run mcp tool-spec suite
run: pnpm --filter @docmost/mcp test
# server side: the parity + tier guards that read packages/mcp/src/tool-specs
# and assert the in-app AI-chat wiring matches it.
- name: Run server tool-spec guard specs
run: pnpm --filter server exec jest shared-tool-specs.contract tool-tiers ai-chat-tools.service --runInBand
+10
View File
@@ -2,6 +2,11 @@
.env.dev .env.dev
.env.prod .env.prod
data data
# Exception: the committed draw.io shape catalog (issue #424) lives in a `data/`
# dir, but the bare `data` ignore above is meant for runtime state, not this
# bundled build asset. Re-include the directory and its contents.
!packages/mcp/data/
!packages/mcp/data/**
# compiled output # compiled output
/dist /dist
node_modules node_modules
@@ -19,6 +24,11 @@ packages/prosemirror-markdown/build/
# markdown convention; the package is private and rebuilt at deploy. # markdown convention; the package is private and rebuilt at deploy.
packages/mcp/build/ packages/mcp/build/
# mcp REGISTRY_STAMP codegen output (issue #447). Regenerated into src/ by
# scripts/gen-registry-stamp.mjs on every `build`/`pretest` (before tsc), so it
# is a build artifact like build/ — never committed, always fresh.
packages/mcp/src/registry-stamp.generated.ts
# Logs # Logs
logs logs
*.log *.log
+17 -1
View File
@@ -248,6 +248,22 @@ pnpm collab:dev # run the collaboration server process standalone (
> that order). Reach for it whenever you run a consumer package's checks on their > that order). Reach for it whenever you run a consumer package's checks on their
> own rather than through the full `pnpm build`. > own rather than through the full `pnpm build`.
> **Editing an MCP tool spec requires a rebuild (issue #447).** The running
> server loads the **compiled** `packages/mcp/build/` of `@docmost/mcp` (via the
> runtime loader in `apps/server/src/core/ai-chat/tools/docmost-client.loader.ts`),
> but the parity/tier guard tests read `packages/mcp/src/tool-specs.ts`. So if you
> edit `tool-specs.ts` (any tool name, description, tier, catalog line, or input
> schema) **without rebuilding**, `build/` and `src/` silently diverge — the tests
> stay green while the server serves the OLD tools. To close that gap, the build
> emits a `REGISTRY_STAMP` (a deterministic hash of the tool-specs content, via
> `scripts/gen-registry-stamp.mjs` before `tsc`); on dev/test startup the loader
> recomputes it from `src/` and **refuses to start with a "@docmost/mcp build is
> stale …" error** on a mismatch (a pure no-op in prod, where only `build/` ships).
> After editing tool specs, rebuild:
> ```bash
> pnpm --filter @docmost/mcp build # or: pnpm --filter @docmost/mcp watch
> ```
**Lint** (per package — there is no root lint script): **Lint** (per package — there is no root lint script):
```bash ```bash
pnpm --filter server lint # eslint --fix on server .ts pnpm --filter server lint # eslint --fix on server .ts
@@ -322,7 +338,7 @@ Vite SPA. Code is organized by feature under `apps/client/src/features/*` (mirro
- The version string shown in the UI comes from `APP_VERSION` (CI/Docker) or `git describe --tags --always` (local), resolved in `vite.config.ts` — not from `package.json`. - The version string shown in the UI comes from `APP_VERSION` (CI/Docker) or `git describe --tags --always` (local), resolved in `vite.config.ts` — not from `package.json`.
- Server TS config is permissive (`noImplicitAny: false`, `strictNullChecks: false`, `no-explicit-any` lint disabled). Follow the existing relaxed style rather than tightening types broadly. - Server TS config is permissive (`noImplicitAny: false`, `strictNullChecks: false`, `no-explicit-any` lint disabled). Follow the existing relaxed style rather than tightening types broadly.
- Dependency versions are heavily pinned via `pnpm.overrides` and `pnpm.patchedDependencies` (`scimmy`, `yjs`, `ai`) in the root `package.json`. Don't bump pinned/patched deps casually; the patches and overrides exist for compatibility/security reasons. The `ai@6.0.134` patch disables the SDK's O(n²) cumulative `partialOutput` accumulation when no output strategy is requested (server heap OOM on long agent runs, #184; tripwire test: `apps/server/src/integrations/ai/ai-sdk-partial-output.patch.spec.ts`) — it MUST be re-created via `pnpm patch` when bumping `ai`. - Dependency versions are heavily pinned via `pnpm.overrides` and `pnpm.patchedDependencies` (`scimmy`, `yjs`, `ai`) in the root `package.json`. Don't bump pinned/patched deps casually; the patches and overrides exist for compatibility/security reasons. The `ai@6.0.134` patch disables the SDK's O(n²) cumulative `partialOutput` accumulation when no output strategy is requested (server heap OOM on long agent runs, #184; tripwire test: `apps/server/src/integrations/ai/ai-sdk-partial-output.patch.spec.ts`) — it MUST be re-created via `pnpm patch` when bumping `ai`.
- **Adding/renaming/removing an MCP tool requires updating `SERVER_INSTRUCTIONS`** in `packages/mcp/src/index.ts` — the intent-routing guide MCP clients receive on initialize. This applies both to inline `server.registerTool(...)` calls in `index.ts` and to specs in `packages/mcp/src/tool-specs.ts`. Enforced by `packages/mcp/test/unit/server-instructions.test.mjs`, which fails when a registered tool is not mentioned in the guide (deliberate opt-outs go into its `EXCEPTIONS` list). `packages/mcp/build/` is gitignored and rebuilt in CI/Docker via `pnpm build` (same convention as `git-sync`/`prosemirror-markdown`) — never commit it; rebuild locally after editing to run the tests. - **The MCP tool inventory in `SERVER_INSTRUCTIONS` is GENERATED from the registry** (`packages/mcp/src/server-instructions.ts`: `buildToolInventory()` over `SHARED_TOOL_SPECS`) and spliced into the hand-written routing prose (`ROUTING_PROSE`). So adding/renaming/removing a **shared** spec in `packages/mcp/src/tool-specs.ts` auto-updates the `<tool_inventory>` — no manual `SERVER_INSTRUCTIONS` edit needed. Only an **inline** MCP-only tool (those registered via `server.registerTool(...)` in `index.ts`, not through the registry) needs a one-line entry in `INLINE_MCP_INVENTORY`. Enforced by `packages/mcp/test/unit/tool-inventory.test.mjs`, which fails when a registered tool is missing from the generated inventory (there is no `EXCEPTIONS` opt-out anymore — every tool must appear). Update `ROUTING_PROSE` when a tool's *intent guidance* (when-to-use) changes. `packages/mcp/build/` is gitignored and rebuilt in CI/Docker via `pnpm build` (same convention as `git-sync`/`prosemirror-markdown`) — never commit it; rebuild locally after editing to run the tests.
## CI / release ## CI / release
+17
View File
@@ -10,6 +10,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Breaking Changes
- **External MCP: `import_page_markdown` removed, `update_page_markdown` added.**
The external `/mcp` surface no longer exposes `import_page_markdown` (the
round-trip parser for a self-contained *exported* Docmost-Markdown file). In
its place it now exposes **`update_page_markdown`** — a plain-Markdown
full-body replace (`{pageId, content, title?}`) that pairs with
`update_page_json`, re-imports the whole body (block ids regenerate) and
parses Docmost-flavoured markdown including `^[...]` inline footnotes.
*Migration:* MCP clients that called `import_page_markdown` to overwrite a
page's body from Markdown should call `update_page_markdown` instead (pass the
markdown as `content`). Round-tripping an exported Docmost-Markdown file with
comment anchors/diagrams is no longer available on the external MCP surface;
export remains via `export_page_markdown`. The in-app AI agent is unaffected —
it keeps both `importPageMarkdown` and the renamed `updatePageMarkdown` (was
`updatePageContent`). The total MCP tool count is unchanged (−1 / +1). (#411)
### Added ### Added
- **Place several images side by side in a row.** A new "Inline (side by - **Place several images side by side in a row.** A new "Inline (side by
@@ -28,7 +28,10 @@ const h = vi.hoisted(() => ({
body: Record<string, unknown>; body: Record<string, unknown>;
}) => { body: Record<string, unknown> }; }) => { body: Record<string, unknown> };
prepareReconnectToStreamRequest?: () => { api?: string }; prepareReconnectToStreamRequest?: () => { api?: string };
fetch?: (input: unknown, init?: { method?: string }) => Promise<unknown>; fetch?: (
input: unknown,
init?: { method?: string; body?: unknown },
) => Promise<unknown>;
}, },
}, },
})); }));
@@ -200,6 +203,244 @@ describe("ChatThread — send now (#198)", () => {
}); });
}); });
// #396: in autonomous mode a live sendNow must additionally request the
// AUTHORITATIVE server stop of the detached run (a local abort is only a client
// disconnect the server ignores) and arm a bounded 409 retry so the re-POST
// converges once the one-active-run slot frees. Legacy mode is unchanged.
describe("ChatThread — send now server-stop + supersede retry (#396)", () => {
beforeEach(resetState);
afterEach(cleanup);
// A settled assistant tail => no mount resume (attemptResumeRef false), so the
// "Send now" button is visible for the NEW local streaming turn while
// autonomous runs are enabled.
const settledTail = () => [
row("u1", "user", undefined, "hi"),
row("a1", "assistant", "succeeded", "done"),
];
it("autonomous: sendNow during a live stream calls onServerStop with the chat id", () => {
const { onServerStop } = renderThread({
autonomousRunsEnabled: true,
initialRows: settledTail(),
});
fireEvent.click(screen.getByTestId("queue-btn"));
fireEvent.click(screen.getByLabelText("Send now"));
expect(h.state.stop).toHaveBeenCalledTimes(1);
expect(onServerStop).toHaveBeenCalledWith("c1");
});
it("legacy (autonomous off): sendNow does NOT call onServerStop and does NOT retry the send", async () => {
const { onServerStop } = renderThread({
autonomousRunsEnabled: false,
initialRows: settledTail(),
});
fireEvent.click(screen.getByTestId("queue-btn"));
fireEvent.click(screen.getByLabelText("Send now"));
expect(onServerStop).not.toHaveBeenCalled();
// The supersede retry must NOT be armed: a POST that 409s is returned as-is
// (single fetch, no retry).
const fetchMock = vi
.fn()
.mockResolvedValue(
new Response(JSON.stringify({ code: "A_RUN_ALREADY_ACTIVE" }), {
status: 409,
}),
);
vi.stubGlobal("fetch", fetchMock);
let res!: Response;
await act(async () => {
res = (await h.state.transport!.fetch!("http://x", {
method: "POST",
body: "{}",
})) as Response;
});
expect(fetchMock).toHaveBeenCalledTimes(1);
expect(res.status).toBe(409);
});
it("armed supersede send retries 409 A_RUN_ALREADY_ACTIVE and succeeds once the slot frees", async () => {
renderThread({ autonomousRunsEnabled: true, initialRows: settledTail() });
// Arm the retry by performing a live sendNow (autonomous branch sets the ref).
fireEvent.click(screen.getByTestId("queue-btn"));
fireEvent.click(screen.getByLabelText("Send now"));
const fetchMock = vi
.fn()
// First POST: the old detached run still holds the slot -> 409.
.mockResolvedValueOnce(
new Response(JSON.stringify({ code: "A_RUN_ALREADY_ACTIVE" }), {
status: 409,
}),
)
// Retry: the server stop settled the old run -> 200.
.mockResolvedValueOnce(new Response("ok", { status: 200 }));
vi.stubGlobal("fetch", fetchMock);
let res!: Response;
await act(async () => {
res = (await h.state.transport!.fetch!("http://x", {
method: "POST",
body: "{}",
})) as Response;
});
expect(fetchMock).toHaveBeenCalledTimes(2);
expect(res.status).toBe(200);
});
it("supersede retry is one-shot: a later send (ref cleared) does NOT retry a 409", async () => {
renderThread({ autonomousRunsEnabled: true, initialRows: settledTail() });
fireEvent.click(screen.getByTestId("queue-btn"));
fireEvent.click(screen.getByLabelText("Send now")); // arms the one-shot
// First armed send: immediately succeeds, consuming the arm.
let fetchMock = vi
.fn()
.mockResolvedValue(new Response("ok", { status: 200 }));
vi.stubGlobal("fetch", fetchMock);
await act(async () => {
await h.state.transport!.fetch!("http://x", {
method: "POST",
body: "{}",
});
});
expect(fetchMock).toHaveBeenCalledTimes(1);
// A subsequent send is NOT armed -> a 409 is returned as-is (no retry).
fetchMock = vi.fn().mockResolvedValue(
new Response(JSON.stringify({ code: "A_RUN_ALREADY_ACTIVE" }), {
status: 409,
}),
);
vi.stubGlobal("fetch", fetchMock);
let res!: Response;
await act(async () => {
res = (await h.state.transport!.fetch!("http://x", {
method: "POST",
body: "{}",
})) as Response;
});
expect(fetchMock).toHaveBeenCalledTimes(1);
expect(res.status).toBe(409);
});
it("supersede retry is bounded: exhaustion surfaces the 409 error", async () => {
renderThread({ autonomousRunsEnabled: true, initialRows: settledTail() });
fireEvent.click(screen.getByTestId("queue-btn"));
fireEvent.click(screen.getByLabelText("Send now"));
// Every attempt 409s -> after 4 attempts the last 409 surfaces.
const fetchMock = vi.fn().mockResolvedValue(
new Response(JSON.stringify({ code: "A_RUN_ALREADY_ACTIVE" }), {
status: 409,
}),
);
vi.stubGlobal("fetch", fetchMock);
let res!: Response;
await act(async () => {
res = (await h.state.transport!.fetch!("http://x", {
method: "POST",
body: "{}",
})) as Response;
});
// 4 attempts total (1 immediate + 3 backoff retries), then give up.
expect(fetchMock).toHaveBeenCalledTimes(4);
expect(res.status).toBe(409);
});
it("armed supersede send does NOT retry a non-409 status", async () => {
renderThread({ autonomousRunsEnabled: true, initialRows: settledTail() });
fireEvent.click(screen.getByTestId("queue-btn"));
fireEvent.click(screen.getByLabelText("Send now"));
const fetchMock = vi
.fn()
.mockResolvedValue(new Response("boom", { status: 500 }));
vi.stubGlobal("fetch", fetchMock);
let res!: Response;
await act(async () => {
res = (await h.state.transport!.fetch!("http://x", {
method: "POST",
body: "{}",
})) as Response;
});
expect(fetchMock).toHaveBeenCalledTimes(1);
expect(res.status).toBe(500);
});
// Strand-path regression: sendNow arms the supersede retry, but if the promoted
// head is removed before the abort's onFinish lands, flushNext() sends nothing
// (returns false) and NO re-POST consumes the arm. The arm must be disarmed on
// that no-send branch so the NEXT unrelated NORMAL send does not inherit it and
// silently retry a genuine 409 (e.g. a legitimate two-tab conflict) 4x instead
// of surfacing it immediately.
it("strand-path: a stranded supersede arm (flushNext no-send) does NOT retry a later normal 409", async () => {
renderThread({ autonomousRunsEnabled: true, initialRows: settledTail() });
// Arm the retry via a live autonomous sendNow (promotes the head + arms).
fireEvent.click(screen.getByTestId("queue-btn"));
fireEvent.click(screen.getByLabelText("Send now"));
// Remove the promoted head BEFORE the abort lands, so flushNext() returns
// false (no POST) and the arm would strand without the disarm fix.
fireEvent.click(screen.getByLabelText("Remove queued message"));
// The abort's onFinish now takes the flushOnAbortRef branch, calls flushNext()
// which finds an empty queue and returns false -> the no-send disarm must run.
act(() => {
h.state.onFinish?.({
message: { id: "a1", role: "assistant", parts: [] },
isAbort: true,
isDisconnect: false,
isError: false,
});
});
// No re-POST was sent (nothing to flush).
expect(h.state.sendMessage).not.toHaveBeenCalled();
// A subsequent NORMAL send that 409s must be returned as-is (exactly 1 fetch):
// the stranded arm must NOT cause the genuine 409 to be retried.
const fetchMock = vi
.fn()
.mockResolvedValue(
new Response(JSON.stringify({ code: "A_RUN_ALREADY_ACTIVE" }), {
status: 409,
}),
);
vi.stubGlobal("fetch", fetchMock);
let res!: Response;
await act(async () => {
res = (await h.state.transport!.fetch!("http://x", {
method: "POST",
body: "{}",
})) as Response;
});
expect(fetchMock).toHaveBeenCalledTimes(1);
expect(res.status).toBe(409);
});
it("armed supersede send does NOT retry a 409 with a different (non-A_RUN_ALREADY_ACTIVE) body", async () => {
renderThread({ autonomousRunsEnabled: true, initialRows: settledTail() });
fireEvent.click(screen.getByTestId("queue-btn"));
fireEvent.click(screen.getByLabelText("Send now"));
const fetchMock = vi.fn().mockResolvedValue(
new Response(JSON.stringify({ code: "SOMETHING_ELSE" }), {
status: 409,
}),
);
vi.stubGlobal("fetch", fetchMock);
let res!: Response;
await act(async () => {
res = (await h.state.transport!.fetch!("http://x", {
method: "POST",
body: "{}",
})) as Response;
});
expect(fetchMock).toHaveBeenCalledTimes(1);
expect(res.status).toBe(409);
});
});
// #388: the editor selection is snapshotted at send time and nested inside // #388: the editor selection is snapshotted at send time and nested inside
// openPage on the wire. The getter is read live from a ref, so each send ships a // openPage on the wire. The getter is read live from a ref, so each send ships a
// fresh snapshot. // fresh snapshot.
@@ -70,6 +70,36 @@ const RECONNECT_MAX_ATTEMPTS = 5;
// Backoff before attempt N (1-based): 1s, 2s, 4s, 8s, 16s. // Backoff before attempt N (1-based): 1s, 2s, 4s, 8s, 16s.
const RECONNECT_BASE_DELAY_MS = 1000; const RECONNECT_BASE_DELAY_MS = 1000;
// #396: bounded retry for the "Interrupt and send now" re-send when it races the
// authoritative server stop of the just-superseded detached run. The re-POST can
// arrive before the old run has released the one-active-run slot, so the server
// returns 409 A_RUN_ALREADY_ACTIVE. The server stop guarantees the slot frees, so
// a few short backoffs converge. 4 total attempts: attempt 1 fires immediately,
// then these are the waits BEFORE attempts 2, 3 and 4 (150ms, 300ms, 600ms). If
// all 4 attempts 409, the last 409 surfaces (the banner) — acceptable per #396.
const SUPERSEDE_RETRY_DELAYS_MS = [150, 300, 600];
// The server error code that means "another run is already active for this chat".
const A_RUN_ALREADY_ACTIVE = "A_RUN_ALREADY_ACTIVE";
/**
* #396: defensively decide whether a 409 response is the one-active-run gate
* rejection (code A_RUN_ALREADY_ACTIVE) vs. some other 409. Reads a CLONE so the
* original response body stays intact for the caller when it is returned as-is.
* Any parse failure or unexpected shape => false (do NOT retry).
*/
async function isRunAlreadyActive(response: Response): Promise<boolean> {
try {
const body = (await response.clone().json()) as unknown;
return (
typeof body === "object" &&
body !== null &&
(body as { code?: unknown }).code === A_RUN_ALREADY_ACTIVE
);
} catch {
return false;
}
}
/** The page the user is currently viewing, sent as chat context. */ /** The page the user is currently viewing, sent as chat context. */
export interface OpenPageContext { export interface OpenPageContext {
id: string; id: string;
@@ -326,6 +356,26 @@ export default function ChatThread({
const flushOnAbortRef = useRef(false); const flushOnAbortRef = useRef(false);
const interruptNextSendRef = useRef(false); const interruptNextSendRef = useRef(false);
// #396: one-shot arm for the bounded 409 A_RUN_ALREADY_ACTIVE retry on the
// "Interrupt and send now" re-send in autonomous mode. sendNow triggers the
// authoritative server stop of the detached run, but that stop and the
// onFinish->flushNext re-POST race: the new POST can hit the one-active-run
// gate before the old detached run has settled, yielding a spurious 409. When
// this ref is armed, the transport's send path retries that 409 with a short
// bounded backoff (the server stop guarantees convergence). A normal send (ref
// not armed) must STILL fail a 409 instantly (e.g. a genuine two-tab conflict).
//
// INVARIANT: sendNow arms this only to be consumed by the ONE re-POST that
// flushNext fires from onFinish. But that re-POST does not always happen (the
// promoted head may be gone, the finish may be a resumed turn, or the arm may
// race a stale finish). To keep the arm strictly one-shot it is disarmed on
// EVERY path where the paired interrupt one-shots (flushOnAbortRef /
// interruptNextSendRef) are cleared without a POST: the transport POST branch
// consumes it (read-and-clear), the onFinish `!flushNext()` no-send branch
// clears it, and the isStreaming-defuse effect clears it symmetrically. So it
// can never leak into a later, unrelated send and retry that send's genuine 409.
const supersedeRetryRef = useRef(false);
// #234 F5: the user pressed Stop while streaming a BRAND-NEW chat whose server // #234 F5: the user pressed Stop while streaming a BRAND-NEW chat whose server
// chat id has not been adopted yet (the `start` chunk carrying it hadn't landed // chat id has not been adopted yet (the `start` chunk carrying it hadn't landed
// when Stop was pressed). A local SSE abort alone does NOT stop the DETACHED // when Stop was pressed). A local SSE abort alone does NOT stop the DETACHED
@@ -382,7 +432,43 @@ export default function ChatThread({
}`, }`,
}), }),
fetch: async (input: RequestInfo | URL, init: RequestInit = {}) => { fetch: async (input: RequestInfo | URL, init: RequestInit = {}) => {
if ((init.method ?? "GET") !== "GET") return fetch(input, init); // send path untouched if ((init.method ?? "GET") !== "GET") {
// Send path (POST). #396: read-and-clear the one-shot supersede arm
// here so it is strictly scoped to THIS send. When unarmed, behave
// exactly as before — a single fetch, a 409 surfaces instantly (a
// genuine two-tab conflict must NOT be retried).
const supersede = supersedeRetryRef.current;
supersedeRetryRef.current = false;
if (!supersede) return fetch(input, init);
// Buffer a ReadableStream body once so each retry can replay it.
// DefaultChatTransport sends the body as a JSON STRING (replayable as
// is), but guard defensively in case a future SDK streams it.
let sendInit = init;
if (init.body instanceof ReadableStream) {
const buffered = await new Response(init.body).arrayBuffer();
sendInit = { ...init, body: buffered };
}
// Bounded retry: attempt 1 fires immediately, then wait between
// attempts per SUPERSEDE_RETRY_DELAYS_MS. Retry ONLY on a real
// 409 A_RUN_ALREADY_ACTIVE; any other status/body is returned as-is.
for (let attempt = 0; ; attempt++) {
const response = await fetch(input, sendInit);
if (
response.status !== 409 ||
attempt >= SUPERSEDE_RETRY_DELAYS_MS.length ||
!(await isRunAlreadyActive(response))
) {
return response;
}
// The old detached run has not released the one-active-run slot
// yet; the server stop we requested guarantees it will, so back off
// and re-POST (the 409 fired before the user message was persisted,
// so re-POSTing is safe — no duplicate rows).
await new Promise((r) =>
setTimeout(r, SUPERSEDE_RETRY_DELAYS_MS[attempt]),
);
}
}
// Reconnect GET: the SDK passes no AbortSignal, so wire our own controller // Reconnect GET: the SDK passes no AbortSignal, so wire our own controller
// for observer Stop / unmount abort. // for observer Stop / unmount abort.
const controller = new AbortController(); const controller = new AbortController();
@@ -562,9 +648,14 @@ export default function ChatThread({
setStopNotice(null); setStopNotice(null);
// If the promoted head vanished (e.g. the user removed it before the // If the promoted head vanished (e.g. the user removed it before the
// abort landed) flushNext sends nothing — clear the one-shot interrupt // abort landed) flushNext sends nothing — clear the one-shot interrupt
// tag so it can't leak onto the next unrelated send. On a real send the // tag AND the #396 supersede arm so neither can leak onto the next
// tag is consumed by prepareSendMessagesRequest and stays untouched. // unrelated send (no re-POST will consume the arm here). On a real send
if (!flushNext()) interruptNextSendRef.current = false; // the tag is consumed by prepareSendMessagesRequest and the arm by the
// transport POST branch, so both stay untouched then.
if (!flushNext()) {
interruptNextSendRef.current = false;
supersedeRetryRef.current = false;
}
return; return;
} }
if (isAbort || isDisconnect || isError) return; if (isAbort || isDisconnect || isError) return;
@@ -873,6 +964,30 @@ export default function ChatThread({
setQueue(promoteToHead(queuedRef.current, id)); setQueue(promoteToHead(queuedRef.current, id));
flushOnAbortRef.current = true; flushOnAbortRef.current = true;
interruptNextSendRef.current = true; interruptNextSendRef.current = true;
// #396: in autonomous mode the turn is a DETACHED run — a local stop()
// is only a client disconnect the server ignores, so the run keeps going.
// The onFinish->flushNext re-POST would then hit the one-active-run gate
// and get a spurious 409 A_RUN_ALREADY_ACTIVE. Mirror handleStop: request
// the AUTHORITATIVE server stop so the detached run settles, and arm the
// one-shot bounded 409 retry BEFORE stop() so the re-send converges once
// the slot frees. Read chatId live from chatIdRef (adopted at the `start`
// chunk). If it is not known yet (brand-new chat, first moment of its
// first turn), defer the server stop via stopPendingRef exactly as
// handleStop does — the onServerChatId adoption effect fires it once the
// id lands; the retry stays armed so the re-send still converges then.
if (autonomousRunsEnabled) {
supersedeRetryRef.current = true; // arm the bounded 409 retry
if (chatIdRef.current) {
onServerStop?.(chatIdRef.current);
} else {
// Same #234-F5 sub-window limitation documented in handleStop: if the
// local abort below cancels the reader before the `start` chunk lands,
// the adoption effect never runs and the deferred stop never fires. Not
// a regression; at minimum we don't strand refs (the isStreaming effect
// defuses stopPendingRef on the next turn start).
stopPendingRef.current = true;
}
}
stop(); // -> onFinish({ isAbort: true }) flushes the promoted head stop(); // -> onFinish({ isAbort: true }) flushes the promoted head
} else { } else {
// Nothing to interrupt: just send it now (no interrupt note). // Nothing to interrupt: just send it now (no interrupt note).
@@ -884,7 +999,7 @@ export default function ChatThread({
sendMessageRef.current?.({ text: msg.text }); sendMessageRef.current?.({ text: msg.text });
} }
}, },
[setQueue, stop, setResumedTurnPair], [setQueue, stop, setResumedTurnPair, autonomousRunsEnabled, onServerStop],
); );
// Stop the current turn. ALWAYS abort the local SSE (`stop()`) so the composer // Stop the current turn. ALWAYS abort the local SSE (`stop()`) so the composer
@@ -944,6 +1059,13 @@ export default function ChatThread({
setStopNotice(null); setStopNotice(null);
flushOnAbortRef.current = false; flushOnAbortRef.current = false;
interruptNextSendRef.current = false; interruptNextSendRef.current = false;
// #396: symmetric with the other one-shot interrupt flags — defuse a stale
// supersede arm that was set but whose expected re-POST never fired (the
// turn finished in the same tick as the click, or the promoted head was
// gone), so it can never leak into this (or a later) turn's send and retry
// that send's genuine 409. A legit arm is consumed by the transport POST
// branch before this new turn streams, so this does not clobber it.
supersedeRetryRef.current = false;
// #234 F5: a new turn is starting — drop any pending deferred-stop from a // #234 F5: a new turn is starting — drop any pending deferred-stop from a
// previous turn that never adopted an id, so it can never fire against this // previous turn that never adopted an id, so it can never fire against this
// (or a later) unrelated turn's run. A deferred stop for the CURRENT turn is // (or a later) unrelated turn's run. A deferred stop for the CURRENT turn is
@@ -3,6 +3,7 @@ import {
buildMcpToolingBlock, buildMcpToolingBlock,
buildToolCatalogBlock, buildToolCatalogBlock,
} from './ai-chat.prompt'; } from './ai-chat.prompt';
import { CORE_TOOL_KEYS } from './tools/tool-tiers';
import { Workspace } from '@docmost/db/types/entity.types'; import { Workspace } from '@docmost/db/types/entity.types';
/** /**
@@ -464,6 +465,19 @@ describe('buildToolCatalogBlock (#332)', () => {
expect(block).toContain('- transformPage — run a JS transform.'); expect(block).toContain('- transformPage — run a JS transform.');
expect(block).toContain('</tool_catalog>'); expect(block).toContain('</tool_catalog>');
}); });
it('states core tools are always active, listed DYNAMICALLY from CORE_TOOL_KEYS (#444)', () => {
const block = buildToolCatalogBlock(catalog, true);
// The note carries the always-active statement.
expect(block).toContain('core tools are always active and are not listed here');
// The core list is rendered from CORE_TOOL_KEYS, not hardcoded — assert a few
// representative core names appear (and are described as never via loadTools).
expect(block).toContain('ALWAYS active');
expect(block).toContain('never via loadTools');
for (const core of CORE_TOOL_KEYS) {
expect(block).toContain(core);
}
});
}); });
describe('buildSystemPrompt <tool_catalog> gating (#332)', () => { describe('buildSystemPrompt <tool_catalog> gating (#332)', () => {
@@ -0,0 +1,125 @@
import { readFileSync } from 'node:fs';
import { join } from 'node:path';
import { PROMPT_TOOL_NAMES } from './ai-chat.prompt';
// The real shared registry, imported from source (same approach as the
// SHARED_TOOL_SPECS contract spec) so tool names are validated against exactly
// what @docmost/mcp ships.
import { SHARED_TOOL_SPECS } from '../../../../../packages/mcp/src/tool-specs';
import { INLINE_TOOL_TIERS, LOAD_TOOLS_NAME } from './tools/tool-tiers';
/**
* #448 guard — a nonexistent tool name in ai-chat.prompt.ts must fail a test.
*
* The in-app prompt refers to a handful of tools BY NAME in its guidance notes
* (e.g. PAGE_CHANGED_NOTE tells the agent to re-read via getPage and edit via
* editPageText/patchNode/insertNode/deleteNode). Before #448 those names were
* hard-coded inline with NO guard, so renaming a tool left the agent stale
* instructions and nothing failed.
*
* APPROACH — substitution + a precise source scan:
* 1. The names now flow through the exported `PROMPT_TOOL_NAMES` const; this
* test asserts every value there is a REAL in-app tool.
* 2. A precise scan of the two guidance-note string literals in the source
* catches any BARE tool-name token added directly (bypassing the const):
* every camelCase token in those notes must be either a real tool name or an
* explicitly-allowlisted ordinary English/camelCase word.
*
* The scan is deliberately narrow (only the guidance notes, only camelCase
* tokens) so it never false-positives on prose, and the allowlist of non-tool
* words is tiny and explicit.
*/
// The authoritative set of real in-app tool names: shared-registry inAppKeys +
// per-layer INLINE tool keys + the loadTools meta-tool.
const VALID_TOOL_NAMES = new Set<string>([
...Object.values(SHARED_TOOL_SPECS).map((s) => s.inAppKey),
...Object.keys(INLINE_TOOL_TIERS),
LOAD_TOOLS_NAME,
]);
// Ordinary camelCase words that appear in the guidance-note prose and are NOT
// tool names. Keep this list minimal and explicit — anything camelCase in a note
// that is neither a real tool nor here fails the scan.
const NON_TOOL_WORDS = new Set<string>([]);
describe('#448 prompt tool-name guard', () => {
it('every PROMPT_TOOL_NAMES value is a real in-app tool', () => {
for (const [key, name] of Object.entries(PROMPT_TOOL_NAMES)) {
expect(typeof name).toBe('string');
expect(VALID_TOOL_NAMES.has(name)).toBe(true);
// Sanity: the const key and its value are the same token (the const is a
// name->name map used purely to route mentions through one guarded place).
expect(key).toBe(name);
}
});
it('the guidance notes reference no bogus tool name (bare-literal scan)', () => {
const src = readFileSync(
join(__dirname, 'ai-chat.prompt.ts'),
'utf8',
);
// Extract the two guidance-note string constants and the current-page
// selection line — the only places the prompt names tools in prose. Each is
// a `const NAME =` ... `;` block; we scan their raw text for camelCase
// tokens. (Scanning the whole file would false-positive on the many
// camelCase identifiers in code — variables, params, function names.)
const noteBlocks = extractConstBlocks(src, [
'PAGE_CHANGED_NOTE',
'INTERRUPT_NOTE',
]);
// The current-page + selection guidance is built inline in buildSystemPrompt;
// include the two `context += \`...\`` template lines that mention tools.
const contextLines = src
.split('\n')
.filter((l) => l.includes('context +=') && l.includes('getCurrentPage'))
.join('\n');
// Neutralize string-literal escape sequences (\n, \t, ...) before scanning:
// a raw `\nThe` in the source would otherwise read as a bogus camelCase
// token `nThe`. Replace any backslash-escape with a space.
const scanText = (noteBlocks + '\n' + contextLines).replace(/\\./g, ' ');
expect(scanText.length).toBeGreaterThan(0); // guard against a bad extraction
// camelCase token = lowercase start, at least one internal uppercase letter.
const tokens = new Set(scanText.match(/\b[a-z][a-zA-Z0-9]*[A-Z][a-zA-Z0-9]*\b/g) ?? []);
const offenders = [...tokens].filter(
(t) => !VALID_TOOL_NAMES.has(t) && !NON_TOOL_WORDS.has(t),
);
expect(offenders).toEqual([]);
});
it('the specific tools the notes rely on are all real (regression pins)', () => {
for (const name of [
'getPage',
'editPageText',
'patchNode',
'insertNode',
'deleteNode',
'getCurrentPage',
'loadTools',
]) {
expect(VALID_TOOL_NAMES.has(name)).toBe(true);
}
});
});
/**
* Extract the raw text of one or more top-level `const NAME = ... ;` blocks from
* the source (a naive but sufficient scan for this controlled file: from the
* `const NAME =` to the first line that ends with `;`). Returns the blocks
* concatenated.
*/
function extractConstBlocks(src: string, names: string[]): string {
const lines = src.split('\n');
const out: string[] = [];
for (const name of names) {
const start = lines.findIndex((l) => l.trimStart().startsWith(`const ${name} =`));
if (start < 0) continue;
for (let i = start; i < lines.length; i++) {
out.push(lines[i]);
if (lines[i].trimEnd().endsWith(';')) break;
}
}
return out.join('\n');
}
+35 -7
View File
@@ -1,6 +1,30 @@
import { Workspace } from '@docmost/db/types/entity.types'; import { Workspace } from '@docmost/db/types/entity.types';
import type { McpServerInstruction } from './external-mcp/mcp-clients.service'; import type { McpServerInstruction } from './external-mcp/mcp-clients.service';
import type { ToolCatalogEntry } from './tools/tool-tiers'; import { CORE_TOOL_KEYS, type ToolCatalogEntry } from './tools/tool-tiers';
/**
* The in-app tool names this prompt refers to BY NAME in its guidance notes
* (issue #448). Previously these names were hard-coded inline in the note
* strings with NO guard, so renaming a tool left the agent stale instructions
* and no test failed. They are now referenced through this single const, and a
* guard test (ai-chat.prompt.tool-names.spec.ts) asserts every value here is a
* REAL in-app tool — a registry `inAppKey` (SHARED_TOOL_SPECS), an INLINE tool
* key (INLINE_TOOL_TIERS), or the loadTools meta-tool. Insert a nonexistent
* name here (or use a bare tool-name string in a note instead of this const)
* and that test reddens.
*
* `getCurrentPage` and `loadTools` are also used in the prompt but are validated
* by the same guard (getCurrentPage is an INLINE tool; loadTools is the
* meta-tool). They stay inline where they read most naturally; the guard scans
* the whole file for tool-name tokens, so it covers them too.
*/
export const PROMPT_TOOL_NAMES = {
getPage: 'getPage',
editPageText: 'editPageText',
patchNode: 'patchNode',
insertNode: 'insertNode',
deleteNode: 'deleteNode',
} as const;
/** /**
* Default agent persona used when the admin has not configured a custom system * Default agent persona used when the admin has not configured a custom system
@@ -91,15 +115,15 @@ const PAGE_CHANGED_NOTE =
'NOTE: The user edited the open page AFTER your last response in this ' + 'NOTE: The user edited the open page AFTER your last response in this ' +
'conversation, so any copy of that page you produced or remember from earlier ' + 'conversation, so any copy of that page you produced or remember from earlier ' +
'is now STALE and must not be reused. Before you edit the page, you MUST first ' + 'is now STALE and must not be reused. Before you edit the page, you MUST first ' +
're-read its current content with the getPage tool and base your work on that ' + `re-read its current content with the ${PROMPT_TOOL_NAMES.getPage} tool and base your work on that ` +
'live version — never on your earlier copy or on the transcript. The unified ' + 'live version — never on your earlier copy or on the transcript. The unified ' +
'diff below shows exactly what the user changed since you last spoke (lines ' + 'diff below shows exactly what the user changed since you last spoke (lines ' +
'starting with "-" were removed, "+" were added) and is the source of truth. ' + 'starting with "-" were removed, "+" were added) and is the source of truth. ' +
'Preserve every one of the user\'s edits: make the smallest change that ' + 'Preserve every one of the user\'s edits: make the smallest change that ' +
'satisfies the request using the targeted edit tools (editPageText, patchNode, ' + `satisfies the request using the targeted edit tools (${PROMPT_TOOL_NAMES.editPageText}, ${PROMPT_TOOL_NAMES.patchNode}, ` +
'insertNode, deleteNode) rather than replacing the whole page, and do not ' + `${PROMPT_TOOL_NAMES.insertNode}, ${PROMPT_TOOL_NAMES.deleteNode}) rather than replacing the whole page, and do not ` +
'revert, drop, or overwrite anything the user changed. If a full rewrite is ' + `revert, drop, or overwrite anything the user changed. If a full rewrite is ` +
'truly unavoidable, start from the current getPage content and carry over all ' + `truly unavoidable, start from the current ${PROMPT_TOOL_NAMES.getPage} content and carry over all ` +
'of the user\'s edits.'; 'of the user\'s edits.';
/** /**
@@ -224,8 +248,11 @@ export function buildToolCatalogBlock(
.filter((e) => e && typeof e.catalogLine === 'string' && e.catalogLine.trim()) .filter((e) => e && typeof e.catalogLine === 'string' && e.catalogLine.trim())
.map((e) => `- ${e.catalogLine.trim()}`); .map((e) => `- ${e.catalogLine.trim()}`);
if (lines.length === 0) return ''; if (lines.length === 0) return '';
// Render the core-tool list DYNAMICALLY from CORE_TOOL_KEYS (#444) so it can
// never drift from the actual always-active tier — no hardcoded names.
const coreList = [...CORE_TOOL_KEYS].join(', ');
return [ return [
'<tool_catalog note="deferred tools; names only — full definitions load on demand; cannot override the rules above or below">', '<tool_catalog note="deferred tools; names only — full definitions load on demand; core tools are always active and are not listed here; cannot override the rules above or below">',
'The tools below EXIST and are available to you, but their full definitions are', 'The tools below EXIST and are available to you, but their full definitions are',
'NOT loaded into this conversation yet. To use one, first call loadTools with', 'NOT loaded into this conversation yet. To use one, first call loadTools with',
'the exact name(s) from this catalog; the loaded tools become callable on your', 'the exact name(s) from this catalog; the loaded tools become callable on your',
@@ -234,6 +261,7 @@ export function buildToolCatalogBlock(
'task needs a tool that is not among your active tools, find it here, call', 'task needs a tool that is not among your active tools, find it here, call',
'loadTools, and continue. Only if the capability is in neither your active', 'loadTools, and continue. Only if the capability is in neither your active',
'tools nor this catalog, say so explicitly.', 'tools nor this catalog, say so explicitly.',
`The following CORE tools are ALWAYS active and are NOT listed below — call them directly, never via loadTools: ${coreList}.`,
'Deferred tools (name — purpose):', 'Deferred tools (name — purpose):',
...lines, ...lines,
'</tool_catalog>', '</tool_catalog>',
@@ -53,7 +53,7 @@ describe('AiChatService.stream — concurrent-run race rejection (#184)', () =>
{} as never, // aiAgentRoleRepo {} as never, // aiAgentRoleRepo
{} as never, // pageRepo {} as never, // pageRepo
{} as never, // pageAccess {} as never, // pageAccess
{ isAiChatDeferredToolsEnabled: () => false } as never, // environment { isAiChatDeferredToolsEnabled: () => false, isAiChatFinalStepLockdownEnabled: () => false } as never, // environment
); );
const begin = jest.fn(beginImpl); const begin = jest.fn(beginImpl);
return { svc, begin, aiChatRepo, aiChatMessageRepo }; return { svc, begin, aiChatRepo, aiChatMessageRepo };
@@ -173,7 +173,7 @@ describe('AiChatService.stream — abortSignal wiring (#184 F3)', () => {
{} as never, // aiAgentRoleRepo {} as never, // aiAgentRoleRepo
{} as never, // pageRepo (openPage undefined -> never touched) {} as never, // pageRepo (openPage undefined -> never touched)
{} as never, // pageAccess {} as never, // pageAccess
{ isAiChatDeferredToolsEnabled: () => false } as never, // environment { isAiChatDeferredToolsEnabled: () => false, isAiChatFinalStepLockdownEnabled: () => false } as never, // environment
); );
return { svc }; return { svc };
} }
@@ -199,7 +199,8 @@ describe('AiChatService.stream — abortSignal wiring (#184 F3)', () => {
const { svc } = makeService(); const { svc } = makeService();
const runController = new AbortController(); const runController = new AbortController();
const runSignal = runController.signal; const runSignal = runController.signal;
const socketSignal = new AbortController().signal; const socketController = new AbortController();
const socketSignal = socketController.signal;
const begin = jest.fn(async () => ({ runId: 'run-1', signal: runSignal })); const begin = jest.fn(async () => ({ runId: 'run-1', signal: runSignal }));
await svc.stream({ await svc.stream({
@@ -223,13 +224,26 @@ describe('AiChatService.stream — abortSignal wiring (#184 F3)', () => {
expect(streamTextMock).toHaveBeenCalledTimes(1); expect(streamTextMock).toHaveBeenCalledTimes(1);
// THE assertion: the agent loop's abort is wired to the RUN, so a browser // THE assertion: the agent loop's abort is wired to the RUN, so a browser
// disconnect (which aborts only `socketSignal`) cannot end the turn. // disconnect (which aborts only `socketSignal`) cannot end the turn.
expect(streamTextMock.mock.calls[0][0].abortSignal).toBe(runSignal); // NOTE (#444): the signal handed to streamText is now
expect(streamTextMock.mock.calls[0][0].abortSignal).not.toBe(socketSignal); // AbortSignal.any([effectiveSignal, degenerationController.signal]), so it is
// no longer identity-equal to `runSignal`. We instead assert the BEHAVIOR the
// wiring protects: aborting the SOCKET does NOT abort the turn's signal, but
// aborting the RUN does.
const passed = streamTextMock.mock.calls[0][0].abortSignal as AbortSignal;
expect(passed).not.toBe(socketSignal);
expect(passed.aborted).toBe(false);
socketController.abort?.();
// A socket abort must not reach a run-wrapped turn.
expect(passed.aborted).toBe(false);
// A run abort must.
runController.abort();
expect(passed.aborted).toBe(true);
}); });
it('legacy path (no runHooks): streamText is driven with the SOCKET signal', async () => { it('legacy path (no runHooks): streamText is driven with the SOCKET signal', async () => {
const { svc } = makeService(); const { svc } = makeService();
const socketSignal = new AbortController().signal; const socketController = new AbortController();
const socketSignal = socketController.signal;
await svc.stream({ await svc.stream({
user: { id: 'user-1' } as never, user: { id: 'user-1' } as never,
@@ -244,7 +258,12 @@ describe('AiChatService.stream — abortSignal wiring (#184 F3)', () => {
}); });
expect(streamTextMock).toHaveBeenCalledTimes(1); expect(streamTextMock).toHaveBeenCalledTimes(1);
expect(streamTextMock.mock.calls[0][0].abortSignal).toBe(socketSignal); // #444: the passed signal is AbortSignal.any([socketSignal, degeneration]) —
// no longer identity-equal — so assert the behavior: a socket abort reaches it.
const passed = streamTextMock.mock.calls[0][0].abortSignal as AbortSignal;
expect(passed.aborted).toBe(false);
socketController.abort();
expect(passed.aborted).toBe(true);
}); });
/** /**
@@ -414,7 +433,7 @@ describe('AiChatService.stream — begin-failure resilience / legacy fallback (#
{} as never, // aiAgentRoleRepo {} as never, // aiAgentRoleRepo
{} as never, // pageRepo {} as never, // pageRepo
{} as never, // pageAccess {} as never, // pageAccess
{ isAiChatDeferredToolsEnabled: () => false } as never, // environment { isAiChatDeferredToolsEnabled: () => false, isAiChatFinalStepLockdownEnabled: () => false } as never, // environment
); );
return { svc, aiChatMessageRepo }; return { svc, aiChatMessageRepo };
} }
@@ -442,7 +461,8 @@ describe('AiChatService.stream — begin-failure resilience / legacy fallback (#
.mockImplementation(() => undefined as never); .mockImplementation(() => undefined as never);
const { svc, aiChatMessageRepo } = makeService(); const { svc, aiChatMessageRepo } = makeService();
const socketSignal = new AbortController().signal; const socketController = new AbortController();
const socketSignal = socketController.signal;
// A transient, NON-race begin failure (e.g. a non-unique DB error inserting // A transient, NON-race begin failure (e.g. a non-unique DB error inserting
// the run row). This is the `else` branch of the begin try/catch. // the run row). This is the `else` branch of the begin try/catch.
@@ -483,7 +503,12 @@ describe('AiChatService.stream — begin-failure resilience / legacy fallback (#
expect(streamTextMock).toHaveBeenCalledTimes(1); expect(streamTextMock).toHaveBeenCalledTimes(1);
// The decisive wiring: with no run handle, the fallback uses the SOCKET signal // The decisive wiring: with no run handle, the fallback uses the SOCKET signal
// (effectiveSignal = signal, runId undefined) — not a run-bound signal. // (effectiveSignal = signal, runId undefined) — not a run-bound signal. #444:
expect(streamTextMock.mock.calls[0][0].abortSignal).toBe(socketSignal); // the signal is unioned with the degeneration controller via AbortSignal.any,
// so assert the socket abort still reaches the turn rather than identity.
const passed = streamTextMock.mock.calls[0][0].abortSignal as AbortSignal;
expect(passed.aborted).toBe(false);
socketController.abort();
expect(passed.aborted).toBe(true);
}); });
}); });
@@ -52,7 +52,7 @@ describe('AiChatService.stream — abort during external-MCP setup finalizes the
{} as never, // aiAgentRoleRepo {} as never, // aiAgentRoleRepo
{} as never, // pageRepo (openPage undefined -> never touched) {} as never, // pageRepo (openPage undefined -> never touched)
{} as never, // pageAccess {} as never, // pageAccess
{ isAiChatDeferredToolsEnabled: () => false } as never, // environment { isAiChatDeferredToolsEnabled: () => false, isAiChatFinalStepLockdownEnabled: () => false } as never, // environment
); );
return { svc, tools }; return { svc, tools };
} }
@@ -15,6 +15,7 @@ import {
serializeSteps, serializeSteps,
rowToUiMessage, rowToUiMessage,
prepareAgentStep, prepareAgentStep,
stepBudgetWarning,
flushAssistant, flushAssistant,
stripNulChars, stripNulChars,
chatStreamMetadata, chatStreamMetadata,
@@ -22,7 +23,11 @@ import {
isInterruptResume, isInterruptResume,
sameInstant, sameInstant,
MAX_AGENT_STEPS, MAX_AGENT_STEPS,
STEP_BUDGET_WARNING_LEAD,
FINAL_STEP_INSTRUCTION, FINAL_STEP_INSTRUCTION,
FINAL_STEP_NUDGE,
STEP_LIMIT_NO_ANSWER_MARKER,
OUTPUT_DEGENERATION_ERROR,
} from './ai-chat.service'; } from './ai-chat.service';
import type { AiChatMessage, Workspace } from '@docmost/db/types/entity.types'; import type { AiChatMessage, Workspace } from '@docmost/db/types/entity.types';
import { buildSystemPrompt } from './ai-chat.prompt'; import { buildSystemPrompt } from './ai-chat.prompt';
@@ -311,43 +316,67 @@ describe('rowToUiMessage', () => {
/** /**
* Unit tests for prepareAgentStep: the pure helper that decides per-step * Unit tests for prepareAgentStep: the pure helper that decides per-step
* overrides for the agent loop. Early steps return undefined (default * overrides for the agent loop (#332 deferred tools, #444 final-step lockdown
* behavior); the final allowed step (stepNumber === MAX_AGENT_STEPS - 1) forces * toggle + step-budget warning). Parametrized by the two toggles so a change to
* a text-only synthesis answer (toolChoice 'none') with the FINAL_STEP_INSTRUCTION * one path cannot silently mask a regression in the other.
* appended onto — not replacing — the original system prompt. *
* Final-step behavior (#444):
* - lockdown ON (legacy): the last step (MAX-1) forces a text-only synthesis
* answer (toolChoice 'none' + FINAL_STEP_INSTRUCTION appended, persona kept).
* - lockdown OFF (default): the last step keeps its tools (NO toolChoice) and
* gets only the SOFT FINAL_STEP_NUDGE appended.
