User Environment
Environment Configuration
- Location: /opt/mcp-servers/user/mcp_user_server.py
- Version: 3.0.0 (FastMCP)
- Vault Port: 6610 (vault only - SECURE environment)
- Operational Port: 6611 (not used - by design)
- Locker ID: l_782d
Purpose
User management with enterprise scalability. Handles: - User profiles and preferences - PIN-based authentication - Aliases and name resolution - Teams, roles, and permissions - Stable u_XXXX IDs (4-char alphanumeric, 1.68M unique combinations)
Tools (17 total)
| Tool | Description | Required Params |
|---|---|---|
exists |
Check if user exists | identifier |
create |
Create new user | username, firstName, lastName, pin |
authenticate |
Authenticate with PIN | identifier, pin |
get |
Get full user profile | identifier |
get_context |
Get profile with timezone context | identifier |
update |
Update user fields | identifier |
list |
List all users | limit (optional) |
resolve |
Resolve name/alias to ID | name |
add_alias |
Add alias to user | identifier, alias |
remove_alias |
Remove alias from user | identifier, alias |
delete |
Permanently delete user | identifier, confirm=true |
search |
Search users by field | query |
add_to_team |
Add user to team | identifier, team |
remove_from_team |
Remove from team | identifier, team |
list_team |
List team members | team |
deactivate |
Soft delete (preserves data) | identifier |
reactivate |
Restore deactivated user | identifier |
Architecture
Single-Pod Secure Design
- Uses ONLY vault port 6610 (operational 6611 not used)
- Code:
self.operational = self.vault(both point to 6610) - This is BY DESIGN for security
Key Format
user:{owner}:{timestamp}:user:u_XXXX (Track Pattern)
Resolution Priority
- stable_id (u_XXXX)
- username
- alias
- name_match
- legacy format
Features
- Legacy format auto-migration on access
- Synaptic Index for full-text search
- Manager/subordinate hierarchy
- Team membership with primary team
User Fields
- Identity: username, firstName, lastName, preferredName, stable_id
- Contact: email, phone, company, websites
- Auth: pin (SHA256 hashed)
- AI Preferences: ai_name, ai_gender, greeting_style, voice_id
- Organization: role, teams, manager_id, subordinates, permissions
- Settings: timezone, is_system_admin
Security Assessment
✅ PIN hashed with SHA256 before storage ✅ Password from credentials_helper (not hardcoded) ✅ No command injection (no shell execution) ✅ Session state stored in Redis with auth timestamp ✅ Soft delete (deactivate) preserves audit trail
Test Results
✅ user.exists: Working ✅ user.list: Working ✅ user.get_context: Working ✅ user.resolve: Working
Status: WORKING
User environment fully operational with secure vault-only architecture.