npm - @prmichaelsen/remember-mcp - Versions diffs - 3.19.3 → 4.0.0 - Mend

@prmichaelsen/remember-mcp 3.19.3 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

package/AGENT.md +10 -3
package/CHANGELOG.md +38 -0
package/README.md +1 -1
package/agent/commands/acp.artifact-glossary.md +530 -0
package/agent/commands/acp.artifact-reference.md +591 -0
package/agent/commands/acp.artifact-research.md +594 -0
package/agent/commands/acp.audit.md +345 -0
package/agent/commands/acp.clarification-address.md +185 -88
package/agent/commands/acp.clarification-capture.md +44 -44
package/agent/commands/acp.clarification-create.md +41 -42
package/agent/commands/acp.command-create.md +49 -49
package/agent/commands/acp.design-create.md +53 -35
package/agent/commands/acp.design-reference.md +42 -42
package/agent/commands/acp.handoff.md +35 -35
package/agent/commands/acp.index.md +47 -47
package/agent/commands/acp.init.md +105 -69
package/agent/commands/acp.package-create.md +41 -41
package/agent/commands/acp.package-info.md +40 -40
package/agent/commands/acp.package-install.md +48 -48
package/agent/commands/acp.package-list.md +40 -40
package/agent/commands/acp.package-publish.md +62 -62
package/agent/commands/acp.package-remove.md +41 -41
package/agent/commands/acp.package-search.md +48 -48
package/agent/commands/acp.package-update.md +50 -50
package/agent/commands/acp.package-validate.md +52 -52
package/agent/commands/acp.pattern-create.md +61 -43
package/agent/commands/acp.plan.md +70 -47
package/agent/commands/acp.proceed.md +188 -66
package/agent/commands/acp.project-create.md +42 -42
package/agent/commands/acp.project-info.md +46 -46
package/agent/commands/acp.project-list.md +41 -41
package/agent/commands/acp.project-remove.md +36 -36
package/agent/commands/acp.project-set.md +33 -33
package/agent/commands/acp.project-update.md +57 -57
package/agent/commands/acp.projects-restore.md +37 -37
package/agent/commands/acp.projects-sync.md +39 -39
package/agent/commands/acp.report.md +50 -50
package/agent/commands/acp.resume.md +36 -36
package/agent/commands/acp.sessions.md +46 -46
package/agent/commands/acp.status.md +43 -43
package/agent/commands/acp.sync.md +109 -56
package/agent/commands/acp.task-create.md +51 -49
package/agent/commands/acp.update.md +66 -45
package/agent/commands/acp.validate.md +110 -52
package/agent/commands/acp.version-check-for-updates.md +40 -40
package/agent/commands/acp.version-check.md +36 -36
package/agent/commands/acp.version-update.md +43 -43
package/agent/commands/command.template.md +40 -40
package/agent/commands/git.commit.md +28 -28
package/agent/commands/git.init.md +48 -48
package/agent/design/design.template.md +9 -9
package/agent/design/local.admin-debugging-tools.md +242 -0
package/agent/design/requirements.template.md +8 -8
package/agent/index/.gitkeep +0 -0
package/agent/index/acp.core.yaml +137 -0
package/agent/index/local.main.template.yaml +37 -0
package/agent/index/local.main.yaml +48 -0
package/agent/manifest.yaml +64 -0
package/agent/milestones/milestone-1-{title}.template.md +8 -8
package/agent/milestones/milestone-22-admin-debugging-tools.md +61 -0
package/agent/milestones/milestone-23-trust-level-protection.md +122 -0
package/agent/patterns/pattern.template.md +22 -22
package/agent/progress.template.yaml +13 -3
package/agent/progress.yaml +173 -3
package/agent/schemas/package.schema.yaml +276 -0
package/agent/scripts/acp.project-update.sh +5 -6
package/agent/tasks/milestone-22-admin-debugging-tools/task-520-admin-gate-infrastructure.md +99 -0
package/agent/tasks/milestone-22-admin-debugging-tools/task-521-schema-and-collection-tools.md +108 -0
package/agent/tasks/milestone-22-admin-debugging-tools/task-522-memory-inspection-tools.md +120 -0
package/agent/tasks/milestone-22-admin-debugging-tools/task-523-user-inspection-tools.md +126 -0
