github · mcp-memory-serviceHEAD

File mounts an HTTP route that handles MCP `tools/list` (Express / Fastify / FastAPI / Flask) but the route — and the router it sits behind — has no auth middleware applied. An anonymous client can enumerate every tool the server exposes, scope the attack surface, and (if `tools/call` shares the route) invoke them. Apply auth at the route or router level: Express `passport.authenticate(...)` / a `requireAuth`-style middleware, FastAPI `Depends(get_current_user)` or `Depends(verify_jwt)`, Flask

# MCP Memory Service

[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

[![GitHub stars](https://img.shields.io/github/stars/doobidoo/mcp-memory-service?style=social)](https://github.com/doobidoo/mcp-memory-service/stargazers)

[![GitHub forks](https://img.shields.io/github/forks/doobidoo/mcp-memory-service?style=social)](https://github.com/doobidoo/mcp-memory-service/network/members)

[![GitHub issues](https://img.shie

File mounts an HTTP route that handles MCP `tools/list` (Express / Fastify / FastAPI / Flask) but the route — and the router it sits behind — has no auth middleware applied. An anonymous client can enumerate every tool the server exposes, scope the attack surface, and (if `tools/call` shares the route) invoke them. Apply auth at the route or router level: Express `passport.authenticate(...)` / a `requireAuth`-style middleware, FastAPI `Depends(get_current_user)` or `Depends(verify_jwt)`, Flask

# Copyright 2024 Heinrich Krupp

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the

File mounts an HTTP route that handles MCP `tools/list` (Express / Fastify / FastAPI / Flask) but the route — and the router it sits behind — has no auth middleware applied. An anonymous client can enumerate every tool the server exposes, scope the attack surface, and (if `tools/call` shares the route) invoke them. Apply auth at the route or router level: Express `passport.authenticate(...)` / a `requireAuth`-style middleware, FastAPI `Depends(get_current_user)` or `Depends(verify_jwt)`, Flask

"""

MCP (Model Context Protocol) endpoints for Claude Code integration.

This module provides MCP protocol endpoints that allow Claude Code clients

to directly access memory operations using the MCP standard.

"""

import json

import logging

from typing import Dict, Any, Optional, Union

from fastapi import APIRouter, Depends, Response

from fastapi.responses import JSONResponse

from pydantic import BaseModel, ConfigDict

from ..dependencies import get_storage

from ...utils.hashing import generate_

File mounts an HTTP route that handles MCP `tools/list` (Express / Fastify / FastAPI / Flask) but the route — and the router it sits behind — has no auth middleware applied. An anonymous client can enumerate every tool the server exposes, scope the attack surface, and (if `tools/call` shares the route) invoke them. Apply auth at the route or router level: Express `passport.authenticate(...)` / a `requireAuth`-style middleware, FastAPI `Depends(get_current_user)` or `Depends(verify_jwt)`, Flask

# Claude Code Compatibility Guide

## Overview

The MCP Memory Service FastAPI server v4.0.0-alpha.1 implements the official MCP protocol but has specific compatibility considerations with Claude Code's SSE client implementation.

## Current Status

### ✅ Working MCP Clients

- **Standard MCP Libraries**: Python `mcp` package, JavaScript MCP SDK

- **Claude Desktop**: Works with proper MCP configuration

- **Custom MCP Clients**: Any client implementing standard MCP protocol

- **HTTP API**: Full RE

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

;;

    health)

        echo "Checking service health..."

        curl -k -s https://localhost:8000/api/health | jq '.' 2>/dev/null || curl -k -s https://localhost:8000/api/health

        ;;

    enable)

        echo "Enabling service for startup..."

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

Execute this command to load context:

```bash

curl -k -s -X POST https://your-server-ip:8443/mcp \

  -H "Content-Type: application/json" \

  -H "Authorization: Bearer your-api-key" \

  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "retrieve_memory", "arguments": {"query": "claude-code-reference distributable-reference", "limit": 20}}}' \

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

For quick context loading:

```

Load project context from memory service: curl -k -s -X POST https://your-server-ip:8443/mcp -H "Content-Type: application/json" -H "Authorization: Bearer your-api-key" -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "retrieve_memory", "arguments": {"query": "claude-code-reference", "limit": 20}}}' | jq -r '.result.content[0].text'

Incorporate this MCP Memory Service project knowledge before proceeding.

```

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

**Solutions:**

```bash

# Check if API key is required

curl -k https://your-remote-server:8443/api/health

# Set API key if required

export REMOTE_MEMORY_API_KEY="your-api-key"

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

// /api/search/by-tag. Larger than storeMemoryHTTP (5s) and _attemptHealthCheck (3s)

