v1.3.1

Highlights

• Code Audit Bugfixes — 10 bugs fixed from deep codebase audit: Unicode signature extraction, import-based symbol disambiguation, BM25 body truncation, embedding codec optimization, attachment limits, graph persistence recovery, WebSocket cleanup.
• Embedding API Base64 — POST /api/embed now supports format: "base64" for compact transfer (~2x smaller than JSON number arrays).
• REST Embedding Stripping — GET endpoints for notes/symbols/docs no longer return raw embedding vectors.
• Centralized Defaults — All magic numbers extracted to src/lib/defaults.ts (~80 constants).

Fixes

• buildSignature — line-based slicing instead of byte offsets; correct for Cyrillic/emoji in JSDoc
• getDocComment — use previousNamedSibling for robustness across tree-sitter grammars
• resolvePendingEdges — disambiguate via import edges when multiple classes share the same name
• float32ToBase64 — O(n) Buffer.from instead of O(n²) string concatenation
• BM25 body truncation to 2000 chars prevents avgDl distortion from large code files
• Parser caches (_pathMappings, _wikiIndex) cleared between projects in multi-project mode
• Graph loadGraph recovers from interrupted saves via .tmp file fallback
• WebSocket attachWebSocket returns cleanup function for listener removal

Security

• Attachment limits enforced: 10 MB per file, 20 per entity (note/task/skill)
• REST endpoints strip embedding vectors from responses (matching MCP tool behavior)

v1.3.0

Release Notes — v1.3.0

Date: 2026-03-21
Previous release: v1.2.0 (2026-03-19)
Commits: 21
Changes: 186 files changed, 11,054 insertions, 1,223 deletions
Tests: 1,507 tests across 36 suites (all passing)

---

Highlights

MCP Authentication & Per-User Access Control

MCP endpoints were previously open to anyone who knew the URL. Now:

• API key authentication on MCP session creation (Authorization: Bearer <apiKey>)
• If users are configured, a valid API key is required; otherwise backward-compatible (no auth)
• Per-user tool visibility — mutation tools are hidden from users with read-only access (r) on a graph
• Users with deny access don't see the graph's tools at all
• Timing-safe API key comparison (reuses existing resolveUserFromApiKey)

Per-Graph Readonly Mode

New readonly: boolean option in graph config:

projects:
  my-project:
    graphs:
      knowledge:
        readonly: true   # searchable, but all mutation tools hidden

• Mutation MCP tools not registered (clients don't see them)
• REST mutations return 403 Forbidden
• File mirror (.notes/, .tasks/, .skills/) skips readonly graphs
• Tools explorer respects readonly (defense-in-depth)
• Readonly overrides per-user rw access — it's a graph-level lock

Mega Prompt Builder

New UI feature — Simple and Advanced modes for generating AI prompts from project context:

• Simple mode: quick prompt generation from selected context
• Advanced mode: tab-based UI with granular content selection, code/docs sources, and preview
• Content audit and quality improvements

Connect MCP Dialog

New "Connect" button in the UI header:

• Config snippets for .mcp.json, Claude CLI, Cursor, and Windsurf
• Auto-detects and pre-fills API key when auth is enabled
• Copy-to-clipboard for each config variant

Code Parser — 6-Phase Audit

Deep audit of tree-sitter code parsing and related systems:

1. Phase 1: Fix TSX grammar loading, WASM memory leak, symbol extraction accuracy
2. Phase 2: Graph structure, indexer robustness, import resolution improvements
3. Phase 3: Search quality — symbol matching, includeBody support
4. Phase 4: Docs link extraction, wiki-link caching
5. Phase 5: Persistence safety, embedding vector compression, stop words
6. Phase 6: Embedder test fixes, search quality end-to-end tests

UI Bundle Optimization

• Vendor code splitting via Vite manualChunks — react, mui, mui-icons, markdown, md-editor, graph
• Lazy loading of @uiw/react-md-editor (~679 kB) via React.lazy
• Initial bundle reduced from 1,942 kB to ~653 kB

---

Security

• MCP auth: Bearer API key required when users are configured
• Readonly enforcement: mutation tools hidden from MCP, 403 on REST, mirror watcher skipped
• Security hardening: input validation, safe graph operations (full project audit)
• License change: ISC → Elastic License 2.0 (ELv2) — source-available, self-hosting allowed, managed service prohibited

Server Startup

• HTTP server now starts after all initialization and indexing completes
• Startup banner shows all project/workspace MCP endpoints when ready

Testing

• +267 new tests (1,240 → 1,507)
• REST API coverage: all 70 endpoints tested
• MCP auth tests (config parsing, readonly, user access)
• MCP readonly tests (tool visibility, canAccess/canMutate)
• REST readonly tests (403 on mutations, 200 on reads)
• Code parser, docs, graphs, search — comprehensive coverage
• Search quality end-to-end tests

Documentation

Updated docs across the board:

• configuration.md — readonly mode, examples
• authentication.md — MCP auth section, per-user tool visibility
• api-mcp.md — auth requirements, readonly tool hiding
• api-rest.md — readonly in project list response
• security.md — MCP auth, readonly as defense-in-depth
• testing.md — updated test counts and patterns
• npm-package.md — license update
• UI help guides — readonly mentions in knowledge, task, skill tool docs

Community

• CONTRIBUTING.md — development workflow, project structure, test patterns, guidelines
• CODE_OF_CONDUCT.md — Contributor Covenant 2.1
• SECURITY.md — vulnerability reporting policy (GitHub Security Advisories + email)

---

Breaking Changes

• License: Changed from ISC to Elastic License 2.0. Self-hosting and modification are permitted; offering as a managed/hosted service is not.
• MCP auth: If users are configured in graph-memory.yaml, MCP clients now require Authorization: Bearer <apiKey> header. Existing setups without users are unaffected.

Upgrade Notes

1. Update MCP client configs to include API key header if auth is enabled
2. Review graph configs — add readonly: true to graphs that should be read-only
3. Review license terms if distributing or hosting the software

v1.1.0

v1.1.0

Breaking Changes

• Node.js ≥ 22 required — ESM-only dependencies no longer support Node 20
• Package renamed to @graphmemory/server
• Docker image renamed to ghcr.io/graph-memory/graphmemory-server
• Config restructured (no backward compat with v1.0.x):
  • docsPattern / codePattern removed → use graphs.docs.include / graphs.code.include
  • pattern renamed to include, excludePattern renamed to exclude
  • embedding split into two sections: model (model-specific) + embedding (operational)
  • embedMaxChars / maxTokensDefault removed → use embedding.maxChars

Features

Authentication & Access Control

• User management with API key authentication (Authorization: Bearer <apiKey>)
• Password login with scrypt hashing + JWT cookies for Web UI
• Per-graph ACL with hierarchical resolution: graph → project → workspace → server → defaultAccess
• Access levels: deny | r | rw
• CLI: graphmemory users add for interactive user creation

Team & Task Assignment

• Team directory via .team/*.md files (name, email per member)
• Task assignee field — assign, filter, display on kanban cards
• Assignee dropdown in task create/edit populated from team directory

Embedding API

• POST /api/embed — expose server's embedding model over HTTP for other instances
• Configurable limits: embeddingApi.maxTexts (default 100), embeddingApi.maxTextChars (default 10000)
• Separate auth via embeddingApi.apiKey
• Remote embedding client — use another server's model instead of loading locally:

  embedding:
    remote: "http://gpu-server:3000/api/embed"
    remoteApiKey: "key"

Config Restructuring

• Model config — whole object taken from first level that defines it (no field merging):

  server:
    model:
      name: "Xenova/bge-m3"
      pooling: cls
      normalize: true

• Embedding config — each field individually inherits up the chain (graph → project → workspace → server):

  server:
    embedding:
      batchSize: 1
      maxChars: 8000
      cacheSize: 10000

• Accumulating excludes — all levels merge (server + workspace + project + graph):

  server:
    exclude: "**/node_modules/**,**/dist/**"   # default
  projects:
    my-app:
      exclude: "**/coverage/**"                 # added on top
      graphs:
        docs:
          exclude: "**/drafts/**"               # added on top of that

• Max file size — configurable at server / workspace / project level (default 1 MB)
• Rate limiting — configurable per IP:

  server:
    rateLimit:
      global: 600   # all /api/* — req/min per IP
      search: 120   # search + embed endpoints
      auth: 10      # login endpoint

Access-Aware UI

• Hide create/edit/delete controls in read-only mode
• Hide disabled graphs from sidebar
• Login page for password-based auth

Code Parsing Engine

• Replaced ts-morph with tree-sitter (web-tree-sitter WASM)
• Faster parsing, no native binary dependencies
• Supports TS / JS / TSX / JSX, cross-platform CI compatible

Security Fixes

• Path traversal — fixed startsWith() string prefix matching → proper path.relative() check
• ACL on graph export — /api/projects/:projectId/graph now enforces per-graph read access
• ACL on tools router — /api/projects/:projectId/tools/:toolName/call enforces read/write by tool type
• YAML billion laughs — frontmatter parser limited to maxAliasCount: 10
• JWT TTL validation — reject zero/negative TTL values
• Filename sanitization — guard against empty result after sanitization in writeAttachment()
• WebSocket error handlers — prevent silent connection leaks on send failures
• Timing-safe comparison for all API key checks

Bug Fixes

• Hybrid search fusion — RRF no longer drops documents with low vector scores; all results included in fusion
• Multi-project proxy cleanup — filter by projectId to prevent deleting other projects' proxies in workspace mode
• Retroactive cross-file edges — deferred links and imports resolved after indexer drain
• Atomic mirror writes — write to temp file + rename to prevent corruption on crash
• Remote embedder retry — 3 attempts with exponential backoff for 5xx and network errors
• LRU embedding cache — configurable cacheSize (default 10,000), avoids re-computing identical texts
• Default maxChars raised from 2,000 to 8,000 (matches BGE-M3's 8,192 token context)
• Wiki search depth limit — max 10 levels to prevent stack overflow on deep/cyclic directories
• File size guard — skip files exceeding maxFileSize during indexing with warning
• Validation error details — REST API returns field-level error info instead of generic "Validation error"

Documentation

• Comprehensive docs/ directory (15+ pages covering architecture, configuration, security, Docker, etc.)
• All config examples updated for new format with correct defaults
• claude mcp add --transport http --scope project one-liner in setup guides
• MCP server name standardized to graph-memory across all examples

Stats

• 23 commits, 142 files changed
• ~11,000 insertions, ~4,200 deletions
• 1,240 tests across 28 suites

v1.0.4

Fix npm package to include UI build in dist/ui/, bump to 1.0.4

Copy UI build output into dist/ui/ so it's included in the npm package.
Resolve UI static path with fallback for both npm package and dev layouts.

v1.0.3

Full Changelog: v1.0.2...v1.0.3

v1.0.2

Full Changelog: v1.0.1...v1.0.2

v1.0.1

Full Changelog: v1.0.0...v1.0.1

v1.0.0

Full Changelog: https://github.com/prih/mcp-graph-memory/commits/v1.0.0