fix(mcp): probe diagnostics + sandbox escape hatch (#234, #278)

[rohitg00]

Summary

Three small follow-ups to v0.9.6 from live field reports on #234 and #278.

• @agentmemory/mcp shim silent degradation in sandboxed clients (MCP shim: --tools all returns only 7 tools due to IMPLEMENTED_TOOLS hardcode #234 follow-up, @jcalfee). Probe now logs URL/status/reason on failure, default timeout raised 500ms → 2000ms, AGENTMEMORY_PROBE_TIMEOUT_MS overrides, AGENTMEMORY_FORCE_PROXY=1 skips the probe entirely for clients (Flatpak / Snap / restricted containers) that can reach the server but not the host loopback.
• Compose state loss on docker compose down (MCP shim: --tools all returns only 7 tools due to IMPLEMENTED_TOOLS hardcode #234 follow-up). iii-config.docker.yaml wrote to ./data/... (relative → resolved against engine container WORKDIR=/home/nonroot) instead of /data (where the iii-data named volume mounts). Both paths now absolute.
• CLI banner leak which: no iii in ... (cosmetic). execFileSync default stdio inherits stderr; switched whichBinary() to stdio: ["ignore", "pipe", "pipe"].
• Engine log spam can fill host disk (iii-engine Docker container (iiidev/iii:0.11.2) fills disk space with massive 129GB stdout json.log #278, @satabd). Compose now caps engine container logs at 30 MB total via json-file driver (max-size: 10m, max-file: 3). The upstream engine crash spam itself needs filing against iii-hq/iii — this is the compose-side blast-radius bound.

Root cause walkthrough

Why Roo Code in VS Codeium (Flatpak) saw 7 tools while the host shell saw 51

host shell                Flatpak (VS Codeium)
─────────────             ──────────────────────
curl localhost:3111       (Roo Code spawns shim)
  ↓                         ↓
livez 200 OK              connect: ECONNREFUSED
  ↓                         ↓ (catch swallows it)
proxy mode → 51 tools     local mode → IMPLEMENTED_TOOLS (7)

The probe in src/mcp/rest-proxy.ts:31 had:

} catch {
  return false;
}

No log line. 500ms timeout. The fix surfaces every failure with the URL, the HTTP status (or thrown reason), and the active timeout, so users actually see why they fell into local mode instead of staring at a 7-tool list with no explanation.

For Flatpak / Snap / network-restricted clients that genuinely can't probe but can reach the server through some other route (LAN IP, configured upstream, sidecar), AGENTMEMORY_FORCE_PROXY=1 short-circuits the probe and trusts AGENTMEMORY_URL directly.

Why docker compose down wiped state

docker-compose.yml:           iii-config.docker.yaml:
  volumes:                      iii-state:
    - iii-data:/data              file_path: ./data/state_store.db
                                                ^^^^^^
                                  resolved against WORKDIR=/home/nonroot
                                  inside container → /home/nonroot/data/...
                                  NOT /data (the volume mount).

So every write went to the ephemeral container layer, not the named volume, and docker compose down discarded it. Bumping both paths to absolute (/data/state_store.db, /data/stream_store) routes them through the volume the compose file always intended.

Migration note for existing users: one-time docker compose down -v to drop the (empty) old volume layout, then docker compose up — fresh data goes to the right place from then on.

Changes

• src/mcp/rest-proxy.ts — log probe failures to stderr; 500ms → 2000ms default; AGENTMEMORY_PROBE_TIMEOUT_MS knob; AGENTMEMORY_FORCE_PROXY=1 skip-probe escape hatch.
• src/cli.ts — pipe which's stderr in whichBinary().
• iii-config.docker.yaml — absolute file_path for iii-state and iii-stream.
• docker-compose.yml — logging.driver: json-file + max-size: 10m + max-file: 3 on the iii-engine service.
• Version bump 0.9.6 → 0.9.7 across package.json, packages/mcp/package.json, plugin/.claude-plugin/plugin.json, src/version.ts, the ExportData literal in src/types.ts, the supportedVersions set in src/functions/export-import.ts, and the round-trip test in test/export-import.test.ts.
• test/mcp-standalone-proxy.test.ts — 4 new tests:
  • AGENTMEMORY_FORCE_PROXY=1 skips the livez probe and forwards directly.
  • Probe failure writes diagnostic to stderr with AGENTMEMORY_FORCE_PROXY hint.
  • AGENTMEMORY_PROBE_TIMEOUT_MS overrides the default probe timeout.
  • (Plus tightening on existing tests for the new stderr writes.)