                // because search queries run embedding + vector scan, not a simple write/ping.

                timeout: 10000,

                rejectUnauthorized: false,  // Allow self-signed certificates

                agent: false  // Disable keepAlive — hook is one-shot, reused sockets race uvicorn close (ECONNRESET / socket hang up)

            };

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

- `POST /api/memories` - Store new memories

  - `GET /api/health/detailed` - Service health diagnostics

- **Backend Compatibility**: Works with both ChromaDB and SQLite-vec storage backends

- **HTTPS Support**: Uses curl with `-k` flag for self-signed certificates

**Important**: Commands are configurable but must maintain compatibility with the documented API endpoints to function properly. Users can customize server locations but not the API contract.

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

export REMOTE_MEMORY_API_KEY="your-api-key"

# Test with API key

curl -k -H "Authorization: Bearer your-api-key" \

  https://your-remote-server:8443/api/health

```

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

### Get All Project Context

```bash

curl -k -s -X POST https://TARGET_IP:8443/mcp \

  -H "Content-Type: application/json" \

  -H "Authorization: Bearer test-key-123" \

  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "retrieve_memory", "arguments": {"query": "claude-code-reference", "limit": 20}}}' \

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

Authorization: Bearer test-key-123

Use this command to fetch context:

curl -k -s -X POST https://TARGET_IP:8443/mcp \

  -H "Content-Type: application/json" \

  -H "Authorization: Bearer test-key-123" \

  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "retrieve_memory", "arguments": {"query": "claude-code-reference distributable-reference", "limit": 20}}}' \

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

**Phase 1: Manual Loading (Aug 2025)** ❌ OBSOLETE

```bash

# Users had to manually run curl commands and paste output

curl -k -s -X POST https://server:8443/mcp \

  -H "Authorization: Bearer token" \

  -d '{"method": "tools/call", "params": {...}}'

```

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

sudo systemctl status mcp-memory

# 2. Test API health

curl -k https://localhost:8000/api/health

# 3. Check mDNS discovery

avahi-browse -t _mcp-memory._tcp

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

ss -tlnp | grep :443

# Test local connection

curl -k https://memory.local/api/health

# Check firewall

sudo ufw status

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

'Authorization': `Bearer ${apiKey}`,

                'Content-Length': Buffer.byteLength(postData)

            },

            rejectUnauthorized: false,

            timeout: 5000

        };

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

)

    # Prepare curl command with optional API key

    CURL_CMD="curl -k -s -X POST"

    CURL_CMD="$CURL_CMD -H 'Content-Type: application/json'"

    CURL_CMD="$CURL_CMD -H 'X-Client-Hostname: $HOSTNAME'"

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

#### Connection Problems

```bash

# Test remote connectivity

curl -k https://narrowbox.local:8443/api/health

# Check DNS resolution

nslookup narrowbox.local

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

**Old Approach** (manual):

```bash

curl -k -s -X POST https://server:8443/mcp ... | jq -r '.result.content[0].text'

```

**New Approach** (automatic):

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

'Connection': 'close'

                    },

                    timeout: this.httpConfig.healthCheckTimeout || 3000,

                    rejectUnauthorized: false,  // Allow self-signed certificates

                    agent: false  // Disable keepAlive — hook is one-shot, reused sockets race uvicorn close (ECONNRESET / socket hang up)

                };

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

# Test connectivity to remote API

echo "$(date): Testing connectivity to remote API..."

HTTP_STATUS=$(curl -k -s -o /dev/null -w "%{http_code}" "$REMOTE_API" --connect-timeout 10)

if [ "$HTTP_STATUS" -eq 000 ]; then

    echo "$(date): ERROR: Cannot connect to remote API at $REMOTE_API"

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

# Create SSL context that allows self-signed certificates

        ssl_context = ssl.create_default_context()

        ssl_context.check_hostname = False

        ssl_context.verify_mode = ssl.CERT_NONE

        all_memories = []

        page = 1

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

### Check Memory Service Health

```bash

curl -k -s -X POST https://TARGET_IP:8443/mcp \

  -H "Content-Type: application/json" \

  -H "Authorization: Bearer test-key-123" \

  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "check_database_health", "arguments": {}}}' \

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

fi

    # Fallback to HTTPS

    curl -k -s --max-time 2 "https://127.0.0.1:8000/api/health" 2>/dev/null | \

        python3 -c "import sys, json; data=json.load(sys.stdin); print(data.get('version', 'unknown'))" 2>/dev/null || echo "unknown"

