MCP SpecNavigator

REPOSITORY_ANALYSIS.md•29.3 KiB

# MCP Server SpecNavigator - Comprehensive Repository Analysis ## Table of Contents 1. [Initial Repository Understanding](#initial-repository-understanding) 2. [Core Functionalities](#core-functionalities) 3. [Available Functions and Architecture](#available-functions-and-architecture) 4. [Missing Functionalities and Improvements](#missing-functionalities-and-improvements) 5. [Implementation Strategy](#implementation-strategy) 6. [Critical Issues and Mistakes](#critical-issues-and-mistakes) 7. [Deep Dive Analysis](#deep-dive-analysis) 8. [Additional Features Analysis](#additional-features-analysis) --- ## Initial Repository Understanding ### What This Repository Does **MCP Server SpecNavigator** is an intelligent server that provides navigation and exploration capabilities for the Model Context Protocol (MCP) specification. It acts as a wrapper/enhancement tool for the official MCP documentation. ### Repository Components - **Package**: `@lepion/mcp-server-specnavigator` (v0.1.0) - **Description**: MCP server for navigating Model Context Protocol specifications with dynamic markdown tree generation - **Main Dependencies**: - `@modelcontextprotocol/sdk`: ^0.6.0 - `axios`: ^1.7.2 - `marked`: ^12.0.0 - `node-cache`: ^5.1.2 - `unified`: ^11.0.4 - `remark-parse`: ^11.0.0 ### How It Tracks Updates The repository tracks updates to the MCP specification through several mechanisms: #### 1. Automated Checking via SpecFetcher (src/spec-fetcher.ts:28-74) - Fetches specs from the official GitHub repository - Uses HTTP headers (Last-Modified/ETag) to detect changes - Caches specifications for 1 hour with metadata cached for 5 minutes - Compares current vs latest versions to determine if updates exist #### 2. GitHub Actions Workflow (.github/workflows/spec-sync.yml) - Runs daily at 2 AM UTC automatically - Downloads the latest spec and compares with cached version - Creates GitHub issues when changes are detected - Validates spec compatibility when updates are found #### 3. Local Backup System (src/spec-fetcher.ts:124-141) - Saves specifications to `.cache` directory as backup - Falls back to local backup if network fetch fails ## Core Functionalities ### 1. Dynamic Markdown Tree Generation - Parses the MCP specification and creates navigable tree structures - Configurable depth levels (1-6) - Optional anchor links for direct navigation ### 2. Intelligent Section Search - Find sections by keywords with exact or fuzzy matching - Returns section titles, paths, and anchor links - Sorts results by relevance (exact matches first) ### 3. Section Content Retrieval - Extract specific sections from the specification - Option to include or exclude subsections - Navigate by section path or anchor name ### 4. Caching System - In-memory cache using NodeCache with 1-hour TTL - Reduces network requests and improves performance - Automatic cache invalidation and refresh ### Actions When Changes Are Detected #### Immediate Actions: - Updates the cached version with the new content - Saves a local backup of the new specification - Returns update status with change information #### Automated Workflow Actions (via GitHub Actions): - Generates a diff summary of changes - Creates a GitHub issue labeled "spec-update" with: - Change summary - Action checklist (review changes, update implementation, etc.) - Sends notifications about the update - Uploads spec artifacts for review #### User-Triggered Actions: - Force refresh capability to manually check for updates - Returns detailed update information including versions and changes --- ## Available Functions and Architecture ### Available MCP Tools/Functions Based on the analysis, here are the 4 main tools exposed by the server: #### 1. **fetch_spec_updates** (src/tools.ts:5-17) - **Purpose**: Check for upstream changes in the MCP specification - **Parameters**: - `force_refresh` (boolean, optional): Force refresh even if cache is valid - **Returns**: JSON with update status including: - `hasUpdates`: Whether changes were detected - `lastChecked`: Timestamp of check - `currentVersion`: Currently cached version - `latestVersion`: Latest available version - `changes`: Array of change descriptions #### 2. **generate_markdown_tree** (src/tools.ts:18-38) - **Purpose**: Create a navigable tree structure of the specification - **Parameters**: - `max_depth` (number, 1-6, default: 3): Maximum heading depth - `include_anchors` (boolean, default: true): Include clickable anchor links - **Returns**: Markdown-formatted tree structure with hierarchical navigation #### 3. **find_section** (src/tools.ts:39-57) - **Purpose**: Search for sections by keyword - **Parameters**: - `query` (string, required): Search term - `fuzzy` (boolean, default: false): Enable fuzzy matching - **Returns**: JSON array of matching sections with: - `title`: Section title - `path`: Section path in document - `anchor`: Direct anchor link - `preview`: Content preview - `depth`: Heading level #### 4. **get_spec_content** (src/tools.ts:58-77) - **Purpose**: Retrieve content from specific sections - **Parameters**: - `section_path` (string, required): Path or anchor name - `include_subsections` (boolean, default: false): Include nested content - **Returns**: Markdown content of the requested section ### Internal Functions #### SpecFetcher Class (src/spec-fetcher.ts): - `checkForUpdates()`: Detects changes using HTTP headers - `getSpec()`: Returns cached or fetches fresh specification - `fetchAndCacheSpec()`: Downloads and caches with version tracking - `saveLocalBackup()`: Persists to `.cache` directory - `loadLocalBackup()`: Fallback when network fails - `fetchAdditionalSpecs()`: Gets architecture.md, protocol.md, etc. #### MarkdownTreeGenerator Class (src/markdown-tree-generator.ts): - `generateTree()`: Creates hierarchical navigation - `generateEnhancedTree()`: Combines multiple spec files - `generateCompactTree()`: Simple indented list format - `extractHeadings()`: Parses markdown AST for headers - `buildTocTree()`: Constructs nested tree structure - `renderTree()`: Converts to markdown with anchor links #### AnchorNavigator Class (src/anchor-navigator.ts): - `findSections()`: Search with exact/fuzzy matching - `getSectionContent()`: Extract specific section content - `fuzzyMatch()`: Character-order based matching - `generateAnchor()`: Creates URL-safe anchor IDs ### Hook System **No Traditional Hooks Found**, but the system has: 1. **MCP Request Handlers**: Act as entry points for client requests 2. **Error Handling**: Try-catch blocks with formatted error responses 3. **Cache Expiration Events**: NodeCache's automatic cleanup (10-minute checks) ### Event Flow 1. **Client Request** → MCP Server receives tool call 2. **Request Handler** → Routes to appropriate tool implementation 3. **Component Processing** → SpecFetcher/TreeGenerator/Navigator 4. **Response Formation** → JSON or Markdown text output 5. **Error Handling** → Catches and formats errors as MCP responses ### Additional Capabilities 1. **Transport Layer**: Uses StdioServerTransport for communication 2. **Caching Strategy**: - In-memory with 1-hour TTL - Metadata cached for 5 minutes - Local file backup system 3. **Version Tracking**: Uses HTTP Last-Modified/ETag headers 4. **AST Processing**: Uses unified/remark for markdown parsing 5. **Fuzzy Search Algorithm**: Custom implementation for flexible matching ### What It Does Functionally The server acts as an intelligent proxy that: 1. **Monitors** the official MCP specification repository 2. **Caches** content to reduce network load 3. **Parses** markdown into navigable structures 4. **Searches** content with intelligent matching 5. **Extracts** specific sections on demand 6. **Tracks** versions and changes over time 7. **Provides** a programmatic API for MCP clients The architecture is event-driven through MCP protocol messages rather than traditional hooks/callbacks. --- ## Missing Functionalities and Improvements ### Missing Functionalities #### 1. **Content Search** (not just titles) Currently only searches section headings. Should search full text: ```typescript // Add to tools: search_content // Use ripgrep for blazing fast search async searchContent(query: string, options: { case_sensitive?: boolean; regex?: boolean; context_lines?: number; }) { // Could shell out to: rg -n --json "query" .cache/ } ``` #### 2. **Diff Visualization** Just says "changes detected" but