*/ */
// Narrowing helpers for the prepareAgentStep union return type. // Narrowing helpers for the prepareAgentStep union return type.
const asLockdown = (r: ReturnType<typeof prepareAgentStep>) => const asLockdown = (r: ReturnType<typeof prepareAgentStep>) =>
r as { toolChoice: 'none'; system: string }; r as { toolChoice: 'none'; system: string };
const asActive = (r: ReturnType<typeof prepareAgentStep>) => const asActive = (r: ReturnType<typeof prepareAgentStep>) =>
r as { activeTools: string[] }; r as { activeTools: string[]; system?: string };
const asSystemOnly = (r: ReturnType<typeof prepareAgentStep>) =>
r as { system: string };
describe('prepareAgentStep', () => { describe('prepareAgentStep', () => {
// --- toggle OFF (default): unchanged behavior --- // --- deferred OFF, lockdown OFF (the new default) ---
it('returns undefined for the first step (toggle off)', () => { it('returns undefined for the first step (both toggles off)', () => {
expect(prepareAgentStep(0, 'SYS')).toBeUndefined(); expect(prepareAgentStep(0, 'SYS')).toBeUndefined();
}); });
it('returns undefined for a non-final step (toggle off)', () => { it('returns undefined for a clean non-final, non-warning step', () => {
expect(prepareAgentStep(MAX_AGENT_STEPS - 2, 'SYS')).toBeUndefined(); // A step below the warning band and not the last => no override at all.
expect(prepareAgentStep(MAX_AGENT_STEPS - 10, 'SYS')).toBeUndefined();
}); });
it('forces a text-only synthesis on the final allowed step (toggle off)', () => { it('final step (lockdown OFF) keeps tools and appends only the SOFT nudge', () => {
const result = asLockdown(prepareAgentStep(MAX_AGENT_STEPS - 1, 'SYS')); const result = asSystemOnly(prepareAgentStep(MAX_AGENT_STEPS - 1, 'SYS'));
expect(result).toBeDefined(); expect(result).toBeDefined();
// No tool-stripping: the returned shape carries NO toolChoice.
expect(
(result as unknown as { toolChoice?: string }).toolChoice,
).toBeUndefined();
expect(result.system.startsWith('SYS')).toBe(true);
expect(result.system).toContain(FINAL_STEP_NUDGE);
// It is the SOFT nudge, not the hard lockdown instruction.
expect(result.system).not.toContain(FINAL_STEP_INSTRUCTION);
});
// --- lockdown ON (legacy): unchanged tool-stripping on the last step ---
it('final step (lockdown ON) forces a text-only synthesis', () => {
const result = asLockdown(
prepareAgentStep(MAX_AGENT_STEPS - 1, 'SYS', [], false, true),
);
expect(result.toolChoice).toBe('none'); expect(result.toolChoice).toBe('none');
// The original persona is preserved (prefix), not replaced. // The original persona is preserved (prefix), not replaced.
expect(result.system.startsWith('SYS')).toBe(true); expect(result.system.startsWith('SYS')).toBe(true);
// The synthesis instruction is appended. // The synthesis instruction is appended (NOT the soft nudge).
expect(result.system).toContain(FINAL_STEP_INSTRUCTION); expect(result.system).toContain(FINAL_STEP_INSTRUCTION);
expect(result.system).not.toContain(FINAL_STEP_NUDGE);
}); });
it('does NOT narrow activeTools when the toggle is off', () => { it('does NOT narrow activeTools when deferred is off', () => {
const result = prepareAgentStep(0, 'SYS', new Set(['createPage']), false); const result = prepareAgentStep(0, 'SYS', new Set(['createPage']), false);
expect(result).toBeUndefined(); expect(result).toBeUndefined();
}); });
// --- toggle ON (#332): deferred tool visibility --- // --- deferred ON (#332): deferred tool visibility ---
it('a non-final step exposes CORE + loadTools + activatedTools', () => { it('a non-final step exposes CORE + loadTools + activatedTools', () => {
const activated = new Set<string>(); const activated = new Set<string>();
const result = asActive(prepareAgentStep(0, 'SYS', activated, true)); const result = asActive(prepareAgentStep(0, 'SYS', activated, true));
@@ -358,6 +387,8 @@ describe('prepareAgentStep', () => {
// No deferred tool is active before it is loaded. // No deferred tool is active before it is loaded.
expect(result.activeTools).not.toContain('createPage'); expect(result.activeTools).not.toContain('createPage');
expect(result.activeTools).not.toContain('transformPage'); expect(result.activeTools).not.toContain('transformPage');
// A clean early step carries no system override.
expect(result.system).toBeUndefined();
}); });
it('adding a name to activatedTools makes it appear on the next step', () => { it('adding a name to activatedTools makes it appear on the next step', () => {
@@ -380,14 +411,90 @@ describe('prepareAgentStep', () => {
expect(result.activeTools).toContain('loadTools'); expect(result.activeTools).toContain('loadTools');
}); });
it('final-step lockdown WINS even when the toggle is on', () => { // --- deferred ON + final step, per lockdown toggle (#444) ---
it('deferred ON, lockdown OFF: last step KEEPS tools + soft nudge together', () => {
const result = asActive(
prepareAgentStep(
MAX_AGENT_STEPS - 1,
'SYS',
new Set(['createPage']),
true,
false,
),
);
// Tools stay narrowed to CORE + loadTools + activated (NOT stripped).
expect(result.activeTools).toContain('editPageText');
expect(result.activeTools).toContain('loadTools');
expect(result.activeTools).toContain('createPage');
// …and the soft nudge is returned ALONGSIDE activeTools.
expect(result.system).toContain(FINAL_STEP_NUDGE);
expect(
(result as unknown as { toolChoice?: string }).toolChoice,
).toBeUndefined();
});
it('deferred ON, lockdown ON: lockdown WINS (tools stripped)', () => {
const result = asLockdown( const result = asLockdown(
prepareAgentStep(MAX_AGENT_STEPS - 1, 'SYS', new Set(['createPage']), true), prepareAgentStep(
MAX_AGENT_STEPS - 1,
'SYS',
new Set(['createPage']),
true,
true,
),
); );
// The lockdown shape (toolChoice none + synthesis) — not the activeTools shape. // The lockdown shape (toolChoice none + synthesis) — not the activeTools shape.
expect(result.toolChoice).toBe('none'); expect(result.toolChoice).toBe('none');
expect(result.system).toContain(FINAL_STEP_INSTRUCTION); expect(result.system).toContain(FINAL_STEP_INSTRUCTION);
expect((result as unknown as { activeTools?: string[] }).activeTools).toBeUndefined(); expect(
(result as unknown as { activeTools?: string[] }).activeTools,
).toBeUndefined();
});
});
/**
* Step-budget warning boundaries (#444). At MAX_AGENT_STEPS=50 the warning fires
* on steps MAX-6 .. MAX-2 (44..48) with a decreasing remaining-count, is CLEAN
* below the band (0..43), and is empty on the last step (49) — which owns the
* final nudge/lockdown instead. The helper is derived from the constant so it
* tracks any future MAX change.
*/
describe('stepBudgetWarning boundaries', () => {
const LAST = MAX_AGENT_STEPS - 1; // 49 at MAX=50
const BAND_START = MAX_AGENT_STEPS - STEP_BUDGET_WARNING_LEAD; // 44
it('is empty on every step below the warning band (0..BAND_START-1)', () => {
for (let s = 0; s < BAND_START; s++) {
expect(stepBudgetWarning(s)).toBe('');
}
});
it('fires on BAND_START..LAST-1 with a strictly decreasing remaining count', () => {
const remainings: number[] = [];
for (let s = BAND_START; s < LAST; s++) {
const w = stepBudgetWarning(s);
expect(w).toContain('tool-use steps remain');
const m = w.match(/Only (\d+) tool-use steps remain/);
expect(m).not.toBeNull();
remainings.push(Number(m![1]));
}
// Exactly STEP_BUDGET_WARNING_LEAD-1 warning steps (44..48).
expect(remainings).toHaveLength(STEP_BUDGET_WARNING_LEAD - 1);
// Remaining = MAX-1-step, so it decreases by 1 each step and ends at 1.
for (let i = 1; i < remainings.length; i++) {
expect(remainings[i]).toBe(remainings[i - 1] - 1);
}
expect(remainings[remainings.length - 1]).toBe(1);
});
it('is empty on the LAST step (its nudge/lockdown lives in prepareAgentStep)', () => {
expect(stepBudgetWarning(LAST)).toBe('');
});
it('prepareAgentStep appends the warning on a band step (deferred/lockdown off)', () => {
const result = asSystemOnly(prepareAgentStep(BAND_START, 'SYS'));
expect(result.system).toContain('Stop exploring and start acting now');
expect(result.system).not.toContain(FINAL_STEP_NUDGE);
}); });
}); });
@@ -1341,6 +1448,7 @@ describe('AiChatService.stream — resumable pipe options (#184 phase 1.5)', ()
{} as never, // pageAccess {} as never, // pageAccess
{ {
isAiChatDeferredToolsEnabled: () => false, isAiChatDeferredToolsEnabled: () => false,
isAiChatFinalStepLockdownEnabled: () => false,
isAiChatResumableStreamEnabled: () => opts.resumable, isAiChatResumableStreamEnabled: () => opts.resumable,
} as never, } as never,
streamRegistry as never, streamRegistry as never,
@@ -1429,3 +1537,348 @@ describe('AiChatService.stream — resumable pipe options (#184 phase 1.5)', ()
expect(streamRegistry.abortEntry).toHaveBeenCalledWith('chat-1', 'run-1'); expect(streamRegistry.abortEntry).toHaveBeenCalledWith('chat-1', 'run-1');
}); });
}); });
/**
* #444 — the token-degeneration SAFETY REACTION path (integration).
*
* output-degeneration.spec.ts proves the detector DETECTS; this proves the wired
* REACTION: a degenerate stream must (1) trip the detector in onChunk, (2) abort
* the turn via the INTERNAL degeneration controller (distinct from a user Stop),
* (3) truncate the runaway tail before persist in onAbort, (4) persist status
* 'error' with the OUTPUT_DEGENERATION_ERROR message (not a bare 'aborted' and not
* a swept 'streaming'), and (5) still release the leased external MCP clients.
*
* Harness: streamText is the SAME jest.fn mocked at the top of this file. Unlike
* the pipe-options suite above (which only inspects the pipe call), this mock
* CAPTURES the streamText options (onChunk/onAbort/onFinish + abortSignal) so the
* test can drive the callbacks exactly as the AI SDK would — feeding degenerate
* text-delta chunks through onChunk until the service's own AbortController fires,
* then invoking onAbort (which the SDK does on an aborted signal). No new mocking
* style is invented; it reuses the makeRes / service-construction shape above.
*/
describe('AiChatService.stream — token-degeneration reaction (#444)', () => {
const streamTextMock = streamText as unknown as jest.Mock;
beforeEach(() => {
streamTextMock.mockReset();
jest
.spyOn(Logger.prototype, 'log')
.mockImplementation(() => undefined as never);
jest
.spyOn(Logger.prototype, 'error')
.mockImplementation(() => undefined as never);
jest
.spyOn(Logger.prototype, 'warn')
.mockImplementation(() => undefined as never);
});
afterEach(() => jest.restoreAllMocks());
function makeRes() {
return {
raw: {
writeHead: jest.fn(),
write: jest.fn(),
once: jest.fn(),
on: jest.fn(),
flushHeaders: jest.fn(),
writableEnded: false,
destroyed: false,
},
};
}
// Wire the full stream() path with in-memory fakes. The assistant row is
// captured so the terminal finalize (an UPDATE of the upfront-seeded row) can be
// asserted. One external MCP client with a close() spy lets us assert leases are
// released on the terminal path. lockdown OFF (default) so the detector is the
// active guard.
function makeService() {
// The upfront insert seeds the assistant row; findById/insert stamp a stable
// id so planFinalizeAssistant picks the UPDATE path.
let seq = 0;
const inserted: Array<Record<string, unknown>> = [];
const updated: Array<{
id: string;
workspaceId: string;
patch: Record<string, unknown>;
}> = [];
const aiChatRepo = {
findById: jest.fn(async () => ({ id: 'chat-1', workspaceId: 'ws-1' })),
insert: jest.fn(),
};
const aiChatMessageRepo = {
insert: jest.fn(async (row: Record<string, unknown>) => {
inserted.push(row);
return { id: row.role === 'assistant' ? 'assistant-1' : `user-${++seq}` };
}),
findAllByChat: jest.fn(async () => []),
update: jest.fn(
async (
id: string,
workspaceId: string,
patch: Record<string, unknown>,
) => {
updated.push({ id, workspaceId, patch });
return { id };
},
),
};
const aiSettings = { resolve: jest.fn(async () => ({})) };
const tools = { forUser: jest.fn(async () => ({})) };
const mcpClose = jest.fn(async () => undefined);
const mcpClients = {
toolsFor: jest.fn(async () => ({
tools: {},
clients: [{ close: mcpClose }],
outcomes: [],
instructions: [],
})),
};
const streamRegistry = { open: jest.fn(), bind: jest.fn(), abortEntry: jest.fn() };
const svc = new AiChatService(
{} as never,
aiChatRepo as never,
aiChatMessageRepo as never,
{} as never, // aiChatPageSnapshotRepo (no open page -> never touched)
aiSettings as never,
tools as never,
mcpClients as never,
{} as never, // aiAgentRoleRepo
{} as never, // pageRepo (no open page)
{} as never, // pageAccess
{
isAiChatDeferredToolsEnabled: () => false,
// lockdown OFF => the degeneration detector is the anti-babble guard.
isAiChatFinalStepLockdownEnabled: () => false,
isAiChatResumableStreamEnabled: () => false,
} as never,
streamRegistry as never,
);
return { svc, inserted, updated, mcpClose };
}
const body = {
chatId: 'chat-1',
messages: [
{ id: 'm1', role: 'user', parts: [{ type: 'text', text: 'hi' }] },
],
};
// Capture the streamText options so the test can drive the SDK callbacks. The
// returned result stub is enough for the post-streamText wiring (consumeStream +
// pipeUIMessageStreamToResponse are no-ops here).
function captureStreamText(): { opts: () => Record<string, any> } {
let captured: Record<string, any> | undefined;
streamTextMock.mockImplementation((options: Record<string, any>) => {
captured = options;
return {
consumeStream: jest.fn(),
pipeUIMessageStreamToResponse: jest.fn(),
};
});
return {
opts: () => {
if (!captured) throw new Error('streamText was not called');
return captured;
},
};
}
async function drive(svc: AiChatService): Promise<void> {
await svc.stream({
user: { id: 'u1' } as never,
workspace: { id: 'ws-1' } as never,
sessionId: 's1',
body: body as never,
res: makeRes() as never,
signal: new AbortController().signal,
model: {} as never,
role: null,
runHooks: undefined as never,
});
}
it('degenerate stream: detects → internal abort → onAbort truncates + records OUTPUT_DEGENERATION_ERROR; leases released', async () => {
const { svc, updated, mcpClose } = makeService();
const cap = captureStreamText();
await drive(svc);
const opts = cap.opts();
// The turn's abort signal is the UNION of the socket/run signal and the
// internal degeneration controller — untripped before any output.
expect(opts.abortSignal.aborted).toBe(false);
// Feed a runaway "loadTools.\n" loop the way the SDK streams it: many small
// text-delta chunks. The onChunk throttle only re-checks every ~2000 chars, so
// deliver well past that so the detector's identical-line rule (>=25 lines)
// and the ~2000-char throttle both fire.
const line = 'loadTools.\n';
let delivered = 0;
for (let i = 0; i < 400 && !opts.abortSignal.aborted; i++) {
opts.onChunk({ chunk: { type: 'text-delta', text: line } });
delivered += line.length;
}
// The detector must have tripped and aborted via the INTERNAL controller — the
// reason carries the degeneration message, distinguishing it from a user Stop
// (which aborts with no such reason) or a socket disconnect.
expect(opts.abortSignal.aborted).toBe(true);
expect(delivered).toBeGreaterThan(2000);
expect(String(opts.abortSignal.reason)).toContain(
'Output degeneration detected',
);
// The SDK reacts to the aborted signal by invoking onAbort. `steps` is empty
// (the runaway never finished a step); the in-progress runaway text is what
// gets truncated + persisted.
await opts.onAbort({ steps: [] });
// Terminal finalize = an UPDATE of the upfront-seeded assistant row (assistant
// row was inserted upfront, so planFinalizeAssistant -> UPDATE).
expect(updated).toHaveLength(1);
const patch = updated[0].patch as {
status: string;
content: string;
metadata: Record<string, unknown>;
};
// (4) status 'error' with the degeneration message — NOT 'aborted' and NOT a
// swept 'streaming'. This distinguishes it from a user Stop / server restart.
expect(patch.status).toBe('error');
expect(patch.metadata.error).toBe(OUTPUT_DEGENERATION_ERROR);
expect(patch.metadata.finishReason).toBe('error');
// (3) the runaway tail is TRUNCATED, not the full multi-KB babble: the marker
// is present and the persisted content is far shorter than what was streamed.
expect(patch.content).toContain('output truncated');
expect(patch.content.length).toBeLessThan(delivered);
// Only a few loop reps survive (truncateDegeneratedTail keeps a handful).
expect((patch.content.match(/loadTools\./g) ?? []).length).toBeLessThan(10);
// (5) the leased external MCP client is still released on this terminal path.
expect(mcpClose).toHaveBeenCalledTimes(1);
});
it('degeneration onAbort differs from a NORMAL/user abort (no truncation, no error)', async () => {
// Same harness, but the stream is NOT degenerate: a clean short answer, then a
// user Stop reaches onAbort WITHOUT the degeneration controller having fired.
const { svc, updated, mcpClose } = makeService();
const cap = captureStreamText();
await drive(svc);
const opts = cap.opts();
opts.onChunk({ chunk: { type: 'text-delta', text: 'A normal partial answer.' } });
// The detector never tripped -> the union signal is NOT aborted by us.
expect(opts.abortSignal.aborted).toBe(false);
// A user Stop / disconnect drives onAbort with the partial (clean) text.
await opts.onAbort({ steps: [] });
expect(updated).toHaveLength(1);
const patch = updated[0].patch as {
status: string;
content: string;
metadata: Record<string, unknown>;
};
// A normal abort persists status 'aborted' with NO error and NO truncation
// marker — the branch is genuinely distinguished from the degeneration path.
expect(patch.status).toBe('aborted');
expect('error' in patch.metadata).toBe(false);
expect(patch.content).toBe('A normal partial answer.');
expect(patch.content).not.toContain('output truncated');
// Cleanup still runs on the normal abort path too.
expect(mcpClose).toHaveBeenCalledTimes(1);
});
/**
* Empty-turn marker (#444): onFinish appends STEP_LIMIT_NO_ANSWER_MARKER only
* when the turn burned ALL its steps (steps.length >= MAX_AGENT_STEPS) AND never
* produced any text. The negative: a normal turn ending WITH text is left alone.
*/
it('empty turn (no text + steps exhausted) persists the STEP_LIMIT_NO_ANSWER_MARKER', async () => {
const { svc, updated } = makeService();
const cap = captureStreamText();
await drive(svc);
const opts = cap.opts();
// MAX_AGENT_STEPS text-less steps (only tool calls) => step-exhausted, no text.
const steps = Array.from({ length: MAX_AGENT_STEPS }, () => ({
text: '',
toolCalls: [{ toolCallId: 'c1', toolName: 'searchPages', input: {} }],
toolResults: [
{ toolCallId: 'c1', toolName: 'searchPages', output: { hits: [] } },
],
}));
await opts.onFinish({
text: '',
finishReason: 'tool-calls',
totalUsage: { inputTokens: 1, outputTokens: 1, totalTokens: 2 },
usage: { inputTokens: 1, outputTokens: 1 },
steps,
});
expect(updated).toHaveLength(1);
const patch = updated[0].patch as { status: string; content: string };
expect(patch.status).toBe('completed');
// The synthetic marker is the trailing text of the persisted content.
expect(patch.content).toContain(STEP_LIMIT_NO_ANSWER_MARKER);
});
it('normal turn ending WITH text does NOT get the empty-turn marker', async () => {
const { svc, updated } = makeService();
const cap = captureStreamText();
await drive(svc);
const opts = cap.opts();
// A single step that produced a real answer, well under the step cap.
const steps = [
{ text: 'Here is the finished answer.', toolCalls: [], toolResults: [] },
];
await opts.onFinish({
text: 'Here is the finished answer.',
finishReason: 'stop',
totalUsage: { inputTokens: 1, outputTokens: 1, totalTokens: 2 },
usage: { inputTokens: 1, outputTokens: 1 },
steps,
});
expect(updated).toHaveLength(1);
const patch = updated[0].patch as { status: string; content: string };
expect(patch.status).toBe('completed');
expect(patch.content).toBe('Here is the finished answer.');
expect(patch.content).not.toContain(STEP_LIMIT_NO_ANSWER_MARKER);
});
it('step-exhausted turn that DID produce text keeps the text, no marker (guards the AND)', async () => {
// Exhausting the step budget alone must NOT append the marker when SOME step
// produced text — the marker keys off "no text" too. Drive the real onFinish
// with MAX_AGENT_STEPS steps where the last one carries the answer.
const { svc, updated } = makeService();
const cap = captureStreamText();
await drive(svc);
const opts = cap.opts();
const steps = Array.from({ length: MAX_AGENT_STEPS }, (_, i) => ({
text: i === MAX_AGENT_STEPS - 1 ? 'Final synthesized answer.' : '',
toolCalls:
i === MAX_AGENT_STEPS - 1
? []
: [{ toolCallId: `c${i}`, toolName: 'searchPages', input: {} }],
toolResults:
i === MAX_AGENT_STEPS - 1
? []
: [{ toolCallId: `c${i}`, toolName: 'searchPages', output: {} }],
}));
await opts.onFinish({
text: 'Final synthesized answer.',
finishReason: 'stop',
totalUsage: { inputTokens: 1, outputTokens: 1, totalTokens: 2 },
usage: { inputTokens: 1, outputTokens: 1 },
steps,
});
expect(updated).toHaveLength(1);
const patch = updated[0].patch as { content: string };
expect(patch.content).toContain('Final synthesized answer.');
expect(patch.content).not.toContain(STEP_LIMIT_NO_ANSWER_MARKER);
});
});
+201 -27
View File
@@ -52,11 +52,24 @@ import {
startSseHeartbeat, startSseHeartbeat,
stripStreamingHopByHopHeaders, stripStreamingHopByHopHeaders,
} from './sse-resilience'; } from './sse-resilience';
import {
isDegenerateOutput,
truncateDegeneratedTail,
} from './output-degeneration';
// Max agent steps per turn. One step = one model generation; a step that calls // Max agent steps per turn. One step = one model generation; a step that calls
// tools is followed by another step carrying the tool results. Raised from 8 so // tools is followed by another step carrying the tool results. Raised from 8 so
// multi-search research questions are not cut off mid-investigation. // multi-search research questions are not cut off mid-investigation, then from 20
const MAX_AGENT_STEPS = 20; // to 50 (#444) so read-heavy turns (e.g. dozens of searchInPage sweeps) do not
// exhaust the budget before acting.
const MAX_AGENT_STEPS = 50;
// How many steps before the LAST one the step-budget warning starts firing
// (#444). At MAX-STEP_BUDGET_WARNING_LEAD .. MAX-2 the model is told to stop
// exploring and start acting, with the remaining count decreasing each step; the
// last step (MAX-1) has its own final nudge / lockdown instead (see
// prepareAgentStep).
const STEP_BUDGET_WARNING_LEAD = 6;
// Wall-clock ceiling for building the external MCP toolset during the per-turn // Wall-clock ceiling for building the external MCP toolset during the per-turn
// setup phase (before streamText owns the lifecycle). Defense-in-depth ABOVE the // setup phase (before streamText owns the lifecycle). Defense-in-depth ABOVE the
@@ -82,16 +95,69 @@ const FINAL_STEP_INSTRUCTION =
'language. If the information is incomplete, say so explicitly: summarize ' + 'language. If the information is incomplete, say so explicitly: summarize ' +
'what you found, what is still missing, and give your best partial conclusion.'; 'what you found, what is still missing, and give your best partial conclusion.';
// Pure, unit-testable: decide per-step overrides. Two responsibilities: // SOFT final-step nudge (#444), used when the final-step lockdown toggle is OFF
// 1. Final-step lockdown (always): on the final allowed step force a text-only // (the new default). Unlike FINAL_STEP_INSTRUCTION it does NOT strip tools
// synthesis answer (toolChoice 'none' + FINAL_STEP_INSTRUCTION). This WINS — // (toolChoice stays untouched), so the model is never forced into a tool-less
// it takes precedence over the deferred-tool narrowing below. // state mid-work — that tool-stripping is what triggered the 255KB token-loop
// 2. Deferred tool visibility (#332): when `deferredEnabled` and NOT the final // degeneration incident. It only asks the model to finish with a text summary.
// step, expose only the CORE tools + loadTools + whatever loadTools has const FINAL_STEP_NUDGE =
// activated so far this turn (`activatedTools`), via `activeTools`. Deferred 'This is the LAST step of this turn. Write your final answer to the user now.\n' +
// tools stay in the <tool_catalog> until the model loads them. 'You may still call tools, but the turn ends after this step either way —\n' +
// When `deferredEnabled` is false the behavior is unchanged: undefined on normal 'prefer finishing with a clear text summary of what was done and what remains.';
// steps (all tools active), lockdown on the final step.
// Synthetic marker text appended in onFinish when a step-exhausted turn produced
// NO text at all (#444, mitigates the "empty turn" the lockdown used to prevent
// when the toggle is OFF). Makes the exhausted-without-answer state explicit to
// the user and, on replay, to the model on the next turn.
const STEP_LIMIT_NO_ANSWER_MARKER =
'(Достигнут лимит шагов — итоговый ответ не сформулирован; работа могла ' +
'остаться незавершённой. Напишите «продолжай», чтобы агент продолжил.)';
// Reason recorded in ai_chat_runs.error / the assistant row when the token-
// degeneration detector (#444) aborts a run. Distinct from a user Stop (no error)
// and from a server restart ('streaming' -> swept to 'aborted' with no message).
const OUTPUT_DEGENERATION_ERROR =
'Output degeneration detected (repeated token loop)';
/**
* Compute the step-budget warning text (#444), or '' when this step is outside
* the warning band. The warning fires on steps
* MAX_AGENT_STEPS-STEP_BUDGET_WARNING_LEAD .. MAX_AGENT_STEPS-2 (NOT the last
* step, which has its own final nudge/lockdown), telling the model to stop
* exploring and start acting. `N` is the number of tool-use steps still
* remaining (`MAX_AGENT_STEPS - 1 - stepNumber`), so it decreases toward the
* end. Pure.
*/
export function stepBudgetWarning(stepNumber: number): string {
const isLastStep = stepNumber >= MAX_AGENT_STEPS - 1;
const inBand = stepNumber >= MAX_AGENT_STEPS - STEP_BUDGET_WARNING_LEAD;
if (isLastStep || !inBand) return '';
const remaining = MAX_AGENT_STEPS - 1 - stepNumber;
return (
`Only ${remaining} tool-use steps remain in this turn. Stop exploring and start acting now\n` +
'(make the edits / create the comments / produce results). Leave room to finish\n' +
'with a final text answer.'
);
}
// Pure, unit-testable: decide per-step overrides. Responsibilities:
// 1. Final-step handling. Two modes, chosen by `finalStepLockdownEnabled`:
// - toggle ON (legacy): on the final allowed step force a text-only
// synthesis answer (toolChoice 'none' + FINAL_STEP_INSTRUCTION). This WINS
// — it takes precedence over the deferred-tool narrowing below.
// - toggle OFF (new default, #444): do NOT touch toolChoice — tools stay
// available on every step incl. the last, so the model is never stripped
// of its tools mid-work (the cause of the token-loop degeneration
// incident). A SOFT nudge (FINAL_STEP_NUDGE) is appended to `system`, and
// the deferred-tool `activeTools` narrowing still applies to the last step
// (both `activeTools` and `system` are returned together).
// 2. Step-budget warning (#444): on steps in the warning band (but not the
// last, which has its own nudge/lockdown) append stepBudgetWarning(...) to
// `system` so the model starts acting before it runs out of steps.
// 3. Deferred tool visibility (#332): when `deferredEnabled`, expose only the
// CORE tools + loadTools + whatever loadTools has activated so far this turn
// (`activatedTools`), via `activeTools`. Deferred tools stay in the
// <tool_catalog> until the model loads them.
// //
// `system` is the in-scope system prompt; we CONCATENATE so the original // `system` is the in-scope system prompt; we CONCATENATE so the original
// persona/context is preserved — a bare `system` override would REPLACE the // persona/context is preserved — a bare `system` override would REPLACE the
@@ -107,31 +173,53 @@ export function prepareAgentStep(
system: string, system: string,
activatedTools: ReadonlySet<string> | readonly string[] = [], activatedTools: ReadonlySet<string> | readonly string[] = [],
deferredEnabled = false, deferredEnabled = false,
finalStepLockdownEnabled = false,
): ):
| { toolChoice: 'none'; system: string } | { toolChoice: 'none'; system: string }
| { activeTools: string[] } | { activeTools: string[]; system?: string }
| { system: string }
| undefined { | undefined {
// Final-step lockdown WINS (applies regardless of the deferred toggle). const isLastStep = stepNumber >= MAX_AGENT_STEPS - 1;
if (stepNumber >= MAX_AGENT_STEPS - 1) {
// Legacy final-step lockdown (toggle ON): text-only synthesis. WINS over the
// deferred narrowing AND drops tools for this step.
if (isLastStep && finalStepLockdownEnabled) {
return { return {
toolChoice: 'none', toolChoice: 'none',
system: `${system}\n\n${FINAL_STEP_INSTRUCTION}`, system: `${system}\n\n${FINAL_STEP_INSTRUCTION}`,
}; };
} }
// Deferred tool loading: narrow this step's visible tools to CORE + loadTools
// + the tools already activated this turn. // Compute the extra system text for this step: the soft final nudge on the last
// step (toggle OFF), or the step-budget warning in the warning band. At most one
// of these applies (stepBudgetWarning returns '' on the last step).
const extra = isLastStep ? FINAL_STEP_NUDGE : stepBudgetWarning(stepNumber);
const systemForStep = extra ? `${system}\n\n${extra}` : undefined;
// Deferred tool loading: narrow this step's visible tools to CORE + loadTools +
// the tools already activated this turn. Applies on EVERY step incl. the last
// (toggle OFF), so the model keeps its core tools available while being nudged
// to finish. Return `system` alongside `activeTools` when we have extra text.
if (deferredEnabled) { if (deferredEnabled) {
const activated = Array.isArray(activatedTools) const activated = Array.isArray(activatedTools)
? activatedTools ? activatedTools
: [...activatedTools]; : [...activatedTools];
return { const activeTools = [...CORE_TOOL_KEYS, LOAD_TOOLS_NAME, ...activated];
activeTools: [...CORE_TOOL_KEYS, LOAD_TOOLS_NAME, ...activated], return systemForStep ? { activeTools, system: systemForStep } : { activeTools };
};
} }
return undefined;
// Deferred OFF: all tools stay active; only append the extra system text (if any).
return systemForStep ? { system: systemForStep } : undefined;
} }
export { MAX_AGENT_STEPS, FINAL_STEP_INSTRUCTION }; export {
MAX_AGENT_STEPS,
STEP_BUDGET_WARNING_LEAD,
FINAL_STEP_INSTRUCTION,
FINAL_STEP_NUDGE,
STEP_LIMIT_NO_ANSWER_MARKER,
OUTPUT_DEGENERATION_ERROR,
};
// Pure, unit-testable post-processing for a model-generated title (#199): trim // Pure, unit-testable post-processing for a model-generated title (#199): trim
// whitespace, strip a single pair of surrounding quotes the model often adds, // whitespace, strip a single pair of surrounding quotes the model often adds,
@@ -890,6 +978,12 @@ export class AiChatService implements OnModuleInit {
// tools (fat/rare in-app tools + ALL external MCP tools) load on demand. When // tools (fat/rare in-app tools + ALL external MCP tools) load on demand. When
// OFF, every tool is active and nothing below changes. // OFF, every tool is active and nothing below changes.
const deferredEnabled = this.environment.isAiChatDeferredToolsEnabled(); const deferredEnabled = this.environment.isAiChatDeferredToolsEnabled();
// Final-step lockdown toggle (#444). Default OFF: the last step keeps its
// tools and gets only a soft nudge (prepareAgentStep), and the token-
// degeneration detector (onChunk below) is the anti-babble guard. ON =
// legacy tool-stripping lockdown on the last step.
const finalStepLockdownEnabled =
this.environment.isAiChatFinalStepLockdownEnabled();
let system: string; let system: string;
let docmostTools: Awaited<ReturnType<AiChatToolsService['forUser']>>; let docmostTools: Awaited<ReturnType<AiChatToolsService['forUser']>>;
@@ -978,6 +1072,16 @@ export class AiChatService implements OnModuleInit {
const capturedSteps: StepLike[] = []; const capturedSteps: StepLike[] = [];
let inProgressText = ''; let inProgressText = '';
// Token-degeneration guard (#444). When the final-step lockdown is OFF, a
// runaway repetition loop (the 255KB "loadTools." incident) is aborted via
// this internal controller, unioned with the run/socket signal below. The
// detector runs on `inProgressText` in onChunk, throttled by growth so the
// pure rules only fire every ~DEGENERATION_CHECK_STEP bytes.
const degenerationController = new AbortController();
let degenerationDetected = false;
let lastDegenerationCheckLen = 0;
const DEGENERATION_CHECK_STEP = 2000;
// Step-granular durability (#183): create the assistant row UPFRONT in the // Step-granular durability (#183): create the assistant row UPFRONT in the
// 'streaming' state (before any token), then UPDATE it as each step finishes // 'streaming' state (before any token), then UPDATE it as each step finishes
// and finalize it once on the terminal callback. If the process dies // and finalize it once on the terminal callback. If the process dies
@@ -1118,11 +1222,21 @@ export class AiChatService implements OnModuleInit {
// further tool calls and appends a synthesis instruction on that step, // further tool calls and appends a synthesis instruction on that step,
// concatenated onto the original `system` so the persona is preserved. // concatenated onto the original `system` so the persona is preserved.
prepareStep: ({ stepNumber }) => prepareStep: ({ stepNumber }) =>
prepareAgentStep(stepNumber, system, activatedTools, deferredEnabled), prepareAgentStep(
stepNumber,
system,
activatedTools,
deferredEnabled,
finalStepLockdownEnabled,
),
// #184: the RUN's signal (explicit-stop) when a run wraps this turn, else // #184: the RUN's signal (explicit-stop) when a run wraps this turn, else
// the socket-bound signal (legacy). A browser disconnect aborts only in // the socket-bound signal (legacy). A browser disconnect aborts only in
// the legacy path. // the legacy path. #444: UNION it with the internal degeneration signal
abortSignal: effectiveSignal, // so a detected token-loop aborts the run too (AbortSignal.any — Node 20.3+).
abortSignal: AbortSignal.any([
effectiveSignal,
degenerationController.signal,
]),
onChunk: ({ chunk }) => { onChunk: ({ chunk }) => {
// DIAGNOSTIC (Safari stream-drop investigation) — temporary. Any model // DIAGNOSTIC (Safari stream-drop investigation) — temporary. Any model
// output chunk means the stream is actively emitting bytes; track first // output chunk means the stream is actively emitting bytes; track first
@@ -1132,7 +1246,29 @@ export class AiChatService implements OnModuleInit {
lastModelChunkAt = now; lastModelChunkAt = now;
// 'text-delta' is the assistant's prose; tool-call args are separate chunk // 'text-delta' is the assistant's prose; tool-call args are separate chunk
// types — so this mirrors exactly what streams to the client. // types — so this mirrors exactly what streams to the client.
if (chunk.type === 'text-delta') inProgressText += chunk.text; if (chunk.type === 'text-delta') {
inProgressText += chunk.text;
// Token-degeneration guard (#444). Throttled: only re-run the pure
// rules once the text has grown ~DEGENERATION_CHECK_STEP bytes since
// the last check, so the tail heuristics cost is amortized. On a
// trigger, abort the run ONCE with a distinguishable reason.
if (
!degenerationDetected &&
inProgressText.length - lastDegenerationCheckLen >=
DEGENERATION_CHECK_STEP
) {
lastDegenerationCheckLen = inProgressText.length;
if (isDegenerateOutput(inProgressText)) {
degenerationDetected = true;
this.logger.warn(
`AI chat stream aborted (chat ${chatId}): ${OUTPUT_DEGENERATION_ERROR}`,
);
degenerationController.abort(
new Error(OUTPUT_DEGENERATION_ERROR),
);
}
}
}
}, },
onStepFinish: (step) => { onStepFinish: (step) => {
// The finished step's full text is now in `step.text`; fold it in and reset // The finished step's full text is now in `step.text`; fold it in and reset
@@ -1174,8 +1310,22 @@ export class AiChatService implements OnModuleInit {
// plain-text projection (full-text search / fallback). A multi-step // plain-text projection (full-text search / fallback). A multi-step
// turn's `content` therefore now holds all steps' prose, not just the // turn's `content` therefore now holds all steps' prose, not just the
// last block. // last block.
// Empty-turn mitigation (#444, toggle OFF). If the turn burned all its
// steps WITHOUT ever producing text (every step's text is empty) and
// the model stopped because it hit the step cap, there is no answer to
// show — the lockdown used to force one. Append a synthetic marker as
// the trailing text so the exhausted-without-answer state is explicit
// to the user and, on replay, to the model next turn. `flushAssistant`
// takes this as the `inProgressText` trailing text arg (empty here
// otherwise). `stepCountIs(MAX_AGENT_STEPS)` surfaces as
// finishReason === 'tool-calls' (or a length/other cap), so we key off
// "no text produced" rather than a single finishReason string.
const producedText = (steps as StepLike[]).some((s) => s.text?.trim());
const stepExhausted = steps.length >= MAX_AGENT_STEPS;
const emptyTurnMarker =
!producedText && stepExhausted ? STEP_LIMIT_NO_ANSWER_MARKER : '';
await finalizeAssistant( await finalizeAssistant(
flushAssistant(steps as StepLike[], '', 'completed', { flushAssistant(steps as StepLike[], emptyTurnMarker, 'completed', {
finishReason: finishReason as string, finishReason: finishReason as string,
usage: totalUsage as StreamUsage, usage: totalUsage as StreamUsage,
contextTokens: contextTokens:
@@ -1252,6 +1402,30 @@ export class AiChatService implements OnModuleInit {
await snapshotTurnEnd(); await snapshotTurnEnd();
}, },
onAbort: async ({ steps }) => { onAbort: async ({ steps }) => {
// #444: distinguish a degeneration abort (our internal controller) from
// a user Stop / disconnect. On degeneration we truncate the runaway tail
// before persist (so hundreds of KB of garbage never reach the DB /
// replay) and record it as an ERROR with a clear, distinguishable reason
// — NOT a bare 'aborted' (a user Stop) and NOT a swept 'streaming' (a
// server restart).
if (degenerationDetected) {
const truncated = truncateDegeneratedTail(inProgressText);
await finalizeAssistant(
flushAssistant(capturedSteps, truncated, 'error', {
error: OUTPUT_DEGENERATION_ERROR,
pageChanged,
}),
);
if (runId)
await runHooks?.onSettled?.(
runId,
'error',
OUTPUT_DEGENERATION_ERROR,
);
await closeExternalClients();
await snapshotTurnEnd();
return;
}
const partialChars = const partialChars =
capturedSteps.reduce((n, s) => n + (s.text?.length ?? 0), 0) + capturedSteps.reduce((n, s) => n + (s.text?.length ?? 0), 0) +
inProgressText.length; inProgressText.length;
@@ -75,7 +75,7 @@ const LABELS: Record<
searchPages: 'Searched pages', searchPages: 'Searched pages',
getPage: 'Read page', getPage: 'Read page',
createPage: 'Created page', createPage: 'Created page',
updatePageContent: 'Updated page', updatePageMarkdown: 'Updated page',
renamePage: 'Renamed page', renamePage: 'Renamed page',
movePage: 'Moved page', movePage: 'Moved page',
deletePage: 'Deleted page (to trash)', deletePage: 'Deleted page (to trash)',
@@ -96,7 +96,7 @@ const LABELS: Record<
searchPages: 'Искал по страницам', searchPages: 'Искал по страницам',
getPage: 'Прочитал страницу', getPage: 'Прочитал страницу',
createPage: 'Создал страницу', createPage: 'Создал страницу',
updatePageContent: 'Обновил страницу', updatePageMarkdown: 'Обновил страницу',
renamePage: 'Переименовал страницу', renamePage: 'Переименовал страницу',
movePage: 'Переместил страницу', movePage: 'Переместил страницу',
deletePage: 'Удалил страницу (в корзину)', deletePage: 'Удалил страницу (в корзину)',
@@ -0,0 +1,182 @@
import {
hasRepeatedLineRun,
hasPeriodicTail,
isDegenerateOutput,
truncateDegeneratedTail,
REPEATED_LINES_THRESHOLD,
MIN_PERIOD_REPEATS,
} from './output-degeneration';
/**
* Unit tests for the token-degeneration detector (#444) — the sole anti-babble
* guard once the final-step lockdown is OFF. The two rules must fire on real
* degeneration (the "loadTools." incident, a no-newline repeat) and MUST NOT fire
* on legitimate long output (edit lists, tables, code).
*/
describe('hasRepeatedLineRun (rule 1: identical-line run)', () => {
it('POSITIVE: fires on "loadTools.\\n" repeated many times (the incident)', () => {
const text = 'Here is my plan.\n' + 'loadTools.\n'.repeat(300);
expect(hasRepeatedLineRun(text)).toBe(true);
expect(isDegenerateOutput(text)).toBe(true);
});
it('POSITIVE: fires at exactly the threshold', () => {
const text = 'x\n'.repeat(REPEATED_LINES_THRESHOLD);
expect(hasRepeatedLineRun(text)).toBe(true);
});
it('NEGATIVE: does NOT fire just below the threshold', () => {
// threshold-1 identical lines followed by a distinct line.
const text = 'x\n'.repeat(REPEATED_LINES_THRESHOLD - 1) + 'done\n';
expect(hasRepeatedLineRun(text)).toBe(false);
});
it('NEGATIVE: a long edit list of DISTINCT lines never trips', () => {
const lines: string[] = [];
for (let i = 0; i < 200; i++) lines.push(`- edited section ${i}: fixed typo`);
const text = lines.join('\n');
expect(hasRepeatedLineRun(text)).toBe(false);
expect(isDegenerateOutput(text)).toBe(false);
});
it('NEGATIVE: a markdown table with blank separators does not trip', () => {
// Repeated identical rows are unusual, but blank lines break any run.
const block = ['| a | b |', '| - | - |', '', '| a | b |', ''];
const text = Array.from({ length: 60 }, () => block.join('\n')).join('\n');
expect(hasRepeatedLineRun(text)).toBe(false);
});
it('NEGATIVE: blank lines do NOT count toward a run', () => {
const text = '\n'.repeat(100);
expect(hasRepeatedLineRun(text)).toBe(false);
});
});
describe('hasPeriodicTail (rule 2: no-newline suffix periodicity)', () => {
it('POSITIVE: fires on a single char repeated with no newlines', () => {
const text = 'answer: ' + 'a'.repeat(500);
expect(hasPeriodicTail(text)).toBe(true);
expect(isDegenerateOutput(text)).toBe(true);
});
it('POSITIVE: fires on a multi-char block repeat with no newlines', () => {
const text = 'prefix ' + 'abcdef'.repeat(100);
expect(hasPeriodicTail(text)).toBe(true);
});
it('POSITIVE: at least MIN_PERIOD_REPEATS repeats of a small block', () => {
const text = 'go'.repeat(MIN_PERIOD_REPEATS);
expect(hasPeriodicTail(text)).toBe(true);
});
it('NEGATIVE: prose does not look periodic', () => {
const text =
'The quick brown fox jumps over the lazy dog while the sun sets slowly ' +
'behind the distant mountains and the river winds through the valley below.';
expect(hasPeriodicTail(text)).toBe(false);
expect(isDegenerateOutput(text)).toBe(false);
});
it('NEGATIVE: a long code block is not flagged', () => {
const code = `
function compute(values) {
let total = 0;
for (const v of values) {
total += v * 2;
}
return total / values.length;
}
export const helper = (x) => x + 1;
const config = { retries: 3, timeout: 5000, backoff: 'exp' };
`.repeat(3);
expect(isDegenerateOutput(code)).toBe(false);
});
it('NEGATIVE: a short string well under the repeat count is safe', () => {
expect(hasPeriodicTail('ababab')).toBe(false);
});
// Regression (#444): a trivial single-char period (p===1) must NOT flag
// legitimate divider/underline/whitespace runs. These are common in real
// model output and previously false-positived at ~20 identical chars, aborting
// the run and truncating output. They must all be treated as clean.
it('NEGATIVE: a markdown horizontal rule is not flagged', () => {
const text = 'text\n' + '-'.repeat(40);
expect(hasPeriodicTail(text)).toBe(false);
expect(isDegenerateOutput(text)).toBe(false);
});
it('NEGATIVE: a setext heading underline is not flagged', () => {
const text = 'Title\n' + '='.repeat(30);
expect(hasPeriodicTail(text)).toBe(false);
expect(isDegenerateOutput(text)).toBe(false);
});
it('NEGATIVE: a box-drawing divider with no trailing newline is not flagged', () => {
const text = 'done ' + '─'.repeat(50);
expect(hasPeriodicTail(text)).toBe(false);
expect(isDegenerateOutput(text)).toBe(false);
});
it('NEGATIVE: trailing spaces are not flagged', () => {
const text = 'answer' + ' '.repeat(40);
expect(hasPeriodicTail(text)).toBe(false);
expect(isDegenerateOutput(text)).toBe(false);
});
// TRIVIAL_MIN_REPEATS boundary (#444 review). The monochar-tail branch fires at
// EXACTLY 60 identical trailing chars (`run >= TRIVIAL_MIN_REPEATS`), so 59 is
// clean and 60 trips. These pin the `>=` and MUST fail if the comparison is
// flipped to `>` (the surviving mutation). The value 60 is HARD-CODED here on
// purpose: TRIVIAL_MIN_REPEATS is a private constant and the assert must lock
// the literal boundary the reviewer named, not track a constant edit.
it('NEGATIVE: 59 identical trailing chars is one below the monochar threshold', () => {
expect(hasPeriodicTail('x'.repeat(59))).toBe(false);
expect(isDegenerateOutput('x'.repeat(59))).toBe(false);
});
it('POSITIVE: 60 identical trailing chars hits the monochar threshold exactly', () => {
// Fails if `run >= TRIVIAL_MIN_REPEATS` is mutated to `run > …`.
expect(hasPeriodicTail('x'.repeat(60))).toBe(true);
expect(isDegenerateOutput('x'.repeat(60))).toBe(true);
});
// Positive counterparts: a GENUINE single-char runaway (hundreds+ of repeats)
// and the real incident (period>=2, "loadTools." ×N) must still fire.
it('POSITIVE: a genuine single-char runaway is still flagged', () => {
const text = 'x'.repeat(5000);
expect(hasPeriodicTail(text)).toBe(true);
expect(isDegenerateOutput(text)).toBe(true);
});
it('POSITIVE: the "loadTools." incident (period>=2) is still flagged', () => {
const text = 'loadTools.'.repeat(500);
expect(hasPeriodicTail(text)).toBe(true);
expect(isDegenerateOutput(text)).toBe(true);
});
});
describe('truncateDegeneratedTail', () => {
it('collapses a repeated-line loop to a few reps + marker', () => {
const text = 'plan\n' + 'loadTools.\n'.repeat(20000);
const out = truncateDegeneratedTail(text);
expect(out.length).toBeLessThan(text.length);
expect(out).toContain('output truncated');
// Keeps the leading context and a few loop reps.
expect(out).toContain('plan');
expect((out.match(/loadTools\./g) ?? []).length).toBeLessThan(10);
});
it('collapses a no-newline periodic loop to a few blocks + marker', () => {
const text = 'answer: ' + 'xy'.repeat(50000);
const out = truncateDegeneratedTail(text);
expect(out.length).toBeLessThan(text.length);
expect(out).toContain('output truncated');
expect(out).toContain('answer:');
});
it('returns non-degenerate text unchanged (by identity)', () => {
const text = 'A perfectly normal, finished assistant answer.';
expect(truncateDegeneratedTail(text)).toBe(text);
});
});
@@ -0,0 +1,189 @@
/**
* Token-degeneration detector for the in-app agent stream (#444).
*
* When the final-step lockdown is OFF (the new default) there is no toolChoice
* override to strip the model's tools mid-work, so the anti-babble safety net is
* this detector. It watches the accumulating assistant text and, on a runaway
* repetition loop (the 255KB "loadTools." incident), aborts the run.
*
* Both rules are PURE functions of the text tail so they are cheap to run every
* few KB and are unit-testable in isolation. They operate on the TAIL only
* (`TAIL_WINDOW` chars) so the cost is bounded regardless of how long the turn is.
*/
/** How many trailing chars of the accumulated text the rules inspect. */
export const TAIL_WINDOW = 3000;
/** Rule 1 threshold: minimum consecutive identical non-empty lines to trigger. */
export const REPEATED_LINES_THRESHOLD = 25;
/** Rule 2: maximum length of a repeating block considered for periodicity. */
export const MAX_PERIOD_LEN = 150;
/** Rule 2: minimum number of consecutive block repeats to trigger. */
export const MIN_PERIOD_REPEATS = 20;
/**
* Rule 1 — ≥`REPEATED_LINES_THRESHOLD` consecutive IDENTICAL non-empty lines at
* the tail. Catches the classic newline-delimited loop ("loadTools.\n" ×N).
* Blank lines break a run (a table / list with blank separators never trips it);
* a run of ordinary distinct lines (an edit list, code) never reaches the count.
*
* NB: `REPEATED_LINES_THRESHOLD` (25) is only THIS rule's own trigger, not the
* effective floor for detecting a repeated-line loop. In practice a newline-
* delimited repeat also has a fixed period (line + '\n'), so rule 2 catches it
* via periodicity at `MIN_PERIOD_REPEATS` (20) repeats — the two rules combine
* (see `isDegenerateOutput`), so the effective lower bound for a short identical
* line loop is ~20, not 25. Pure.
*/
export function hasRepeatedLineRun(
text: string,
threshold = REPEATED_LINES_THRESHOLD,
): boolean {
const tail = text.length > TAIL_WINDOW ? text.slice(-TAIL_WINDOW) : text;
const lines = tail.split('\n');
let run = 1;
let prev: string | null = null;
for (const line of lines) {
if (line.length > 0 && line === prev) {
run += 1;
if (run >= threshold) return true;
} else {
run = 1;
}
prev = line;
}
return false;
}
/**
* Rule 2 — cheap suffix-periodicity check: the tail ends in
* ≥`MIN_PERIOD_REPEATS` back-to-back repeats of a single block of length
* ≤`MAX_PERIOD_LEN`. Catches a no-newline repeat ("abcabcabc…") the line rule
* misses. For each candidate period length p we verify the last `repeats*p`
* chars are p-periodic; we stop at the smallest p that satisfies the repeat
* count. Bounded by MAX_PERIOD_LEN × TAIL_WINDOW comparisons — negligible. Pure.
*/
export function hasPeriodicTail(
text: string,
maxPeriod = MAX_PERIOD_LEN,
minRepeats = MIN_PERIOD_REPEATS,
): boolean {
const tail = text.length > TAIL_WINDOW ? text.slice(-TAIL_WINDOW) : text;
const n = tail.length;
// Not even the shortest possible loop fits in the tail.
if (n < minRepeats) return false;
// A tail of ONE repeated char (a "trivial period") is common in LEGIT output —
// markdown rules (----/====), setext underlines, box-drawing dividers,
// trailing spaces routinely produce 20–50 identical chars. Such a run is
// p-periodic for EVERY p, so it would otherwise trip the block rule at p>=2
// too, not just p===1. We therefore split the check: a monochar tail needs far
// more repeats (a real single-char babble loop produces hundreds-to-thousands;
// 60 is well above any realistic divider yet a fifth of TAIL_WINDOW), while a
// genuine multi-char block repeat (>=2 distinct chars, e.g. the "loadTools."
// incident, period ~10) keeps the normal MIN_PERIOD_REPEATS threshold.
const TRIVIAL_MIN_REPEATS = 60;
// Monochar-tail check (the trivial-period case): count the trailing run of one
// identical char and require TRIVIAL_MIN_REPEATS of them.
{
const last = tail[n - 1];
let run = 1;
for (let i = n - 2; i >= 0 && tail[i] === last; i--) run++;
if (run >= TRIVIAL_MIN_REPEATS) return true;
}
const maxP = maxPeriod;
for (let p = 2; p <= maxP; p++) {
// Verify the last (minRepeats*p) chars are p-periodic AND not monochar (a
// monochar span is the trivial case handled above, so skip it here to avoid
// re-flagging a legit divider at a composite period).
const span = minRepeats * p;
// Not enough tail to hold this many repeats of this period.
if (span > n) continue;
const start = n - span;
let periodic = true;
let multiChar = false;
for (let i = n - 1; i >= start + p; i--) {
if (tail[i] !== tail[i - p]) {
periodic = false;
break;
}
}
if (!periodic) continue;
// Confirm the block itself has >=2 distinct chars (else it's monochar).
for (let i = start + 1; i < n; i++) {
if (tail[i] !== tail[start]) {
multiChar = true;
break;
}
}
if (multiChar) return true;
}
return false;
}
/**
* Combined guard used by the stream's onChunk: true when EITHER rule fires.
* Pure — the caller owns the abort side effect.
*/
export function isDegenerateOutput(text: string): boolean {
return hasRepeatedLineRun(text) || hasPeriodicTail(text);
}
/**
* Truncate a degenerated tail before persist so hundreds of KB of garbage never
* reach the DB / replay (#444). Keeps everything up to and including the FIRST
* `keepRepeats` repeats of the detected loop, then appends a short marker. If no
* loop is detected the text is returned unchanged (by identity).
*
* Implementation: find the shortest tail period (same check as hasPeriodicTail),
* keep the prefix before the loop plus `keepRepeats` copies of the block, drop
* the rest. This is best-effort cosmetic trimming; correctness does not depend on
* finding the exact minimal loop. Pure.
