@prmichaelsen/remember-core 0.12.0 → 0.13.0

package/dist/services/ghost-config-handler.service.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Ghost Config Handler — orchestration layer for ghost config operations.
+ *
+ * Thin business logic layer that validates inputs and delegates to
+ * GhostConfigService functions. Separates orchestration from storage.
+ *
+ * Ported from remember-mcp/src/tools/ghost-config.ts (business logic only).
+ */
+import type { Logger } from '../utils/logger.js';
+import type { GhostConfig } from '../types/ghost-config.types.js';
+export interface GhostConfigResult {
+    success: boolean;
+    config?: GhostConfig;
+    message: string;
+}
+export interface TrustResult {
+    success: boolean;
+    message: string;
+}
+/**
+ * Get a user's ghost configuration.
+ */
+export declare function handleGetConfig(userId: string, logger?: Logger): Promise<GhostConfigResult>;
+/**
+ * Update a user's ghost configuration.
+ * Validates all fields before persisting.
+ */
+export declare function handleUpdateConfig(userId: string, updates: Partial<GhostConfig>, logger?: Logger): Promise<GhostConfigResult>;
+/**
+ * Set trust level for a specific user.
+ * Validates trust range [0, 1] before persisting.
+ */
+export declare function handleSetTrust(ownerId: string, accessorId: string, level: number, logger?: Logger): Promise<TrustResult>;
+/**
+ * Remove trust level override for a specific user (reverts to default).
+ */
+export declare function handleRemoveTrust(ownerId: string, accessorId: string, logger?: Logger): Promise<TrustResult>;
+/**
+ * Block a user from ghost access.
+ */
+export declare function handleBlockUser(ownerId: string, targetId: string, logger?: Logger): Promise<TrustResult>;
+/**
+ * Unblock a user from ghost access.
+ */
+export declare function handleUnblockUser(ownerId: string, targetId: string, logger?: Logger): Promise<TrustResult>;
+//# sourceMappingURL=ghost-config-handler.service.d.ts.map

package/dist/services/ghost-config-handler.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ghost-config-handler.service.d.ts","sourceRoot":"","sources":["../../src/services/ghost-config-handler.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAalE,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,iBAAiB,CAAC,CAY5B;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,EAC7B,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,iBAAiB,CAAC,CAiB5B;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,WAAW,CAAC,CAsBtB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,WAAW,CAAC,CAOtB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,WAAW,CAAC,CAWtB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,WAAW,CAAC,CAOtB"}

package/dist/services/ghost-config-handler.service.js

@@ -0,0 +1,100 @@
+/**
+ * Ghost Config Handler — orchestration layer for ghost config operations.
+ *
+ * Thin business logic layer that validates inputs and delegates to
+ * GhostConfigService functions. Separates orchestration from storage.
+ *
+ * Ported from remember-mcp/src/tools/ghost-config.ts (business logic only).
+ */
+import { getGhostConfig, setGhostConfigFields, setUserTrust, removeUserTrust, blockUser, unblockUser, validateGhostConfigUpdate, } from './ghost-config.service.js';
+const SERVICE = 'GhostConfigHandler';
+/**
+ * Get a user's ghost configuration.
+ */
+export async function handleGetConfig(userId, logger) {
+    const config = await getGhostConfig(userId, logger);
+    logger?.debug('Ghost config retrieved', { service: SERVICE, userId });
+    return {
+        success: true,
+        config,
+        message: config.enabled
+            ? 'Ghost mode is enabled.'
+            : 'Ghost mode is disabled.',
+    };
+}
+/**
+ * Update a user's ghost configuration.
+ * Validates all fields before persisting.
+ */
+export async function handleUpdateConfig(userId, updates, logger) {
+    // Validate before persisting
+    validateGhostConfigUpdate(updates);
+    const config = await setGhostConfigFields(userId, updates, logger);
+    logger?.info('Ghost config updated via handler', {
+        service: SERVICE,
+        userId,
+        updatedKeys: Object.keys(updates),
+    });
+    return {
+        success: true,
+        config,
+        message: `Ghost config updated: ${Object.keys(updates).join(', ')}`,
+    };
+}
+/**
+ * Set trust level for a specific user.
+ * Validates trust range [0, 1] before persisting.
+ */
+export async function handleSetTrust(ownerId, accessorId, level, logger) {
+    if (ownerId === accessorId) {
+        return { success: false, message: 'Cannot set trust level for yourself.' };
+    }
+    if (level < 0 || level > 1) {
+        return { success: false, message: `Trust level must be between 0 and 1, got ${level}.` };
+    }
+    await setUserTrust(ownerId, accessorId, level, logger);
+    logger?.info('Trust level set via handler', {
+        service: SERVICE,
+        ownerId,
+        accessorId,
+        level,
+    });
+    return {
+        success: true,
+        message: `Trust level for user ${accessorId} set to ${level}.`,
+    };
+}
+/**
+ * Remove trust level override for a specific user (reverts to default).
+ */
+export async function handleRemoveTrust(ownerId, accessorId, logger) {
+    await removeUserTrust(ownerId, accessorId, logger);
+    return {
+        success: true,
+        message: `Trust override for user ${accessorId} removed.`,
+    };
+}
+/**
+ * Block a user from ghost access.
+ */
+export async function handleBlockUser(ownerId, targetId, logger) {
+    if (ownerId === targetId) {
+        return { success: false, message: 'Cannot block yourself.' };
+    }
+    await blockUser(ownerId, targetId, logger);
+    return {
+        success: true,
+        message: `User ${targetId} blocked from ghost access.`,
+    };
+}
+/**
+ * Unblock a user from ghost access.
+ */
+export async function handleUnblockUser(ownerId, targetId, logger) {
+    await unblockUser(ownerId, targetId, logger);
+    return {
+        success: true,
+        message: `User ${targetId} unblocked from ghost access.`,
+    };
+}
+//# sourceMappingURL=ghost-config-handler.service.js.map