}

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

### Quick Fixes

- **Hooks not detected**: `ls ~/.claude/settings.json` → Reinstall if missing

- **JSON parse errors**: Update to latest version (includes Python dict conversion)

- **Connection failed**: Check `curl -k https://your-endpoint:8443/api/health`

- **Wrong directory**: Move `~/.claude-code/hooks/*` to `~/.claude/hooks/`

### Debug Mode

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

avahi-resolve-host-name memory.local

echo ""

echo "Testing HTTPS access:"

curl -k -s https://memory.local:8000/api/health --connect-timeout 5 || echo "HTTPS test failed"

echo ""

echo "=== Fix Complete ==="

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

echo "3. Claude Code will automatically use memory context on those machines"

echo ""

echo "Network test command:"

echo "curl -k -s https://$TARGET_IP:8443/api/health"

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

'Authorization': `Bearer ${apiKey}`,

                    'Content-Length': Buffer.byteLength(postData)

                },

                rejectUnauthorized: false,

                timeout: 5000

            };

TLS certificate verification is disabled on an outbound HTTP client. Any MITM in the network path can intercept and modify requests / responses — credentials, tokens, and tool output flow over a channel with no integrity guarantee. Python requests / httpx: drop `verify=False`. If the peer is using a private CA, set `verify="/path/to/ca-bundle.pem"` or configure the system trust store. Node TS axios / fetch: drop `rejectUnauthorized: false` from the agent / `httpsAgent` options. Same private-CA

1. **Copy this prompt file** to other machines in your network

2. **Update IP address** if memory service moves

3. **Test connectivity** with: `curl -k -s https://your-server-ip:8443/api/health`

4. **Use at session start** for instant project context

This eliminates repetitive codebase discovery across all your development machines.

remotion is 1 edit from popular 'emotion' — possible typosquat

Dockerfile never sets a non-root `USER` directive, so the CMD runs as root by default. Any RCE or library-level vulnerability exploited inside this container gets full privileges (MCP Top-10 R3). Add `USER <non-root>` before CMD / ENTRYPOINT in the final stage — e.g. `USER 1000`, `USER nobody`, or `USER nonroot` on distroless.

# :quality-cpu — pre-exported ONNX quality models, no runtime PyTorch dependency

#

# Multi-stage build:

#   builder  — installs torch + transformers + huggingface_hub + onnx + onnxscript,

#              exports ms-marco-MiniLM-L-6-v2 and nvidia-quality-classifier-deberta

#              to ONNX format under /root/.cache/mcp_memory/onnx_models/.

#   runtime  — identical to :slim but with the baked ONNX artifacts copied in;

#              only onnxruntime is needed at runtime (no torch, no transfor

Dockerfile never sets a non-root `USER` directive, so the CMD runs as root by default. Any RCE or library-level vulnerability exploited inside this container gets full privileges (MCP Top-10 R3). Add `USER <non-root>` before CMD / ENTRYPOINT in the final stage — e.g. `USER 1000`, `USER nobody`, or `USER nonroot` on distroless.

# Dockerfile optimized for Glama platform

# MCP Memory Service - Semantic memory for Claude Desktop

FROM python:3.10-slim

LABEL maintainer="Heinrich Krupp <heinrich.krupp@gmail.com>"

LABEL description="MCP Memory Service - Semantic memory and persistent storage for Claude Desktop"

LABEL version="0.2.1"

# Set environment variables

ENV PYTHONUNBUFFERED=1 \

    MCP_MEMORY_CHROMA_PATH=/app/chroma_db \

    MCP_MEMORY_BACKUPS_PATH=/app/backups \

    PYTHONPATH=/app \

    DOCKER_CONTAINER=1 \

    CHR

Dockerfile never sets a non-root `USER` directive, so the CMD runs as root by default. Any RCE or library-level vulnerability exploited inside this container gets full privileges (MCP Top-10 R3). Add `USER <non-root>` before CMD / ENTRYPOINT in the final stage — e.g. `USER 1000`, `USER nobody`, or `USER nonroot` on distroless.

# Lightweight Docker image optimized for sqlite-vec + ONNX (CPU-only)

# Eliminates PyTorch and CUDA dependencies for ~90% size reduction

FROM python:3.10-slim

# Build arguments for conditional features

ARG SKIP_MODEL_DOWNLOAD=false

# Set environment variables for optimized configuration

ENV PYTHONUNBUFFERED=1 \

    MCP_MEMORY_STORAGE_BACKEND=sqlite_vec \

    MCP_MEMORY_USE_ONNX=1 \

    MCP_MEMORY_SQLITE_PATH=/app/sqlite_db \

    MCP_MEMORY_BACKUPS_PATH=/app/backups \

    PYTHONPATH=/app/src \

Dockerfile never sets a non-root `USER` directive, so the CMD runs as root by default. Any RCE or library-level vulnerability exploited inside this container gets full privileges (MCP Top-10 R3). Add `USER <non-root>` before CMD / ENTRYPOINT in the final stage — e.g. `USER 1000`, `USER nobody`, or `USER nonroot` on distroless.

