Foundational rename: the server runtime is now `server`, not `server-beta`.
Removes the literal-string regression in `runtime-selector.ts` where only
`CLAUDE_MEM_RUNTIME='server-beta'` was accepted (anything else silently
fell back to the worker runtime).
What changed (1a–1d per plans/2026-05-25-cmem-sdk-and-server-rename.md):
- 1a Regression fix: `selectRuntime()` accepts both `'server'` and
`'server-beta'` (canonicalizing to `'server'`); new settings keys
`CLAUDE_MEM_SERVER_{URL,API_KEY,PROJECT_ID}` read first, legacy
`*_BETA_*` keys fall back via a `pickFirstNonEmpty` helper.
- 1b Code identifiers: ~80 `ServerBeta*`/`serverBeta*`/`SERVER_BETA_*`
symbols (classes, types, functions, vars, non-persisted constants) →
`Server*`/`server*`/`SERVER_*`.
- 1c File renames: 14 files moved via `git mv` (tracked as renames);
build target `server-beta-service` → `server-service` (emits
`plugin/scripts/server-service.cjs`); dispatch sites in
`worker-service.ts`, `runtime.ts`, `ServerService.ts` keep a documented
`existsSync` fallback to the legacy `.cjs` for installs running from a
pre-rename plugin cache (plan §1c line 149).
- 1d Persisted-value back-compat (zero-risk path):
- DB table name `server_beta_schema_migrations` preserved
- Job/source enum strings (`server_beta_generate_event`, …) preserved
- `lockedBy: 'server-beta-worker'` literal preserved
- Installer writes new canonical settings keys + `'server'` runtime
value going forward; reads dual-accept old + new.
Verification:
- Typecheck: 24/24 baseline errors unchanged (no new errors introduced).
- Tests: 1810 pass / 54 fail / 19 skip — failure count matches the
pre-Phase-1 baseline; no new failures introduced.
- Build: `npm run build` succeeds; `plugin/scripts/server-service.cjs`
emitted.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
6.2 KiB
Claude-Mem Server (Beta)
Claude-Mem Server is the beta server runtime for Claude-Mem 13. It is a
Postgres-backed, BullMQ-driven, API-key-authenticated runtime that replaces
the legacy claude-mem worker for deployable use cases.
Architecture
+-------------------+
| Hooks / SDK / MCP|
| (clients) |
+---------+---------+
| HTTPS / Bearer API key
v
+-----------------+ +----+---------+ +-------------------+
| Postgres |<-+ claude-mem- +-->+ Valkey |
| (canonical | | server | | (BullMQ queue, |
| storage: | | --daemon | | noeviction, |
| events, | | HTTP only, | | appendonly yes) |
| observations, | | no generation | +---------+---------+
| jobs, sessions,| +-------+-------+ ^
| api_keys) | | enqueue | poll
+--------^--------+ | |
| v |
| +-----------------+ |
+----------+ claude-mem- +-------------+
read | worker (Nx) | consume jobs
write | server worker | call provider
| start |
+-----------------+
The HTTP service and the BullMQ generation worker run from the same image and same codebase, but are split into separate processes / containers so that:
- Long-running provider calls cannot block HTTP responsiveness.
- Generation can scale horizontally (
docker compose up --scale claude-mem-worker=N). - Restarting the HTTP server does not lose enqueued generation work — jobs live in Valkey, persisted by AOF.
The legacy claude-mem worker runtime is not spawned in Docker. The
container entrypoint runs bun server-service.cjs --daemon (or
worker start) and never bun worker-service.cjs.
Required environment variables
validateServerBetaEnv() runs at startup and refuses to boot when any of
the following are missing or invalid in Docker:
| Variable | Required | Notes |
|---|---|---|
CLAUDE_MEM_RUNTIME |
Docker | Must be server-beta in Docker (warned otherwise). |
CLAUDE_MEM_QUEUE_ENGINE |
Docker | Must be bullmq. In-process queues are rejected in Docker. |
CLAUDE_MEM_SERVER_DATABASE_URL |
Always | Postgres connection string. Fails fast at startup. |
CLAUDE_MEM_REDIS_URL |
bullmq | Required when queue engine is bullmq. |
CLAUDE_MEM_AUTH_MODE |
Always | Must NOT be local-dev in Docker. |
CLAUDE_MEM_ALLOW_LOCAL_DEV_BYPASS |
Docker | Must NOT be 1/true in Docker. |
CLAUDE_MEM_GENERATION_DISABLED |
Optional | Set to true on the HTTP service when running a separate worker. |
CLAUDE_MEM_SERVER_PROVIDER |
Worker | One of claude, gemini, openrouter. Worker only. |
ANTHROPIC_API_KEY (or alt) |
Worker | Required by the chosen provider. |
Local development can still use SQLite + local-dev auth bypass outside
Docker only. Deployable mode must use the table above.
Generation worker mode (claude-mem server worker start)
The same image runs the generation worker via:
claude-mem server worker start
This starts a process that:
- Connects to Postgres and Valkey using the same configuration as the HTTP service.
- Attaches BullMQ Workers to the
eventandsummaryqueues. - Never opens an HTTP listener.
- Blocks in the foreground (good for
docker run,kubectl run, systemd). - Forces generation enabled even if
CLAUDE_MEM_GENERATION_DISABLED=trueis inherited from the shared compose file. The worker IS the generation process.
In Compose this is the claude-mem-worker service. Scale it horizontally:
docker compose up -d --scale claude-mem-worker=4
BullMQ guarantees only one worker processes a given job at a time; the
provider call inside ProviderObservationGenerator.process is idempotent
on the job.id (evt_<sha256> / sum_<sha256>) so retries cannot
duplicate observations.
Auth in production
CLAUDE_MEM_AUTH_MODE=api-key
API keys are created with:
claude-mem server api-key create \
--name "ci" \
--scope memories:read,memories:write
The raw key is shown once; only a SHA-256 hash is stored in Postgres
(api_keys.key_hash). Revoke with:
claude-mem server api-key revoke <id>
Revocation is enforced on every request because requirePostgresServerAuth
reloads the row by hash on each call. There is no in-memory cache to
poison.
Do not enable
CLAUDE_MEM_AUTH_MODE=local-devin Docker. The loopback bypass relies on the request originating from127.0.0.1on the HTTP listener, which is not a meaningful boundary inside a container. The startup validator refuses to boot with this combination and returns a non-zero exit code.
Compose stack
docker-compose.yml ships four services:
postgres— canonical storage. Schema is bootstrapped at startup bybootstrapServerBetaPostgresSchema().valkey— BullMQ queue, configured withappendonly yes,appendfsync everysec,maxmemory-policy noeviction.claude-mem-server— HTTP runtime.CLAUDE_MEM_GENERATION_DISABLED=trueso the BullMQ Worker is not attached here.claude-mem-worker— generation worker. Scale horizontally.
Bring it up:
docker compose up -d --build
Tear it down (and wipe data):
docker compose down -v
End-to-end test
scripts/e2e-server-docker.sh brings up the full stack and verifies:
POST /v1/events?wait=truereturns agenerationJobdescriptor.- Restart of
claude-mem-serverandclaude-mem-workermid-stream does not lose data. - Revoking an API key denies subsequent reads and writes (401/403).
- No
worker-service.cjsprocess runs in any container. CLAUDE_MEM_AUTH_MODE=local-devis rejected inside Docker.