package/agent/tasks/milestone-22-admin-debugging-tools/task-524-health-and-drift-tools.md +120 -0
package/agent/tasks/milestone-23-trust-level-protection/task-525-remove-trust-from-create-update.md +69 -0
package/agent/tasks/milestone-23-trust-level-protection/task-526-add-request-set-trust-level-tool.md +108 -0
package/agent/tasks/milestone-23-trust-level-protection/task-527-update-confirm-deny-secret-token.md +60 -0
package/agent/tasks/milestone-23-trust-level-protection/task-528-update-trust-scale-references.md +73 -0
package/agent/tasks/milestone-23-trust-level-protection/task-529-version-bump-and-release.md +87 -0
package/agent/tasks/task-1-{title}.template.md +18 -18
package/dist/server-factory.js +779 -87
package/dist/server.js +141 -41
package/dist/services/trust-validator.d.ts +16 -14
package/dist/tools/admin-collection-stats.d.ts +24 -0
package/dist/tools/admin-detect-weaviate-drift.d.ts +26 -0
package/dist/tools/admin-get-weaviate-schema.d.ts +24 -0
package/dist/tools/admin-health-drift.spec.d.ts +5 -0
package/dist/tools/admin-health.d.ts +15 -0
package/dist/tools/admin-inspect-memory.d.ts +29 -0
package/dist/tools/admin-inspect-user.d.ts +73 -0
package/dist/tools/admin-inspect-user.spec.d.ts +5 -0
package/dist/tools/admin-list-collections.d.ts +23 -0
package/dist/tools/admin-memory-inspection.spec.d.ts +7 -0
package/dist/tools/admin-schema-collection.spec.d.ts +8 -0
package/dist/tools/admin-search-across-users.d.ts +42 -0
package/dist/tools/confirm.d.ts +1 -0
package/dist/tools/confirm.spec.d.ts +5 -0
package/dist/tools/create-internal-memory.d.ts +0 -7
package/dist/tools/create-memory.d.ts +0 -7
package/dist/tools/deny.d.ts +1 -0
package/dist/tools/deny.spec.d.ts +5 -0
package/dist/tools/query-memory.d.ts +2 -0
package/dist/tools/request-set-trust-level.d.ts +32 -0
package/dist/tools/request-set-trust-level.spec.d.ts +2 -0
package/dist/tools/search-memory.d.ts +2 -0
package/dist/tools/update-internal-memory.d.ts +0 -6
package/dist/tools/update-memory.d.ts +0 -7
package/dist/utils/admin.d.ts +21 -0
package/dist/utils/admin.spec.d.ts +2 -0
package/package.json +2 -2
package/src/server-factory.ts +137 -42
package/src/server.ts +6 -0
package/src/services/trust-validator.spec.ts +57 -51
package/src/services/trust-validator.ts +28 -26
package/src/tools/admin-collection-stats.ts +67 -0
package/src/tools/admin-detect-weaviate-drift.ts +110 -0
package/src/tools/admin-get-weaviate-schema.ts +68 -0
package/src/tools/admin-health-drift.spec.ts +193 -0
package/src/tools/admin-health.ts +88 -0
package/src/tools/admin-inspect-memory.ts +86 -0
package/src/tools/admin-inspect-user.spec.ts +130 -0
package/src/tools/admin-inspect-user.ts +148 -0
package/src/tools/admin-list-collections.ts +73 -0
package/src/tools/admin-memory-inspection.spec.ts +206 -0
package/src/tools/admin-schema-collection.spec.ts +167 -0
package/src/tools/admin-search-across-users.ts +104 -0
package/src/tools/confirm.spec.ts +108 -0
package/src/tools/confirm.ts +24 -1
package/src/tools/create-internal-memory.ts +0 -3
package/src/tools/create-memory.spec.ts +6 -2
package/src/tools/create-memory.ts +1 -9
package/src/tools/deny.spec.ts +59 -0
package/src/tools/deny.ts +6 -1
package/src/tools/ghost-config.ts +19 -19
package/src/tools/query-memory.ts +4 -2
package/src/tools/request-set-trust-level.spec.ts +87 -0
package/src/tools/request-set-trust-level.ts +107 -0
package/src/tools/search-memory.ts +4 -2
package/src/tools/update-internal-memory.ts +0 -3
package/src/tools/update-memory.ts +0 -8
package/src/types/memory.ts +1 -1
package/src/utils/admin.spec.ts +70 -0
package/src/utils/admin.ts +27 -0

package/src/services/trust-validator.ts CHANGED Viewed

@@ -1,6 +1,9 @@
 /**
  * Trust validator — validation and suggestions for trust-sensitive operations.
