feat: Add project-prefixed permalinks and memory URL routing

[phernandez]

Summary

• default permalinks to include project slug with canonical builder; normalize project:: wikilinks and add legacy fallback handling
• cross-project link resolution and memory:// routing across MCP tools; normalize project prefixes and enforce project constraints
• importer pipeline now emits canonical permalinks; context traversal shows cross-project relations without traversing foreign entities

Testing

• Not run (not requested)

[github-actions]

Claude finished @phernandez's task in 2m 47s —— View job

---

Code Review Complete

Reviewing this PR against the Basic Memory team checklist:

Summary

This PR implements project-prefixed permalinks and cross-project memory URL routing. The implementation is comprehensive and well-structured, with extensive test coverage. I've identified several areas that require attention before merging.

---

Code Quality & Standards

✅ Strengths

• Excellent literate programming style: The decision point comments in link_resolver.py, entity_service.py, and project_context.py follow the Trigger/Why/Outcome pattern perfectly
• Type annotations: Full Python 3.12+ type annotations throughout
• Code organization: Clean separation of concerns between link resolution, entity creation, and project context
• Line length: All files respect 100-character limit

⚠️ Issues Found

1. services/exceptions.py:19-22 - New exception hierarchy

   • EntityAlreadyExistsError now extends EntityCreationError (was standalone)
   • This is a breaking change that affects error handling
   • Verify all exception handlers account for this hierarchy change
   • Review error handling →

2. utils.py:205-217 - normalize_project_reference function

   • Simple implementation but lacks docstring examples
   • Consider adding docstring examples for clarity:

   """
   Examples:
       >>> normalize_project_reference("project::note")
       'project/note'
       >>> normalize_project_reference("note")
       'note'
   """

3. utils.py:219-246 - build_canonical_permalink function

   • Good implementation but edge case handling could be clearer
   • The logic at lines 240-243 handles duplicate prefix but lacks a comment explaining why

---

Testing & Documentation

✅ Strengths

• Comprehensive test coverage: 33 tests in test_link_resolver.py, 58 in test_entity_service.py, 41 in test_config.py
• Integration tests updated: MCP tool tests in test-int/mcp/ updated to handle project-prefixed permalinks
• Test structure: Good separation between unit and integration tests

⚠️ Issues Found

4. Missing edge case tests:

   • No tests for cross-project link resolution failure scenarios
   • Missing tests for normalize_project_reference with edge cases (empty string, multiple ::separator, etc.)
   • Add edge case tests →

5. Documentation gaps:

   • PR summary says "Testing: Not run (not requested)" - this should be updated to reflect actual test status
   • CLAUDE.md not updated with new permalink behavior
   • No migration guide for users with existing non-prefixed permalinks
   • Add migration guide →

---

Basic Memory Architecture

✅ Strengths

• Preserves local-first architecture: Files remain source of truth
• MCP tools follow atomic design: Each tool has single responsibility
• Knowledge graph consistency: Link resolution maintains graph integrity
• Backward compatibility: Legacy permalink resolution preserved via legacy_permalink fallback

⚠️ Issues Found

6. link_resolver.py:169-183 - Legacy permalink handling

   • The logic strips project prefix from legacy links, but this could cause issues if a note title legitimately starts with the project name
   • Example: Project "docs", note titled "docs/meeting" would incorrectly match
   • Consider adding a test case for this scenario
   • Test edge case →

7. entity_service.py:613-616 - Error wrapping loses context

   • Generic EntityCreationError message doesn't preserve original exception type
   • Consider: raise EntityCreationError(f"Failed to create entity: {type(e).__name__}: {str(e)}") from e
   • This helps debugging by showing whether it was an IntegrityError, PermissionError, etc.

---

Security & Performance

✅ Strengths

• No security vulnerabilities introduced
• Proper path validation: validate_project_path prevents traversal attacks
• Performance optimizations: Repository caching in link_resolver.py (lines 39-41)
• Batch operations: Parallel relation resolution in entity_service.py (lines 688-699)

⚠️ Issues Found

8. link_resolver.py:319-333 - Cache key collision risk

   • cache_key = identifier.strip().lower() could collide for "Project-A" and "project-a"
   • While project names should be unique, consider using project ID for cache keys instead
   • Minor issue but could cause subtle bugs in case-sensitive filesystems

9. link_resolver.py:335-364 - Resource pooling concern

   • Creates new EntityRepository and SearchService instances for each cross-project lookup
   • These instances are cached, but consider: what's the memory impact with many projects?
   • Recommend adding a cache size limit or TTL to prevent unbounded growth
   • Add cache limits →

---

Compatibility

✅ Strengths

• Windows path handling: PureWindowsPath usage in utils.py ensures cross-platform compatibility
• Path normalization: Path().as_posix() in link_resolver.py handles platform differences

⚠️ Issues Found

10. config.py:163-166 - Default value documentation

    • permalinks_include_project: bool = Field(default=True, ...)
    • This is a significant default change that affects all new installations
    • The description says "Existing permalinks remain unchanged unless explicitly updated" but doesn't warn about cross-version compatibility
    • Consider: what happens when a cloud instance (v0.15+) syncs with an older CLI (v0.14)?
    • Add version compatibility check →

11. No emoji/unicode in console output - ✅ VERIFIED

    • Checked all changed files, no console output contains emojis or unicode
    • Logger statements use plain ASCII

---

Critical Findings

🔴 BLOCKER - Exception Handling Change

Issue: The PR changes EntityAlreadyExistsError to extend EntityCreationError (was previously standalone). This changes error handling behavior.

Location: src/basic_memory/services/exceptions.py:19-22

Impact: Code that catches EntityCreationError will now also catch EntityAlreadyExistsError, which may not be the intended behavior.

Found in:

• api/app.py:97-100 - Exception handler for EntityAlreadyExistsError returns HTTP 409
• Any code that catches EntityCreationError will now catch both

Required action:

1. Audit all except EntityCreationError blocks to ensure they handle EntityAlreadyExistsError correctly
2. Update the app.py exception handler ordering if needed (more specific handler should be registered first)
3. Add tests to verify exception handler precedence

Review and fix →

---

Checklist Summary

Code Quality & Standards

• Follows Basic Memory's coding conventions in CLAUDE.md
• Python 3.12+ type annotations and async patterns
• SQLAlchemy 2.0 best practices
• FastAPI and Typer conventions followed
• 100-character line length limit maintained
• No commented-out code blocks

Testing & Documentation

• Unit tests for new functions/methods
• Integration tests for new MCP tools
• Test coverage for edge cases (mostly - see issue Create/update db on startup  #4)
• 100% test coverage maintained (based on file count, not verified with coverage tool)
• [⚠️] Documentation updated (CLAUDE.md needs update - see issue Pre release fixups #5)
• [⚠️] PR description needs update (says "Not run" but tests exist)

Basic Memory Architecture

• MCP tools follow atomic, composable design
• Database changes include Alembic migrations (none needed)
• Preserves local-first architecture principles
• Knowledge graph operations maintain consistency
• Markdown file handling preserves integrity
• AI-human collaboration patterns followed

Security & Performance

• No hardcoded secrets or credentials
• Input validation for MCP tools
• Proper error handling and logging
• [⚠️] Performance considerations addressed (see issue feat: import chatgpt conversation data #9 - cache limits)
• No sensitive data in logs or commits

Compatibility

• File path comparisons are Windows compatible
• No emojis or unicode in console/log output
• [⚠️] Cross-version compatibility needs consideration (see issue fix: Re do enhanced read note format #10)

---

Recommendations

Before Merging (Required)

1. 🔴 Fix exception handling hierarchy - Audit and fix EntityCreationError handlers (issue Pre release #1)
2. Update documentation - Update CLAUDE.md and PR description (issue Pre release fixups #5)
3. Add edge case tests - Cover normalize_project_reference edge cases (issue Create/update db on startup  #4)

Nice to Have (Post-merge acceptable)

4. Add docstring examples to normalize_project_reference (issue Memory json import #2)
5. Add migration guide for permalink changes (issue Pre release fixups #5)
6. Implement cache size limits for cross-project lookups (issue feat: import chatgpt conversation data #9)
7. Add version compatibility checks for permalink settings (issue fix: Re do enhanced read note format #10)

---

Overall Assessment

This is a well-architected feature with thorough implementation across the codebase. The literate programming style and decision-point comments make the code highly maintainable. However, the exception handling change (#1) is a blocker that must be addressed before merge.

Recommendation: Request changes to address the exception handling issue, then approve once fixed.

