chore(plugin): v4.5.0 — restore MCP + disable noisy context inject (BREAKING)

[thebtf]

v4.5.0 release

Consolidates the BREAKING CHANGE from PR #176 (legacy MCP/CLI removal) with two user-visible plugin tactical fixes into one coherent release. Single marketplace-sync cycle, single tag, single set of release notes.

⚠️ BREAKING CHANGES (carried over from PR #176)

The engram-mcp and engram-mcp-stdio-proxy release artifacts no longer ship.

Bare-metal users who installed via tarball or scripts/install.sh and relied on the engram-mcp binary must migrate to the plugin marketplace install path:

/plugin marketplace add thebtf/engram-marketplace
/plugin install engram

Plugin marketplace users are unaffected — ensure-binary.js downloads only the engram stdio-proxy binary, not engram-mcp.

Fix #1 — MCP startup reliability after CC plugin update

Smoking gun (.agent/reports/plugin-tactical-fix-triage.md): when CC updates the plugin from v4.3.0 to v4.4.x it does NOT migrate plugin-level userConfig (server_url + api_token). .mcp.json then expands ${user_config.server_url} to an empty string, the binary spawns silently, and every MCP tool call fails with an opaque gRPC dial error against an empty target.

Changes:

• plugin/engram/.mcp.json — env block now also passes "ENGRAM_URL_LEGACY": "${ENGRAM_URL}" so users who had ENGRAM_URL in their shell from the v4.3.0 setup still get a working MCP server.
• plugin/engram/scripts/run-engram.js — before spawning, fall back to ENGRAM_URL_LEGACY if ENGRAM_URL is empty, AND emit a visible WARN to stderr if both are empty so the failure mode is no longer silent.

Fix #2 — Disable noisy context injection

Per .agent/reports/phase-2-synthesis.md fix #16 + the entity audits, the session-start hook currently injects 100 raw observations unioned with 10 semantic hits, plus project briefing, plus learned guidance. Reported as noise rather than relevant context.

Field-level classification (kept verbatim from plugin-tactical-fix-triage.md):

Response field	Was rendered as	Now
result.observations / results	<engram-context>	DISABLED
result.full_count	<engram-context> cutoff	DISABLED
result.project_briefing	<project-briefing>	DISABLED
result.guidance	<engram-guidance>	DISABLED
result.always_inject	<user-behavior-rules>	KEPT
GET /api/issues (open)	<engram-issues>	KEPT
GET /api/issues (resolved)	<engram-resolved-issues>	KEPT

Changes in plugin/engram/hooks/session-start.js:

• Removed render of <engram-context> (~lines 209-243), <project-briefing> (~245-248), <engram-guidance> (~251-273)
• Kept the inject GET — result.always_inject lives in that response and we still render it
• Scoped mark-injected API call to alwaysInject IDs only so citation tracking does not log false positives
• Removed misleading log line that counted observations no longer rendered

Net diff in this hook: −91 lines.

What stays working (safety guarantees)

• All MCP save/recall tools — recall, recall_memory, store, store_memory, find_by_file, observations, feedback, vault, issues, etc. Separate gRPC path (internal/mcp/tools_*.go), zero coupling to inject hook.
• Issues injection — separate /api/issues HTTP calls, untouched.
• Behavioral rules — always_inject tier still rendered.
• Server-side code — only the plugin layer changed. No engram-server redeploy required.

Version bump

Per Constitution §15 the daemon version and plugin version move together:

• cmd/engram/main.go daemonVersion "v4.4.0" → "v4.5.0"
• plugin/engram/.claude-plugin/plugin.json version "4.4.0" → "4.5.0"

Verification

• JSON syntax check on .mcp.json + plugin.json — clean
• node --check on run-engram.js + session-start.js — clean
• go build ./... — clean
• 3-OS matrix CI re-runs on this amended commit

Out of scope (Phase 2 strategic work continues)

This is tactical only. Phase 2 redesign continues in parallel:

• Citation session_id="" smoking gun fix (synthesis fix feat: self-learning utility signals #1)
• Hook curated-render fix (feat: collection MCP tools and instinct import #2)
• 100-observation cap policy (feat: Engram v2 — Memory Evolution #3)
• All other Phase 2 stage 1+2+3 items in .agent/reports/phase-2-synthesis.md

This PR keeps the user productive while that redesign happens.

