memory-mcp 0.12.0

MCP server for semantic memory — pure-Rust embeddings, vector search, git-backed storage
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

//! Integration tests for the `--allowed-host` DNS rebinding protection.
//!
//! These tests spin up a real HTTP server and verify that rmcp's host
//! validation accepts or rejects requests based on the `Host` header.

use std::time::Duration;

use reqwest::header::{HeaderValue, HOST};

/// Start the server binary with the given args and an empty repo, wait for
/// it to be ready, and return the child process, port, and temp dir handle.
async fn start_server(extra_args: &[&str]) -> (tokio::process::Child, u16, tempfile::TempDir) {
    let tmp = tempfile::tempdir().expect("failed to create temp dir");
    let repo_path = tmp.path().to_str().expect("non-utf8 temp path");
    let port = portpicker::pick_unused_port().expect("no free port");
    let bind = format!("127.0.0.1:{port}");

    let mut cmd = tokio::process::Command::new(env!("CARGO_BIN_EXE_memory-mcp"));
    cmd.args(["serve", "--bind", &bind, "--repo-path", repo_path])
        .args(extra_args)
        .kill_on_drop(true)
        .stdout(std::process::Stdio::null())
        .stderr(std::process::Stdio::null());

    let child = cmd.spawn().expect("failed to start memory-mcp");

    // Wait for the server to be ready by polling /healthz.
    let client = reqwest::Client::new();
    let healthz_url = format!("http://{bind}/healthz");
    for _ in 0..100 {
        if client.get(&healthz_url).send().await.is_ok() {
            return (child, port, tmp);
        }
        tokio::time::sleep(Duration::from_millis(100)).await;
    }
    panic!("server did not become ready within 10s");
}

#[tokio::test]
async fn request_with_default_localhost_host_is_accepted() {
    let (mut child, port, _tmp) = start_server(&[]).await;

    let client = reqwest::Client::new();
    let resp = client
        .get(format!("http://127.0.0.1:{port}/mcp"))
        .send()
        .await
        .expect("request should succeed");

    // /mcp without proper MCP headers returns 405 or 400, but NOT 403 —
    // the point is the host check passed.
    assert_ne!(
        resp.status().as_u16(),
        403,
        "localhost should not be rejected"
    );

    child.kill().await.ok();
}

#[tokio::test]
async fn request_with_unknown_host_is_rejected() {
    let (mut child, port, _tmp) = start_server(&[]).await;

    let client = reqwest::Client::builder()
        .no_proxy()
        .build()
        .expect("client");
    let resp = client
        .get(format!("http://127.0.0.1:{port}/mcp"))
        .header(HOST, HeaderValue::from_static("evil.attacker.com"))
        .send()
        .await
        .expect("request should succeed at TCP level");

    assert_eq!(
        resp.status().as_u16(),
        403,
        "unknown host should be rejected with 403"
    );

    child.kill().await.ok();
}

#[tokio::test]
async fn request_with_allowed_host_is_accepted() {
    let (mut child, port, _tmp) = start_server(&["--allowed-host", "memory-mcp.svc.echoes"]).await;

    let client = reqwest::Client::builder()
        .no_proxy()
        .build()
        .expect("client");
    let resp = client
        .get(format!("http://127.0.0.1:{port}/mcp"))
        .header(HOST, HeaderValue::from_static("memory-mcp.svc.echoes"))
        .send()
        .await
        .expect("request should succeed");

    // Should pass host check — NOT 403.
    assert_ne!(
        resp.status().as_u16(),
        403,
        "explicitly allowed host should not be rejected"
    );

    child.kill().await.ok();
}