package/dist/services/ghost-config-handler.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ghost-config-handler.service.js","sourceRoot":"","sources":["../../src/services/ghost-config-handler.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,SAAS,EACT,WAAW,EACX,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AAEnC,MAAM,OAAO,GAAG,oBAAoB,CAAC;AAarC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAc,EACd,MAAe;IAEf,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEpD,MAAM,EAAE,KAAK,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAEtE,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,OAAO;YACrB,CAAC,CAAC,wBAAwB;YAC1B,CAAC,CAAC,yBAAyB;KAC9B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAc,EACd,OAA6B,EAC7B,MAAe;IAEf,6BAA6B;IAC7B,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAEnC,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAEnE,MAAM,EAAE,IAAI,CAAC,kCAAkC,EAAE;QAC/C,OAAO,EAAE,OAAO;QAChB,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;KAClC,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM;QACN,OAAO,EAAE,yBAAyB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACpE,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,UAAkB,EAClB,KAAa,EACb,MAAe;IAEf,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;QAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,4CAA4C,KAAK,GAAG,EAAE,CAAC;IAC3F,CAAC;IAED,MAAM,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAEvD,MAAM,EAAE,IAAI,CAAC,6BAA6B,EAAE;QAC1C,OAAO,EAAE,OAAO;QAChB,OAAO;QACP,UAAU;QACV,KAAK;KACN,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,wBAAwB,UAAU,WAAW,KAAK,GAAG;KAC/D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAe,EACf,UAAkB,EAClB,MAAe;IAEf,MAAM,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAEnD,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,2BAA2B,UAAU,WAAW;KAC1D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,QAAgB,EAChB,MAAe;IAEf,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/D,CAAC;IAED,MAAM,SAAS,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE3C,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,QAAQ,QAAQ,6BAA6B;KACvD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAe,EACf,QAAgB,EAChB,MAAe;IAEf,MAAM,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE7C,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,QAAQ,QAAQ,+BAA+B;KACzD,CAAC;AACJ,CAAC"}

