Skip to content

v3.0.0-alpha.1: Minimal core rewrite#4

Merged
kevintseng merged 18 commits intomainfrom
develop
Mar 8, 2026
Merged

v3.0.0-alpha.1: Minimal core rewrite#4
kevintseng merged 18 commits intomainfrom
develop

Conversation

@kevintseng
Copy link
Contributor

@kevintseng kevintseng commented Mar 8, 2026

Summary

  • v3 大重構: 從 50+ source files 精簡到 6 個, 26 deps → 3 deps
  • 3 MCP tools: remember, recall, forget — 移除其他 5 個 tools
  • 2 hooks: session-start + post-commit — 移除其他 4 個 hooks
  • memesh-view CLI: 新增 D3.js HTML dashboard (knowledge graph + entity table + stats)
  • 95,001 lines deleted, 2,922 lines added
  • 73 tests passing (BDD style, 7 test files)
  • Backward compatible DB schema (existing data stays usable)

Breaking Changes

  • MCP tools reduced: 8 → 3
  • Plugin hooks reduced: 6 → 2
  • Removed vector/ONNX embedding support (FTS5 only)
  • Removed daemon/proxy server modes (stdio only)

Test plan

  • npm run typecheck — clean
  • npm run build — successful
  • npx vitest run — 73/73 tests passing
  • memesh-view smoke test — opens HTML dashboard in browser
  • Comprehensive code review (Ripple Map + Reality Check) — all pass
  • Verify existing DB data is still queryable after upgrade

🤖 Generated with Claude Code

kevintseng and others added 14 commits March 9, 2026 03:12
@kevintseng @claude
chore(release): v2.10.2 [changelog cleanup]
387b335 
Remove sensitive internal details from public changelog entries.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
fix(hooks): add execute permissions to all hook scripts
eba7e38 
Hook scripts missing +x caused "hook error" on every tool call.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
test: add hook executable permission checks to installation tests
80246ee 
Prevents regression where hook scripts lose +x permission.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
chore: remove redundant CI workflows, keep ci/codeql/publish
03df1d1 
Removed: auto-release, e2e, installation-test, plugin-deployment-check.
Kept: ci.yml (build+test), codeql.yml (security), publish-npm.yml (npm).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
chore(v3): strip to minimal build config — 3 deps, 2 hooks
02f7340 
Reduce from 26 production dependencies to 3 (better-sqlite3,
@modelcontextprotocol/sdk, zod). Remove daemon mode, 4 hooks,
CLI features, and skills from config files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
feat(v3): add minimal database layer with schema + FTS5
b159c6b 
Direct better-sqlite3 with WAL mode, foreign keys, 4 tables
(entities, observations, relations, tags), FTS5 virtual table,
and 5 indexes. 10 BDD tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
feat(v3): add KnowledgeGraph with FTS5 search, CRUD, batch ops
54db5cc 
KnowledgeGraph class with dependency injection, contentless FTS5
sync, upsert semantics, tag filtering, cascade delete. 18 BDD
tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
feat(v3): add MCP server with remember/recall/forget tools
30c4c0c 
3 tools with zod validation, FTS5 search, tag filtering.
MCP server via StdioServerTransport. 15 BDD tests passing,
no regressions on existing 28 tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
feat(v3): rewrite hooks — minimal session-start + post-commit
75650db 
Two standalone ESM hooks replacing 7 old files. session-start
auto-recalls project memories with observations. post-commit
detects git commits and stores as entities. 13 BDD tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
chore(v3): remove legacy code — from 50+ files to 8 source files
5bf6cbd 
Delete all old source modules (embeddings, memory, core, cli,
handlers, daemon), 30 scripts, 14 test directories, and 3 config
files. Keep only v3 core: 5 src files, 6 test files, 2 hooks.
63 tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
docs(v3): update all documentation + fix schema drift in hook
43bb3cb 
Rewrite README, CLAUDE.md, ARCHITECTURE.md, API_REFERENCE.md for
v3 minimal architecture. Remove obsolete docs. Fix critical schema
drift: add missing relations table to post-commit.js SCHEMA_SQL.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
feat(cli): add memesh-view dashboard command
a3d6fc6 
Generates self-contained HTML dashboard with D3.js force-directed
knowledge graph, entity table with search, and statistics summary.
Also fixes vitest pool from threads to forks to prevent SIGSEGV
with better-sqlite3 native module.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
docs: update changelog with memesh-view feature
fc8dac8 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
Merge branch 'feature/v3-minimal-core' into develop
402ba28 
v3.0.0-alpha.1: Minimal core rewrite
- 3 MCP tools (remember/recall/forget), 2 hooks, 3 deps
- memesh-view CLI dashboard (D3.js knowledge graph)
- 95,001 lines removed, 73 tests passing

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 8, 2026
View reviewed changes
src/cli/view.ts

const html = generateDashboardHtml(dbPath);
const outPath = path.join(os.tmpdir(), 'memesh-dashboard.html');
fs.writeFileSync(outPath, html, 'utf-8');

Check failure

Code scanning / CodeQL

Insecure temporary file High

Insecure creation of file in
the os temp dir
Loading
.

Copilot Autofix

AI 14 days ago

In general, the fix is to stop manually constructing a filename in the OS temp directory and instead use a temp‑file helper that (a) creates the file atomically with exclusive access, (b) uses a unique, hard‑to‑predict name, and (c) sets secure permissions. For Node, the recommended approach is to use the well‑tested tmp package and call tmp.fileSync() (or tmp.file() for async) to obtain a securely created temp file path.