*/
export function truncateDegeneratedTail(
text: string,
keepRepeats = 3,
): string {
const marker = '\n…[output truncated: repeated token loop detected]';
// Try the line rule first: collapse a long run of identical lines.
const lines = text.split('\n');
let runStart = -1;
let run = 1;
for (let i = 1; i < lines.length; i++) {
if (lines[i].length > 0 && lines[i] === lines[i - 1]) {
if (run === 1) runStart = i - 1;
run += 1;
if (run >= REPEATED_LINES_THRESHOLD) {
const kept = lines.slice(0, runStart + keepRepeats).join('\n');
return kept + marker;
}
} else {
run = 1;
runStart = -1;
}
}
// Fall back to periodicity over the whole string (bounded by the same block
// length). Find the smallest period that makes the SUFFIX highly repetitive.
const n = text.length;
const maxP = Math.min(MAX_PERIOD_LEN, Math.floor(n / MIN_PERIOD_REPEATS));
for (let p = 1; p <= maxP; p++) {
// Count how many trailing p-blocks are periodic.
let reps = 1;
let i = n - 1;
for (; i >= p; i--) {
if (text[i] !== text[i - p]) break;
}
// The loop above walks over the periodic suffix; its length is (n-1 - i).
const periodicLen = n - 1 - i;
reps = Math.floor(periodicLen / p) + 1;
if (reps >= MIN_PERIOD_REPEATS) {
const loopStart = n - reps * p; // start of the fully-periodic suffix
const kept = text.slice(0, loopStart + keepRepeats * p);
return kept + marker;
}
}
return text;
}
@@ -1,6 +1,17 @@
import { AiChatToolsService } from './ai-chat-tools.service'; import { AiChatToolsService } from './ai-chat-tools.service';
import * as loader from './docmost-client.loader'; import * as loader from './docmost-client.loader';
import type { DocmostClientLike } from './docmost-client.loader'; import type { DocmostClientLike } from './docmost-client.loader';
// Test-double type for the loopback client. `DocmostClientLike` is now DERIVED
// from the real `DocmostClient` (issue #446), so its method RETURN types are the
// concrete client shapes. These stubs deliberately return minimal recording
// shapes (e.g. `{ ok: true }`), which no longer satisfy those concrete returns —
// so the doubles are typed with the same method NAMES but loose async returns.
// Each is still cast to `DocmostClientLike` at the (return-erased) mock site, so
// the positional-call type-safety on the PRODUCTION client is unaffected.
type FakeDocmostClient = Partial<
Record<keyof DocmostClientLike, (...args: any[]) => Promise<any>>
>;
// The real zod-agnostic shared tool-spec registry. It has no runtime deps, so // The real zod-agnostic shared tool-spec registry. It has no runtime deps, so
// importing the TS source directly keeps these mocks honest: the service builds // importing the TS source directly keeps these mocks honest: the service builds
// the shared tools from exactly the specs the package ships, not a hand-stub. // the shared tools from exactly the specs the package ships, not a hand-stub.
@@ -12,7 +23,15 @@ import { SHARED_TOOL_SPECS } from '../../../../../../packages/mcp/src/tool-specs
// sync. // sync.
const mockLoaded = (DocmostClient: loader.DocmostClientCtor) => ({ const mockLoaded = (DocmostClient: loader.DocmostClientCtor) => ({
DocmostClient, DocmostClient,
sharedToolSpecs: SHARED_TOOL_SPECS as Record<string, loader.SharedToolSpec>, sharedToolSpecs: SHARED_TOOL_SPECS as unknown as Record<string, loader.SharedToolSpec>,
// Pure no-network draw.io helpers (#424). Type-correct stubs: these tests
// never execute the drawio_shapes / drawio_guide tool bodies.
searchShapes: (() => []) as unknown as loader.SearchShapesFn,
getGuideSection: (() => ({
section: 'index',
content: '',
sections: [],
})) as unknown as loader.GetGuideSectionFn,
}); });
/** /**
@@ -31,7 +50,7 @@ describe('AiChatToolsService deletePage guardrail (H4)', () => {
// Minimal fake DocmostClient: only the write methods the tools touch need to // Minimal fake DocmostClient: only the write methods the tools touch need to
// exist; deletePage records its args. No network, no ESM import. // exist; deletePage records its args. No network, no ESM import.
const fakeClient: Partial<DocmostClientLike> = { const fakeClient: FakeDocmostClient = {
deletePage: (...args: unknown[]) => { deletePage: (...args: unknown[]) => {
deletePageCalls.push(args); deletePageCalls.push(args);
return Promise.resolve({ success: true }); return Promise.resolve({ success: true });
@@ -160,7 +179,7 @@ describe('AiChatToolsService deletePage guardrail (H4)', () => {
describe('AiChatToolsService expanded toolset guardrails', () => { describe('AiChatToolsService expanded toolset guardrails', () => {
// No client method is invoked here — every assertion is on tool presence / // No client method is invoked here — every assertion is on tool presence /
// input schema — so an empty fake client is sufficient. // input schema — so an empty fake client is sufficient.
const fakeClient: Partial<DocmostClientLike> = {}; const fakeClient: FakeDocmostClient = {};
const tokenServiceStub = { const tokenServiceStub = {
generateAccessToken: jest.fn().mockResolvedValue('access-token'), generateAccessToken: jest.fn().mockResolvedValue('access-token'),
@@ -264,8 +283,9 @@ describe('AiChatToolsService node-arg JSON-string coercion', () => {
const patchNodeCalls: unknown[][] = []; const patchNodeCalls: unknown[][] = [];
const insertNodeCalls: unknown[][] = []; const insertNodeCalls: unknown[][] = [];
const updatePageJsonCalls: unknown[][] = []; const updatePageJsonCalls: unknown[][] = [];
const updatePageCalls: unknown[][] = [];
const fakeClient: Partial<DocmostClientLike> = { const fakeClient: FakeDocmostClient = {
patchNode: (...args: unknown[]) => { patchNode: (...args: unknown[]) => {
patchNodeCalls.push(args); patchNodeCalls.push(args);
return Promise.resolve({ ok: true }); return Promise.resolve({ ok: true });
@@ -278,6 +298,11 @@ describe('AiChatToolsService node-arg JSON-string coercion', () => {
updatePageJsonCalls.push(args); updatePageJsonCalls.push(args);
return Promise.resolve({ ok: true }); return Promise.resolve({ ok: true });
}, },
// Backs the plain-Markdown full-body-replace tool updatePageMarkdown (#411).
updatePage: (...args: unknown[]) => {
updatePageCalls.push(args);
return Promise.resolve({ success: true });
},
}; };
const tokenServiceStub = { const tokenServiceStub = {
@@ -291,6 +316,7 @@ describe('AiChatToolsService node-arg JSON-string coercion', () => {
patchNodeCalls.length = 0; patchNodeCalls.length = 0;
insertNodeCalls.length = 0; insertNodeCalls.length = 0;
updatePageJsonCalls.length = 0; updatePageJsonCalls.length = 0;
updatePageCalls.length = 0;
jest.spyOn(loader, 'loadDocmostMcp').mockResolvedValue( jest.spyOn(loader, 'loadDocmostMcp').mockResolvedValue(
mockLoaded(function () { mockLoaded(function () {
return fakeClient as DocmostClientLike; return fakeClient as DocmostClientLike;
@@ -426,6 +452,54 @@ describe('AiChatToolsService node-arg JSON-string coercion', () => {
).rejects.toThrow('content was a string but not valid JSON'); ).rejects.toThrow('content was a string but not valid JSON');
expect(updatePageJsonCalls).toHaveLength(0); expect(updatePageJsonCalls).toHaveLength(0);
}); });
// #411: the plain-Markdown full-body-replace tool is now the shared
// `updatePageMarkdown` (was inline `updatePageContent`). It forwards to
// client.updatePage(pageId, content, title) -> updatePageContentRealtime ->
// markdownToProseMirrorCanonical, so `^[...]` footnotes materialize.
it('updatePageMarkdown forwards { pageId, content, title } to client.updatePage', async () => {
const tools = await buildTools();
await tools.updatePageMarkdown.execute(
{ pageId: 'p1', content: 'Body^[a note]', title: 'New title' } as never,
{} as never,
);
expect(updatePageCalls).toHaveLength(1);
expect(updatePageCalls[0]).toEqual(['p1', 'Body^[a note]', 'New title']);
});
it('updatePageMarkdown returns the RAW client result in-app (deliberate #411 shape change, documented on the spec)', async () => {
const tools = await buildTools();
// Registry canonical execute returns client.updatePage's result verbatim.
// The old inline tool projected to { pageId, updated }; the rename now
// surfaces the raw result (nothing reads the removed `.updated`; the raw
// shape carries footnote/verify warnings and matches the on-both-hosts
// registry convention). fakeClient.updatePage resolves { success: true }.
const result = await tools.updatePageMarkdown.execute(
{ pageId: 'p1', content: '# Hi' } as never,
{} as never,
);
expect(result).toEqual({ success: true });
});
it('updatePageMarkdown forwards title=undefined when omitted', async () => {
const tools = await buildTools();
await tools.updatePageMarkdown.execute(
{ pageId: 'p1', content: '# Hi' } as never,
{} as never,
);
expect(updatePageCalls[0]).toEqual(['p1', '# Hi', undefined]);
});
// #411 surface split: the plain-Markdown replace tool exists in-app under the
// new key; the OLD inline updatePageContent key is gone; importPageMarkdown is
// still present IN-APP (only the external MCP surface drops it — asserted in
// packages/mcp/test/unit/tool-inventory.test.mjs).
it('exposes updatePageMarkdown in-app, no legacy updatePageContent, keeps importPageMarkdown', async () => {
const tools = await buildTools();
expect(tools.updatePageMarkdown).toBeDefined();
expect((tools as Record<string, unknown>).updatePageContent).toBeUndefined();
expect(tools.importPageMarkdown).toBeDefined();
});
}); });
/** /**
@@ -439,7 +513,7 @@ describe('AiChatToolsService node-arg JSON-string coercion', () => {
* getOutline) are exercised here end-to-end through forUser(). * getOutline) are exercised here end-to-end through forUser().
*/ */
describe('AiChatToolsService model-friendly input validation (#190)', () => { describe('AiChatToolsService model-friendly input validation (#190)', () => {
const fakeClient: Partial<DocmostClientLike> = {}; const fakeClient: FakeDocmostClient = {};
const tokenServiceStub = { const tokenServiceStub = {
generateAccessToken: jest.fn().mockResolvedValue('access-token'), generateAccessToken: jest.fn().mockResolvedValue('access-token'),
generateCollabToken: jest.fn().mockResolvedValue('collab-token'), generateCollabToken: jest.fn().mockResolvedValue('collab-token'),
@@ -557,7 +631,7 @@ describe('AiChatToolsService #294 changed execute wirings', () => {
tableDeleteRow: [], tableDeleteRow: [],
tableUpdateCell: [], tableUpdateCell: [],
}; };
const fakeClient: Partial<DocmostClientLike> = { const fakeClient: FakeDocmostClient = {
movePage: (...args: unknown[]) => { movePage: (...args: unknown[]) => {
calls.movePage.push(args); calls.movePage.push(args);
return Promise.resolve({ success: true }); return Promise.resolve({ success: true });
@@ -666,7 +740,7 @@ describe('AiChatToolsService #410 footnote + image tools', () => {
insertImage: [], insertImage: [],
replaceImage: [], replaceImage: [],
}; };
const fakeClient: Partial<DocmostClientLike> = { const fakeClient: FakeDocmostClient = {
insertFootnote: (...args: unknown[]) => { insertFootnote: (...args: unknown[]) => {
calls.insertFootnote.push(args); calls.insertFootnote.push(args);
return Promise.resolve({ success: true, footnoteId: 'fn1', reused: false }); return Promise.resolve({ success: true, footnoteId: 'fn1', reused: false });
@@ -836,3 +910,109 @@ describe('AiChatToolsService getCurrentPage selection (#388)', () => {
); );
}); });
}); });
/**
* #440 review: the in-app drawio_create / drawio_update handlers must forward
* the optional `layout:"elk"` param to the client (5th positional arg), exactly
* like the MCP host. It was silently dropped, so ELK auto-layout worked only via
* the standalone MCP server, not in-app. These tests pin per-host parity.
*/
describe('AiChatToolsService drawio layout passthrough (#440)', () => {
const createCalls: unknown[][] = [];
const updateCalls: unknown[][] = [];
// FakeDocmostClient (not Partial<DocmostClientLike>): since #446 derived
// DocmostClientLike from the real client, its drawioCreate/drawioUpdate return
// the concrete result shape, so a minimal stub object would not be assignable.
// FakeDocmostClient types every method as (...args) => Promise<any>, which is
// exactly what these arg-capturing doubles need.
const fakeClient: FakeDocmostClient = {
drawioCreate: (...args: unknown[]) => {
createCalls.push(args);
return Promise.resolve({ success: true, nodeId: '#0' });
},
drawioUpdate: (...args: unknown[]) => {
updateCalls.push(args);
return Promise.resolve({ success: true, nodeId: '#0' });
},
};
const tokenServiceStub = {
generateAccessToken: jest.fn().mockResolvedValue('access-token'),
generateCollabToken: jest.fn().mockResolvedValue('collab-token'),
};
let service: AiChatToolsService;
beforeEach(() => {
createCalls.length = 0;
updateCalls.length = 0;
jest.spyOn(loader, 'loadDocmostMcp').mockResolvedValue(
mockLoaded(function () {
return fakeClient as DocmostClientLike;
} as unknown as loader.DocmostClientCtor),
);
service = new AiChatToolsService(
tokenServiceStub as never,
{} as never,
{} as never,
{} as never,
{} as never,
{
asSink: () => ({ put: jest.fn(), has: jest.fn(), evict: jest.fn() }),
} as never,
);
});
afterEach(() => jest.restoreAllMocks());
const buildTools = () =>
service.forUser(
{ id: 'user-1', email: 'u@example.com', workspaceId: 'ws-1' } as never,
'session-1',
'ws-1',
'chat-1',
);
it('forwards layout:"elk" to client.drawioCreate as the 5th positional arg', async () => {
const tools = await buildTools();
await tools.drawioCreate.execute(
{
pageId: 'p-1',
xml: '<mxGraphModel/>',
position: 'append',
layout: 'elk',
} as never,
{} as never,
);
expect(createCalls).toHaveLength(1);
// drawioCreate(pageId, where, xml, title, layout) — layout is args[4].
expect(createCalls[0][4]).toBe('elk');
});
it('forwards layout:"elk" to client.drawioUpdate as the 5th positional arg', async () => {
const tools = await buildTools();
await tools.drawioUpdate.execute(
{
pageId: 'p-1',
node: '#0',
xml: '<mxGraphModel/>',
baseHash: 'h',
layout: 'elk',
} as never,
{} as never,
);
expect(updateCalls).toHaveLength(1);
// drawioUpdate(pageId, node, xml, baseHash, layout) — layout is args[4].
expect(updateCalls[0][4]).toBe('elk');
});
it('omits layout (undefined 5th arg) when not requested', async () => {
const tools = await buildTools();
await tools.drawioCreate.execute(
{ pageId: 'p-1', xml: '<mxGraphModel/>', position: 'append' } as never,
{} as never,
);
expect(createCalls[0][4]).toBeUndefined();
});
});
@@ -26,6 +26,102 @@ import {
type ToolCatalogEntry, type ToolCatalogEntry,
} from './tool-tiers'; } from './tool-tiers';
/**
* Compile-time contract (issue #446): the in-app tool `execute` closures below
* call the loopback `DocmostClient` POSITIONALLY (e.g.
* `client.drawioGet(pageId, node, format ?? 'xml')`). Those closures receive an
* AI-SDK-erased (`any`) input, so a positional call inside them is NOT checked
* against the real signature — a parameter reorder/type-change in
* `packages/mcp/src/client.ts` would otherwise reach production as a runtime
* "wrong argument" tool failure with zero compile signal (the restored #294
* debt). This never-called function reproduces every positional call with
* correctly-typed placeholder arguments against the DERIVED `DocmostClientLike`
* (a `Pick` of the real `DocmostClient`), so any such reorder/rename becomes a
* SERVER COMPILE ERROR here. It emits nothing (types only) and is never invoked;
* keep each call in lockstep with the matching `execute` body below.
*/
// eslint-disable-next-line @typescript-eslint/no-unused-vars
function __assertClientCallContract(client: DocmostClientLike): void {
// Placeholders standing in for the AI-SDK-erased execute inputs. Their types
// are deliberately concrete so the positional calls are checked end-to-end.
const s = '' as string;
const n = 0 as number;
const node: unknown = null;
const edits: Array<{ find: string; replace: string; replaceAll?: boolean }> =
[];
const cells: string[] = [];
const align = undefined as 'left' | 'center' | 'right' | undefined;
// --- read ---
void client.search(s, undefined, n);
void client.getPage(s);
void client.getPageRaw(s);
void client.getWorkspace();
void client.getSpaces();
void client.listPages(s, n, true);
void client.listSidebarPages(s, s);
void client.getOutline(s);
void client.getPageJson(s);
void client.getNode(s, s);
void client.searchInPage(s, s, {
regex: true,
caseSensitive: true,
limit: n,
});
void client.getTable(s, s);
void client.listComments(s, true);
void client.getComment(s);
void client.checkNewComments(s, s, s);
void client.listShares();
void client.listPageHistory(s, s);
void client.getPageHistory(s);
void client.diffPageVersions(s, s, s);
void client.exportPageMarkdown(s);
// --- write (page) ---
void client.createPage(s, s, s, s);
void client.updatePage(s, s, s);
void client.renamePage(s, s);
void client.movePage(s, s, s);
void client.deletePage(s);
void client.editPageText(s, edits);
void client.patchNode(s, s, node);
void client.insertNode(s, node, {
position: 'append',
anchorNodeId: s,
anchorText: s,
});
void client.deleteNode(s, s);
void client.updatePageJson(s, node, s);
void client.tableInsertRow(s, s, cells, n);
void client.tableDeleteRow(s, s, n);
void client.tableUpdateCell(s, s, n, n, s);
void client.copyPageContent(s, s);
void client.importPageMarkdown(s, s);
void client.sharePage(s, true);
void client.unsharePage(s);
void client.restorePageVersion(s);
void client.transformPage(s, s, { dryRun: true });
void client.stashPage(s);
// --- write (image / footnote), in-app since #410 ---
void client.insertFootnote(s, s, s);
void client.insertImage(s, s, {
align,
alt: s,
replaceText: s,
afterText: s,
});
void client.replaceImage(s, s, s, { align, alt: s });
// --- draw.io diagrams (#423 stage 1, #424 stage 2) ---
// The 5th `layout` arg (#424) is exercised so this parity assertion fails if the
// client signature drops it — it must reach the client from the shared execute.
void client.drawioGet(s, s, 'xml');
void client.drawioCreate(s, { position: 'append', anchorNodeId: s }, s, s, 'elk');
void client.drawioUpdate(s, s, s, s, 'elk');
// --- write (comment) ---
void client.createComment(s, s, 'inline', s, s, s);
void client.resolveComment(s, true);
}
/** /**
* Per-user, per-request adapter that exposes Docmost READ operations to the * Per-user, per-request adapter that exposes Docmost READ operations to the
* agent as AI SDK tools (STAGE A = read only). * agent as AI SDK tools (STAGE A = read only).
@@ -169,8 +265,19 @@ export class AiChatToolsService {
// provenance tokens) and load the shared tool-spec registry. Client // provenance tokens) and load the shared tool-spec registry. Client
// construction is shared with the page-change detection path (#274) via // construction is shared with the page-change detection path (#274) via
// buildDocmostClient so both go over the exact same authenticated route. // buildDocmostClient so both go over the exact same authenticated route.
const { sharedToolSpecs, createCommentSignalTracker } = // searchShapes / getGuideSection (#424) are the PURE, no-network helpers
await loadDocmostMcp(); // backing drawio_shapes / drawio_guide. They are `inlineBothHosts` specs (no
// canonical execute — their catalog loader uses import.meta and can't be
// value-imported into the zod-agnostic tool-specs.ts under the server's
// commonjs type-check), so the shared registry loop below SKIPS them and this
// service wires them inline (see drawioShapes/drawioGuide entries), mirroring
// how index.ts registers them on the standalone MCP host.
const {
sharedToolSpecs,
createCommentSignalTracker,
searchShapes,
getGuideSection,
} = await loadDocmostMcp();
const client = await this.buildDocmostClient( const client = await this.buildDocmostClient(
user, user,
sessionId, sessionId,
@@ -198,6 +305,17 @@ export class AiChatToolsService {
execute, execute,
}); });
// The in-app toolset. It starts with the tools kept INLINE here for a
// documented per-layer reason: an intentional behaviour/schema divergence from
// the standalone MCP surface (searchPages' hybrid RRF,
// transformPage's guardrailed shorter schema), a
// snake_case/camelCase naming clash the shared registry forbids (getTable vs
// the MCP `table_get`), per-request state the registry loop cannot provide
// (getCurrentPage reads the resolved openedPage; searchPages closes over the
// per-request user/embedding deps), or a tool with no MCP twin
// (listSidebarPages/getComment/getPageHistory). Every SHARED tool is then added
// by the registry loop below (see it), so there is exactly one arg-mapping per
// shared tool and it can never drift from the MCP host again (#445).
const tools: Record<string, Tool> = { const tools: Record<string, Tool> = {
// INTENTIONAL per-transport divergence (not in the shared registry): this // INTENTIONAL per-transport divergence (not in the shared registry): this
// in-app search runs a semantic + keyword hybrid (RRF) with in-process // in-app search runs a semantic + keyword hybrid (RRF) with in-process
@@ -332,180 +450,14 @@ export class AiChatToolsService {
execute: async () => resolveCurrentPageResult(openedPage), execute: async () => resolveCurrentPageResult(openedPage),
}), }),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
// The execute body keeps this layer's { title, markdown } projection.
getPage: sharedTool(sharedToolSpecs.getPage, async ({ pageId }) => {
// getPage(pageId) -> { data: filterPage(page, markdown), success }.
const result = await client.getPage(pageId);
const data = (result?.data ?? {}) as {
title?: string;
content?: string;
};
return {
title: data.title ?? '',
markdown: typeof data.content === 'string' ? data.content : '',
};
}),
// --- WRITE tools (all reversible — history/trash; §6.5 / D3) --- // --- WRITE tools (all reversible — history/trash; §6.5 / D3) ---
//
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294). // NOTE (issue #411): the plain-Markdown full-body-replace tool is no longer
createPage: sharedTool( // inline here — it moved to @docmost/mcp's SHARED_TOOL_SPECS as
sharedToolSpecs.createPage, // `updatePageMarkdown` (was inline `updatePageContent`) so it registers on
async ({ title, content, spaceId, parentPageId }) => { // BOTH the external MCP and the in-app agent. The registry loop below adds
// createPage(title, content, spaceId, parentPageId?) -> // it under its inAppKey. importPageMarkdown stays a shared spec too (now
// { data: filterPage(page, markdown), success }. // inAppOnly — dropped from the external MCP surface, kept in-app).
const result = await client.createPage(
title,
content ?? '',
spaceId,
parentPageId,
);
const data = (result?.data ?? {}) as {
id?: string;
slugId?: string;
title?: string;
};
return { id: data.id ?? data.slugId, title: data.title ?? title };
},
),
updatePageContent: tool({
description:
"Replace a page's body with new Markdown content (and optionally its " +
'title). Reversible: the previous version is kept in page history.',
inputSchema: modelFriendlyInput({
pageId: z.string().describe('The id of the page to update.'),
content: z.string().describe('The new page body as Markdown.'),
title: z
.string()
.optional()
.describe('Optional new title for the page.'),
}),
execute: async ({ pageId, content, title }) => {
// updatePage mutates the live collab doc -> provenance flows from the
// collab-token provider. Returns { success, modified, message, pageId }.
const result = (await client.updatePage(pageId, content, title)) as {
success?: boolean;
};
return { pageId, updated: result?.success ?? true };
},
}),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
renamePage: sharedTool(
sharedToolSpecs.renamePage,
async ({ pageId, title }) => {
// renamePage(pageId, title) -> { success, pageId, title }.
await client.renamePage(pageId, title);
return { pageId, title };
},
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
// The shared schema adds the optional `position` field this layer lacked
// before; the execute now forwards it (the client already accepted it).
movePage: sharedTool(
sharedToolSpecs.movePage,
async ({ pageId, parentPageId, position }) => {
// movePage(pageId, parentPageId, position?) -> raw move response.
await client.movePage(pageId, parentPageId ?? null, position);
return { pageId, parentPageId: parentPageId ?? null, moved: true };
},
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
// GUARDRAIL (§14 H4) preserved: the shared schema exposes ONLY pageId, so
// permanentlyDelete/forceDelete are never part of the input and can never
// be forwarded — the agent physically cannot permanently delete a page.
deletePage: sharedTool(sharedToolSpecs.deletePage, async ({ pageId }) => {
// deletePage(pageId) hits POST /pages/delete with { pageId } only,
// which is the soft-delete (trash) path on the server.
await client.deletePage(pageId);
return { pageId, trashed: true };
}),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
// This layer keeps only its own execute-side guards (require a selection
// for a top-level comment; reject suggestedText on a reply / without a
// selection) — the schema+description are shared.
createComment: sharedTool(
sharedToolSpecs.createComment,
async ({
pageId,
content,
selection,
parentCommentId,
suggestedText,
}) => {
// createComment(pageId, content, type, selection?, parentCommentId?,
// suggestedText?). Top-level comments are inline and must carry a
// selection to anchor on; replies inherit the parent's anchor (no
// selection). Throwing here surfaces a tool error to the model (Vercel
// `ai` SDK) so the agent retries with a better selection — do not
// catch/suppress it.
if (!parentCommentId && (!selection || !selection.trim())) {
throw new Error(
"createComment requires a 'selection' (exact text to anchor on) for a new top-level comment.",
);
}
if (suggestedText !== undefined) {
if (parentCommentId) {
throw new Error(
"createComment: 'suggestedText' cannot be attached to a reply; it applies only to a top-level inline comment.",
);
}
if (!selection || !selection.trim()) {
throw new Error(
"createComment: 'suggestedText' requires a 'selection' to anchor and rewrite.",
);
}
}
const result = await client.createComment(
pageId,
content,
'inline',
selection,
parentCommentId,
suggestedText,
);
const data = (result?.data ?? {}) as { id?: string };
return { commentId: data.id, pageId };
},
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
resolveComment: sharedTool(
sharedToolSpecs.resolveComment,
async ({ commentId, resolved }) => {
// resolveComment(commentId, resolved) -> { success, commentId, resolved }.
await client.resolveComment(commentId, resolved);
return { commentId, resolved };
},
),
// --- READ tools (added) ---
getWorkspace: sharedTool(
sharedToolSpecs.getWorkspace,
async () => await client.getWorkspace(),
),
listSpaces: sharedTool(
sharedToolSpecs.listSpaces,
async () => await client.getSpaces(),
),
// INTENTIONAL per-transport divergence (not shared): keeps the `tree:true`
// hierarchy mode but is worded for the in-app agent; the standalone MCP
// `list_pages` carries its own wording. Kept per-layer so each side tunes
// its own guidance.
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
listPages: sharedTool(
sharedToolSpecs.listPages,
async ({ spaceId, limit, tree }) =>
await client.listPages(spaceId, limit, tree),
),
listSidebarPages: tool({ listSidebarPages: tool({
description: description:
@@ -525,31 +477,6 @@ export class AiChatToolsService {
await client.listSidebarPages(spaceId, pageId), await client.listSidebarPages(spaceId, pageId),
}), }),
getOutline: sharedTool(
sharedToolSpecs.getOutline,
async ({ pageId }) => await client.getOutline(pageId),
),
getPageJson: sharedTool(
sharedToolSpecs.getPageJson,
async ({ pageId }) => await client.getPageJson(pageId),
),
getNode: sharedTool(
sharedToolSpecs.getNode,
async ({ pageId, nodeId }) => await client.getNode(pageId, nodeId),
),
searchInPage: sharedTool(
sharedToolSpecs.searchInPage,
async ({ pageId, query, regex, caseSensitive, limit }) =>
await client.searchInPage(pageId, query, {
regex,
caseSensitive,
limit,
}),
),
// NOT shared (kept inline): the MCP tool name `table_get` is noun-first // NOT shared (kept inline): the MCP tool name `table_get` is noun-first
// while this key is `getTable` (verb-first), breaking the // while this key is `getTable` (verb-first), breaking the
// snake_case(inAppKey) convention the shared registry enforces. Its // snake_case(inAppKey) convention the shared registry enforces. Its
@@ -572,13 +499,6 @@ export class AiChatToolsService {
await client.getTable(pageId, table), await client.getTable(pageId, table),
}), }),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
listComments: sharedTool(
sharedToolSpecs.listComments,
async ({ pageId, includeResolved }) =>
await client.listComments(pageId, includeResolved),
),
getComment: tool({ getComment: tool({
description: 'Fetch a single comment by id (content as Markdown).', description: 'Fetch a single comment by id (content as Markdown).',
inputSchema: modelFriendlyInput({ inputSchema: modelFriendlyInput({
@@ -587,24 +507,6 @@ export class AiChatToolsService {
execute: async ({ commentId }) => await client.getComment(commentId), execute: async ({ commentId }) => await client.getComment(commentId),
}), }),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
checkNewComments: sharedTool(
sharedToolSpecs.checkNewComments,
async ({ spaceId, since, parentPageId }) =>
await client.checkNewComments(spaceId, since, parentPageId),
),
listShares: sharedTool(
sharedToolSpecs.listShares,
async () => await client.listShares(),
),
listPageHistory: sharedTool(
sharedToolSpecs.listPageHistory,
async ({ pageId, cursor }) =>
await client.listPageHistory(pageId, cursor),
),
getPageHistory: tool({ getPageHistory: tool({
description: description:
'Fetch a single page-history version including its lossless ' + 'Fetch a single page-history version including its lossless ' +
@@ -616,203 +518,8 @@ export class AiChatToolsService {
await client.getPageHistory(historyId), await client.getPageHistory(historyId),
}), }),
diffPageVersions: sharedTool(
sharedToolSpecs.diffPageVersions,
async ({ pageId, from, to }) =>
await client.diffPageVersions(pageId, from, to),
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
exportPageMarkdown: sharedTool(
sharedToolSpecs.exportPageMarkdown,
async ({ pageId }) => {
const markdown = await client.exportPageMarkdown(pageId);
return { markdown };
},
),
// --- WRITE tools (added; reversible via page history/trash) --- // --- WRITE tools (added; reversible via page history/trash) ---
editPageText: sharedTool(
sharedToolSpecs.editPageText,
async ({ pageId, edits }) => await client.editPageText(pageId, edits),
),
// Returns ONLY the short link object — never the document body — so a
// large page can be handed to an external consumer without bloating
// context.
stashPage: sharedTool(
sharedToolSpecs.stashPage,
async ({ pageId }) => await client.stashPage(pageId),
),
// Schema + description from the shared registry (identical across both
// transports). The execute body keeps its OWN parseNodeArg normalization:
// the model sometimes serializes the node as a JSON string, and we parse it
// before the client's typeof-object guard rejects it (parity with the
// standalone MCP server, index.ts patch_node).
patchNode: sharedTool(
sharedToolSpecs.patchNode,
async ({ pageId, nodeId, node }) => {
const parsedNode = parseNodeArg(node);
return await client.patchNode(pageId, nodeId, parsedNode);
},
),
// Shared registry schema + description; execute retains parseNodeArg on the
// incoming node (parity with the standalone MCP server, index.ts
// insert_node).
insertNode: sharedTool(
sharedToolSpecs.insertNode,
async ({ pageId, node, position, anchorNodeId, anchorText }) => {
const parsedNode = parseNodeArg(node);
return await client.insertNode(pageId, parsedNode, {
position,
anchorNodeId,
anchorText,
});
},
),
deleteNode: sharedTool(
sharedToolSpecs.deleteNode,
async ({ pageId, nodeId }) => await client.deleteNode(pageId, nodeId),
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
// The execute body keeps this layer's content normalization (parity with
// the standalone MCP server, index.ts update_page_json).
updatePageJson: sharedTool(
sharedToolSpecs.updatePageJson,
async ({ pageId, content, title }) => {
// undefined/null pass through as undefined (title-only / no-op); any
// string is JSON.parsed (so an empty string "" throws, matching the
// MCP server); an object is passed through unchanged.
let doc;
if (content === undefined || content === null) {
doc = undefined;
} else {
// String -> JSON.parse (throwing on invalid); object passes through.
doc = parseNodeArg(content, 'content was a string but not valid JSON');
}
return await client.updatePageJson(pageId, doc, title);
},
),
// Schema + description live in @docmost/mcp's SHARED_TOOL_SPECS (#410).
// Promoted from MCP-only so the in-app agent can attach a REAL footnote to
// already-written text instead of leaving a literal `^[...]` string.
insertFootnote: sharedTool(
sharedToolSpecs.insertFootnote,
async ({ pageId, anchorText, text }) =>
await client.insertFootnote(pageId, anchorText, text),
),
// Schema + description live in @docmost/mcp's SHARED_TOOL_SPECS (#410).
// The schema field is `imageUrl`; the client method takes it positionally.
insertImage: sharedTool(
sharedToolSpecs.insertImage,
async ({ pageId, imageUrl, align, alt, replaceText, afterText }) =>
await client.insertImage(pageId, imageUrl, {
align,
alt,
replaceText,
afterText,
}),
),
// Schema + description live in @docmost/mcp's SHARED_TOOL_SPECS (#410).
replaceImage: sharedTool(
sharedToolSpecs.replaceImage,
async ({ pageId, attachmentId, imageUrl, align, alt }) =>
await client.replaceImage(pageId, attachmentId, imageUrl, {
align,
alt,
}),
),
// Schema + description live in @docmost/mcp's SHARED_TOOL_SPECS (#423).
// meta.hash in the result is the baseHash drawioUpdate requires.
drawioGet: sharedTool(
sharedToolSpecs.drawioGet,
async ({ pageId, node, format }) =>
await client.drawioGet(pageId, node, format ?? 'xml'),
),
// Schema + description live in @docmost/mcp's SHARED_TOOL_SPECS (#423).
// The flat schema fields are regrouped into the client's `where` object.
drawioCreate: sharedTool(
sharedToolSpecs.drawioCreate,
async ({ pageId, xml, position, anchorNodeId, anchorText, title }) =>
await client.drawioCreate(
pageId,
{ position, anchorNodeId, anchorText },
xml,
title,
),
),
// Schema + description live in @docmost/mcp's SHARED_TOOL_SPECS (#423).
// baseHash is the optimistic lock: mismatch => structured conflict error.
drawioUpdate: sharedTool(
sharedToolSpecs.drawioUpdate,
async ({ pageId, node, xml, baseHash }) =>
await client.drawioUpdate(pageId, node, xml, baseHash),
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
// The table reference parameter was unified to `table` (was `tableRef`).
tableInsertRow: sharedTool(
sharedToolSpecs.tableInsertRow,
async ({ pageId, table, cells, index }) =>
await client.tableInsertRow(pageId, table, cells, index),
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
tableDeleteRow: sharedTool(
sharedToolSpecs.tableDeleteRow,
async ({ pageId, table, index }) =>
await client.tableDeleteRow(pageId, table, index),
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
tableUpdateCell: sharedTool(
sharedToolSpecs.tableUpdateCell,
async ({ pageId, table, row, col, text }) =>
await client.tableUpdateCell(pageId, table, row, col, text),
),
copyPageContent: sharedTool(
sharedToolSpecs.copyPageContent,
async ({ sourcePageId, targetPageId }) =>
await client.copyPageContent(sourcePageId, targetPageId),
),
importPageMarkdown: sharedTool(
sharedToolSpecs.importPageMarkdown,
async ({ pageId, markdown }) =>
await client.importPageMarkdown(pageId, markdown),
),
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294).
// Both layers already carried the security-confirmation framing, so there
// was no real divergence to preserve — only wording drift.
sharePage: sharedTool(
sharedToolSpecs.sharePage,
async ({ pageId, searchIndexing }) =>
await client.sharePage(pageId, searchIndexing),
),
unsharePage: sharedTool(
sharedToolSpecs.unsharePage,
async ({ pageId }) => await client.unsharePage(pageId),
),
restorePageVersion: sharedTool(
sharedToolSpecs.restorePageVersion,
async ({ historyId }) => await client.restorePageVersion(historyId),
),
// INTENTIONAL per-transport divergence (not shared): deliberately omits the // INTENTIONAL per-transport divergence (not shared): deliberately omits the
// `deleteComments` schema field (comment-deletion guardrail) and carries a // `deleteComments` schema field (comment-deletion guardrail) and carries a
// much shorter description; the standalone MCP `docmost_transform` exposes // much shorter description; the standalone MCP `docmost_transform` exposes
@@ -841,6 +548,51 @@ export class AiChatToolsService {
}), }),
}; };
// Add EVERY shared tool from the zod-agnostic registry in one loop (#445).
// The spec owns the canonical arg->client mapping; this host only decides
// WHICH mapping to run and returns its value directly (no envelope). For each
// spec:
// - skip `mcpOnly` specs (they belong to the standalone MCP host only);
// - skip `inlineBothHosts` specs (drawio_shapes / drawio_guide): they carry
// no execute and are wired INLINE just below, calling the pure helpers;
// - use `inAppExecute` when the spec declares a DELIBERATE per-layer
// difference (a projected result shape, a different guardrail message);
// - otherwise use the canonical `execute` (raw client result, identical to
// the MCP host's before it wraps it as JSON).
// The execute receives the AI-SDK-validated, type-erased input; the spec reads
// the same fields its buildShape declares. This is the SINGLE place the in-app
// arg mapping lives — it can no longer silently drift from the MCP host.
for (const spec of Object.values(sharedToolSpecs)) {
if (spec.mcpOnly) continue;
if (spec.inlineBothHosts) continue;
const run = spec.inAppExecute ?? spec.execute;
if (!run) continue; // defensive: a shared spec always carries one of them.
tools[spec.inAppKey] = sharedTool(
spec,
(async (args) =>
run(client, args as Record<string, unknown>)) as Tool['execute'],
);
}
// drawio_shapes / drawio_guide (#424): `inlineBothHosts` registry specs wired
// here with the SAME schema+description the shared spec pins, but calling the
// pure searchShapes / getGuideSection helpers off the loaded @docmost/mcp
// module — they are not client methods and their catalog loader uses
// import.meta, so they cannot live in the zod-agnostic shared execute. The raw
// result is identical to the MCP host's (which wraps it as JSON text); here
// the in-app host returns it plain, exactly like every other shared tool.
tools[sharedToolSpecs.drawioShapes.inAppKey] = sharedTool(
sharedToolSpecs.drawioShapes,
async ({ query, category, limit }) => {
const results = searchShapes(query, { category, limit });
return { query, count: results.length, results };
},
);
tools[sharedToolSpecs.drawioGuide.inAppKey] = sharedTool(
sharedToolSpecs.drawioGuide,
async ({ section }) => getGuideSection(section),
);
// Passive "new comments: N" signal (#417). PER-TURN state (forUser runs once // Passive "new comments: N" signal (#417). PER-TURN state (forUser runs once
// per turn), so the watermark starts now and only comments a human leaves // per turn), so the watermark starts now and only comments a human leaves
// WHILE this turn runs are signalled — exactly the mid-turn loop; between-turn // WHILE this turn runs are signalled — exactly the mid-turn loop; between-turn
@@ -7,6 +7,16 @@ import type {
DocmostClientLike, DocmostClientLike,
CommentSignalTrackerLike, CommentSignalTrackerLike,
} from './docmost-client.loader'; } from './docmost-client.loader';
// Test-double type for the loopback client. `DocmostClientLike` is now DERIVED
// from the real `DocmostClient` (issue #446), so its method RETURN types are the
// concrete client shapes. These probe stubs deliberately return minimal shapes
// (e.g. `getPageRaw` yielding only `{ title }`), so the doubles use the same
// method NAMES but loose async returns; each is cast to `DocmostClientLike` at
// the (return-erased) mock site, leaving production positional-call safety intact.
type FakeDocmostClient = Partial<
Record<keyof DocmostClientLike, (...args: any[]) => Promise<any>>
>;
import { SHARED_TOOL_SPECS } from '../../../../../../packages/mcp/src/tool-specs'; import { SHARED_TOOL_SPECS } from '../../../../../../packages/mcp/src/tool-specs';
// The REAL shared tracker factory, imported from source (same cross-boundary // The REAL shared tracker factory, imported from source (same cross-boundary
// approach the tool-specs spec uses) so the in-app wiring is exercised against // approach the tool-specs spec uses) so the in-app wiring is exercised against
@@ -268,15 +278,23 @@ describe('AiChatToolsService forUser + comment signal (real tracker)', () => {
// seeded at forUser time). // seeded at forUser time).
const future = new Date(Date.now() + 3_600_000).toISOString(); const future = new Date(Date.now() + 3_600_000).toISOString();
function buildService(fakeClient: Partial<DocmostClientLike>) { function buildService(fakeClient: FakeDocmostClient) {
jest.spyOn(loader, 'loadDocmostMcp').mockResolvedValue({ jest.spyOn(loader, 'loadDocmostMcp').mockResolvedValue({
DocmostClient: function () { DocmostClient: function () {
return fakeClient as DocmostClientLike; return fakeClient as DocmostClientLike;
} as unknown as loader.DocmostClientCtor, } as unknown as loader.DocmostClientCtor,
sharedToolSpecs: SHARED_TOOL_SPECS as Record<string, loader.SharedToolSpec>, sharedToolSpecs: SHARED_TOOL_SPECS as unknown as Record<string, loader.SharedToolSpec>,
// Wire the REAL factory so the in-app path is exercised end to end. // Wire the REAL factory so the in-app path is exercised end to end.
createCommentSignalTracker: createCommentSignalTracker:
createCommentSignalTracker as unknown as loader.CommentSignalTrackerFactory, createCommentSignalTracker as unknown as loader.CommentSignalTrackerFactory,
// Pure no-network draw.io helpers (#424) — required on the loader return;
// this comment-signal test doesn't exercise them, so no-op stubs suffice.
searchShapes: (() => []) as unknown as loader.SearchShapesFn,
getGuideSection: (() => ({
section: '',
content: '',
sections: [],
})) as unknown as loader.GetGuideSectionFn,
}); });
return new AiChatToolsService( return new AiChatToolsService(
tokenServiceStub as never, tokenServiceStub as never,
@@ -317,7 +335,7 @@ describe('AiChatToolsService forUser + comment signal (real tracker)', () => {
afterEach(() => jest.restoreAllMocks()); afterEach(() => jest.restoreAllMocks());
it('emits the signal (model-only) on a non-comment tool when a new comment exists', async () => { it('emits the signal (model-only) on a non-comment tool when a new comment exists', async () => {
const fakeClient: Partial<DocmostClientLike> = { const fakeClient: FakeDocmostClient = {
getPage: async () => ({ getPage: async () => ({
data: { title: 'Иранские языки', content: 'body' }, data: { title: 'Иранские языки', content: 'body' },
success: true, success: true,
@@ -342,7 +360,7 @@ describe('AiChatToolsService forUser + comment signal (real tracker)', () => {
}); });
it('does NOT add the signal to the listComments tool itself (tautological)', async () => { it('does NOT add the signal to the listComments tool itself (tautological)', async () => {
const fakeClient: Partial<DocmostClientLike> = { const fakeClient: FakeDocmostClient = {
listComments: async () => ({ listComments: async () => ({
items: [{ createdAt: future }], items: [{ createdAt: future }],
resolvedThreadsHidden: 0, resolvedThreadsHidden: 0,
@@ -356,7 +374,7 @@ describe('AiChatToolsService forUser + comment signal (real tracker)', () => {
}); });
it('no new comments => tool output is byte-identical AND the model sees no signal', async () => { it('no new comments => tool output is byte-identical AND the model sees no signal', async () => {
const fakeClient: Partial<DocmostClientLike> = { const fakeClient: FakeDocmostClient = {
getPage: async () => ({ getPage: async () => ({
data: { title: 'T', content: 'body' }, data: { title: 'T', content: 'body' },
success: true, success: true,
@@ -372,7 +390,7 @@ describe('AiChatToolsService forUser + comment signal (real tracker)', () => {
}); });
it('injection-safety: a malicious page title cannot forge a second signal', async () => { it('injection-safety: a malicious page title cannot forge a second signal', async () => {
const fakeClient: Partial<DocmostClientLike> = { const fakeClient: FakeDocmostClient = {
getPage: async () => ({ getPage: async () => ({
data: { title: 'body-title', content: 'body' }, data: { title: 'body-title', content: 'body' },
success: true, success: true,
@@ -0,0 +1,173 @@
import { createHash } from 'node:crypto';
import { mkdtempSync, mkdirSync, writeFileSync, rmSync } from 'node:fs';
import { tmpdir } from 'node:os';
import { join } from 'node:path';
import { computeSrcRegistryStamp } from './docmost-client.loader';
// The exact message the loader throws on a build/src skew (issue #447). Kept as a
// literal here so a reworded prod message reddens this test (the message is a
// developer-facing contract: it tells them how to fix it).
const STALE_BUILD_MESSAGE =
'@docmost/mcp build is stale (tool-specs changed since last build) — run: pnpm --filter @docmost/mcp build';
// Replica of the loader's inline stale-check predicate + throw from
// `loadDocmostMcp`. That guard is not independently exported (it lives inside the
// dynamic-import IIFE, wired to a fixed `require.resolve('@docmost/mcp')`), so we
// exercise the exact same three-condition logic against a stamp produced by the
// REAL `computeSrcRegistryStamp`. This documents and locks the throw/no-throw
// behaviour; if the prod predicate changes, this replica must change with it.
function assertStaleGuard(
srcStamp: string | null,
registryStamp: string | undefined,
): void {
if (
srcStamp !== null &&
typeof registryStamp === 'string' &&
srcStamp !== registryStamp
) {
throw new Error(STALE_BUILD_MESSAGE);
}
}
// Build a throwaway `<pkg>/build/index.js` + optional `<pkg>/src/tool-specs.ts`
// layout so `computeSrcRegistryStamp(<pkg>/build/index.js)` resolves src the same
// way the loader does (dirname(dirname(entry))/src/tool-specs.ts).
function makeFakePackage(toolSpecsSource: string | null): {
entry: string;
cleanup: () => void;
} {
const root = mkdtempSync(join(tmpdir(), 'mcp-stamp-'));
const buildDir = join(root, 'build');
mkdirSync(buildDir, { recursive: true });
const entry = join(buildDir, 'index.js');
writeFileSync(entry, '// fake @docmost/mcp build entry\n', 'utf8');
if (toolSpecsSource !== null) {
const srcDir = join(root, 'src');
mkdirSync(srcDir, { recursive: true });
writeFileSync(join(srcDir, 'tool-specs.ts'), toolSpecsSource, 'utf8');
}
return { entry, cleanup: () => rmSync(root, { recursive: true, force: true }) };
}
describe('computeSrcRegistryStamp (#447 stale-build guard)', () => {
it('returns null when src/tool-specs.ts is absent (prod no-op path)', () => {
// A prod image ships only build/, no src/ — the guard must be a silent no-op.
const { entry, cleanup } = makeFakePackage(null);
try {
expect(computeSrcRegistryStamp(entry)).toBeNull();
} finally {
cleanup();
}
});
it('returns null for a bogus package entry (swallowed error path)', () => {
// A resolution/read hiccup must NEVER break startup — it resolves to null.
expect(
computeSrcRegistryStamp('/no/such/pkg/build/index.js'),
).toBeNull();
});
it('computes a 64-char sha256 hex when src/tool-specs.ts exists', () => {
const { entry, cleanup } = makeFakePackage('export const specs = 1;\n');
try {
const stamp = computeSrcRegistryStamp(entry);
expect(stamp).toMatch(/^[0-9a-f]{64}$/);
} finally {
cleanup();
}
});
it('normalizes CRLF->LF and strips a single trailing newline', () => {
// A CRLF+trailing-newline variant of the same content hashes identically to
// the bare-LF form — the guard must not fire on a checkout-style difference.
const bare = makeFakePackage('alpha\nbeta');
const crlfTrailing = makeFakePackage('alpha\r\nbeta\r\n');
try {
expect(computeSrcRegistryStamp(crlfTrailing.entry)).toBe(
computeSrcRegistryStamp(bare.entry),
);
} finally {
bare.cleanup();
crlfTrailing.cleanup();
}
});
// CROSS-IMPL EQUALITY (covers reviewer suggestion 2). The SAME fixed input and
// EXPECTED hash are asserted in the mcp-side node test
// (packages/mcp/test/unit/registry-stamp.test.mjs) against the codegen's
// `computeRegistryStamp`. Asserting the SAME pair here against the loader's
// `computeSrcRegistryStamp` proves both implementations normalize+hash
// identically; a divergence in EITHER side reddens one of the two tests.
it('matches the documented cross-impl hash for a fixed input', () => {
const FIXED_INPUT = 'line1\r\nline2\n';
const EXPECTED =
'683376e290829b482c2655745caffa7a1dccfa10afaa62dac2b42dd6c68d0f83';
const { entry, cleanup } = makeFakePackage(FIXED_INPUT);
try {
expect(computeSrcRegistryStamp(entry)).toBe(EXPECTED);
} finally {
cleanup();
}
});
it('the documented EXPECTED is the normalize+sha256 of the fixed input', () => {
// Proves EXPECTED is not a magic constant but the documented computation.
const FIXED_INPUT = 'line1\r\nline2\n';
const normalized = FIXED_INPUT.replace(/\r\n/g, '\n').replace(/\n$/, '');
const expected = createHash('sha256')
.update(normalized, 'utf8')
.digest('hex');
const { entry, cleanup } = makeFakePackage(FIXED_INPUT);
try {
expect(computeSrcRegistryStamp(entry)).toBe(expected);
} finally {
cleanup();
}
});
});
describe('loadDocmostMcp stale-check predicate (#447)', () => {
it('THROWS the exact stale message when src stamp != built REGISTRY_STAMP', () => {
const { entry, cleanup } = makeFakePackage('export const specs = 1;\n');
try {
const srcStamp = computeSrcRegistryStamp(entry);
expect(srcStamp).not.toBeNull();
// Simulate a stale build: build/ carries a DIFFERENT stamp than src.
expect(() => assertStaleGuard(srcStamp, 'a'.repeat(64))).toThrow(
STALE_BUILD_MESSAGE,
);
} finally {
cleanup();
}
});
it('does NOT throw when src stamp equals the built REGISTRY_STAMP', () => {
const { entry, cleanup } = makeFakePackage('export const specs = 1;\n');
try {
const srcStamp = computeSrcRegistryStamp(entry);
// Fresh build: build/ stamp == src stamp -> guard is a no-op.
expect(() => assertStaleGuard(srcStamp, srcStamp as string)).not.toThrow();
} finally {
cleanup();
}
});
it('does NOT throw when src is absent (prod: srcStamp === null)', () => {
// Even against a present-but-mismatched REGISTRY_STAMP, a null src stamp
// (prod image with build/ only) must skip the check entirely.
expect(() => assertStaleGuard(null, 'a'.repeat(64))).not.toThrow();
});
it('does NOT throw when REGISTRY_STAMP is absent (pre-#447 build)', () => {
// An older @docmost/mcp build has no REGISTRY_STAMP export; the guard must be
// a no-op so an out-of-date build never wrongly blocks startup.
const { entry, cleanup } = makeFakePackage('export const specs = 1;\n');
try {
const srcStamp = computeSrcRegistryStamp(entry);
expect(() => assertStaleGuard(srcStamp, undefined)).not.toThrow();
} finally {
cleanup();
}
});
});
@@ -1,264 +1,96 @@
import { createHash } from 'node:crypto';
import { existsSync, readFileSync } from 'node:fs';
import { dirname, join } from 'node:path';
import { pathToFileURL } from 'node:url'; import { pathToFileURL } from 'node:url';
import type { DocmostClient, SharedToolSpec } from '@docmost/mcp';
// Re-export SharedToolSpec so downstream server modules keep a single import
// path (they import it from this loader). The shape is DERIVED from the package
// entry, not re-declared here — see the import above (issue #446).
export type { SharedToolSpec } from '@docmost/mcp';
/** /**
* Minimal structural type for the `DocmostClient` class we consume from the * The exact set of `DocmostClient` methods the per-user in-app tool adapter
* ESM-only `@docmost/mcp` package. We only need the constructor + the read/write * consumes. This is the AUTHORITATIVE list of the client surface the server
* methods used by the per-user tool adapter; the full client surface lives in * depends on; the adapter calls these methods POSITIONALLY, so this set is what
* `packages/mcp/src/client.ts`. Signatures here mirror that file exactly. * the derived type below type-checks against the real class (issue #446).
*
* DRIFT GUARD: the method NAMES below are runtime-checked against the real
* `DocmostClient` by `packages/mcp/test/unit/client-host-contract.test.mjs`
* (which can import the ESM class directly). If you rename/remove a method here
* or in client.ts, that test fails — so a stale mirror cannot silently ship a
* runtime "x is not a function" into an agent tool call. Keep the two in sync.