package/dist/services/ghost-config.service.d.ts

@@ -0,0 +1,58 @@
+/**
+ * GhostConfig Firestore Service
+ *
+ * CRUD operations for ghost/persona configuration stored in Firestore.
+ * Implements GhostConfigProvider interface from access-control.service.ts.
+ *
+ * Firestore path: {BASE}.users/{ownerUserId}/ghost_config/settings
+ *
+ * Ported from remember-mcp/src/services/ghost-config.service.ts
+ */
+import type { Logger } from '../utils/logger.js';
+import type { GhostConfig } from '../types/ghost-config.types.js';
+import type { GhostConfigProvider } from './access-control.service.js';
+/**
+ * Get a user's ghost configuration.
+ * Returns defaults merged with stored config.
+ */
+export declare function getGhostConfig(ownerUserId: string, logger?: Logger): Promise<GhostConfig>;
+/**
+ * Set (upsert) a user's ghost configuration.
+ * Merges partial config with existing values.
+ */
+export declare function setGhostConfigFields(ownerUserId: string, config: Partial<GhostConfig>, logger?: Logger): Promise<GhostConfig>;
+/**
+ * Set a per-user trust level override.
+ */
+export declare function setUserTrust(ownerUserId: string, targetUserId: string, trustLevel: number, logger?: Logger): Promise<void>;
+/**
+ * Remove a per-user trust override (reverts to default).
+ */
+export declare function removeUserTrust(ownerUserId: string, targetUserId: string, logger?: Logger): Promise<void>;
+/**
+ * Block a user from ghost access.
+ */
+export declare function blockUser(ownerUserId: string, targetUserId: string, logger?: Logger): Promise<void>;
+/**
+ * Unblock a user from ghost access.
+ */
+export declare function unblockUser(ownerUserId: string, targetUserId: string, logger?: Logger): Promise<void>;
+/**
+ * Check if a user's ghost is enabled.
+ */
+export declare function isGhostEnabled(ownerUserId: string, logger?: Logger): Promise<boolean>;
+/**
+ * Validate a partial GhostConfig update.
+ * Throws if any field values are invalid.
+ */
+export declare function validateGhostConfigUpdate(config: Partial<GhostConfig>): void;
+/**
+ * Firestore-backed GhostConfigProvider implementation.
+ * Returns null if ghost is not enabled (same contract as StubGhostConfigProvider).
+ */
+export declare class FirestoreGhostConfigProvider implements GhostConfigProvider {
+    private logger?;
+    constructor(logger?: Logger | undefined);
+    getGhostConfig(ownerUserId: string): Promise<GhostConfig | null>;
+}
+//# sourceMappingURL=ghost-config.service.d.ts.map

package/dist/services/ghost-config.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ghost-config.service.d.ts","sourceRoot":"","sources":["../../src/services/ghost-config.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,WAAW,EAAwB,MAAM,gCAAgC,CAAC;AAExF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAcvE;;;GAGG;AACH,wBAAsB,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAkB/F;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,EAC5B,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,WAAW,CAAC,CAWtB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAiBf;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAaf;AAED;;GAEG;AACH,wBAAsB,SAAS,CAC7B,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAef;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAef;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG3F;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,IAAI,CAwB5E;AAED;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,mBAAmB;IAC1D,OAAO,CAAC,MAAM,CAAC;gBAAP,MAAM,CAAC,EAAE,MAAM,YAAA;IAE7B,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAOvE"}

