cf-memory-mcp 3.9.3 → 3.9.5

package/README.md

@@ -25,8 +25,8 @@ The active runtime is at [src-simplified/index.ts](src-simplified/index.ts). It
 - Code indexing with `index_project` and `index_github`
 - Retrieval with `retrieve_context` (3-lane hybrid + cross-encoder rerank, returns `file_imports` + `source_kind` + `citation`)
 - Code relationship graph with `get_related_code` (calls, imports, extends, implements)
-- Project exploration with `list_files`, `list_projects`, `get_stats`, `get_file_outline`, `get_file_content`
-- **Staleness handling**: `find_stale_files`, `refresh_files`, `refresh_stale`. Results auto-tag stale chunks with a `stale_refresh_hint` showing the exact call to fix them.
+- Project exploration with `list_files`, `list_projects`, `get_stats`, `get_file_outline`, `get_file_content` (bridge reads local file byte-exact when resolvable; falls back to chunk-reconstruction with `reconstruction_warning` + `missing_line_ranges`)
+- **Staleness handling**: `find_stale_files`, `refresh_files`, `refresh_stale`. Results auto-tag stale chunks with a `stale_refresh_hint` showing the exact call to fix them. Set `CF_MEMORY_AUTO_REFRESH=true` (or pass `auto_refresh:true`) to have the bridge transparently refresh + re-query before returning.
 - Assistant memory tools (`store_memory`, `retrieve_memories`, `get_context_bootstrap`, `delete_memory`)
 - Session tracking with `start_session`, `end_session`
 - Structured entity storage with `store_entity`
@@ -64,6 +64,7 @@ Useful environment variables:
 - `CF_MEMORY_TRACE=1` — verbose request/response logging to `/tmp/cf-memory-mcp.log` (rotates at 5MB)
 - `CF_MEMORY_PROGRESS=true` — stream per-file indexing progress via SSE to stderr during `index_project`
 - `CF_MEMORY_AUTO_WATCH=true` — watch the project directory and auto-reindex on file change
+- `CF_MEMORY_AUTO_REFRESH=true` — when retrieve_context returns stale chunks, transparently refresh the changed files and re-query before returning (new in v3.9.0). Removes the find_stale → refresh → re-query loop.
 - `CF_MEMORY_WATCH_PATH=/path/to/project` — explicit project root (defaults to bridge's `cwd`)
 - `CF_MEMORY_PROJECT_NAME=my-project` — display name when auto-watch indexes the project
 

package/bin/cf-memory-mcp.js

@@ -1801,25 +1801,42 @@ class CFMemoryMCP {
                 projectRoot = process.env.CF_MEMORY_WATCH_PATH || process.cwd();
             }
 
-            // Try exact path first, then walk up substring matches under root
-            const candidates = [
-                path.resolve(projectRoot, filePath),
-                path.resolve(filePath),
-            ];
-            let resolvedFull = null;
-            for (const c of candidates) {
-                try {
-                    const stat = fs.statSync(c);
-                    if (stat.isFile()) {
-                        resolvedFull = c;
-                        break;
-                    }
-                } catch (_) { /* try next */ }
+            // Resolve the file_path against the project root and HARD-CONFINE
+            // the result to be inside the project root. Without this check the
+            // tool became a general filesystem reader — `file_path: "/etc/hosts"`
+            // or `file_path: "../../../etc/passwd"` would both serve those
+            // files because path.resolve treats absolute file_paths as-is and
+            // doesn't enforce ancestry. This is a security finding from codex
+            // review; fix before reading anything off disk.
+            const normalizedRoot = path.resolve(projectRoot);
+            const resolvedFull = path.resolve(normalizedRoot, filePath);
+            // Path must be strictly under the project root. `relative` returns
+            // an empty string for the root itself and a `..`-prefixed string
+            // for anything outside.
+            const relative = path.relative(normalizedRoot, resolvedFull);
+            if (!relative || relative.startsWith('..') || path.isAbsolute(relative)) {
+                _mcpTrace('GFC_LOCAL_REJECT_ESCAPE', `${filePath} -> ${resolvedFull} escapes root ${normalizedRoot}`);
+                return false;
+            }
+            try {
+                const probe = fs.statSync(resolvedFull);
+                if (!probe.isFile()) return false;
+            } catch (_) {
+                return false;
             }
-            if (!resolvedFull) return false;
 
-            const fullContent = fs.readFileSync(resolvedFull, 'utf8');
+            // Guard against blowing memory on huge files (binary blobs, big
+            // SQL dumps, etc). 10MB is plenty for any source file the
+            // chunker would handle. Above that, fall through to the
+            // server's chunk-reconstruction path which is already truncated.
             const stat = fs.statSync(resolvedFull);
+            const MAX_LOCAL_READ_BYTES = 10 * 1024 * 1024;
+            if (stat.size > MAX_LOCAL_READ_BYTES) {
+                _mcpTrace('GFC_LOCAL_SKIP', `file too large (${stat.size}b > ${MAX_LOCAL_READ_BYTES}b): ${resolvedFull}`);
+                return false;
+            }
+
+            const fullContent = fs.readFileSync(resolvedFull, 'utf8');
             const truncated = fullContent.length > maxChars;
             const content = truncated ? fullContent.slice(0, maxChars) + '\n... [truncated]' : fullContent;
             const totalLines = fullContent.split('\n').length;
@@ -2264,23 +2281,30 @@ if (process.argv.includes('--diagnose')) {
     return;
 }
 
-// Check API key before starting server
-if (!API_KEY) {
-    console.error('Error: CF_MEMORY_API_KEY environment variable is required');
-    console.error('');
-    console.error('Please set your API key:');
-    console.error('  export CF_MEMORY_API_KEY="your-api-key-here"');
-    console.error('');
-    console.error('Or run with:');
-    console.error('  CF_MEMORY_API_KEY="your-api-key-here" npx cf-memory-mcp');
-    console.error('');
-    console.error(`Target server: ${BASE_URL}`);
-    process.exit(1);
+// Only run the entry-point side effects when invoked directly (not when
+// require()'d from a test or downstream tool). This guard lets the test
+// suite import CFMemoryMCP without triggering the API-key check and
+// starting the stdio listener.
+if (require.main === module) {
+    if (!API_KEY) {
+        console.error('Error: CF_MEMORY_API_KEY environment variable is required');
+        console.error('');
+        console.error('Please set your API key:');
+        console.error('  export CF_MEMORY_API_KEY="your-api-key-here"');
+        console.error('');
+        console.error('Or run with:');
+        console.error('  CF_MEMORY_API_KEY="your-api-key-here" npx cf-memory-mcp');
+        console.error('');
+        console.error(`Target server: ${BASE_URL}`);
+        process.exit(1);
+    }
+
+    const server = new CFMemoryMCP();
+    server.start().catch(error => {
+        console.error('Failed to start CF Memory MCP server:', error.message);
+        process.exit(1);
+    });
 }
 
-// Start the MCP server
-const server = new CFMemoryMCP();
-server.start().catch(error => {
-    console.error('Failed to start CF Memory MCP server:', error.message);
-    process.exit(1);
-});
+// Export for tests/downstream tools
+module.exports = { CFMemoryMCP };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "cf-memory-mcp",
-	"version": "3.9.3",
+	"version": "3.9.5",
 	"description": "Cloudflare-hosted MCP server for code indexing, retrieval, and assistant memory with a direct remote MCP endpoint and local stdio bridge.",
 	"main": "bin/cf-memory-mcp.js",
 	"bin": {