Next: , Previous: , Up: Server Internals   [Contents][Index]

6.2 Request lifecycle

For a typical remember call:

  1. Client sends POST /mcp with bearer header and JSON-RPC envelope.
  2. Tomcat dispatches to MCPServer.service(), which delegates to Kiss’s MCPServerBase.
  3. authenticate() reads the Authorization header (or the ?token= query-string fallback) and runs a constant-time compare against Config.OWNSONA_API_TOKEN. Failure: 401 with WWW-Authenticate: Bearer.
  4. The base class parses the JSON-RPC envelope and calls the appropriate handler — doRemember, doRecall, etc.
  5. The handler validates inputs against the tool’s schema, runs SecretScanner for write paths, normalizes tags, and calls MemoryService.
  6. MemoryService opens a fresh Connection from MainServlet.openNewConnection(), optionally invokes the EmbeddingProvider (one HTTP call out to OpenAI or whatever’s configured), and runs the SQL via MemoryRepository. The connection is closed with closeConnection(db, success), which commits on success=true and rolls back on false.
  7. The result is wrapped as a tool result and shipped back as JSON-RPC.

Recall is structurally similar but read-only: one embedding call for the query text, one vector-similarity SELECT, no transaction commit.