@prmichaelsen/remember-mcp 3.19.3 → 3.20.1

package/dist/tools/admin-collection-stats.d.ts

@@ -0,0 +1,24 @@
+/**
+ * remember_admin_collection_stats tool
+ * Returns stats for a specific Weaviate collection.
+ */
+import type { AuthContext } from '../types/auth.js';
+export declare const adminCollectionStatsTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            collection_name: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export interface AdminCollectionStatsArgs {
+    collection_name: string;
+}
+export declare function handleAdminCollectionStats(args: AdminCollectionStatsArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+//# sourceMappingURL=admin-collection-stats.d.ts.map

package/dist/tools/admin-detect-weaviate-drift.d.ts

@@ -0,0 +1,26 @@
+/**
+ * remember_admin_detect_weaviate_drift tool
+ * Compares expected schema properties (from code) against actual Weaviate schema.
+ */
+import type { AuthContext } from '../types/auth.js';
+export declare const adminDetectWeaviateDriftTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            collection_ids: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                description: string;
+            };
+        };
+    };
+};
+export interface AdminDetectWeaviateDriftArgs {
+    collection_ids?: string[];
+}
+export declare function handleAdminDetectWeaviateDrift(args: AdminDetectWeaviateDriftArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+//# sourceMappingURL=admin-detect-weaviate-drift.d.ts.map

package/dist/tools/admin-get-weaviate-schema.d.ts

@@ -0,0 +1,24 @@
+/**
+ * remember_admin_get_weaviate_schema tool
+ * Inspects a Weaviate collection's schema, property types, and index config.
+ */
+import type { AuthContext } from '../types/auth.js';
+export declare const adminGetWeaviateSchemaTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            collection_name: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export interface AdminGetWeaviateSchemaArgs {
+    collection_name: string;
+}
+export declare function handleAdminGetWeaviateSchema(args: AdminGetWeaviateSchemaArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+//# sourceMappingURL=admin-get-weaviate-schema.d.ts.map

package/dist/tools/admin-health-drift.spec.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for admin health and drift tools.
+ */
+export {};
+//# sourceMappingURL=admin-health-drift.spec.d.ts.map

package/dist/tools/admin-health.d.ts

@@ -0,0 +1,15 @@
+/**
+ * remember_admin_health tool
+ * Deep health check — Weaviate and Firestore connectivity with latency.
+ */
+import type { AuthContext } from '../types/auth.js';
+export declare const adminHealthTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {};
+    };
+};
+export declare function handleAdminHealth(_args: Record<string, unknown>, userId: string, _authContext?: AuthContext): Promise<string>;
+//# sourceMappingURL=admin-health.d.ts.map

package/dist/tools/admin-inspect-memory.d.ts

@@ -0,0 +1,29 @@
+/**
+ * remember_admin_inspect_memory tool
+ * Fetches a raw memory object by UUID using the Firestore index for collection resolution.
+ */
+import type { AuthContext } from '../types/auth.js';
+export declare const adminInspectMemoryTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            memory_id: {
+                type: string;
+                description: string;
+            };
+            include_vector: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export interface AdminInspectMemoryArgs {
+    memory_id: string;
+    include_vector?: boolean;
+}
+export declare function handleAdminInspectMemory(args: AdminInspectMemoryArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+//# sourceMappingURL=admin-inspect-memory.d.ts.map

package/dist/tools/admin-inspect-user.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Admin user inspection tools — granular Firestore data access per data type.
+ *
+ * - remember_admin_inspect_user_preferences
+ * - remember_admin_inspect_user_ghost_configs
+ * - remember_admin_inspect_user_escalation_records
+ * - remember_admin_inspect_user_api_tokens
+ */
+import type { AuthContext } from '../types/auth.js';
+export declare const adminInspectUserPreferencesTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            user_id: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: readonly ["user_id"];
+    };
+};
+export declare const adminInspectUserGhostConfigsTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            user_id: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: readonly ["user_id"];
+    };
+};
+export declare const adminInspectUserEscalationRecordsTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            user_id: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: readonly ["user_id"];
+    };
+};
+export declare const adminInspectUserApiTokensTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            user_id: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: readonly ["user_id"];
+    };
+};
+export interface AdminInspectUserArgs {
+    user_id: string;
+}
+export declare function handleAdminInspectUserPreferences(args: AdminInspectUserArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+export declare function handleAdminInspectUserGhostConfigs(args: AdminInspectUserArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+export declare function handleAdminInspectUserEscalationRecords(args: AdminInspectUserArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+export declare function handleAdminInspectUserApiTokens(args: AdminInspectUserArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+//# sourceMappingURL=admin-inspect-user.d.ts.map

