feat(ingestion): extract WriteNote helper and add brain_write MCP tool

api.WriteNote captures the file-write logic that was previously inline in Handler.Write. The existing HTTP endpoint now delegates to it; the new MCP brain_write tool reuses the same function. Path-traversal guard is strengthened to explicitly reject filenames containing path separators or "..", so the rejection is surfaced before filepath.Base strips the suspicious component (the previous defense-in-depth prefix check became unreachable for these inputs after Base normalisation). HTTP error code for caller-input errors shifts from 500 to 400, which is semantically correct and not exercised by any existing test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 10:05:48 +02:00
parent 7dcb5610fe
commit e4a94df4fc
4 changed files with 121 additions and 44 deletions
--- a/ingestion/internal/mcp/handlers.go
+++ b/ingestion/internal/mcp/handlers.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"

+	"github.com/mathiasbq/hyperguild/ingestion/internal/api"
 	"github.com/mathiasbq/hyperguild/ingestion/internal/search"
 )

@@ -102,3 +103,22 @@ func (s *Server) brainQuery(ctx context.Context, args json.RawMessage) (json.Raw
 	}
 	return json.Marshal(map[string]any{"results": results})
 }
+
+type brainWriteArgs struct {
+	Content  string `json:"content"`
+	Filename string `json:"filename,omitempty"`
+	Type     string `json:"type,omitempty"`
+	Domain   string `json:"domain,omitempty"`
+}
+
+func (s *Server) brainWrite(ctx context.Context, args json.RawMessage) (json.RawMessage, error) {
+	var a brainWriteArgs
+	if err := json.Unmarshal(args, &a); err != nil {
+		return nil, fmt.Errorf("parse args: %w", err)
+	}
+	relPath, err := api.WriteNote(s.brainDir, a.Content, a.Filename, a.Type, a.Domain)
+	if err != nil {
+		return nil, err
+	}
+	return json.Marshal(map[string]string{"path": relPath})
+}