pocketbase-mcp-server

# PocketBase MCP Server - Operation Capabilities Analysis ## Summary Your PocketBase MCP Server is running in a **Production Security Mode** that allows data operations but restricts administrative operations. This is a common and recommended security pattern for production environments. ## ✅ Available Operations (Working) ### Data Operations - **List Collections** - View all available collections and their schemas - **List Records** - Browse records in collections with pagination and filtering - **Create Records** - Add new records to existing collections - **Read Records** - Retrieve specific records by ID - **Update Records** - Modify existing record data - **Delete Records** - Remove records from collections ### Basic Operations - **Health Check** - Verify server connectivity - **Server Status** - Get server information and diagnostics ## ❌ Restricted Operations (Security Protected) ### Administrative Operations - **Authentication** - Admin login is blocked for security - **Create Collections** - Schema creation is restricted - **Update Collections** - Schema modifications are blocked - **Delete Collections** - Collection removal is protected - **User Management** - Admin user operations are restricted ### Why These Are Restricted 1. **Production Security** - Prevents accidental schema changes 2. **Data Integrity** - Protects database structure from modifications 3. **Access Control** - Ensures only authorized schema changes 4. **Stability** - Prevents breaking changes to live applications ## 🔧 Recommended Workflow ### For Data Operations (Use MCP Server) ``` ✅ Use MCP tools for: - Creating, reading, updating, deleting records - Listing and browsing collection data - Implementing application business logic - Data import/export operations ``` ### For Administrative Tasks (Use PocketBase Admin UI) ``` 🌐 Use PocketBase Admin UI for: - Creating new collections - Modifying collection schemas - Managing user accounts - Setting collection rules and permissions - Database backups and maintenance ``` ## 🛠️ Available Diagnostic Tools Run these tools through your MCP client to get detailed analysis: 1. **`analyze_pocketbase_capabilities`** - Complete capabilities analysis 2. **`debug_pocketbase_auth`** - Authentication and connection debugging 3. **`check_pocketbase_write_permissions`** - Write operations testing 4. **`pocketbase_super_admin_auth`** - Runtime super admin authentication (enables admin operations) 5. **`get_server_status`** - Overall server status and configuration ## 🔐 Runtime Admin Authentication If you need to perform admin-level operations programmatically, use the **`pocketbase_super_admin_auth`** tool: ```javascript // Authenticate with provided credentials { "tool": "pocketbase_super_admin_auth", "arguments": { "email": "admin@example.com", "password": "your-admin-password" } } // Or use environment credentials { "tool": "pocketbase_super_admin_auth", "arguments": {} } ``` **After successful authentication**, admin operations become available in the same session: - Collection creation and schema modifications - User management and authentication settings - System configuration changes ⚠️ **Note**: Some production environments may restrict admin API access for security. See `SUPER_ADMIN_AUTH.md` for detailed usage instructions. ## 💡 Best Practices 1. **Use MCP for Application Logic** - Handle all data operations through MCP tools 2. **Use Admin UI for Schema** - Make structural changes through the PocketBase admin interface 3. **Test Operations** - Use diagnostic tools to verify what's available 4. **Security First** - Appreciate that restrictions protect your production data ## 🎯 Conclusion Your setup is working correctly! The "failures" you're seeing are actually security features protecting your production database. Focus on using the available data operations for your application needs, and use the PocketBase admin UI for any administrative tasks. This configuration gives you the best of both worlds: - **Safe data access** through MCP tools - **Protected administration** through proper channels - **Production-ready security** with controlled access levels