# Pitfall Log

Project: doobidoo/mcp-memory-service

Summary: Found 39 potential pitfall items; 1 are high/blocking. Highest priority: security_permissions - 来源证据：[Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare).

## 1. security_permissions · 来源证据：[Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare)

- Severity: high
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：[Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare)
- User impact: 可能阻塞安装或首次运行。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_d0f9028fc870496f9576de28c5355817 | https://github.com/doobidoo/mcp-memory-service/issues/950 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 2. installation · 失败模式：installation: [Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare)

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: [Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare)
- User impact: Developers may fail before the first successful local run: [Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare)
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare). Context: Observed when using node, python, docker, macos
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_dd89642370c2dba2d6aacf12756658a6 | https://github.com/doobidoo/mcp-memory-service/issues/950 | [Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare), failure_mode_cluster:github_issue | fmev_07b451a0081c6435e7494e041a6641bc | https://github.com/doobidoo/mcp-memory-service/issues/950 | [Bug]: hardcoded port in memory-client.js, breaking HTTP/HTTPS tunnels (e.g., Cloudflare)

## 3. installation · 失败模式：installation: chore(milvus): track optional BaseStorage overrides + test coverage gaps

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: chore(milvus): track optional BaseStorage overrides + test coverage gaps
- User impact: Developers may fail before the first successful local run: chore(milvus): track optional BaseStorage overrides + test coverage gaps
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: chore(milvus): track optional BaseStorage overrides + test coverage gaps. Context: Observed when using docker
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_74209176888c160a35483f3156117496 | https://github.com/doobidoo/mcp-memory-service/issues/888 | chore(milvus): track optional BaseStorage overrides + test coverage gaps, failure_mode_cluster:github_issue | fmev_d8321b2cf697c747506701fd9f641fef | https://github.com/doobidoo/mcp-memory-service/issues/888 | chore(milvus): track optional BaseStorage overrides + test coverage gaps, failure_mode_cluster:github_issue | fmev_89d7bb3a956afe53a7a303ded77ab494 | https://github.com/doobidoo/mcp-memory-service/issues/888 | chore(milvus): track optional BaseStorage overrides + test coverage gaps, failure_mode_cluster:github_issue | fmev_4d3ba37fa05ae6ea3d30aa7e6acbf4a4 | https://github.com/doobidoo/mcp-memory-service/issues/888 | chore(milvus): track optional BaseStorage overrides + test coverage gaps

## 4. installation · 失败模式：installation: fix(hooks): PR #952 missed `core/session-end.js` — same Cloudflare Tunnel port-fallback bug

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: fix(hooks): PR #952 missed `core/session-end.js` — same Cloudflare Tunnel port-fallback bug
- User impact: Developers may fail before the first successful local run: fix(hooks): PR #952 missed `core/session-end.js` — same Cloudflare Tunnel port-fallback bug
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: fix(hooks): PR #952 missed `core/session-end.js` — same Cloudflare Tunnel port-fallback bug. Context: Observed when using windows
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_b14a35b730602b08a29e3abbdfa0c377 | https://github.com/doobidoo/mcp-memory-service/issues/957 | fix(hooks): PR #952 missed `core/session-end.js` — same Cloudflare Tunnel port-fallback bug, failure_mode_cluster:github_issue | fmev_a2aed67ef427fc7f9ddeebb038420d7d | https://github.com/doobidoo/mcp-memory-service/issues/957 | fix(hooks): PR #952 missed `core/session-end.js` — same Cloudflare Tunnel port-fallback bug

## 5. installation · 失败模式：installation: v10.59.0 — OAuth PEM key files, IDE redirect URI schemes, memory-scorer affinity fix

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v10.59.0 — OAuth PEM key files, IDE redirect URI schemes, memory-scorer affinity fix
- User impact: Upgrade or migration may change expected behavior: v10.59.0 — OAuth PEM key files, IDE redirect URI schemes, memory-scorer affinity fix
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v10.59.0 — OAuth PEM key files, IDE redirect URI schemes, memory-scorer affinity fix. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_d0ce94252816336aa4ecbd45eeb73603 | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.59.0 | v10.59.0 — OAuth PEM key files, IDE redirect URI schemes, memory-scorer affinity fix

