v1.2.0

[jack-arturo]

This pull request introduces major improvements to Evernote MCP tool integration, focusing on enhanced search functionality, robust note patching, and improved test coverage. It also adds a custom CodeQL configuration to suppress known false positives and tightens security in the installation script. The changes are grouped below by theme.

Evernote MCP Tool Enhancements:

• Expanded the number of available tools from 11 to 28 and added the new evernote_patch_note tool, with comprehensive integration tests for patching note content, including edge cases and error handling [1] [2] [3].
• Improved the evernote_search_notes tool to return enhanced metadata (such as contentLength, notebookGuid, tags, sourceURL, and author) and support for content previews, including tests for preview inclusion, absence, and error handling [1] [2].

Testing Improvements:

• Added new mock data (sampleNoteMetadata, sampleNoteWithLongContent, sampleTag2) and updated imports to support enhanced search and preview tests [1] [2].
• Introduced a dedicated unit test for ENML-to-plain-text conversion and preview truncation logic, ensuring reliable preview generation for search results.

Security and Code Quality:

• Added a custom CodeQL configuration file to suppress known false positives in security analysis, such as intentional logging of masked credentials and trusted command inputs.
• Updated the GitHub Actions workflow to use the new CodeQL config for more accurate security scanning.
• Improved security in the installation script by switching from execSync to execFileSync and validating the Claude Code command path to prevent command injection [1] [2].

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Search results now support optional content preview (first ~300 characters of notes)
  • New "Patch Note" tool enables targeted find-and-replace edits within notes
  • Enhanced search metadata includes content length, notebook info, tags, and author details

• Bug Fixes

  • Improved security in credential handling and installation processes

• Chores

  • Updated Node.js engine requirement to >=18.17.0
  • Added new dependency for content processing

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Adds note preview and targeted patch-note features, ENML→plain-text conversion, resource-preserving patch application, expanded tests/mocks, CodeQL config/workflow, and security hardening for OAuth parsing and command execution.

Changes

Cohort / File(s)	Summary
CodeQL configuration /.github/codeql/codeql-config.yml, /.github/workflows/security.yml	Add CodeQL config with path ignores and query-filters; reference config from workflow.
Security / install script scripts/install-to-claude.js	Replace execSync with execFileSync and arg arrays; validate command input and sanitize logged command.
OAuth handling src/auth-standalone.ts	Parse oauth_verifier via URL.searchParams with validation; mask Evernote credentials in post-setup output.
Evernote API – preview & patch src/evernote-api.ts	Add getNotePreview() and enmlToPlainText(); add patchNoteContent() with replacement counts, validation, replaceAll support, and resource-preserving applyMarkdownToNote(..., { preserveResources }).
Tooling / handlers src/index.ts	Add includePreview flag to evernote_search_notes (optional per-note preview) and new evernote_patch_note tool and handler.
Types src/types.ts	Export new NoteReplacement and PatchNoteResult interfaces.
Tests & mocks __tests__/integration/mcp-tools.test.ts, __tests__/unit/search-preview.test.ts, __tests__/mocks/evernote.mock.ts	Add/expand integration tests for patching, previews, resources; add unit tests for ENML→plaintext and truncation; new fixtures sampleNoteMetadata, sampleNoteWithLongContent, sampleTag2.
Deps / package package.json	Bump Node engine min to >=18.17.0 and add cheerio dependency.

Sequence Diagram(s)

mermaid
sequenceDiagram
box rgba(63,123,191,0.5)
participant Client
end
box rgba(52,199,89,0.5)
participant ToolHandler
participant EvernoteAPI
end
box rgba(255,99,71,0.5)
participant EvernoteService
end

Client->>ToolHandler: call evernote_search_notes(includePreview)
ToolHandler->>EvernoteAPI: searchNotes(query)
EvernoteAPI->>EvernoteService: list notes / fetch metadata
EvernoteService-->>EvernoteAPI: notes + metadata
EvernoteAPI->>EvernoteService: (if includePreview) get note content for each GUID
EvernoteService-->>EvernoteAPI: note content
EvernoteAPI->>EvernoteAPI: enmlToPlainText -> truncatePreview
EvernoteAPI-->>ToolHandler: enriched results (tags, preview, metadata)
ToolHandler-->>Client: return results

mermaid
sequenceDiagram
box rgba(63,123,191,0.5)
participant Client
end
box rgba(52,199,89,0.5)
participant ToolHandler
participant EvernoteAPI
end
box rgba(255,99,71,0.5)
participant EvernoteService
end