  *
+ * Uses integer TrustLevel 1–5 scale (higher = more confidential).
+ * Aligned with remember-core's trust-validator.service.
+ *
  * See agent/design/local.ghost-persona-system.md
  */
@@ -16,21 +19,20 @@ export interface TrustValidationResult {
 /**
  * Validate a trust level assignment.
- * Warns if trust < 0.25 (very private — existence-only for most accessors).
+ * Warns if trust >= 4 (Restricted/Secret — very restrictive).
  * Returns invalid for out-of-range values.
  *
- * @param trustLevel - The trust level being assigned (0-1)
- * @param content - Optional content for context-aware validation
+ * @param trustLevel - The trust level being assigned (1-5 integer)
  */
-export function validateTrustAssignment(trustLevel: number, content?: string): TrustValidationResult {
-  if (trustLevel < 0 || trustLevel > 1) {
-    return { valid: false, warning: `Trust level must be between 0 and 1, got ${trustLevel}` };
+export function validateTrustAssignment(trustLevel: number): TrustValidationResult {
+  if (!Number.isInteger(trustLevel) || trustLevel < 1 || trustLevel > 5) {
+    return { valid: false, warning: `Trust level must be an integer between 1 and 5, got ${trustLevel}` };
   }
-  if (trustLevel < 0.25) {
+  if (trustLevel >= 4) {
     return {
       valid: true,
-      warning: `Trust level ${trustLevel} is very restrictive — most accessors will see only that this memory exists. Consider 0.25+ for metadata visibility.`,
+      warning: `Trust level ${trustLevel} is very restrictive — most accessors will have limited visibility. Consider level 2 (INTERNAL) or 3 (CONFIDENTIAL) for broader access.`,
     };
   }
@@ -40,31 +42,31 @@ export function validateTrustAssignment(trustLevel: number, content?: string): T
 /**
  * Suggest an appropriate trust level based on content type and tags.