---

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 97cc0d9b4f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Prevent implicit cross-project matches during file-path resolution

This new fallback treats any project/path-looking identifier as a cross‑project lookup when local resolution fails. EntityService.create_or_update_entity calls resolve_link on schema.file_path with strict=True, so a file like other-project/foo.md in project A will resolve into project B if a project slug matches other-project and B has a foo permalink. That causes update flows to target another project’s entity (repository updates aren’t project-scoped by id), which is a correctness regression. Consider restricting this fallback to explicit project:: links or guarding create/update callers against cross-project results.

Useful? React with 👍 / 👎.

[github-actions]

Claude finished @phernandez's task in 2m 44s —— View job

---

Code Review Complete

I've thoroughly reviewed this PR against the Basic Memory team checklist. Here are my findings:

---

Summary

This PR implements project-prefixed permalinks and cross-project memory URL routing. The implementation is well-structured with comprehensive test coverage and excellent literate programming style. However, I've identified one critical blocker regarding exception handling, plus several issues that should be addressed.

---

Critical Findings

🔴 BLOCKER - Exception Handler Ordering

Issue: The PR changes EntityAlreadyExistsError to extend EntityCreationError (line 19 in services/exceptions.py:19-22). This creates a hierarchy where catching EntityCreationError will also catch EntityAlreadyExistsError.

Impact: The FastAPI exception handlers in api/app.py are registered as:

1. Line 97: @app.exception_handler(EntityAlreadyExistsError) → Returns HTTP 409
2. Line 122: @app.exception_handler(Exception) → Returns HTTP 500

FastAPI processes exception handlers from most specific to least specific, BUT this depends on Python's MRO. With the new inheritance:

• EntityAlreadyExistsError IS-A EntityCreationError
• Any code catching EntityCreationError will now also catch EntityAlreadyExistsError
• The entity_service.py wraps exceptions at line 616: raise EntityCreationError(...) from e

Problem: The exception wrapping at entity_service.py:616 converts EntityAlreadyExistsError to generic EntityCreationError, which would return HTTP 500 instead of HTTP 409.

Required Action:

1. Verify the exception handler ordering works correctly with the new hierarchy
2. Consider whether EntityAlreadyExistsError should extend EntityCreationError at all
3. Add integration tests that verify HTTP status codes for both exception types
4. Review entity_service.py:616 to ensure it doesn't wrap EntityAlreadyExistsError as generic EntityCreationError

Code Reference:

# services/exceptions.py:19-22
class EntityAlreadyExistsError(EntityCreationError):  # ← NEW HIERARCHY
    """Raised when an entity file already exists"""
    pass

# entity_service.py:612-616
try:
    return await self.repository.upsert_entity(model)
except Exception as e:
    logger.error(f"Failed to upsert entity for {file_path}: {e}")
    raise EntityCreationError(f"Failed to create entity: {str(e)}") from e  # ← WRAPS ALL EXCEPTIONS

Fix exception handling →

---

Security & Correctness Issues

⚠️ P1 - Cross-Project Resolution Vulnerability (Codex Finding)

The Codex review identified a critical issue at link_resolver.py:102-125:

Issue: The fallback cross-project resolution (lines 102-125) treats any project/path identifier as a potential cross-project reference when local resolution fails. This is called from EntityService.create_or_update_entity with strict=True, meaning:

• A file path like other-project/foo.md in project A will resolve to project B if:
  • Project B has slug other-project
  • Project B has an entity with permalink foo
• The entity service would then update project B's entity instead of creating one in project A

Root Cause: The resolve_link method is used for two different purposes:

1. Link resolution (finding targets of markdown links) - cross-project is desired
2. File path resolution (entity creation/update identity) - cross-project is wrong

Required Action:

1. Add a parameter to resolve_link to disable cross-project fallback for file path resolution
2. Update EntityService.create_or_update_entity to disable cross-project when resolving by file path
3. Add tests for this edge case: creating other-project/note.md should not resolve to an existing project

Fix cross-project resolution →

---

Code Quality Issues

Issue #1: Cache Key Collision Risk

Location: link_resolver.py:319-333

Issue: cache_key = identifier.strip().lower() could collide for "Project-A" and "project-a". While project names should be unique, consider using project ID for cache keys for robustness.

