From c9135aad67cf62a8e3bab2776f6570efe5dc9a76 Mon Sep 17 00:00:00 2001
From: Igor Lins e Silva <4753812+igorls@users.noreply.github.com>
Date: Tue, 7 Apr 2026 17:25:47 -0300
Subject: [PATCH] fix: sanitize error responses and remove sys.exit from
 library code

- Remove palace_path from _no_palace() error response (prevents
  leaking filesystem paths to the LLM)
- Replace str(e) with generic 'Internal tool error' in MCP dispatch
  catch block (full error is still logged server-side via stderr)
- Replace sys.exit(1) with return in searcher.search() CLI function
  (prevents process termination if called from library context)
- Remove unused sys import from searcher.py

Findings: #12 (HIGH), #5 (MEDIUM), #15 (LOW)

Includes test infrastructure from PR #131.
92 tests pass.
---
 mempalace/mcp_server.py | 3 +--
 mempalace/searcher.py   | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/mempalace/mcp_server.py b/mempalace/mcp_server.py
index 3861195..6f4677f 100644
--- a/mempalace/mcp_server.py
+++ b/mempalace/mcp_server.py
@@ -53,7 +53,6 @@ def _get_collection(create=False):
 def _no_palace():
     return {
         "error": "No palace found",
-        "palace_path": _config.palace_path,
         "hint": "Run: mempalace init <dir> && mempalace mine <dir>",
     }
 
@@ -746,7 +745,7 @@ def handle_request(request):
             }
         except Exception as e:
             logger.error(f"Tool error in {tool_name}: {e}")
-            return {"jsonrpc": "2.0", "id": req_id, "error": {"code": -32000, "message": str(e)}}
+            return {"jsonrpc": "2.0", "id": req_id, "error": {"code": -32000, "message": "Internal tool error"}}
 
     return {
         "jsonrpc": "2.0",
diff --git a/mempalace/searcher.py b/mempalace/searcher.py
index 9972dbe..5c325ae 100644
--- a/mempalace/searcher.py
+++ b/mempalace/searcher.py
@@ -6,7 +6,7 @@ Semantic search against the palace.
 Returns verbatim text — the actual words, never summaries.
 """
 
-import sys
+
 from pathlib import Path
 
 import chromadb
@@ -23,7 +23,7 @@ def search(query: str, palace_path: str, wing: str = None, room: str = None, n_r
     except Exception:
         print(f"\n  No palace found at {palace_path}")
         print("  Run: mempalace init <dir> then mempalace mine <dir>")
-        sys.exit(1)
+        return
 
     # Build where filter
     where = {}
@@ -47,7 +47,7 @@ def search(query: str, palace_path: str, wing: str = None, room: str = None, n_r
 
     except Exception as e:
         print(f"\n  Search error: {e}")
-        sys.exit(1)
+        return
 
     docs = results["documents"][0]
     metas = results["metadatas"][0]