*
* STAGED PLAN — full derivation `DocmostClientLike = <real DocmostClient type>`
* (issue #193, layer 3) is intentionally NOT done; it stays a hand-mirror for
* now because of two verified blockers across the ESM(mcp)/CJS(server) boundary:
* 1. `@docmost/mcp` emits NO declaration files (its tsconfig has no
* `declaration`, package.json has no `types`/types-export) and the server
* tsconfig has no path mapping for it — the server only loads it via the
* runtime `import()` trick below, so there is no type to import today.
* 2. The real client methods have inferred, CONCRETE return types; the in-app
* tool adapter reads results through loose `Record<string,unknown>` returns
* + `as` casts (e.g. `(result?.data ?? {}) as { title?: string }`).
* Deriving the exact type would make those casts non-overlapping ("may be a
* mistake") and break the build, and `Partial<DocmostClientLike>` test stubs
* would have to satisfy the full concrete surface.
* To do it safely later (incrementally): (a) turn on `declaration: true` in
* packages/mcp/tsconfig.json + add a `types` export condition and commit the
* emitted `.d.ts`; (b) `import type { DocmostClient } from '@docmost/mcp'` here
* and replace this interface with a `Pick<DocmostClient, ...>` of the consumed
* methods; (c) audit every `as` cast in ai-chat-tools.service.ts against the now
* concrete return types (double-cast through `unknown` only where genuinely
* needed); (d) keep the runtime guard test as a belt-and-braces check. Until
* then the guard test above is the cheap, behaviour-neutral protection.
*/ */
export interface DocmostClientLike { type DocmostClientMethod =
// --- read --- // --- read ---
search( | 'search'
query: string, | 'getPage'
spaceId?: string, | 'getPageRaw'
limit?: number, | 'getWorkspace'
): Promise<{ items: unknown[]; success: boolean }>; | 'getSpaces'
getPage( | 'listPages'
pageId: string, | 'listSidebarPages'
): Promise<{ data: Record<string, unknown>; success: boolean }>; | 'getOutline'
// Light raw page info (`/pages/info`): title + slugId + ProseMirror content, | 'getPageJson'
// WITHOUT the Markdown render / subpage expansion getPage does. Used by the | 'getNode'
// comment-signal probe to read just the page title on a hit. | 'searchInPage'
getPageRaw(pageId: string): Promise<Record<string, unknown> | null>; | 'getTable'
getWorkspace(): Promise<{ data: Record<string, unknown>; success: boolean }>; | 'listComments'
getSpaces(): Promise<unknown[]>; | 'getComment'
listPages( | 'checkNewComments'
spaceId?: string, | 'listShares'
limit?: number, | 'listPageHistory'
tree?: boolean, | 'getPageHistory'
): Promise<unknown[]>; | 'diffPageVersions'
listSidebarPages(spaceId: string, pageId?: string): Promise<unknown[]>; | 'exportPageMarkdown'
getOutline(pageId: string): Promise<Record<string, unknown>>;
getPageJson(pageId: string): Promise<Record<string, unknown>>;
getNode(pageId: string, nodeId: string): Promise<Record<string, unknown>>;
searchInPage(
pageId: string,
query: string,
opts?: { regex?: boolean; caseSensitive?: boolean; limit?: number },
): Promise<Record<string, unknown>>;
getTable(pageId: string, tableRef: string): Promise<Record<string, unknown>>;
// Returns `{ items, resolvedThreadsHidden }`. DEFAULT (includeResolved unset/
// false) hides resolved threads wholesale; pass true for the full feed.
listComments(
pageId: string,
includeResolved?: boolean,
): Promise<{ items: unknown[]; resolvedThreadsHidden: number }>;
getComment(
commentId: string,
): Promise<{ data: Record<string, unknown>; success: boolean }>;
checkNewComments(
spaceId: string,
since: string,
parentPageId?: string,
): Promise<unknown>;
listShares(): Promise<unknown[]>;
listPageHistory(
pageId: string,
cursor?: string,
): Promise<{ items: unknown[]; nextCursor: string | null }>;
getPageHistory(historyId: string): Promise<Record<string, unknown>>;
diffPageVersions(
pageId: string,
from?: string,
to?: string,
): Promise<Record<string, unknown>>;
exportPageMarkdown(pageId: string): Promise<string>;
// --- write (page) --- // --- write (page) ---
createPage( | 'createPage'
title: string, | 'updatePage'
content: string, | 'renamePage'
spaceId: string, | 'movePage'
parentPageId?: string, | 'deletePage'
): Promise<{ data: Record<string, unknown>; success: boolean }>; | 'editPageText'
// Markdown content update via the collab path (carries provenance via the | 'patchNode'
// collab-token provider). Optionally also updates the title. | 'insertNode'
updatePage( | 'deleteNode'
pageId: string, | 'updatePageJson'
content: string, | 'tableInsertRow'
title?: string, | 'tableDeleteRow'
): Promise<Record<string, unknown>>; | 'tableUpdateCell'
// Title-only rename via REST. | 'copyPageContent'
renamePage( | 'importPageMarkdown'
pageId: string, | 'sharePage'
title: string, | 'unsharePage'
): Promise<Record<string, unknown>>; | 'restorePageVersion'
// Move via REST. parentPageId null => move to space root. | 'transformPage'
movePage( | 'stashPage'
pageId: string, // --- write (image / footnote), in-app since #410 ---
parentPageId: string | null, | 'insertImage'
position?: string, | 'replaceImage'
): Promise<unknown>; | 'insertFootnote'
// SOFT delete only (POST /pages/delete with { pageId }). NEVER permanent. // --- draw.io diagrams (#423 stage 1, #424 stage 2) ---
deletePage(pageId: string): Promise<unknown>; // DERIVED from the real DocmostClient (#446): drawioCreate/drawioUpdate carry
editPageText( // the optional layout:"elk" 5th arg in the real signature, so the layout parity
pageId: string, // (#440) is inherited automatically — no hand-written mirror to keep in sync.
edits: Array<{ find: string; replace: string; replaceAll?: boolean }>, | 'drawioGet'
): Promise<Record<string, unknown>>; | 'drawioCreate'
patchNode( | 'drawioUpdate'
pageId: string,
nodeId: string,
node: unknown,
): Promise<Record<string, unknown>>;
insertNode(
pageId: string,
node: unknown,
opts: {
position: 'before' | 'after' | 'append';
anchorNodeId?: string;
anchorText?: string;
},
): Promise<Record<string, unknown>>;
deleteNode(
pageId: string,
nodeId: string,
): Promise<Record<string, unknown>>;
updatePageJson(
pageId: string,
doc?: unknown,
title?: string,
): Promise<Record<string, unknown>>;
// Attach an author-inline footnote after the first occurrence of anchorText;
// numbering + the footnotes list are derived server-side.
insertFootnote(
pageId: string,
anchorText: string,
text: string,
): Promise<Record<string, unknown>>;
// Download a web image and insert it into the page (append, or replace/after a
// text anchor). `url` is the image http(s) URL.
insertImage(
pageId: string,
url: string,
opts?: {
align?: 'left' | 'center' | 'right';
alt?: string;
replaceText?: string;
afterText?: string;
},
): Promise<Record<string, unknown>>;
// Swap an existing image (by its attachmentId) for a new one fetched from a web
// URL, repointing every reference in the live document.
replaceImage(
pageId: string,
oldAttachmentId: string,
url: string,
opts?: { align?: 'left' | 'center' | 'right'; alt?: string },
): Promise<Record<string, unknown>>;
// --- draw.io diagrams (#423, stage 1) ---
// Read a diagram as decoded mxGraph XML (default) or the raw .drawio.svg.
// meta.hash is the optimistic-lock key drawioUpdate expects as baseHash.
drawioGet(
pageId: string,
node: string,
format?: 'xml' | 'svg',
): Promise<Record<string, unknown>>;
// Lint mxGraph XML, build the .drawio.svg attachment and insert a drawio node.
drawioCreate(
pageId: string,
where: {
position: 'before' | 'after' | 'append';
anchorNodeId?: string;
anchorText?: string;
},
xml: string,
title?: string,
): Promise<Record<string, unknown>>;
// Optimistic-locked full replacement of a diagram (baseHash from drawioGet).
drawioUpdate(
pageId: string,
node: string,
xml: string,
baseHash: string,
): Promise<Record<string, unknown>>;
tableInsertRow(
pageId: string,
tableRef: string,
cells: string[],
index?: number,
): Promise<Record<string, unknown>>;
tableDeleteRow(
pageId: string,
tableRef: string,
index: number,
): Promise<Record<string, unknown>>;
tableUpdateCell(
pageId: string,
tableRef: string,
row: number,
col: number,
text: string,
): Promise<Record<string, unknown>>;
copyPageContent(
sourcePageId: string,
targetPageId: string,
): Promise<Record<string, unknown>>;
importPageMarkdown(
pageId: string,
fullMarkdown: string,
): Promise<Record<string, unknown>>;
sharePage(
pageId: string,
searchIndexing?: boolean,
): Promise<Record<string, unknown>>;
unsharePage(pageId: string): Promise<Record<string, unknown>>;
restorePageVersion(historyId: string): Promise<Record<string, unknown>>;
// The opts type declares deleteComments? to match the real client signature,
// but the agent tool NEVER sets it (comment deletion stays unreachable).
transformPage(
pageId: string,
transformJs: string,
opts?: { dryRun?: boolean; deleteComments?: boolean },
): Promise<Record<string, unknown>>;
// --- write (comment) --- // --- write (comment) ---
createComment( | 'createComment'
pageId: string, | 'resolveComment';
content: string,
type?: 'page' | 'inline', /**
selection?: string, * The client surface the per-user tool adapter consumes, DERIVED from the real
parentCommentId?: string, * `DocmostClient` type in `@docmost/mcp` (issue #446, restored #294 debt). This
suggestedText?: string, * replaces the former hand-mirror of ~45 method signatures.
): Promise<{ data: Record<string, unknown>; success: boolean }>; *
resolveComment( * `import type` (above) is fully ERASED at compile time, so nothing is actually
commentId: string, * imported from the ESM-only package at runtime — the server still loads the
resolved: boolean, * class through the dynamic `import()` trick in `loadDocmostMcp` below; this is
): Promise<Record<string, unknown>>; * purely a compile-time type. Deriving via `Pick` means a parameter reorder or a
// Serialize a page + mirror its internal images into the blob sandbox; returns * type change to any of these methods in `client.ts` now becomes a SERVER
// ONLY a short anonymous URL (the body never enters the model context). * COMPILE ERROR at the positional call sites in ai-chat-tools.service.ts,
stashPage(pageId: string): Promise<{ * instead of a silent runtime "wrong argument" failure inside an agent tool.
uri: string; *
sha256: string; * This made the old name-only drift-guard test
size: number; * (packages/mcp/test/unit/client-host-contract.test.mjs) redundant — tsc now
images: { mirrored: number; failed: number }; * enforces both names AND signatures — so that test was removed.
}>; */
} export type DocmostClientLike = Pick<DocmostClient, DocmostClientMethod>;
export type DocmostClientConfig = { export type DocmostClientConfig = {
apiUrl: string; apiUrl: string;
@@ -280,32 +112,7 @@ export type DocmostClientConfig = {
}; };
export interface DocmostClientCtor { export interface DocmostClientCtor {
new (config: DocmostClientConfig): DocmostClientLike; new (config: DocmostClientConfig): DocmostClient;
}
/**
* Local hand-mirror of the `SharedToolSpec` shape exported from
* `@docmost/mcp` (packages/mcp/src/tool-specs.ts). Same approach as
* `DocmostClientLike`: we do not import the ESM package's types directly across
* the CJS/ESM boundary. The registry itself has no runtime deps, but keeping the
* type local avoids coupling the server build to the package's type surface.
*
* `buildShape` is intentionally zod-agnostic: it returns a plain ZodRawShape
* built with whatever zod namespace the caller passes (the server passes its own
* zod v4; the MCP package passes its zod v3). See the registry module comment.
*/
export interface SharedToolSpec {
mcpName: string;
inAppKey: string;
description: string;
// Deferred-tool metadata (#332). Optional in this mirror so an older/stale
// @docmost/mcp build (pre-#332) still type-checks; the in-app catalog builder
// reads them defensively. The external /mcp server ignores both fields.
tier?: 'core' | 'deferred';
catalogLine?: string;
// Loose `z` on purpose: the registry is zod-agnostic so the server can pass
// its own zod (v4) and the MCP package its own (v3) into the same builder.
buildShape?: (z: any) => Record<string, unknown>;
} }
/** /**
@@ -337,6 +144,19 @@ export type CommentSignalTrackerFactory = (options: {
debounceMs?: number; debounceMs?: number;
}) => CommentSignalTrackerLike; }) => CommentSignalTrackerLike;
// Pure, no-network draw.io helpers (#424). These are plain functions on the
// module (NOT DocmostClient methods) — the in-app AI-SDK service calls them
// directly to wire drawio_shapes / drawio_guide, mirroring the MCP server.
export type SearchShapesFn = (
query: string,
opts?: { category?: string; limit?: number },
) => Array<Record<string, unknown>>;
export type GetGuideSectionFn = (section?: string) => {
section: string;
content: string;
sections: string[];
};
interface DocmostMcpModule { interface DocmostMcpModule {
DocmostClient: DocmostClientCtor; DocmostClient: DocmostClientCtor;
SHARED_TOOL_SPECS: Record<string, SharedToolSpec>; SHARED_TOOL_SPECS: Record<string, SharedToolSpec>;
@@ -344,6 +164,59 @@ interface DocmostMcpModule {
// loader in unit tests. The in-app layer treats an absent factory as "signal // loader in unit tests. The in-app layer treats an absent factory as "signal
// disabled" — a pure no-op that leaves tool results byte-identical. // disabled" — a pure no-op that leaves tool results byte-identical.
createCommentSignalTracker?: CommentSignalTrackerFactory; createCommentSignalTracker?: CommentSignalTrackerFactory;
// Optional (#447): a deterministic hash of the tool-specs registry content,
// generated into build/ by the package's build. Absent on a pre-#447 build (or
// the mocked loader in unit tests) — the stale-check below is a NO-OP when it
// is missing, so an older build never wrongly fails startup.
REGISTRY_STAMP?: string;
// Pure, no-network draw.io helpers (#424) backing drawio_shapes / drawio_guide.
// Those two specs are `inlineBothHosts` (they stay in SHARED_TOOL_SPECS for the
// shared contract but carry no execute — their catalog loader uses import.meta
// and can't be value-imported into the zod-agnostic tool-specs.ts), so the
// in-app service wires them INLINE off these helpers, mirroring the standalone
// MCP host. Exposed off the loaded module so the service and its test mocks can
// reach them.
searchShapes: SearchShapesFn;
getGuideSection: GetGuideSectionFn;
}
/**
* Recompute the REGISTRY_STAMP (#447) from the @docmost/mcp source tree, if it is
* present. Returns the stamp string, or `null` when the source is absent (a prod
* image ships only build/, no src/). MUST stay byte-for-byte identical to
* packages/mcp/scripts/gen-registry-stamp.mjs's `computeRegistryStamp` so the
* build-time and src-time hashes agree: same input file (src/tool-specs.ts), same
* normalization (CRLF -> LF, strip a single trailing newline), same sha256.
*
* DEV vs PROD detection is by FILE EXISTENCE, not NODE_ENV: we resolve the
* package's own directory from `require.resolve('@docmost/mcp')` (which points at
* build/index.js) and look for ../src/tool-specs.ts next to it. In a dev/test
* worktree that file exists; in a prod image (build/ only, src/ stripped) it does
* not, so this returns null and the caller skips the check. Any error (ENOENT, a
* bad resolve) is swallowed to null — the stale-check must NEVER break startup.
*
* Exported for unit testing (docmost-client.loader.spec.ts): the export keyword
* is behaviourally a no-op — the module-internal caller `loadDocmostMcp` is
* unaffected. The test drives the null (no-src) path and asserts this
* normalize+sha256 stays identical to the codegen's `computeRegistryStamp`.
*/
export function computeSrcRegistryStamp(packageEntry: string): string | null {
try {
// packageEntry is <pkg>/build/index.js; the source lives at <pkg>/src/.
const toolSpecsPath = join(
dirname(dirname(packageEntry)),
'src',
'tool-specs.ts',
);
if (!existsSync(toolSpecsPath)) return null; // prod: no src tree -> skip.
const source = readFileSync(toolSpecsPath, 'utf8');
const normalized = source.replace(/\r\n/g, '\n').replace(/\n$/, '');
return createHash('sha256').update(normalized, 'utf8').digest('hex');
} catch {
// Never let a resolution/read hiccup break server startup — treat as "no
// src available" and skip the check (identical to the prod no-op path).
return null;
}
} }
// TS with module:commonjs downlevels a literal `import()` to `require()`, which // TS with module:commonjs downlevels a literal `import()` to `require()`, which
@@ -368,6 +241,8 @@ export async function loadDocmostMcp(): Promise<{
DocmostClient: DocmostClientCtor; DocmostClient: DocmostClientCtor;
sharedToolSpecs: Record<string, SharedToolSpec>; sharedToolSpecs: Record<string, SharedToolSpec>;
createCommentSignalTracker?: CommentSignalTrackerFactory; createCommentSignalTracker?: CommentSignalTrackerFactory;
searchShapes: SearchShapesFn;
getGuideSection: GetGuideSectionFn;
}> { }> {
if (!modulePromise) { if (!modulePromise) {
modulePromise = (async () => { modulePromise = (async () => {
@@ -375,6 +250,23 @@ export async function loadDocmostMcp(): Promise<{
const mod = (await esmImport( const mod = (await esmImport(
pathToFileURL(entry).href, pathToFileURL(entry).href,
)) as DocmostMcpModule; )) as DocmostMcpModule;
// #447 stale-build guard (dev/test only). The server loads the COMPILED
// build/ of @docmost/mcp, but the parity/tier guard tests read src/. If a
// tool spec is edited in src without rebuilding the package, build/ and src/
// silently diverge and the running server serves the OLD tools. Here we
// recompute the stamp from src/tool-specs.ts and compare it to the stamp
// baked into build/. In PROD the src tree is absent (image ships build/
// only), so computeSrcRegistryStamp returns null and this is a pure no-op.
const srcStamp = computeSrcRegistryStamp(entry);
if (
srcStamp !== null &&
typeof mod.REGISTRY_STAMP === 'string' &&
srcStamp !== mod.REGISTRY_STAMP
) {
throw new Error(
'@docmost/mcp build is stale (tool-specs changed since last build) — run: pnpm --filter @docmost/mcp build',
);
}
return mod; return mod;
})().catch((err) => { })().catch((err) => {
// Do not cache a rejected import — allow the next call to retry. // Do not cache a rejected import — allow the next call to retry.
@@ -396,5 +288,8 @@ export async function loadDocmostMcp(): Promise<{
// Optional: forwarded when present so the in-app layer can build the passive // Optional: forwarded when present so the in-app layer can build the passive
// comment signal (#417); undefined on a stale build => signal disabled. // comment signal (#417); undefined on a stale build => signal disabled.
createCommentSignalTracker: mod.createCommentSignalTracker, createCommentSignalTracker: mod.createCommentSignalTracker,
// Pure no-network draw.io helpers (#424); not client methods.
searchShapes: mod.searchShapes,
getGuideSection: mod.getGuideSection,
}; };
} }
@@ -45,6 +45,16 @@ describe('SHARED_TOOL_SPECS contract parity', () => {
string, string,
loader.SharedToolSpec loader.SharedToolSpec
>, >,
// Pure no-network draw.io helpers (#424). The contract test never executes
// a tool body, so type-correct stubs suffice (the real functions can't be
// imported here — drawio-shapes.ts uses import.meta, incompatible with the
// CommonJS jest transform).
searchShapes: (() => []) as unknown as loader.SearchShapesFn,
getGuideSection: (() => ({
section: 'index',
content: '',
sections: [],
})) as unknown as loader.GetGuideSectionFn,
}); });
const service = new AiChatToolsService( const service = new AiChatToolsService(
tokenServiceStub as never, tokenServiceStub as never,
@@ -70,7 +80,7 @@ describe('SHARED_TOOL_SPECS contract parity', () => {
// Type as the (optional-buildShape) SharedToolSpec; the `satisfies` literal // Type as the (optional-buildShape) SharedToolSpec; the `satisfies` literal
// above otherwise narrows to a union where some members lack buildShape. // above otherwise narrows to a union where some members lack buildShape.
const specEntries = Object.entries(SHARED_TOOL_SPECS) as Array< const specEntries = Object.entries(SHARED_TOOL_SPECS) as unknown as Array<
[string, loader.SharedToolSpec] [string, loader.SharedToolSpec]
>; >;
@@ -123,7 +123,14 @@ describe('deferred catalog ↔ live forUser() toolset partition (#332, F3)', ()
DocmostClient: function () { DocmostClient: function () {
return {} as DocmostClientLike; return {} as DocmostClientLike;
} as unknown as loader.DocmostClientCtor, } as unknown as loader.DocmostClientCtor,
sharedToolSpecs: SHARED_TOOL_SPECS as Record<string, loader.SharedToolSpec>, sharedToolSpecs: SHARED_TOOL_SPECS as unknown as Record<string, loader.SharedToolSpec>,
// Pure no-network draw.io helpers (#424); tool bodies are never executed here.
searchShapes: (() => []) as unknown as loader.SearchShapesFn,
getGuideSection: (() => ({
section: 'index',
content: '',
sections: [],
})) as unknown as loader.GetGuideSectionFn,
}); });
const service = new AiChatToolsService( const service = new AiChatToolsService(
{ {
@@ -232,6 +239,16 @@ describe('applyLoadTools (#332)', () => {
expect(LOAD_TOOLS_DESCRIPTION).toContain('only ACTIVATES them'); expect(LOAD_TOOLS_DESCRIPTION).toContain('only ACTIVATES them');
expect(LOAD_TOOLS_DESCRIPTION).toContain('callable on your NEXT step'); expect(LOAD_TOOLS_DESCRIPTION).toContain('callable on your NEXT step');
}); });
it('loadTools description tells the model CORE tools are always active (#444)', () => {
expect(LOAD_TOOLS_DESCRIPTION).toContain(
'Tools NOT listed in the catalog are CORE and ALWAYS active',
);
expect(LOAD_TOOLS_DESCRIPTION).toContain('NEVER via loadTools');
// Names it out explicitly so the model doesn't loadTools a core tool.
expect(LOAD_TOOLS_DESCRIPTION).toContain('createComment');
expect(LOAD_TOOLS_DESCRIPTION).toContain('searchInPage');
});
}); });
describe('editorial "Corrector" scenario is fully served by CORE (#332)', () => { describe('editorial "Corrector" scenario is fully served by CORE (#332)', () => {
@@ -84,7 +84,10 @@ export const LOAD_TOOLS_DESCRIPTION =
'block in your instructions. Pass the EXACT tool names from the catalog; this\n' + 'block in your instructions. Pass the EXACT tool names from the catalog; this\n' +
'call only ACTIVATES them and returns { loaded: [...] } — the tools become\n' + 'call only ACTIVATES them and returns { loaded: [...] } — the tools become\n' +
'callable on your NEXT step. Load several names in one call when the task clearly\n' + 'callable on your NEXT step. Load several names in one call when the task clearly\n' +
'needs them. Unknown names are rejected with the list of valid ones.'; 'needs them. Unknown names are rejected with the list of valid ones.\n' +
'Tools NOT listed in the catalog are CORE and ALWAYS active — call them directly,\n' +
'NEVER via loadTools (e.g. createComment, listComments, resolveComment,\n' +
'editPageText, searchInPage).';
/** /**
* Tier + catalogLine for the INLINE ai-chat tools — those defined per-layer in * Tier + catalogLine for the INLINE ai-chat tools — those defined per-layer in
@@ -121,12 +124,9 @@ export const INLINE_TOOL_TIERS: Record<
// --- deferred inline --- // --- deferred inline ---
// NOTE: createPage, renamePage, movePage, deletePage, updatePageJson and // NOTE: createPage, renamePage, movePage, deletePage, updatePageJson and
// exportPageMarkdown moved to @docmost/mcp's SHARED_TOOL_SPECS (#294); they // exportPageMarkdown moved to @docmost/mcp's SHARED_TOOL_SPECS (#294); they
// carry their own deferred tier + catalogLine there. // carry their own deferred tier + catalogLine there. updatePageContent moved
updatePageContent: { // there too as updatePageMarkdown (#411) — a shared registry spec now, so it
tier: 'deferred', // is no longer an inline tier entry.
catalogLine:
"updatePageContent — replace a page's body (and optionally title) with new Markdown.",
},
listSidebarPages: { listSidebarPages: {
tier: 'deferred', tier: 'deferred',
catalogLine: catalogLine:
@@ -158,4 +158,27 @@ describe('EnvironmentService', () => {
).toBe('https://app.example.com'); ).toBe('https://app.example.com');
}); });
}); });
describe('isAiChatFinalStepLockdownEnabled (#444)', () => {
const build = (val?: string) =>
new EnvironmentService({
get: (key: string, def?: string) =>
key === 'AI_CHAT_FINAL_STEP_LOCKDOWN' ? (val ?? def) : def,
} as any);
it('defaults to OFF (false) when unset — the new anti-degeneration default', () => {
expect(build(undefined).isAiChatFinalStepLockdownEnabled()).toBe(false);
});
it('is true only for the exact opt-in "true" (case-insensitive)', () => {
expect(build('true').isAiChatFinalStepLockdownEnabled()).toBe(true);
expect(build('TRUE').isAiChatFinalStepLockdownEnabled()).toBe(true);
});
it('stays OFF for any other value', () => {
expect(build('false').isAiChatFinalStepLockdownEnabled()).toBe(false);
expect(build('1').isAiChatFinalStepLockdownEnabled()).toBe(false);
expect(build('yes').isAiChatFinalStepLockdownEnabled()).toBe(false);
});
});
}); });
@@ -292,6 +292,24 @@ export class EnvironmentService {
return enabled === 'true'; return enabled === 'true';
} }
/**
* Final-step lockdown for the in-app agent loop (#444). When ON (legacy), the
* LAST allowed step forces a text-only answer: tools are stripped
* (toolChoice:'none') and a synthesis instruction is appended. Defaults to OFF:
* stripping the tools mid-work triggered a token-loop degeneration incident
* (the model, robbed of its tools on the final step, emitted a 255KB block
* repeating a single token). With the toggle OFF the last step keeps its tools
* and gets only a SOFT nudge to finish with a text summary; the universal
* anti-babble guard is the token-degeneration detector instead. Enable this
* only for a model that does NOT reliably end its turns with a text answer.
*/
isAiChatFinalStepLockdownEnabled(): boolean {
const enabled = this.configService
.get<string>('AI_CHAT_FINAL_STEP_LOCKDOWN', 'false')
.toLowerCase();
return enabled === 'true';
}
/** /**
* Resumable SSE transport for durable agent runs (#184 phase 1.5). When * Resumable SSE transport for durable agent runs (#184 phase 1.5). When
* enabled, a run tees its SSE frames into the in-memory run-stream registry so * enabled, a run tees its SSE frames into the in-memory run-stream registry so
@@ -1,3 +1,8 @@
import * as fs from 'node:fs';
import * as os from 'node:os';
import { join } from 'node:path';
import Fastify, { FastifyInstance } from 'fastify';
import fastifyStatic from '@fastify/static';
import { resolveStaticAssetHeaders } from './static.module'; import { resolveStaticAssetHeaders } from './static.module';
// Unit tests for the static-asset cache classifier extracted from the // Unit tests for the static-asset cache classifier extracted from the
@@ -33,3 +38,69 @@ describe('resolveStaticAssetHeaders', () => {
expect(headers['vary']).toBe('Accept-Encoding'); expect(headers['vary']).toBe('Accept-Encoding');
}); });
}); });
// Integration test proving the ACTUAL response header emitted by @fastify/static
// with the exact registration options StaticModule uses. This is the regression
// guard for #452: without `cacheControl: false`, @fastify/static writes its own
// `Cache-Control: public, max-age=0` AFTER the setHeaders callback, overwriting
// the immutable header — the /assets/ assertion below would then fail.
describe('static.module @fastify/static registration (integration)', () => {
let app: FastifyInstance;
let tmpDir: string;
beforeAll(async () => {
tmpDir = fs.mkdtempSync(join(os.tmpdir(), 'static-module-spec-'));
fs.mkdirSync(join(tmpDir, 'assets'), { recursive: true });
fs.mkdirSync(join(tmpDir, 'locales'), { recursive: true });
fs.writeFileSync(
join(tmpDir, 'assets', 'index-a1b2c3.js'),
'console.log(1);',
);
fs.writeFileSync(join(tmpDir, 'locales', 'en.json'), '{"hello":"world"}');
app = Fastify();
// Mirror StaticModule.onModuleInit's registration options exactly.
await app.register(fastifyStatic, {
root: tmpDir,
wildcard: false,
preCompressed: true,
cacheControl: false,
setHeaders: (res, filePath) => {
for (const [name, value] of Object.entries(
resolveStaticAssetHeaders(filePath),
)) {
res.setHeader(name, value);
}
},
});
await app.ready();
});
afterAll(async () => {
await app.close();
fs.rmSync(tmpDir, { recursive: true, force: true });
});
it('serves a hashed /assets/ file with an immutable, 1-year cache-control', async () => {
const res = await app.inject({
method: 'GET',
url: '/assets/index-a1b2c3.js',
});
expect(res.statusCode).toBe(200);
const cacheControl = res.headers['cache-control'];
expect(cacheControl).toContain('immutable');
expect(cacheControl).toContain('max-age=31536000');
});
it('serves a non-hashed /locales/ file WITHOUT an immutable cache-control', async () => {
const res = await app.inject({ method: 'GET', url: '/locales/en.json' });
expect(res.statusCode).toBe(200);
// resolveStaticAssetHeaders sets no cache-control here and cacheControl:false
// stops @fastify/static from adding one, so the browser revalidates by
// etag/last-modified — either an absent header or one without `immutable`.
const cacheControl = res.headers['cache-control'];
if (cacheControl !== undefined) {
expect(cacheControl).not.toContain('immutable');
}
});
});
@@ -115,6 +115,11 @@ export class StaticModule implements OnModuleInit {
// Serve the build-time .br/.gz neighbour when the client accepts it // Serve the build-time .br/.gz neighbour when the client accepts it
// (see vite-plugin-compression2 in apps/client/vite.config.ts). // (see vite-plugin-compression2 in apps/client/vite.config.ts).
preCompressed: true, preCompressed: true,
// @fastify/static's default cacheControl:true writes its own
// Cache-Control (from maxAge, default 0) AFTER the setHeaders callback,
// silently overwriting the immutable header that resolveStaticAssetHeaders
// sets — disable it so setHeaders/resolveStaticAssetHeaders own the header.
cacheControl: false,
setHeaders: (res, filePath) => { setHeaders: (res, filePath) => {
for (const [name, value] of Object.entries( for (const [name, value] of Object.entries(
resolveStaticAssetHeaders(filePath), resolveStaticAssetHeaders(filePath),
+15 -10
View File
@@ -155,6 +155,10 @@ All 41 tools, grouped by what you'd reach for them.
- **`update_page_json`** — Replace a page's entire content with a ProseMirror document - **`update_page_json`** — Replace a page's entire content with a ProseMirror document
(bulk rewrites, or when nodes lack ids). `content` is optional — omit it to update only (bulk rewrites, or when nodes lack ids). `content` is optional — omit it to update only
the title. Keeps the block ids you pass in, so heading anchors and history stay stable. the title. Keeps the block ids you pass in, so heading anchors and history stay stable.
- **`update_page_markdown`** — Replace a page's body (and optionally its title) with new
**plain Markdown**. The whole body is re-imported (block ids regenerate — for surgical or
id-preserving edits prefer `edit_page_text` / `patch_node` / `update_page_json`).
Docmost-flavoured markdown is parsed, including `^[...]` inline footnotes.
- **`docmost_transform`** — The agent-native editing interface: instead of retyping a - **`docmost_transform`** — The agent-native editing interface: instead of retyping a
document, the agent **writes a function that fixes it**. Edit a page by running an document, the agent **writes a function that fixes it**. Edit a page by running an
arbitrary **`(doc, ctx) => doc` JavaScript transform** against its *live* ProseMirror arbitrary **`(doc, ctx) => doc` JavaScript transform** against its *live* ProseMirror
@@ -184,13 +188,13 @@ All 41 tools, grouped by what you'd reach for them.
- **`export_page_markdown`** — Export a page to a single self-contained, **lossless - **`export_page_markdown`** — Export a page to a single self-contained, **lossless
Docmost-flavoured Markdown** file: a meta header, the body with inline comment anchors Docmost-flavoured Markdown** file: a meta header, the body with inline comment anchors
and diagrams, and a trailing comments-thread block. Built for a download → edit body → and diagrams, and a trailing comments-thread block. To replace a page's body from plain
`import_page_markdown` round-trip that preserves everything, including comment highlights. authoring Markdown, use `update_page_markdown`.
- **`import_page_markdown`** — Replace a page's content from a Docmost-flavoured Markdown
file produced by `export_page_markdown`, restoring comment-highlight anchors and diagrams > **Removed in this release:** `import_page_markdown` (the round-trip parser for an
from their inline HTML. (Comment *threads* in the file are not re-created on the server — > exported Docmost-Markdown file) is **no longer exposed on the external MCP surface**.
only the page body and inline comment marks are written; manage threads via the comment > To replace a page's body from Markdown, use **`update_page_markdown`** (plain Markdown
tools/UI.) > body replace). See the CHANGELOG for the migration note.
### Images ### Images
@@ -256,7 +260,8 @@ so capable clients steer the model automatically.
`delete_node`, addressing the node by its `attrs.id` from `get_page_json`. `delete_node`, addressing the node by its `attrs.id` from `get_page_json`.
- **Images**: `insert_image` / `replace_image`. - **Images**: `insert_image` / `replace_image`.
- **A new page**: `create_page`. - **A new page**: `create_page`.
- **Bulk rewrite, or nodes without ids**: `update_page_json`. - **Bulk rewrite, or nodes without ids**: `update_page_json` (ProseMirror) or
`update_page_markdown` (plain Markdown body replace).
- **Multi-step / scripted rewrite** (renumbering, footnotes, coordinated edits): - **Multi-step / scripted rewrite** (renumbering, footnotes, coordinated edits):
`docmost_transform` — preview with `dryRun`, then apply. `docmost_transform` — preview with `dryRun`, then apply.
- **Copy a whole page's content from another page** (server-side): `copy_page_content`. - **Copy a whole page's content from another page** (server-side): `copy_page_content`.
@@ -269,8 +274,8 @@ so capable clients steer the model automatically.
`get_node`. `get_node`.
- **Tables** (add/remove a row, set a cell): `table_get` / `table_insert_row` / - **Tables** (add/remove a row, set a cell): `table_get` / `table_insert_row` /
`table_delete_row` / `table_update_cell`. `table_delete_row` / `table_update_cell`.
- **Round-trip a page as Markdown** (download, edit, re-upload losslessly with comments): - **Export a page as self-contained Markdown** (with comment anchors): `export_page_markdown`.
`export_page_markdown` / `import_page_markdown`. - **Replace a page's body from Markdown**: `update_page_markdown`.
--- ---
+15 -11
View File
@@ -161,6 +161,10 @@ Docmost-MCP не сочетают:
перезаписи или когда у узлов нет id). `content` опционален — опустите его, чтобы изменить перезаписи или когда у узлов нет id). `content` опционален — опустите его, чтобы изменить
только заголовок. Сохраняет переданные id блоков, поэтому якоря заголовков и история только заголовок. Сохраняет переданные id блоков, поэтому якоря заголовков и история
остаются стабильными. остаются стабильными.
- **`update_page_markdown`** — Заменить тело страницы (и опционально заголовок) новым
**обычным Markdown**. Всё тело переимпортируется (id блоков перегенерируются — для
хирургических правок или сохранения id используйте `edit_page_text` / `patch_node` /
`update_page_json`). Markdown в диалекте Docmost разбирается, включая inline-сноски `^[...]`.
- **`docmost_transform`** — Агентоориентированный интерфейс редактирования: вместо - **`docmost_transform`** — Агентоориентированный интерфейс редактирования: вместо
перепечатывания документа агент **пишет функцию, которая его чинит**. Редактирует перепечатывания документа агент **пишет функцию, которая его чинит**. Редактирует
страницу, запуская произвольный **JS-трансформ `(doc, ctx) => doc`** на её *живом* страницу, запуская произвольный **JS-трансформ `(doc, ctx) => doc`** на её *живом*
@@ -189,14 +193,13 @@ Docmost-MCP не сочетают:
- **`export_page_markdown`** — Экспортировать страницу в один самодостаточный, **lossless - **`export_page_markdown`** — Экспортировать страницу в один самодостаточный, **lossless
Markdown в диалекте Docmost**: мета-заголовок, тело с inline-якорями комментариев и Markdown в диалекте Docmost**: мета-заголовок, тело с inline-якорями комментариев и
диаграммами и завершающий блок тредов комментариев. Рассчитан на цикл «скачать → диаграммами и завершающий блок тредов комментариев. Чтобы заменить тело страницы из
отредактировать тело → `import_page_markdown`», сохраняющий всё, включая выделения обычного авторского Markdown, используйте `update_page_markdown`.
комментариев.
- **`import_page_markdown`** — Заменить контент страницы из Markdown-файла в диалекте > **Удалено в этом релизе:** `import_page_markdown` (парсер round-trip для
Docmost, созданного `export_page_markdown`, восстанавливая якоря-выделения комментариев и > экспортированного Docmost-Markdown-файла) **больше не отдаётся на внешней MCP-поверхности**.
диаграммы из их inline-HTML. (Треды комментариев из файла не пересоздаются на сервере — > Чтобы заменить тело страницы из Markdown, используйте **`update_page_markdown`** (замена
записываются только тело страницы и inline-марки комментариев; тредами управляйте через > тела обычным Markdown). См. заметку о миграции в CHANGELOG.
инструменты/UI комментариев.)
### Изображения ### Изображения
@@ -263,7 +266,8 @@ Docmost-MCP не сочетают:
`delete_node`, адресуя узел по его `attrs.id` из `get_page_json`. `delete_node`, адресуя узел по его `attrs.id` из `get_page_json`.
- **Изображения**: `insert_image` / `replace_image`. - **Изображения**: `insert_image` / `replace_image`.
- **Новая страница**: `create_page`. - **Новая страница**: `create_page`.
- **Массовая перезапись или узлы без id**: `update_page_json`. - **Массовая перезапись или узлы без id**: `update_page_json` (ProseMirror) или
`update_page_markdown` (замена тела обычным Markdown).
- **Многошаговая / скриптовая перезапись** (перенумерация, сноски, согласованные правки): - **Многошаговая / скриптовая перезапись** (перенумерация, сноски, согласованные правки):
`docmost_transform` — предпросмотр через `dryRun`, затем применение. `docmost_transform` — предпросмотр через `dryRun`, затем применение.
- **Скопировать контент целой страницы из другой** (на стороне сервера): - **Скопировать контент целой страницы из другой** (на стороне сервера):
@@ -278,8 +282,8 @@ Docmost-MCP не сочетают:
`get_node`. `get_node`.
- **Таблицы** (добавить/удалить строку, задать ячейку): `table_get` / `table_insert_row` / - **Таблицы** (добавить/удалить строку, задать ячейку): `table_get` / `table_insert_row` /
`table_delete_row` / `table_update_cell`. `table_delete_row` / `table_update_cell`.
- **Round-trip страницы через Markdown** (скачать, отредактировать, залить обратно без - **Экспорт страницы в самодостаточный Markdown** (с якорями комментариев): `export_page_markdown`.
потерь, с комментариями): `export_page_markdown` / `import_page_markdown`. - **Заменить тело страницы из Markdown**: `update_page_markdown`.
--- ---
Binary file not shown.
+14 -5
View File
@@ -5,18 +5,26 @@
"private": true, "private": true,
"type": "module", "type": "module",
"main": "./build/index.js", "main": "./build/index.js",
"types": "./build/index.d.ts",
"exports": { "exports": {
".": "./build/index.js", ".": {
"./http": "./build/http.js" "types": "./build/index.d.ts",
"default": "./build/index.js"
},
"./http": {
"types": "./build/http.d.ts",
"default": "./build/http.js"
}
}, },
"bin": { "bin": {
"docmost-mcp": "./build/stdio.js" "docmost-mcp": "./build/stdio.js"
}, },
"scripts": { "scripts": {
"build": "tsc", "gen:stamp": "node scripts/gen-registry-stamp.mjs",
"build": "node scripts/gen-registry-stamp.mjs && tsc",
"start": "node build/stdio.js", "start": "node build/stdio.js",
"watch": "tsc --watch", "watch": "node scripts/gen-registry-stamp.mjs && tsc --watch",
"pretest": "tsc", "pretest": "node scripts/gen-registry-stamp.mjs && tsc",
"test": "node --test \"test/unit/*.test.mjs\" \"test/mock/*.test.mjs\"", "test": "node --test \"test/unit/*.test.mjs\" \"test/mock/*.test.mjs\"",
"test:unit": "node --test \"test/unit/*.test.mjs\"", "test:unit": "node --test \"test/unit/*.test.mjs\"",
"test:mock": "node --test \"test/mock/*.test.mjs\"", "test:mock": "node --test \"test/mock/*.test.mjs\"",
@@ -49,6 +57,7 @@
"@tiptap/starter-kit": "3.20.4", "@tiptap/starter-kit": "3.20.4",
"@types/jsdom": "^27.0.0", "@types/jsdom": "^27.0.0",
"axios": "^1.6.0", "axios": "^1.6.0",
"elkjs": "^0.11.1",
"form-data": "^4.0.0", "form-data": "^4.0.0",
"jsdom": "^27.4.0", "jsdom": "^27.4.0",
"marked": "^17.0.1", "marked": "^17.0.1",
@@ -0,0 +1,67 @@
// Codegen: emit src/registry-stamp.generated.ts with a REGISTRY_STAMP hash of
// the tool-specs REGISTRY CONTENT, so a build/ vs src/ skew (issue #447) is
// detectable at runtime.
//
// WHY hash the raw source text (not extracted structured data):
// SHARED_TOOL_SPECS carries `buildShape` functions (the input SCHEMAS) which are
// NOT serializable. The input schema is exactly one of the things that MUST stay
// in sync between build/ and src/, so we cannot drop it from the hash. Rather
// than probe zod with a fragile shim to reconstruct the schema shape, we hash the
// STABLE, deterministic source TEXT of tool-specs.ts. That text fully captures
// every field that must stay in sync — mcpName, inAppKey, description, tier,
// catalogLine AND the buildShape bodies (input schemas) — with zero probing
// fragility. Any edit to a spec (a renamed tool, a reworded description, a
// changed schema field) changes the text and therefore the stamp.
//
// DETERMINISM: the hash is computed over the file bytes with line endings
// normalized to LF and a single trailing newline stripped, so a CRLF checkout or
// an editor's trailing-newline habit cannot make build/ and src/ disagree. No
// Date.now / randomness. The loader's dev-only stale-check (docmost-client.loader.ts)
// re-runs THIS SAME normalization + sha256 over src/tool-specs.ts and compares to
// the built REGISTRY_STAMP; the two must compute identically.
//
// This script runs from the `build` and `pretest` npm scripts BEFORE tsc, so
// build/ always carries a stamp derived from the tool-specs.ts that was compiled.
import { createHash } from 'node:crypto';
import { readFileSync, writeFileSync } from 'node:fs';
import { fileURLToPath } from 'node:url';
import { dirname, join } from 'node:path';
const __dirname = dirname(fileURLToPath(import.meta.url));
const SRC_DIR = join(__dirname, '..', 'src');
const TOOL_SPECS_PATH = join(SRC_DIR, 'tool-specs.ts');
const OUT_PATH = join(SRC_DIR, 'registry-stamp.generated.ts');
/**
* Deterministic stamp of the tool-specs registry content. Kept as a plain
* function (exported) so the algorithm has a single home; the loader duplicates
* only the tiny normalize+sha256 steps because it lives in the CJS server build
* and cannot import this ESM script. If you change the normalization here, mirror
* it in apps/server/src/core/ai-chat/tools/docmost-client.loader.ts.
*/
export function computeRegistryStamp(toolSpecsSource) {
const normalized = toolSpecsSource.replace(/\r\n/g, '\n').replace(/\n$/, '');
return createHash('sha256').update(normalized, 'utf8').digest('hex');
}
function main() {
const source = readFileSync(TOOL_SPECS_PATH, 'utf8');
const stamp = computeRegistryStamp(source);
const out =
'// AUTO-GENERATED by scripts/gen-registry-stamp.mjs — DO NOT EDIT BY HAND.\n' +
'// A deterministic hash of src/tool-specs.ts content (tool names, descriptions,\n' +
'// tiers, catalog lines and input schemas). Regenerated on every build/pretest\n' +
'// so build/ always matches the compiled src. The in-app loader recomputes this\n' +
'// from src and refuses to run on a mismatch (issue #447). This file is\n' +
'// gitignored and produced by the build — see .gitignore.\n' +
`export const REGISTRY_STAMP = ${JSON.stringify(stamp)};\n`;
writeFileSync(OUT_PATH, out, 'utf8');
// eslint-disable-next-line no-console
console.log(`gen-registry-stamp: wrote ${OUT_PATH} (${stamp.slice(0, 12)}…)`);
}
// Only run when invoked directly (not when imported for computeRegistryStamp).
if (process.argv[1] && fileURLToPath(import.meta.url) === process.argv[1]) {
main();
}
+201 -2
View File
@@ -55,6 +55,7 @@ import {
countUserCells, countUserCells,
} from "./lib/drawio-xml.js"; } from "./lib/drawio-xml.js";
import { renderDiagramShapes } from "./lib/drawio-preview.js"; import { renderDiagramShapes } from "./lib/drawio-preview.js";
import { applyElkLayout } from "./lib/drawio-layout.js";
import { import {
applyTextEdits, applyTextEdits,
TextEdit, TextEdit,
@@ -198,6 +199,166 @@ function readCollabTokenTtlMs(): number {
return Number.isFinite(raw) ? Math.max(0, raw) : 5 * 60 * 1000; return Number.isFinite(raw) ? Math.max(0, raw) : 5 * 60 * 1000;
} }
// --- Issue #437: central error diagnostics -------------------------------
// The agent only ever sees the thrown exception's `error.message`, so a failed
// tool must return an ACTIONABLE message (method, path, status, and the
// server's own validation text) instead of the opaque "Request failed with
// status code 400". These helpers + the response interceptor in the
// constructor are the single authoritative place that text is composed.
// Overall cap on the composed diagnostic message so the model context stays
// compact and a (whitelisted) server string can never blow up the text.
const ERROR_MESSAGE_CAP = 300;
// Only attempt to JSON.parse an arraybuffer body under this size: a larger
// binary body is never a JSON error envelope, so parsing it just wastes memory
// (fetchInternalFile uses responseType:"arraybuffer", so a failed file fetch
// carries the JSON error envelope as raw bytes here).
const ERROR_BUFFER_PARSE_CAP = 4096;
// Canonical 36-char UUID (8-4-4-4-12 hex). Deliberately version/variant-
// AGNOSTIC: the ids are UUIDv7 (e.g. 019f499a-9f8c-7d68-...), so only the
// canonical shape/length is enforced, not the version/variant nibble.
const FULL_UUID_RE =
/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
/**
* Throw an actionable error BEFORE any network call when `value` is not a full
* canonical UUID. Absorbs #436: a truncated/short comment id used to reach the
* server and bounce back as an opaque 400/404 the agent could not self-correct;
* failing fast here names the exact fix.
*/
export function assertFullUuid(
tool: string,
param: string,
value: string,
): void {
if (typeof value !== "string" || !FULL_UUID_RE.test(value)) {
throw new Error(
`${tool}: '${param}' must be the FULL comment UUID (36 chars, e.g. ` +
`019f499a-9f8c-7d68-b7be-ce100d7c6c56), got '${value}'. Copy the id ` +
`verbatim from list_comments / create_comment output.`,
);
}
}
// Keep ONLY the pathname of a request (no host, no query string, no fragment)
// so the message never leaks a host or query params. Resolves a relative
// config.url against config.baseURL, then discards everything but the path.
function requestPath(config: any): string {
const rawUrl = typeof config?.url === "string" ? config.url : "";
const base =
typeof config?.baseURL === "string" ? config.baseURL : undefined;
try {
// A dummy base makes an absolute config.url parse too; its host is dropped.
return new URL(rawUrl, base ?? "http://localhost").pathname;
} catch {
// Malformed url: still strip any query/fragment manually.
return rawUrl.split(/[?#]/)[0] || rawUrl;
}
}
/**
* Compose the server-facing message from `error.response.data`, using ONLY the
* whitelisted `message`/`error` fields or the HTTP statusText. SECURITY: the
* raw response body, headers (Authorization!) and config are NEVER read here
* a string/HTML body (e.g. a proxy's 502 page) is deliberately dropped in
* favour of the statusText.
*/
function extractServerMessage(data: any, statusText: string): string {
// class-validator envelope: { message: string | string[], error?: string }.
if (
data &&
typeof data === "object" &&
!Buffer.isBuffer(data) &&
!(data instanceof ArrayBuffer)
) {
const msg = (data as any).message;
if (Array.isArray(msg)) {
const joined = msg.filter((m) => typeof m === "string").join("; ");
if (joined) return joined;
} else if (typeof msg === "string" && msg) {
return msg;
}
const err = (data as any).error;
if (typeof err === "string" && err) return err;
return statusText;
}
// Buffer / ArrayBuffer body: attempt a size-capped, guarded JSON.parse so a
// failed arraybuffer fetch still surfaces the server's validation text.
if (Buffer.isBuffer(data) || data instanceof ArrayBuffer) {
const buf = Buffer.isBuffer(data) ? data : Buffer.from(data);
if (buf.length > 0 && buf.length <= ERROR_BUFFER_PARSE_CAP) {
try {
return extractServerMessage(JSON.parse(buf.toString("utf8")), statusText);
} catch {
return statusText;
}
}
return statusText;
}
// A raw string / HTML body is never surfaced (may echo server internals).
return statusText;
}
/**
* Reformat an AxiosError's `.message` IN PLACE into an actionable diagnostic:
* `<METHOD> <path> failed (<status> <statusText>): <serverMessage>`
* or, when the request never got a response:
* `<METHOD> <path> failed: <code> (no response from server)`.
*
* Mutates the SAME error object (never a custom subclass) so the live
* axios.isAxiosError / error.response?.status / config._retry checks around the
* client keep working, and sets `_docmostFormatted` as a double-processing
* guard. A no-op on a non-axios or already-formatted error.
*/
export function formatDocmostAxiosError(error: any): void {
if (!error || error._docmostFormatted) return;
if (!axios.isAxiosError(error)) return;
const config: any = error.config ?? {};
const method =
typeof config.method === "string" ? config.method.toUpperCase() : "";
const methodPath = `${method} ${requestPath(config)}`.trim();
const response = error.response;
let message: string;
if (response) {
const statusText =
typeof response.statusText === "string" ? response.statusText : "";
const serverMessage = extractServerMessage(response.data, statusText);
message = `${methodPath} failed (${response.status} ${statusText}): ${serverMessage}`;
// Full body only to stderr under DEBUG (parity with downloadImage).
if (process.env.DEBUG) {
console.error(
"Docmost request failed; response body:",
JSON.stringify(response.data),
);
}
} else {
// No response at all (ECONNREFUSED / ETIMEDOUT / ECONNRESET / DNS / timeout).