Test plan

• npm test — 859/859 pass on this branch (baseline: 856 on main; +3 net new tests).
• npm run build — clean tsdown build, no type errors.
• Smoke test in a sandboxed MCP client (Flatpak VS Codeium → Roo Code) after publish — set AGENTMEMORY_FORCE_PROXY=1, expect 51 tools.
• Smoke test docker compose down && docker compose up — verify /data/state_store.db persists across restarts.

Out of scope (filed separately)

• The iii-engine crash spam itself (iii-engine Docker container (iiidev/iii:0.11.2) fills disk space with massive 129GB stdout json.log #278 root cause). Belongs in iii-hq/iii; this PR only caps the blast radius. Will follow up there once @satabd can share a representative 50-100 line sample of the spam content so we can identify the failure pattern.

Summary by CodeRabbit

• Bug Fixes

  • CLI banner no longer leaks system errors
  • Container logs now rotate/capped to prevent disk growth (≈30MB)
  • Engine state is preserved across service restarts

• New Features

  • Health-probe timeout is configurable via environment variable
  • Escape hatch to bypass health checks when needed
  • Improved probe diagnostics and proxy logging

• Chores

  • Bumped version to 0.9.7

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agentmemory	Ready	Preview, Comment	May 11, 2026 0:46am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0cd970bf-b62d-4dda-9de6-27769d769841

📥 Commits

Reviewing files that changed from the base of the PR and between 89e9672 and b9c4336.

📒 Files selected for processing (1)

• src/mcp/standalone.ts

---

📝 Walkthrough

Walkthrough

v0.9.7 patch release bumps version across manifests and types, adds configurable MCP proxy health-probe timeout and an AGENTMEMORY_FORCE_PROXY escape hatch with enhanced stderr logging, switches Docker KV adapter paths to absolute container mount paths for persistence, captures CLI stdio to suppress which/where noise, expands export-import version validation, and updates tests and changelog.

Changes

Release v0.9.7

Layer / File(s)	Summary
Version & Type Declarations src/version.ts, src/types.ts	VERSION constant and ExportData.version type union are updated to include "0.9.7".
Package Manifests package.json, packages/mcp/package.json, plugin/.claude-plugin/plugin.json	Version fields are incremented from 0.9.6 to 0.9.7 across root and scoped packages.
MCP Proxy Enhancements src/mcp/rest-proxy.ts	Probe timeout becomes configurable via AGENTMEMORY_PROBE_TIMEOUT_MS environment variable with default; AGENTMEMORY_FORCE_PROXY=1 toggle skips /agentmemory/livez probe and trusts resolved base URL; probe failures now log detailed diagnostics (elapsed time, error message) to stderr.
Standalone MCP Handler src/mcp/standalone.ts	tools/list handler adds AGENTMEMORY_DEBUG-gated logging, validates proxied /agentmemory/mcp/tools response shape, and falls back to local visible tools when remote response is malformed.
Docker Infrastructure docker-compose.yml, iii-config.docker.yaml	iii-engine service adds json-file logging with max-size: 10m and max-file: 3; KV adapter file_path values changed from ./data/... to /data/... for correct mounted persistence.
CLI Improvements src/cli.ts	whichBinary() explicitly configures stdio to ignore stdin and pipe stdout/stderr, preventing spurious stderr output from which/where.
Export-Import Version Support src/functions/export-import.ts	Supported versions set expanded to accept 0.9.7 exports in mem::import validation.
Tests & Changelog test/mcp-standalone-proxy.test.ts, test/export-import.test.ts, CHANGELOG.md	Tests added/updated to cover force-proxy, probe logging, timeout override, and export version; changelog documents v0.9.7 (2026-05-11).

