@cybermem/mcp 0.15.0 → 0.16.1

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @cybermem/mcp
 
+## 0.16.1
+
+### Patch Changes
+
+- Automated patch version bump.
+
+## 0.16.0
+
+### Minor Changes
+
+- [#140](https://github.com/mikhailkogan17/cybermem/pull/140) [`bcf40e2`](https://github.com/mikhailkogan17/cybermem/commit/bcf40e2173ad66214cfc6089d45481966255581d) Thanks [@mikhailkogan17-antigravity](https://github.com/mikhailkogan17-antigravity)! - Moved server tools usage to FastMCP
+
 ## 0.15.0
 
 ### Minor Changes

package/dist/index.js

@@ -89,12 +89,45 @@ async function initialize() {
         process.exit(1);
     }
 }
+/**
+ * Derives the client name from the tool execution context.
+ *
+ * Priority:
+ * 1. STDIO: handshake clientInfo.name (via context.client.version.name)
+ * 2. HTTP with X-Client-Name header: the explicit header value
+ * 3. HTTP without header: handshake clientInfo.name as fallback
+ * 4. Last resort: "unknown"
+ */
+function getClientName(context) {
+    const ctx = context;
+    const sessionName = ctx.session?.clientName;
+    // FastMCP exposes MCP handshake clientInfo at context.client.version
+    const handshakeName = ctx.client?.version?.name;
+    // STDIO: always use handshake name (the real client identity)
+    if (sessionName === "stdio") {
+        return sanitizeClientName(handshakeName || "unknown");
+    }
+    // HTTP: prefer explicit X-Client-Name header if it's meaningful
+    if (sessionName && sessionName !== "unknown") {
+        return sanitizeClientName(sessionName);
+    }
+    // HTTP without header: fall back to handshake name
+    return sanitizeClientName(handshakeName || sessionName || "unknown");
+}
+/** Strip control characters and truncate to prevent log injection. */
+function sanitizeClientName(name) {
+    return name.replace(/[\x00-\x1f\x7f]/g, "").slice(0, 64);
+}
 const server = new fastmcp_1.FastMCP({
     name: "cybermem",
     version: VALID_VERSION,
     instructions: CYBERMEM_INSTRUCTIONS,
     health: { enabled: true, path: "/health" },
     authenticate: async (req) => {
+        // STDIO transport doesn't provide an HTTP request object
+        if (!req?.headers) {
+            return { clientName: "stdio" };
+        }
         const clientName = (req.headers["x-client-name"] ||
             req.headers["X-Client-Name"] ||
             "unknown");
@@ -120,7 +153,8 @@ server.addTool({
         tags: zod_1.z.array(zod_1.z.string()).optional().describe("Category tags"),
     }),
     execute: async (args, context) => {
-        return requestContext.run({ clientName: context.session?.clientName }, async () => {
+        const clientName = getClientName(context);
+        return requestContext.run({ clientName }, async () => {
             try {
                 const res = await memory.add(args.content, { tags: args.tags });
                 await logActivity("add_memory");
@@ -141,7 +175,8 @@ server.addTool({
         k: zod_1.z.number().default(5).describe("Number of results"),
     }),
     execute: async (args, context) => {
-        return requestContext.run({ clientName: context.session?.clientName }, async () => {
+        const clientName = getClientName(context);
+        return requestContext.run({ clientName }, async () => {
             try {
                 const res = await memory.search(args.query, { limit: args.k });
                 await logActivity("query_memory");
@@ -168,7 +203,8 @@ server.addTool({
         path: ["content"],
     }),
     execute: async (args, context) => {
-        return requestContext.run({ clientName: context.session?.clientName }, async () => {
+        const clientName = getClientName(context);
+        return requestContext.run({ clientName }, async () => {
             try {
                 const res = await (0, hsg_js_1.update_memory)(args.id, args.content, args.tags);
                 await logActivity("update_memory");
@@ -192,7 +228,8 @@ server.addTool({
             .describe("Relevance boost amount (0.0 to 1.0)"),
     }),
     execute: async (args, context) => {
-        return requestContext.run({ clientName: context.session?.clientName }, async () => {
+        const clientName = getClientName(context);
+        return requestContext.run({ clientName }, async () => {
             try {
                 await (0, hsg_js_1.reinforce_memory)(args.id, args.boost);
                 await logActivity("reinforce_memory");
@@ -212,7 +249,8 @@ server.addTool({
         id: zod_1.z.string().describe("Memory ID"),
     }),
     execute: async (args, context) => {
-        return requestContext.run({ clientName: context.session?.clientName }, async () => {
+        const clientName = getClientName(context);
+        return requestContext.run({ clientName }, async () => {
             try {
                 await (0, db_js_1.run_async)("DELETE FROM memories WHERE id=?", [args.id]);
                 await (0, db_js_1.run_async)("DELETE FROM vectors WHERE id=?", [args.id]);