## 6. installation · 失败模式：installation: v10.59.1 — OAuth state parameter RFC 6749 compliance fix

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v10.59.1 — OAuth state parameter RFC 6749 compliance fix
- User impact: Upgrade or migration may change expected behavior: v10.59.1 — OAuth state parameter RFC 6749 compliance fix
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v10.59.1 — OAuth state parameter RFC 6749 compliance fix. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_a0594e0fe855897f4612a17f520e81d4 | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.59.1 | v10.59.1 — OAuth state parameter RFC 6749 compliance fix

## 7. installation · 失败模式：installation: v10.60.2 — fix(milvus): brute-force query() for semantic dedup growing-segment visibility

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v10.60.2 — fix(milvus): brute-force query() for semantic dedup growing-segment visibility
- User impact: Upgrade or migration may change expected behavior: v10.60.2 — fix(milvus): brute-force query() for semantic dedup growing-segment visibility
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v10.60.2 — fix(milvus): brute-force query() for semantic dedup growing-segment visibility. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_8a1390fb930fb3d5c55aee894e53c0e3 | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.60.2 | v10.60.2 — fix(milvus): brute-force query() for semantic dedup growing-segment visibility

## 8. installation · 失败模式：installation: v10.63.0 — Milvus Issue #888 Complete + Kiro CLI Harvest Fix

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v10.63.0 — Milvus Issue #888 Complete + Kiro CLI Harvest Fix
- User impact: Upgrade or migration may change expected behavior: v10.63.0 — Milvus Issue #888 Complete + Kiro CLI Harvest Fix
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v10.63.0 — Milvus Issue #888 Complete + Kiro CLI Harvest Fix. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_cce458b1322f9ccb8db2498d3499650d | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.63.0 | v10.63.0 — Milvus Issue #888 Complete + Kiro CLI Harvest Fix

## 9. installation · 来源证据：Quality trends endpoint AttributeError on sqlite_vec backend: 'SqliteVecMemoryStorage' object has no attribute 'search_…

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：Quality trends endpoint AttributeError on sqlite_vec backend: 'SqliteVecMemoryStorage' object has no attribute 'search_all_memories'
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_da505f8e644d4dedbe7b94f2026f2c47 | https://github.com/doobidoo/mcp-memory-service/issues/981 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 10. installation · 来源证据：chore(milvus): track optional BaseStorage overrides + test coverage gaps

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：chore(milvus): track optional BaseStorage overrides + test coverage gaps
- User impact: 可能阻塞安装或首次运行。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_520e5021db184be199bf78f1b662b13c | https://github.com/doobidoo/mcp-memory-service/issues/888 | 来源讨论提到 docker 相关条件，需在安装/试用前复核。

## 11. installation · 来源证据：fix(hooks): PR #952 missed `core/session-end.js` — same Cloudflare Tunnel port-fallback bug

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：fix(hooks): PR #952 missed `core/session-end.js` — same Cloudflare Tunnel port-fallback bug
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_99e7481daede4079a5bb8c96cba781ba | https://github.com/doobidoo/mcp-memory-service/issues/957 | 来源讨论提到 windows 相关条件，需在安装/试用前复核。

## 12. installation · 来源证据：fix(milvus): test_semantic_dedup_blocks_near_duplicate still fails after consistency_level=Session fix

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：fix(milvus): test_semantic_dedup_blocks_near_duplicate still fails after consistency_level=Session fix
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_2027915616af406998b039c789f84c69 | https://github.com/doobidoo/mcp-memory-service/issues/938 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 13. installation · 来源证据：v10.54.0 — AND/OR tag filtering for memory_search

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：v10.54.0 — AND/OR tag filtering for memory_search
- User impact: 可能影响升级、迁移或版本选择。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_5aa57485baf04502a8291b6694828c38 | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.54.0 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 14. installation · 来源证据：v10.55.0 — Entity Extraction, Insight Cards, urllib3 bump

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：v10.55.0 — Entity Extraction, Insight Cards, urllib3 bump
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_c50e5d07aa964a89a80ade8ee3055612 | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.55.0 | 来源类型 github_release 暴露的待验证使用条件。

## 15. configuration · 可能修改宿主 AI 配置

- Severity: medium
- Evidence strength: source_linked
- Finding: 项目面向 Claude/Cursor/Codex/Gemini/OpenCode 等宿主，或安装命令涉及用户配置目录。
- User impact: 安装可能改变本机 AI 工具行为，用户需要知道写入位置和回滚方法。
- Suggested check: 列出会写入的配置文件、目录和卸载/回滚步骤。
- Guardrail action: 涉及宿主配置目录时必须给回滚路径，不能只给安装命令。
- Evidence: capability.host_targets | github_repo:908539519 | https://github.com/doobidoo/mcp-memory-service | host_targets=mcp_host, claude

## 16. configuration · 失败模式：configuration: Project-affinity hard filter zeroes all scores when project name is a superset of memory tags...