Sequence Diagram(s)

sequenceDiagram
  participant resolveHandle as resolveHandle()
  participant forceProxy as AGENTMEMORY_FORCE_PROXY
  participant probeTimeout as AGENTMEMORY_PROBE_TIMEOUT_MS
  participant probe as probe(url)
  participant proxy as Remote MCP
  participant standalone as Standalone MCP
  resolveHandle->>forceProxy: read flag
  alt Force proxy enabled
    resolveHandle-->>proxy: trust base URL (no probe)
    proxy-->>resolveHandle: proxy handle returned
  else Normal mode
    resolveHandle->>probeTimeout: read timeout
    resolveHandle->>probe: call /agentmemory/livez with timeout
    probe->>proxy: HTTP GET /agentmemory/livez
    alt Probe OK
      proxy-->>probe: 200 OK
      probe-->>resolveHandle: up=true
      resolveHandle-->>proxy: return proxy handle
    else Probe fails
      probe-->>resolveHandle: log stderr (elapsed + error)
      resolveHandle-->>standalone: return local handle (fallback)
    end
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• rohitg00/agentmemory#272: Modifies same release/version files and MCP standalone proxy behavior; closely related.
• rohitg00/agentmemory#270: Related MCP standalone proxy and tools listing changes affecting proxy/fallback logic.
• rohitg00/agentmemory#137: Related Docker config edits for iii-config.docker.yaml and mount/publish behavior.

Poem

🐰 A hop, a skip, a version's flight,
To 0.9.7, shining bright!
With timeouts set and proxies forced,
And Docker paths on proper course,
The CLI hushed, the tests all gleam. 🌟

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(mcp): probe diagnostics + sandbox escape hatch (#234, #278)' accurately describes the main changes: MCP probe improvements with diagnostics and the escape hatch feature (AGENTMEMORY_FORCE_PROXY), addressing the specified issues.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/234-shim-probe-diagnostics

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CHANGELOG.md`:
- Line 9: The changelog entry "## [0.9.7] — 2026-05-11" references a missing
link target; add a matching reference-link definition for "[0.9.7]" in the link
table at the bottom of CHANGELOG.md using the same format as the other releases
(i.e., a `[0.9.7]: <compare-URL-or-tag>` line that points to the repo's compare
or tag URL for 0.9.7 so the header resolves correctly).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8874c10f-6dc2-4bfa-8fcd-b22f096033a9

📥 Commits

Reviewing files that changed from the base of the PR and between 13924d2 and 89e9672.

📒 Files selected for processing (13)

• CHANGELOG.md
• docker-compose.yml
• iii-config.docker.yaml
• package.json
• packages/mcp/package.json
• plugin/.claude-plugin/plugin.json
• src/cli.ts
• src/functions/export-import.ts
• src/mcp/rest-proxy.ts
• src/types.ts
• src/version.ts
• test/export-import.test.ts
• test/mcp-standalone-proxy.test.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add the missing [0.9.7] reference link target.

Line 9 uses reference-link syntax ([0.9.7]), but the corresponding definition is missing in the link table, so this entry won’t resolve to a compare URL.

📎 Proposed doc fix

+[0.9.7]: https://github.com/rohitg00/agentmemory/compare/v0.9.6...v0.9.7
 [0.9.6]: https://github.com/rohitg00/agentmemory/compare/v0.9.5...v0.9.6
 [0.9.5]: https://github.com/rohitg00/agentmemory/compare/v0.9.4...v0.9.5

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CHANGELOG.md` at line 9, The changelog entry "## [0.9.7] — 2026-05-11"
references a missing link target; add a matching reference-link definition for
"[0.9.7]" in the link table at the bottom of CHANGELOG.md using the same format
as the other releases (i.e., a `[0.9.7]: <compare-URL-or-tag>` line that points
to the repo's compare or tag URL for 0.9.7 so the header resolves correctly).