package/e2e/stdio_attribution.spec.ts

@@ -0,0 +1,74 @@
+import { expect, test } from "@playwright/test";
+import { spawn } from "child_process";
+import path from "path";
+
+const TEST_CLIENT_NAME = "antigravity-e2e-stdio";
+
+test("MCP:E2E (STDIO Attribution) — Verified handshake identity propagates to logs", async () => {
+  const serverPath = path.join(__dirname, "../dist/index.js");
+
+  // 1. Spawn the server in STDIO mode
+  const server = spawn("node", [serverPath], {
+    env: {
+      ...process.env,
+      OM_DB_PATH: ":memory:",
+      CYBERMEM_INSTANCE: "stdio-e2e-test",
+    },
+  });
+
+  let logOutput = "";
+  // In STDIO mode, console.log is redirected to stderr by console-fix.ts
+  server.stderr?.on("data", (data) => {
+    logOutput += data.toString();
+  });
+
+  // 2. Send initialize handshake with custom clientInfo
+  server.stdin?.write(
+    JSON.stringify({
+      jsonrpc: "2.0",
+      id: 1,
+      method: "initialize",
+      params: {
+        protocolVersion: "2024-11-05",
+        capabilities: {},
+        clientInfo: {
+          name: TEST_CLIENT_NAME,
+          version: "1.0.0",
+        },
+      },
+    }) + "\n",
+  );
+
+  // Wait for initialization to be processed
+  await new Promise((r) => setTimeout(r, 500));
+
+  // 3. Send tool call
+  server.stdin?.write(
+    JSON.stringify({
+      jsonrpc: "2.0",
+      id: 2,
+      method: "tools/call",
+      params: {
+        name: "query_memory",
+        arguments: {
+          query: "test attribution",
+        },
+      },
+    }) + "\n",
+  );
+
+  // Wait for tool execution and logging (console.log is async in some buffers)
+  await new Promise((r) => setTimeout(r, 1000));
+
+  // Cleanup
+  server.kill();
+
+  // 4. Assert that the log output contains the correctly attributed client name
+  const expectedLogLine = `[MCP-LOG] client=${TEST_CLIENT_NAME} tool=query_memory`;
+
+  if (!logOutput.includes(expectedLogLine)) {
+    console.log("Full stderr received:", logOutput);
+  }
+
+  expect(logOutput).toContain(expectedLogLine);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cybermem/mcp",
-  "version": "0.15.0",
+  "version": "0.16.1",
   "description": "CyberMem MCP Server - AI Memory with openmemory-js SDK",
   "main": "dist/index.js",
   "bin": {

package/src/index.ts

@@ -148,12 +148,62 @@ interface AuthContext {
   [key: string]: unknown;
 }
 
+/**
+ * Extended context for MCP tools to handle STDIO client attribution.
+ */
+interface ToolContext {
+  session?: AuthContext;
+  client?: {
+    version: {
+      name: string;
+    };
+  };
+}
+
+/**
+ * Derives the client name from the tool execution context.
+ *
+ * Priority:
+ * 1. STDIO: handshake clientInfo.name (via context.client.version.name)
+ * 2. HTTP with X-Client-Name header: the explicit header value
+ * 3. HTTP without header: handshake clientInfo.name as fallback
+ * 4. Last resort: "unknown"
+ */
+function getClientName(context: any): string {
+  const ctx = context as ToolContext;
+  const sessionName = ctx.session?.clientName;
+  // FastMCP exposes MCP handshake clientInfo at context.client.version
+  const handshakeName = ctx.client?.version?.name;
+
+  // STDIO: always use handshake name (the real client identity)
+  if (sessionName === "stdio") {
+    return sanitizeClientName(handshakeName || "unknown");
+  }
+
+  // HTTP: prefer explicit X-Client-Name header if it's meaningful
+  if (sessionName && sessionName !== "unknown") {
+    return sanitizeClientName(sessionName);
+  }
+
+  // HTTP without header: fall back to handshake name
+  return sanitizeClientName(handshakeName || sessionName || "unknown");
+}
+
+/** Strip control characters and truncate to prevent log injection. */
+function sanitizeClientName(name: string): string {
+  return name.replace(/[\x00-\x1f\x7f]/g, "").slice(0, 64);
+}
+
 const server = new FastMCP<AuthContext>({
   name: "cybermem",
   version: VALID_VERSION,
   instructions: CYBERMEM_INSTRUCTIONS,
   health: { enabled: true, path: "/health" },
   authenticate: async (req) => {
+    // STDIO transport doesn't provide an HTTP request object
+    if (!req?.headers) {
+      return { clientName: "stdio" };
+    }
     const clientName = (req.headers["x-client-name"] ||
       req.headers["X-Client-Name"] ||
       "unknown") as string;
@@ -184,19 +234,18 @@ server.addTool({
     tags: z.array(z.string()).optional().describe("Category tags"),
   }),
   execute: async (args, context) => {
-    return requestContext.run(
-      { clientName: context.session?.clientName },
-      async () => {
-        try {
-          const res = await memory.add(args.content, { tags: args.tags });
-          await logActivity("add_memory");
-          return JSON.stringify(res);
-        } catch (err: any) {
-          await logActivity("add_memory", 500);
-          throw err;
-        }
-      },
-    );
+    const clientName = getClientName(context);
+
+    return requestContext.run({ clientName }, async () => {
+      try {
+        const res = await memory.add(args.content, { tags: args.tags });
+        await logActivity("add_memory");
+        return JSON.stringify(res);
+      } catch (err: any) {
+        await logActivity("add_memory", 500);
+        throw err;
+      }
+    });
   },
 });
 