Files in this PR

5 changed:

• plugin/engram/.mcp.json
• plugin/engram/scripts/run-engram.js
• plugin/engram/hooks/session-start.js
• plugin/engram/.claude-plugin/plugin.json
• cmd/engram/main.go (daemonVersion bump)

Net −76 LOC (mostly removed render blocks).

Summary by CodeRabbit

Примечания к выпуску

• New Features

  • Появляютcя диагностические предупреждения при отсутствии URL-конфигурации.
  • Добавлена поддержка резервного значения URL для обратной совместимости (ENGRAM_URL_LEGACY).

• Chores

  • Обновлена версия плагина/демона с 4.4.0 до 4.5.0.
  • Упрощена логика формирования контекста сеанса: убраны разделы проектной памяти, брифинга и рекомендаций; сохраняются только правила поведения и блоки с проблемами.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Walkthrough

Версия плагина engram обновлена с 4.4.0 до 4.5.0; добавлена переменная окружения ENGRAM_URL_LEGACY в MCP-конфигурацию; в session-start.js убрана логика сборки/рендеринга памяти проекта, брифинга и guidance; запуск run-engram.js теперь подтягивает ENGRAM_URL из ENGRAM_URL_LEGACY при необходимости.

Changes

Cohort / File(s)	Summary
Манифест плагина plugin/engram/.claude-plugin/plugin.json	Обновлён version с 4.4.0 на 4.5.0; удалён завершающий перевод строки.
MCP конфигурация plugin/engram/.mcp.json	Добавлена переменная окружения ENGRAM_URL_LEGACY со значением ${ENGRAM_URL}; EOF-форматирование скорректировано.
Инициализация сессии plugin/engram/hooks/session-start.js	Удалена трансформация/рендеринг project memory, project_briefing и guidance; теперь только логирование стратегии, рендер always_inject и отправка отметок об injected только для alwaysInject IDs.
Оболочка запуска engram plugin/engram/scripts/run-engram.js	Добавлена логика fallback: при пустом ENGRAM_URL используется ENGRAM_URL_LEGACY; если по-прежнему пусто — выводится предупреждение в stderr; EOF-форматирование скорректировано.
Демон / версия cmd/engram/main.go	Константа daemonVersion обновлена с v4.4.0 на v4.5.0, что влияет на логирование и snapshot-метаданные.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• refactor: Phase 0 cleanup — remove MCP HTTP transports + dead code #148: затрагивает те же компоненты — MCP-конфиг, run-engram.js и манифест плагина; тесно связан с изменениями окружения и конфигурации.
• feat(plugin): auto-download binary + userConfig onboarding #149: расширяет правки манифеста и скрипта запуска; содержит похожие изменения в run-engram.js и .mcp.json.
• chore: bump plugin version to 3.7.7 #144: также обновляет поле version в plugin/engram/.claude-plugin/plugin.json.

Poem

🐰 Скачет версия, в путь — v4.5.0,
Наследный URL спрячу в карман.
Память уж короче, правила — в свет,
Запуск найдёт путь — не страшен дождь и мрак.
Плагин поёт: вперёд, ведь новый план!

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title references v4.5.0 but PR objectives document v4.4.1; version mismatch suggests title may not accurately reflect the actual changeset.	Align the title version number with the actual version bump in the changeset (v4.4.1 vs v4.5.0) or clarify the intended release version.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/plugin-tactical-fix-v4.4.1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

plugin/engram/hooks/session-start.js (1)

196-199: Следующий шаг: урезать payload на уровне API, а не только рендер.

Сейчас ненужные поля всё ещё тянутся по сети. Имеет смысл добавить server-side фильтрацию секций (например, only always_inject) для снижения latency/нагрузки.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugin/engram/hooks/session-start.js` around lines 196 - 199, В коде плагина
(plugin/engram/hooks/session-start.js) нужно не только отключить рендеринг
<engram-context>, <project-briefing> и <engram-guidance>, но и отфильтровать их
на стороне API при формировании payload: измените логику, которая собирает ответ
для "inject GET" (использует result.always_inject) чтобы исключать ненужные
секции из исходящего JSON, оставляя только элементы с result.always_inject ===
true; обновите соответствующую сборку ответа/функцию формирования payload в том
же файле чтобы эти поля не передавались по сети и добавьте/обновите тесты или
контракт ответа, подтверждающие что отключённые теги полностью удаляются из
API-ответа.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugin/engram/scripts/run-engram.js`:
- Around line 27-34: The current check uses !process.env.ENGRAM_URL which treats
strings of only whitespace as truthy; update the logic where
process.env.ENGRAM_URL/ENGRAM_URL_LEGACY are handled so you normalize and test
for non-empty trimmed values (use process.env.ENGRAM_URL &&
process.env.ENGRAM_URL.trim().length or equivalent) before assigning or deciding
the warning path; specifically change the assignment/fallback and the subsequent
emptiness check that writes to process.stderr to use trimmed checks on
process.env.ENGRAM_URL and process.env.ENGRAM_URL_LEGACY so whitespace-only
values trigger the fallback and WARNING correctly.