  *
- * Guidelines:
- * - System/audit/action: 0.5 (internal, summary access for trusted users)
- * - Personal (journal, memory, event): 0.75 (share with close friends)
- * - Business (invoice, contract): 0.5 (summary only for collaborators)
- * - Communication (email, conversation): 0.5 (summary only)
- * - Creative/content: 0.25 (metadata for discovery, full access for trusted)
- * - Default: 0.25 (conservative — metadata only)
+ * Guidelines (1-5 integer scale):
+ * - Personal (journal, memory, event): RESTRICTED (4) — close contacts only
+ * - System/audit/action: CONFIDENTIAL (3) — trusted friends
+ * - Business (invoice, contract): CONFIDENTIAL (3)
+ * - Communication (email, conversation): CONFIDENTIAL (3)
+ * - Ghost conversations: RESTRICTED (4)
+ * - Default: INTERNAL (2) — conservative
  *
  * Tag overrides:
- * - 'private' or 'secret': 0.1 (near-hidden)
- * - 'public': 1.0 (open to all)
+ * - 'private' or 'secret': SECRET (5)
+ * - 'public': PUBLIC (1)
  *
  * @param contentType - The type of content
  * @param tags - Optional tags that may affect suggestion
- * @returns Suggested trust level (0-1)
+ * @returns Suggested trust level (1-5)
  */
 export function suggestTrustLevel(contentType: ContentType, tags?: string[]): number {
   // Tag-based overrides take priority
   if (tags && tags.length > 0) {
     const lowerTags = tags.map(t => t.toLowerCase());
     if (lowerTags.includes('private') || lowerTags.includes('secret')) {
-      return 0.1;
+      return 5; // SECRET
     }
     if (lowerTags.includes('public')) {
-      return 1.0;
+      return 1; // PUBLIC
     }
   }
@@ -74,32 +76,32 @@ export function suggestTrustLevel(contentType: ContentType, tags?: string[]): nu
     case 'journal':
     case 'memory':
     case 'event':
-      return 0.75;
+      return 4; // RESTRICTED
     // System/internal
     case 'system':
     case 'audit':
     case 'action':
     case 'history':
-      return 0.5;
+      return 3; // CONFIDENTIAL
     // Business
     case 'invoice':
     case 'contract':
-      return 0.5;
+      return 3; // CONFIDENTIAL
     // Communication
     case 'email':
     case 'conversation':
     case 'meeting':
-      return 0.5;
+      return 3; // CONFIDENTIAL
     // Ghost conversations — private by default
     case 'ghost':
-      return 0.75;
+      return 4; // RESTRICTED
     // Default — conservative
     default:
-      return 0.25;
+      return 2; // INTERNAL
   }
 }

package/src/tools/admin-collection-stats.ts ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * remember_admin_collection_stats tool
+ * Returns stats for a specific Weaviate collection.
+ */
+import { handleToolError } from '../utils/error-handler.js';
+import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
+import { isAdmin, adminPermissionError } from '../utils/admin.js';
+import { getWeaviateClient } from '../weaviate/client.js';
+export const adminCollectionStatsTool = {
+  name: 'remember_admin_collection_stats',
+  description: `[Admin] Get stats for a Weaviate collection — object count, property count, configuration.
+  Requires admin access (ADMIN_USER_IDS).`,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      collection_name: {
+        type: 'string',
+        description: 'Collection name to get stats for',
+      },
+    },
+    required: ['collection_name'],
+  },
+};
+export interface AdminCollectionStatsArgs {
+  collection_name: string;
+}
+export async function handleAdminCollectionStats(
+  args: AdminCollectionStatsArgs,
+  userId: string,
+  _authContext?: AuthContext
+): Promise<string> {
+  const debug = createDebugLogger({ tool: 'remember_admin_collection_stats', userId, operation: 'collection stats' });
+  try {
+    if (!isAdmin(userId)) {
+      return JSON.stringify(adminPermissionError());
+    }
+    debug.info('Tool invoked', { collection_name: args.collection_name });
+    const client = getWeaviateClient();
+    const collection = client.collections.get(args.collection_name);
+    // Get config and count in parallel
+    const [config, objectCount] = await Promise.all([
+      collection.config.get(),
+      collection.length(),
+    ]);
+    return JSON.stringify({
+      collection_name: args.collection_name,
+      object_count: objectCount,
+      property_count: config.properties.length,
+      properties: config.properties.map((p: any) => p.name),
+      vectorizers: config.vectorizers,
+      multiTenancy: config.multiTenancy,
+      replication: config.replication,
+    }, null, 2);
+  } catch (error) {
+    return handleToolError(error, { toolName: 'remember_admin_collection_stats', userId, operation: 'collection stats' });
+  }
+}

package/src/tools/admin-detect-weaviate-drift.ts ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * remember_admin_detect_weaviate_drift tool
+ * Compares expected schema properties (from code) against actual Weaviate schema.