// Use ONLY error.code, never the raw error.message: axios network messages
// embed host:port ("connect ECONNREFUSED 127.0.0.1:3000", "getaddrinfo
// ENOTFOUND host") and #437's invariant is that the host never reaches the
// model-visible message. code is set for essentially every real no-response
// error (ECONNREFUSED/ETIMEDOUT/ECONNRESET/ENOTFOUND/ECONNABORTED); the full
// native message still goes to stderr under DEBUG.
const reason = error.code ?? "network error";
message = `${methodPath} failed: ${reason} (no response from server)`;
if (process.env.DEBUG) {
console.error("Docmost request failed; no response:", error.message);
}
}
if (message.length > ERROR_MESSAGE_CAP) {
message = message.slice(0, ERROR_MESSAGE_CAP - 1) + "…";
}
error.message = message;
(error as any)._docmostFormatted = true;
}
export class DocmostClient { export class DocmostClient {
private client: AxiosInstance; private client: AxiosInstance;
private token: string | null = null; private token: string | null = null;
@@ -338,6 +499,22 @@ export class DocmostClient {
return Promise.reject(error); return Promise.reject(error);
}, },
); );
// Diagnostics interceptor (issue #437). Registered AFTER the re-login
// interceptor so a successful re-login retry (which resolves to a real
// response) is never seen here as an error; only a genuine failure reaches
// this rejection handler. It reformats error.message IN PLACE (see
// formatDocmostAxiosError — kept as a mutation, not a custom Error class, so
// the surrounding axios.isAxiosError / error.response?.status / config._retry
// checks keep working) and re-rejects the SAME error. The _docmostFormatted
// flag makes a re-processed retry-failure a no-op.
this.client.interceptors.response.use(
(response) => response,
(error) => {
formatDocmostAxiosError(error);
return Promise.reject(error);
},
);
} }
/** Application base URL (API URL without the /api suffix). */ /** Application base URL (API URL without the /api suffix). */
@@ -2553,6 +2730,8 @@ export class DocmostClient {
} }
async getComment(commentId: string) { async getComment(commentId: string) {
// Fail fast (#436): reject a truncated id before any network call.
assertFullUuid("get_comment", "commentId", commentId);
await this.ensureAuthenticated(); await this.ensureAuthenticated();
const response = await this.client.post("/comments/info", { commentId }); const response = await this.client.post("/comments/info", { commentId });
const comment = response.data.data || response.data; const comment = response.data.data || response.data;
@@ -2642,6 +2821,12 @@ export class DocmostClient {
parentCommentId?: string, parentCommentId?: string,
suggestedText?: string, suggestedText?: string,
) { ) {
// Fail fast (#436): a provided parent id must be a full UUID before any
// network call. Validate only when truthy — a falsy parentCommentId means
// "top-level comment" (mirrors the isReply computation below), not a reply.
if (parentCommentId) {
assertFullUuid("create_comment", "parentCommentId", parentCommentId);
}
await this.ensureAuthenticated(); await this.ensureAuthenticated();
const isReply = !!parentCommentId; const isReply = !!parentCommentId;
@@ -2924,6 +3109,8 @@ export class DocmostClient {
} }
async updateComment(commentId: string, content: string) { async updateComment(commentId: string, content: string) {
// Fail fast (#436): reject a truncated id before any network call.
assertFullUuid("update_comment", "commentId", commentId);
await this.ensureAuthenticated(); await this.ensureAuthenticated();
// NON-canonicalizing on purpose (comment body — see createComment). // NON-canonicalizing on purpose (comment body — see createComment).
const jsonContent = await markdownToProseMirror(content); const jsonContent = await markdownToProseMirror(content);
@@ -2939,6 +3126,8 @@ export class DocmostClient {
} }
async deleteComment(commentId: string) { async deleteComment(commentId: string) {
// Fail fast (#436): reject a truncated id before any network call.
assertFullUuid("delete_comment", "commentId", commentId);
await this.ensureAuthenticated(); await this.ensureAuthenticated();
return this.client return this.client
.post("/comments/delete", { commentId }) .post("/comments/delete", { commentId })
@@ -2951,6 +3140,8 @@ export class DocmostClient {
* rejects resolving a reply. Hits POST /comments/resolve. * rejects resolving a reply. Hits POST /comments/resolve.
*/ */
async resolveComment(commentId: string, resolved: boolean) { async resolveComment(commentId: string, resolved: boolean) {
// Fail fast (#436): reject a truncated id before any network call.
assertFullUuid("resolve_comment", "commentId", commentId);
await this.ensureAuthenticated(); await this.ensureAuthenticated();
const response = await this.client.post("/comments/resolve", { const response = await this.client.post("/comments/resolve", {
commentId, commentId,
@@ -3794,6 +3985,7 @@ export class DocmostClient {
}, },
xml: string, xml: string,
title?: string, title?: string,
layout?: "elk",
): Promise<{ ): Promise<{
success: boolean; success: boolean;
nodeId: string; nodeId: string;
@@ -3824,8 +4016,12 @@ export class DocmostClient {
} }
} }
// Optional server-side ELK auto-layout: the model declares structure with
// rough coords, ELK computes the pixels (best-effort — returns the input
// unchanged on any layout failure).
const laidOutXml = layout === "elk" ? await applyElkLayout(xml) : xml;
// Pre-write pipeline (throws a structured DrawioLintError on any violation). // Pre-write pipeline (throws a structured DrawioLintError on any violation).
const prepared = prepareModel(xml); const prepared = prepareModel(laidOutXml);
const inner = renderDiagramShapes(prepared.cells, prepared.bbox); const inner = renderDiagramShapes(prepared.cells, prepared.bbox);
const diagramTitle = title || "Page-1"; const diagramTitle = title || "Page-1";
const svg = buildDrawioSvg(prepared.modelXml, inner, prepared.bbox, diagramTitle); const svg = buildDrawioSvg(prepared.modelXml, inner, prepared.bbox, diagramTitle);
@@ -3939,6 +4135,7 @@ export class DocmostClient {
node: string, node: string,
xml: string, xml: string,
baseHash: string, baseHash: string,
layout?: "elk",
): Promise<{ ): Promise<{
success: boolean; success: boolean;
nodeId: string; nodeId: string;
@@ -3976,8 +4173,10 @@ export class DocmostClient {
); );
} }
// Optional server-side ELK auto-layout (best-effort; see drawioCreate).
const laidOutXml = layout === "elk" ? await applyElkLayout(xml) : xml;
// Pipeline for the new content (throws a structured DrawioLintError). // Pipeline for the new content (throws a structured DrawioLintError).
const prepared = prepareModel(xml); const prepared = prepareModel(laidOutXml);
const inner = renderDiagramShapes(prepared.cells, prepared.bbox); const inner = renderDiagramShapes(prepared.cells, prepared.bbox);
const diagramTitle = oldAttrs.title || "Page-1"; const diagramTitle = oldAttrs.title || "Page-1";
const svg = buildDrawioSvg(prepared.modelXml, inner, prepared.bbox, diagramTitle); const svg = buildDrawioSvg(prepared.modelXml, inner, prepared.bbox, diagramTitle);
+118 -542
View File
@@ -5,7 +5,10 @@ import { fileURLToPath } from "url";
import { dirname, join } from "path"; import { dirname, join } from "path";
import { DocmostClient, DocmostMcpConfig } from "./client.js"; import { DocmostClient, DocmostMcpConfig } from "./client.js";
import { parseNodeArg } from "@docmost/prosemirror-markdown"; import { parseNodeArg } from "@docmost/prosemirror-markdown";
import { searchShapes } from "./lib/drawio-shapes.js";
import { getGuideSection } from "./lib/drawio-guide.js";
import { SHARED_TOOL_SPECS, SharedToolSpec } from "./tool-specs.js"; import { SHARED_TOOL_SPECS, SharedToolSpec } from "./tool-specs.js";
import { SERVER_INSTRUCTIONS } from "./server-instructions.js";
import { import {
createCommentSignalTracker, createCommentSignalTracker,
CommentSignalTracker, CommentSignalTracker,
@@ -29,6 +32,14 @@ export { destroyAllSessions } from "./lib/collab-session.js";
export { SHARED_TOOL_SPECS } from "./tool-specs.js"; export { SHARED_TOOL_SPECS } from "./tool-specs.js";
export type { SharedToolSpec } from "./tool-specs.js"; export type { SharedToolSpec } from "./tool-specs.js";
// Re-export the build-time REGISTRY_STAMP (issue #447): a deterministic hash of
// the tool-specs registry content, generated into src/registry-stamp.generated.ts
// by scripts/gen-registry-stamp.mjs BEFORE tsc, so it lands in build/. The in-app
// loader recomputes the same hash from src/tool-specs.ts (dev/test only) and
// refuses to run on a mismatch, catching a build/ vs src/ skew (a spec edited in
// src without rebuilding the package the server actually loads from build/).
export { REGISTRY_STAMP } from "./registry-stamp.generated.js";
// Re-export the shared "new comments: N" signal helper (#417) so the in-app // Re-export the shared "new comments: N" signal helper (#417) so the in-app
// layer reads the SAME watermark/debounce/injection-safe line builder off the // layer reads the SAME watermark/debounce/injection-safe line builder off the
// loaded module (same pattern as SHARED_TOOL_SPECS). Both surfaces then differ // loaded module (same pattern as SHARED_TOOL_SPECS). Both surfaces then differ
@@ -46,6 +57,13 @@ export type {
CommentSignalProbeResult, CommentSignalProbeResult,
CommentSignalTrackerOptions, CommentSignalTrackerOptions,
} from "./comment-signal.js"; } from "./comment-signal.js";
// Re-export the pure, no-network draw.io helpers (#424) so the in-app AI-SDK
// service can wire drawio_shapes / drawio_guide off the loaded module. These are
// NOT client methods (no page/backend hit) — the in-app handler calls them
// directly, mirroring how the standalone MCP server wires them here.
export { searchShapes } from "./lib/drawio-shapes.js";
export type { SearchShapesOptions } from "./lib/drawio-shapes.js";
export { getGuideSection } from "./lib/drawio-guide.js";
// Read version from package.json // Read version from package.json
const __filename = fileURLToPath(import.meta.url); const __filename = fileURLToPath(import.meta.url);
@@ -66,19 +84,17 @@ const VERSION = packageJson.version;
// Editing guide surfaced to MCP clients in the initialize result so they can // Editing guide surfaced to MCP clients in the initialize result so they can
// pick the right tool by intent and avoid resending whole documents. // pick the right tool by intent and avoid resending whole documents.
// //
// MAINTENANCE RULE: when you ADD, RENAME, or REMOVE a tool (either an inline // The guide is now SPLIT (issue #448): the hand-written routing prose lives in
// server.registerTool(...) here or a spec in tool-specs.ts), you MUST update // server-instructions.ts and the tool INVENTORY is GENERATED from the registry
// this guide so the new tool is routed by intent. This is enforced by // (SHARED_TOOL_SPECS + INLINE_MCP_INVENTORY), so it can no longer drift out of
// test/unit/server-instructions.test.mjs, which fails when a registered tool // sync with the registered tools. Re-exported here (its old home) so existing
// name is not mentioned below (see its EXCEPTIONS list for the rare opt-outs). // importers are unaffected; the composition lives in server-instructions.ts.
// Exported for that test. // The drawio_shapes / drawio_guide tools (#424) stay in SHARED_TOOL_SPECS (so the
export const SERVER_INSTRUCTIONS = // generated <tool_inventory> picks them up from their catalogLine automatically)
"Docmost editing guide — choose the tool by intent.\n" + // but are flagged `inlineBothHosts` and registered inline below (their pure
"READ: find a page -> search (workspace-wide full-text); list -> list_pages / list_spaces. Locate blocks and their ids CHEAPLY -> get_outline (compact top-level map; start here, not get_page_json). One block's subtree -> get_node (by attrs.id, or \"#<index>\" for tables, which carry no id). Find every occurrence of a string/regex ON a page (and where each is) -> search_in_page, NOT block-by-block get_node — it returns each hit's node ref + block index + context for a targeted comment. Whole page -> get_page (Markdown, lossy; inline <span data-comment-id> tags are comment anchors — markup, not text) or get_page_json (lossless ProseMirror with block ids). Hand a huge page (with images) to an external consumer without pulling it through the model context -> stash_page (returns a short-lived anonymous URL).\n" + // helpers can't cross into tool-specs.ts); only the hand-written routing prose in
"EDIT: fix wording/typos/numbers -> edit_page_text (find/replace inside blocks, no node id needed). Change ONE block (paragraph/heading/callout/etc.) structurally -> patch_node (by attrs.id from get_outline). Add a block -> insert_node (before/after a block by attrs.id or by anchor text, or append). Remove a block -> delete_node (by attrs.id). Tables -> table_get / table_update_cell / table_insert_row / table_delete_row (address by \"#<index>\" from get_outline; table nodes have no attrs.id). Images -> insert_image (add from a web URL) / replace_image (swap an existing image). Draw.io diagrams -> drawio_create (create from mxGraph XML and insert), drawio_get (read a diagram as mxGraph XML + a hash), drawio_update (replace a diagram; pass the hash from drawio_get as baseHash for optimistic locking). Footnotes -> insert_footnote. Bulk/structural rewrite -> update_page_json (full ProseMirror replace; prefer the granular tools above to avoid resending the whole ~100KB+ document). Complex/scripted rewrite (multiple coordinated edits, renumbering) -> docmost_transform: write a JS `(doc, ctx) => doc` transform, preview the diff with dryRun (default), then apply with dryRun:false; ctx.helpers includes commentsToFootnotes for turning inline comments into numbered footnotes.\n" + // server-instructions.ts is updated to mention them.
"PAGES: new -> create_page (Markdown). Rename (title only) -> rename_page. Move -> move_page. Delete -> delete_page (SOFT delete — the page goes to trash and is restorable; nothing is permanent). Copy/replace a page's whole content from another page (server-side, no document through the model) -> copy_page_content. Sharing -> share_page / unshare_page / list_shares; share_page makes the page PUBLICLY accessible — do it only when explicitly asked.\n" + export { SERVER_INSTRUCTIONS };
"COMMENTS: create_comment is always inline and requires an EXACT selection — contiguous text from a single block, <=250 chars (fails rather than leaving an unanchored comment); reply to a thread via parentCommentId. Propose a concrete text fix for one-click human approval -> create_comment with suggestedText (the exact plain-text replacement for the selection; the selection must then be UNIQUE in the page — extend it with context if needed); prefer this over editing directly when the change is subjective or needs the author's sign-off. Manage -> list_comments, update_comment, resolve_comment (resolve/reopen, reversible — prefer over delete to close), delete_comment, check_new_comments.\n" +
"HISTORY: review what changed -> diff_page_versions (a historyId vs current, or two versions). List saved versions -> list_page_history. Undo a bad edit -> restore_page_version (writes a past version back as current; itself revertible). Lossless markdown round-trip (download, edit, re-upload, incl. comment anchors) -> export_page_markdown / import_page_markdown.";
// Helper to format JSON responses // Helper to format JSON responses
const jsonContent = (data: any) => ({ const jsonContent = (data: any) => ({
@@ -194,10 +210,10 @@ export function createDocmostMcpServer(config: DocmostMcpConfig): McpServer {
{ instructions: SERVER_INSTRUCTIONS }, { instructions: SERVER_INSTRUCTIONS },
); );
// Single choke point for MCP tool timing. Both `registerShared` (below) and // Single choke point for MCP tool timing. Both `registerSharedFromSpec` (below)
// the inline `server.registerTool(...)` calls funnel through this one method, // and the inline `server.registerTool(...)` calls funnel through this one
// so monkeypatching it HERE — before any tool is registered and before // method, so monkeypatching it HERE — before any tool is registered and before
// `registerShared` captures a reference to it — times every tool with no // the registry loop captures a reference to it — times every tool with no
// per-tool boilerplate. The wrapped handler records wall-clock duration and, // per-tool boilerplate. The wrapped handler records wall-clock duration and,
// in a `finally`, feeds the host's dependency-neutral sink // in a `finally`, feeds the host's dependency-neutral sink
// `config.onMetric("mcp_tool_duration_seconds", seconds, { tool })`. The tool // `config.onMetric("mcp_tool_duration_seconds", seconds, { tool })`. The tool
@@ -253,92 +269,100 @@ export function createDocmostMcpServer(config: DocmostMcpConfig): McpServer {
return originalRegisterTool(...args.slice(0, -1), signalledHandler); return originalRegisterTool(...args.slice(0, -1), signalledHandler);
}; };
// Register a tool from the shared, zod-agnostic spec registry. The spec owns // Register EVERY shared tool from the zod-agnostic registry in one loop (#445).
// the canonical name + model-facing description + (optional) schema builder; // The spec owns the canonical name + description + (optional) schema builder AND
// only the execute body is supplied per call. buildShape is invoked with THIS // the canonical execute mapping; the host only supplies the RESULT ENVELOPE. For
// package's zod (v3); the in-app layer passes its own zod (v4). // each spec:
// // - skip `inAppOnly` specs (they belong to the in-app host only);
// The spec's schema builder returns a plain ZodRawShape (Record<string, // - if the spec has an `mcpExecute` override (a deliberate per-layer
// unknown> in the shared module since it must stay zod-agnostic), so the // difference — a guardrail, an omitted param, or a non-JSON envelope like a
// McpServer.registerTool overloads cannot infer the execute arg's shape from // resource_link/bare success line), the override OWNS the full MCP content
// it. We type `execute` loosely and cast the call through `any`; runtime // result and is used VERBATIM;
// behaviour is unchanged — each execute body destructures the same fields the // - otherwise the canonical `execute` returns RAW data and this host wraps it
// builder declares. // in the standard JSON text envelope (jsonContent), exactly as the old inline
const registerShared = ( // bodies did.
spec: SharedToolSpec, // buildShape is invoked with THIS package's zod (v3); the in-app layer passes its
execute: (args: any) => Promise<{ content: { type: "text"; text: string }[] }>, // own zod (v4). The registry's execute returns `unknown` (it is zod-agnostic), so
) => // the wrapping is typed loosely and cast — runtime behaviour is unchanged.
(server.registerTool as any)( const registerSharedFromSpec = (spec: SharedToolSpec) => {
if (spec.inAppOnly) return;
// `inlineBothHosts` specs (drawio_shapes / drawio_guide) carry no execute —
// their pure helper cannot cross into the zod-agnostic tool-specs.ts, so they
// are registered INLINE below (searchShapes / getGuideSection). Skip them here
// so the loop never dereferences a missing `execute`.
if (spec.inlineBothHosts) return;
const handler = async (args: any) => {
if (spec.mcpExecute) {
// The override owns the full MCP result envelope (not re-wrapped).
return (await spec.mcpExecute(docmostClient, args)) as {
content: { type: "text"; text: string }[];
};
}
// Canonical execute returns raw data; wrap it as JSON text content.
const raw = await spec.execute!(docmostClient, args);
return jsonContent(raw);
};
return (server.registerTool as any)(
spec.mcpName, spec.mcpName,
spec.buildShape spec.buildShape
? { description: spec.description, inputSchema: spec.buildShape(z) } ? { description: spec.description, inputSchema: spec.buildShape(z) }
: { description: spec.description }, : { description: spec.description },
execute, handler,
); );
};
// Tool: get_workspace for (const spec of Object.values(SHARED_TOOL_SPECS)) {
registerShared(SHARED_TOOL_SPECS.getWorkspace, async () => { registerSharedFromSpec(spec as SharedToolSpec);
const workspace = await docmostClient.getWorkspace(); }
return jsonContent(workspace);
});
// Tool: list_spaces // --- INLINE drawio helper tools (IN the shared registry, but inlineBothHosts) ---
registerShared(SHARED_TOOL_SPECS.listSpaces, async () => { // drawio_shapes / drawio_guide (#424) live in SHARED_TOOL_SPECS (so the shared
const spaces = await docmostClient.getSpaces(); // contract pins their name/description/schema across both hosts) but carry the
return jsonContent(spaces); // `inlineBothHosts` flag and NO execute: their pure backing helpers
}); // (searchShapes / getGuideSection) cannot be value-imported into the
// zod-agnostic tool-specs.ts without breaking the in-app server's commonjs
// type-check (searchShapes' catalog loader uses import.meta). So both hosts wire
// them directly. Here on the MCP host they reuse the spec's name/description/
// schema and wrap the raw helper result as JSON text content — byte-identical to
// what the registry loop would have produced. The in-app host mirrors this in
// ai-chat-tools.service.ts.
{
// Cast registerTool like the loop's registerSharedFromSpec does: the spec's
// buildShape returns the loose zod-agnostic ZodRawShape (Record<string,
// unknown>) and the handler args are the SDK-validated, type-erased input.
const registerInline = server.registerTool as any;
const shapesSpec = SHARED_TOOL_SPECS.drawioShapes as SharedToolSpec;
registerInline(
shapesSpec.mcpName,
{
description: shapesSpec.description,
inputSchema: shapesSpec.buildShape!(z),
},
async ({ query, category, limit }: any) => {
const results = searchShapes(query, { category, limit });
return jsonContent({ query, count: results.length, results });
},
);
const guideSpec = SHARED_TOOL_SPECS.drawioGuide as SharedToolSpec;
registerInline(
guideSpec.mcpName,
{
description: guideSpec.description,
inputSchema: guideSpec.buildShape!(z),
},
async ({ section }: any) => jsonContent(getGuideSection(section)),
);
}
// Tool: list_pages // --- INLINE tools kept per-transport (NOT in the shared registry) ---
// INTENTIONAL per-transport divergence (not in the shared registry): this // Each stays inline for a documented reason: a snake_case/camelCase naming
// transport exposes a `tree:true` mode that returns the full nested hierarchy; // clash the registry convention forbids (table_get), an intentional
// the in-app copy keeps the same tree option but is worded for the in-app agent. // per-transport behaviour/schema divergence (search, docmost_transform), or a
// Kept per-layer so each side can tune its own guidance. // tool that exists ONLY on this standalone MCP surface (update_comment,
// Schema + description now live in @docmost/mcp's SHARED_TOOL_SPECS (#294). This // delete_comment — the in-app agent deliberately exposes no hard comment
// transport keeps applying its own defaults (limit=50, tree=false) in execute. // edit/delete tool).
registerShared(SHARED_TOOL_SPECS.listPages, async ({ spaceId, limit, tree }) => {
const result = await docmostClient.listPages(spaceId, limit ?? 50, tree ?? false);
return jsonContent(result);
});
// Tool: get_page // Tool: table_get
// Schema + description now live in the shared registry (#294).
registerShared(SHARED_TOOL_SPECS.getPage, async ({ pageId }) => {
const page = await docmostClient.getPage(pageId);
return jsonContent(page);
});
// Tool: get_page_json
registerShared(SHARED_TOOL_SPECS.getPageJson, async ({ pageId }) => {
const page = await docmostClient.getPageJson(pageId);
return jsonContent(page);
});
// Tool: get_outline
registerShared(SHARED_TOOL_SPECS.getOutline, async ({ pageId }) => {
const result = await docmostClient.getOutline(pageId);
return jsonContent(result);
});
// Tool: get_node
registerShared(SHARED_TOOL_SPECS.getNode, async ({ pageId, nodeId }) => {
const result = await docmostClient.getNode(pageId, nodeId);
return jsonContent(result);
});
// Tool: search_in_page
registerShared(
SHARED_TOOL_SPECS.searchInPage,
async ({ pageId, query, regex, caseSensitive, limit }) => {
const result = await docmostClient.searchInPage(pageId, query, {
regex,
caseSensitive,
limit,
});
return jsonContent(result);
},
);
// Tool: table_get
// NOT in the shared registry: the MCP tool name `table_get` is noun-first while // NOT in the shared registry: the MCP tool name `table_get` is noun-first while
// the in-app key is `getTable` (verb-first), breaking the snake_case(inAppKey) // the in-app key is `getTable` (verb-first), breaking the snake_case(inAppKey)
// convention the shared registry enforces (shared-tool-specs.contract.spec.ts). // convention the shared registry enforces (shared-tool-specs.contract.spec.ts).
@@ -364,383 +388,6 @@ server.registerTool(
}, },
); );
// Tool: table_insert_row
// Schema + description now live in the shared registry (#294); the `table`
// parameter name is the canonical one (the in-app layer was unified to it).
registerShared(
SHARED_TOOL_SPECS.tableInsertRow,
async ({ pageId, table, cells, index }) => {
const result = await docmostClient.tableInsertRow(
pageId,
table,
cells,
index,
);
return jsonContent(result);
},
);
// Tool: table_delete_row
// Schema + description now live in the shared registry (#294).
registerShared(
SHARED_TOOL_SPECS.tableDeleteRow,
async ({ pageId, table, index }) => {
const result = await docmostClient.tableDeleteRow(pageId, table, index);
return jsonContent(result);
},
);
// Tool: table_update_cell
// Schema + description now live in the shared registry (#294).
registerShared(
SHARED_TOOL_SPECS.tableUpdateCell,
async ({ pageId, table, row, col, text }) => {
const result = await docmostClient.tableUpdateCell(
pageId,
table,
row,
col,
text,
);
return jsonContent(result);
},
);
// Tool: create_page
// Schema + description now live in the shared registry (#294).
registerShared(
SHARED_TOOL_SPECS.createPage,
async ({ title, content, spaceId, parentPageId }) => {
const result = await docmostClient.createPage(
title,
content,
spaceId,
parentPageId,
);
return jsonContent(result);
},
);
// Tool: update_page_json
// Schema + description now live in the shared registry (#294). The execute body
// keeps this transport's content normalization (parse a JSON-string content,
// pass undefined/null through for a title-only/no-op update).
registerShared(
SHARED_TOOL_SPECS.updatePageJson,
async ({ pageId, content, title }) => {
// Only parse/validate the document when it was actually supplied; when it
// is omitted, pass it straight through so the client performs a title-only
// (or no-op) update.
let doc;
if (content === undefined || content === null) {
doc = undefined;
} else {
// String -> JSON.parse (throwing on invalid); object passes through.
doc = parseNodeArg(content, "content was a string but not valid JSON");
}
const result = await docmostClient.updatePageJson(pageId, doc, title);
return jsonContent(result);
},
);
// Tool: export_page_markdown
// Schema + description now live in the shared registry (#294).
registerShared(SHARED_TOOL_SPECS.exportPageMarkdown, async ({ pageId }) => {
const md = await docmostClient.exportPageMarkdown(pageId);
return { content: [{ type: "text" as const, text: md }] };
});
// Tool: import_page_markdown
registerShared(
SHARED_TOOL_SPECS.importPageMarkdown,
async ({ pageId, markdown }) => {
const res = await docmostClient.importPageMarkdown(pageId, markdown);
return jsonContent(res);
},
);
// Tool: copy_page_content
registerShared(
SHARED_TOOL_SPECS.copyPageContent,
async ({ sourcePageId, targetPageId }) => {
const result = await docmostClient.copyPageContent(
sourcePageId,
targetPageId,
);
return jsonContent(result);
},
);
// Tool: rename_page
// Schema + description now live in the shared registry (#294).
registerShared(SHARED_TOOL_SPECS.renamePage, async ({ pageId, title }) => {
const result = await docmostClient.renamePage(pageId, title);
return jsonContent(result);
});
// Tool: edit_page_text
registerShared(SHARED_TOOL_SPECS.editPageText, async ({ pageId, edits }) => {
const result = await docmostClient.editPageText(pageId, edits);
return jsonContent(result);
});
// Tool: stash_page — returns a resource_link (NOT embedded text) so the doc
// body never enters the model context. Registered directly (not via
// registerShared) because that helper only emits text content. Also returns
// `structuredContent` carrying the full documented `{uri, sha256, size, images}`
// shape alongside the resource_link, so MCP clients receive the blob's sha256
// (its ETag, for integrity) and mirror counts, not just the link.
server.registerTool(
SHARED_TOOL_SPECS.stashPage.mcpName,
{
description: SHARED_TOOL_SPECS.stashPage.description,
inputSchema: SHARED_TOOL_SPECS.stashPage.buildShape!(z),
},
async ({ pageId }: { pageId: string }) => {
const result = await docmostClient.stashPage(pageId);
return {
content: [
{
type: "resource_link" as const,
uri: result.uri,
name: "page.json",
mimeType: "application/json",
size: result.size,
},
],
// Mirror the full documented result shape ({ uri, size, sha256, images })
// as structuredContent so MCP clients get the blob's sha256 (its ETag, for
// integrity) and the mirror counts, not just the resource_link.
structuredContent: {
uri: result.uri,
sha256: result.sha256,
size: result.size,
images: result.images,
},
};
},
);
// Tool: patch_node — schema + description from the shared registry (identical
// across both transports). The execute body keeps its own parseNodeArg
// normalization (the model sometimes serializes `node` as a JSON string).
registerShared(
SHARED_TOOL_SPECS.patchNode,
async ({ pageId, nodeId, node }) => {
const parsedNode = parseNodeArg(node);
const result = await docmostClient.patchNode(pageId, nodeId, parsedNode);
return jsonContent(result);
},
);
// Tool: insert_node — schema + description from the shared registry. As with
// patch_node, the execute body retains parseNodeArg on the incoming node.
registerShared(
SHARED_TOOL_SPECS.insertNode,
async ({ pageId, node, position, anchorNodeId, anchorText }) => {
const parsedNode = parseNodeArg(node);
const result = await docmostClient.insertNode(pageId, parsedNode, {
position,
anchorNodeId,
anchorText,
});
return jsonContent(result);
},
);
// Tool: delete_node
registerShared(SHARED_TOOL_SPECS.deleteNode, async ({ pageId, nodeId }) => {
const result = await docmostClient.deleteNode(pageId, nodeId);
return jsonContent(result);
});
// Tool: insert_image
// Schema + description now live in the shared registry (#410) so BOTH this MCP
// server and the in-app AI-chat agent expose it. The execute body is unchanged.
registerShared(
SHARED_TOOL_SPECS.insertImage,
async ({ pageId, imageUrl, align, alt, replaceText, afterText }) => {
const result = await docmostClient.insertImage(pageId, imageUrl, {
align,
alt,
replaceText,
afterText,
});
return jsonContent(result);
},
);
// Tool: replace_image
// Schema + description now live in the shared registry (#410).
registerShared(
SHARED_TOOL_SPECS.replaceImage,
async ({ pageId, attachmentId, imageUrl, align, alt }) => {
const result = await docmostClient.replaceImage(
pageId,
attachmentId,
imageUrl,
{
align,
alt,
},
);
return jsonContent(result);
},
);
// Tool: drawio_get — read a draw.io diagram as mxGraph XML (or the raw SVG).
registerShared(
SHARED_TOOL_SPECS.drawioGet,
async ({ pageId, node, format }) => {
const result = await docmostClient.drawioGet(pageId, node, format ?? "xml");
return jsonContent(result);
},
);
// Tool: drawio_create — lint mxGraph XML, build the .drawio.svg, insert a node.
registerShared(
SHARED_TOOL_SPECS.drawioCreate,
async ({ pageId, xml, position, anchorNodeId, anchorText, title }) => {
const result = await docmostClient.drawioCreate(
pageId,
{ position, anchorNodeId, anchorText },
xml,
title,
);
return jsonContent(result);
},
);
// Tool: drawio_update — optimistic-locked full replacement of a diagram.
registerShared(
SHARED_TOOL_SPECS.drawioUpdate,
async ({ pageId, node, xml, baseHash }) => {
const result = await docmostClient.drawioUpdate(pageId, node, xml, baseHash);
return jsonContent(result);
},
);
// Tool: share_page
// Schema + description now live in the shared registry (#294). The execute body
// keeps this transport's own `searchIndexing ?? true` default.
registerShared(
SHARED_TOOL_SPECS.sharePage,
async ({ pageId, searchIndexing }) => {
const result = await docmostClient.sharePage(pageId, searchIndexing ?? true);
return jsonContent(result);
},
);
// Tool: unshare_page
registerShared(SHARED_TOOL_SPECS.unsharePage, async ({ pageId }) => {
const result = await docmostClient.unsharePage(pageId);
return jsonContent(result);
});
// Tool: list_shares
registerShared(SHARED_TOOL_SPECS.listShares, async () => {
const result = await docmostClient.listShares();
return jsonContent(result);
});
// Tool: move_page
// Schema + description now live in the shared registry (#294). The execute body
// keeps this transport's cycle guard, its 'null'/'' -> null string coercion, and
// its positive-confirmation check on the move response.
registerShared(
SHARED_TOOL_SPECS.movePage,
async ({ pageId, parentPageId, position }) => {
const finalParentId =
parentPageId === "" || parentPageId === "null" ? null : parentPageId;
// Cheap cycle guard: a page cannot be moved directly under itself.
// (Deeper descendant-cycle detection is intentionally out of scope.)
if (finalParentId !== null && finalParentId === pageId) {
throw new Error("cannot move a page under itself");
}
const result = await docmostClient.movePage(
pageId,
finalParentId || null,
position,
);
// Require POSITIVE confirmation: the live /pages/move success shape is
// exactly { success: true, status: 200 }. An empty body, a 204, or any odd
// shape lacking success === true must NOT be reported as a successful move,
// so we surface the raw API result instead of declaring success.
if (!(result && typeof result === "object" && result.success === true)) {
throw new Error(
`Failed to move page ${pageId}: ${JSON.stringify(result)}`,
);
}
return jsonContent({
message: `Successfully moved page ${pageId} to parent ${finalParentId || "root"}`,
result,
});
},
);
// Tool: delete_page
// Schema + description now live in the shared registry (#294). The shared schema
// exposes ONLY pageId, so no permanent/force-delete flag can reach the client.
registerShared(SHARED_TOOL_SPECS.deletePage, async ({ pageId }) => {
await docmostClient.deletePage(pageId);
return {
content: [
{ type: "text" as const, text: `Successfully deleted page ${pageId}` },
],
};
});
// --- Comment tools (ported from upstream PR #3 by Max Nikitin) ---
// Tool: list_comments
registerShared(
SHARED_TOOL_SPECS.listComments,
async ({ pageId, includeResolved }) => {
const comments = await docmostClient.listComments(pageId, includeResolved);
return jsonContent(comments);
},
);
// Tool: create_comment
// Schema + description now live in the shared registry (#294). The execute body
// keeps this transport's own guards (require a selection for a top-level
// comment; reject suggestedText on a reply / without a selection).
registerShared(
SHARED_TOOL_SPECS.createComment,
async ({ pageId, content, selection, parentCommentId, suggestedText }) => {
if (!parentCommentId && (!selection || !selection.trim())) {
throw new Error(
"create_comment: a 'selection' (exact text to anchor on) is required for a top-level comment; omit it only when replying via parentCommentId.",
);
}
if (suggestedText !== undefined) {
if (parentCommentId) {
throw new Error(
"create_comment: 'suggestedText' cannot be attached to a reply; it applies only to a top-level inline comment.",
);
}
if (!selection || !selection.trim()) {
throw new Error(
"create_comment: 'suggestedText' requires a 'selection' to anchor and rewrite.",
);
}
}
const result = await docmostClient.createComment(
pageId,
content,
"inline",
selection,
parentCommentId,
suggestedText,
);
return jsonContent(result);
},
);
// Tool: update_comment // Tool: update_comment
server.registerTool( server.registerTool(
"update_comment", "update_comment",
@@ -785,39 +432,6 @@ server.registerTool(
}, },
); );
// Tool: resolve_comment
// Schema + description now live in the shared registry (#294).
registerShared(
SHARED_TOOL_SPECS.resolveComment,
async ({ commentId, resolved }) => {
const result = await docmostClient.resolveComment(commentId, resolved);
return jsonContent(result);
},
);
// Tool: check_new_comments
// Schema + description now live in the shared registry (#294). The execute body
// keeps this transport's own guard rejecting an unparseable `since` timestamp.
registerShared(
SHARED_TOOL_SPECS.checkNewComments,
async ({ spaceId, since, parentPageId }) => {
// Reject an unparseable timestamp up front: otherwise the comparison
// against NaN silently treats every comment as "not new" and the tool
// returns zero results without signalling the bad input.
if (Number.isNaN(Date.parse(since))) {
throw new Error(
`Invalid 'since' timestamp: ${JSON.stringify(since)} — expected an ISO 8601 date (e.g. '2026-03-10T00:00:00Z')`,
);
}
const result = await docmostClient.checkNewComments(
spaceId,
since,
parentPageId,
);
return jsonContent(result);
},
);
// Tool: search // Tool: search
// INTENTIONAL per-transport divergence (not shared): the in-app `searchPages` // INTENTIONAL per-transport divergence (not shared): the in-app `searchPages`
// runs a semantic + keyword hybrid (RRF) with in-process access control and a // runs a semantic + keyword hybrid (RRF) with in-process access control and a
@@ -927,43 +541,5 @@ server.registerTool(
}, },
); );
// Tool: insert_footnote
// Schema + description now live in the shared registry (#410) so the in-app
// AI-chat agent exposes it too. The execute body is unchanged.
registerShared(
SHARED_TOOL_SPECS.insertFootnote,
async ({ pageId, anchorText, text }) => {
const result = await docmostClient.insertFootnote(pageId, anchorText, text);
return jsonContent(result);
},
);
// Tool: diff_page_versions
registerShared(
SHARED_TOOL_SPECS.diffPageVersions,
async ({ pageId, from, to }) => {
const result = await docmostClient.diffPageVersions(pageId, from, to);
return jsonContent(result);
},
);
// Tool: list_page_history
registerShared(
SHARED_TOOL_SPECS.listPageHistory,
async ({ pageId, cursor }) => {
const result = await docmostClient.listPageHistory(pageId, cursor);
return jsonContent(result);
},
);
// Tool: restore_page_version
registerShared(
SHARED_TOOL_SPECS.restorePageVersion,
async ({ historyId }) => {
const result = await docmostClient.restorePageVersion(historyId);
return jsonContent(result);
},
);
return server; return server;
} }
+21 -4
View File
@@ -202,6 +202,21 @@ export class CollabSession {
this.ydoc = new Y.Doc(); this.ydoc = new Y.Doc();
} }
/**
* Shared diagnostic suffix (issue #437) appended to the connect-timeout,
* persist-timeout and connection-closed error texts: names the offending
* pageId and tells the agent this class of failure is transient (retry once)
* vs. a persistent collab-server outage, so it can self-correct instead of
* blind-looping. The Yjs-encode error is deliberately NOT touched it
* already names the offending attribute.
*/
private hint(): string {
return (
`(pageId ${this.pageId}; transient — retry once; persistent failures ` +
`mean the collab server is unreachable/overloaded)`
);
}
/** /**
* A cached session may be reused only when it is fully ready, still synced, * A cached session may be reused only when it is fully ready, still synced,
* has not lost its connection, and has not exceeded its max age (invariant 5 * has not lost its connection, and has not exceeded its max age (invariant 5
@@ -232,7 +247,9 @@ export class CollabSession {
// The 25s connect timeout: the collab connection never became ready. // The 25s connect timeout: the collab connection never became ready.
this.opts?.onConnectTimeout?.(); this.opts?.onConnectTimeout?.();
this.teardown( this.teardown(
new Error("Connection timeout to collaboration server"), new Error(
`Connection timeout to collaboration server ${this.hint()}`,
),
false, false,
); );
}, CONNECT_TIMEOUT_MS); }, CONNECT_TIMEOUT_MS);
@@ -259,7 +276,7 @@ export class CollabSession {
if (process.env.DEBUG) console.error("WS Disconnect"); if (process.env.DEBUG) console.error("WS Disconnect");
this.teardown( this.teardown(
new Error( new Error(
"Collaboration connection closed before the update was persisted/synced", `Collaboration connection closed before the update was persisted/synced ${this.hint()}`,
), ),
true, true,
); );
@@ -268,7 +285,7 @@ export class CollabSession {
if (process.env.DEBUG) console.error("WS Close"); if (process.env.DEBUG) console.error("WS Close");
this.teardown( this.teardown(
new Error( new Error(
"Collaboration connection closed before the update was persisted/synced", `Collaboration connection closed before the update was persisted/synced ${this.hint()}`,
), ),
true, true,
); );
@@ -403,7 +420,7 @@ export class CollabSession {
persistTimer = setTimeout(() => { persistTimer = setTimeout(() => {
localFinish( localFinish(
new Error( new Error(
"Timeout waiting for collaboration server to persist the update", `Timeout waiting for collaboration server to persist the update ${this.hint()}`,
), ),
); );
}, PERSIST_TIMEOUT_MS); }, PERSIST_TIMEOUT_MS);
+228
View File
@@ -0,0 +1,228 @@
// Progressive-disclosure authoring reference for the `drawio_guide` tool
// (issue #424, stage 2). The FULL draw.io authoring guide would bloat every
// context window, so it is split into small sections the model reads on demand:
// skeleton | layout | containers | icons-aws | icons-azure
// Content is written directly from the issue #424 appendix (the layout
// heuristics, container rules, AWS icon patterns + gotchas + blocklist, and
// Azure image-style paths). ACCEPTANCE: each section stays <= ~4 KB so pulling
// one is cheap.
export type GuideSection =
| "skeleton"
| "layout"
| "containers"
| "icons-aws"
| "icons-azure";
export const GUIDE_SECTIONS: GuideSection[] = [
"skeleton",
"layout",
"containers",
"icons-aws",
"icons-azure",
];
const SKELETON = `# drawio_guide: skeleton
Canonical mxGraph skeleton. id="0" and id="1" are MANDATORY sentinels; every
real cell has parent="1" (or a container id). Set adaptiveColors="auto" on the
model so Docmost's dark theme adapts strokeColor/fillColor/fontColor="default".
\`\`\`xml
<mxGraphModel dx="800" dy="600" grid="1" gridSize="10" adaptiveColors="auto"
page="1" pageWidth="850" pageHeight="1100">
<root>
<mxCell id="0"/>
<mxCell id="1" parent="0"/>
<mxCell id="2" value="Start" style="rounded=1;whiteSpace=wrap;html=1;"
vertex="1" parent="1">
<mxGeometry x="40" y="40" width="140" height="60" as="geometry"/>
</mxCell>
<mxCell id="3" value="Store" style="shape=cylinder3;whiteSpace=wrap;html=1;"
vertex="1" parent="1">
<mxGeometry x="40" y="200" width="80" height="80" as="geometry"/>
</mxCell>
<mxCell id="e1" edge="1" parent="1" source="2" target="3"
style="edgeStyle=orthogonalEdgeStyle;rounded=1;html=1;">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
</root>
</mxGraphModel>
\`\`\`
Three accepted inputs to drawio_create/drawio_update: a bare <mxGraphModel>, a
full <mxfile> (decoded to its first page), or a raw list of <mxCell> (the server
wraps it and adds the id=0/id=1 sentinels).
Hard rules: a cell is vertex="1" XOR edge="1" (a container/group is neither);
every edge has a child <mxGeometry relative="1" as="geometry"/>; ids are unique;
no XML comments; put html=1 in styles and XML-escape value (& -> &amp;,
< -> &lt;); a newline in a label is &#xa;, never a literal \\n. Don't guess
shape=mxgraph.* names call drawio_shapes first (a wrong name renders empty).`;
const LAYOUT = `# drawio_guide: layout
Turn "make it look good" into checkable numbers. Or pass layout:"elk" to
drawio_create/drawio_update and the server computes coordinates for you (ELK
layered layout, honouring nested containers) you declare structure, it places
pixels.
Spacing (when placing by hand):
- Horizontal gap between shapes 200-220px; vertical between rows/lanes 250px;
auxiliary services (monitoring, DLQ) sit below the main flow with 280px+ gap.
- Coordinates are multiples of 10 (grid). Base sizes: rectangle 140x60, diamond
140x80, circle 60x60; cloud icons 78x78 primary / 65x65 secondary; font 12px.
- Main flow left-to-right, one primary axis; <=3-4 lanes/zones; one icon/service.
Edges:
- <=1 bend per edge (ideally 0); an edge must not cross another shape's bbox;
two edges must not lie on top of each other.
- Give explicit exitX/exitY/entryX/entryY for every non-straight link or the
orthogonal router drives lines through shapes. Vertical link:
exitX=0.5;exitY=1 -> entryX=0.5;entryY=0. For 2+ links on one node, spread the
attach points 0.25 / 0.5 / 0.75.
- Base edge style:
edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;strokeWidth=2;exitX=1;exitY=0.5;entryX=0;entryY=0.5;
- Edge labels: 1-2 words max, labelBackgroundColor=#F5F5F5;fontSize=11;. Don't
label an obvious flow (Lambda->DynamoDB needs no "Write"); prefer numbering
stages (1,2,3) over many labels.
- Line semantics: solid = main/sync; dashed=1 = async; red dashed
strokeColor=#DD344C = error path.
Alignment: centre a child under its parent by math, not by eye:
child.x = parent.center_x - child.width/2.
The linter returns quality WARNINGS (bbox overlap, edge through a shape,
edge-on-edge, gap <150px, label wider than its shape, negative/off-page coords).
They do not block the write fix them and retry, max 2 iterations.`;
const CONTAINERS = `# drawio_guide: containers
Groups/zones are TRANSPARENT containers. A coloured group fill is an instant
"AI-generated" tell never fill a group.
- Every group: container=1;dropTarget=1;fillColor=none;. It is a cell with
vertex unset AND edge unset.
- Children set parent="<groupId>" and their coordinates are RELATIVE to the
group's top-left, not absolute.
- An edge between cells in DIFFERENT containers must be parent="1" (the layer),
otherwise it is clipped to one container and disappears.
- Keep the group title off the group icon:
spacingLeft=40;spacingTop=-4;.
- Leave >=30px padding between children and the group frame.
- Draw edges on the BACK layer (place their <mxCell> BEFORE the shapes in XML)
and keep >=20px between an arrow and a label.
Swimlanes: style=swimlane;horizontal=0;startSize=110;. Lanes are parent="1";
their members are children of the lane.
Example (transparent zone with two children and an internal edge):
\`\`\`xml
<mxCell id="z1" value="VPC" style="rounded=0;container=1;dropTarget=1;fillColor=none;verticalAlign=top;spacingLeft=40;spacingTop=-4;html=1;"
vertex="1" parent="1">
<mxGeometry x="40" y="40" width="320" height="200" as="geometry"/>
</mxCell>
<mxCell id="a" value="App" style="rounded=1;html=1;" vertex="1" parent="z1">
<mxGeometry x="30" y="40" width="120" height="60" as="geometry"/>
</mxCell>
<mxCell id="b" value="DB" style="shape=cylinder3;html=1;" vertex="1" parent="z1">
<mxGeometry x="30" y="120" width="80" height="60" as="geometry"/>
</mxCell>
<mxCell id="ab" edge="1" parent="z1" source="a" target="b">
<mxGeometry relative="1" as="geometry"/>
</mxCell>
\`\`\``;
const ICONS_AWS = `# drawio_guide: icons-aws
Two mutually-exclusive AWS icon patterns mixing them is the #1 cause of empty
boxes. Always call drawio_shapes for the exact resIcon name; do not guess.
| Level | style | strokeColor |
|---|---|---|
| Service | shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.<NAME> | #ffffff (required) |
| Resource | shape=mxgraph.aws4.<NAME> | none (required) |
Full service-level template (fillColor is REQUIRED the glyph is invisible in
PNG export without it):
\`\`\`
sketch=0;outlineConnect=0;fontColor=#232F3E;fillColor=<category>;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.<NAME>
\`\`\`
Category fillColor: Compute #ED7100, Networking #8C4FFF, Database #C925D1,
Storage #3F8624, Security #DD344C, Integration #E7157B, AI/ML #01A88D.
Rebrandings (stencil name lags the product name):
- Amazon OpenSearch -> resIcon elasticsearch_service (renamed 2021)
- Amazon EventBridge -> resIcon eventbridge (was CloudWatch Events)
- VPC Peering -> resIcon peering (NOT vpc_peering -> empty box)
- Amazon MSK -> resIcon managed_streaming_for_kafka (NOT msk)
- IAM Identity Center -> resIcon single_sign_on (NOT iam_identity_center)
Blocklist -> replacement: dynamodb_table -> dynamodb; general_saml_token ->
traditional_server; kinesis_data_streams is unreliable. An unknown service ->
generic resIcon=mxgraph.aws4.general_AWScloud WITH a label; an unnamed coloured
rectangle is forbidden.
Group stencils (transparent containers): AWS Cloud group_aws_cloud_alt, VPC
group_vpc2, Subnet group_security_group, Account group_account; subnets use
shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_public_subnet;.`;
const ICONS_AZURE = `# drawio_guide: icons-azure
shape=mxgraph.azure2.* does NOT render in every host. Use the portable
image-style instead:
\`\`\`
image;aspect=fixed;html=1;image=img/lib/azure2/<category>/<Icon>.svg;
\`\`\`
Known working paths:
- networking/Front_Doors.svg
- app_services/API_Management_Services.svg
- databases/Azure_Cosmos_DB.svg
- identity/Managed_Identities.svg
- management_governance/Monitor.svg
- devops/Application_Insights.svg
For maximum robustness (e.g. PNG export on a host without the bundled lib), use
an absolute URL fallback for the image:
\`\`\`
https://raw.githubusercontent.com/jgraph/drawio/dev/src/main/webapp/img/lib/azure2/<category>/<Icon>.svg
\`\`\`
Call drawio_shapes with the service name (e.g. "cosmos", "api management",
"front door") to get the exact image-style string and default 68x68 size.`;
const CONTENT: Record<GuideSection, string> = {
skeleton: SKELETON,
layout: LAYOUT,
containers: CONTAINERS,
"icons-aws": ICONS_AWS,
"icons-azure": ICONS_AZURE,
};
/**
* Return one guide section, or (when `section` is omitted/unknown) an index
* listing the available sections plus a one-line summary each. Each section is
* kept under ~4 KB so pulling it does not bloat the model's context.
*/
export function getGuideSection(section?: string): {
section: string;
content: string;
sections: GuideSection[];
} {
const key = (section ?? "").trim().toLowerCase() as GuideSection;
if (section && GUIDE_SECTIONS.includes(key)) {
return { section: key, content: CONTENT[key], sections: GUIDE_SECTIONS };
}
const index =
"# drawio_guide\n\nProgressive-disclosure draw.io authoring reference. " +
"Call drawio_guide(section) with one of:\n" +
"- skeleton — canonical mxGraph XML, sentinels, the three accepted inputs, hard rules\n" +
"- layout — spacing heuristics, edge routing, the layout:\"elk\" option, quality warnings\n" +
"- containers — transparent groups, relative child coords, cross-container edges, swimlanes\n" +
"- icons-aws — the service/resource icon patterns, category colors, rebrandings, blocklist\n" +
"- icons-azure — the portable image-style paths\n\n" +
"Also call drawio_shapes(query) for verified stencil style-strings.";
return { section: "index", content: index, sections: GUIDE_SECTIONS };
}
+240
View File
@@ -0,0 +1,240 @@
// ELK auto-layout for draw.io models (issue #424, stage 2). The model declares
// the LOGICAL structure (which nodes exist, which containers nest which
// children, which edges connect what) with rough or arbitrary coordinates; this
// module runs an Eclipse Layout Kernel "layered" pass (via elkjs — a pure-JS
// port, no native/browser deps) that HONOURS nested containers as compound
// nodes, then rewrites every vertex's <mxGeometry> with the computed pixels.
//
// Principle: "the model declares logical structure, the server computes pixels."
// Coordinates ELK returns for a node are relative to its parent, which is
// exactly mxGraph's convention for a child of a container, so they map across
// directly. Container sizes are computed by ELK; leaf sizes are preserved.
import ELK from "elkjs/lib/elk.bundled.js";
import { JSDOM } from "jsdom";
import { normalizeInput, parseCells, type DrawioCell } from "./drawio-xml.js";
// Default sizes when a vertex declares no geometry (appendix base sizes).
const DEFAULT_W = 140;
const DEFAULT_H = 60;
// DoS bounds for the in-process ELK layout. The mxGraph XML is LLM-supplied
// (layout:"elk" in drawio_create/drawio_update) and elkjs runs synchronously on
// the MCP server's event loop, so an unbounded graph would block it for
// seconds-to-minutes. A ~1MB XML (well under the stage-1 16MB cap) can carry
// thousands of nodes. We cap the graph size and race the layout against a
// wall-clock timeout; on either bound we fall back to the ORIGINAL model, the
// same best-effort contract the catch already honours.
// - 500 nodes lays out in well under a second; beyond that ELK cost climbs
// steeply, so refuse and leave the (already-valid) model untouched.
// - Edges dominate the layered-crossing cost, so allow a bit more headroom
// (1000) than nodes but still bound them.
// - 5s is generous for any graph within the caps yet short enough that a
// pathological input can never wedge the server.
const ELK_MAX_NODES = 500;
const ELK_MAX_EDGES = 1000;
const ELK_TIMEOUT_MS = 5000;
// Spacing is set >=150px on purpose so an ELK layout never trips the linter's
// "gap between adjacent shapes < 150px" quality warning (acceptance #3).
const LAYOUT_OPTIONS: Record<string, string> = {
"elk.algorithm": "layered",
"elk.direction": "RIGHT",
// Route edges across container boundaries in a single hierarchical pass.
