blob: 40fb885849ba29ea62a7763366833dd8407eaf71 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
---
description: Comprehensive code review for Memory MCP Server
argument-hint: "[specific file, module, or leave empty for full review]"
allowed-tools: Read, Grep, Glob, Task, TodoWrite
---
# Memory MCP Server Code Review
Perform a comprehensive review of $ARGUMENTS with focus on MCP protocol compliance and memory system integrity:
## Critical Security & Safety
- **Data Isolation**: Verify companion/user boundary enforcement
- **SQL Injection**: Check all database queries for parameterization
- **Embedding Leakage**: Ensure vector data doesn't cross tenant boundaries
- **Auth Tokens**: Validate secure storage and transmission
- **API Keys**: Check for hardcoded credentials (OpenAI, Neon)
- **Session Hijacking**: Review session management implementation
## MCP Protocol Compliance
- **JSON-RPC 2.0**: Validate message format compliance
- **Error Codes**: Use standard MCP error codes (-32700 to -32603)
- **Tool Registration**: Verify proper tool manifest structure
- **Parameter Validation**: Check Zod schemas match MCP expectations
- **Response Format**: Ensure consistent response structure
- **Streaming Support**: Validate partial result handling
## Memory System Integrity
- **Vector Dimensions**: Ensure consistent embedding dimensions (1536 for OpenAI)
- **Index Configuration**: Review IVFFlat/HNSW parameters
- **Memory Lifecycle**: Check expiration and archival logic
- **Consolidation Rules**: Validate memory merging algorithms
- **Importance Scoring**: Review decay and update mechanisms
- **Deduplication**: Check for duplicate memory prevention
## Performance Optimization
- **N+1 Queries**: Identify and fix database query patterns
- **Vector Search**: Optimize similarity thresholds and limits
- **Index Usage**: Verify proper index hints and scans
- **Connection Pooling**: Check pool size and timeout settings
- **Batch Operations**: Look for opportunities to batch DB operations
- **Caching Strategy**: Review memory and query result caching
## Database & Schema
- **Migration Safety**: Check for backward compatibility
- **Transaction Boundaries**: Verify ACID compliance
- **Deadlock Prevention**: Review lock ordering
- **Foreign Keys**: Ensure referential integrity
- **Soft Deletes**: Validate is_archived handling
- **Timestamps**: Check timezone handling
## Error Handling
- **Database Errors**: Graceful handling of connection failures
- **API Failures**: OpenAI API error recovery
- **Validation Errors**: User-friendly error messages
- **Timeout Handling**: Proper cleanup on timeouts
- **Retry Logic**: Exponential backoff implementation
- **Logging**: Structured logging with appropriate levels
## Code Quality
- **TypeScript Strict**: Enable strict mode compliance
- **Type Safety**: No `any` types without justification
- **Code Duplication**: Identify repeated patterns
- **Function Complexity**: Break down complex functions
- **Naming Conventions**: Consistent naming patterns
- **Documentation**: JSDoc for public APIs
## Testing Gaps
- **Unit Test Coverage**: Minimum 80% coverage
- **Integration Tests**: MCP protocol testing
- **Vector Search Tests**: Similarity threshold validation
- **Session Tests**: Multi-tenancy isolation
- **Error Path Tests**: Exception handling coverage
- **Performance Tests**: Load and stress testing
## Specific Checks for Memory MCP
```typescript
// Check for these patterns:
interface MemoryReviewChecks {
// 1. Embedding generation should handle failures
embeddings: {
fallbackStrategy: boolean;
retryLogic: boolean;
costTracking: boolean;
};
// 2. Vector search should be bounded
vectorSearch: {
maxResults: number;
minSimilarity: number;
timeoutMs: number;
};
// 3. Memory operations should be atomic
transactions: {
useTransactions: boolean;
rollbackOnError: boolean;
isolationLevel: string;
};
// 4. Session management should be secure
sessions: {
tokenRotation: boolean;
expirationHandling: boolean;
revokeOnLogout: boolean;
};
}
```
## Priority Issues Format
### 🔴 Critical (Security/Data Loss)
- Issue description
- File:line reference
- Suggested fix
### 🟡 Important (Performance/Reliability)
- Issue description
- File:line reference
- Suggested fix
### 🟢 Minor (Code Quality/Style)
- Issue description
- File:line reference
- Suggested fix
## Review Checklist
- [ ] No sensitive data in logs
- [ ] All DB queries parameterized
- [ ] MCP responses follow spec
- [ ] Vector operations are bounded
- [ ] Sessions properly isolated
- [ ] Errors handled gracefully
- [ ] Performance within targets
- [ ] Tests cover critical paths
|
