From b2f259c25304e89bc19bf767dd8c971251ba7026 Mon Sep 17 00:00:00 2001 From: icciAaron Date: Sun, 19 Apr 2026 15:01:28 -0400 Subject: [PATCH] fix(mcp): omit palace_path from tool_status responses (+ docs) The MCP `mempalace_status` tool was returning the server's absolute `_config.palace_path` to any connected client on both the main (ChromaDB-backed) path and the sqlite fallback path that runs when HNSW divergence is detected (#1222). On a single-user local deployment this is self-disclosure, but in nested-agent or multi-server MCP topologies the client is a separate trust domain and the absolute path has no documented client-side use. Clients that legitimately need the palace path continue to have three documented channels: the `MEMPALACE_PALACE_PATH` env var (primary) or its legacy `MEMPAL_PALACE_PATH` alias, the `~/.mempalace/config.json` file, and the `--palace` CLI flag on most subcommands. Also corrects stale docs that claimed `mempalace_reconnect` returned a `palace_path` field; the code returns `{success, message, drawers, vector_disabled[, vector_disabled_reason]}` on success, plus a no-palace shape and an exception shape. - mempalace/mcp_server.py: drop palace_path from tool_status() and _tool_status_via_sqlite() result dicts - website/reference/mcp-tools.md: update documented return shapes for mempalace_status (fix) and mempalace_reconnect (stale-docs correction) Authored-by: Aaron Salsitz (ICCI LLC, @icciaaron). Claude Code was used as an authoring and review-orchestration tool, with human-in-the-loop oversight at every step: Aaron wrote the prompts, reviewed each draft, called for three independent review passes (drafting / post-rebase technical / CISA-aligned disclosure-leak), and verified the final patch behavior before commit. --- mempalace/mcp_server.py | 2 -- website/reference/mcp-tools.md | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/mempalace/mcp_server.py b/mempalace/mcp_server.py index 13654f6..4aab316 100644 --- a/mempalace/mcp_server.py +++ b/mempalace/mcp_server.py @@ -454,7 +454,6 @@ def _tool_status_via_sqlite() -> dict: "total_drawers": total, "wings": wings, "rooms": rooms, - "palace_path": _config.palace_path, "protocol": PALACE_PROTOCOL, "aaak_dialect": AAAK_SPEC, "vector_disabled": True, @@ -493,7 +492,6 @@ def tool_status(): "total_drawers": count, "wings": wings, "rooms": rooms, - "palace_path": _config.palace_path, "protocol": PALACE_PROTOCOL, "aaak_dialect": AAAK_SPEC, } diff --git a/website/reference/mcp-tools.md b/website/reference/mcp-tools.md index f951fe1..671225a 100644 --- a/website/reference/mcp-tools.md +++ b/website/reference/mcp-tools.md @@ -10,7 +10,7 @@ Palace overview: total drawers, wing and room counts, AAAK spec, and memory prot **Parameters:** None -**Returns:** `{ total_drawers, wings, rooms, palace_path, protocol, aaak_dialect }` +**Returns:** `{ total_drawers, wings, rooms, protocol, aaak_dialect }` --- @@ -378,4 +378,4 @@ Force a reconnect to the palace database. Use this after external scripts or CLI **Parameters:** None -**Returns:** `{ success, palace_path }` +**Returns:** `{ success, message, drawers, vector_disabled[, vector_disabled_reason] }` (on no-palace: `{ success: false, message, drawers, vector_disabled }`; on exception: `{ success: false, error }`)