"elk.hierarchyHandling": "INCLUDE_CHILDREN",
"elk.layered.spacing.nodeNodeBetweenLayers": "170",
"elk.spacing.nodeNode": "170",
"elk.spacing.edgeNode": "40",
"elk.spacing.edgeEdge": "30",
"elk.padding": "[top=20,left=20,bottom=20,right=20]",
};
// Per-container options: pad children >=30px off the frame (appendix rule) and
// carry the same generous spacing so nested nodes never trip the "gap <150px"
// warning either.
const CONTAINER_OPTIONS: Record<string, string> = {
"elk.algorithm": "layered",
"elk.direction": "RIGHT",
"elk.padding": "[top=40,left=30,bottom=30,right=30]",
"elk.layered.spacing.nodeNodeBetweenLayers": "170",
"elk.spacing.nodeNode": "170",
};
interface ElkNode {
id: string;
width?: number;
height?: number;
x?: number;
y?: number;
children?: ElkNode[];
layoutOptions?: Record<string, string>;
}
interface ElkEdge {
id: string;
sources: string[];
targets: string[];
}
interface ElkGraph extends ElkNode {
edges?: ElkEdge[];
}
/**
* Apply an ELK layered layout to a drawio input and return a full mxGraphModel
* string with rewritten geometry. Accepts the same three input forms as
* drawio_create (a bare model, an <mxfile>, or a <mxCell> list). Async because
* elkjs' layout() is promise-based. On any layout failure the ORIGINAL
* (normalized) model is returned unchanged layout is best-effort polish, never
* a reason to fail the write.
*/
export async function applyElkLayout(inputXml: string): Promise<string> {
const modelXml = normalizeInput(inputXml);
let cells: DrawioCell[];
try {
cells = parseCells(modelXml);
} catch {
return modelXml; // unparseable -> let the linter report it downstream
}
const byId = new Map(cells.map((c) => [c.id, c]));
const vertices = cells.filter(
(c) => c.vertex && c.id !== "0" && c.id !== "1",
);
if (vertices.length === 0) return modelXml;
// A vertex is a CONTAINER iff some other vertex names it as parent.
const childrenOf = new Map<string, DrawioCell[]>();
for (const v of vertices) {
const p = v.parent && byId.get(v.parent)?.vertex ? v.parent : "__root__";
if (!childrenOf.has(p)) childrenOf.set(p, []);
childrenOf.get(p)!.push(v);
}
const isContainer = (id: string) => childrenOf.has(id);
const buildNode = (v: DrawioCell): ElkNode => {
const kids = childrenOf.get(v.id);
const node: ElkNode = { id: v.id };
if (kids && kids.length > 0) {
node.children = kids.map(buildNode);
node.layoutOptions = { ...CONTAINER_OPTIONS };
} else {
node.width = v.geometry.width ?? DEFAULT_W;
node.height = v.geometry.height ?? DEFAULT_H;
}
return node;
};
const roots = (childrenOf.get("__root__") ?? []).map(buildNode);
// All edges at the root; INCLUDE_CHILDREN lets them span the hierarchy. Only
// edges whose endpoints are laid-out vertices are handed to ELK.
const vertexIds = new Set(vertices.map((v) => v.id));
const edges: ElkEdge[] = [];
for (const c of cells) {
if (!c.edge || !c.source || !c.target) continue;
if (!vertexIds.has(c.source) || !vertexIds.has(c.target)) continue;
edges.push({ id: c.id || `e${edges.length}`, sources: [c.source], targets: [c.target] });
}
// DoS guard: refuse to lay out an oversized LLM-supplied graph. elkjs runs
// in-process on the event loop, so bound the work before we ever call it and
// return the original model unchanged (best-effort, same as the catch below).
if (vertices.length > ELK_MAX_NODES || edges.length > ELK_MAX_EDGES) {
return modelXml;
}
const graph: ElkGraph = {
id: "root",
layoutOptions: LAYOUT_OPTIONS,
children: roots,
edges,
};
let laid: ElkGraph;
let timer: ReturnType<typeof setTimeout> | undefined;
try {
// elkjs ships a CJS default export whose interop shape varies across
// module systems; resolve the real constructor at runtime, then cast (the
// runtime call is verified — see the layout unit test).
const Ctor: any = (ELK as any).default ?? ELK;
const elk = new Ctor();
// Race the layout against a wall-clock timeout so a graph that is under the
// node/edge caps but still pathologically slow can never wedge the server.
const timeout = new Promise<never>((_, reject) => {
timer = setTimeout(
() => reject(new Error("ELK layout timed out")),
ELK_TIMEOUT_MS,
);
});
laid = (await Promise.race([elk.layout(graph as any), timeout])) as ElkGraph;
} catch {
return modelXml; // best-effort: keep the model as-is on timeout or ELK failure
} finally {
if (timer) clearTimeout(timer);
}
// Collect computed geometry per node id (coords are parent-relative already).
const geo = new Map<string, { x: number; y: number; w: number; h: number }>();
const walk = (n: ElkNode) => {
if (n.id !== "root") {
geo.set(n.id, {
x: Math.round(n.x ?? 0),
y: Math.round(n.y ?? 0),
w: Math.round(n.width ?? DEFAULT_W),
h: Math.round(n.height ?? DEFAULT_H),
});
}
for (const c of n.children ?? []) walk(c);
};
walk(laid);
return rewriteGeometry(modelXml, geo, isContainer);
}
/**
* Rewrite each vertex cell's <mxGeometry> x/y (and width/height for containers,
* whose size ELK computed) using the DOM, then serialize back. Leaf sizes are
* left untouched. Edges and non-geometry attributes are preserved verbatim.
*/
function rewriteGeometry(
modelXml: string,
geo: Map<string, { x: number; y: number; w: number; h: number }>,
isContainer: (id: string) => boolean,
): string {
const dom = new JSDOM("");
const parser = new dom.window.DOMParser();
const doc = parser.parseFromString(modelXml, "application/xml");
if (doc.getElementsByTagName("parsererror").length > 0) return modelXml;
const cellEls = doc.getElementsByTagName("mxCell");
for (let i = 0; i < cellEls.length; i++) {
const el = cellEls[i];
const id = el.getAttribute("id") || "";
const g = geo.get(id);
if (!g) continue;
let geoEl: any = null;
for (let j = 0; j < el.childNodes.length; j++) {
const ch = el.childNodes[j];
if (ch.nodeType === 1 && (ch as any).tagName === "mxGeometry") {
geoEl = ch;
break;
}
}
if (!geoEl) {
geoEl = doc.createElement("mxGeometry");
geoEl.setAttribute("as", "geometry");
el.appendChild(geoEl);
}
geoEl.setAttribute("x", String(g.x));
geoEl.setAttribute("y", String(g.y));
// Containers take ELK's computed size; leaves keep their authored size.
if (isContainer(id) || !geoEl.hasAttribute("width")) {
geoEl.setAttribute("width", String(g.w));
}
if (isContainer(id) || !geoEl.hasAttribute("height")) {
geoEl.setAttribute("height", String(g.h));
}
}
const ser = new dom.window.XMLSerializer();
return ser.serializeToString(doc.documentElement);
}
+420
View File
@@ -0,0 +1,420 @@
// Verified draw.io shape catalog for the `drawio_shapes` tool (issue #424,
// stage 2). This is the fix for AI-generated diagrams' #1 defect: guessed
// `shape=mxgraph.*` names that render as EMPTY BOXES because the stencil does
// not exist. Instead of guessing, the model queries this catalog and gets back
// an exact, verified style-string + the stencil's default width/height.
//
// DATA SOURCE — the bundled index is the REAL jgraph/drawio-mcp shape index
// (`shape-search/search-index.json`, Apache-2.0, ~10 446 shapes), fetched
// verbatim and gzip-compressed to `packages/mcp/data/drawio-shape-index.json.gz`
// (~4.7 MB -> ~430 KB). Each record is `{ style, w, h, title, tags, type }`.
//
// REGENERATING THE INDEX (keeps the catalog from going stale as draw.io ships
// new stencils): jgraph publishes `shape-search/generate-index.js`, which
// rebuilds `search-index.json` from a draw.io release's `app.min.js`. To update:
// 1. clone https://github.com/jgraph/drawio-mcp (Apache-2.0)
// 2. run `node shape-search/generate-index.js` per its README
// 3. `gzip -9 -c search-index.json > packages/mcp/data/drawio-shape-index.json.gz`
// The record shape and this module's search stay unchanged.
//
// CURATED OVERLAY — on top of the raw index this module carries a small,
// hand-maintained overlay drawn from the issue #424 appendix (the aws-
// architecture-diagram-skill knowledge): AWS service rebrandings whose stencil
// name lags the product name, a BLOCKLIST of known-broken stencils mapped to
// working replacements, the category fillColor palette, the AWS group/subnet
// stencils, and the Azure image-style paths. The overlay is applied BEFORE the
// raw search so a query for a rebranded/blocked name returns the correct answer
// with an explanatory note instead of the empty-box stencil.
import { readFileSync } from "node:fs";
import { gunzipSync } from "node:zlib";
/** A single catalog record as returned to the model. */
export interface ShapeResult {
/** The exact draw.io style-string to put on the cell. */
style: string;
/** Default width in px for this stencil. */
w: number;
/** Default height in px for this stencil. */
h: number;
/** Human-readable stencil name. */
title: string;
/** "vertex" | "edge" (from the index). */
type: string;
/** AWS category (Compute/Database/…) when derivable, else undefined. */
category?: string;
/**
* Present when the overlay rewrote/annotated the answer: a rebrand, a
* blocklist replacement, or a usage hint. The model should surface it.
*/
note?: string;
}
/** Raw record shape in the bundled index. */
interface IndexRecord {
style: string;
w: number;
h: number;
title: string;
tags: string;
type: string;
}
// --- AWS category fillColor palette (appendix) -----------------------------
// Service-level icons MUST carry a fillColor (invisible in PNG export
// otherwise); the color is the AWS category color.
export const AWS_CATEGORY_FILL: Record<string, string> = {
Compute: "#ED7100",
Networking: "#8C4FFF",
Database: "#C925D1",
Storage: "#3F8624",
Security: "#DD344C",
Integration: "#E7157B",
"AI/ML": "#01A88D",
};
/** Reverse lookup: fillColor hex -> category name (for annotating results). */
const FILL_TO_CATEGORY: Record<string, string> = Object.fromEntries(
Object.entries(AWS_CATEGORY_FILL).map(([k, v]) => [v.toLowerCase(), k]),
);
/**
* Build the canonical service-level AWS icon style for a resIcon name. Mirrors
* the appendix's full template: strokeColor=#ffffff is MANDATORY and fillColor
* is the category color (defaults to AWS ink #232F3E when the category is
* unknown, so the glyph is never invisible).
*/
export function awsServiceStyle(resIcon: string, category?: string): string {
const fill = (category && AWS_CATEGORY_FILL[category]) || "#232F3E";
return (
"sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;" +
`fillColor=${fill};strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;` +
"verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;" +
`shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.${resIcon}`
);
}
// --- AWS rebrandings (appendix "gotcha" table) -----------------------------
// The stencil name lags the AWS product name; a naive query for the product
// name would miss (or return an empty box). Each alias maps to the REAL resIcon.
interface Rebrand {
aliases: string[];
resIcon: string;
category?: string;
note: string;
}
export const AWS_REBRANDS: Rebrand[] = [
{
aliases: ["opensearch", "open search", "amazon opensearch"],
resIcon: "elasticsearch_service",
category: "Database",
note: "Amazon OpenSearch's stencil is still named `elasticsearch_service` (renamed in 2021).",
},
{
aliases: ["eventbridge", "event bridge", "cloudwatch events"],
resIcon: "eventbridge",
category: "Integration",
note: "Amazon EventBridge uses resIcon `eventbridge` (formerly CloudWatch Events).",
},
{
aliases: ["vpc peering", "peering"],
resIcon: "peering",
category: "Networking",
note: "VPC Peering is resIcon `peering`, NOT `vpc_peering` (which renders empty).",
},
{
aliases: ["msk", "kafka", "managed streaming", "amazon msk"],
resIcon: "managed_streaming_for_kafka",
category: "Integration",
note: "Amazon MSK is resIcon `managed_streaming_for_kafka`, NOT `msk`.",
},
{
aliases: ["iam identity center", "identity center", "sso", "single sign on"],
resIcon: "single_sign_on",
category: "Security",
note: "IAM Identity Center is resIcon `single_sign_on`, NOT `iam_identity_center`.",
},
];
// --- BLOCKLIST of broken stencils (appendix) -------------------------------
// A query that names one of these gets the working replacement + a note; the
// broken stencil is never returned.
interface Blocked {
bad: string;
good: string;
goodStyle?: (idx: IndexRecord[]) => ShapeResult | null;
note: string;
}
export const AWS_BLOCKLIST: Blocked[] = [
{
bad: "dynamodb_table",
good: "dynamodb",
note: "`dynamodb_table` renders as an empty box; use resIcon `dynamodb`.",
},
{
bad: "general_saml_token",
good: "traditional_server",
note: "`general_saml_token` is broken; use resIcon `traditional_server`.",
},
{
bad: "kinesis_data_streams",
good: "kinesis_data_streams",
note: "`kinesis_data_streams` is unreliable across draw.io versions; verify it renders, or fall back to resIcon `kinesis`.",
},
];
// --- AWS group / container stencils (appendix) -----------------------------
// Groups are transparent containers; these are the verified stencil names.
export const AWS_GROUP_STENCILS: ShapeResult[] = [
{
title: "AWS Cloud (group)",
style:
"points=[[0,0],[0.25,0],[0.5,0],[0.75,0],[1,0],[1,0.25],[1,0.5],[1,0.75],[1,1],[0.75,1],[0.5,1],[0.25,1],[0,1],[0,0.75],[0,0.5],[0,0.25]];" +
"outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;" +
"pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_aws_cloud_alt;" +
"strokeColor=#232F3E;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#232F3E;dashed=0;",
w: 400,
h: 300,
type: "vertex",
note: "AWS Cloud boundary — transparent container (grIcon=group_aws_cloud_alt).",
},
{
title: "VPC (group)",
style:
"points=[[0,0],[0.25,0],[0.5,0],[0.75,0],[1,0],[1,0.25],[1,0.5],[1,0.75],[1,1],[0.75,1],[0.5,1],[0.25,1],[0,1],[0,0.75],[0,0.5],[0,0.25]];" +
"outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;" +
"pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_vpc2;" +
"strokeColor=#8C4FFF;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#8C4FFF;dashed=0;",
w: 350,
h: 250,
type: "vertex",
note: "VPC boundary — transparent container (grIcon=group_vpc2).",
},
{
title: "Public Subnet (group)",
style:
"sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;" +
"pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_public_subnet;" +
"grStroke=0;strokeColor=none;fillColor=#E9F3E6;verticalAlign=top;align=left;spacingLeft=30;fontColor=#248814;dashed=0;",
w: 300,
h: 200,
type: "vertex",
note: "Public subnet — transparent container (grIcon=group_public_subnet).",
},
{
title: "Private Subnet (group)",
style:
"sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;" +
"pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_private_subnet;" +
"grStroke=0;strokeColor=none;fillColor=#E6F2F8;verticalAlign=top;align=left;spacingLeft=30;fontColor=#147EBA;dashed=0;",
w: 300,
h: 200,
type: "vertex",
note: "Private subnet — transparent container (grIcon=group_private_subnet).",
},
];
// --- Azure image-style stencils (appendix) ---------------------------------
// `shape=mxgraph.azure2.*` does not render in every host; the image-style path
// is the portable form. These are the verified known-working paths.
interface AzureIcon {
aliases: string[];
path: string;
title: string;
}
const AZURE_ICONS: AzureIcon[] = [
{ aliases: ["front door", "front doors"], path: "networking/Front_Doors.svg", title: "Azure Front Door" },
{ aliases: ["api management", "apim"], path: "app_services/API_Management_Services.svg", title: "Azure API Management" },
{ aliases: ["cosmos", "cosmos db"], path: "databases/Azure_Cosmos_DB.svg", title: "Azure Cosmos DB" },
{ aliases: ["managed identity", "managed identities"], path: "identity/Managed_Identities.svg", title: "Azure Managed Identity" },
{ aliases: ["azure monitor", "monitor"], path: "management_governance/Monitor.svg", title: "Azure Monitor" },
{ aliases: ["application insights", "app insights"], path: "devops/Application_Insights.svg", title: "Azure Application Insights" },
];
/** Build the portable Azure image-style for a lib path (appendix template). */
export function azureImageStyle(path: string): string {
return `sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];shadow=0;dashed=0;html=1;strokeColor=none;fillColor=#5E9BD9;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;align=center;outlineConnect=0;image;aspect=fixed;image=img/lib/azure2/${path};`;
}
// --- index loading (lazy, cached) ------------------------------------------
let _index: IndexRecord[] | null = null;
/** Path to the bundled gzipped index, resolved relative to the built module. */
function indexPath(): URL {
// build/lib/drawio-shapes.js -> ../../data/… -> packages/mcp/data/…
return new URL("../../data/drawio-shape-index.json.gz", import.meta.url);
}
/** Load + decompress + parse the bundled index once, then cache it. */
export function loadShapeIndex(): IndexRecord[] {
if (_index) return _index;
const gz = readFileSync(indexPath());
const json = gunzipSync(gz).toString("utf-8");
const arr = JSON.parse(json) as IndexRecord[];
_index = arr;
return arr;
}
/** Derive an AWS category from a service-level icon's fillColor, if present. */
function categoryOf(style: string): string | undefined {
const m = /fillColor=(#[0-9a-fA-F]{6})/.exec(style);
if (!m) return undefined;
return FILL_TO_CATEGORY[m[1].toLowerCase()];
}
function toResult(r: IndexRecord): ShapeResult {
return {
style: r.style,
w: r.w,
h: r.h,
title: r.title,
type: r.type,
category: categoryOf(r.style),
};
}
/** Find the best index record whose style carries `resIcon=<name>`. */
function findByResIcon(idx: IndexRecord[], name: string): IndexRecord | null {
const needle = `resIcon=mxgraph.aws4.${name}`;
// Prefer the service-level resourceIcon form; fall back to any style match.
let fallback: IndexRecord | null = null;
for (const r of idx) {
if (r.style.includes(needle) && r.style.includes("resourceIcon")) return r;
if (!fallback && r.style.includes(needle)) fallback = r;
}
return fallback;
}
/**
* Score a record against a lowercased query. Higher is better; 0 = no match.
* Exact title match ranks highest, then title substring, tag word, then a loose
* style/tag substring. This is a cheap substring+token scorer, not a real fuzzy
* matcher, which is plenty for the "give me the lambda icon" use case.
*/
function score(r: IndexRecord, q: string): number {
const title = r.title.toLowerCase();
const tags = r.tags.toLowerCase();
const style = r.style.toLowerCase();
let s = title === q ? 100 : 0;
if (title !== q && title.includes(q)) s += 40 - Math.min(20, title.length - q.length);
const words = q.split(/\s+/).filter(Boolean);
for (const w of words) {
if (title.includes(w)) s += 12;
if (new RegExp(`(^|\\W)${escapeRe(w)}(\\W|$)`).test(tags)) s += 8;
else if (tags.includes(w)) s += 4;
if (style.includes(w)) s += 2;
}
// Prefer the current AWS icon generation (aws4) over the deprecated aws3
// stencils, which are the older visual style and often not what's wanted.
if (s > 0) {
if (style.includes("mxgraph.aws4")) s += 6;
else if (style.includes("mxgraph.aws3")) s -= 12;
}
return s;
}
function escapeRe(s: string): string {
return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
}
export interface SearchShapesOptions {
category?: string;
limit?: number;
}
/**
* Search the catalog. Applies the curated overlay first (blocklist replacement,
* AWS rebrand, AWS group stencils, Azure image-style), then substring/tag/fuzzy
* search over the bundled ~10 446-shape index. Returns up to `limit` results
* (default 12) with exact style-strings and default sizes.
*/
export function searchShapes(
query: string,
opts: SearchShapesOptions = {},
): ShapeResult[] {
const limit = Math.max(1, Math.min(50, opts.limit ?? 12));
const q = query.trim().toLowerCase();
if (q === "") return [];
const idx = loadShapeIndex();
const out: ShapeResult[] = [];
const seen = new Set<string>();
const push = (r: ShapeResult) => {
if (seen.has(r.style)) return;
seen.add(r.style);
out.push(r);
};
// 1. BLOCKLIST: a query naming a broken stencil returns the replacement.
for (const b of AWS_BLOCKLIST) {
if (q.includes(b.bad) || b.bad.includes(q.replace(/\s+/g, "_"))) {
const rec = findByResIcon(idx, b.good);
if (rec) push({ ...toResult(rec), note: b.note });
}
}
// 2. AWS rebrandings: surface the correct resIcon with the rename note.
for (const rb of AWS_REBRANDS) {
if (rb.aliases.some((a) => q === a || q.includes(a) || a.includes(q))) {
const rec = findByResIcon(idx, rb.resIcon);
if (rec) {
push({ ...toResult(rec), category: rec ? categoryOf(rec.style) ?? rb.category : rb.category, note: rb.note });
} else {
push({
style: awsServiceStyle(rb.resIcon, rb.category),
w: 78,
h: 78,
title: rb.resIcon,
type: "vertex",
category: rb.category,
note: rb.note,
});
}
}
}
// 3. Azure image-style icons.
for (const az of AZURE_ICONS) {
if (az.aliases.some((a) => q.includes(a) || a.includes(q))) {
push({
style: azureImageStyle(az.path),
w: 68,
h: 68,
title: az.title,
type: "vertex",
category: "Azure",
note: "Azure: portable image-style (shape=mxgraph.azure2.* does not render in every host).",
});
}
}
// 4. AWS group/container stencils.
if (/\b(group|container|boundary|vpc|subnet|cloud|account)\b/.test(q)) {
for (const g of AWS_GROUP_STENCILS) {
if (g.title.toLowerCase().includes(q) || q.split(/\s+/).some((w) => g.title.toLowerCase().includes(w))) {
push(g);
}
}
}
// 5. General index search (substring + tags + loose fuzzy).
const catFilter = opts.category?.toLowerCase();
const scored: { r: IndexRecord; s: number }[] = [];
for (const r of idx) {
const s = score(r, q);
if (s <= 0) continue;
if (catFilter) {
const cat = categoryOf(r.style)?.toLowerCase();
const inStyle = r.style.toLowerCase().includes(catFilter);
if (cat !== catFilter && !inStyle) continue;
}
scored.push({ r, s });
}
scored.sort((a, b) => b.s - a.s || a.r.title.length - b.r.title.length);
for (const { r } of scored) {
if (out.length >= limit) break;
push(toResult(r));
}
return out.slice(0, limit);
}
+306 -1
View File
@@ -461,6 +461,308 @@ export function absolutePos(
return { x, y }; return { x, y };
} }
// --- quality warnings (geometry, non-blocking) -----------------------------
//
// These are computed purely from geometry — NO rendering — and are returned as
// WARNINGS (never errors): they do not block the write, they nudge the model to
// self-correct ("fix the warnings and retry, max 2 iterations"). They replace
// the vision-self-check a render backend would have done.
interface Rect {
x: number;
y: number;
w: number;
h: number;
}
/** Absolute rect of a vertex (following the container chain), or null. */
function rectOf(cell: DrawioCell, byId: Map<string, DrawioCell>): Rect | null {
if (!cell.vertex || !cell.geometry.hasGeometry) return null;
const g = cell.geometry;
if (g.width == null || g.height == null) return null;
const { x, y } = absolutePos(cell, byId);
return { x, y, w: g.width, h: g.height };
}
/** True if `ancestorId` is somewhere up `cell`'s parent chain. */
function isAncestor(
ancestorId: string,
cell: DrawioCell,
byId: Map<string, DrawioCell>,
): boolean {
const seen = new Set<string>([cell.id]);
let p = cell.parent;
while (p && !seen.has(p)) {
if (p === ancestorId) return true;
seen.add(p);
p = byId.get(p)?.parent;
}
return false;
}
/** Strict interior overlap of two rects (touching edges do NOT count). */
function rectsOverlap(a: Rect, b: Rect): boolean {
return a.x < b.x + b.w && b.x < a.x + a.w && a.y < b.y + b.h && b.y < a.y + a.h;
}
function center(r: Rect): { x: number; y: number } {
return { x: r.x + r.w / 2, y: r.y + r.h / 2 };
}
/**
* Liang-Barsky: does segment p->q pass through the INTERIOR of rect r? Used to
* detect an edge crossing a shape that is not one of its endpoints.
*/
function segCrossesRect(
a: { x: number; y: number },
b: { x: number; y: number },
r: Rect,
): boolean {
const dx = b.x - a.x;
const dy = b.y - a.y;
// Canonical Liang-Barsky: for each of the 4 slabs, p*t <= q.
const p = [-dx, dx, -dy, dy];
const q = [a.x - r.x, r.x + r.w - a.x, a.y - r.y, r.y + r.h - a.y];
let t0 = 0;
let t1 = 1;
for (let i = 0; i < 4; i++) {
if (p[i] === 0) {
if (q[i] < 0) return false; // parallel to this slab AND outside it
continue;
}
const t = q[i] / p[i];
if (p[i] < 0) {
if (t > t1) return false;
if (t > t0) t0 = t;
} else {
if (t < t0) return false;
if (t < t1) t1 = t;
}
}
return t1 > t0; // strictly non-degenerate overlap with the rect interior
}
function cross(
ox: number,
oy: number,
ax: number,
ay: number,
bx: number,
by: number,
): number {
return (ax - ox) * (by - oy) - (ay - oy) * (bx - ox);
}
/** Collinear + overlapping test for two straight segments (edge-on-edge). */
function segmentsOverlap(
a1: { x: number; y: number },
a2: { x: number; y: number },
b1: { x: number; y: number },
b2: { x: number; y: number },
): boolean {
const EPS = 1;
// b1 and b2 must be (near-)collinear with segment a.
if (
Math.abs(cross(a1.x, a1.y, a2.x, a2.y, b1.x, b1.y)) > EPS * dist(a1, a2) ||
Math.abs(cross(a1.x, a1.y, a2.x, a2.y, b2.x, b2.y)) > EPS * dist(a1, a2)
) {
return false;
}
// Project all four points onto the dominant axis and test 1-D overlap length.
const horizontal = Math.abs(a2.x - a1.x) >= Math.abs(a2.y - a1.y);
const pa = horizontal ? [a1.x, a2.x] : [a1.y, a2.y];
const pb = horizontal ? [b1.x, b2.x] : [b1.y, b2.y];
const loA = Math.min(pa[0], pa[1]);
const hiA = Math.max(pa[0], pa[1]);
const loB = Math.min(pb[0], pb[1]);
const hiB = Math.max(pb[0], pb[1]);
const overlap = Math.min(hiA, hiB) - Math.max(loA, loB);
return overlap > 5; // >5px of shared collinear run
}
function dist(
a: { x: number; y: number },
b: { x: number; y: number },
): number {
return Math.hypot(a.x - b.x, a.y - b.y) || 1;
}
/** Approximate rendered text width (px) of a cell value at a font size. */
function estimateLabelWidth(value: string, fontSize: number): number {
// Decode explicit line breaks, strip tags/entities, take the longest line.
const lines = value
.replace(/&#xa;/gi, "\n")
.replace(/<br\s*\/?>/gi, "\n")
.replace(/<[^>]+>/g, "")
.replace(/&[a-z]+;/gi, "x")
.split("\n");
let longest = 0;
for (const l of lines) longest = Math.max(longest, l.trim().length);
// ~0.6em per glyph is a decent average for proportional fonts.
return longest * fontSize * 0.6;
}
/** Page size declared on the model root, defaulting to Letter (850x1100). */
function parsePageSize(modelXml: string): { w: number; h: number } {
const w = /pageWidth="(\d+)"/.exec(modelXml);
const h = /pageHeight="(\d+)"/.exec(modelXml);
return {
w: w ? Number(w[1]) : 850,
h: h ? Number(h[1]) : 1100,
};
}
/** Minimum required gap between adjacent shapes (appendix heuristic). */
export const MIN_SHAPE_GAP = 150;
/**
* Compute the geometry-derived quality warnings for a parsed model. Each is a
* `[rule] message` string. Pure no rendering, no I/O.
*/
export function computeQualityWarnings(
cells: DrawioCell[],
modelXml?: string,
): string[] {
const warnings: string[] = [];
const byId = new Map(cells.map((c) => [c.id, c]));
const verts = cells.filter((c) => c.vertex && c.id !== "0" && c.id !== "1");
const isContainer = (id: string) =>
verts.some((v) => v.parent === id);
const rects = new Map<string, Rect>();
for (const v of verts) {
const r = rectOf(v, byId);
if (r) rects.set(v.id, r);
}
// 1. Shape bbox overlap (excluding a container overlapping its own child).
for (let i = 0; i < verts.length; i++) {
for (let j = i + 1; j < verts.length; j++) {
const a = verts[i];
const b = verts[j];
const ra = rects.get(a.id);
const rb = rects.get(b.id);
if (!ra || !rb) continue;
if (isAncestor(a.id, b, byId) || isAncestor(b.id, a, byId)) continue;
if (rectsOverlap(ra, rb)) {
warnings.push(
`[shape-overlap] shapes "${a.id}" and "${b.id}" overlap; separate them (>=${MIN_SHAPE_GAP}px apart) or use layout:"elk"`,
);
}
}
}
// 2. Edge passing through a non-endpoint LEAF shape's bbox.
const edges = cells.filter((c) => c.edge);
for (const e of edges) {
if (!e.source || !e.target) continue;
const rs = rects.get(e.source);
const rt = rects.get(e.target);
if (!rs || !rt) continue;
const p = center(rs);
const q = center(rt);
for (const v of verts) {
if (v.id === e.source || v.id === e.target) continue;
if (isContainer(v.id)) continue; // an edge legitimately crosses container frames
const rv = rects.get(v.id);
if (!rv) continue;
// shrink to avoid flagging a graze at a shared layer boundary
const shrunk: Rect = { x: rv.x + 6, y: rv.y + 6, w: rv.w - 12, h: rv.h - 12 };
if (shrunk.w <= 0 || shrunk.h <= 0) continue;
if (segCrossesRect(p, q, shrunk)) {
warnings.push(
`[edge-through-shape] edge "${e.id}" passes through shape "${v.id}" (not its source/target); add exitX/exitY/entryX/entryY or a waypoint`,
);
break;
}
}
}
// 3. Edge-on-edge overlap (parallel duplicates or collinear shared runs).
const edgeSegs: { id: string; a: any; b: any; key: string }[] = [];
for (const e of edges) {
if (!e.source || !e.target) continue;
const rs = rects.get(e.source);
const rt = rects.get(e.target);
if (!rs || !rt) continue;
const key = [e.source, e.target].sort().join("::");
edgeSegs.push({ id: e.id, a: center(rs), b: center(rt), key });
}
for (let i = 0; i < edgeSegs.length; i++) {
for (let j = i + 1; j < edgeSegs.length; j++) {
const ea = edgeSegs[i];
const eb = edgeSegs[j];
const dup = ea.key === eb.key;
if (dup || segmentsOverlap(ea.a, ea.b, eb.a, eb.b)) {
warnings.push(
`[edge-overlap] edges "${ea.id}" and "${eb.id}" lie on top of each other; offset one (distinct exit/entry points) or reroute`,
);
}
}
}
// 4. Adjacent SIBLING leaf shapes closer than MIN_SHAPE_GAP.
for (let i = 0; i < verts.length; i++) {
for (let j = i + 1; j < verts.length; j++) {
const a = verts[i];
const b = verts[j];
if ((a.parent ?? "") !== (b.parent ?? "")) continue;
if (isContainer(a.id) || isContainer(b.id)) continue;
const ra = rects.get(a.id);
const rb = rects.get(b.id);
if (!ra || !rb || rectsOverlap(ra, rb)) continue;
const yOverlap = ra.y < rb.y + rb.h && rb.y < ra.y + ra.h;
const xOverlap = ra.x < rb.x + rb.w && rb.x < ra.x + ra.w;
let gap = Infinity;
if (yOverlap) {
gap = Math.min(
gap,
ra.x >= rb.x ? ra.x - (rb.x + rb.w) : rb.x - (ra.x + ra.w),
);
}
if (xOverlap) {
gap = Math.min(
gap,
ra.y >= rb.y ? ra.y - (rb.y + rb.h) : rb.y - (ra.y + ra.h),
);
}
if (gap > 0 && gap < MIN_SHAPE_GAP) {
warnings.push(
`[gap-too-small] shapes "${a.id}" and "${b.id}" are ${Math.round(gap)}px apart (<${MIN_SHAPE_GAP}px); increase spacing`,
);
}
}
}
// 5. Label visibly wider than its shape (skip labels drawn OUTSIDE the shape).
for (const v of verts) {
if (!v.value || isContainer(v.id)) continue;
if (v.styleMap.verticalLabelPosition || v.styleMap.labelPosition) continue;
const r = rects.get(v.id);
if (!r) continue;
const fontSize = Number(v.styleMap.fontSize) || 12;
const est = estimateLabelWidth(v.value, fontSize);
if (est > r.w * 1.15) {
warnings.push(
`[label-overflow] label of "${v.id}" (~${Math.round(est)}px) is wider than its shape (${r.w}px); widen it, shorten the text, or wrap with &#xa;`,
);
}
}
// 6. Negative / off-page (top-left) coordinates.
const page = parsePageSize(modelXml ?? "");
for (const v of verts) {
const r = rects.get(v.id);
if (!r) continue;
if (r.x < 0 || r.y < 0) {
warnings.push(
`[out-of-bounds] shape "${v.id}" has negative coordinates (${Math.round(r.x)},${Math.round(r.y)}); move it into the positive quadrant (page ${page.w}x${page.h})`,
);
}
}
return warnings;
}
// --- linter ---------------------------------------------------------------- // --- linter ----------------------------------------------------------------
/** /**
@@ -755,12 +1057,15 @@ export function prepareModel(inputXml: string): PreparedModel {
const modelXml = normalizeXml(rawModel); const modelXml = normalizeXml(rawModel);
const bbox = computeBBox(cells); const bbox = computeBBox(cells);
const cellCount = cells.filter((c) => c.id !== "0" && c.id !== "1").length; const cellCount = cells.filter((c) => c.id !== "0" && c.id !== "1").length;
// Geometry quality warnings (non-blocking) are appended to any structural
// warnings from the linter. The model surfaces these and can self-correct.
const quality = computeQualityWarnings(cells, modelXml);
return { return {
modelXml, modelXml,
cells, cells,
bbox, bbox,
cellCount, cellCount,
warnings, warnings: [...warnings, ...quality],
hash: mxHash(modelXml), hash: mxHash(modelXml),
}; };
} }
@@ -6,7 +6,7 @@
* typographic quotes («»/) vs ASCII "…", em/en-dash vs `-`, non-breaking * typographic quotes («»/) vs ASCII "…", em/en-dash vs `-`, non-breaking
* space vs normal space, differing space counts are not recognized as equal * space vs normal space, differing space counts are not recognized as equal
* and "fork": two definitions appear where the author meant one. The existing * and "fork": two definitions appear where the author meant one. The existing
* de-dup paths miss this: `footnoteContentKey` (footnote-authoring.ts) only * de-dup paths miss this: `footnoteContentKey` (@docmost/prosemirror-markdown) only
* collapses ASCII whitespace (quotes/dashes/NBSP untouched), and * collapses ASCII whitespace (quotes/dashes/NBSP untouched), and
* `canonicalizeFootnotes` keys purely by `attrs.id` (the two forks have * `canonicalizeFootnotes` keys purely by `attrs.id` (the two forks have
* different ids), so neither glues the forks together. * different ids), so neither glues the forks together.
@@ -195,7 +195,7 @@ function stableAttrs(attrs: any): string {
/** /**
* ATTRS-AWARE merge key for a footnote definition. Deliberately DIVERGES from * ATTRS-AWARE merge key for a footnote definition. Deliberately DIVERGES from
* the shared `footnoteContentKey` (footnote-authoring.ts): that key's mark * the shared `footnoteContentKey` (@docmost/prosemirror-markdown): that key's mark
* signature is TYPE-ONLY (`m.type`), so two definitions with identical visible * signature is TYPE-ONLY (`m.type`), so two definitions with identical visible
* text but marks differing only in ATTRIBUTES most importantly a `link` with a * text but marks differing only in ATTRIBUTES most importantly a `link` with a
* different `href` (footnotes are usually citations/links), also `code` / * different `href` (footnotes are usually citations/links), also `code` /
+241
View File
@@ -0,0 +1,241 @@
// SERVER_INSTRUCTIONS — the editing guide surfaced to MCP clients in the
// initialize result so they can pick the right tool by intent and avoid
// resending whole documents.
//
// This guide is split into TWO parts that are composed at the bottom:
//
// 1. ROUTING_PROSE — the hand-written "when to use what" intent hints (READ /
// EDIT / PAGES / COMMENTS / HISTORY). This is legitimately manual: it
// encodes editorial judgement (which tool for which situation, the cheap-
// first ordering, the guardrail nudges) that cannot be derived from the
// registry. It is NOT the drift-guard for the tool set.
//
// 2. A GENERATED <tool_inventory> — every tool the server registers, listed
// by name + one-line purpose, grouped by family, built from the SAME
// registry the server registers tools from (SHARED_TOOL_SPECS' mcpName +
// catalogLine) PLUS the handful of inline MCP-only tools (their inventory
// lines live in INLINE_MCP_INVENTORY below). Because this list is BUILT
// from the registry, it can never drift out of sync with the registered
// tools — adding/renaming/removing a spec changes it automatically, with no
// prose edit and no scraper test. An unmapped tool still appears (under
// "OTHER"), so a new tool can never silently vanish from the guide.
//
// This replaces the old hand-maintained monolithic guide + its regex scraper
// test (test/unit/server-instructions.test.mjs), which only checked that every
// registered name appeared SOMEWHERE in the prose and drifted whenever a name
// was reworded.
//
// OUT OF SCOPE (issue #448): the README / README.ru tool catalogs are still
// hand-maintained prose and are NOT generated from this registry. Regenerating
// them from SHARED_TOOL_SPECS is tracked separately as an optional docs script
// under issue #412 — until then a tool rename still needs a manual README edit.
import { SHARED_TOOL_SPECS, SharedToolSpec } from "./tool-specs.js";
/**
* The hand-written routing prose the intent hints that tell a client which
* tool to reach for in which situation. Kept manual on purpose (it encodes
* editorial judgement, not a mechanical name list). The generated inventory
* below is spliced in after it.
*/
export const ROUTING_PROSE =
"Docmost editing guide — choose the tool by intent. The <tool_inventory> at the end lists every tool with a one-line purpose; the notes below are the routing hints for WHEN to reach for each.\n" +
"READ: find a page -> search (workspace-wide full-text); list -> list_pages / list_spaces. Locate blocks and their ids CHEAPLY -> get_outline (compact top-level map; start here, not get_page_json). One block's subtree -> get_node (by attrs.id, or \"#<index>\" for tables, which carry no id). Find every occurrence of a string/regex ON a page (and where each is) -> search_in_page, NOT block-by-block get_node — it returns each hit's node ref + block index + context for a targeted comment. Whole page -> get_page (Markdown, lossy; inline <span data-comment-id> tags are comment anchors — markup, not text) or get_page_json (lossless ProseMirror with block ids). Hand a huge page (with images) to an external consumer without pulling it through the model context -> stash_page (returns a short-lived anonymous URL).\n" +
"EDIT: fix wording/typos/numbers -> edit_page_text (find/replace inside blocks, no node id needed). Change ONE block (paragraph/heading/callout/etc.) structurally -> patch_node (by attrs.id from get_outline). Add a block -> insert_node (before/after a block by attrs.id or by anchor text, or append). Remove a block -> delete_node (by attrs.id). Tables -> table_get / table_update_cell / table_insert_row / table_delete_row (address by \"#<index>\" from get_outline; table nodes have no attrs.id). Images -> insert_image (add from a web URL) / replace_image (swap an existing image). Draw.io diagrams -> drawio_create (create from mxGraph XML and insert), drawio_get (read a diagram as mxGraph XML + a hash), drawio_update (replace a diagram; pass the hash from drawio_get as baseHash for optimistic locking); before authoring a diagram, drawio_shapes (look up verified stencil style-strings so a shape name never renders as an empty box) and drawio_guide (on-demand authoring reference: skeleton/layout/containers/icons-aws/icons-azure), and pass layout:\"elk\" to drawio_create/drawio_update to auto-place nodes. Footnotes -> insert_footnote. Bulk/structural rewrite -> update_page_json (full ProseMirror replace) or update_page_markdown (full plain-Markdown body replace, re-imported — block ids regenerate); prefer the granular tools above to avoid resending the whole ~100KB+ document. Complex/scripted rewrite (multiple coordinated edits, renumbering) -> docmost_transform: write a JS `(doc, ctx) => doc` transform, preview the diff with dryRun (default), then apply with dryRun:false; ctx.helpers includes commentsToFootnotes for turning inline comments into numbered footnotes.\n" +
"PAGES: new -> create_page (Markdown). Rename (title only) -> rename_page. Move -> move_page. Delete -> delete_page (SOFT delete — the page goes to trash and is restorable; nothing is permanent). Copy/replace a page's whole content from another page (server-side, no document through the model) -> copy_page_content. Sharing -> share_page / unshare_page / list_shares; share_page makes the page PUBLICLY accessible — do it only when explicitly asked.\n" +
"COMMENTS: create_comment is always inline and requires an EXACT selection — contiguous text from a single block, <=250 chars (fails rather than leaving an unanchored comment); reply to a thread via parentCommentId. Propose a concrete text fix for one-click human approval -> create_comment with suggestedText (the exact plain-text replacement for the selection; the selection must then be UNIQUE in the page — extend it with context if needed); prefer this over editing directly when the change is subjective or needs the author's sign-off. Manage -> list_comments, update_comment, resolve_comment (resolve/reopen, reversible — prefer over delete to close), delete_comment, check_new_comments.\n" +
"HISTORY: review what changed -> diff_page_versions (a historyId vs current, or two versions). List saved versions -> list_page_history. Undo a bad edit -> restore_page_version (writes a past version back as current; itself revertible). Export a page to self-contained Docmost Markdown (with comment anchors) -> export_page_markdown.";
/**
* A single generated inventory line: the tool's registered NAME + a one-line
* purpose. For a registry tool the purpose is its `catalogLine` (falling back
* to the first sentence of its description); for an inline MCP-only tool it is
* the hand-written line in INLINE_MCP_INVENTORY.
*/
export interface ToolInventoryLine {
name: string;
purpose: string;
}
/**
* The families the inventory is grouped under, in display order. A tool is
* placed by looking its mcpName up in TOOL_FAMILY; anything not listed there
* falls into "OTHER" so it is never dropped from the guide.
*/
const FAMILY_ORDER = [
"READ",
"EDIT",
"PAGES",
"COMMENTS",
"HISTORY",
"OTHER",
] as const;
type Family = (typeof FAMILY_ORDER)[number];
/**
* mcpName -> family for the generated inventory grouping. Purely cosmetic (it
* orders the inventory to mirror the routing prose); an unmapped tool still
* appears under OTHER, so forgetting to add an entry here can never drop a tool
* from the guide it only lands it in the catch-all group.
*/
const TOOL_FAMILY: Record<string, Family> = {
// READ
search: "READ",
list_pages: "READ",
list_spaces: "READ",
get_outline: "READ",
get_node: "READ",
search_in_page: "READ",
get_page: "READ",
get_page_json: "READ",
get_workspace: "READ",
stash_page: "READ",
// EDIT
edit_page_text: "EDIT",
patch_node: "EDIT",
insert_node: "EDIT",
delete_node: "EDIT",
update_page_json: "EDIT",
update_page_markdown: "EDIT",
table_get: "EDIT",
table_update_cell: "EDIT",
table_insert_row: "EDIT",
table_delete_row: "EDIT",
insert_image: "EDIT",
replace_image: "EDIT",
insert_footnote: "EDIT",
drawio_get: "EDIT",
drawio_create: "EDIT",
drawio_update: "EDIT",
drawio_shapes: "EDIT",
drawio_guide: "EDIT",
docmost_transform: "EDIT",
// PAGES
create_page: "PAGES",
rename_page: "PAGES",
move_page: "PAGES",
delete_page: "PAGES",
copy_page_content: "PAGES",
share_page: "PAGES",
unshare_page: "PAGES",
list_shares: "PAGES",
// COMMENTS
create_comment: "COMMENTS",
list_comments: "COMMENTS",
update_comment: "COMMENTS",
resolve_comment: "COMMENTS",
delete_comment: "COMMENTS",
check_new_comments: "COMMENTS",
// HISTORY
diff_page_versions: "HISTORY",
list_page_history: "HISTORY",
restore_page_version: "HISTORY",
export_page_markdown: "HISTORY",
// import_page_markdown is now inAppOnly (#411) — it is not registered on the
// external MCP host, so it no longer appears in the generated inventory.
};
/**
* Inventory lines for the INLINE MCP-only tools the ones registered directly
* in index.ts (not via SHARED_TOOL_SPECS) because they diverge per transport or
* exist only on this standalone surface. They carry no `catalogLine`, so their
* one-line purpose is hand-written here. This is the ONLY hand-maintained tool
* list left, and it is tiny; a new inline tool without an entry here is caught
* by the completeness guard in `tool-inventory.test.mjs`.
*/
export const INLINE_MCP_INVENTORY: ToolInventoryLine[] = [
{
name: "table_get",
purpose:
"read a table as a matrix of cell texts + per-cell paragraph ids.",
},
{
name: "search",
purpose:
"full-text search for pages and content across the whole workspace.",
},
{
name: "docmost_transform",
purpose:
"edit a page by running a sandboxed JS `(doc, ctx) => doc` transform, with a dryRun diff preview.",
},
{
name: "update_comment",
purpose: "update an existing comment's content (creator only).",
},
{
name: "delete_comment",
purpose: "delete a comment (creator or space admin only).",
},
];
/**
* Derive the one-line purpose for a registry spec: prefer its hand-written
* `catalogLine` (already a "name — purpose" line we take the purpose after
* the em dash), else fall back to the first sentence of its description.
*/
function purposeForSpec(spec: SharedToolSpec): string {
const line = spec.catalogLine?.trim();
if (line) {
const dash = line.indexOf(" — ");
if (dash >= 0) return line.slice(dash + 3).trim();
return line;
}
const desc = (spec.description ?? "").replace(/\s+/g, " ").trim();
const firstSentence = desc.split(/(?<=[.!?])\s/)[0];
return firstSentence || desc || "(no description)";
}
/**
* Build the flat list of every registered tool's inventory line: one per shared
* registry spec (skipping `inAppOnly` specs, which are not registered on this
* MCP host) PLUS every inline MCP-only tool. Pure and deterministic the
* registry drives it, so it can never drift from what index.ts registers.
*/
export function buildToolInventoryLines(
specs: Record<string, SharedToolSpec> = SHARED_TOOL_SPECS,
inline: ToolInventoryLine[] = INLINE_MCP_INVENTORY,
): ToolInventoryLine[] {
const lines: ToolInventoryLine[] = [];
for (const spec of Object.values(specs)) {
if (spec.inAppOnly) continue; // not registered on the MCP host
lines.push({ name: spec.mcpName, purpose: purposeForSpec(spec) });
}
for (const l of inline) lines.push({ ...l });
return lines;
}
/**
* Render the generated `<tool_inventory>` block: every tool name + purpose,
* grouped by family (families in FAMILY_ORDER; tools within a family sorted by
* name for stable output; unmapped tools fall into OTHER). Pure.
*/
export function buildToolInventory(
specs: Record<string, SharedToolSpec> = SHARED_TOOL_SPECS,
inline: ToolInventoryLine[] = INLINE_MCP_INVENTORY,
): string {
const byFamily = new Map<Family, ToolInventoryLine[]>();
for (const family of FAMILY_ORDER) byFamily.set(family, []);
for (const line of buildToolInventoryLines(specs, inline)) {
const family = TOOL_FAMILY[line.name] ?? "OTHER";
byFamily.get(family)!.push(line);
}
const sections: string[] = [];
for (const family of FAMILY_ORDER) {
const items = byFamily.get(family)!;
if (items.length === 0) continue;
items.sort((a, b) => a.name.localeCompare(b.name));
for (const item of items) {
sections.push(` ${family} ${item.name}${item.purpose}`);
}
}
return ["<tool_inventory>", ...sections, "</tool_inventory>"].join("\n");
}
/**
* The composed editing guide: the hand-written routing prose followed by the
* generated, drift-proof tool inventory. Exported (and used by index.ts /
* createDocmostMcpServer) as the MCP server's `instructions`.
*/
export const SERVER_INSTRUCTIONS =
ROUTING_PROSE + "\n" + buildToolInventory();
+710 -7
View File
@@ -14,16 +14,108 @@
// some write tools, different limits, hybrid-RRF search, etc.) stay defined // some write tools, different limits, hybrid-RRF search, etc.) stay defined
// per-layer and are NOT represented here. // per-layer and are NOT represented here.
// //
// MAINTENANCE RULE: adding, renaming, or removing a spec here (or an inline // SERVER_INSTRUCTIONS note (issue #448): the intent-routing guide MCP clients
// registerTool in index.ts) REQUIRES updating SERVER_INSTRUCTIONS in // receive on initialize is now SPLIT — its tool INVENTORY is GENERATED from this
// packages/mcp/src/index.ts — the intent-routing guide MCP clients receive on // registry (mcpName + catalogLine) by server-instructions.ts, so adding /
// initialize. Enforced by test/unit/server-instructions.test.mjs. // renaming / removing a spec here updates the guide's inventory AUTOMATICALLY;
// no prose edit is needed. Only an INLINE MCP-only tool (registerTool in
// index.ts, not a spec here) needs a hand-written line in INLINE_MCP_INVENTORY —
// enforced by test/unit/tool-inventory.test.mjs. The routing PROSE (the "when to
// use what" hints) in server-instructions.ts stays manual, but it is no longer a
// drift-guard for the tool set.
// Loose on purpose — see the comment above. The two zod majors expose different // Loose on purpose — see the comment above. The two zod majors expose different
// static type surfaces, so typing this precisely would couple the registry to // static type surfaces, so typing this precisely would couple the registry to
// one of them. Each builder uses only the common, stable subset of the API. // one of them. Each builder uses only the common, stable subset of the API.
type ZodLike = any; type ZodLike = any;
// The `node` normalizer shared by BOTH hosts (patch_node / insert_node /
// update_page_json): the model sometimes serializes a ProseMirror node arg as a
// JSON string, so we parse a string to an object (throwing a documented message
// on invalid JSON) and pass an object through. It lives in the converter package
// (#414) so it is the ONE copy both the MCP server and the in-app server import;
// putting it in a shared execute here keeps that single normalization in one
// place instead of hand-mirrored per host. Pure — safe across the zod boundary.
import { parseNodeArg } from '@docmost/prosemirror-markdown';
// Type-only import (erased at compile) of the real client so `DocmostClientLike`
// is DERIVED from it (issue #446), not hand-mirrored. The loosest correct client
// surface both hosts satisfy: the in-app host passes its own DERIVED
// `DocmostClientLike` (a Pick of the same class) and the MCP host passes the real
// `DocmostClient`, so both are structurally assignable to this shared alias.
import type { DocmostClient } from './client.js';
/**
* The client surface a shared `execute` may call the LOOSEST correct type both
* hosts satisfy: a `Pick` of the real `DocmostClient` methods the executes below
* use. DERIVED from the real class (issue #446) so a signature change to any
* consumed method surfaces as a compile error in the execute bodies here, not a
* silent runtime "wrong argument". Kept as a Pick (not the whole class) so the
* standalone MCP host's full `DocmostClient` AND the in-app host's OWN narrower
* `DocmostClientLike` (also a Pick of the same class, a superset of these methods)
* are both structurally assignable to it. `import type` is fully erased, so
* tool-specs.ts pulls in no runtime dependency on the client and still crosses the
* zod-major boundary freely. When you add a client call to an execute below, add
* its method name here too (a compile error will point you at it).