doesn't show what changed: ```typescript // Add: get_spec_diff // Use git diff or delta for rich diffs async getSpecDiff(fromVersion?: string, toVersion?: string) { // git diff --word-diff=color // or: delta --side-by-side } ``` #### 3. **Watch Mode** No real-time monitoring: ```typescript // Add: watch_spec_changes // Use chokidar or inotify-tools async watchForChanges(callback: (changes) => void) { // fswatch or inotifywait for efficiency } ``` #### 4. **Export Formats** Only returns markdown, should support: - PDF (via pandoc) - HTML (via marked + custom CSS) - EPUB (via pandoc) - JSON (structured data) - Man pages (via pandoc) #### 5. **Version History** No way to access previous versions: ```typescript // Add: list_versions, get_version // Store versions in git or SQLite async getVersionHistory(limit?: number) { // git log --oneline } ``` ### Practical Improvements #### 1. **Better Search with ripgrep** ```typescript import { exec } from 'child_process'; async searchWithRipgrep(pattern: string, options: any) { const rgCommand = `rg -n --json "${pattern}" ${options.path || '.'}`; // Returns line numbers, context, matches } ``` #### 2. **Syntax Highlighting** ```typescript // Use bat or highlight.js async getHighlightedContent(section: string, language: string) { // bat --language=markdown --style=plain } ``` #### 3. **Fuzzy Finding with fzf** ```typescript // Interactive section selection async interactiveSectionFind() { // echo "sections" | fzf --preview 'cat {}' } ``` #### 4. **Change Detection with git** ```typescript // Track spec in local git repo async initSpecRepo() { // git init .spec-repo // git add spec.md // git commit -m "Update: $(date)" } ``` #### 5. **Structured Data Extraction** ```typescript // Parse into JSON structure async extractStructuredData() { // Use tree-sitter or custom parser return { endpoints: [], schemas: [], examples: [] }; } ``` ### New Tools to Add #### 1. **validate_spec** Check spec for broken links, invalid anchors: ```typescript // Use markdown-link-check async validateSpec() { // Find broken internal links // Validate code examples // Check schema consistency } ``` #### 2. **extract_code_examples** Pull out all code blocks: ```typescript // Extract by language async extractCodeExamples(language?: string) { // ```javascript blocks -> examples/ } ``` #### 3. **generate_changelog** Create human-readable changelog: ```typescript // Use conventional-changelog style async generateChangelog(since?: string) { // Group by: Added, Changed, Removed } ``` #### 4. **benchmark_performance** Test spec loading/search speed: ```typescript // Use hyperfine for benchmarking async benchmarkOperations() { // Time each operation // Compare with previous runs } ``` #### 5. **create_offline_bundle** Package everything for offline use: ```typescript // Create self-contained archive async createOfflineBundle() { // tar -czf spec-bundle.tar.gz // Include all versions, search index } ``` ### Linux Tools Integration ```bash # Better caching with Redis/Memcached redis-cli SETEX "spec:latest" 3600 "content" # Fast indexing with SQLite FTS5 sqlite3 spec.db "CREATE VIRTUAL TABLE spec_fts USING fts5(content)" # Compress old versions zstd -19 old-specs/*.md # Monitor changes with systemd systemctl --user enable spec-monitor.timer # Generate API docs npx typedoc src/ --out docs/ # Profile performance perf record -g node dist/index.js ``` These additions would make it a much more powerful tool for developers actually using the specs day-to-day. --- ## Implementation Strategy ### Best Implementation Strategy #### 1. **Core Tools → Add to MCP Server Functions** These should be new MCP tools in the server: ```typescript // In tools.ts - Add these as MCP tools - search_content (full text search) - get_spec_diff (show changes between versions) - validate_spec (check for broken links) - extract_code_examples (get code blocks) - export_spec (PDF, HTML, JSON formats) ``` **Why**: These are core functionalities that clients need to access programmatically. #### 2. **GitHub Actions → Automated Workflows** These belong in `.github/workflows/`: ```yaml # spec-validation.yml - Validate links/anchors on every update - Check code examples compile/run - Generate changelog automatically - Create offline bundles for releases - Performance benchmarks on PRs ``` **Why**: These are maintenance/quality tasks that should run automatically. #### 3. **Claude Code → Interactive Development** Use Claude Code for: ```bash # Development and testing - Implementing the new MCP tools - Testing search functionality - Debugging diff generation - Writing unit tests - Refactoring existing code ``` **Why**: Claude Code excels at writing/modifying code interactively. ### Recommended Implementation Order #### **Phase 1: Core Functionality** (Claude Code) Start by implementing these tools locally: 1. Implement search_content tool with ripgrep integration 2. Add get_spec_diff tool for version comparison 3. Create validate_spec tool for link checking 4. Build extract_code_examples tool 5. Add export_spec tool with multiple formats #### **Phase 2: GitHub Automation** After core tools work: ```yaml # New workflows to add: - spec-validation.yml (runs validate_spec) - performance-check.yml (benchmarks) - release-bundle.yml (creates offline packages) - changelog-generator.yml (auto-changelog) ``` #### **Phase 3: Enhanced Features** Advanced functionality: ```typescript // Version management system - Git-based version tracking - SQLite FTS5 search index - Redis caching layer - WebSocket for live updates ``` ### Specific Recommendations #### **Start with Claude Code** 1. Clone the repo locally 2. Implement `search_content` first (highest impact) 3. Test with real spec files 4. Add proper error handling #### **Example Implementation Flow** ```bash # In Claude Code 1. "Help me implement a search_content tool that uses ripgrep" 2. "Add tests for the search functionality" 3. "Create a GitHub Action to validate links" 4. "Help me benchmark the search performance" ``` #### **GitHub vs Tools Decision Tree** ``` Is it a client-facing feature? → MCP Tool Is it automated maintenance? → GitHub Action Is it development/testing? → Claude Code Is it monitoring/alerting? → GitHub Action Is it data processing? → MCP Tool ``` ### Quick Win Implementation Start with this in Claude Code: ```typescript // Add to tools.ts { name: 'search_content', description: 'Search full content of specifications', inputSchema: { type: 'object', properties: { query: { type: 'string' }, regex: { type: 'boolean', default: false }, case_sensitive: { type: 'boolean', default: false } }, required: ['query'] } } ``` This gives immediate value and can be implemented in under an hour. --- ## Critical Issues and Mistakes Looking at this codebase critically, here are the key issues and improvement opportunities: ### Critical Issues #### 1. **No Error Recovery Strategy** ```typescript // Current: If fetch fails, throws error catch (error) { console.error('Error fetching specification:', error); throw new Error('Failed to fetch specification'); } // Should be: Fallback chain catch (error) { // Try: CDN → GitHub → jsDelivr → Local → Error const fallbackUrls = [ 'https://cdn.jsdelivr.net/gh/modelcontextprotocol/...', 'https://raw.githubusercontent.com/...', 'https://unpkg.com/...' ]; } ``` #### 2. **Inefficient String Operations** ```typescript // Current: Splits entire markdown repeatedly const lines = markdown.split('\n'); // Better: Stream processing import { createReadStream } from 'fs'; import { pipeline } from 'stream/promises'; ``` #### 3. **No Concurrent Fetching** ```typescript // Current: Sequential fetching for (const specPath of specPaths) { const response = await axios.get(baseUrl + specPath); } // Should be: Parallel with rate limiting const results = await Promise.allSettled( specPaths.map(path => pLimit(() => axios.get(baseUrl + path)) ) ); ``` #### 4. **Cache Without Invalidation Strategy** ```typescript // Current: Simple TTL this.cache = new NodeCache({ stdTTL: this.cacheTTL }); // Missing: Smart invalidation - ETag checking - If-Modified-Since headers - Partial updates - Cache warming ``` ### Design Flaws #### 1. **Monolithic Request Handler** ```typescript // Current: Giant switch statement switch (name) { case 'fetch_spec_updates': { /* 20 lines */ } case 'generate_markdown_tree': { /* 25 lines */ } // etc... } // Better: Command pattern const handlers = new Map([ ['fetch_spec_updates', new FetchUpdatesHandler()], ['generate_markdown_tree', new TreeGeneratorHandler()] ]); ``` #### 2. **No Request Validation** ```typescript // Current: Basic type casting const forceRefresh = (args?.force_refresh as boolean) || false; // Should use: Zod or similar const schema = z.object({ force_refresh: z.boolean().default(false), timeout: z.number().max(30000).optional() }); ``` #### 3. **Memory Leaks Potential** ```typescript // No cleanup of large strings const spec = await specFetcher.getSpec(); // Could be MBs // Should track memory if (process.memoryUsage().heapUsed > threshold) { this.cache.flushAll(); } ``` ### Performance Issues #### 1. **Regex Compilation** ```typescript // Current: Recompiles every time .replace(/[^\w\s-]/g, '') .replace(/\s+/g, '-') // Better: Compile once const SPECIAL_CHARS = /[^\w\s-]/g; const WHITESPACE = /\s+/g; ``` #### 2. **No Search Index** ```typescript // Current: Linear search through entire document for (const section of sections) { if (titleLower.includes(searchQuery)) { } } // Should have: Inverted index class SearchIndex { private index = new Map<string, Set<number>>(); // Build trigram index for fast lookup } ``` #### 3. **AST Parsing Every Time** ```typescript // Current: Parses full markdown repeatedly const tree = processor.parse(markdown) as Root; // Should: Cache parsed AST private astCache = new LRUCache<string, Root>(); ``` ### Missing Features #### 1. **No Metrics/Telemetry** ```typescript // Should track: - Cache hit/miss rates - Response times - Error rates - Popular searches ``` #### 2. **No Rate Limiting** ```typescript // Should have: const rateLimiter = new Bottleneck({ maxConcurrent: 2, minTime: 100 }); ``` #### 3. **No Compression** ```typescript // Large markdown files should be compressed import { gzipSync, gunzipSync } from 'zlib'; ``` ### Security Issues #### 1. **No Input Sanitization** ```typescript // Current: Direct regex operations const anchor = text.toLowerCase().replace(/[^\w\s-]/g, ''); // Could lead to ReDoS attacks // Should: Limit input length, use safe regex ``` #### 2. **No Request Size Limits** ```typescript // Should validate: if (args.query?.length > 1000) { throw new Error('Query too long'); } ``` ### Improved Architecture ```typescript // Better structure: class SpecNavigatorServer { private readonly services = { fetcher: new SpecFetcherService(), search: new SearchService(), cache: new CacheService(), validator: new ValidationService() }; private readonly middleware = [ rateLimitMiddleware, validationMiddleware, metricsMiddleware, errorHandlerMiddleware ]; } ``` ### Quick Fixes Priority 1. **Add request validation** (security) 2. **Implement parallel fetching** (performance) 3. **Add fallback URLs** (reliability) 4. **Cache parsed AST** (performance) 5. **Add memory monitoring** (stability) These improvements would make the server more robust, faster, and production-ready. --- ## Deep Dive Analysis ### 1. HTTP Headers Checking Looking at src/spec-fetcher.ts:40-42: ```typescript const response = await axios.head(this.specUrl); const latestVersion = response.headers['last-modified'] || response.headers['etag']; ``` **Currently checking only 2 headers:** - `Last-Modified`: Timestamp when file was last changed - `ETag`: Entity tag (hash/version identifier) **Missing headers that should be checked:** - `Content-Length`: Detect size changes - `Content-Type`: Ensure it's still markdown - `Cache-Control`: Respect server caching directives - `Age`: How old the cached response is - `Vary`: What parameters affect caching - `X-GitHub-Request-Id`: Track specific versions - `X-RateLimit-Remaining`: Avoid hitting limits **Better implementation:** ```typescript const headers = { 'If-Modified-Since': lastFetchTime, 'If-None-Match': previousETag, 'Accept': 'text/markdown, text/plain' }; ``` ### 2. Cache Timing Strategy (5min vs 1hr) **Current setup:** - Main spec: 1 hour (line 19) - Metadata: 5 minutes (line 58) **Why different times? The code reveals:** ```typescript // Metadata check at line 33 if (cachedMeta && (lastChecked.getTime() - cachedMeta.lastChecked.getTime()) < 300000) { // Return cached metadata if checked within last 5 minutes } ``` This is **inefficient design**. The metadata (which tells if spec changed) expires faster than the spec itself. This means: - You check for updates every 5 minutes - But the actual spec is cached for 1 hour - **Problem**: If spec changes at minute 6, you won't get it until hour expires **Should be reversed:** - Metadata: 1 hour (check less frequently) - Spec: Invalidate immediately when metadata shows changes ### 3. GitHub Actions Cache Comparison Looking at spec-sync.yml:52-77: ```yaml # Compare with cached version if [ -f .spec-cache/current-spec.json ]; then ``` **Issues with this approach:** - It's comparing against `.spec-cache/current-spec.json` - This file is created by the GitHub Action itself (line 77) - **Problem**: This cache lives only in GitHub Actions runner, not the actual server - The server's NodeCache and GitHub Action cache are **completely separate** **This is a disconnect** - the GitHub Action can't see what the server has cached. ### 4. Creating Issues - Is This Right? **Current approach has problems:** - Creates new issue every time changes detected - No de-duplication (checks for same date only) - No priority/severity assessment - Manual process to close issues **Better approach:** - Update single tracking issue - Post comments with diffs - Auto-close when resolved - Use PR instead of issue ### 5. Local Backup System Oversight Current backup at lines 124-141 has issues: - No version control of backups - No rotation policy (disk fills up) - No integrity checking - Single backup file (overwrites previous) **Missing:** ```typescript // Should keep multiple versions .cache/ ├── mcp-spec-2024-01-15.md ├── mcp-spec-2024-01-16.md └── mcp-spec-current.md -> symlink ``` ### 6. Anchor Links Implementation Looking at markdown-tree-generator.ts:116-119: ```typescript if (node.anchor) { result += `${prefix}[${node.text}](#${node.anchor})\n`; } ``` **Yes, anchor links are implemented**, but they're **internal markdown anchors** only. They don't: - Link to specific line numbers - Work across different spec files - Provide deep linking to web UI ### 7. Search Relevance Metrics Current sorting at anchor-navigator.ts:41-53: ```typescript // Only 2 metrics: 1. Exact match (boolean) 2. Depth (heading level) ``` **Missing relevance factors:** - Term frequency - Position in document - Section importance - Match quality score - Fuzzy match distance ### 8. Subsections Handling At anchor-navigator.ts:76-85: ```typescript if (!includeSubsections) { return targetSection.content; } // Include subsections let content = targetSection.content; ``` The code suggests it returns subsection content but **doesn't show how subsections are determined**. Missing logic for: - Finding child sections - Depth limiting - Recursive extraction ### 9. Cache Operation Frequency NodeCache runs cleanup every 10 minutes (line 24): ```typescript checkperiod: 600, // Check for expired keys every 10 minutes ``` But **this is just cleanup**, not refresh. The cache: - Expires after 1 hour - No automatic refresh - Only refreshes on next request - **Problem**: First user after expiry waits for fetch ### 10. Granularity of Checks **Current granularity:** - Binary: changed or not changed - No partial updates - No section-level tracking - Can't tell what changed where **Missing:** - Section-level checksums - Incremental updates - Change severity levels - Dependency tracking ### Key Architecture Flaws 1. **Two separate cache systems** that don't talk to each other 2. **Backwards cache timing** (metadata expires before data) 3. **No incremental updates** (all or nothing) 4. **Missing HTTP caching standards** (If-Modified-Since, etc.) 5. **No change granularity** (can't track what changed) The system needs fundamental restructuring to properly track and propagate changes. --- ## Additional Features Analysis ### 1. Multiple Spec File Support Analysis **Current Implementation Issues:** 1. **Hardcoded file list** (lines 145-151) - only markdown files 2. **No caching** - fetches every time it's called 3. **Sequential fetching** - slow performance 4. **Silent failures** - just logs errors, continues 5. **Not integrated** - this function exists but **isn't called anywhere**! **Critical Discovery**: `fetchAdditionalSpecs()` is defined but **never used**. It's dead code. ### 2. MCP Server Integration **MCP Integration Issues:** 1. **Limited capabilities** - only exposes `tools: {}`, missing: - Resources (for exposing spec files) - Prompts (for common queries) - Sampling (for examples) 2. **No streaming** - all responses are one-shot 3. **No authentication** - anyone can call tools 4. **No rate limiting** at MCP level ### 3. Security & CI/CD Pipelines **Security/CI Issues:** 1. **`continue-on-error: true`** everywhere - security issues are ignored! 2. **No integration tests** - only unit tests 3. **No performance benchmarks** 4. **Crude secret detection** - just grep patterns ### 4. Error Handling Analysis The error handling shows: - Basic try-catch blocks - Console.error logging - Generic error messages - No structured error types ### How These Features Integrate with Architectural Flaws #### 1. **Multiple Spec Files + Cache Timing Flaw** - Each spec file would need its own cache entry - With current 5min/1hr mismatch, you'd check all files every 5 minutes - **Problem amplified**: 5 files × inefficient checks = 5× worse performance - Dead code shows poor planning/testing #### 2. **MCP Integration + Two Separate Caches** - MCP server uses NodeCache - GitHub Actions uses file-based cache - **They never sync**: MCP could serve stale data while GitHub detects changes - No way to invalidate MCP cache from GitHub #### 3. **Security CI/CD + No Change Granularity** - Security scans run on every change - Can't tell if security-relevant parts changed - **Wastes resources**: Full scan even for README updates - `continue-on-error` makes security theater #### 4. **Error Handling + Missing HTTP Standards** - Fallback to local backup ignores cache headers - Could serve ancient backup thinking it's current - No version in error messages - Can't tell which spec version failed ### Architectural Conflicts 1. **Feature Sprawl Without Foundation** - Added features (multiple specs, security) without fixing core caching - Each feature makes core problems worse 2. **Disconnected Systems** - GitHub Actions can't talk to server - Server can't talk to GitHub - Security scan results go nowhere 3. **Silent Failures Everywhere** ```typescript } catch (error) { console.error(`Error fetching ${specPath}:`, error); // Just continues, returns partial data } ``` 4. **No Observability** - Can't tell what version is cached - Can't tell when last successful update was - Can't correlate GitHub Actions with server state ### What This Reveals The additional features were **bolted on** without addressing core issues: - Multiple specs feature exists but isn't used - Security scanning reports to nobody - Error handling hides problems rather than solving them - Each system operates in isolation The repo shows signs of: 1. **Premature optimization** (caching before understanding needs) 2. **Feature creep** (adding capabilities without integration) 3. **Cargo cult security** (scans that don't block bad code) 4. **Resume-driven development** (CI/CD checkbox without substance) --- ## Summary of Key Insights This repository demonstrates a common pattern in software development where features are added without addressing fundamental architectural issues. The core problems include: 1. **Disconnected Systems**: Multiple caching systems that don't communicate 2. **Inefficient Design**: Backwards cache timing and no incremental updates 3. **Missing Standards**: Not following HTTP caching best practices 4. **Dead Code**: Features implemented but never used 5. **Security Theater**: Scans that don't actually block issues 6. **Poor Observability**: Can't track what's happening in the system To make this a production-ready tool, it needs: - Unified caching strategy - Proper HTTP header handling - Real integration between components - Removal of dead code - Meaningful security checks - Better error handling and observability The path forward involves fixing these core issues before adding new features, otherwise each new feature will compound the existing problems.

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/kayaozkur/mcp-server-specnavigator'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

REPOSITORY_ANALYSIS.md•29.3 KiB