Client->>ToolHandler: call evernote_patch_note(guid,replacements)
ToolHandler->>EvernoteAPI: patchNoteContent(guid,replacements)
EvernoteAPI->>EvernoteService: fetch note (including resources)
EvernoteService-->>EvernoteAPI: note + resources
EvernoteAPI->>EvernoteAPI: convert ENML→markdown, apply replacements, validate results
EvernoteAPI->>EvernoteService: update note with new content and merged/preserved resources
EvernoteService-->>EvernoteAPI: update confirmation
EvernoteAPI-->>ToolHandler: PatchNoteResult (per-change summary)
ToolHandler-->>Client: return patch result

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• verygoodplugins/mcp-evernote#13: Implements similar evernote_patch_note feature, patchNoteContent logic, types, and overlapping tests.
• verygoodplugins/mcp-evernote#9: Related changes touching tests, mocks, and auth handling.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'v1.2.0' is a version number that does not meaningfully describe the actual changes in the pull request, which include enhanced search functionality, note patching, security improvements, and expanded test coverage.	Use a descriptive title that captures the main changes, such as 'Add evernote_patch_note tool with enhanced search metadata and content previews' or 'v1.2.0: Enhance Evernote MCP tools with patching and search improvements'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is well-detailed and directly related to the changeset, covering Evernote MCP tool enhancements, testing improvements, and security updates that align with the actual code changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch develop

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/evernote-api.ts`:
- Around line 198-218: The function patchNoteContent should validate each
replacement's replace value too: inside patchNoteContent where replacements are
iterated (for each replacement in replacements) add a guard that ensures
replacement.replace exists and is a string (allowing empty string if intended)
and return a failing PatchNoteResult with an explanatory warning if it's missing
or not a string; update the error message to reference the invalid replace value
and keep the existing structure (success:false, noteGuid: guid, changes: [],
warning: 'Invalid replace value in replacements') so callers can handle the
validation failure consistently.

🧹 Nitpick comments (3)

scripts/install-to-claude.js (1)

7-7: Unused import spawn.

The spawn function is imported but never used in this file. Consider removing it to keep the imports clean.

Suggested fix

-import { execFileSync, spawn } from 'child_process';
+import { execFileSync } from 'child_process';

__tests__/unit/search-preview.test.ts (1)

6-53: Optional: share ENML/plain-text helpers to avoid drift.

These helpers mirror production logic; consider extracting to a shared utility so tests exercise the same implementation.

__tests__/integration/mcp-tools.test.ts (1)

1086-1115: Add an explicit updateNote call assertion in the resource-preservation test.

Right now, if updateNote isn’t called, the resource checks won’t execute and the test could still pass.

Suggested tweak

       const result = await callToolHandler(request);

+      expect(mockNoteStore.updateNote).toHaveBeenCalledTimes(1);
       expect(result.content[0].text).toContain('Note patched successfully');

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/evernote-api.ts`:
- Around line 88-113: The getNotePreview function currently returns "..." when
maxLength <= 0; add an early guard at the top of getNotePreview(guid: string,
maxLength: number = 300) that handles non‑positive maxLength values (e.g., if
(maxLength <= 0) return null or throw a RangeError) to avoid returning only an
ellipsis; update callers/tests if you choose to throw so they handle the new
behavior.

♻️ Duplicate comments (1)

src/evernote-api.ts (1)

202-210: Validate replacement.replace to avoid unintended coercion.

Non‑string replace values will coerce to "undefined"/"null" and can corrupt content. Add a guard alongside the find validation.

🔧 Suggested fix

 for (const replacement of replacements) {
   if (!replacement.find || typeof replacement.find !== 'string' || replacement.find.length === 0) {
     return {
       success: false,
       noteGuid: guid,
       changes: [],
       warning: 'Empty find string in replacements',
     };
   }
+  if (typeof replacement.replace !== 'string') {
+    return {
+      success: false,
+      noteGuid: guid,
+      changes: [],
+      warning: 'Replacement text must be a string',
+    };
+  }
 }