+ */
+import { handleToolError } from '../utils/error-handler.js';
+import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
+import { isAdmin, adminPermissionError } from '../utils/admin.js';
+import { getWeaviateClient } from '../weaviate/client.js';
+import {
+  getUserCollectionProperties,
+  getPublishedCollectionProperties,
+} from '@prmichaelsen/remember-core/database/weaviate';
+export const adminDetectWeaviateDriftTool = {
+  name: 'remember_admin_detect_weaviate_drift',
+  description: `[Admin] Compare expected vs actual Weaviate schema properties per collection.
+  Reports missing properties, extra properties, and overall drift status.
+  If no collection_ids provided, checks a sample of collections.
+  Requires admin access (ADMIN_USER_IDS).`,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      collection_ids: {
+        type: 'array',
+        items: { type: 'string' },
+        description: 'Optional — specific collections to check. If omitted, samples available collections.',
+      },
+    },
+  },
+};
+export interface AdminDetectWeaviateDriftArgs {
+  collection_ids?: string[];
+}
+function getExpectedProperties(collectionName: string): string[] {
+  if (collectionName.startsWith('Memory_users_')) {
+    return getUserCollectionProperties();
+  }
+  // Space, group, and friends collections use published properties
+  return getPublishedCollectionProperties();
+}
+export async function handleAdminDetectWeaviateDrift(
+  args: AdminDetectWeaviateDriftArgs,
+  userId: string,
+  _authContext?: AuthContext
+): Promise<string> {
+  const debug = createDebugLogger({ tool: 'remember_admin_detect_weaviate_drift', userId, operation: 'detect drift' });
+  try {
+    if (!isAdmin(userId)) {
+      return JSON.stringify(adminPermissionError());
+    }
+    debug.info('Tool invoked', { collection_ids: args.collection_ids });
+    const client = getWeaviateClient();
+    // Determine which collections to check
+    let collectionNames: string[];
+    if (args.collection_ids && args.collection_ids.length > 0) {
+      collectionNames = args.collection_ids;
+    } else {
+      // Sample: list all and take first few of each type
+      const all = await client.collections.listAll();
+      const names = all.map((c: any) => c.name).filter((n: string) => n.startsWith('Memory_'));
+      collectionNames = names.slice(0, 5); // Sample up to 5
+    }
+    const results = [];
+    for (const name of collectionNames) {
+      try {
+        const collection = client.collections.get(name);
+        const config = await collection.config.get();
+        const actualProperties = config.properties.map((p: any) => p.name);
+        const expectedProperties = getExpectedProperties(name);
+        const missing = expectedProperties.filter(p => !actualProperties.includes(p));
+        const extra = actualProperties.filter((p: string) => !expectedProperties.includes(p));
+        const status = missing.length === 0 && extra.length === 0 ? 'match' : 'drift';
+        results.push({
+          collection: name,
+          status,
+          expected_count: expectedProperties.length,
+          actual_count: actualProperties.length,
+          missing_properties: missing,
+          extra_properties: extra,
+        });
+      } catch (err) {
+        results.push({
+          collection: name,
+          status: 'error',
+          error: err instanceof Error ? err.message : String(err),
+        });
+      }
+    }
+    return JSON.stringify({
+      collections_checked: results.length,
+      results,
+    }, null, 2);
+  } catch (error) {
+    return handleToolError(error, { toolName: 'remember_admin_detect_weaviate_drift', userId, operation: 'detect drift' });
+  }
+}

package/src/tools/admin-get-weaviate-schema.ts ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * remember_admin_get_weaviate_schema tool
+ * Inspects a Weaviate collection's schema, property types, and index config.
+ */
+import { handleToolError } from '../utils/error-handler.js';
+import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
+import { isAdmin, adminPermissionError } from '../utils/admin.js';
+import { getWeaviateClient } from '../weaviate/client.js';
+export const adminGetWeaviateSchemaTool = {
+  name: 'remember_admin_get_weaviate_schema',
+  description: `[Admin] Inspect a Weaviate collection's schema — property names, types, and configuration.
