github doobidoo/mcp-memory-service v10.49.0
v10.49.0 — CLI Lifecycle Commands + Lazy Imports
on GitHub

3 hours ago

Special Thanks

This release is dedicated to @creativelaides (Jose Velaides) whose original PR #743 formed the foundation of this work. All 6 of their commits are co-authored on the merged squash in PR #841.

What's New

Added

  • CLI lifecycle commands: New memory launch|stop|restart|info|health|logs commands for managing the background HTTP server — cross-platform PID tracking, health polling, and clean teardown via cli/lifecycle.py.
  • Lazy CLI command loading: Ingestion commands (ingest-document, ingest-directory, list-formats) are now lazy-loaded — imported only when invoked, not at CLI startup.
  • Lazy package imports: Heavy dependencies (torch, transformers, sentence-transformers) are imported only when lazy-loaded attributes like Memory, MemoryQueryResult, or MemoryStorage are accessed.
  • Unit tests for lazy loading: Targeted unit tests covering package lazy imports, CLI lazy command availability, and lifecycle command registration.

Changed

  • CLI startup performance: memory --help and lifecycle commands now start in under 3 seconds (was ~22s) by avoiding eager ML imports at module load time.
  • HTTP host/port ergonomics: memory server --http now supports --http-host and --http-port; lifecycle commands use --host and --port with environment fallbacks.
  • restart inherits flags: restart threads --storage-backend and --debug flags from the running server process automatically.
  • Test conftest cleanup: Removed Unicode emoji characters from tests/conftest.py to avoid UnicodeEncodeError on Windows cp1252 consoles.
  • Test architecture: tests/test_memory_ontology_integration.py rewritten to drop sys.modules shadow gymnastics; subprocess isolation for lazy-import assertions; qualified conftest imports in csv/json/semtools loader tests restored (+18 recovered tests, total ~1,803).

Security

  • Fixed command injection in launch: Replaced unsafe -c command string with safe argument list using sys.executable -m uvicorn with separate args for --host and --port. User-controlled host values no longer get interpolated into code strings. (PR #740)
  • Fixed file handle leak in detached launch: Parent process now explicitly closes stdout/stderr file handles immediately after spawning child process, preventing resource exhaustion. (PR #740)
  • MCP_ALLOW_ANONYMOUS_ACCESS pass-through: The env var is no longer forced to true internally; the actual environment value is now passed through to the launched server, restoring the intended security boundary.
  • PR #438 test-safety protections preserved: Windows test-safety positive allowlist is maintained alongside production indicators — the triple-safety system against production database deletion remains intact.

Fixed

  • PID-reuse detection: stop and restart commands detect PID reuse via create_time + cmdline_hint to avoid killing an unrelated process that inherited the same PID.
  • Version lookup: CLI info command now reads version from _version.py directly instead of importlib.metadata, avoiding stale cached values.
  • Optimized log reading: logs command uses streaming tail with collections.deque(maxlen=lines) instead of read_text().splitlines() to avoid loading the entire log file into memory. (PR #740)
  • Security warnings in docs: Added explicit security notice in launch command help text and README.md lifecycle section warning that binding to non-loopback hosts exposes the API. (PR #740)

Full Changelog: https://github.com/doobidoo/mcp-memory-service/blob/main/CHANGELOG.md

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.49.0

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications