Previously, a non-integer value in MEMPALACE_CHROMA_PORT was silently
swallowed and fell back to the config file value, giving no indication
that the env var was being ignored. Now raises ValueError with a clear
message including the offending value.

Adds a corresponding test to tests/test_palace_db.py to assert the
error is raised and the message names the env var.

Introduces mempalace/palace_db.py as the central ChromaDB access point.
get_client() returns HttpClient when chroma_host is configured, PersistentClient
otherwise. get_collection() wraps get_or_create_collection for convenience.
Exposes palace_db from the package and adds 4 factory tests (9 total in test_palace_db.py).

Note: chromadb.PersistentClient is a factory function not a class, so tests
assert on client.get_settings().is_persistent rather than isinstance checks.

Replace every direct chromadb.PersistentClient(path=...) call in
production code with palace_db.get_client() / palace_db.get_collection(),
so remote HttpClient support is automatically picked up wherever ChromaDB
is accessed.

Files changed:
- mempalace/convo_miner.py: get_collection() → palace_db.get_collection()
- mempalace/miner.py: get_collection() + status() → palace_db
- mempalace/searcher.py: search() + search_memories() → palace_db.get_client()
- mempalace/layers.py: all five layer classes → palace_db.get_client()
- mempalace/mcp_server.py: _get_collection() → palace_db (palace_path
  threaded through so monkeypatched _config is respected in tests)
- mempalace/cli.py: cmd_repair() + cmd_compress() → palace_db.get_client()

Orphaned `import chromadb` lines removed from each migrated file.
palace_graph.py and all test files are untouched.

Move `from . import palace_db` out of function bodies (_get_collection,
cmd_repair, cmd_compress) and into the module-level import block of each
file, following standard Python import hygiene.

Adds cmd_remote() handler and 'remote status' subcommand to the CLI.
In local mode (no chroma_host), prints mode and palace path. In remote
mode, calls client.heartbeat() to verify connectivity, exits 1 if
unreachable. Adds test_remote_status_local_mode test to test_palace_db.py.

…vars)

…e local-only

Replace all five palace_db.get_client().get_collection("mempalace_drawers")
chains in layers.py with palace_db.get_collection(), routing through the
DEFAULT_COLLECTION constant and supporting remote mode correctly.

Add a note to the Remote Mode section in README.md clarifying that graph
traversal MCP tools (mempalace_traverse, mempalace_find_tunnels,
mempalace_graph_stats) operate in local mode only.

…fix remaining string literals

- palace_db.py: remove duplicate DEFAULT_COLLECTION string; import
  DEFAULT_COLLECTION_NAME from config.py as DEFAULT_COLLECTION so both
  names resolve to the same object
- palace_db.py: add _http_clients dict cache keyed by (host, port, ssl)
  to avoid repeated HTTP connection overhead in long-lived processes
  (e.g. MCP server)
- miner.py, searcher.py, cli.py: replace all hardcoded "mempalace_drawers"
  string literals at call sites with palace_db.DEFAULT_COLLECTION; only
  config.py retains the canonical definition
- tests/test_palace_db.py: move mid-file imports (unittest.mock, chromadb,
  palace_db, subprocess, sys) to top of file; clear _http_clients cache
  in HttpClient test to ensure mock is always invoked

… variable)

…er isolation as future PR

…esolution

All ChromaDB access routes through two functions:
- get_client(): returns HttpClient when chroma_host is configured,
  PersistentClient otherwise. Both are cached at module level so
  long-lived processes (MCP server) pay connection cost only once.
- get_collection(): wraps get_or_create_collection via get_client().
- clear_caches(): explicit cache invalidation for test teardown and
  config reloads in long-running processes.

palace_path is ignored in remote mode — the server manages storage.

…e_db

palace_graph._get_collection() was calling chromadb.PersistentClient()
directly, bypassing the new factory. In remote mode this caused a
split-brain: graph MCP tools always read local data even when the rest
of the system was configured to use a remote ChromaDB server.

Replaced direct instantiation with palace_db.get_collection(), which
honours the active config (local or remote) transparently.

- Remove _client_cache and _collection_cache module-level variables and
  the matching 'global' statement in _get_collection(). These were never
  populated after the palace_db refactor — actual caching now lives in
  palace_db._persistent_clients / _http_clients.
- Fix hashlib.md5() call to pass usedforsecurity=False so the code does
  not raise ValueError on FIPS-enabled hosts (drawer ID generation only,
  not a security-sensitive use).
- Annotate graph tool descriptions to note they read from local palace
  only — remote data is not included if remote mode is configured.

cmd_remote() had no guard for unrecognised subcommands — an unknown
argument would silently fall through. Added an explicit check that
prints to stderr and returns early, so callers (scripts, CI) get a
non-zero exit code and a clear error message.

The existing autouse fixture reset mcp_server._client_cache and
_collection_cache — attributes that no longer exist after the palace_db
refactor. As a result, the real caches (palace_db._persistent_clients
and _http_clients) were never cleared between tests, allowing client
state to leak across test cases.

Replaced with _reset_palace_db_caches which calls palace_db.clear_caches()
before and after each test, restoring proper isolation.

…tests

- test_clear_caches_empties_both_caches: verifies clear_caches() drains
  both _persistent_clients and _http_clients caches.
- test_remote_status_unknown_subcommand_exits_nonzero: ensures 'mempalace
  remote badcmd' exits non-zero and prints the unknown command to stderr.
- test_palace_graph_routes_through_palace_db: asserts that
  palace_graph._get_collection() calls palace_db.get_collection() and
  does not bypass the factory with a direct chromadb instantiation.

actions/checkout@v6 and actions/setup-python@v6 do not exist — the
latest stable releases are @v4 and @v5 respectively. Using @v6 caused
the CI workflow to fail on every run with 'unable to resolve action'.

ChromaDB 0.6.x ships with no authentication. The Docker compose snippet
in the Remote Mode section binds port 8000 to all interfaces by default,
giving anyone who can reach that port unrestricted read/write access to
the user's memories.

Added an explicit callout warning users to:
- restrict binding to localhost or a trusted interface
- use a firewall or VPN for multi-machine setups
- never expose port 8000 to the public internet

Measures the five latency hotspots identified in the code review:
1. MempalaceConfig() instantiation cost (4–20 µs per get_client() call)
2. get_client() cold vs warm — 98× speedup on cache hit (446 µs → 5 µs)
3. get_collection() overhead — 354 µs per MCP dispatch
4. 4× independent col.get() vs 1 shared fetch — 4× speedup (2.9 ms → 728 µs)
5. MCP server hotpath simulation

Run with: python benchmarks/factory_bench.py [--palace /path]

TODO.md: tracks two follow-up items deferred from this PR —
caching MempalaceConfig() in palace_db.get_client() and per-user
collection namespacing for remote multi-user setups.

CLAUDE.md: remove palace_graph.py from the 'do not touch' constraint
now that it has been migrated to use the palace_db factory.

…AUDE.md