@@ -208,19 +257,18 @@ server.addTool({
     k: z.number().default(5).describe("Number of results"),
   }),
   execute: async (args, context) => {
-    return requestContext.run(
-      { clientName: context.session?.clientName },
-      async () => {
-        try {
-          const res = await memory.search(args.query, { limit: args.k });
-          await logActivity("query_memory");
-          return JSON.stringify(res);
-        } catch (err: any) {
-          await logActivity("query_memory", 500);
-          throw err;
-        }
-      },
-    );
+    const clientName = getClientName(context);
+
+    return requestContext.run({ clientName }, async () => {
+      try {
+        const res = await memory.search(args.query, { limit: args.k });
+        await logActivity("query_memory");
+        return JSON.stringify(res);
+      } catch (err: any) {
+        await logActivity("query_memory", 500);
+        throw err;
+      }
+    });
   },
 });
 
@@ -239,19 +287,18 @@ server.addTool({
       path: ["content"],
     }),
   execute: async (args, context) => {
-    return requestContext.run(
-      { clientName: context.session?.clientName },
-      async () => {
-        try {
-          const res = await update_memory(args.id, args.content, args.tags);
-          await logActivity("update_memory");
-          return JSON.stringify(res);
-        } catch (err: any) {
-          await logActivity("update_memory", 500);
-          throw err;
-        }
-      },
-    );
+    const clientName = getClientName(context);
+
+    return requestContext.run({ clientName }, async () => {
+      try {
+        const res = await update_memory(args.id, args.content, args.tags);
+        await logActivity("update_memory");
+        return JSON.stringify(res);
+      } catch (err: any) {
+        await logActivity("update_memory", 500);
+        throw err;
+      }
+    });
   },
 });
 
@@ -266,19 +313,18 @@ server.addTool({
       .describe("Relevance boost amount (0.0 to 1.0)"),
   }),
   execute: async (args, context) => {
-    return requestContext.run(
-      { clientName: context.session?.clientName },
-      async () => {
-        try {
-          await reinforce_memory(args.id, args.boost);
-          await logActivity("reinforce_memory");
-          return `Memory reinforced: ${args.id}`;
-        } catch (err: any) {
-          await logActivity("reinforce_memory", 500);
-          throw err;
-        }
-      },
-    );
+    const clientName = getClientName(context);
+
+    return requestContext.run({ clientName }, async () => {
+      try {
+        await reinforce_memory(args.id, args.boost);
+        await logActivity("reinforce_memory");
+        return `Memory reinforced: ${args.id}`;
+      } catch (err: any) {
+        await logActivity("reinforce_memory", 500);
+        throw err;
+      }
+    });
   },
 });
 
@@ -289,20 +335,19 @@ server.addTool({
     id: z.string().describe("Memory ID"),
   }),
   execute: async (args, context) => {
-    return requestContext.run(
-      { clientName: context.session?.clientName },
-      async () => {
-        try {
-          await run_async("DELETE FROM memories WHERE id=?", [args.id]);
-          await run_async("DELETE FROM vectors WHERE id=?", [args.id]);
-          await logActivity("delete_memory");
-          return "Deleted";
-        } catch (err: any) {
-          await logActivity("delete_memory", 500);
-          throw err;
-        }
-      },
-    );
+    const clientName = getClientName(context);
+
+    return requestContext.run({ clientName }, async () => {
+      try {
+        await run_async("DELETE FROM memories WHERE id=?", [args.id]);
+        await run_async("DELETE FROM vectors WHERE id=?", [args.id]);
+        await logActivity("delete_memory");
+        return "Deleted";
+      } catch (err: any) {
+        await logActivity("delete_memory", 500);
+        throw err;
+      }
+    });
   },
 });