package/dist/services/ghost-config.service.js

@@ -0,0 +1,180 @@
+/**
+ * GhostConfig Firestore Service
+ *
+ * CRUD operations for ghost/persona configuration stored in Firestore.
+ * Implements GhostConfigProvider interface from access-control.service.ts.
+ *
+ * Firestore path: {BASE}.users/{ownerUserId}/ghost_config/settings
+ *
+ * Ported from remember-mcp/src/services/ghost-config.service.ts
+ */
+import { getDocument, setDocument } from '../database/firestore/init.js';
+import { BASE } from '../database/firestore/paths.js';
+import { DEFAULT_GHOST_CONFIG } from '../types/ghost-config.types.js';
+const SERVICE = 'GhostConfigService';
+/**
+ * Get the Firestore collection path for a user's ghost config.
+ */
+function getGhostConfigPath(ownerUserId) {
+    return {
+        collectionPath: `${BASE}.users/${ownerUserId}/ghost_config`,
+        docId: 'settings',
+    };
+}
+/**
+ * Get a user's ghost configuration.
+ * Returns defaults merged with stored config.
+ */
+export async function getGhostConfig(ownerUserId, logger) {
+    try {
+        const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+        const doc = await getDocument(collectionPath, docId);
+        if (!doc) {
+            return { ...DEFAULT_GHOST_CONFIG };
+        }
+        return { ...DEFAULT_GHOST_CONFIG, ...doc };
+    }
+    catch (error) {
+        logger?.error('Failed to get ghost config', {
+            service: SERVICE,
+            ownerUserId,
+            error: error instanceof Error ? error.message : String(error),
+        });
+        return { ...DEFAULT_GHOST_CONFIG };
+    }
+}
+/**
+ * Set (upsert) a user's ghost configuration.
+ * Merges partial config with existing values.
+ */
+export async function setGhostConfigFields(ownerUserId, config, logger) {
+    const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+    await setDocument(collectionPath, docId, config, { merge: true });
+    logger?.info('Ghost config updated', {
+        service: SERVICE,
+        ownerUserId,
+        updatedKeys: Object.keys(config),
+    });
+    return getGhostConfig(ownerUserId, logger);
+}
+/**
+ * Set a per-user trust level override.
+ */
+export async function setUserTrust(ownerUserId, targetUserId, trustLevel, logger) {
+    if (trustLevel < 0 || trustLevel > 1) {
+        throw new Error(`Trust level must be between 0 and 1, got ${trustLevel}`);
+    }
+    const current = await getGhostConfig(ownerUserId, logger);
+    const per_user_trust = { ...current.per_user_trust, [targetUserId]: trustLevel };
+    const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+    await setDocument(collectionPath, docId, { per_user_trust }, { merge: true });
+    logger?.info('User trust level set', {
+        service: SERVICE,
+        ownerUserId,
+        targetUserId,
+        trustLevel,
+    });
+}
+/**
+ * Remove a per-user trust override (reverts to default).
+ */
+export async function removeUserTrust(ownerUserId, targetUserId, logger) {
+    const current = await getGhostConfig(ownerUserId, logger);
+    const per_user_trust = { ...current.per_user_trust };
+    delete per_user_trust[targetUserId];
+    const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+    await setDocument(collectionPath, docId, { per_user_trust }, { merge: true });
+    logger?.info('User trust override removed', {
+        service: SERVICE,
+        ownerUserId,
+        targetUserId,
+    });
+}
+/**
+ * Block a user from ghost access.
+ */
+export async function blockUser(ownerUserId, targetUserId, logger) {
+    const current = await getGhostConfig(ownerUserId, logger);
+    if (current.blocked_users.includes(targetUserId)) {
+        return; // already blocked
+    }
+    const blocked_users = [...current.blocked_users, targetUserId];
+    const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+    await setDocument(collectionPath, docId, { blocked_users }, { merge: true });
+    logger?.info('User blocked from ghost access', {
+        service: SERVICE,
+        ownerUserId,
+        targetUserId,
+    });
+}
+/**
+ * Unblock a user from ghost access.
+ */
+export async function unblockUser(ownerUserId, targetUserId, logger) {
+    const current = await getGhostConfig(ownerUserId, logger);
+    if (!current.blocked_users.includes(targetUserId)) {
+        return; // not blocked
+    }
+    const blocked_users = current.blocked_users.filter(id => id !== targetUserId);
+    const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+    await setDocument(collectionPath, docId, { blocked_users }, { merge: true });
+    logger?.info('User unblocked from ghost access', {
+        service: SERVICE,
+        ownerUserId,
+        targetUserId,
+    });
+}
+/**
+ * Check if a user's ghost is enabled.
+ */
+export async function isGhostEnabled(ownerUserId, logger) {
+    const config = await getGhostConfig(ownerUserId, logger);
+    return config.enabled;
+}
+/**
+ * Validate a partial GhostConfig update.
+ * Throws if any field values are invalid.
+ */
+export function validateGhostConfigUpdate(config) {
+    if (config.default_friend_trust !== undefined) {
+        if (config.default_friend_trust < 0 || config.default_friend_trust > 1) {
+            throw new Error(`default_friend_trust must be between 0 and 1, got ${config.default_friend_trust}`);
+        }
+    }
+    if (config.default_public_trust !== undefined) {
+        if (config.default_public_trust < 0 || config.default_public_trust > 1) {
+            throw new Error(`default_public_trust must be between 0 and 1, got ${config.default_public_trust}`);
+        }
+    }
+    if (config.enforcement_mode !== undefined) {
+        const valid = ['query', 'prompt', 'hybrid'];
+        if (!valid.includes(config.enforcement_mode)) {
+            throw new Error(`enforcement_mode must be one of ${valid.join(', ')}, got ${config.enforcement_mode}`);
+        }
+    }
+    if (config.per_user_trust !== undefined) {
+        for (const [userId, level] of Object.entries(config.per_user_trust)) {
+            if (level < 0 || level > 1) {
+                throw new Error(`Trust level for ${userId} must be between 0 and 1, got ${level}`);
+            }
+        }
+    }
+}
+/**
+ * Firestore-backed GhostConfigProvider implementation.
+ * Returns null if ghost is not enabled (same contract as StubGhostConfigProvider).
+ */
+export class FirestoreGhostConfigProvider {
+    logger;
+    constructor(logger) {
+        this.logger = logger;
+    }
+    async getGhostConfig(ownerUserId) {
+        const config = await getGhostConfig(ownerUserId, this.logger);
+        if (!config.enabled) {
+            return null;
+        }
+        return config;
+    }
+}
+//# sourceMappingURL=ghost-config.service.js.map

package/dist/services/ghost-config.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ghost-config.service.js","sourceRoot":"","sources":["../../src/services/ghost-config.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,IAAI,EAAE,MAAM,gCAAgC,CAAC;AAGtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAGtE,MAAM,OAAO,GAAG,oBAAoB,CAAC;AAErC;;GAEG;AACH,SAAS,kBAAkB,CAAC,WAAmB;IAC7C,OAAO;QACL,cAAc,EAAE,GAAG,IAAI,UAAU,WAAW,eAAe;QAC3D,KAAK,EAAE,UAAU;KAClB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,WAAmB,EAAE,MAAe;IACvE,IAAI,CAAC;QACH,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAClE,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QAErD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,EAAE,GAAG,oBAAoB,EAAE,CAAC;QACrC,CAAC;QAED,OAAO,EAAE,GAAG,oBAAoB,EAAE,GAAG,GAAG,EAAiB,CAAC;IAC5D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,EAAE,KAAK,CAAC,4BAA4B,EAAE;YAC1C,OAAO,EAAE,OAAO;YAChB,WAAW;YACX,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,OAAO,EAAE,GAAG,oBAAoB,EAAE,CAAC;IACrC,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,WAAmB,EACnB,MAA4B,EAC5B,MAAe;IAEf,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClE,MAAM,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAElE,MAAM,EAAE,IAAI,CAAC,sBAAsB,EAAE;QACnC,OAAO,EAAE,OAAO;QAChB,WAAW;QACX,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;KACjC,CAAC,CAAC;IAEH,OAAO,cAAc,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,WAAmB,EACnB,YAAoB,EACpB,UAAkB,EAClB,MAAe;IAEf,IAAI,UAAU,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,4CAA4C,UAAU,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC1D,MAAM,cAAc,GAAG,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,YAAY,CAAC,EAAE,UAAU,EAAE,CAAC;IAEjF,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClE,MAAM,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,MAAM,EAAE,IAAI,CAAC,sBAAsB,EAAE;QACnC,OAAO,EAAE,OAAO;QAChB,WAAW;QACX,YAAY;QACZ,UAAU;KACX,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,WAAmB,EACnB,YAAoB,EACpB,MAAe;IAEf,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC1D,MAAM,cAAc,GAAG,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IACrD,OAAO,cAAc,CAAC,YAAY,CAAC,CAAC;IAEpC,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClE,MAAM,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,MAAM,EAAE,IAAI,CAAC,6BAA6B,EAAE;QAC1C,OAAO,EAAE,OAAO;QAChB,WAAW;QACX,YAAY;KACb,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,WAAmB,EACnB,YAAoB,EACpB,MAAe;IAEf,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC1D,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,kBAAkB;IAC5B,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,GAAG,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAC/D,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClE,MAAM,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7E,MAAM,EAAE,IAAI,CAAC,gCAAgC,EAAE;QAC7C,OAAO,EAAE,OAAO;QAChB,WAAW;QACX,YAAY;KACb,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,WAAmB,EACnB,YAAoB,EACpB,MAAe;IAEf,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC1D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,cAAc;IACxB,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC;IAC9E,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClE,MAAM,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7E,MAAM,EAAE,IAAI,CAAC,kCAAkC,EAAE;QAC/C,OAAO,EAAE,OAAO;QAChB,WAAW;QACX,YAAY;KACb,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,WAAmB,EAAE,MAAe;IACvE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACzD,OAAO,MAAM,CAAC,OAAO,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAA4B;IACpE,IAAI,MAAM,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;QAC9C,IAAI,MAAM,CAAC,oBAAoB,GAAG,CAAC,IAAI,MAAM,CAAC,oBAAoB,GAAG,CAAC,EAAE,CAAC;YACvE,MAAM,IAAI,KAAK,CAAC,qDAAqD,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC;QACtG,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;QAC9C,IAAI,MAAM,CAAC,oBAAoB,GAAG,CAAC,IAAI,MAAM,CAAC,oBAAoB,GAAG,CAAC,EAAE,CAAC;YACvE,MAAM,IAAI,KAAK,CAAC,qDAAqD,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC;QACtG,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,GAA2B,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACpE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACpE,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,mBAAmB,MAAM,iCAAiC,KAAK,EAAE,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IACnB;IAApB,YAAoB,MAAe;QAAf,WAAM,GAAN,MAAM,CAAS;IAAG,CAAC;IAEvC,KAAK,CAAC,cAAc,CAAC,WAAmB;QACtC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/services/index.d.ts

@@ -8,4 +8,10 @@ export { getSpaceConfig, setSpaceConfig, DEFAULT_SPACE_CONFIG, type SpaceConfig,
 export { MemoryService, type CreateMemoryInput, type CreateMemoryResult, type SearchMemoryInput, type SearchMemoryResult, type FindSimilarInput, type FindSimilarResult, type SimilarMemoryItem, type QueryMemoryInput, type QueryMemoryResult, type RelevantMemoryItem, type UpdateMemoryInput, type UpdateMemoryResult, type DeleteMemoryInput, type DeleteMemoryResult, } from './memory.service.js';
 export { RelationshipService, type CreateRelationshipInput, type CreateRelationshipResult, type UpdateRelationshipInput, type UpdateRelationshipResult, type SearchRelationshipInput, type SearchRelationshipResult, type DeleteRelationshipInput, type DeleteRelationshipResult, } from './relationship.service.js';
 export { SpaceService, type PublishInput, type PublishResult, type RetractInput, type RetractResult, type ReviseInput, type ReviseResult, type ConfirmInput, type ConfirmResult, type DenyInput, type DenyResult, type ModerateInput, type ModerateResult, type SearchSpaceInput, type SearchSpaceResult, type QuerySpaceInput, type QuerySpaceResult, type ModerationAction, type ModerationFilter, type RevisionEntry, type RevisionResult, buildModerationFilter, parseRevisionHistory, buildRevisionHistory, } from './space.service.js';
+export { TRUST_THRESHOLDS, buildTrustFilter, formatMemoryForPrompt, getTrustLevelLabel, getTrustInstructions, redactSensitiveFields, isTrustSufficient, resolveEnforcementMode, type FormattedMemory, } from './trust-enforcement.service.js';
+export { validateTrustAssignment, suggestTrustLevel, type TrustValidationResult, } from './trust-validator.service.js';
+export { checkMemoryAccess, handleInsufficientTrust, isMemoryBlocked, resetBlock, resolveAccessorTrustLevel, formatAccessResultMessage, canRevise, canOverwrite, TRUST_PENALTY, MAX_ATTEMPTS_BEFORE_BLOCK, type MemoryBlock, type AttemptRecord, type GhostConfigProvider, type EscalationStore, type PublishedMemoryACL, StubGhostConfigProvider, InMemoryEscalationStore, } from './access-control.service.js';
+export { getGhostConfig, setGhostConfigFields, setUserTrust, removeUserTrust, blockUser, unblockUser, isGhostEnabled, validateGhostConfigUpdate, FirestoreGhostConfigProvider, } from './ghost-config.service.js';
+export { FirestoreEscalationStore, } from './escalation.service.js';
+export { handleGetConfig, handleUpdateConfig, handleSetTrust, handleRemoveTrust, handleBlockUser, handleUnblockUser, type GhostConfigResult, type TrustResult, } from './ghost-config-handler.service.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAEtE,OAAO,EACL,wBAAwB,EACxB,KAAK,mBAAmB,GACzB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,KAAK,WAAW,GACjB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,aAAa,EACb,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,GACxB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,GAC9B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,YAAY,EACZ,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAEtE,OAAO,EACL,wBAAwB,EACxB,KAAK,mBAAmB,GACzB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,KAAK,WAAW,GACjB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,aAAa,EACb,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,GACxB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,GAC9B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,YAAY,EACZ,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,KAAK,eAAe,GACrB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,uBAAuB,EACvB,iBAAiB,EACjB,KAAK,qBAAqB,GAC3B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,eAAe,EACf,UAAU,EACV,yBAAyB,EACzB,yBAAyB,EACzB,SAAS,EACT,YAAY,EACZ,aAAa,EACb,yBAAyB,EACzB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,SAAS,EACT,WAAW,EACX,cAAc,EACd,yBAAyB,EACzB,4BAA4B,GAC7B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,WAAW,GACjB,MAAM,mCAAmC,CAAC"}