package/dist/tools/admin-inspect-user.spec.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for admin user inspection tools.
+ */
+export {};
+//# sourceMappingURL=admin-inspect-user.spec.d.ts.map

package/dist/tools/admin-list-collections.d.ts

@@ -0,0 +1,23 @@
+/**
+ * remember_admin_list_collections tool
+ * Lists all Weaviate collections with type categorization.
+ */
+import type { AuthContext } from '../types/auth.js';
+export declare const adminListCollectionsTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            filter: {
+                type: string;
+                description: string;
+            };
+        };
+    };
+};
+export interface AdminListCollectionsArgs {
+    filter?: string;
+}
+export declare function handleAdminListCollections(args: AdminListCollectionsArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+//# sourceMappingURL=admin-list-collections.d.ts.map

package/dist/tools/admin-memory-inspection.spec.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Tests for admin memory inspection tools:
+ * - remember_admin_inspect_memory
+ * - remember_admin_search_across_users
+ */
+export {};
+//# sourceMappingURL=admin-memory-inspection.spec.d.ts.map

package/dist/tools/admin-schema-collection.spec.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Tests for admin schema and collection tools:
+ * - remember_admin_get_weaviate_schema
+ * - remember_admin_list_collections
+ * - remember_admin_collection_stats
+ */
+export {};
+//# sourceMappingURL=admin-schema-collection.spec.d.ts.map

package/dist/tools/admin-search-across-users.d.ts

@@ -0,0 +1,42 @@
+/**
+ * remember_admin_search_across_users tool
+ * Searches memories across multiple user tenants.
+ */
+import type { AuthContext } from '../types/auth.js';
+export declare const adminSearchAcrossUsersTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            user_ids: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                description: string;
+            };
+            query: {
+                type: string;
+                description: string;
+            };
+            limit: {
+                type: string;
+                description: string;
+            };
+            content_type: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export interface AdminSearchAcrossUsersArgs {
+    user_ids: string[];
+    query: string;
+    limit?: number;
+    content_type?: string;
+}
+export declare function handleAdminSearchAcrossUsers(args: AdminSearchAcrossUsersArgs, userId: string, _authContext?: AuthContext): Promise<string>;
+//# sourceMappingURL=admin-search-across-users.d.ts.map

package/dist/utils/admin.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Admin gate utilities
+ * Checks if a userId is in the ADMIN_USER_IDS env var.
+ * Re-reads env on each call (not cached) for hot-reload support.
+ */
+/**
+ * Check if a userId is an admin.
+ * Reads ADMIN_USER_IDS env var on each call.
+ */
+export declare function isAdmin(userId: string): boolean;
+/**
+ * Standard permission error response for non-admin users.
+ */
+export declare function adminPermissionError(): {
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError: boolean;
+};
+//# sourceMappingURL=admin.d.ts.map

package/dist/utils/admin.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=admin.spec.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prmichaelsen/remember-mcp",
-  "version": "3.19.3",
+  "version": "3.20.1",
   "description": "Multi-tenant memory system MCP server with vector search and relationships",
   "main": "dist/server.js",
   "type": "module",
@@ -52,7 +52,7 @@
     "@google-cloud/documentai": "^9.5.0",
     "@google-cloud/vision": "^5.3.4",
     "@modelcontextprotocol/sdk": "^1.0.4",
-    "@prmichaelsen/remember-core": "^0.70.11",
+    "@prmichaelsen/remember-core": "^0.71.1",
     "dotenv": "^16.4.5",
     "uuid": "^13.0.0",
     "weaviate-client": "^3.2.0"

package/src/server-factory.ts

@@ -61,6 +61,24 @@ import { searchSpaceByTool, handleSearchSpaceBy } from './tools/search-space-by.
 import { getGhostConfig } from './services/ghost-config.service.js';
 import { resolveAccessorTrustLevel } from './services/access-control.js';
 