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Project-affinity hard filter zeroes all scores when project name is a superset of memory tags (asymmetric `.includes()`)
- User impact: Developers may misconfigure credentials, environment, or host setup: Project-affinity hard filter zeroes all scores when project name is a superset of memory tags (asymmetric `.includes()`)
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Project-affinity hard filter zeroes all scores when project name is a superset of memory tags (asymmetric `.includes()`). Context: Observed when using python, linux
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_d1e6b62e41c0cf3c6d4867576ec205f2 | https://github.com/doobidoo/mcp-memory-service/issues/941 | Project-affinity hard filter zeroes all scores when project name is a superset of memory tags (asymmetric `.includes()`)

## 17. configuration · 失败模式：configuration: [automated] Contributor activity digest

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: [automated] Contributor activity digest
- User impact: Developers may misconfigure credentials, environment, or host setup: [automated] Contributor activity digest
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [automated] Contributor activity digest. Context: Observed during version upgrade or migration.
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_cdd98907ecf0813d3cca5938d053939d | https://github.com/doobidoo/mcp-memory-service/issues/937 | [automated] Contributor activity digest

## 18. configuration · 失败模式：configuration: bug(consolidation): contradiction detection crashes on missing storage.list_memories — shippe...

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: bug(consolidation): contradiction detection crashes on missing storage.list_memories — shipped broken in v10.60.0
- User impact: Developers may misconfigure credentials, environment, or host setup: bug(consolidation): contradiction detection crashes on missing storage.list_memories — shipped broken in v10.60.0
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: bug(consolidation): contradiction detection crashes on missing storage.list_memories — shipped broken in v10.60.0. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_886eb379e3e7ddfb3838d01f459a2a13 | https://github.com/doobidoo/mcp-memory-service/issues/959 | bug(consolidation): contradiction detection crashes on missing storage.list_memories — shipped broken in v10.60.0

## 19. configuration · 失败模式：configuration: feat: cascading search fallback when semantic results are sparse

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: feat: cascading search fallback when semantic results are sparse
- User impact: Developers may misconfigure credentials, environment, or host setup: feat: cascading search fallback when semantic results are sparse
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: feat: cascading search fallback when semantic results are sparse. Context: Source discussion did not expose a precise runtime context.
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_8fc694ce4bba9729e62b19e988a1d8b6 | https://github.com/doobidoo/mcp-memory-service/issues/873 | feat: cascading search fallback when semantic results are sparse

## 20. configuration · 失败模式：configuration: v10.58.0 — InsightGenerator: configurable exclusion, automated-type heuristic, acknowledgemen...

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v10.58.0 — InsightGenerator: configurable exclusion, automated-type heuristic, acknowledgement flow
- User impact: Upgrade or migration may change expected behavior: v10.58.0 — InsightGenerator: configurable exclusion, automated-type heuristic, acknowledgement flow
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v10.58.0 — InsightGenerator: configurable exclusion, automated-type heuristic, acknowledgement flow. Context: Observed during version upgrade or migration.
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_e88b18989bddcec0f1d8e4edabb3137e | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.58.0 | v10.58.0 — InsightGenerator: configurable exclusion, automated-type heuristic, acknowledgement flow

## 21. configuration · 失败模式：configuration: v10.59.2 — fix(oauth): AnyUrl for redirect_uri, IDE schemes now functional

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v10.59.2 — fix(oauth): AnyUrl for redirect_uri, IDE schemes now functional
- User impact: Upgrade or migration may change expected behavior: v10.59.2 — fix(oauth): AnyUrl for redirect_uri, IDE schemes now functional
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v10.59.2 — fix(oauth): AnyUrl for redirect_uri, IDE schemes now functional. Context: Observed during version upgrade or migration.
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_8d10e56924a64499b0765864db43f654 | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.59.2 | v10.59.2 — fix(oauth): AnyUrl for redirect_uri, IDE schemes now functional