+  Requires admin access (ADMIN_USER_IDS).`,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      collection_name: {
+        type: 'string',
+        description: 'Collection name (e.g. "Memory_users_abc123", "Memory_spaces_public")',
+      },
+    },
+    required: ['collection_name'],
+  },
+};
+export interface AdminGetWeaviateSchemaArgs {
+  collection_name: string;
+}
+export async function handleAdminGetWeaviateSchema(
+  args: AdminGetWeaviateSchemaArgs,
+  userId: string,
+  _authContext?: AuthContext
+): Promise<string> {
+  const debug = createDebugLogger({ tool: 'remember_admin_get_weaviate_schema', userId, operation: 'get schema' });
+  try {
+    if (!isAdmin(userId)) {
+      return JSON.stringify(adminPermissionError());
+    }
+    debug.info('Tool invoked', { collection_name: args.collection_name });
+    const client = getWeaviateClient();
+    const collection = client.collections.get(args.collection_name);
+    const config = await collection.config.get();
+    return JSON.stringify({
+      collection_name: args.collection_name,
+      properties: config.properties.map((p: any) => ({
+        name: p.name,
+        dataType: p.dataType,
+        description: p.description,
+        indexFilterable: p.indexFilterable,
+        indexSearchable: p.indexSearchable,
+        tokenization: p.tokenization,
+      })),
+      vectorizers: config.vectorizers,
+      generative: config.generative,
+      multiTenancy: config.multiTenancy,
+      replication: config.replication,
+    }, null, 2);
+  } catch (error) {
+    return handleToolError(error, { toolName: 'remember_admin_get_weaviate_schema', userId, operation: 'get schema' });
+  }
+}

package/src/tools/admin-health-drift.spec.ts ADDED Viewed

@@ -0,0 +1,193 @@
+/**
+ * Tests for admin health and drift tools.
+ */
+const mockTestWeaviate = jest.fn();
+const mockTestFirestore = jest.fn();
+const mockConfigGet = jest.fn();
+const mockListAll = jest.fn();
+const mockGetUserProps = jest.fn();
+const mockGetPublishedProps = jest.fn();
+jest.mock('../weaviate/client.js', () => ({
+  testWeaviateConnection: mockTestWeaviate,
+  getWeaviateClient: () => ({
+    collections: {
+      get: () => ({ config: { get: mockConfigGet } }),
+      listAll: mockListAll,
+    },
+  }),
+}));
+jest.mock('../firestore/init.js', () => ({
+  testFirestoreConnection: mockTestFirestore,
+}));
+jest.mock('@prmichaelsen/remember-core/database/weaviate', () => ({
+  getUserCollectionProperties: mockGetUserProps,
+  getPublishedCollectionProperties: mockGetPublishedProps,
+}));
+import { handleAdminHealth } from './admin-health.js';
+import { handleAdminDetectWeaviateDrift } from './admin-detect-weaviate-drift.js';
+describe('remember_admin_health', () => {
+  const originalEnv = process.env.ADMIN_USER_IDS;
+  beforeEach(() => {
+    process.env.ADMIN_USER_IDS = 'admin_user';
+    jest.clearAllMocks();
+  });
+  afterEach(() => {
+    if (originalEnv !== undefined) {
+      process.env.ADMIN_USER_IDS = originalEnv;
+    } else {
+      delete process.env.ADMIN_USER_IDS;
+    }
+  });
+  it('returns healthy when both services are up', async () => {
+    mockTestWeaviate.mockResolvedValue(true);
+    mockTestFirestore.mockResolvedValue(true);
+    const result = await handleAdminHealth({}, 'admin_user');
+    const parsed = JSON.parse(result);
+    expect(parsed.overall).toBe('healthy');
+    expect(parsed.weaviate.status).toBe('ok');
+    expect(parsed.firestore.status).toBe('ok');
+    expect(parsed.weaviate.latency_ms).toBeGreaterThanOrEqual(0);
