Problem
Indexing a temporary root like /private/tmp succeeds today. In practice that lets MCP cache and reload broad temp directories containing many unrelated worktrees, which can drive codedb --mcp into pathological multi-GB memory usage and swap pressure.
Failing Test
test "issue-77: mcp index accepts temporary-directory roots that cause pathological cache growth" {
var tmp_name_buf: [128]u8 = undefined;
const tmp_name = try std.fmt.bufPrint(&tmp_name_buf, "codedb-issue-77-{d}", .{std.time.microTimestamp()});
const tmp_root = try std.fs.path.join(testing.allocator, &.{ "/private/tmp", tmp_name });
defer testing.allocator.free(tmp_root);
std.fs.cwd().makePath(tmp_root) catch |err| switch (err) {
error.PathAlreadyExists => {},
else => return err,
};
defer std.fs.cwd().deleteTree(tmp_root) catch {};
const source_path = try std.fs.path.join(testing.allocator, &.{ tmp_root, "sample.zig" });
defer testing.allocator.free(source_path);
{
const file = try std.fs.cwd().createFile(source_path, .{});
defer file.close();
try file.writeAll("pub fn sample() void {}\n");
}
const result = try std.process.Child.run(.{
.allocator = testing.allocator,
.argv = &.{ "zig", "build", "run", "--", tmp_root, "snapshot" },
.cwd = "/Users/rachpradhan/codedb2",
.max_output_bytes = 256 * 1024,
});
defer testing.allocator.free(result.stdout);
defer testing.allocator.free(result.stderr);
try testing.expect(result.term.Exited != 0);
}Expected
codedb <tmp-root> snapshot and MCP codedb_index should reject temporary-directory roots before scanning or snapshotting them.
Fix
Add a shared root policy that rejects /private/tmp, /tmp, and similar temp roots in both the CLI snapshot path and the MCP indexing/cache path so these directories are neither indexed nor reloaded.
Problem
Indexing a temporary root like
/private/tmpsucceeds today. In practice that lets MCP cache and reload broad temp directories containing many unrelated worktrees, which can drivecodedb --mcpinto pathological multi-GB memory usage and swap pressure.Failing Test
Expected
codedb <tmp-root> snapshotand MCPcodedb_indexshould reject temporary-directory roots before scanning or snapshotting them.Fix
Add a shared root policy that rejects
/private/tmp,/tmp, and similar temp roots in both the CLI snapshot path and the MCP indexing/cache path so these directories are neither indexed nor reloaded.