## 22. configuration · 失败模式：configuration: v10.60.1 — Milvus tag_match + session-end port fallback + contradiction detection repair

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v10.60.1 — Milvus tag_match + session-end port fallback + contradiction detection repair
- User impact: Upgrade or migration may change expected behavior: v10.60.1 — Milvus tag_match + session-end port fallback + contradiction detection repair
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v10.60.1 — Milvus tag_match + session-end port fallback + contradiction detection repair. Context: Observed during version upgrade or migration.
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_df9c592e9c921338e81c926f496f3755 | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.60.1 | v10.60.1 — Milvus tag_match + session-end port fallback + contradiction detection repair

## 23. configuration · 来源证据：Support Kiro CLI JSONL format in memory_harvest

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个配置相关的待验证问题：Support Kiro CLI JSONL format in memory_harvest
- User impact: 可能影响升级、迁移或版本选择。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_3c9e617ea7184d08ae031c4983f4787c | https://github.com/doobidoo/mcp-memory-service/issues/934 | 来源类型 github_issue 暴露的待验证使用条件。

## 24. configuration · 来源证据：bug(consolidation): contradiction detection crashes on missing storage.list_memories — shipped broken in v10.60.0

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个配置相关的待验证问题：bug(consolidation): contradiction detection crashes on missing storage.list_memories — shipped broken in v10.60.0
- User impact: 可能阻塞安装或首次运行。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_fdf4f21de0234532b94ed2ffe3673c4e | https://github.com/doobidoo/mcp-memory-service/issues/959 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 25. capability · 能力判断依赖假设

- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: 假设不成立时，用户拿不到承诺的能力。
- Suggested check: 将假设转成下游验证清单。
- Guardrail action: 假设必须转成验证项；没有验证结果前不能写成事实。
- Evidence: capability.assumptions | github_repo:908539519 | https://github.com/doobidoo/mcp-memory-service | README/documentation is current enough for a first validation pass.

## 26. runtime · 来源证据：bug(harvest): Kiro CLI parser misses 80% of messages — wrong kind mapping + overzealous filter

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个运行相关的待验证问题：bug(harvest): Kiro CLI parser misses 80% of messages — wrong kind mapping + overzealous filter
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_4c07b5794f0741d8b76a3e94ca317421 | https://github.com/doobidoo/mcp-memory-service/issues/972 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 27. maintenance · 失败模式：migration: Support Kiro CLI JSONL format in memory_harvest

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this migration risk before relying on the project: Support Kiro CLI JSONL format in memory_harvest
- User impact: Developers may hit a documented source-backed failure mode: Support Kiro CLI JSONL format in memory_harvest
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Support Kiro CLI JSONL format in memory_harvest. Context: Observed during version upgrade or migration.
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_ccb1d35700dbdd7961b19ca816ab2ec2 | https://github.com/doobidoo/mcp-memory-service/issues/934 | Support Kiro CLI JSONL format in memory_harvest

## 28. maintenance · 失败模式：migration: fix(milvus): test_semantic_dedup_blocks_near_duplicate still fails after consistency_level=Se...

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this migration risk before relying on the project: fix(milvus): test_semantic_dedup_blocks_near_duplicate still fails after consistency_level=Session fix
- User impact: Developers may hit a documented source-backed failure mode: fix(milvus): test_semantic_dedup_blocks_near_duplicate still fails after consistency_level=Session fix
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: fix(milvus): test_semantic_dedup_blocks_near_duplicate still fails after consistency_level=Session fix. Context: Observed when using python, docker
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_474dd77beac7531143e2c9c8c014d21e | https://github.com/doobidoo/mcp-memory-service/issues/938 | fix(milvus): test_semantic_dedup_blocks_near_duplicate still fails after consistency_level=Session fix

## 29. maintenance · 来源证据：v10.55.1 — Entity Link Storage Fix

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个维护/版本相关的待验证问题：v10.55.1 — Entity Link Storage Fix
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_0d033317867f482985c4e395b8825cfe | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.55.1 | 来源类型 github_release 暴露的待验证使用条件。