+  });
+  it('returns degraded when one service is down', async () => {
+    mockTestWeaviate.mockResolvedValue(false);
+    mockTestFirestore.mockResolvedValue(true);
+    const result = await handleAdminHealth({}, 'admin_user');
+    const parsed = JSON.parse(result);
+    expect(parsed.overall).toBe('degraded');
+  });
+  it('returns unhealthy when both services are down', async () => {
+    mockTestWeaviate.mockResolvedValue(false);
+    mockTestFirestore.mockResolvedValue(false);
+    const result = await handleAdminHealth({}, 'admin_user');
+    const parsed = JSON.parse(result);
+    expect(parsed.overall).toBe('unhealthy');
+  });
+  it('handles exceptions gracefully', async () => {
+    mockTestWeaviate.mockRejectedValue(new Error('connection refused'));
+    mockTestFirestore.mockResolvedValue(true);
+    const result = await handleAdminHealth({}, 'admin_user');
+    const parsed = JSON.parse(result);
+    expect(parsed.overall).toBe('degraded');
+    expect(parsed.weaviate.status).toBe('error');
+    expect(parsed.weaviate.message).toContain('connection refused');
+  });
+  it('returns permission error for non-admin', async () => {
+    const result = await handleAdminHealth({}, 'regular_user');
+    const parsed = JSON.parse(result);
+    expect(parsed.isError).toBe(true);
+  });
+});
+describe('remember_admin_detect_weaviate_drift', () => {
+  const originalEnv = process.env.ADMIN_USER_IDS;
+  beforeEach(() => {
+    process.env.ADMIN_USER_IDS = 'admin_user';
+    jest.clearAllMocks();
+    mockGetUserProps.mockReturnValue(['content', 'weight', 'tags']);
+    mockGetPublishedProps.mockReturnValue(['content', 'weight', 'tags', 'spaces']);
+  });
+  afterEach(() => {
+    if (originalEnv !== undefined) {
+      process.env.ADMIN_USER_IDS = originalEnv;
+    } else {
+      delete process.env.ADMIN_USER_IDS;
+    }
+  });
+  it('reports match when schema matches expected', async () => {
+    mockConfigGet.mockResolvedValue({
+      properties: [
+        { name: 'content' },
+        { name: 'weight' },
+        { name: 'tags' },
+      ],
+    });
+    const result = await handleAdminDetectWeaviateDrift(
+      { collection_ids: ['Memory_users_abc'] },
+      'admin_user'
+    );
+    const parsed = JSON.parse(result);
+    expect(parsed.results[0].status).toBe('match');
+    expect(parsed.results[0].missing_properties).toEqual([]);
+    expect(parsed.results[0].extra_properties).toEqual([]);
+  });
+  it('reports drift when properties are missing', async () => {
+    mockConfigGet.mockResolvedValue({
+      properties: [{ name: 'content' }],
+    });
+    const result = await handleAdminDetectWeaviateDrift(
+      { collection_ids: ['Memory_users_abc'] },
+      'admin_user'
+    );
+    const parsed = JSON.parse(result);
+    expect(parsed.results[0].status).toBe('drift');
+    expect(parsed.results[0].missing_properties).toContain('weight');
+    expect(parsed.results[0].missing_properties).toContain('tags');
+  });
+  it('reports extra properties in Weaviate', async () => {
+    mockConfigGet.mockResolvedValue({
+      properties: [
+        { name: 'content' },
+        { name: 'weight' },
+        { name: 'tags' },
+        { name: 'legacy_field' },
+      ],
+    });
+    const result = await handleAdminDetectWeaviateDrift(
+      { collection_ids: ['Memory_users_abc'] },
+      'admin_user'
+    );
+    const parsed = JSON.parse(result);
+    expect(parsed.results[0].status).toBe('drift');
+    expect(parsed.results[0].extra_properties).toContain('legacy_field');
+  });