---

Nitpick comments:
In `@plugin/engram/hooks/session-start.js`:
- Around line 196-199: В коде плагина (plugin/engram/hooks/session-start.js)
нужно не только отключить рендеринг <engram-context>, <project-briefing> и
<engram-guidance>, но и отфильтровать их на стороне API при формировании
payload: измените логику, которая собирает ответ для "inject GET" (использует
result.always_inject) чтобы исключать ненужные секции из исходящего JSON,
оставляя только элементы с result.always_inject === true; обновите
соответствующую сборку ответа/функцию формирования payload в том же файле чтобы
эти поля не передавались по сети и добавьте/обновите тесты или контракт ответа,
подтверждающие что отключённые теги полностью удаляются из API-ответа.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c190796d-a6df-40a1-ab6b-79987b5deea2

📥 Commits

Reviewing files that changed from the base of the PR and between 612a9cc and 73f95a0.

📒 Files selected for processing (4)

• plugin/engram/.claude-plugin/plugin.json
• plugin/engram/.mcp.json
• plugin/engram/hooks/session-start.js
• plugin/engram/scripts/run-engram.js

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Усилите проверку “пустого” URL (пробелы сейчас проходят).

Сейчас !process.env.ENGRAM_URL не ловит значения вида " ", из-за чего fallback и WARN могут быть пропущены.

Предлагаемый патч

-if (!process.env.ENGRAM_URL && process.env.ENGRAM_URL_LEGACY) {
-  process.env.ENGRAM_URL = process.env.ENGRAM_URL_LEGACY;
+const currentUrl = (process.env.ENGRAM_URL || "").trim();
+const legacyUrl = (process.env.ENGRAM_URL_LEGACY || "").trim();
+
+if (!currentUrl && legacyUrl) {
+  process.env.ENGRAM_URL = legacyUrl;
 }
 
 // Visible diagnostic: warn to stderr if both ended up empty so the user has a signal,
 // not a silent gRPC dial failure on every tool call.
-if (!process.env.ENGRAM_URL) {
+if (!(process.env.ENGRAM_URL || "").trim()) {
   process.stderr.write(

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (!process.env.ENGRAM_URL && process.env.ENGRAM_URL_LEGACY) {
	process.env.ENGRAM_URL = process.env.ENGRAM_URL_LEGACY;
	}
	// Visible diagnostic: warn to stderr if both ended up empty so the user has a signal,
	// not a silent gRPC dial failure on every tool call.
	if (!process.env.ENGRAM_URL) {
	process.stderr.write(
	const currentUrl = (process.env.ENGRAM_URL || "").trim();
	const legacyUrl = (process.env.ENGRAM_URL_LEGACY || "").trim();
	if (!currentUrl && legacyUrl) {
	process.env.ENGRAM_URL = legacyUrl;
	}
	// Visible diagnostic: warn to stderr if both ended up empty so the user has a signal,
	// not a silent gRPC dial failure on every tool call.
	if (!(process.env.ENGRAM_URL || "").trim()) {
	process.stderr.write(

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugin/engram/scripts/run-engram.js` around lines 27 - 34, The current check
uses !process.env.ENGRAM_URL which treats strings of only whitespace as truthy;
update the logic where process.env.ENGRAM_URL/ENGRAM_URL_LEGACY are handled so
you normalize and test for non-empty trimmed values (use process.env.ENGRAM_URL
&& process.env.ENGRAM_URL.trim().length or equivalent) before assigning or
deciding the warning path; specifically change the assignment/fallback and the
subsequent emptiness check that writes to process.stderr to use trimmed checks
on process.env.ENGRAM_URL and process.env.ENGRAM_URL_LEGACY so whitespace-only
values trigger the fallback and WARNING correctly.