+// Admin utilities
+import { isAdmin, adminPermissionError } from './utils/admin.js';
+
+// Admin tools
+import { adminGetWeaviateSchemaTool, handleAdminGetWeaviateSchema } from './tools/admin-get-weaviate-schema.js';
+import { adminListCollectionsTool, handleAdminListCollections } from './tools/admin-list-collections.js';
+import { adminCollectionStatsTool, handleAdminCollectionStats } from './tools/admin-collection-stats.js';
+import { adminInspectMemoryTool, handleAdminInspectMemory } from './tools/admin-inspect-memory.js';
+import { adminSearchAcrossUsersTool, handleAdminSearchAcrossUsers } from './tools/admin-search-across-users.js';
+import {
+  adminInspectUserPreferencesTool, handleAdminInspectUserPreferences,
+  adminInspectUserGhostConfigsTool, handleAdminInspectUserGhostConfigs,
+  adminInspectUserEscalationRecordsTool, handleAdminInspectUserEscalationRecords,
+  adminInspectUserApiTokensTool, handleAdminInspectUserApiTokens,
+} from './tools/admin-inspect-user.js';
+import { adminHealthTool, handleAdminHealth } from './tools/admin-health.js';
+import { adminDetectWeaviateDriftTool, handleAdminDetectWeaviateDrift } from './tools/admin-detect-weaviate-drift.js';
+
 export interface ServerOptions {
   name?: string;
   version?: string;
@@ -282,49 +300,69 @@ function registerHandlers(
   accessToken: string,
   internalContext?: import('./types/auth.js').InternalContext
 ): void {
-  // List available tools
+  // Admin tool definitions (hidden from non-admin users)
+  const adminTools = [
+    adminGetWeaviateSchemaTool,
+    adminListCollectionsTool,
+    adminCollectionStatsTool,
+    adminInspectMemoryTool,
+    adminSearchAcrossUsersTool,
+    adminInspectUserPreferencesTool,
+    adminInspectUserGhostConfigsTool,
+    adminInspectUserEscalationRecordsTool,
+    adminInspectUserApiTokensTool,
+    adminHealthTool,
+    adminDetectWeaviateDriftTool,
+  ];
+
+  // List available tools (admin tools conditionally included)
   server.setRequestHandler(ListToolsRequestSchema, async () => {
-    return {
-      tools: [
-        // Memory tools
-        createMemoryTool,
-        searchMemoryTool,
-        deleteMemoryTool,
-        updateMemoryTool,
-        findSimilarTool,
-        queryMemoryTool,
-        // Relationship tools
-        createRelationshipTool,
-        updateRelationshipTool,
-        searchRelationshipTool,
-        deleteRelationshipTool,
-        // Preference tools
-        setPreferenceTool,
-        getPreferencesTool,
-        // Space tools
-        publishTool,
-        retractTool,
-        reviseTool,
-        confirmTool,
-        denyTool,
-        searchSpaceTool,
-        querySpaceTool,
-        moderateTool,
-        ghostConfigTool,
-        // Search modes
-        searchByTool,
-        // Unified internal memory tools
-        createInternalMemoryTool,
-        updateInternalMemoryTool,
-        searchInternalMemoryTool,
-        queryInternalMemoryTool,
-        searchInternalMemoryByTool,
-        // Core introspection
-        getCoreTool,
-        // Space search modes
-        searchSpaceByTool,
-      ],
-    };
+    const tools = [
+      // Memory tools
+      createMemoryTool,
+      searchMemoryTool,
+      deleteMemoryTool,
+      updateMemoryTool,
+      findSimilarTool,
+      queryMemoryTool,
+      // Relationship tools
+      createRelationshipTool,
+      updateRelationshipTool,
+      searchRelationshipTool,
+      deleteRelationshipTool,
+      // Preference tools
+      setPreferenceTool,
+      getPreferencesTool,
+      // Space tools
+      publishTool,
+      retractTool,
+      reviseTool,
+      confirmTool,
+      denyTool,
+      searchSpaceTool,
+      querySpaceTool,
+      moderateTool,
+      ghostConfigTool,
+      // Search modes
+      searchByTool,
+      // Unified internal memory tools
+      createInternalMemoryTool,
+      updateInternalMemoryTool,
+      searchInternalMemoryTool,
+      queryInternalMemoryTool,
+      searchInternalMemoryByTool,
+      // Core introspection
+      getCoreTool,
+      // Space search modes
+      searchSpaceByTool,
+    ];
+
+    // Only include admin tools for admin users
+    if (isAdmin(userId)) {
+      tools.push(...adminTools as typeof tools);
+    }
+
+    return { tools };
   });
 