+  it('uses published properties for space collections', async () => {
+    mockConfigGet.mockResolvedValue({
+      properties: [
+        { name: 'content' },
+        { name: 'weight' },
+        { name: 'tags' },
+        { name: 'spaces' },
+      ],
+    });
+    const result = await handleAdminDetectWeaviateDrift(
+      { collection_ids: ['Memory_spaces_public'] },
+      'admin_user'
+    );
+    const parsed = JSON.parse(result);
+    expect(parsed.results[0].status).toBe('match');
+    expect(mockGetPublishedProps).toHaveBeenCalled();
+  });
+  it('returns permission error for non-admin', async () => {
+    const result = await handleAdminDetectWeaviateDrift({}, 'regular_user');
+    const parsed = JSON.parse(result);
+    expect(parsed.isError).toBe(true);
+  });
+});

package/src/tools/admin-health.ts ADDED Viewed

@@ -0,0 +1,88 @@
+/**
+ * remember_admin_health tool
+ * Deep health check — Weaviate and Firestore connectivity with latency.
+ */
+import { handleToolError } from '../utils/error-handler.js';
+import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
+import { isAdmin, adminPermissionError } from '../utils/admin.js';
+import { testWeaviateConnection } from '../weaviate/client.js';
+import { testFirestoreConnection } from '../firestore/init.js';
+export const adminHealthTool = {
+  name: 'remember_admin_health',
+  description: `[Admin] Deep health check — Weaviate and Firestore connectivity with latency.
+  Returns overall status (healthy/degraded/unhealthy).
+  Requires admin access (ADMIN_USER_IDS).`,
+  inputSchema: {
+    type: 'object',
+    properties: {},
+  },
+};
+export async function handleAdminHealth(
+  _args: Record<string, unknown>,
+  userId: string,
+  _authContext?: AuthContext
+): Promise<string> {
+  const debug = createDebugLogger({ tool: 'remember_admin_health', userId, operation: 'health check' });
+  try {
+    if (!isAdmin(userId)) {
+      return JSON.stringify(adminPermissionError());
+    }
+    debug.info('Tool invoked');
+    // Check Weaviate
+    const weaviateStart = Date.now();
+    let weaviateOk: boolean;
+    let weaviateError: string | undefined;
+    try {
+      weaviateOk = await testWeaviateConnection();
+    } catch (err) {
+      weaviateOk = false;
+      weaviateError = err instanceof Error ? err.message : String(err);
+    }
+    const weaviateLatency = Date.now() - weaviateStart;
+    // Check Firestore
+    const firestoreStart = Date.now();
+    let firestoreOk: boolean;
+    let firestoreError: string | undefined;
+    try {
+      firestoreOk = await testFirestoreConnection();
+    } catch (err) {
+      firestoreOk = false;
+      firestoreError = err instanceof Error ? err.message : String(err);
+    }
+    const firestoreLatency = Date.now() - firestoreStart;
+    // Determine overall status
+    let overall: 'healthy' | 'degraded' | 'unhealthy';
+    if (weaviateOk && firestoreOk) {
+      overall = 'healthy';
+    } else if (!weaviateOk && !firestoreOk) {
+      overall = 'unhealthy';
+    } else {
+      overall = 'degraded';
+    }
+    return JSON.stringify({
+      weaviate: {
+        status: weaviateOk ? 'ok' : 'error',
+        latency_ms: weaviateLatency,
+        message: weaviateError,
+      },
+      firestore: {
+        status: firestoreOk ? 'ok' : 'error',
+        latency_ms: firestoreLatency,
+        message: firestoreError,
+      },
+      overall,
+    }, null, 2);
+  } catch (error) {
+    return handleToolError(error, { toolName: 'remember_admin_health', userId, operation: 'health check' });
+  }
+}