For this code, the best minimal‑impact fix is:

  1. Import the tmp library at the top of src/cli/view.ts. We’ll keep existing imports intact and add import tmp from 'tmp';.
  2. Replace the manual outPath = path.join(os.tmpdir(), 'memesh-dashboard.html'); with a call to tmp.fileSync(). We should:
    • Request a descriptive prefix or postfix/extension (e.g. .html) so the OS and browser treat it as HTML.
    • Use the returned .name field as the outPath.
  3. Keep writing the HTML using fs.writeFileSync to that path and keep the browser‑opening logic unchanged.

Concretely, in src/cli/view.ts:

  • Near the existing imports (around line 3–8), add import tmp from 'tmp';.

  • Around line 550–551, replace:

    • const outPath = path.join(os.tmpdir(), 'memesh-dashboard.html');
    • fs.writeFileSync(outPath, html, 'utf-8');

    with something like:

    const tmpFile = tmp.fileSync({ postfix: '.html' });
const outPath = tmpFile.name;
fs.writeFileSync(outPath, html, 'utf-8');

This preserves functionality (a temp HTML file is created and opened) while ensuring a unique, securely created temp file.

Suggested changeset 2
src/cli/view.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/cli/view.ts b/src/cli/view.ts
--- a/src/cli/view.ts
+++ b/src/cli/view.ts
@@ -6,6 +6,7 @@
 import os from 'os';
 import { execFile } from 'child_process';
 import { fileURLToPath } from 'url';
+import tmp from 'tmp';
 
 interface DashboardData {
   entities: Array<{
@@ -547,7 +548,8 @@
     path.join(os.homedir(), '.memesh', 'knowledge-graph.db');
 
   const html = generateDashboardHtml(dbPath);
-  const outPath = path.join(os.tmpdir(), 'memesh-dashboard.html');
+  const tmpFile = tmp.fileSync({ postfix: '.html' });
+  const outPath = tmpFile.name;
   fs.writeFileSync(outPath, html, 'utf-8');
 
   // Open in default browser
EOF
@@ -6,6 +6,7 @@
import os from 'os';
import { execFile } from 'child_process';
import { fileURLToPath } from 'url';
import tmp from 'tmp';

interface DashboardData {
entities: Array<{
@@ -547,7 +548,8 @@
path.join(os.homedir(), '.memesh', 'knowledge-graph.db');

const html = generateDashboardHtml(dbPath);
const outPath = path.join(os.tmpdir(), 'memesh-dashboard.html');
const tmpFile = tmp.fileSync({ postfix: '.html' });
const outPath = tmpFile.name;
fs.writeFileSync(outPath, html, 'utf-8');

// Open in default browser
package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -33,7 +33,8 @@
   "dependencies": {
     "better-sqlite3": "^12.6.2",
     "@modelcontextprotocol/sdk": "^1.25.3",
-    "zod": "^4.3.5"
+    "zod": "^4.3.5",
+    "tmp": "^0.2.5"
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.13",
EOF
@@ -33,7 +33,8 @@
"dependencies": {
"better-sqlite3": "^12.6.2",
"@modelcontextprotocol/sdk": "^1.25.3",
"zod": "^4.3.5"
"zod": "^4.3.5",
"tmp": "^0.2.5"
},
"devDependencies": {
"@types/better-sqlite3": "^7.6.13",
This fix introduces these dependencies
Package Version Security advisories
tmp (npm) 0.2.5 None
Copilot is powered by AI and may make mistakes. Always verify output.
kevintseng and others added 4 commits March 9, 2026 05:49
@kevintseng @claude
fix(db): change default DB path to knowledge-graph.db
b587546 
Matches the existing v2 database filename for backward compatibility.
All source files and documentation updated.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
feat(cli): improve graph readability + add dashboard screenshot
90d3575 
Show only top 40 most-connected entities in graph (not all 777),
increase force repulsion, truncate long labels. Add screenshot
to README.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
docs: update README to match v3 codebase accurately
a65d7e8 
Rewrite README to reflect current architecture including cli/view.ts,
accurate tool descriptions, hook event types, and CLI dashboard section.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng @claude
fix: address PR review — error handling, FTS5 consistency, XSS, docs
bff9305 
- Add try-catch in handleTool to prevent MCP server crash on DB errors
- Fix escapeJsonForHtml: replace & before < > (standard ordering)
- Fix FTS5 duplicate entries: use INSERT OR IGNORE changes to detect new entities
- Fix post-commit hook FTS5 delete: use actual observations text, not empty string
- Add graceful shutdown (SIGINT/SIGTERM) with DB cleanup in server.ts
- Add try-finally in hooks to guarantee db.close() on error paths
- Add stderr logging in post-commit hook (silent but traceable)
- Fix session-start hook: report errors honestly instead of fake success
- Add FTS5 search error handling (catch syntax errors, return empty)
- Add error logging in view.ts when DB open fails
- Fix ARCHITECTURE.md: 7 test files / 73 tests (was 6/63)
- Fix API_REFERENCE.md: .mcp.json uses ${CLAUDE_PLUGIN_ROOT}
- Clean vitest.config.ts: remove outdated comments and dead exclusion

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kevintseng kevintseng merged commit f5d0857 into main Mar 8, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kevintseng