You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TOCTOU in file watcher — watcher.py checks file existence then reads it; file can be deleted between check and read
Unsynchronized parser cache — get_parser() in parser_phase.py has no locking; concurrent indexing threads can corrupt the cache or double-initialize parsers
Scattered global state — server.py uses separate _storage and _lock module-level globals with global statements, making mutation surface hard to reason about
No rate limiting — MCP server accepts unlimited requests with no throttling
Proposed fix
RACE-1: Wrap read_file() call in try/except (FileNotFoundError, PermissionError, OSError)
RACE-2: Add threading.Lock() with double-checked locking pattern in get_parser()
RACE-3: Replace scattered globals with _ServerState dataclass
Problem
watcher.pychecks file existence then reads it; file can be deleted between check and readget_parser()inparser_phase.pyhas no locking; concurrent indexing threads can corrupt the cache or double-initialize parsersserver.pyuses separate_storageand_lockmodule-level globals withglobalstatements, making mutation surface hard to reason aboutProposed fix
read_file()call intry/except (FileNotFoundError, PermissionError, OSError)threading.Lock()with double-checked locking pattern inget_parser()_ServerStatedataclassFiles to change
src/axon/core/ingestion/watcher.pysrc/axon/core/ingestion/parser_phase.pysrc/axon/mcp/server.py