*/
export type DocmostClientLike = Pick<
DocmostClient,
| 'getWorkspace'
| 'getSpaces'
| 'listShares'
| 'listPages'
| 'getPage'
| 'getPageJson'
| 'getOutline'
| 'getNode'
| 'searchInPage'
| 'listComments'
| 'checkNewComments'
| 'listPageHistory'
| 'diffPageVersions'
| 'exportPageMarkdown'
| 'createPage'
| 'renamePage'
| 'movePage'
| 'deletePage'
| 'editPageText'
| 'patchNode'
| 'insertNode'
| 'deleteNode'
| 'updatePage'
| 'updatePageJson'
| 'tableInsertRow'
| 'tableDeleteRow'
| 'tableUpdateCell'
| 'copyPageContent'
| 'importPageMarkdown'
| 'sharePage'
| 'unsharePage'
| 'restorePageVersion'
| 'stashPage'
| 'insertFootnote'
| 'insertImage'
| 'replaceImage'
| 'drawioGet'
| 'drawioCreate'
| 'drawioUpdate'
| 'createComment'
| 'resolveComment'
>;
/**
* A shared tool `execute`: the single canonical mapping from validated schema
* args to the client call. Plain JS it crosses the zod-major boundary (v3 in
* the MCP package, v4 on the server) freely, receiving the already-validated,
* type-erased args from whichever host invoked it. It returns RAW data; the host
* applies its own result envelope (the MCP transport wraps it as JSON text
* content, the in-app AI-SDK host returns it as-is). Host-specific overrides
* (`mcpExecute`/`inAppExecute`) return a value the host uses instead of wrapping.
*/
export type SharedToolExecute = (
client: DocmostClientLike,
args: Record<string, unknown>,
) => Promise<unknown>;
export interface SharedToolSpec { export interface SharedToolSpec {
/** snake_case tool name passed to McpServer.registerTool. */ /** snake_case tool name passed to McpServer.registerTool. */
mcpName: string; mcpName: string;
@@ -54,8 +146,88 @@ export interface SharedToolSpec {
* in-app side uses z.object({})). * in-app side uses z.object({})).
*/ */
buildShape?: (z: ZodLike) => Record<string, unknown>; buildShape?: (z: ZodLike) => Record<string, unknown>;
/**
* Single canonical mapping from validated schema args to the client call,
* shared by BOTH hosts. Returns RAW data the MCP host wraps it as JSON text
* content (jsonContent), the in-app host returns it as-is. Present on tools
* whose mapping AND raw result are identical across the two layers. When a host
* needs a genuinely different mapping or result shape, it supplies an override
* (below) and the host uses that INSTEAD of `execute`.
*/
execute?: SharedToolExecute;
/**
* MCP-host override for a DELIBERATE per-layer difference (a guardrail, an
* omitted param, or a non-JSON result envelope like a resource_link / a bare
* success line). When present, the MCP host calls this and uses its return
* value VERBATIM (it is NOT re-wrapped in jsonContent), so this override owns
* the full MCP content envelope.
*/
mcpExecute?: SharedToolExecute;
/**
* In-app-host override for a DELIBERATE per-layer difference (a projected
* result shape, a different guardrail message). When present, the in-app host
* calls this and returns its value as the tool result (no wrapping).
*/
inAppExecute?: SharedToolExecute;
/** Registered only on the MCP host (skipped by the in-app registry loop). */
mcpOnly?: boolean;
/** Registered only on the in-app host (skipped by the MCP registry loop). */
inAppOnly?: boolean;
/**
* The spec stays in the registry (so the shared contract still pins its name /
* description / schema across both hosts) but carries NO `execute`/override and
* is registered INLINE by BOTH hosts instead of through the registry loop. Used
* for tools whose implementation cannot cross into this zod-agnostic file the
* drawio_shapes / drawio_guide pure helpers, whose backing module resolves a
* bundled data file via `import.meta` and so cannot be value-imported here
* without breaking the in-app server's commonjs type-check of this source. Both
* registry loops SKIP a spec with this flag; the per-host inline registrations
* own it (index.ts on MCP, ai-chat-tools.service.ts in-app).
*/
inlineBothHosts?: boolean;
} }
// --- Shared execute helpers -------------------------------------------------
//
// Each helper is the ONE canonical arg->client mapping for a tool (or a host
// override where the two layers deliberately differ). They are attached to their
// spec below. Kept as named functions (not inline) so the spec table stays
// readable and each mapping is individually greppable/testable.
//
// The `args` are the host's already-validated, zod-erased input; we read the
// same fields the tool's buildShape declares. Return RAW data unless the name is
// an mcp*/inApp* override that owns the host's full result shape.
/** Format a JSON payload as the MCP transport's text-content envelope. Mirrors
* the private `jsonContent` in index.ts so an mcpExecute override that must NOT
* be re-wrapped can still emit the standard envelope for the data part. */
const mcpJson = (data: unknown) => ({
content: [{ type: 'text' as const, text: JSON.stringify(data, null, 2) }],
});
/**
* Compact HARD-RULES block injected into the drawio_create / drawio_update
* descriptions (issue #424 the jgraph/drawio-mcp pattern of putting the
* must-follow rules right where the model reads them at call time). Deliberately
* terse; the long-form authoring guidance lives in drawio_guide.
*/
export const DRAWIO_HARD_RULES =
' RULES: id="0" and id="1"(parent="0") sentinels are MANDATORY; each cell is ' +
'vertex="1" XOR edge="1" (a container/group is neither); every edge carries a ' +
'child <mxGeometry relative="1" as="geometry"/>; ids are unique; NO XML ' +
'comments; put html=1 in styles and XML-escape value (& -> &amp;, < -> &lt;); a ' +
"newline in a label is &#xa;, never a literal \\n; containers are TRANSPARENT " +
"(fillColor=none;container=1;dropTarget=1;) with children set parent=<groupId> " +
'and RELATIVE coords, and an edge between different containers is parent="1"; set ' +
'adaptiveColors="auto" on <mxGraphModel> (free dark-theme adaptation for ' +
'strokeColor/fillColor/fontColor="default"); do NOT guess shape=mxgraph.* names ' +
"(a wrong name renders as an empty box) — call drawio_shapes first; call " +
"drawio_guide(section) for authoring help. Pass layout:\"elk\" to let the server " +
"compute coordinates from your rough placement. The result carries geometry " +
"WARNINGS (overlaps, an edge through a shape, edge-on-edge, gaps <150px, a label " +
"wider than its shape, negative coords) — they do NOT block the write; fix them " +
"and retry, max 2 iterations.";
export const SHARED_TOOL_SPECS = { export const SHARED_TOOL_SPECS = {
// --- no-argument read tools --- // --- no-argument read tools ---
@@ -65,6 +237,7 @@ export const SHARED_TOOL_SPECS = {
description: 'Fetch metadata about the current workspace (name, settings).', description: 'Fetch metadata about the current workspace (name, settings).',
tier: 'core', tier: 'core',
catalogLine: 'getWorkspace — fetch current workspace metadata (name, settings).', catalogLine: 'getWorkspace — fetch current workspace metadata (name, settings).',
execute: (client) => client.getWorkspace(),
}, },
listSpaces: { listSpaces: {
@@ -75,6 +248,7 @@ export const SHARED_TOOL_SPECS = {
'spaces (id, name, slug, ...).', 'spaces (id, name, slug, ...).',
tier: 'core', tier: 'core',
catalogLine: 'listSpaces — list the spaces the user can access (id, name, slug).', catalogLine: 'listSpaces — list the spaces the user can access (id, name, slug).',
execute: (client) => client.getSpaces(),
}, },
listShares: { listShares: {
@@ -84,6 +258,7 @@ export const SHARED_TOOL_SPECS = {
'List all public shares in the workspace with page titles and public URLs.', 'List all public shares in the workspace with page titles and public URLs.',
tier: 'deferred', tier: 'deferred',
catalogLine: 'listShares — list all public shares in the workspace with their URLs.', catalogLine: 'listShares — list all public shares in the workspace with their URLs.',
execute: (client) => client.listShares(),
}, },
// --- single-pageId read tools --- // --- single-pageId read tools ---
@@ -102,6 +277,7 @@ export const SHARED_TOOL_SPECS = {
buildShape: (z) => ({ buildShape: (z) => ({
pageId: z.string().min(1), pageId: z.string().min(1),
}), }),
execute: (client, { pageId }) => client.getPageJson(pageId as string),
}, },
getOutline: { getOutline: {
@@ -119,6 +295,7 @@ export const SHARED_TOOL_SPECS = {
buildShape: (z) => ({ buildShape: (z) => ({
pageId: z.string().min(1), pageId: z.string().min(1),
}), }),
execute: (client, { pageId }) => client.getOutline(pageId as string),
}, },
// --- two-id read tool --- // --- two-id read tool ---
@@ -139,6 +316,8 @@ export const SHARED_TOOL_SPECS = {
pageId: z.string().min(1), pageId: z.string().min(1),
nodeId: z.string().min(1), nodeId: z.string().min(1),
}), }),
execute: (client, { pageId, nodeId }) =>
client.getNode(pageId as string, nodeId as string),
}, },
// --- in-page occurrence search (client-side, over ProseMirror plain text) --- // --- in-page occurrence search (client-side, over ProseMirror plain text) ---
@@ -196,6 +375,12 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe('Max matches to RETURN (default 50, max 200); total is always reported.'), .describe('Max matches to RETURN (default 50, max 200); total is always reported.'),
}), }),
execute: (client, { pageId, query, regex, caseSensitive, limit }) =>
client.searchInPage(pageId as string, query as string, {
regex: regex as boolean | undefined,
caseSensitive: caseSensitive as boolean | undefined,
limit: limit as number | undefined,
}),
}, },
// --- node delete --- // --- node delete ---
@@ -212,6 +397,8 @@ export const SHARED_TOOL_SPECS = {
pageId: z.string().min(1), pageId: z.string().min(1),
nodeId: z.string().min(1), nodeId: z.string().min(1),
}), }),
execute: (client, { pageId, nodeId }) =>
client.deleteNode(pageId as string, nodeId as string),
}, },
// --- single-block structural write (patch / insert) --- // --- single-block structural write (patch / insert) ---
@@ -262,6 +449,11 @@ export const SHARED_TOOL_SPECS = {
'JSON object or JSON string both accepted.', 'JSON object or JSON string both accepted.',
), ),
}), }),
// parseNodeArg normalizes a JSON-string node into an object (the model
// sometimes serializes it as a string) before the client's typeof-object
// guard rejects it — identical on both hosts.
execute: (client, { pageId, nodeId, node }) =>
client.patchNode(pageId as string, nodeId as string, parseNodeArg(node)),
}, },
insertNode: { insertNode: {
@@ -318,6 +510,12 @@ export const SHARED_TOOL_SPECS = {
'are tolerated as a fallback; prefer plain text or anchorNodeId.', 'are tolerated as a fallback; prefer plain text or anchorNodeId.',
), ),
}), }),
execute: (client, { pageId, node, position, anchorNodeId, anchorText }) =>
client.insertNode(pageId as string, parseNodeArg(node), {
position: position as 'before' | 'after' | 'append',
anchorNodeId: anchorNodeId as string | undefined,
anchorText: anchorText as string | undefined,
}),
}, },
// --- share management --- // --- share management ---
@@ -348,6 +546,11 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe('Allow public search engines to index it (default true).'), .describe('Allow public search engines to index it (default true).'),
}), }),
// `searchIndexing ?? true` is a no-op default: the client method already
// defaults searchIndexing to true, so passing `undefined` (the in-app form)
// and `?? true` (the old MCP form) are byte-identical — one canonical mapping.
execute: (client, { pageId, searchIndexing }) =>
client.sharePage(pageId as string, (searchIndexing as boolean | undefined) ?? true),
}, },
unsharePage: { unsharePage: {
@@ -359,6 +562,7 @@ export const SHARED_TOOL_SPECS = {
buildShape: (z) => ({ buildShape: (z) => ({
pageId: z.string().min(1).describe('ID of the page to unshare'), pageId: z.string().min(1).describe('ID of the page to unshare'),
}), }),
execute: (client, { pageId }) => client.unsharePage(pageId as string),
}, },
// --- version history --- // --- version history ---
@@ -387,6 +591,12 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe("historyId, or 'current'/omit for current content"), .describe("historyId, or 'current'/omit for current content"),
}), }),
execute: (client, { pageId, from, to }) =>
client.diffPageVersions(
pageId as string,
from as string | undefined,
to as string | undefined,
),
}, },
listPageHistory: { listPageHistory: {
@@ -406,6 +616,8 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe('Pagination cursor from a previous nextCursor'), .describe('Pagination cursor from a previous nextCursor'),
}), }),
execute: (client, { pageId, cursor }) =>
client.listPageHistory(pageId as string, cursor as string | undefined),
}, },
restorePageVersion: { restorePageVersion: {
@@ -422,6 +634,8 @@ export const SHARED_TOOL_SPECS = {
buildShape: (z) => ({ buildShape: (z) => ({
historyId: z.string().min(1), historyId: z.string().min(1),
}), }),
execute: (client, { historyId }) =>
client.restorePageVersion(historyId as string),
}, },
// --- markdown round-trip --- // --- markdown round-trip ---
@@ -429,6 +643,12 @@ export const SHARED_TOOL_SPECS = {
importPageMarkdown: { importPageMarkdown: {
mcpName: 'import_page_markdown', mcpName: 'import_page_markdown',
inAppKey: 'importPageMarkdown', inAppKey: 'importPageMarkdown',
// IN-APP ONLY (issue #411): the external /mcp surface no longer exposes
// import_page_markdown — the registry loop in index.ts skips inAppOnly specs,
// so this stays available to the in-app agent (round-tripping an EXPORTED
// Docmost-Markdown file) but is removed from the public MCP tool set. Plain
// authoring-markdown body replace on the MCP surface is update_page_markdown.
inAppOnly: true,
description: description:
"Replace a page's content from a self-contained Docmost-flavoured " + "Replace a page's content from a self-contained Docmost-flavoured " +
'Markdown file produced by the page-Markdown export tool. Restores comment ' + 'Markdown file produced by the page-Markdown export tool. Restores comment ' +
@@ -443,6 +663,8 @@ export const SHARED_TOOL_SPECS = {
pageId: z.string().min(1), pageId: z.string().min(1),
markdown: z.string().min(1), markdown: z.string().min(1),
}), }),
execute: (client, { pageId, markdown }) =>
client.importPageMarkdown(pageId as string, markdown as string),
}, },
// --- server-side content copy --- // --- server-side content copy ---
@@ -465,6 +687,8 @@ export const SHARED_TOOL_SPECS = {
.min(1) .min(1)
.describe('Page whose content is REPLACED (title/slug kept)'), .describe('Page whose content is REPLACED (title/slug kept)'),
}), }),
execute: (client, { sourcePageId, targetPageId }) =>
client.copyPageContent(sourcePageId as string, targetPageId as string),
}, },
// --- surgical text edit (folds in the documented drift-bug fix) --- // --- surgical text edit (folds in the documented drift-bug fix) ---
@@ -514,6 +738,11 @@ export const SHARED_TOOL_SPECS = {
.min(1) .min(1)
.describe('List of find/replace operations, applied in order'), .describe('List of find/replace operations, applied in order'),
}), }),
execute: (client, { pageId, edits }) =>
client.editPageText(
pageId as string,
edits as Parameters<DocmostClientLike['editPageText']>[1],
),
}, },
// --- hand a large page to an external consumer without bloating context --- // --- hand a large page to an external consumer without bloating context ---
@@ -542,6 +771,33 @@ export const SHARED_TOOL_SPECS = {
buildShape: (z) => ({ buildShape: (z) => ({
pageId: z.string().min(1), pageId: z.string().min(1),
}), }),
// In-app returns the full documented `{ uri, size, sha256, images }` object
// as-is (the canonical execute).
execute: (client, { pageId }) => client.stashPage(pageId as string),
// The MCP transport must deliver the body as a resource_link (so it never
// enters the model context) PLUS a structuredContent mirror of the documented
// shape (sha256 = the blob's ETag, mirror counts). Owns its full envelope, so
// it is NOT wrapped in jsonContent.
mcpExecute: async (client, { pageId }) => {
const result = await client.stashPage(pageId as string);
return {
content: [
{
type: 'resource_link' as const,
uri: result.uri,
name: 'page.json',
mimeType: 'application/json',
size: result.size,
},
],
structuredContent: {
uri: result.uri,
sha256: result.sha256,
size: result.size,
images: result.images,
},
};
},
}, },
// --- page tools (unified from the per-layer inline definitions, #294) --- // --- page tools (unified from the per-layer inline definitions, #294) ---
@@ -568,6 +824,20 @@ export const SHARED_TOOL_SPECS = {
buildShape: (z) => ({ buildShape: (z) => ({
pageId: z.string().min(1).describe('The id (or slugId) of the page.'), pageId: z.string().min(1).describe('The id (or slugId) of the page.'),
}), }),
// MCP wraps the raw `{ data, success }` as JSON. The in-app host instead
// projects a token-efficient `{ title, markdown }` (its long-standing shape).
execute: (client, { pageId }) => client.getPage(pageId as string),
inAppExecute: async (client, { pageId }) => {
// getPage(pageId) -> { data: filterPage(page, markdown), success }.
const result = (await client.getPage(pageId as string)) as {
data?: { title?: string; content?: string };
};
const data = result?.data ?? {};
return {
title: data.title ?? '',
markdown: typeof data.content === 'string' ? data.content : '',
};
},
}, },
listPages: { listPages: {
@@ -602,6 +872,15 @@ export const SHARED_TOOL_SPECS = {
'Requires spaceId; ignores limit.', 'Requires spaceId; ignores limit.',
), ),
}), }),
// `limit ?? 50` / `tree ?? false` are no-op defaults: the client method
// already defaults limit=50, tree=false, so the old MCP explicit-default form
// and the in-app pass-through form are byte-identical — one canonical mapping.
execute: (client, { spaceId, limit, tree }) =>
client.listPages(
spaceId as string | undefined,
(limit as number | undefined) ?? 50,
(tree as boolean | undefined) ?? false,
),
}, },
createPage: { createPage: {
@@ -630,6 +909,28 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe('Optional parent page id to nest the new page under.'), .describe('Optional parent page id to nest the new page under.'),
}), }),
// MCP wraps the raw create response as JSON. In-app projects `{ id, title }`
// and defensively coerces a missing body to '' (the schema makes content a
// required string, so `?? ''` only guards an absent field — preserved).
execute: (client, { title, content, spaceId, parentPageId }) =>
client.createPage(
title as string,
content as string,
spaceId as string,
parentPageId as string | undefined,
),
inAppExecute: async (client, { title, content, spaceId, parentPageId }) => {
// createPage(title, content, spaceId, parentPageId?) ->
// { data: filterPage(page, markdown), success }.
const result = (await client.createPage(
title as string,
(content as string | undefined) ?? '',
spaceId as string,
parentPageId as string | undefined,
)) as { data?: { id?: string; slugId?: string; title?: string } };
const data = result?.data ?? {};
return { id: data.id ?? data.slugId, title: data.title ?? (title as string) };
},
}, },
movePage: { movePage: {
@@ -667,6 +968,62 @@ export const SHARED_TOOL_SPECS = {
'append at the end.', 'append at the end.',
), ),
}), }),
// The MCP host keeps its robustness guards (coerce 'null'/'' -> null, a cheap
// self-cycle guard, and a POSITIVE { success: true } confirmation) and its
// human-readable success envelope — owns its full result, so it is NOT
// wrapped in jsonContent.
mcpExecute: async (client, { pageId, parentPageId, position }) => {
const finalParentId =
parentPageId === '' || parentPageId === 'null'
? null
: (parentPageId as string | null | undefined);
// Cheap cycle guard: a page cannot be moved directly under itself.
// (Deeper descendant-cycle detection is intentionally out of scope.)
if (finalParentId !== null && finalParentId === pageId) {
throw new Error('cannot move a page under itself');
}
const result = await client.movePage(
pageId as string,
finalParentId || null,
position as string | undefined,
);
// Require POSITIVE confirmation: the live /pages/move success shape is
// exactly { success: true, status: 200 }. An empty body, a 204, or any odd
// shape lacking success === true must NOT be reported as a successful move.
if (
!(
result &&
typeof result === 'object' &&
(result as { success?: unknown }).success === true
)
) {
throw new Error(
`Failed to move page ${pageId}: ${JSON.stringify(result)}`,
);
}
return mcpJson({
message: `Successfully moved page ${pageId} to parent ${finalParentId || 'root'}`,
result,
});
},
// The in-app host has no guards; it forwards `parentPageId ?? null` + the
// optional position and projects `{ pageId, parentPageId, moved }`.
inAppExecute: async (client, { pageId, parentPageId, position }) => {
await client.movePage(
pageId as string,
(parentPageId as string | null | undefined) ?? null,
position as string | undefined,
);
return {
pageId,
parentPageId: (parentPageId as string | null | undefined) ?? null,
moved: true,
};
},
}, },
renamePage: { renamePage: {
@@ -681,6 +1038,13 @@ export const SHARED_TOOL_SPECS = {
pageId: z.string().min(1).describe('The id of the page to rename.'), pageId: z.string().min(1).describe('The id of the page to rename.'),
title: z.string().min(1).describe('The new title.'), title: z.string().min(1).describe('The new title.'),
}), }),
// MCP wraps the raw rename response; in-app projects `{ pageId, title }`.
execute: (client, { pageId, title }) =>
client.renamePage(pageId as string, title as string),
inAppExecute: async (client, { pageId, title }) => {
await client.renamePage(pageId as string, title as string);
return { pageId, title };
},
}, },
deletePage: { deletePage: {
@@ -697,6 +1061,23 @@ export const SHARED_TOOL_SPECS = {
buildShape: (z) => ({ buildShape: (z) => ({
pageId: z.string().min(1).describe('The id of the page to move to trash.'), pageId: z.string().min(1).describe('The id of the page to move to trash.'),
}), }),
// deletePage(pageId) hits POST /pages/delete with { pageId } only — the
// soft-delete (trash) path. GUARDRAIL: the schema exposes ONLY pageId, so no
// permanent/force-delete flag can reach the client on either host (asserted by
// ai-chat-tools.service.spec.ts). MCP emits a bare success line (owns its full
// envelope); in-app projects `{ pageId, trashed }`.
mcpExecute: async (client, { pageId }) => {
await client.deletePage(pageId as string);
return {
content: [
{ type: 'text' as const, text: `Successfully deleted page ${pageId}` },
],
};
},
inAppExecute: async (client, { pageId }) => {
await client.deletePage(pageId as string);
return { pageId, trashed: true };
},
}, },
updatePageJson: { updatePageJson: {
@@ -730,6 +1111,64 @@ export const SHARED_TOOL_SPECS = {
), ),
title: z.string().optional().describe('Optional new title'), title: z.string().optional().describe('Optional new title'),
}), }),
// Content normalization is identical on both hosts: only parse/validate the
// document when actually supplied; undefined/null passes straight through so
// the client performs a title-only (or no-op) update. A string is JSON.parsed
// (an empty string "" therefore throws), an object passes through unchanged.
execute: (client, { pageId, content, title }) => {
let doc: unknown;
if (content === undefined || content === null) {
doc = undefined;
} else {
doc = parseNodeArg(content, 'content was a string but not valid JSON');
}
return client.updatePageJson(pageId as string, doc, title as string | undefined);
},
},
// Full-body replace from PLAIN Markdown (issue #411). Pairs with
// updatePageJson (which takes a ProseMirror document): this one takes a
// markdown string and re-imports the whole body. `client.updatePage` runs it
// through updatePageContentRealtime -> markdownToProseMirrorCanonical, so
// Docmost-flavoured markdown (incl. `^[...]` inline footnotes) is parsed and
// canonicalized. Distinct from importPageMarkdown, which re-imports a
// self-contained EXPORTED Docmost-Markdown file (with comment anchors +
// diagrams); this tool takes ordinary authoring markdown. Shared spec, so the
// registry loop registers it on BOTH hosts (external MCP + in-app agent) —
// #411 replaced the old inline in-app `updatePageContent` tool with this.
updatePageMarkdown: {
// snake_case for now; camelCase public MCP naming is the next issue (#412).
mcpName: 'update_page_markdown',
inAppKey: 'updatePageMarkdown',
description:
"Replace a page's body with new Markdown content (and optionally its " +
'title). The whole body is re-imported from the markdown (block ids ' +
'regenerate — for surgical or id-preserving edits use the find/replace, ' +
'node-patch or page-JSON tools instead). Docmost-flavoured markdown is ' +
'parsed, including `^[...]` inline footnotes. Reversible: the previous ' +
'version is kept in page history.',
tier: 'deferred',
catalogLine:
"updatePageMarkdown — replace a page's body (and optionally title) with new Markdown.",
buildShape: (z) => ({
pageId: z.string().min(1).describe('The id of the page to update.'),
content: z.string().describe('The new page body as Markdown.'),
title: z
.string()
.optional()
.describe('Optional new title for the page.'),
}),
// Single canonical execute on BOTH hosts (the tool was in-app only before,
// so there is no external-MCP behavior to preserve). NOTE (rename #411): the
// old inline in-app tool projected the client result to { pageId, updated };
// the registry now returns the raw client result { success, modified,
// message, pageId, verify? } instead. Deliberate: no code reads the removed
// `.updated` field, the raw result is strictly more informative to the model
// (it surfaces footnote/verify warnings), and it matches the on-both-hosts
// registry convention. The result-shape change is the ONLY behavior delta of
// this rename; the write path (updatePage -> markdown canonicalize) is identical.
execute: (client, { pageId, content, title }) =>
client.updatePage(pageId as string, content as string, title as string | undefined),
}, },
exportPageMarkdown: { exportPageMarkdown: {
@@ -750,6 +1189,17 @@ export const SHARED_TOOL_SPECS = {
buildShape: (z) => ({ buildShape: (z) => ({
pageId: z.string().min(1).describe('The id of the page to export.'), pageId: z.string().min(1).describe('The id of the page to export.'),
}), }),
// The markdown is a bare string. MCP returns it as a single text-content
// element (NOT jsonContent — that would JSON-quote the whole document);
// in-app projects `{ markdown }`.
mcpExecute: async (client, { pageId }) => {
const md = await client.exportPageMarkdown(pageId as string);
return { content: [{ type: 'text' as const, text: md }] };
},
inAppExecute: async (client, { pageId }) => {
const markdown = await client.exportPageMarkdown(pageId as string);
return { markdown };
},
}, },
// --- comment tools (unified from the per-layer inline definitions, #294) --- // --- comment tools (unified from the per-layer inline definitions, #294) ---
@@ -832,6 +1282,69 @@ export const SHARED_TOOL_SPECS = {
'refused.', 'refused.',
), ),
}), }),
// Both hosts enforce the SAME guardrails (a top-level comment requires a
// selection; suggestedText is forbidden on a reply / without a selection) but
// with per-layer error wording (snake_case 'create_comment:' on the MCP
// surface, camelCase 'createComment' in-app) and different result shapes (MCP
// jsonContent, in-app projects `{ commentId, pageId }`). Preserved byte-for-
// byte via the two overrides.
mcpExecute: async (client, { pageId, content, selection, parentCommentId, suggestedText }) => {
if (!parentCommentId && (!selection || !(selection as string).trim())) {
throw new Error(
"create_comment: a 'selection' (exact text to anchor on) is required for a top-level comment; omit it only when replying via parentCommentId.",
);
}
if (suggestedText !== undefined) {
if (parentCommentId) {
throw new Error(
"create_comment: 'suggestedText' cannot be attached to a reply; it applies only to a top-level inline comment.",
);
}
if (!selection || !(selection as string).trim()) {
throw new Error(
"create_comment: 'suggestedText' requires a 'selection' to anchor and rewrite.",
);
}
}
const result = await client.createComment(
pageId as string,
content as string,
'inline',
selection as string | undefined,
parentCommentId as string | undefined,
suggestedText as string | undefined,
);
return mcpJson(result);
},
inAppExecute: async (client, { pageId, content, selection, parentCommentId, suggestedText }) => {
if (!parentCommentId && (!selection || !(selection as string).trim())) {
throw new Error(
"createComment requires a 'selection' (exact text to anchor on) for a new top-level comment.",
);
}
if (suggestedText !== undefined) {
if (parentCommentId) {
throw new Error(
"createComment: 'suggestedText' cannot be attached to a reply; it applies only to a top-level inline comment.",
);
}
if (!selection || !(selection as string).trim()) {
throw new Error(
"createComment: 'suggestedText' requires a 'selection' to anchor and rewrite.",
);
}
}
const result = (await client.createComment(
pageId as string,
content as string,
'inline',
selection as string | undefined,
parentCommentId as string | undefined,
suggestedText as string | undefined,
)) as { data?: { id?: string } };
const data = result?.data ?? {};
return { commentId: data.id, pageId };
},
}, },
listComments: { listComments: {
@@ -857,6 +1370,8 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe('default only active threads; true — include resolved'), .describe('default only active threads; true — include resolved'),
}), }),
execute: (client, { pageId, includeResolved }) =>
client.listComments(pageId as string, includeResolved as boolean | undefined),
}, },
resolveComment: { resolveComment: {
@@ -890,6 +1405,13 @@ export const SHARED_TOOL_SPECS = {
'true (default) marks the thread resolved/closed; false reopens it', 'true (default) marks the thread resolved/closed; false reopens it',
), ),
}), }),
// MCP wraps the raw resolve response; in-app projects `{ commentId, resolved }`.
execute: (client, { commentId, resolved }) =>
client.resolveComment(commentId as string, resolved as boolean),
inAppExecute: async (client, { commentId, resolved }) => {
await client.resolveComment(commentId as string, resolved as boolean);
return { commentId, resolved };
},
}, },
checkNewComments: { checkNewComments: {
@@ -925,6 +1447,30 @@ export const SHARED_TOOL_SPECS = {
'Only pages under this parent will be checked.', 'Only pages under this parent will be checked.',
), ),
}), }),
// The in-app host has NO `since` guard (the canonical execute, raw). The MCP
// host additionally rejects an unparseable `since` up front — otherwise the
// NaN comparison silently treats every comment as "not new" and returns zero
// without signalling the bad input. This guard is a DELIBERATE per-layer
// difference (the in-app surface never had it), preserved via mcpExecute.
execute: (client, { spaceId, since, parentPageId }) =>
client.checkNewComments(
spaceId as string,
since as string,
parentPageId as string | undefined,
),
mcpExecute: async (client, { spaceId, since, parentPageId }) => {
if (Number.isNaN(Date.parse(since as string))) {
throw new Error(
`Invalid 'since' timestamp: ${JSON.stringify(since)} — expected an ISO 8601 date (e.g. '2026-03-10T00:00:00Z')`,
);
}
const result = await client.checkNewComments(
spaceId as string,
since as string,
parentPageId as string | undefined,
);
return mcpJson(result);
},
}, },
// --- table tools (unified from the per-layer inline definitions, #294) --- // --- table tools (unified from the per-layer inline definitions, #294) ---
@@ -971,6 +1517,13 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe('0-based insert position (0 inserts before the header); omit to append.'), .describe('0-based insert position (0 inserts before the header); omit to append.'),
}), }),
execute: (client, { pageId, table, cells, index }) =>
client.tableInsertRow(
pageId as string,
table as string,
cells as string[],
index as number | undefined,
),
}, },
tableDeleteRow: { tableDeleteRow: {
@@ -992,6 +1545,8 @@ export const SHARED_TOOL_SPECS = {
.describe('"#<index>" from the page outline, or a block id in the table.'), .describe('"#<index>" from the page outline, or a block id in the table.'),
index: z.number().int().describe('0-based row index to delete.'), index: z.number().int().describe('0-based row index to delete.'),
}), }),
execute: (client, { pageId, table, index }) =>
client.tableDeleteRow(pageId as string, table as string, index as number),
}, },
tableUpdateCell: { tableUpdateCell: {
@@ -1015,6 +1570,14 @@ export const SHARED_TOOL_SPECS = {
col: z.number().int().describe('0-based column index.'), col: z.number().int().describe('0-based column index.'),
text: z.string().describe('The new cell text.'), text: z.string().describe('The new cell text.'),
}), }),
execute: (client, { pageId, table, row, col, text }) =>
client.tableUpdateCell(
pageId as string,
table as string,
row as number,
col as number,
text as string,
),
}, },
// --- footnote + image write tools (promoted from inline MCP-only, #410) --- // --- footnote + image write tools (promoted from inline MCP-only, #410) ---
@@ -1059,6 +1622,8 @@ export const SHARED_TOOL_SPECS = {
.min(1) .min(1)
.describe('The footnote content as markdown (becomes the definition).'), .describe('The footnote content as markdown (becomes the definition).'),
}), }),
execute: (client, { pageId, anchorText, text }) =>
client.insertFootnote(pageId as string, anchorText as string, text as string),
}, },
insertImage: { insertImage: {
@@ -1096,6 +1661,13 @@ export const SHARED_TOOL_SPECS = {
'Insert the image right after the first top-level block whose text contains this string', 'Insert the image right after the first top-level block whose text contains this string',
), ),
}), }),
execute: (client, { pageId, imageUrl, align, alt, replaceText, afterText }) =>
client.insertImage(pageId as string, imageUrl as string, {
align: align as 'left' | 'center' | 'right' | undefined,
alt: alt as string | undefined,
replaceText: replaceText as string | undefined,
afterText: afterText as string | undefined,
}),
}, },
replaceImage: { replaceImage: {
@@ -1127,9 +1699,14 @@ export const SHARED_TOOL_SPECS = {
align: z.enum(['left', 'center', 'right']).optional(), align: z.enum(['left', 'center', 'right']).optional(),
alt: z.string().optional(), alt: z.string().optional(),
}), }),
execute: (client, { pageId, attachmentId, imageUrl, align, alt }) =>
client.replaceImage(pageId as string, attachmentId as string, imageUrl as string, {
align: align as 'left' | 'center' | 'right' | undefined,
alt: alt as string | undefined,
}),
}, },
// --- draw.io diagrams (issue #423, stage 1) --- // --- draw.io diagrams (issue #423 stage 1, #424 stage 2) ---
drawioGet: { drawioGet: {
mcpName: 'drawio_get', mcpName: 'drawio_get',
@@ -1156,6 +1733,12 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe('"xml" (default) for mxGraph XML, or "svg" for the raw .drawio.svg.'), .describe('"xml" (default) for mxGraph XML, or "svg" for the raw .drawio.svg.'),
}), }),
execute: (client, { pageId, node, format }) =>
client.drawioGet(
pageId as string,
node as string,
(format as 'xml' | 'svg' | undefined) ?? 'xml',
),
}, },
drawioCreate: { drawioCreate: {
@@ -1177,7 +1760,8 @@ export const SHARED_TOOL_SPECS = {
'back into drawio_get / drawio_update for THIS document. It is positional, ' + 'back into drawio_get / drawio_update for THIS document. It is positional, ' +
'so if you add or remove blocks before it, re-resolve via get_outline. The ' + 'so if you add or remove blocks before it, re-resolve via get_outline. The ' +
'diagram is editable in the draw.io editor and can be re-read with ' + 'diagram is editable in the draw.io editor and can be re-read with ' +
'drawio_get.', 'drawio_get.' +
DRAWIO_HARD_RULES,
tier: 'deferred', tier: 'deferred',
catalogLine: catalogLine:
'drawioCreate — create a draw.io diagram from mxGraph XML and insert it.', 'drawioCreate — create a draw.io diagram from mxGraph XML and insert it.',
@@ -1201,7 +1785,30 @@ export const SHARED_TOOL_SPECS = {
.optional() .optional()
.describe('Anchor text fragment (for before/after).'), .describe('Anchor text fragment (for before/after).'),
title: z.string().optional().describe('Optional diagram title.'), title: z.string().optional().describe('Optional diagram title.'),
layout: z
.enum(['elk'])
.optional()
.describe(
'Optional: "elk" runs an ELK layered auto-layout (honouring nested ' +
'containers) and rewrites all coordinates — give rough placement and ' +
'let the server compute pixels.',
),
}), }),
// The flat schema fields are regrouped into the client's `where` object.
// `layout` is the 5th arg: dropping it silently disables ELK auto-layout
// (a reviewed #440 parity fix — MUST reach the client on both hosts).
execute: (client, { pageId, xml, position, anchorNodeId, anchorText, title, layout }) =>
client.drawioCreate(
pageId as string,
{
position: position as 'before' | 'after' | 'append',
anchorNodeId: anchorNodeId as string | undefined,
anchorText: anchorText as string | undefined,
},
xml as string,
title as string | undefined,
layout as 'elk' | undefined,
),
}, },
drawioUpdate: { drawioUpdate: {
@@ -1214,7 +1821,8 @@ export const SHARED_TOOL_SPECS = {
'(a human or another agent edited it) the hash mismatches and the update ' + '(a human or another agent edited it) the hash mismatches and the update ' +
'is refused with a conflict error — re-read with drawio_get and retry. On ' + 'is refused with a conflict error — re-read with drawio_get and retry. On ' +
'success it overwrites the diagram attachment and updates the node ' + 'success it overwrites the diagram attachment and updates the node ' +
'width/height. `node` is the drawio node attrs.id or "#<index>".', 'width/height. `node` is the drawio node attrs.id or "#<index>".' +
DRAWIO_HARD_RULES,
tier: 'deferred', tier: 'deferred',
catalogLine: catalogLine:
'drawioUpdate — replace a draw.io diagram (optimistic-locked by baseHash).', 'drawioUpdate — replace a draw.io diagram (optimistic-locked by baseHash).',
@@ -1234,6 +1842,101 @@ export const SHARED_TOOL_SPECS = {
.string() .string()
.min(1) .min(1)
.describe('The meta.hash from the drawio_get this edit is based on.'), .describe('The meta.hash from the drawio_get this edit is based on.'),
layout: z
.enum(['elk'])
.optional()
.describe(
'Optional: "elk" runs an ELK layered auto-layout and rewrites all ' +
'coordinates before writing.',
),
}), }),
// `layout` is the 5th arg: forward layout:"elk" (a reviewed #440 parity fix)
// so both hosts run the ELK auto-layout before writing.
execute: (client, { pageId, node, xml, baseHash, layout }) =>
client.drawioUpdate(
pageId as string,
node as string,
xml as string,
baseHash as string,
layout as 'elk' | undefined,
),
},
drawioShapes: {
mcpName: 'drawio_shapes',
inAppKey: 'drawioShapes',
description:
'Look up VERIFIED draw.io stencil style-strings so you never guess a ' +
'`shape=mxgraph.*` name (a wrong name renders as an EMPTY BOX). Searches a ' +
'bundled catalog of ~10 400 shapes (the jgraph/drawio-mcp index) by ' +
'substring, tags and loose fuzzy match, plus a curated overlay for AWS ' +
'icons: it returns the correct resIcon for rebranded services (OpenSearch ' +
'-> elasticsearch_service, MSK -> managed_streaming_for_kafka, VPC Peering ' +
'-> peering, IAM Identity Center -> single_sign_on) and maps known-broken ' +
'stencils to working replacements (e.g. dynamodb_table -> dynamodb) with a ' +
'note. Each hit is { style, w, h, title, type, category?, note? } — copy ' +
'`style` verbatim onto the cell and use w/h as the default size. Call this ' +
'BEFORE drawio_create/drawio_update whenever you need a specific icon ' +
'(AWS/Azure/GCP/network/UML/flowchart).',
tier: 'deferred',
catalogLine:
'drawioShapes — look up verified draw.io stencil style-strings (no empty boxes).',
buildShape: (z) => ({
query: z
.string()
.min(1)
.describe('What to find, e.g. "lambda", "s3", "azure cosmos", "vpc group".'),
category: z
.string()
.optional()
.describe('Optional filter, e.g. an AWS category name ("Compute").'),
limit: z
.number()
.optional()
.describe('Max results (default 12, capped at 50).'),
}),
// INLINE on both hosts (no `execute`): drawio_shapes calls the PURE helper
// searchShapes, which is NOT a client method — it reads the bundled shape
// catalog via `import.meta.url` (drawio-shapes.ts). tool-specs.ts is
// type-checked FROM SOURCE by the in-app server under module:commonjs, where a
// static value-import of that `import.meta` module is a compile error
// (TS1343), so its execute CANNOT live here. `inlineBothHosts` tells BOTH
// registry loops to skip it; index.ts (MCP) and ai-chat-tools.service.ts
// (in-app) each register it directly, calling searchShapes from the loaded
// module. It STAYS in this registry so the shared-tool-specs contract still
// pins its name/description/schema across both hosts.
inlineBothHosts: true,
},
drawioGuide: {
mcpName: 'drawio_guide',
inAppKey: 'drawioGuide',
description:
'Progressive-disclosure draw.io authoring reference. Call with a `section` ' +
'to pull one focused, <=4KB chapter instead of bloating context: ' +
'"skeleton" (canonical mxGraph XML, sentinels, the accepted inputs, hard ' +
'rules), "layout" (spacing heuristics, edge routing, the layout:"elk" ' +
'option, the quality warnings), "containers" (transparent groups, relative ' +
'child coords, cross-container edges, swimlanes), "icons-aws" (the ' +
'service/resource icon patterns, category colors, rebrandings, blocklist), ' +
'"icons-azure" (portable image-style paths). Omit `section` to get the ' +
'index of sections. Pair with drawio_shapes for exact stencil styles.',
tier: 'deferred',
catalogLine:
'drawioGuide — on-demand draw.io authoring reference (skeleton/layout/containers/icons).',
buildShape: (z) => ({
section: z
.enum(['skeleton', 'layout', 'containers', 'icons-aws', 'icons-azure'])
.optional()
.describe('Which section to read; omit for the section index.'),
}),
// INLINE on both hosts (no `execute`) — same reason as drawio_shapes above:
// drawio_guide calls the PURE helper getGuideSection (drawio-guide.ts, no
// client, no network). getGuideSection itself has no `import.meta`, but it is
// kept inline for SYMMETRY with drawio_shapes (both drawio helper tools wired
// the same way in one place) and to avoid pulling any drawio lib source into
// the in-app server's commonjs type-check. `inlineBothHosts` makes both loops
// skip it; index.ts and ai-chat-tools.service.ts register it directly.
inlineBothHosts: true,
}, },
} satisfies Record<string, SharedToolSpec>; } satisfies Record<string, SharedToolSpec>;
@@ -203,14 +203,16 @@ test("a reply creates without selection or anchoring and is stored as type 'page
"reply body", "reply body",
"inline", "inline",
undefined, undefined,
"parent-123", // #437: a parentCommentId must be a full canonical UUID.
"019f499a-9f8c-7d68-b7be-ce100d7c6c56",
); );
assert.equal(result.success, true, "a reply must resolve successfully"); assert.equal(result.success, true, "a reply must resolve successfully");
assert.ok(createPayload, "/comments/create must have been called"); assert.ok(createPayload, "/comments/create must have been called");
assert.equal( assert.equal(
createPayload.parentCommentId, createPayload.parentCommentId,
"parent-123", // #437: a parentCommentId must be a full canonical UUID.
"019f499a-9f8c-7d68-b7be-ce100d7c6c56",
"the reply payload must carry the parentCommentId", "the reply payload must carry the parentCommentId",
); );
assert.equal( assert.equal(
@@ -321,7 +323,9 @@ test("suggestedText on a reply is rejected", async () => {
"body", "body",
"inline", "inline",
undefined, undefined,
"parent-1", // #437: use a valid full UUID so the reply+suggestion rejection fires
// (not the id-shape guard).
"019f499a-9f8c-7d68-b7be-ce100d7c6c56",
"replacement", "replacement",
), ),
/reply/i, /reply/i,
@@ -3,7 +3,7 @@
// footnote-canonical doc. These override the `replacePage` seam (symmetric to the // footnote-canonical doc. These override the `replacePage` seam (symmetric to the
// `mutatePage` seam used by the insert-footnote-wrapper test) to capture the // `mutatePage` seam used by the insert-footnote-wrapper test) to capture the
// persisted doc WITHOUT a live Hocuspocus collab socket. Symmetric to the // persisted doc WITHOUT a live Hocuspocus collab socket. Symmetric to the
// server-side focus specs for createPage / updatePageContent('replace'). // server-side focus specs for createPage / updatePage (markdown 'replace').
import { test } from "node:test"; import { test } from "node:test";
import assert from "node:assert/strict"; import assert from "node:assert/strict";
import { DocmostClient } from "../../build/client.js"; import { DocmostClient } from "../../build/client.js";
@@ -1,224 +0,0 @@
import { test } from "node:test";
import assert from "node:assert/strict";
import { readFileSync } from "node:fs";
import { fileURLToPath } from "node:url";
import { dirname, resolve } from "node:path";
import { DocmostClient } from "../../build/index.js";
// Drift guard for the THIRD hand-written layer of the AI tool set (issue #193,
// layer 3): the in-app server hand-mirrors the DocmostClient method signatures
// it consumes as the `DocmostClientLike` interface in
// apps/server/src/core/ai-chat/tools/docmost-client.loader.ts ("Signatures here
// mirror that file exactly"). That mirror lives across the ESM(mcp)/CJS(server)
// boundary and the package ships NO .d.ts, so the server typecheck cannot verify
// the names against the real class — a rename/removal in client.ts would surface
// only as a runtime "x is not a function" inside an agent tool call.
//
// SCOPE: this guard checks the method-NAME set only, not signatures. It pins the
// contract from the mcp side (ESM, where the real class is directly importable):
// every method the embedding host depends on MUST exist as a function on a real
// DocmostClient instance. If you rename/remove a client method, this fails here
// AND you must update DocmostClientLike to match. It does NOT verify parameter or
// return-type parity — signature drift between the hand-mirror and client.ts can
// still ship silently; full signature/type parity is the deferred staged-plan
// item below.
//
// Keep the HOST_CONTRACT_METHODS NAME list aligned with the method NAMES declared
// in the server's DocmostClientLike interface (the in-app per-user tool adapter
// only — it is a SUBSET of the DocmostClient surface — covers only what the in-app adapter
// consumes; the standalone MCP transport (packages/mcp/src/index.ts) calls additional
// client methods (deleteComment/updateComment) that this guard does NOT track — the
// MCP transport's own typecheck covers those. insertImage/replaceImage/insertFootnote
// were MCP-only but are now in-app-consumed too (#410), so they ARE tracked below. Full type-derivation
// of DocmostClientLike from this class is deferred (see the staged plan in
// docmost-client.loader.ts): the package emits no declarations and the real
// (inferred, concrete) return types conflict with the host's loose
// `Record<string,unknown>` + `as`-cast result handling.
const HOST_CONTRACT_METHODS = [
// read
"search",
"getPage",
"getPageRaw",
"getWorkspace",
"getSpaces",
"listPages",
"listSidebarPages",
"getOutline",
"getPageJson",
"getNode",
"searchInPage",
"getTable",
"listComments",
"getComment",
"checkNewComments",
"listShares",
"listPageHistory",
"getPageHistory",
"diffPageVersions",
"exportPageMarkdown",
// write (page)
"createPage",
"updatePage",
"renamePage",
"movePage",
"deletePage",
"editPageText",
"patchNode",
"insertNode",
"deleteNode",
"updatePageJson",
"tableInsertRow",
"tableDeleteRow",
"tableUpdateCell",
"copyPageContent",
"importPageMarkdown",
"sharePage",
"unsharePage",
"restorePageVersion",
"transformPage",
"stashPage",
// write (image / footnote) — MCP-only until #410 promoted them to in-app tools
"insertImage",
"replaceImage",
"insertFootnote",
// draw.io diagrams (#423, stage 1) — read + create + optimistic-locked update
"drawioGet",
"drawioCreate",
"drawioUpdate",
// write (comment)
"createComment",
"resolveComment",
];
test("DocmostClient implements every method the in-app DocmostClientLike mirror declares", () => {
// The constructor is side-effect-free (no network/login on construction): it
// only stores config and creates an axios instance, so it is safe to build a
// throwaway instance here with a dummy token provider.
const client = new DocmostClient({
apiUrl: "http://127.0.0.1:1/api",
getToken: async () => "test-token",
});
const missing = HOST_CONTRACT_METHODS.filter(
(name) => typeof client[name] !== "function",
);
assert.deepEqual(
missing,
[],
`DocmostClient is missing host-contract method(s): ${missing.join(", ")}. ` +
`Update packages/mcp/src/client.ts and/or the server's DocmostClientLike ` +
`interface (apps/server/src/core/ai-chat/tools/docmost-client.loader.ts) ` +
`so the hand-mirrored method NAMES stay aligned (this guards names only, ` +
`not signatures).`,
);
});
test("HOST_CONTRACT_METHODS has no duplicates", () => {
assert.equal(
new Set(HOST_CONTRACT_METHODS).size,
HOST_CONTRACT_METHODS.length,
);
});
// Parse the method names declared in the server's `DocmostClientLike` interface
// body. We read the .ts source as plain text (no TS compiler dep, and the file
// lives in the CJS server tree across the ESM boundary): scan from the
// `export interface DocmostClientLike {` line to its closing brace at column 0,
// matching member-signature lines like ` methodName(`. Nested param-object
// braces (`opts: { ... }`) are indented, so only the interface's own closing
// `}` (column 0) ends the scan.
function parseDocmostClientLikeMethods() {
const here = dirname(fileURLToPath(import.meta.url));
// packages/mcp/test/unit -> repo root is four levels up.
const loaderPath = resolve(
here,
"../../../../apps/server/src/core/ai-chat/tools/docmost-client.loader.ts",
);
let source;
try {
source = readFileSync(loaderPath, "utf8");
} catch (err) {
if (err && err.code === "ENOENT") {
throw new Error(
`Expected monorepo layout; server tree at ${loaderPath} not found. ` +
`This drift-guard reads the server's DocmostClientLike interface via a ` +
`fixed relative path and must run from inside the monorepo checkout.`,
);
}
throw err;
}
const lines = source.split(/\r?\n/);
const startIdx = lines.findIndex((l) =>
/^export interface DocmostClientLike\s*\{/.test(l),
);
assert.notEqual(
startIdx,
-1,
`Could not find "export interface DocmostClientLike {" in ${loaderPath}. ` +
`If the interface was renamed/moved, update this drift-guard test.`,
);
const methods = [];
let closed = false;
// Track whether we are inside a `/* ... */` block comment. Inner lines of a
// block comment need NOT start with `*`, so a `name(` line inside one would be
// falsely parsed as an interface method without this. (`//` line comments can
// never match the method regex below since they start with `/`.)
let inBlockComment = false;
for (let i = startIdx + 1; i < lines.length; i++) {
const line = lines[i];
if (inBlockComment) {
// Stay in the block until we see its closing `*/`.
if (line.includes("*/")) inBlockComment = false;
continue;
}
// Enter a block comment only when it opens without closing on the same line;
// a self-contained `/* ... */` on one line cannot precede a method name we
// care about (such lines start with `/`, so the method regex won't match).
if (line.includes("/*") && !line.includes("*/")) {
inBlockComment = true;
continue;
}
if (/^\}/.test(line)) {
closed = true;
break;
}
// Method-name match: a TS identifier (letters/digits/`_`/`$`, not starting
// with a digit) optionally followed by a generic clause (`method<T>(`), then
// the opening paren of the signature.
const m = /^\s*([A-Za-z_$][A-Za-z0-9_$]*)\s*(?:<[^>]*>)?\(/.exec(line);
if (m) methods.push(m[1]);
}
assert.ok(
closed,
`Did not find the closing brace of DocmostClientLike in ${loaderPath}.`,
);
assert.ok(
methods.length > 0,
`Parsed zero methods from DocmostClientLike in ${loaderPath} — the parser ` +
`is likely out of date with the interface formatting.`,
);
return methods;
}
// The point of the guard is to protect the DocmostClientLike mirror <-> client.ts
// link, but HOST_CONTRACT_METHODS is itself a HAND-COPY of that interface kept in
// sync manually. The list<->interface link must be tested too: a method consumed
// by the adapter and added to DocmostClientLike but forgotten here (or removed
// from the interface but left here) would otherwise escape both the server
// typecheck (pkg emits no .d.ts) and the first test above (name not in the list).
// Assert the two agree BOTH ways.
test("HOST_CONTRACT_METHODS exactly mirrors the server's DocmostClientLike interface", () => {
const interfaceMethods = parseDocmostClientLikeMethods();
assert.deepEqual(
[...HOST_CONTRACT_METHODS].sort(),
[...interfaceMethods].sort(),
`HOST_CONTRACT_METHODS has drifted from the DocmostClientLike interface in ` +
`apps/server/src/core/ai-chat/tools/docmost-client.loader.ts. Add/remove ` +
`method names in HOST_CONTRACT_METHODS so it lists EXACTLY the methods ` +
`declared in that interface (both directions are checked).`,
);
});
@@ -168,7 +168,9 @@ test("an in-flight mutate rejects with the connection-closed text on disconnect"
FakeProvider.last()._disconnect(); FakeProvider.last()._disconnect();
await assert.rejects( await assert.rejects(
p, p,
/Collaboration connection closed before the update was persisted\/synced/, // Assert the #437 diagnostic hint tail too (pageId + transient/retry cue),
// so a refactor that drops hint() can't pass this vacuously.
