fix(mcp): reject codedb_projects in bundle — v0.2.5810 (#441)#442
Merged
fix(mcp): reject codedb_projects in bundle — v0.2.5810 (#441)#442
Conversation
codedb_projects lists every indexed project on the machine — a global directory enumeration unrelated to the current repo. Planners that see a previous bundle calling codedb_projects tend to replay the same shape (e.g. 5x codedb_projects in one batch), making it a pattern-amplification footgun. Two tests: - handleBundle dispatcher must reject codedb_projects with an explicit error, mirroring codedb_bundle (recursive) and codedb_edit (write op) rejections. - buildAugmentedToolsList oneOf branches must not advertise codedb_projects, so opt-in clients aren't tempted to use it. Both fail on this branch; fix follows in next commit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
codedb_projects lists every indexed project on the machine — a global directory enumeration unrelated to whatever repo the agent is working on. When a planner sees a previous bundle that called codedb_projects, it tends to replay the same shape (5x codedb_projects in one batch), and recent-message attention bias amplifies it on continuation (graff and other resumable clients ship the delta + previous_response_id, so the prior assistant message dominates planner context). Block it at the dispatcher, mirroring codedb_bundle (recursive) and codedb_edit (write op) rejections. The discriminated oneOf (opt-in via CODEDB_DISCRIMINATED_SCHEMA=1) also drops the codedb_projects branch. Standalone calls outside a bundle are unchanged. 515/515 tests pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Block
codedb_projectsfrom being a validcodedb_bundlesub-op. It's a global directory enumeration that planners replay when they see it once — recent-message attention bias on resumable clients (graff, etc., that shipdelta + previous_response_id) amplifies the loop. Mirroring the existing rejections ofcodedb_bundle(recursive) andcodedb_edit(write).Fixes #441.
Change
handleBundleinsrc/mcp.zigrejectscodedb_projectswitherror: codedb_projects not allowed in bundle.buildAugmentedToolsListexcludescodedb_projectsfrom the discriminatedoneOfbranches (matching the dispatcher-level rejection).codedb_projectsoutside a bundle are unchanged — it's still a useful tool when a global listing genuinely is what's wanted.Test plan
zig build test— 515/515 pass. Two new tests (issue-441: bundle rejects codedb_projects sub-op,issue-441: codedb_projects branch is excluded from augmented oneOf) fail on main and pass with the fix.🤖 Generated with Claude Code