Severity: Minor - unlikely to cause issues in practice but could lead to subtle bugs

---

Issue #2: Missing Docstring Examples

Location: utils.py:205-217

Issue: The normalize_project_reference function lacks docstring examples. Consider adding:

"""
Examples:
    >>> normalize_project_reference("project::note")
    'project/note'
    >>> normalize_project_reference("note")
    'note'
"""

Severity: Documentation improvement

---

Issue #3: Duplicate Prefix Logic Needs Comment

Location: utils.py:240-243

Issue: The duplicate prefix check lacks an explanatory comment:

if normalized_path == normalized_project or normalized_path.startswith(f"{normalized_project}/"):
    return normalized_path  # ← Why? Add comment explaining duplicate prefix handling

Severity: Minor - affects code maintainability

---

Issue #4: Cache Memory Growth

Location: link_resolver.py:335-364

Issue: Creates new EntityRepository and SearchService instances for each cross-project lookup. These are cached but without size limits, which could cause unbounded memory growth with many projects.

Required Action: Add LRU cache with max size (e.g., 10-20 projects) to prevent memory issues

Add cache limits →

Severity: Medium - could impact production deployments with many projects

---

Testing & Documentation

✅ Strengths

• Excellent test coverage: 858 lines in test_link_resolver.py, 2017 lines in test_entity_service.py
• Cross-project tests exist: test_cross_project_link_resolution at line 369 in test_link_resolver.py
• Integration tests updated: MCP tool tests handle project-prefixed permalinks
• Good test structure: Separation between unit and integration tests

⚠️ Issues

Issue #5: Missing Edge Case Tests

• No tests for normalize_project_reference edge cases (empty string, multiple ::, etc.)
• No tests for the cross-project file path vulnerability (Issue #P1)
• No tests for exception handler ordering with new hierarchy (Issue #BLOCKER)

Add edge case tests →

Issue #6: Documentation Gaps

• CLAUDE.md not updated with new permalink behavior
• No migration guide for users with existing non-prefixed permalinks
• config.py description mentions "Existing permalinks remain unchanged" but doesn't address cross-version sync compatibility

Add migration docs →

---

Checklist Results

Code Quality & Standards

• Follows Basic Memory's coding conventions in CLAUDE.md
• Python 3.12+ type annotations and async patterns
• SQLAlchemy 2.0 best practices
• FastAPI and Typer conventions followed
• 100-character line length limit maintained
• No commented-out code blocks
• Excellent literate programming style with decision-point comments

Testing & Documentation

• Unit tests for new functions/methods
• Integration tests for new MCP tools
• [⚠️] Test coverage for edge cases (see Issue Pre release fixups #5)
• 100% test coverage maintained (cannot verify without running coverage tool)
• [⚠️] Documentation updated (see Issue Alembic #6)

Basic Memory Architecture

• MCP tools follow atomic, composable design
• Database changes - no migrations needed (config-only change)
• Preserves local-first architecture principles
• Knowledge graph operations maintain consistency
• Markdown file handling preserves integrity
• AI-human collaboration patterns followed

Security & Performance

• No hardcoded secrets or credentials
• Input validation for MCP tools
• Proper error handling and logging
• [⚠️] Performance considerations (see Issue Create/update db on startup  #4 - cache limits)
• No sensitive data in logs or commits

Compatibility

• File path comparisons are Windows compatible (PureWindowsPath used in utils.py)
• No emojis or unicode in console/log output (verified - only in MCP tool responses)

---

Recommendations

Before Merging (Required)

1. 🔴 BLOCKER: Fix exception handling hierarchy (Issue #BLOCKER)
2. ⚠️ P1: Fix cross-project resolution vulnerability (Codex finding)
3. Add edge case tests for exception handling and cross-project resolution
4. Update documentation (CLAUDE.md, migration guide)

Nice to Have (Can be addressed post-merge)

5. Add cache size limits for cross-project lookups (Issue Create/update db on startup  #4)
6. Add docstring examples to normalize_project_reference (Issue Memory json import #2)
7. Add explanatory comments for duplicate prefix logic (Issue fix: fix permalink uniqueness violations on create/update/sync #3)
8. Use project ID for cache keys (Issue Pre release #1)

---

Overall Assessment

This PR demonstrates excellent engineering practices:

• ✅ Outstanding literate programming style with Trigger/Why/Outcome comments
• ✅ Comprehensive test coverage with good structure
• ✅ Well-architected cross-project link resolution
• ✅ Proper separation of concerns

However, it has two critical issues that must be addressed:

1. Exception handling hierarchy change could break HTTP 409 responses
2. Cross-project resolution fallback creates a correctness vulnerability

Recommendation: Request changes to address the blocker and P1 security issue, then approve once fixed.

---