## 30. maintenance · 维护活跃度未知

- Severity: medium
- Evidence strength: source_linked
- Finding: 未记录 last_activity_observed。
- User impact: 新项目、停更项目和活跃项目会被混在一起，推荐信任度下降。
- Suggested check: 补 GitHub 最近 commit、release、issue/PR 响应信号。
- Guardrail action: 维护活跃度未知时，推荐强度不能标为高信任。
- Evidence: evidence.maintainer_signals | github_repo:908539519 | https://github.com/doobidoo/mcp-memory-service | last_activity_observed missing

## 31. security_permissions · 下游验证发现风险项

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: 下游已经要求复核，不能在页面中弱化。
- Suggested check: 进入安全/权限治理复核队列。
- Guardrail action: 下游风险存在时必须保持 review/recommendation 降级。
- Evidence: downstream_validation.risk_items | github_repo:908539519 | https://github.com/doobidoo/mcp-memory-service | no_demo; severity=medium

## 32. security_permissions · 存在评分风险

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: 风险会影响是否适合普通用户安装。
- Suggested check: 把风险写入边界卡，并确认是否需要人工复核。
- Guardrail action: 评分风险必须进入边界卡，不能只作为内部分数。
- Evidence: risks.scoring_risks | github_repo:908539519 | https://github.com/doobidoo/mcp-memory-service | no_demo; severity=medium

## 33. security_permissions · 来源证据：Project-affinity hard filter zeroes all scores when project name is a superset of memory tags (asymmetric `.includes()`)

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：Project-affinity hard filter zeroes all scores when project name is a superset of memory tags (asymmetric `.includes()`)
- User impact: 可能影响授权、密钥配置或安全边界。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_aa1db2bf08304d3db87350b8cbc8e6ca | https://github.com/doobidoo/mcp-memory-service/issues/941 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 34. security_permissions · 来源证据：[automated] Contributor activity digest

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：[automated] Contributor activity digest
- User impact: 可能影响授权、密钥配置或安全边界。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_0676e682588642899da4243174241e7b | https://github.com/doobidoo/mcp-memory-service/issues/937 | 来源类型 github_issue 暴露的待验证使用条件。

## 35. security_permissions · 来源证据：feat: cascading search fallback when semantic results are sparse

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：feat: cascading search fallback when semantic results are sparse
- User impact: 可能影响授权、密钥配置或安全边界。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_274fcdb5c1ed4290ac86171131d9db90 | https://github.com/doobidoo/mcp-memory-service/issues/873 | 来源类型 github_issue 暴露的待验证使用条件。

## 36. security_permissions · 来源证据：v10.52.0 — Cascading Search Fallback + Embedding Hydration on Bulk Reads

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：v10.52.0 — Cascading Search Fallback + Embedding Hydration on Bulk Reads
- User impact: 可能阻塞安装或首次运行。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_60ded0d65a2c417e9ce3c9ed7501cbad | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.52.0 | 来源类型 github_release 暴露的待验证使用条件。

## 37. security_permissions · 来源证据：v10.53.0 — Milvus Consolidation Embedding Hydration + GitPython Security

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：v10.53.0 — Milvus Consolidation Embedding Hydration + GitPython Security
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_42c0d95dd5b247d79790b6f92024a048 | https://github.com/doobidoo/mcp-memory-service/releases/tag/v10.53.0 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 38. maintenance · issue/PR 响应质量未知

- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: 用户无法判断遇到问题后是否有人维护。
- Suggested check: 抽样最近 issue/PR，判断是否长期无人处理。
- Guardrail action: issue/PR 响应未知时，必须提示维护风险。
- Evidence: evidence.maintainer_signals | github_repo:908539519 | https://github.com/doobidoo/mcp-memory-service | issue_or_pr_quality=unknown

## 39. maintenance · 发布节奏不明确

- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: 安装命令和文档可能落后于代码，用户踩坑概率升高。
- Suggested check: 确认最近 release/tag 和 README 安装命令是否一致。
- Guardrail action: 发布节奏未知或过期时，安装说明必须标注可能漂移。
- Evidence: evidence.maintainer_signals | github_repo:908539519 | https://github.com/doobidoo/mcp-memory-service | release_recency=unknown