github doobidoo/mcp-memory-service v10.37.0
v10.37.0 — POST /api/harvest HTTP endpoint for Session Harvest
on GitHub

latest release: v10.38.0
3 hours ago

What's New

POST /api/harvest — Session Harvest over HTTP (PR #710, closes #630)

Until now, Session Harvest was only accessible via the memory_harvest MCP tool — requiring an active MCP session. v10.37.0 adds a dedicated HTTP endpoint so scripts, cron jobs, CI pipelines, and the dashboard can trigger harvest without MCP.

Added

  • POST /api/harvest: New REST endpoint in src/mcp_memory_service/web/api/harvest.py. Request fields mirror the MCP tool exactly: sessions, session_ids, use_llm, dry_run, min_confidence, types, project_path. Auth via existing require_write_access dependency. Pydantic request/response models included.

  • Security-hardened project_path: Accepts only relative names under ~/.claude/projects/. Absolute paths, .. path-traversal components, and symlink escapes all return HTTP 400. Addresses CodeQL path-injection findings #383 and #384.

  • Async hygiene in harvester.py: harvest_and_store now offloads synchronous _harvest_file reads via asyncio.to_thread, keeping the event loop unblocked during file I/O. Benefits both MCP and HTTP callers.

Tests

  • 10 new tests in tests/web/api/test_harvest_api.py covering endpoint auth, dry-run mode, path-traversal rejection, and symlink escape prevention.

Related

  • Issue #631 (SessionEnd auto-harvest hook) builds on this endpoint.

Full CHANGELOG: CHANGELOG.md

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.37.0

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications