v1.2.0 — drop file IO, hardcode localhost:59123

apocryphx · claude · apocryphx · commit 90fcb55d4363 · 2026-04-16T23:08:20.000-07:00
The bridge no longer reads any file outside its own bundle. That
eliminates every macOS TCC prompt we've been chasing: no cross-container
reads, no schema-cache indirection, no ad-hoc-signature identity churn
on each .mcpb release.

Design changes:
- main.m: removed DiscoverServerURL, DiscoverServerURLWithPolling,
  HOST_BUNDLE_ID, gServerVersion, and the entire server.plist code
  path. Replaced with a single kServerURL constant pointing at
  http://localhost:59123/mcp. Main loop is now forward-or-degraded
  with a gHostReachable flag for clean log-transition messages.
- Port 59123: IANA dynamic/private range, not a common service.
  Replaces 5000 which is occupied by macOS AirPlay Receiver on most
  Macs.
- Degraded mode unchanged in shape: stub initialize + one
  es_memory_setup tool + isError tools/call, auto-recovers on the
  next successful forward.

Requires ES Memory v1.0.5+ which binds to port 59123 (see host repo
commit 49b8210).

README updated with new "How it works" section and port rationale.
Info.plist + pbxproj: bundle ID restored to com.elarity.es-memory-mcp
(same as host). Xcode project uses $(PRODUCT_BUNDLE_IDENTIFIER) macro.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/ES-Memory-Bridge.xcodeproj/project.pbxproj b/ES-Memory-Bridge.xcodeproj/project.pbxproj
@@ -18,27 +18,6 @@
 		};
 /* End PBXCopyFilesBuildPhase section */
 
-/* Begin PBXShellScriptBuildPhase section */
-		15B0789A2F91D80000C19CBA /* Package MCPB */ = {
-			isa = PBXShellScriptBuildPhase;
-			buildActionMask = 2147483647;
-			files = (
-			);
-			inputPaths = (
-				"$(BUILT_PRODUCTS_DIR)/$(PRODUCT_NAME)",
-				"$(SRCROOT)/bundle/manifest.json",
-				"$(SRCROOT)/bundle/icon.png",
-			);
-			name = "Package MCPB";
-			outputPaths = (
-				"$(SRCROOT)/ES-Memory-Bridge.mcpb",
-			);
-			runOnlyForDeploymentPostprocessing = 0;
-			shellPath = /bin/zsh;
-			shellScript = "# Copy built binary into bundle\nmkdir -p \"${SRCROOT}/bundle/server\"\ncp \"${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}\" \"${SRCROOT}/bundle/server/${PRODUCT_NAME}\"\n\n# Re-sign for distribution (codesign is stripped by cp in some contexts)\ncodesign --force --sign - -o runtime \"${SRCROOT}/bundle/server/${PRODUCT_NAME}\"\n\n# Pack MCPB\nexport PATH=\"/opt/homebrew/bin:/usr/local/bin:$PATH\"\nnpx @anthropic-ai/mcpb pack \"${SRCROOT}/bundle/\" \"${SRCROOT}/ES-Memory-Bridge.mcpb\"\n";
-		};
-/* End PBXShellScriptBuildPhase section */
-
 /* Begin PBXFileReference section */
 		15B0787D2F91D67F00C19CBA /* ES-Memory-Bridge */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "ES-Memory-Bridge"; sourceTree = BUILT_PRODUCTS_DIR; };
 /* End PBXFileReference section */
@@ -137,6 +116,27 @@
 		};
 /* End PBXProject section */
 
+/* Begin PBXShellScriptBuildPhase section */
+		15B0789A2F91D80000C19CBA /* Package MCPB */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+				"$(BUILT_PRODUCTS_DIR)/$(PRODUCT_NAME)",
+				"$(SRCROOT)/bundle/manifest.json",
+				"$(SRCROOT)/bundle/icon.png",
+			);
+			name = "Package MCPB";
+			outputPaths = (
+				"$(SRCROOT)/ES-Memory-Bridge.mcpb",
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/zsh;
+			shellScript = "# Copy built binary into bundle\nmkdir -p \"${SRCROOT}/bundle/server\"\ncp \"${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}\" \"${SRCROOT}/bundle/server/${PRODUCT_NAME}\"\n\n# Re-sign for distribution (codesign is stripped by cp in some contexts)\ncodesign --force --sign - -o runtime \"${SRCROOT}/bundle/server/${PRODUCT_NAME}\"\n\n# Pack MCPB\nexport PATH=\"/opt/homebrew/bin:/usr/local/bin:$PATH\"\nnpx @anthropic-ai/mcpb pack \"${SRCROOT}/bundle/\" \"${SRCROOT}/ES-Memory-Bridge.mcpb\"\n";
+		};
+/* End PBXShellScriptBuildPhase section */
+
 /* Begin PBXSourcesBuildPhase section */
 		15B078792F91D67F00C19CBA /* Sources */ = {
 			isa = PBXSourcesBuildPhase;
@@ -271,9 +271,10 @@
 				CODE_SIGN_STYLE = Automatic;
 				CREATE_INFOPLIST_SECTION_IN_BINARY = YES;
 				DEVELOPMENT_TEAM = 2PYWYF3C55;
+				ENABLE_APP_SANDBOX = NO;
 				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = "ES-Memory-Bridge/Info.plist";
-				PRODUCT_BUNDLE_IDENTIFIER = "com.elarity.es-memory-bridge";
+				PRODUCT_BUNDLE_IDENTIFIER = "com.elarity.es-memory-mcp";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 			};
 			name = Debug;
@@ -284,9 +285,10 @@
 				CODE_SIGN_STYLE = Automatic;
 				CREATE_INFOPLIST_SECTION_IN_BINARY = YES;
 				DEVELOPMENT_TEAM = 2PYWYF3C55;
+				ENABLE_APP_SANDBOX = NO;
 				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = "ES-Memory-Bridge/Info.plist";
-				PRODUCT_BUNDLE_IDENTIFIER = "com.elarity.es-memory-bridge";
+				PRODUCT_BUNDLE_IDENTIFIER = "com.elarity.es-memory-mcp";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 			};
 			name = Release;
diff --git a/ES-Memory-Bridge/Info.plist b/ES-Memory-Bridge/Info.plist
@@ -3,12 +3,12 @@
 <plist version="1.0">
 <dict>
 	<key>CFBundleIdentifier</key>
-	<string>com.elarity.es-memory-bridge</string>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
 	<key>CFBundleName</key>
 	<string>ES Memory Bridge</string>
-	<key>CFBundleVersion</key>
-	<string>1</string>
 	<key>CFBundleShortVersionString</key>
 	<string>1.0</string>
+	<key>CFBundleVersion</key>
+	<string>1</string>
 </dict>
 </plist>
diff --git a/ES-Memory-Bridge/main.m b/ES-Memory-Bridge/main.m
@@ -6,90 +6,28 @@
 //
 //  Claude Desktop launches this CLT (packaged inside an .mcpb bundle) as a
 //  subprocess. It reads JSON-RPC messages from stdin, forwards each to the
-//  ES Memory app's locally-running HTTP server, and writes the response to
-//  stdout.
+//  ES Memory app's locally-running HTTP server, and writes the response
+//  back to stdout.
 //
-//  Discovery: reads server.plist from the host's sandbox container at
-//      ~/Library/Containers/<HOST_BUNDLE_ID>/Data/Library/Application Support/ES-Memory/server.plist
-//  The plist contains the full MCP endpoint URL and the host's version.
+//  The bridge reads zero files. The host is expected to listen at a fixed
+//  URL (localhost:59123/mcp) — an exotic, IANA-dynamic-range port chosen to
+//  avoid conflicts with common local services (AirPlay sits on 5000, etc.).
 //
-//  If the host isn't running on startup, the bridge polls for ~5s, then enters
-//  a degraded mode that responds to MCP requests locally with a setup-help
-//  message instead of failing silently. It re-attempts discovery on every
-//  request, so it auto-recovers when the host comes up.
+//  If the host isn't reachable, the bridge responds locally to MCP requests
+//  with a setup-help message so Claude can surface a clear error in the
+//  conversation. It auto-recovers on the next successful forward.
+//
+//  No file IO = no TCC prompts, ever. That's the whole point of this
+//  revision.
 //
 
 #import <Foundation/Foundation.h>
 #include <signal.h>
 
-// The host app's bundle ID. The bridge reads server.plist from the host's
-// sandbox container at this ID. Change this and the bridge points at a
-// different host app.
-#define HOST_BUNDLE_ID @"com.elarity.es-memory-mcp"
+static NSString *const kServerURL = @"http://localhost:59123/mcp";
 
 static NSURL *gServerURL = nil;
-static NSString *gServerVersion = nil;
-
-#pragma mark - Server Discovery
-
-/// Read server.plist from the host's sandbox container.
-/// quiet=YES suppresses stderr output (used during polling so we don't spam logs).
-static NSURL *DiscoverServerURL(BOOL quiet) {
-    NSString *plistPath = [NSString stringWithFormat:
-        @"%@/Library/Containers/%@/Data/Library/Application Support/ES-Memory/server.plist",
-        NSHomeDirectory(), HOST_BUNDLE_ID];
-
-    NSDictionary *info = [NSDictionary dictionaryWithContentsOfFile:plistPath];
-    if (!info) {
-        if (!quiet) {
-            fprintf(stderr, "[es-bridge] server.plist not found at %s\n", plistPath.UTF8String);
-            fprintf(stderr, "[es-bridge] Is ES Memory MCP running?\n");
-        }
-        return nil;
-    }
-
-    NSString *urlString = info[@"url"];
-    if (urlString.length == 0) {
-        if (!quiet) fprintf(stderr, "[es-bridge] server.plist missing 'url' key\n");
-        return nil;
-    }
-
-    NSURL *url = [NSURL URLWithString:urlString];
-    if (!url) {
-        if (!quiet) fprintf(stderr, "[es-bridge] invalid URL in server.plist: %s\n",
-                            urlString.UTF8String);
-        return nil;
-    }
-
-    NSString *version = info[@"version"];
-    if (version.length > 0) gServerVersion = version;
-
-    if (!quiet) {
-        fprintf(stderr, "[es-bridge] using %s\n", plistPath.UTF8String);
-        if (gServerVersion) {
-            fprintf(stderr, "[es-bridge] ES Memory v%s\n", gServerVersion.UTF8String);
-        }
-    }
-    return url;
-}
-
-/// Try discovery once verbosely; if that misses, poll every 500ms for up to 5s
-/// (quiet, so logs aren't spammed). On a polled hit, emit the verbose diagnostic.
-static NSURL *DiscoverServerURLWithPolling(void) {
-    NSURL *url = DiscoverServerURL(NO);
-    if (url) return url;
-    fprintf(stderr, "[es-bridge] waiting up to 5s for ES Memory...\n");
-    for (int i = 0; i < 10; i++) {
-        [NSThread sleepForTimeInterval:0.5];
-        url = DiscoverServerURL(YES);
-        if (url) {
-            (void)DiscoverServerURL(NO); // re-emit the path + version diagnostic
-            fprintf(stderr, "[es-bridge] connected after %dms\n", (i + 1) * 500);
-            return url;
-        }
-    }
-    return nil;
-}
+static BOOL  gHostReachable = YES; // optimism; flipped on first forward failure
 
 #pragma mark - HTTP Forwarding
 
@@ -201,14 +139,9 @@ int main(int argc, const char *argv[]) {
     @autoreleasepool {
         signal(SIGPIPE, SIG_IGN);
 
-        gServerURL = DiscoverServerURLWithPolling();
-        if (gServerURL) {
-            fprintf(stderr, "[es-bridge] connected to %s\n",
-                    gServerURL.absoluteString.UTF8String);
-        } else {
-            fprintf(stderr, "[es-bridge] entering degraded mode — will respond locally "
-                            "with setup help; auto-recovers if ES Memory starts.\n");
-        }
+        gServerURL = [NSURL URLWithString:kServerURL];
+        fprintf(stderr, "[es-bridge] forwarding to %s (static URL, no discovery)\n",
+                kServerURL.UTF8String);
 
         NSFileHandle *stdinHandle  = [NSFileHandle fileHandleWithStandardInput];
         NSFileHandle *stdoutHandle = [NSFileHandle fileHandleWithStandardOutput];
@@ -236,44 +169,29 @@ int main(int argc, const char *argv[]) {
                     [NSCharacterSet whitespaceCharacterSet]];
                 if (line.length == 0) continue;
 
-                // Lazy retry — the host may have just launched.
-                if (!gServerURL) {
-                    gServerURL = DiscoverServerURL(YES);
-                    if (gServerURL) {
-                        fprintf(stderr, "[es-bridge] recovered: connected to %s\n",
-                                gServerURL.absoluteString.UTF8String);
-                    }
-                }
-
+                NSError *error = nil;
+                NSString *response = ForwardRequest(line, &error);
                 NSString *output = nil;
 
-                if (gServerURL) {
-                    NSError *error = nil;
-                    NSString *response = ForwardRequest(line, &error);
-                    if (response) {
-                        output = response;
-                    } else if (error) {
-                        // Connection failed — host probably went down. Drop the
-                        // cached URL so the next request re-attempts discovery,
-                        // and respond from the degraded handler for this one.
-                        fprintf(stderr, "[es-bridge] forward error: %s — dropping cached URL\n",
+                if (response) {
+                    if (!gHostReachable) {
+                        fprintf(stderr, "[es-bridge] host recovered — resuming forwarding\n");
+                        gHostReachable = YES;
+                    }
+                    output = response;
+                } else if (error) {
+                    if (gHostReachable) {
+                        fprintf(stderr, "[es-bridge] host unreachable: %s — degraded mode\n",
                                 error.localizedDescription.UTF8String);
-                        gServerURL = nil;
-                        gServerVersion = nil;
-                        NSDictionary *msg = [NSJSONSerialization JSONObjectWithData:lineData
-                                                                            options:0 error:nil];
-                        if ([msg isKindOfClass:[NSDictionary class]]) {
-                            output = DegradedResponseForRequest(msg);
-                        }
+                        gHostReachable = NO;
                     }
-                    // response nil + no error → 202 ack, no output needed.
-                } else {
                     NSDictionary *msg = [NSJSONSerialization JSONObjectWithData:lineData
                                                                         options:0 error:nil];
                     if ([msg isKindOfClass:[NSDictionary class]]) {
                         output = DegradedResponseForRequest(msg);
                     }
                 }
+                // response nil + no error → 202 ack from host, no output needed.
 
                 if (output) {
                     [stdoutHandle writeData:[[output stringByAppendingString:@"\n"]
diff --git a/README.md b/README.md
@@ -44,33 +44,31 @@ The build's "Package MCPB" run-script phase produces `ES-Memory-Bridge.mcpb` at
 ## How it works
 
 1. Claude Desktop launches the bridge from the unpacked `.mcpb`.
-2. The bridge reads `server.plist` from the host's sandbox container:
+2. The bridge forwards each JSON-RPC line from stdin to a fixed URL:
    ```
-   ~/Library/Containers/com.elarity.es-memory-mcp/Data/Library/Application Support/ES-Memory/server.plist
+   http://localhost:59123/mcp
    ```
-   The host's bundle ID is a compile-time constant in [main.m](ES-Memory-Bridge/main.m) — the bridge has its own distinct ID (`com.elarity.es-memory-bridge`).
-3. `server.plist` contains the full MCP endpoint URL (e.g. `http://localhost:5000/mcp`) and the host's version string.
-4. The bridge forwards each JSON-RPC line from stdin to that URL via POST and writes the response back to stdout.
+   It writes the HTTP response back to stdout. That's the whole hot path.
 
-### When ES Memory isn't running
+The bridge reads **zero files** — no config, no discovery, no shared state with the host. No file IO means no macOS TCC prompts, ever.
 
-The bridge doesn't fail silently. Two safety nets:
+### The port choice
 
-- **Startup polling** — if `server.plist` is missing on launch, the bridge polls every 500ms for up to 5 seconds. Handles the common "Claude Desktop launched before ES Memory finished starting" race.
-- **Degraded mode** — if polling still fails, the bridge stays alive and responds to `initialize` and `tools/list` with a stub containing a single `es_memory_setup` tool whose description tells the user to launch the ES Memory app. `tools/call` returns a human-readable error in the content. The bridge re-attempts discovery on every incoming request, so it auto-recovers once the host comes up.
+59123 is deliberately exotic: in the IANA dynamic/private range (49152-65535), not associated with any common service. Port 5000 (the common default for local HTTP dev servers) is used by macOS AirPlay Receiver, which was the motivation for moving off it.
 
-This means the user sees a clear "launch ES Memory.app from /Applications" message inside Claude rather than a silent connection failure.
+### When ES Memory isn't running
 
-## Requires
+The bridge doesn't fail silently. If the HTTP forward fails (host not running, or went down mid-session), the bridge enters degraded mode:
 
-The bridge uses a contract written by the host into `server.plist`:
+- `initialize` returns a stub with `serverInfo.name: "ES Memory (offline)"` and an `instructions` field telling the user to launch the app.
+- `tools/list` returns one tool: `es_memory_setup`, whose description also tells the user to launch the app.
+- `tools/call` returns `isError: true` with human-readable setup text.
 
-| Key | Value |
-|---|---|
-| `url` | Full MCP endpoint URL including `/mcp` path |
-| `version` | Host's `CFBundleShortVersionString` (logged on connect) |
+On every subsequent request the bridge attempts the forward again, so the moment the host comes up the bridge auto-recovers and resumes normal forwarding. The user sees a clear, actionable message inside Claude instead of a silent connection failure.
+
+## Requires
 
-The host also deletes `server.plist` on terminate so the bridge sees a clean "not running" state rather than a stale URL. Requires **ES Memory v1.0.4 or later**.
+**ES Memory v1.0.5 or later**, configured to bind to port 59123. (Earlier versions used dynamic port selection with discovery via `server.plist`; v1.0.5 binds to a fixed port and needs no discovery.)
 
 ## Project structure
 
diff --git a/bundle/manifest.json b/bundle/manifest.json
@@ -2,7 +2,7 @@
   "manifest_version": "0.3",
   "name": "es-memory-bridge",
   "display_name": "ES Memory",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "Stdio bridge to the ES Memory MCP server. Provides Claude with persistent memory: store, retrieve, organize, and curate memories across sessions. Requires the ES Memory app to be running locally.",
   "author": {
     "name": "Kolja Wawrowsky"
