BookStack MCP Server

update_user

Modify user account details in BookStack, including name, email, password, roles, language, and authentication settings.

Instructions

Update an existing user account

Input Schema

TableJSON Schema

Name	Required	Description
`id`	Yes	User ID
`name`	No	Full name of the user
`email`	No	Email address (must be unique)
`password`	No	New password (min 8 characters)
`roles`	No	Array of role IDs to assign to the user (replaces existing)
`language`	No	User interface language code
`external_auth_id`	No	External authentication ID

Implementation Reference

src/tools/search-user-tools.ts:402-408 (handler)
Executes the update_user tool by extracting user ID and update data from arguments, parsing the ID, calling the BookStackClient's updateUser method, and formatting the API response.
```
case "update_user": {
  const { id, migrate_ownership_id, ...updateData } = args;
  const userId = parseInteger(id);

  const result = await client.updateUser(userId, updateData);
  return formatApiResponse(result);
}
```

src/tools/search-user-tools.ts:100-133 (schema)

Defines the MCP tool 'update_user' including its name, description, and input schema specifying parameters like id (required), name, email, password, roles, language, and external_auth_id.

{
  name: "update_user",
  description: "Update an existing user account",
  inputSchema: {
    type: "object",
    properties: {
      id: { type: "number", description: "User ID" },
      name: { type: "string", description: "Full name of the user" },
      email: {
        type: "string",
        description: "Email address (must be unique)",
      },
      password: {
        type: "string",
        description: "New password (min 8 characters)",
      },
      roles: {
        type: "array",
        description:
          "Array of role IDs to assign to the user (replaces existing)",
        items: { type: "number" },
      },
      language: {
        type: "string",
        description: "User interface language code",
      },
      external_auth_id: {
        type: "string",
        description: "External authentication ID",
      },
    },
    required: ["id"],
  },
},

src/lib/bookstack-client.ts:296-301 (helper)
BookStackClient method that performs the actual API PUT request to update a user at /users/{id} with the provided partial user data.
```
async updateUser(
  id: number,
  data: Partial<CreateUserRequest>
): Promise<User> {
  return this.put<User>(`/users/${id}`, data);
}
```

src/index.ts:102-128 (registration)

Registers 'update_user' in the searchUserToolNames array used to dispatch tool calls to the appropriate handler (handleSearchAndUserTool). The tools are also included via createSearchAndUserTools in the allTools list for listTools endpoint.

// Search and user tools
const searchUserToolNames = [
  "search_all",
  "list_users",
  "get_user",
  "create_user",
  "update_user",
  "delete_user",
  "list_roles",
  "get_role",
  "create_role",
  "update_role",
  "delete_role",
  "list_attachments",
  "get_attachment",
  "delete_attachment",
  "list_images",
  "get_image",
  "update_image",
  "delete_image",
];

if (contentToolNames.includes(name)) {
  result = await handleContentTool(name, args, bookStackClient);
} else if (searchUserToolNames.includes(name)) {
  result = await handleSearchAndUserTool(name, args, bookStackClient);
} else {

src/lib/validation.ts:90-91 (helper)
Zod schema for validating partial updates to user data, used in type definitions for CreateUserRequest.
```
export const UpdateUserSchema = CreateUserSchema.partial();
```

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. 'Update an existing user account' implies mutation but doesn't specify what permissions are required, whether changes are reversible, what happens to unspecified fields, or what the response looks like. For a mutation tool with zero annotation coverage, this leaves significant behavioral questions unanswered.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence with zero wasted words. It's appropriately sized for a straightforward update operation and gets directly to the point without unnecessary elaboration.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a mutation tool with no annotations and no output schema, the description is insufficient. It doesn't explain what happens during the update, what the response contains, or any constraints beyond what's implied by 'update.' Given the complexity of user account updates (which often involve permissions, validation, and side effects), more context is needed.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The schema description coverage is 100%, with all 7 parameters well-documented in the schema itself. The description adds no parameter-specific information beyond what's already in the schema, so it meets the baseline score of 3 for high schema coverage without adding extra value.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('update') and resource ('existing user account'), making the purpose immediately understandable. However, it doesn't differentiate this tool from other update_* siblings like update_book or update_role, which all follow the same pattern of updating different resource types.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (like needing the user ID), when not to use it, or how it differs from create_user or other user management tools. The agent must infer usage from context alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/lautarobarba/bookstack_mcp_server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server