## Slim (CPU-only) Docker image optimized for sqlite-vec + ONNX

## Consolidated as the primary Dockerfile to avoid confusion.

FROM python:3.12-slim

# Build arguments for conditional features

ARG SKIP_MODEL_DOWNLOAD=false

ARG INSTALL_EXTRA="[sqlite]"

ARG FORCE_CPU_PYTORCH=false

# Set environment variables

ENV PYTHONUNBUFFERED=1 \

    MCP_MEMORY_STORAGE_BACKEND=sqlite_vec \

    MCP_MEMORY_SQLITE_PATH=/app/sqlite_db \

    MCP_MEMORY_BACKUPS_PATH=/app/backups \

    PYTHONPATH=/app/src \

    DOCKER

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

return memories || [];

        } catch (error) {

            console.warn('[Mid-Conversation Hook] Memory query failed:', error.message);

            return [];

        }

    }

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

return memories

        except Exception as e:

            print(f"❌ Direct query failed: {e}")

            if 'conn' in locals():

                conn.close()

            return []

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

});

            req.on('error', (error) => {

                console.error('[Dynamic Context] Memory service request failed:', error.message);

                resolve([]);

            });

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

reject(new Error(`Request timeout after ${timeout}ms`));

            });

            console.error(`[${requestId}] Sending request...`);

            if (data) {

                const postData = JSON.stringify(data);

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

print()

        print("💡 Next Steps:")

        print("   1. Run bulk_evaluate_onnx.py with corrected query logic")

        print("   2. Verify quality distribution: curl -ks https://127.0.0.1:8000/api/quality/distribution")

    finally:

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

print(f"  By search query: {sys.argv[0]} --search 'query text'")

        print()

        print("Examples:")

        print(f"  {sys.argv[0]} abc123def456...")

        print(f"  {sys.argv[0]} --search 'cloudflare release'")

        sys.exit(1)

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

const startTime = Date.now();

        const requestId = Math.random().toString(36).substr(2, 9);

        console.error(`[${requestId}] Starting ${method} request to ${path}`);

        return new Promise((resolve, reject) => {

            // Use URL constructor's built-in path resolution to avoid duplicate base paths

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

elif resp.status_code == 400:

                print(f"  [INFO] Time query '{query}' not supported yet")

            else:

                print(f"  [FAIL] Time search failed for '{query}': {resp.status_code}")

        except Exception as e:

            print(f"  [FAIL] Time search error for '{query}': {e}")

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

const toolName = params.name;

                    const toolParams = params.arguments || {};

                    console.error(`Processing tool call: ${toolName} with params:`, JSON.stringify(toolParams));

                    let toolResult;

                    switch (toolName) {

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

if len(sys.argv) < 2:

        print("Usage:")

        print(f"  By content hash: {sys.argv[0]} <content_hash>")

        print(f"  By search query: {sys.argv[0]} --search 'query text'")

        print()

        print("Examples:")

        print(f"  {sys.argv[0]} abc123def456...")

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

if self._task:

            self._task.cancel()

            try:

                await self._task

            except asyncio.CancelledError:

                pass  # Expected when task is cancelled during shutdown

        logger.info("BackupScheduler stopped")

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

os.unlink(test_db_path)

                for ext in ["-wal", "-shm"]:

                    try:

                        os.unlink(test_db_path + ext)

                    except:

                        pass

            except:

                pass

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

try:

                        os.unlink(test_db_path + ext)

                    except:

                        pass

            except:

                pass

    except Exception as e:

        print(f"  [ERROR] WAL mode test failed: {e}")

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

# Try to find the module directly

                loader = importlib.machinery.PathFinder.find_spec(fullname, path)

                if loader is not None:

                    return loader

            except Exception:

                pass

            # If not found, print a warning and return None

            print(f"WARNING: Blocked automatic installation of {fullname}", file=sys.stderr)

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

if "created_at_iso" in mem:

            try:

                dt = datetime.fromisoformat(mem["created_at_iso"].replace("Z", "+00:00"))

                created_at = int(dt.timestamp())

            except ValueError:

                pass

        memory = Memory(

            content=mem["content"], content_hash=content_hash,

            tags=mem.get("tags", []), memory_type=mem.get("memory_type", ""),