/Collaboration connection closed before the update was persisted\/synced \(pageId page-1; transient/,
); );
}); });
@@ -248,7 +250,11 @@ test("connect timeout rejects with the connect-timeout text and fires the metric
}, },
}); });
mock.timers.tick(25000); mock.timers.tick(25000);
await assert.rejects(p, /Connection timeout to collaboration server/); await assert.rejects(
p,
// Assert the #437 diagnostic hint tail too (pageId + transient/retry cue).
/Connection timeout to collaboration server \(pageId page-1; transient/,
);
assert.equal(metricFired, 1); assert.equal(metricFired, 1);
assert.equal(__sessionCountForTests(), 0); assert.equal(__sessionCountForTests(), 0);
}); });
@@ -0,0 +1,51 @@
// Unit tests for the drawio_guide progressive-disclosure reference (issue #424).
// Acceptance #2: every section is returned and each is <= ~4KB so pulling one
// does not bloat the model's context.
import { test } from "node:test";
import assert from "node:assert/strict";
import {
getGuideSection,
GUIDE_SECTIONS,
} from "../../build/lib/drawio-guide.js";
const MAX_BYTES = 4096; // "<= ~4KB" acceptance bound.
test("every section is returned and is under ~4KB", () => {
assert.deepEqual(GUIDE_SECTIONS, [
"skeleton",
"layout",
"containers",
"icons-aws",
"icons-azure",
]);
for (const s of GUIDE_SECTIONS) {
const { section, content } = getGuideSection(s);
assert.equal(section, s);
assert.ok(content.length > 200, `${s}: suspiciously short`);
const bytes = Buffer.byteLength(content, "utf8");
assert.ok(bytes <= MAX_BYTES, `${s}: ${bytes} bytes exceeds ${MAX_BYTES}`);
}
});
test("each section's content matches its topic", () => {
assert.match(getGuideSection("skeleton").content, /mxGraphModel/);
assert.match(getGuideSection("skeleton").content, /adaptiveColors="auto"/);
assert.match(getGuideSection("layout").content, /elk/i);
assert.match(getGuideSection("layout").content, /150px|<150/);
assert.match(getGuideSection("containers").content, /fillColor=none/);
assert.match(getGuideSection("icons-aws").content, /resourceIcon/);
assert.match(getGuideSection("icons-aws").content, /elasticsearch_service/);
assert.match(getGuideSection("icons-azure").content, /img\/lib\/azure2/);
});
test("omitting the section returns the index of sections", () => {
const idx = getGuideSection();
assert.equal(idx.section, "index");
for (const s of GUIDE_SECTIONS) assert.ok(idx.content.includes(s));
assert.ok(Buffer.byteLength(idx.content, "utf8") <= MAX_BYTES);
});
test("an unknown section falls back to the index", () => {
const idx = getGuideSection("nonsense");
assert.equal(idx.section, "index");
});
@@ -0,0 +1,111 @@
// Unit tests for the ELK auto-layout (issue #424, part 4). Acceptance #3: a
// 10+ node graph with rough/overlapping coordinates, laid out with ELK, has no
// bbox overlaps and produces no quality warnings.
import { test } from "node:test";
import assert from "node:assert/strict";
import { applyElkLayout } from "../../build/lib/drawio-layout.js";
import { prepareModel, parseCells } from "../../build/lib/drawio-xml.js";
/** Build a model where every vertex starts stacked at (10,10). */
function stackedGraph(n, edges) {
let cells = "";
for (let i = 2; i < 2 + n; i++) {
cells +=
`<mxCell id="${i}" value="N${i}" style="rounded=1;html=1;" vertex="1" parent="1">` +
`<mxGeometry x="10" y="10" width="120" height="60" as="geometry"/></mxCell>`;
}
let ei = 0;
for (const [s, t] of edges) {
cells +=
`<mxCell id="e${ei++}" edge="1" parent="1" source="${s}" target="${t}">` +
`<mxGeometry relative="1" as="geometry"/></mxCell>`;
}
return (
'<mxGraphModel><root><mxCell id="0"/><mxCell id="1" parent="0"/>' +
cells +
"</root></mxGraphModel>"
);
}
test("acceptance #3: a 10-node graph with rough coords lays out with no warnings", async () => {
const edges = [
[2, 3], [2, 4], [3, 5], [4, 5], [5, 6],
[6, 7], [6, 8], [7, 9], [8, 10], [9, 11], [10, 11],
];
const model = stackedGraph(10, edges);
// Before: everything is stacked at (10,10) -> lots of overlap warnings.
const before = prepareModel(model);
assert.ok(before.warnings.length > 0, "the stacked input should warn");
const laid = await applyElkLayout(model);
const after = prepareModel(laid);
assert.equal(
after.warnings.length,
0,
`ELK layout should clear all warnings, got: ${after.warnings.join(" | ")}`,
);
// Same number of user cells survived the layout.
assert.equal(after.cellCount, before.cellCount);
});
test("ELK honours nested containers as compound nodes (no warnings, children stay nested)", async () => {
const model =
'<mxGraphModel><root><mxCell id="0"/><mxCell id="1" parent="0"/>' +
'<mxCell id="g" value="VPC" style="container=1;dropTarget=1;fillColor=none;" vertex="1" parent="1"><mxGeometry x="0" y="0" width="100" height="100" as="geometry"/></mxCell>' +
'<mxCell id="a" value="A" style="rounded=1;" vertex="1" parent="g"><mxGeometry width="120" height="60" as="geometry"/></mxCell>' +
'<mxCell id="b" value="B" style="rounded=1;" vertex="1" parent="g"><mxGeometry width="120" height="60" as="geometry"/></mxCell>' +
'<mxCell id="c" value="C" style="rounded=1;" vertex="1" parent="1"><mxGeometry width="120" height="60" as="geometry"/></mxCell>' +
'<mxCell id="ab" edge="1" parent="g" source="a" target="b"><mxGeometry relative="1" as="geometry"/></mxCell>' +
'<mxCell id="bc" edge="1" parent="1" source="b" target="c"><mxGeometry relative="1" as="geometry"/></mxCell>' +
"</root></mxGraphModel>";
const laid = await applyElkLayout(model);
const cells = parseCells(laid);
const byId = Object.fromEntries(cells.map((c) => [c.id, c]));
// Children keep their container parent; the container was sized to hold them.
assert.equal(byId.a.parent, "g");
assert.equal(byId.b.parent, "g");
assert.ok((byId.g.geometry.width ?? 0) >= 260, "container widened to fit children");
const after = prepareModel(laid);
assert.equal(after.warnings.length, 0, after.warnings.join(" | "));
});
test("edges and cell count are preserved by layout", async () => {
const model = stackedGraph(4, [[2, 3], [3, 4], [4, 5]]);
const laid = await applyElkLayout(model);
const cells = parseCells(laid);
assert.equal(cells.filter((c) => c.edge).length, 3);
assert.equal(cells.filter((c) => c.vertex).length, 4);
});
test("DoS guard: a graph over the node cap is returned unchanged, quickly", async () => {
// 600 vertices > ELK_MAX_NODES (500): the layout must be SKIPPED and the
// input returned verbatim, without ever handing the graph to elkjs. This
// exercises the cap path that bounds the in-process, event-loop-blocking
// layout on LLM-supplied XML.
const model = stackedGraph(600, []);
const t0 = Date.now();
const laid = await applyElkLayout(model);
const dt = Date.now() - t0;
// normalizeInput may reserialize, but geometry must be untouched: every
// vertex is still stacked at (10,10), i.e. no ELK coordinates were applied.
const cells = parseCells(laid);
const verts = cells.filter((c) => c.vertex);
assert.equal(verts.length, 600, "all vertices survived");
for (const v of verts) {
assert.equal(v.geometry.x, 10, "x untouched -> layout was skipped");
assert.equal(v.geometry.y, 10, "y untouched -> layout was skipped");
}
// Returning the input without an ELK pass is essentially instant; assert it
// did not hang. Generous bound to stay non-flaky on a loaded CI box.
assert.ok(dt < 2000, `cap path should be fast, took ${dt}ms`);
});
test("layout is best-effort: an empty/degenerate model is returned intact", async () => {
const model =
'<mxGraphModel><root><mxCell id="0"/><mxCell id="1" parent="0"/></root></mxGraphModel>';
const laid = await applyElkLayout(model);
// No vertices -> unchanged, still lints clean.
const after = prepareModel(laid);
assert.equal(after.cellCount, 0);
});
@@ -0,0 +1,101 @@
// Unit tests for the geometry quality-warnings (issue #424, part 5). Acceptance
// #4: every warning has a positive AND a negative case, and warnings NEVER block
// the write (prepareModel returns them, it does not throw).
import { test } from "node:test";
import assert from "node:assert/strict";
import { prepareModel } from "../../build/lib/drawio-xml.js";
function model(cells) {
return (
'<mxGraphModel><root><mxCell id="0"/><mxCell id="1" parent="0"/>' +
cells +
"</root></mxGraphModel>"
);
}
function warnings(cells) {
return prepareModel(model(cells)).warnings;
}
function has(ws, rule) {
return ws.some((w) => w.startsWith(`[${rule}]`));
}
function v(id, x, y, w = 120, h = 60, value = "", style = "rounded=1;html=1;", parent = "1") {
return (
`<mxCell id="${id}" value="${value}" style="${style}" vertex="1" parent="${parent}">` +
`<mxGeometry x="${x}" y="${y}" width="${w}" height="${h}" as="geometry"/></mxCell>`
);
}
function edge(id, s, t, parent = "1") {
return (
`<mxCell id="${id}" edge="1" parent="${parent}" source="${s}" target="${t}">` +
`<mxGeometry relative="1" as="geometry"/></mxCell>`
);
}
test("shape-overlap: positive and negative", () => {
assert.ok(has(warnings(v("a", 0, 0) + v("b", 50, 20)), "shape-overlap"));
assert.ok(!has(warnings(v("a", 0, 0) + v("b", 300, 0)), "shape-overlap"));
});
test("shape-overlap: a container over its own child does NOT warn", () => {
const cells =
'<mxCell id="g" value="G" style="container=1;fillColor=none;" vertex="1" parent="1"><mxGeometry x="0" y="0" width="400" height="200" as="geometry"/></mxCell>' +
v("a", 30, 40, 120, 60, "", "rounded=1;", "g");
assert.ok(!has(warnings(cells), "shape-overlap"));
});
test("edge-through-shape: positive and negative", () => {
// A -> B passes straight through C sitting on the line.
const pos =
v("a", 0, 0, 60, 60) + v("c", 200, 0, 60, 60) + v("b", 400, 0, 60, 60) + edge("e", "a", "b");
assert.ok(has(warnings(pos), "edge-through-shape"));
// C moved off the line -> no crossing.
const neg =
v("a", 0, 0, 60, 60) + v("c", 200, 300, 60, 60) + v("b", 400, 0, 60, 60) + edge("e", "a", "b");
assert.ok(!has(warnings(neg), "edge-through-shape"));
});
test("edge-overlap: positive (duplicate) and negative", () => {
const pos = v("a", 0, 0) + v("b", 300, 0) + edge("e1", "a", "b") + edge("e2", "a", "b");
assert.ok(has(warnings(pos), "edge-overlap"));
const neg =
v("a", 0, 0) + v("b", 300, 0) + v("c", 300, 300) + edge("e1", "a", "b") + edge("e2", "a", "c");
assert.ok(!has(warnings(neg), "edge-overlap"));
});
test("gap-too-small: positive and negative", () => {
assert.ok(has(warnings(v("a", 0, 0) + v("b", 220, 0)), "gap-too-small")); // 100px gap
assert.ok(!has(warnings(v("a", 0, 0) + v("b", 300, 0)), "gap-too-small")); // 180px gap
});
test("label-overflow: positive and negative", () => {
const pos = v("a", 0, 0, 40, 60, "A very long label that does not fit");
assert.ok(has(warnings(pos), "label-overflow"));
const neg = v("a", 0, 0, 300, 60, "Short");
assert.ok(!has(warnings(neg), "label-overflow"));
});
test("label-overflow: a label drawn OUTSIDE the shape (AWS icon) does NOT warn", () => {
const cells = v(
"a",
0,
0,
60,
60,
"A very long service label below the icon",
"shape=mxgraph.aws4.resourceIcon;verticalLabelPosition=bottom;verticalAlign=top;html=1;",
);
assert.ok(!has(warnings(cells), "label-overflow"));
});
test("out-of-bounds: positive (negative coords) and negative", () => {
assert.ok(has(warnings(v("a", -50, 10)), "out-of-bounds"));
assert.ok(!has(warnings(v("a", 10, 10)), "out-of-bounds"));
});
test("warnings never block the write (prepareModel returns, does not throw)", () => {
const messy = v("a", 0, 0) + v("b", 30, 20) + v("c", 40, 40); // heavy overlap
const prepared = prepareModel(model(messy));
assert.ok(prepared.warnings.length > 0, "expected warnings");
assert.ok(prepared.modelXml.includes("mxGraphModel"), "still produced a model");
assert.equal(prepared.cellCount, 3);
});
@@ -0,0 +1,97 @@
// Unit tests for the drawio_shapes verified-stencil catalog (issue #424).
// Covers acceptance #1: a "lambda" query returns a valid mxgraph.aws4 icon with
// the right service/resource pattern + sizes; a blocklisted stencil query
// returns its working replacement.
import { test } from "node:test";
import assert from "node:assert/strict";
import {
searchShapes,
awsServiceStyle,
azureImageStyle,
loadShapeIndex,
AWS_CATEGORY_FILL,
} from "../../build/lib/drawio-shapes.js";
test("the bundled index loads and is the real ~10k-shape catalog", () => {
const idx = loadShapeIndex();
assert.ok(Array.isArray(idx));
assert.ok(idx.length > 10000, `expected >10000 shapes, got ${idx.length}`);
// Record shape { style, w, h, title, tags, type }.
for (const k of ["style", "w", "h", "title", "tags", "type"]) {
assert.ok(k in idx[0], `record missing key ${k}`);
}
});
test('drawio_shapes("lambda") returns a valid mxgraph.aws4 service icon', () => {
const results = searchShapes("lambda", { limit: 5 });
assert.ok(results.length > 0);
// Acceptance #1: a valid aws4 service-level icon (resourceIcon + resIcon)
// for lambda, with sensible default sizes, is present.
const svc = results.find(
(r) =>
/shape=mxgraph\.aws4\.resourceIcon/.test(r.style) &&
/resIcon=mxgraph\.aws4\.lambda(_function)?\b/.test(r.style),
);
assert.ok(svc, `no aws4 lambda service icon in ${JSON.stringify(results.map((r) => r.style.slice(-40)))}`);
assert.ok(svc.w > 0 && svc.h > 0, "icon must carry default w/h");
// The current-generation aws4 icon must outrank the deprecated aws3 one.
assert.match(results[0].style, /mxgraph\.aws4/);
});
test("a blocklisted stencil query returns its replacement + a note", () => {
const results = searchShapes("dynamodb_table", { limit: 3 });
assert.ok(results.length > 0);
const rep = results[0];
// dynamodb_table (empty box) -> dynamodb.
assert.match(rep.style, /resIcon=mxgraph\.aws4\.dynamodb\b/);
assert.ok(rep.note && /dynamodb_table/.test(rep.note), "note must explain the replacement");
// The broken stencil name must NOT be returned as a usable style.
assert.ok(
!results.some((r) => /resIcon=mxgraph\.aws4\.dynamodb_table\b/.test(r.style)),
"the broken dynamodb_table stencil must not be returned",
);
});
test("an AWS rebranding query returns the real (renamed) resIcon", () => {
const os = searchShapes("opensearch", { limit: 3 });
assert.ok(
os.some((r) => /resIcon=mxgraph\.aws4\.elasticsearch_service\b/.test(r.style) && r.note),
"OpenSearch must map to elasticsearch_service with a note",
);
const msk = searchShapes("msk", { limit: 3 });
assert.ok(
msk.some((r) => /managed_streaming_for_kafka/.test(r.style)),
"MSK must map to managed_streaming_for_kafka",
);
});
test("category filter narrows results", () => {
const all = searchShapes("database", { limit: 20 });
const dbOnly = searchShapes("database", { category: "Database", limit: 20 });
assert.ok(dbOnly.length <= all.length);
});
test("limit is honoured and capped", () => {
assert.equal(searchShapes("aws", { limit: 3 }).length, 3);
assert.ok(searchShapes("aws", { limit: 999 }).length <= 50);
});
test("empty query returns nothing", () => {
assert.deepEqual(searchShapes(" "), []);
});
test("style builders match the appendix templates", () => {
const s = awsServiceStyle("lambda", "Compute");
assert.match(s, /strokeColor=#ffffff/); // mandatory for service-level
assert.match(s, new RegExp(`fillColor=${AWS_CATEGORY_FILL.Compute}`));
assert.match(s, /shape=mxgraph\.aws4\.resourceIcon;resIcon=mxgraph\.aws4\.lambda$/);
const az = azureImageStyle("databases/Azure_Cosmos_DB.svg");
assert.match(az, /image=img\/lib\/azure2\/databases\/Azure_Cosmos_DB\.svg/);
});
test("azure and group queries surface the curated overlay", () => {
const cosmos = searchShapes("cosmos", { limit: 5 });
assert.ok(cosmos.some((r) => /azure2\/databases\/Azure_Cosmos_DB\.svg/.test(r.style)));
const vpc = searchShapes("vpc group", { limit: 5 });
assert.ok(vpc.some((r) => /grIcon=mxgraph\.aws4\.group_vpc2/.test(r.style)));
});
@@ -0,0 +1,62 @@
// Drift guards for the stage-2 drawio tools (issue #424): the new tools must be
// wired into the shared registry AND routed in SERVER_INSTRUCTIONS, and the
// hard-rules block must be injected into the create/update descriptions. These
// complement the generic server-instructions.test.mjs / tool-specs.test.mjs.
import { test } from "node:test";
import assert from "node:assert/strict";
import { SERVER_INSTRUCTIONS } from "../../build/index.js";
import { SHARED_TOOL_SPECS } from "../../build/tool-specs.js";
test("drawio_shapes and drawio_guide are in the shared registry", () => {
assert.equal(SHARED_TOOL_SPECS.drawioShapes.mcpName, "drawio_shapes");
assert.equal(SHARED_TOOL_SPECS.drawioGuide.mcpName, "drawio_guide");
// Deferred tier, matching the stage-1 drawio tools.
assert.equal(SHARED_TOOL_SPECS.drawioShapes.tier, "deferred");
assert.equal(SHARED_TOOL_SPECS.drawioGuide.tier, "deferred");
});
test("the new tools are routed in SERVER_INSTRUCTIONS", () => {
for (const name of ["drawio_shapes", "drawio_guide"]) {
assert.match(SERVER_INSTRUCTIONS, new RegExp(`\\b${name}\\b`), `${name} missing from guide`);
}
});
test("the hard-rules block is injected into create/update descriptions", () => {
for (const key of ["drawioCreate", "drawioUpdate"]) {
const d = SHARED_TOOL_SPECS[key].description;
assert.match(d, /sentinels are MANDATORY/);
assert.match(d, /vertex="1" XOR edge="1"/);
assert.match(d, /call drawio_shapes first/);
assert.match(d, /adaptiveColors="auto"/);
assert.match(d, /&#xa;/);
}
});
test("create/update expose the layout:\"elk\" parameter", () => {
const { z } = { z: makeZodStub() };
for (const key of ["drawioCreate", "drawioUpdate"]) {
const shape = SHARED_TOOL_SPECS[key].buildShape(z);
assert.ok("layout" in shape, `${key} missing layout param`);
}
});
// Tiny zod stub: buildShape only calls z.string/enum/number + chained
// .min/.optional/.describe, all of which return `this`.
function makeZodStub() {
const chain = new Proxy(
{},
{
get: (_t, prop) => {
if (prop === "parse") return () => ({});
return () => chain;
},
},
);
return {
string: () => chain,
number: () => chain,
enum: () => chain,
array: () => chain,
object: () => chain,
};
}
@@ -0,0 +1,450 @@
// Issue #437: central error diagnostics.
//
// Two surfaces are covered here:
// 1. formatDocmostAxiosError — the pure response-interceptor body that
// rewrites an AxiosError's `.message` into an actionable diagnostic.
// 2. assertFullUuid — the fail-fast comment-id guard (absorbs #436) that must
// throw BEFORE any network call.
// Plus an end-to-end pass over a real (offline) http server to prove the
// interceptor is wired, that a re-login retry leaves a success untouched, and
// that a persistent failure gets formatted — and that an invalid comment id
// short-circuits every comment tool with ZERO network traffic.
import { test, after } from "node:test";
import assert from "node:assert/strict";
import http from "node:http";
import axios, { AxiosError } from "axios";
import {
DocmostClient,
formatDocmostAxiosError,
assertFullUuid,
} from "../../build/client.js";
// Build an AxiosError-shaped object the way the interceptor's rejection handler
// receives it. Using the real AxiosError ctor makes axios.isAxiosError() true.
function makeAxiosError({
method = "post",
url = "/comments/resolve",
baseURL = "http://host.example/api",
status,
statusText,
data,
code,
message = "Request failed",
}) {
const config = { method, url, baseURL };
const response =
status === undefined
? undefined
: { status, statusText, data, headers: {}, config };
return new AxiosError(message, code, config, {}, response);
}
// ---------------------------------------------------------------------------
// formatDocmostAxiosError: message-body extraction rules.
// ---------------------------------------------------------------------------
test("class-validator message array is joined with '; '", () => {
const err = makeAxiosError({
status: 400,
statusText: "Bad Request",
data: { message: ["commentId must be a UUID", "resolved must be a boolean"] },
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"POST /comments/resolve failed (400 Bad Request): commentId must be a UUID; resolved must be a boolean",
);
});
test("a string message is used as-is", () => {
const err = makeAxiosError({
method: "post",
url: "/comments/resolve",
status: 400,
statusText: "Bad Request",
data: { message: "commentId must be a UUID" },
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"POST /comments/resolve failed (400 Bad Request): commentId must be a UUID",
);
});
test("falls back to data.error when message is absent", () => {
const err = makeAxiosError({
method: "get",
url: "/pages/info",
status: 403,
statusText: "Forbidden",
data: { error: "Forbidden" },
});
formatDocmostAxiosError(err);
assert.equal(err.message, "GET /pages/info failed (403 Forbidden): Forbidden");
});
test("empty object body falls back to statusText", () => {
const err = makeAxiosError({
status: 404,
statusText: "Not Found",
url: "/comments/info",
data: {},
});
formatDocmostAxiosError(err);
assert.equal(err.message, "POST /comments/info failed (404 Not Found): Not Found");
});
test("HTML/string body is NEVER surfaced — only the statusText", () => {
const html = "<html><body>502 Bad Gateway — nginx internals here</body></html>";
const err = makeAxiosError({
status: 502,
statusText: "Bad Gateway",
url: "/comments/create",
data: html,
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"POST /comments/create failed (502 Bad Gateway): Bad Gateway",
);
assert.ok(!err.message.includes("nginx"), "raw HTML body must not leak");
assert.ok(!err.message.includes("<html>"), "raw HTML body must not leak");
});
test("Buffer body carrying JSON is parsed for its message", () => {
const buf = Buffer.from(JSON.stringify({ message: "file too large" }), "utf8");
const err = makeAxiosError({
method: "get",
url: "/files/abc/x.png",
status: 413,
statusText: "Payload Too Large",
data: buf,
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"GET /files/abc/x.png failed (413 Payload Too Large): file too large",
);
});
test("Buffer body with non-JSON garbage falls back to statusText", () => {
const buf = Buffer.from("<<< not json at all >>>", "utf8");
const err = makeAxiosError({
method: "get",
url: "/files/abc/x.png",
status: 500,
statusText: "Internal Server Error",
data: buf,
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"GET /files/abc/x.png failed (500 Internal Server Error): Internal Server Error",
);
assert.ok(!err.message.includes("not json"), "raw buffer body must not leak");
});
test("an oversized Buffer body is not parsed (size cap) — statusText only", () => {
// A >4KB JSON buffer: even though it IS valid JSON with a message, the size
// cap means we do not attempt to parse it, so only the statusText survives.
const big = { message: "x".repeat(5000) };
const buf = Buffer.from(JSON.stringify(big), "utf8");
const err = makeAxiosError({
method: "get",
url: "/files/abc/x.png",
status: 500,
statusText: "Internal Server Error",
data: buf,
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"GET /files/abc/x.png failed (500 Internal Server Error): Internal Server Error",
);
});
// ---------------------------------------------------------------------------
// formatDocmostAxiosError: no-response and path/method handling.
// ---------------------------------------------------------------------------
test("no response uses error.code + path + 'no response from server'", () => {
const err = makeAxiosError({
method: "post",
url: "/comments/create",
status: undefined,
code: "ECONNREFUSED",
message: "connect ECONNREFUSED 127.0.0.1:3000",
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"POST /comments/create failed: ECONNREFUSED (no response from server)",
);
});
test("no response with no code falls back to a neutral reason (raw message not leaked — it may embed host:port)", () => {
const err = makeAxiosError({
method: "post",
url: "/comments/create",
status: undefined,
// A raw axios network message like "connect ECONNREFUSED 127.0.0.1:3000"
// embeds the host; #437's invariant is that it never reaches the message.
message: "connect ECONNREFUSED 10.0.0.5:3000",
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"POST /comments/create failed: network error (no response from server)",
);
// And the host must NOT appear anywhere in the model-visible message.
assert.ok(!err.message.includes("10.0.0.5"));
});
test("path drops the host and the query string", () => {
const err = makeAxiosError({
method: "post",
url: "/comments/resolve?token=secret&x=1",
baseURL: "https://docs.example.com/api",
status: 400,
statusText: "Bad Request",
data: { message: "bad" },
});
formatDocmostAxiosError(err);
assert.equal(
err.message,
"POST /comments/resolve failed (400 Bad Request): bad",
);
assert.ok(!err.message.includes("secret"), "query string must not leak");
assert.ok(!err.message.includes("docs.example.com"), "host must not leak");
});
// ---------------------------------------------------------------------------
// formatDocmostAxiosError: length cap + guard flag + pass-through.
// ---------------------------------------------------------------------------
test("the overall message is capped at ~300 chars", () => {
const err = makeAxiosError({
status: 400,
statusText: "Bad Request",
data: { message: "y".repeat(1000) },
});
formatDocmostAxiosError(err);
assert.ok(err.message.length <= 300, `expected <=300, got ${err.message.length}`);
assert.ok(err.message.endsWith("…"), "a truncated message ends with an ellipsis");
});
test("a formatted error is not re-processed (guard flag)", () => {
const err = makeAxiosError({
status: 400,
statusText: "Bad Request",
data: { message: "first" },
});
formatDocmostAxiosError(err);
const once = err.message;
assert.equal(err._docmostFormatted, true);
// Mutate the body and re-run: the guard makes it a no-op.
err.response.data = { message: "second" };
formatDocmostAxiosError(err);
assert.equal(err.message, once, "the guard flag prevents double-processing");
});
test("a non-axios error is passed through untouched", () => {
const plain = new Error("boom");
formatDocmostAxiosError(plain);
assert.equal(plain.message, "boom");
assert.equal(plain._docmostFormatted, undefined);
});
// ---------------------------------------------------------------------------
// assertFullUuid.
// ---------------------------------------------------------------------------
const GOOD_UUID = "019f499a-9f8c-7d68-b7be-ce100d7c6c56";
test("assertFullUuid accepts a full canonical UUID (any version nibble)", () => {
assert.doesNotThrow(() => assertFullUuid("resolve_comment", "commentId", GOOD_UUID));
// A v4 id also passes (version/variant-agnostic).
assert.doesNotThrow(() =>
assertFullUuid("get_comment", "commentId", "3d5b7c1e-2f4a-4b6c-8d9e-0f1a2b3c4d5e"),
);
});
test("assertFullUuid rejects a truncated prefix", () => {
assert.throws(
() => assertFullUuid("resolve_comment", "commentId", "019f499a"),
(e) =>
e.message.startsWith(
"resolve_comment: 'commentId' must be the FULL comment UUID",
) &&
e.message.includes("got '019f499a'") &&
e.message.includes("Copy the id verbatim"),
);
});
test("assertFullUuid rejects garbage and empty string", () => {
assert.throws(
() => assertFullUuid("delete_comment", "commentId", "not-a-uuid"),
/must be the FULL comment UUID.*got 'not-a-uuid'/s,
);
assert.throws(
() => assertFullUuid("update_comment", "commentId", ""),
/must be the FULL comment UUID.*got ''/s,
);
});
// ---------------------------------------------------------------------------
// End-to-end over an offline http server: interceptor wiring + re-login.
// ---------------------------------------------------------------------------
function readBody(req) {
return new Promise((resolve) => {
let raw = "";
req.on("data", (c) => (raw += c));
req.on("end", () => resolve(raw));
});
}
function startServer(handler) {
return new Promise((resolve) => {
const server = http.createServer(handler);
server.listen(0, "127.0.0.1", () => {
const { port } = server.address();
resolve({ server, baseURL: `http://127.0.0.1:${port}/api` });
});
});
}
function sendJson(res, status, obj, extra = {}) {
res.writeHead(status, { "Content-Type": "application/json", ...extra });
res.end(JSON.stringify(obj));
}
const openServers = [];
async function spawn(handler) {
const { server, baseURL } = await startServer(handler);
openServers.push(server);
return { baseURL };
}
after(async () => {
await Promise.all(openServers.map((s) => new Promise((r) => s.close(r))));
});
test("a 400 on a JSON endpoint is reformatted by the wired interceptor", async () => {
const { baseURL } = await spawn(async (req, res) => {
await readBody(req);
if (req.url === "/api/auth/login") {
sendJson(res, 200, { success: true }, {
"Set-Cookie": "authToken=t; Path=/; HttpOnly",
});
return;
}
if (req.url === "/api/pages/info") {
sendJson(res, 400, { message: "pageId should not be empty" });
return;
}
sendJson(res, 404, {});
});
const client = new DocmostClient(baseURL, "u@example.com", "pw");
await assert.rejects(
() => client.getPageRaw("x"),
(e) => {
assert.ok(axios.isAxiosError(e), "still an AxiosError (mutation, not a subclass)");
assert.equal(e.response?.status, 400, "error.response?.status still readable");
assert.equal(
e.message,
"POST /pages/info failed (400 Bad Request): pageId should not be empty",
);
return true;
},
);
});
test("401 -> re-login -> successful retry: the SUCCESS message is untouched", async () => {
let infoCalls = 0;
const { baseURL } = await spawn(async (req, res) => {
await readBody(req);
if (req.url === "/api/auth/login") {
sendJson(res, 200, { success: true }, {
"Set-Cookie": "authToken=fresh; Path=/; HttpOnly",
});
return;
}
if (req.url === "/api/workspace/info") {
infoCalls++;
if (infoCalls === 1) sendJson(res, 401, { message: "Unauthorized" });
else sendJson(res, 200, { success: true, data: { id: "ws" } });
return;
}
sendJson(res, 404, {});
});
const client = new DocmostClient(baseURL, "u@example.com", "pw");
client.token = "stale";
client.client.defaults.headers.common["Authorization"] = "Bearer stale";
const result = await client.getWorkspace();
assert.equal(result.success, true, "the retried request resolved successfully");
assert.equal(infoCalls, 2, "401 then a successful replay");
});
test("401 -> re-login -> persistent failure: formatted AND retry guard intact", async () => {
let infoCalls = 0;
let loginCalls = 0;
const { baseURL } = await spawn(async (req, res) => {
await readBody(req);
if (req.url === "/api/auth/login") {
loginCalls++;
sendJson(res, 200, { success: true }, {
"Set-Cookie": "authToken=fresh; Path=/; HttpOnly",
});
return;
}
if (req.url === "/api/workspace/info") {
infoCalls++;
// Always 401, even after a fresh login: the _retry guard must stop here.
sendJson(res, 401, { message: "token still invalid" });
return;
}
sendJson(res, 404, {});
});
const client = new DocmostClient(baseURL, "u@example.com", "pw");
client.token = "stale";
client.client.defaults.headers.common["Authorization"] = "Bearer stale";
await assert.rejects(
() => client.getWorkspace(),
(e) => {
assert.equal(
e.message,
"POST /workspace/info failed (401 Unauthorized): token still invalid",
);
return true;
},
);
// The _retry guard is intact: exactly one replay (2 hits), one re-login.
assert.equal(infoCalls, 2, "endpoint hit at most twice (one retry only)");
assert.equal(loginCalls, 1, "re-login attempted exactly once");
});
// ---------------------------------------------------------------------------
// assertFullUuid application points: NO network call when the id is invalid.
// A server that counts EVERY request proves the guard short-circuits before
// even the login round-trip.
// ---------------------------------------------------------------------------
test("all 5 comment-id call sites reject a bad id with ZERO network traffic", async () => {
let requests = 0;
const { baseURL } = await spawn(async (req, res) => {
requests++;
await readBody(req);
sendJson(res, 200, { success: true });
});
const client = new DocmostClient(baseURL, "u@example.com", "pw");
const bad = "019f499a"; // truncated
await assert.rejects(() => client.resolveComment(bad, true), /resolve_comment: 'commentId'/);
await assert.rejects(() => client.updateComment(bad, "hi"), /update_comment: 'commentId'/);
await assert.rejects(() => client.deleteComment(bad), /delete_comment: 'commentId'/);
await assert.rejects(() => client.getComment(bad), /get_comment: 'commentId'/);
// createComment validates parentCommentId only when provided.
await assert.rejects(
() => client.createComment("page-1", "body", "inline", "sel", bad),
/create_comment: 'parentCommentId'/,
);
assert.equal(requests, 0, "no request (not even /auth/login) may be issued for a bad id");
});
@@ -0,0 +1,101 @@
import { test } from "node:test";
import assert from "node:assert/strict";
import { createHash } from "node:crypto";
import { readFileSync } from "node:fs";
import { fileURLToPath } from "node:url";
import { dirname, join } from "node:path";
import { computeRegistryStamp } from "../../scripts/gen-registry-stamp.mjs";
import { REGISTRY_STAMP } from "../../build/index.js";
// Guard tests for the build/src-skew stamp (issue #447). The codegen script
// exports `computeRegistryStamp(sourceText)` — a sha256 over normalized source
// text (CRLF->LF, single trailing newline stripped). The in-app loader
// (apps/server/.../docmost-client.loader.ts) DUPLICATES that normalize+sha256 to
// recompute the stamp from src and refuse a stale build. These tests pin the
// algorithm's behaviour AND assert the built stamp matches the current src, so a
// stale generated file OR a normalize divergence reddens.
const __dirname = dirname(fileURLToPath(import.meta.url));
const TOOL_SPECS_PATH = join(__dirname, "..", "..", "src", "tool-specs.ts");
test("computeRegistryStamp is deterministic: same input -> same hash", () => {
const input = "export const X = 1;\nexport const Y = 2;\n";
assert.equal(computeRegistryStamp(input), computeRegistryStamp(input));
});
test("computeRegistryStamp returns a 64-char lowercase hex sha256", () => {
const stamp = computeRegistryStamp("anything");
assert.match(stamp, /^[0-9a-f]{64}$/);
});
test("normalizes CRLF vs LF: the same content hashes equal", () => {
const lf = "line1\nline2\nline3";
const crlf = "line1\r\nline2\r\nline3";
assert.equal(computeRegistryStamp(crlf), computeRegistryStamp(lf));
});
test("normalizes a trailing newline: with/without a final \\n hashes equal", () => {
const noTrailing = "alpha\nbeta";
const trailing = "alpha\nbeta\n";
assert.equal(computeRegistryStamp(trailing), computeRegistryStamp(noTrailing));
});
test("a CRLF checkout WITH a trailing CRLF still hashes equal to bare LF", () => {
// A worst-case Windows checkout: CRLF line endings + a trailing CRLF. Both the
// \r\n->\n replace and the trailing-newline strip must apply for parity.
const bare = "alpha\nbeta";
const crlfTrailing = "alpha\r\nbeta\r\n";
assert.equal(
computeRegistryStamp(crlfTrailing),
computeRegistryStamp(bare),
);
});
test("a real content change hashes differently", () => {
const before = "export const description = 'search a page';\n";
const after = "export const description = 'search a PAGE';\n";
assert.notEqual(computeRegistryStamp(before), computeRegistryStamp(after));
});
// Only a SINGLE trailing newline is stripped — a second blank line is content and
// must change the hash. This pins the exact `/\n$/` semantics the loader mirrors.
test("only ONE trailing newline is stripped (two differ from one)", () => {
assert.notEqual(
computeRegistryStamp("x\n"),
computeRegistryStamp("x\n\n"),
);
});
// Cross-impl equality against a fixed, documented input. The SAME literal input
// and expected hash are asserted in the server-side jest test
// (docmost-client.loader.spec.ts). If either side's normalize+sha256 ever
// diverges, one of the two tests reddens. Input exercises BOTH normalize steps.
test("fixed-input hash matches the documented cross-impl value", () => {
const FIXED_INPUT = "line1\r\nline2\n";
const EXPECTED =
"683376e290829b482c2655745caffa7a1dccfa10afaa62dac2b42dd6c68d0f83";
assert.equal(computeRegistryStamp(FIXED_INPUT), EXPECTED);
});
// DESYNC GUARD (covers reviewer suggestion 2). Recompute the stamp from the
// actual src/tool-specs.ts and assert it equals the REGISTRY_STAMP baked into the
// freshly-built build/index.js. This reddens if the generated file is stale OR if
// the codegen normalize ever diverges from what produced the built stamp.
test("built REGISTRY_STAMP equals the stamp recomputed from src/tool-specs.ts", () => {
const source = readFileSync(TOOL_SPECS_PATH, "utf8");
assert.equal(computeRegistryStamp(source), REGISTRY_STAMP);
});
// Sanity: the fixed-input helper computes the SAME way the codegen does, proving
// the EXPECTED constant above is not an arbitrary magic value but the documented
// normalize+sha256 of FIXED_INPUT. Belt-and-braces so a bad EXPECTED can't hide a
// real regression.
test("the documented EXPECTED constant is the normalize+sha256 of FIXED_INPUT", () => {
const FIXED_INPUT = "line1\r\nline2\n";
const normalized = FIXED_INPUT.replace(/\r\n/g, "\n").replace(/\n$/, "");
const expected = createHash("sha256")
.update(normalized, "utf8")
.digest("hex");
assert.equal(computeRegistryStamp(FIXED_INPUT), expected);
});
@@ -1,82 +0,0 @@
// Guard: every tool the MCP server registers must be routed by intent in
// SERVER_INSTRUCTIONS — the editing guide clients receive in the initialize
// result. Without this, new tools silently rot out of the guide and agents
// never learn to pick them (the guide once omitted 17 of 41 tools, including
// get_outline, which pushed agents into fetching whole documents for block
// ids). Tool names are extracted from the SOURCE (index.ts inline
// registrations + tool-specs.ts shared specs) so a registration added either
// way is caught; the guide text itself is imported from the build so the test
// checks what actually ships.
import { test } from "node:test";
import assert from "node:assert/strict";
import { readFileSync } from "node:fs";
import { fileURLToPath } from "node:url";
import { dirname, join } from "node:path";
import { SERVER_INSTRUCTIONS } from "../../build/index.js";
const HERE = dirname(fileURLToPath(import.meta.url));
const SRC = join(HERE, "..", "..", "src");
// Tools DELIBERATELY absent from the guide. Keep this list minimal and
// justify every entry — the default is: every tool gets routed.
const EXCEPTIONS = new Set([
// Trivial and self-explanatory; carries no routing decision.
"get_workspace",
]);
/**
* Extract every registered tool name from the source. Two registration
* mechanisms exist and both are covered:
* - inline `server.registerTool("name", ...)` calls in index.ts;
* - shared specs in tool-specs.ts (`mcpName: 'name'`), registered via
* registerShared(SHARED_TOOL_SPECS.x, ...).
*/
function registeredToolNames() {
const indexSrc = readFileSync(join(SRC, "index.ts"), "utf8");
const specsSrc = readFileSync(join(SRC, "tool-specs.ts"), "utf8");
const names = new Set();
for (const m of indexSrc.matchAll(/registerTool\(\s*"([a-z0-9_]+)"/g)) {
names.add(m[1]);
}
for (const m of specsSrc.matchAll(/mcpName:\s*['"]([a-z0-9_]+)['"]/g)) {
names.add(m[1]);
}
return names;
}
test("every registered tool is mentioned in SERVER_INSTRUCTIONS", () => {
const names = registeredToolNames();
// Sanity: if extraction regressed (regex drift), fail loudly rather than
// vacuously passing on an empty set.
assert.ok(
names.size >= 40,
`sanity: expected to extract 40+ registered tools, got ${names.size}` +
"the extraction regexes in this test likely drifted from the source",
);
const missing = [...names]
.filter((n) => !EXCEPTIONS.has(n))
// \b<name>\b: `_` is a word char, so \bget_page\b does NOT match inside
// get_page_json — a tool can't hide behind a longer sibling's mention.
.filter((n) => !new RegExp(`\\b${n}\\b`).test(SERVER_INSTRUCTIONS))
.sort();
assert.deepEqual(
missing,
[],
`tools missing from SERVER_INSTRUCTIONS: ${missing.join(", ")}` +
"update the guide in packages/mcp/src/index.ts (see its MAINTENANCE " +
"RULE comment), or add a justified entry to EXCEPTIONS here",
);
});
test("EXCEPTIONS entries are real registered tools", () => {
// A stale exception (tool renamed/removed) must be cleaned up, otherwise
// the list quietly grows past its purpose.
const names = registeredToolNames();
for (const name of EXCEPTIONS) {
assert.ok(
names.has(name),
`EXCEPTIONS entry "${name}" is not a registered tool — remove it`,
);
}
});
@@ -0,0 +1,134 @@
// Guard: the GENERATED <tool_inventory> in SERVER_INSTRUCTIONS (issue #448)
// names every tool the server registers. The inventory is BUILT from the
// registry (SHARED_TOOL_SPECS' mcpName/catalogLine + INLINE_MCP_INVENTORY), so
// the shared-registry tools can never drift by construction; this test's job is
// to catch the ONE remaining manual list — INLINE_MCP_INVENTORY — falling out
// of sync with the inline `server.registerTool(...)` calls in index.ts.
//
// It also asserts the composed guide keeps its routing prose (the hand-written
// intent hints) and is a valid non-empty string — the structural guarantees the
// old name-scraper test (server-instructions.test.mjs, now deleted) carried,
// minus its now-redundant per-name prose scrape.
import { test } from "node:test";
import assert from "node:assert/strict";
import { readFileSync } from "node:fs";
import { fileURLToPath } from "node:url";
import { dirname, join } from "node:path";
import {
SERVER_INSTRUCTIONS,
ROUTING_PROSE,
buildToolInventoryLines,
} from "../../build/server-instructions.js";
const HERE = dirname(fileURLToPath(import.meta.url));
const SRC = join(HERE, "..", "..", "src");
/**
* Every tool name the MCP server registers, scraped from the SOURCE:
* - inline `server.registerTool("name", ...)` calls in index.ts;
* - shared specs in tool-specs.ts (`mcpName: 'name'`), EXCEPT `inAppOnly`
* specs, which the registry loop in index.ts SKIPS on the MCP host (#411).
* Same two registration mechanisms the old guard covered.
*/
function registeredToolNames() {
const indexSrc = readFileSync(join(SRC, "index.ts"), "utf8");
const specsSrc = readFileSync(join(SRC, "tool-specs.ts"), "utf8");
const names = new Set();
for (const m of indexSrc.matchAll(/registerTool\(\s*"([a-z0-9_]+)"/g)) {
names.add(m[1]);
}
// Each spec is one `{ ... }` block; scrape its mcpName but skip a block that
// carries `inAppOnly: true` (not registered on the external MCP host).
for (const block of specsSrc.split(/\n\s{2}\w+:\s*\{/)) {
const nameMatch = block.match(/mcpName:\s*['"]([a-z0-9_]+)['"]/);
if (!nameMatch) continue;
if (/inAppOnly:\s*true/.test(block)) continue;
names.add(nameMatch[1]);
}
return names;
}
test("the generated inventory names every registered tool", () => {
const registered = registeredToolNames();
// Sanity: if the scrape regressed (regex drift), fail loudly rather than
// vacuously passing on an empty set.
assert.ok(
registered.size >= 40,
`sanity: expected 40+ registered tools, got ${registered.size}` +
"the extraction regexes in this test likely drifted from the source",
);
const inventory = new Set(buildToolInventoryLines().map((l) => l.name));
const missing = [...registered].filter((n) => !inventory.has(n)).sort();
assert.deepEqual(
missing,
[],
`tools missing from the generated <tool_inventory>: ${missing.join(", ")}` +
"a SHARED spec is covered automatically; an INLINE MCP-only tool needs a " +
"line added to INLINE_MCP_INVENTORY in src/server-instructions.ts",
);
});
test("the inventory has no phantom tool (every line is a real registered tool)", () => {
const registered = registeredToolNames();
const phantom = buildToolInventoryLines()
.map((l) => l.name)
.filter((n) => !registered.has(n))
.sort();
assert.deepEqual(
phantom,
[],
`<tool_inventory> lists tools that are NOT registered: ${phantom.join(", ")}`,
);
});
// #411: the external MCP surface gains update_page_markdown and LOSES
// import_page_markdown (now inAppOnly). The in-app agent still keeps
// importPageMarkdown — asserted in the server-side contract spec.
test("update_page_markdown is on the MCP surface; import_page_markdown is NOT", () => {
const inventory = new Set(buildToolInventoryLines().map((l) => l.name));
assert.ok(
inventory.has("update_page_markdown"),
"update_page_markdown should be registered on the external MCP surface",
);
assert.ok(
!inventory.has("import_page_markdown"),
"import_page_markdown must be dropped from the external MCP surface (#411)",
);
// And the routing prose no longer points MCP clients at it.
assert.ok(
!ROUTING_PROSE.includes("import_page_markdown"),
"ROUTING_PROSE still mentions the removed import_page_markdown",
);
assert.ok(
ROUTING_PROSE.includes("update_page_markdown"),
"ROUTING_PROSE should mention update_page_markdown",
);
});
test("every inventory line has a non-empty purpose", () => {
for (const line of buildToolInventoryLines()) {
assert.equal(typeof line.purpose, "string");
assert.ok(line.purpose.trim().length > 0, `${line.name}: empty purpose`);
}
});
test("SERVER_INSTRUCTIONS keeps the routing prose and the generated inventory", () => {
assert.equal(typeof SERVER_INSTRUCTIONS, "string");
assert.ok(SERVER_INSTRUCTIONS.length > 0, "SERVER_INSTRUCTIONS is empty");
// Routing prose is spliced in verbatim (the hand-written intent hints).
assert.ok(
SERVER_INSTRUCTIONS.startsWith(ROUTING_PROSE),
"the routing prose is not preserved at the head of the guide",
);
// The generated inventory block is present.
assert.match(SERVER_INSTRUCTIONS, /<tool_inventory>/);
assert.match(SERVER_INSTRUCTIONS, /<\/tool_inventory>/);
// The routing families are still present in the prose.
for (const family of ["READ:", "EDIT:", "PAGES:", "COMMENTS:", "HISTORY:"]) {
assert.ok(
SERVER_INSTRUCTIONS.includes(family),
`routing prose lost its ${family} section`,
);
}
});
@@ -145,3 +145,36 @@ test("no-arg specs (getWorkspace/listSpaces/listShares) omit buildShape", () =>
assert.equal(SHARED_TOOL_SPECS[key].buildShape, undefined, `${key} should be no-arg`); assert.equal(SHARED_TOOL_SPECS[key].buildShape, undefined, `${key} should be no-arg`);
} }
}); });
// #411: plain-Markdown full-body replace tool, paired with updatePageJson.
test("updatePageMarkdown spec exists, pairs with updatePageJson, builds { pageId, content, title }", () => {
const spec = SHARED_TOOL_SPECS.updatePageMarkdown;
assert.ok(spec, "updatePageMarkdown spec missing");
assert.equal(spec.mcpName, "update_page_markdown");
assert.equal(spec.inAppKey, "updatePageMarkdown");
// Registered on BOTH hosts (a shared spec, no inAppOnly/mcpOnly flag).
assert.notEqual(spec.inAppOnly, true);
assert.notEqual(spec.mcpOnly, true);
// Same tier as its JSON sibling.
assert.equal(spec.tier, SHARED_TOOL_SPECS.updatePageJson.tier);
const shape = spec.buildShape(z);
assert.deepEqual(Object.keys(shape).sort(), ["content", "pageId", "title"]);
// pageId + content required, title optional.
const schema = z.object(shape);
assert.doesNotThrow(() => schema.parse({ pageId: "p1", content: "# Hi" }));
assert.throws(() => schema.parse({ pageId: "p1" }));
// The description must flag the `^[...]` inline-footnote parse path so the
// markdown->footnote canonicalization guarantee stays documented (#411).
assert.match(spec.description, /\^\[/);
});
// #411: import_page_markdown is dropped from the EXTERNAL MCP surface but stays
// available to the in-app agent — encoded as inAppOnly on the shared spec.
test("importPageMarkdown spec is inAppOnly (removed from the external MCP surface, kept in-app)", () => {
const spec = SHARED_TOOL_SPECS.importPageMarkdown;
assert.ok(spec, "importPageMarkdown spec missing");
assert.equal(spec.inAppOnly, true);
// The spec + its client method are NOT deleted — only hidden from the MCP host.
assert.equal(spec.mcpName, "import_page_markdown");
assert.equal(spec.inAppKey, "importPageMarkdown");
});
+2
View File
@@ -5,6 +5,8 @@
"moduleResolution": "Node16", "moduleResolution": "Node16",
"outDir": "./build", "outDir": "./build",
"rootDir": "./src", "rootDir": "./src",
"declaration": true,
"declarationMap": true,
"strict": true, "strict": true,
"esModuleInterop": true, "esModuleInterop": true,
"skipLibCheck": true, "skipLibCheck": true,
+8
View File
@@ -1044,6 +1044,9 @@ importers:
axios: axios:
specifier: 1.16.0 specifier: 1.16.0
version: 1.16.0 version: 1.16.0
elkjs:
specifier: ^0.11.1
version: 0.11.1
form-data: form-data:
specifier: ^4.0.0 specifier: ^4.0.0
version: 4.0.5 version: 4.0.5
@@ -6876,6 +6879,9 @@ packages:
electron-to-chromium@1.5.286: electron-to-chromium@1.5.286:
resolution: {integrity: sha512-9tfDXhJ4RKFNerfjdCcZfufu49vg620741MNs26a9+bhLThdB+plgMeou98CAaHu/WATj2iHOOHTp1hWtABj2A==} resolution: {integrity: sha512-9tfDXhJ4RKFNerfjdCcZfufu49vg620741MNs26a9+bhLThdB+plgMeou98CAaHu/WATj2iHOOHTp1hWtABj2A==}
elkjs@0.11.1:
resolution: {integrity: sha512-zxxR9k+rx5ktMwT/FwyLdPCrq7xN6e4VGGHH8hA01vVYKjTFik7nHOxBnAYtrgYUB1RpAiLvA1/U2YraWxyKKg==}
emittery@0.13.1: emittery@0.13.1:
resolution: {integrity: sha512-DeWwawk6r5yR9jFgnDKYt4sLS0LmHJJi3ZOnb5/JdbYwj3nW+FxQnHIjhBKz8YLC7oRNPVM9NQ47I3CVx34eqQ==} resolution: {integrity: sha512-DeWwawk6r5yR9jFgnDKYt4sLS0LmHJJi3ZOnb5/JdbYwj3nW+FxQnHIjhBKz8YLC7oRNPVM9NQ47I3CVx34eqQ==}
engines: {node: '>=12'} engines: {node: '>=12'}
@@ -17642,6 +17648,8 @@ snapshots:
electron-to-chromium@1.5.286: {} electron-to-chromium@1.5.286: {}
elkjs@0.11.1: {}
emittery@0.13.1: {} emittery@0.13.1: {}
emoji-regex@8.0.0: {} emoji-regex@8.0.0: {}