   // Handle tool calls
@@ -455,7 +493,58 @@ function registerHandlers(
           result = await handleSearchSpaceBy(args as any, userId, authContext);
           break;
 
+        // Admin tools (gated by isAdmin check inside each handler)
+        case 'remember_admin_get_weaviate_schema':
+          result = await handleAdminGetWeaviateSchema(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_list_collections':
+          result = await handleAdminListCollections(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_collection_stats':
+          result = await handleAdminCollectionStats(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_inspect_memory':
+          result = await handleAdminInspectMemory(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_search_across_users':
+          result = await handleAdminSearchAcrossUsers(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_inspect_user_preferences':
+          result = await handleAdminInspectUserPreferences(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_inspect_user_ghost_configs':
+          result = await handleAdminInspectUserGhostConfigs(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_inspect_user_escalation_records':
+          result = await handleAdminInspectUserEscalationRecords(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_inspect_user_api_tokens':
+          result = await handleAdminInspectUserApiTokens(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_health':
+          result = await handleAdminHealth(args as any, userId, authContext);
+          break;
+
+        case 'remember_admin_detect_weaviate_drift':
+          result = await handleAdminDetectWeaviateDrift(args as any, userId, authContext);
+          break;
+
         default:
+          // Admin tool gate: reject non-admin users calling admin tools
+          if (name.startsWith('remember_admin_')) {
+            if (!isAdmin(userId)) {
+              return adminPermissionError();
+            }
+          }
           throw new McpError(
             ErrorCode.MethodNotFound,
             `Unknown tool: ${name}`

package/src/tools/admin-collection-stats.ts

@@ -0,0 +1,67 @@
+/**
+ * remember_admin_collection_stats tool
+ * Returns stats for a specific Weaviate collection.
+ */
+
+import { handleToolError } from '../utils/error-handler.js';
+import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
+import { isAdmin, adminPermissionError } from '../utils/admin.js';
+import { getWeaviateClient } from '../weaviate/client.js';
+
+export const adminCollectionStatsTool = {
+  name: 'remember_admin_collection_stats',
+  description: `[Admin] Get stats for a Weaviate collection — object count, property count, configuration.
+
+  Requires admin access (ADMIN_USER_IDS).`,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      collection_name: {
+        type: 'string',
+        description: 'Collection name to get stats for',
+      },
+    },
+    required: ['collection_name'],
+  },
+};
+
+export interface AdminCollectionStatsArgs {
+  collection_name: string;
+}
+
+export async function handleAdminCollectionStats(
+  args: AdminCollectionStatsArgs,
+  userId: string,
+  _authContext?: AuthContext
+): Promise<string> {
+  const debug = createDebugLogger({ tool: 'remember_admin_collection_stats', userId, operation: 'collection stats' });
+  try {
+    if (!isAdmin(userId)) {
+      return JSON.stringify(adminPermissionError());
+    }
+
+    debug.info('Tool invoked', { collection_name: args.collection_name });
+
+    const client = getWeaviateClient();
+    const collection = client.collections.get(args.collection_name);
+
+    // Get config and count in parallel
+    const [config, objectCount] = await Promise.all([
+      collection.config.get(),
+      collection.length(),
+    ]);
+
+    return JSON.stringify({
+      collection_name: args.collection_name,
+      object_count: objectCount,
+      property_count: config.properties.length,
+      properties: config.properties.map((p: any) => p.name),
+      vectorizers: config.vectorizers,
+      multiTenancy: config.multiTenancy,
+      replication: config.replication,
+    }, null, 2);
+  } catch (error) {
+    return handleToolError(error, { toolName: 'remember_admin_collection_stats', userId, operation: 'collection stats' });
+  }
+}