fix(server): harden self-hosted server — pgvector upgrade, admin auth, endpoint security

[kartik-mem0]

Linked Issue

Closes #5127

Summary

Security hardening for the self-hosted Mem0 server across three areas:

1. Replace archived pgvector Docker image

• ankane/pgvector:v0.5.1 → pgvector/pgvector:pg17 (PostgreSQL 17.10, pgvector 0.8.2)
• Require POSTGRES_PASSWORD via ${POSTGRES_PASSWORD:?...} — compose fails fast if unset
• Fix healthcheck to use ${POSTGRES_USER:-postgres} instead of hardcoded -U postgres
• Migration guide added in both server/README.md and docs/migration/server-pgvector-upgrade.mdx

2. Require admin role on config and reset endpoints (#5127)

• POST /configure and POST /reset now use require_admin — non-admin callers get 403
• Added require_admin FastAPI dependency in server/auth.py that composes on verify_auth and enforces user.role == "admin"
• ADMIN_API_KEY bootstrap works on fresh empty DB via a _BOOTSTRAP_ADMIN sentinel (stable UUID, never persisted)
• Read-only endpoints (GET /configure, GET /configure/providers) remain open to all authenticated users

3. Harden destructive and sensitive endpoints

• DELETE /memories (bulk delete): require_admin — prevents non-admin from wiping memories for any user_id/agent_id/run_id
• DELETE /entities/{type}/{id}: require_admin — cascade-deletes all memories for an entity
• GET /requests (audit log): require_admin — full request log is admin-only information
• GET /memories (no filters): inline admin check — unfiltered listing returns all memories across all users; filtered reads remain open to any authenticated caller

Testing

Admin auth (10/10 edge cases pass):

• Non-admin API key → POST /configure = 403
• Non-admin API key → POST /reset = 403
• Admin JWT → POST /configure = 200
• Admin JWT → POST /reset = 200
• Admin-owned API key → POST /configure = 200
• Non-admin → GET /configure (read-only) = 200
• No auth → POST /configure = 401
• Invalid key → POST /configure = 401
• ADMIN_API_KEY on empty DB → POST /configure = 200 (bootstrap)
• pgvector vector operations = working

pgvector migration (tested end-to-end):

1. Built old stack from main (ankane/pgvector:v0.5.1, PG 15.4, pgvector 0.5.1)
2. Added 9 real memories with embeddings across 3 users + 1 agent via OpenRouter
3. Ran pg_dumpall backup (185KB)
4. Switched to PR branch (pgvector/pgvector:pg17, PG 17.10, pgvector 0.8.2)
5. Restored backup following migration guide (start only postgres → restore → start mem0)
6. Verified: admin login, API key auth, all 9 memories present, vector search works, config preserved, new memories addable

Breaking Changes

• POST /configure and POST /reset now require admin role: API keys from non-admin users get 403. Admin JWT and ADMIN_API_KEY still work.
• DELETE /memories (bulk) and DELETE /entities/{type}/{id} now require admin role: Same as above.
• GET /requests (audit log) now requires admin role: Non-admin users can no longer read the request log.
• GET /memories (unfiltered) now requires admin role: Listing all memories across all users requires admin. Filtered reads by user_id/agent_id/run_id remain open.
• POSTGRES_PASSWORD now required: docker compose up fails if unset in .env.
• Existing dev volumes: Users with ankane/pgvector volumes need to follow the migration guide (pg_dumpall → restore).

Type of Change

• Bug fix (non-breaking change that fixes an issue)

Test Coverage

• I tested manually (10-case admin auth suite + end-to-end pgvector migration)
• New and existing tests pass locally

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my code
• I have added tests that prove my fix/feature works
• New and existing tests pass locally
• I have updated documentation if needed