package/dist/services/index.js

@@ -14,4 +14,11 @@ export { getSpaceConfig, setSpaceConfig, DEFAULT_SPACE_CONFIG, } from './space-c
 export { MemoryService, } from './memory.service.js';
 export { RelationshipService, } from './relationship.service.js';
 export { SpaceService, buildModerationFilter, parseRevisionHistory, buildRevisionHistory, } from './space.service.js';
+// Trust & ghost system services (ported from remember-mcp v3.11.0+)
+export { TRUST_THRESHOLDS, buildTrustFilter, formatMemoryForPrompt, getTrustLevelLabel, getTrustInstructions, redactSensitiveFields, isTrustSufficient, resolveEnforcementMode, } from './trust-enforcement.service.js';
+export { validateTrustAssignment, suggestTrustLevel, } from './trust-validator.service.js';
+export { checkMemoryAccess, handleInsufficientTrust, isMemoryBlocked, resetBlock, resolveAccessorTrustLevel, formatAccessResultMessage, canRevise, canOverwrite, TRUST_PENALTY, MAX_ATTEMPTS_BEFORE_BLOCK, StubGhostConfigProvider, InMemoryEscalationStore, } from './access-control.service.js';
+export { getGhostConfig, setGhostConfigFields, setUserTrust, removeUserTrust, blockUser, unblockUser, isGhostEnabled, validateGhostConfigUpdate, FirestoreGhostConfigProvider, } from './ghost-config.service.js';
+export { FirestoreEscalationStore, } from './escalation.service.js';
+export { handleGetConfig, handleUpdateConfig, handleSetTrust, handleRemoveTrust, handleBlockUser, handleUnblockUser, } from './ghost-config-handler.service.js';
 //# sourceMappingURL=index.js.map

package/dist/services/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,wCAAwC;AACxC,mDAAmD;AACnD,mDAAmD;AACnD,2DAA2D;AAC3D,mDAAmD;AAEnD,kBAAkB;AAClB,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAEtE,OAAO,EACL,wBAAwB,GAEzB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,GAErB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,aAAa,GAed,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,GASpB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,YAAY,EAqBZ,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,wCAAwC;AACxC,mDAAmD;AACnD,mDAAmD;AACnD,2DAA2D;AAC3D,mDAAmD;AAEnD,kBAAkB;AAClB,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAEtE,OAAO,EACL,wBAAwB,GAEzB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,GAErB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,aAAa,GAed,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,GASpB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,YAAY,EAqBZ,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAE5B,oEAAoE;AACpE,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,GAEvB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,uBAAuB,EACvB,iBAAiB,GAElB,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,eAAe,EACf,UAAU,EACV,yBAAyB,EACzB,yBAAyB,EACzB,SAAS,EACT,YAAY,EACZ,aAAa,EACb,yBAAyB,EAMzB,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,SAAS,EACT,WAAW,EACX,cAAc,EACd,yBAAyB,EACzB,4BAA4B,GAC7B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,iBAAiB,GAGlB,MAAM,mCAAmC,CAAC"}

package/dist/services/trust-enforcement.service.d.ts

@@ -0,0 +1,80 @@
+/**
+ * Trust enforcement service — 3 configurable modes for cross-user memory access.
+ *
+ * - query mode (default): memories above trust threshold never returned from Weaviate
+ * - prompt mode: all memories returned, formatted/redacted by trust level
+ * - hybrid mode: query filter for trust 0.0, prompt filter for rest
+ *
+ * Ported from remember-mcp/src/services/trust-enforcement.ts
+ */
+import type { Memory } from '../types/memory.types.js';
+import type { TrustEnforcementMode } from '../types/ghost-config.types.js';
+/** Trust level thresholds mapping continuous 0-1 values to discrete behavior tiers */
+export declare const TRUST_THRESHOLDS: {
+    readonly FULL_ACCESS: 1;
+    readonly PARTIAL_ACCESS: 0.75;
+    readonly SUMMARY_ONLY: 0.5;
+    readonly METADATA_ONLY: 0.25;
+    readonly EXISTENCE_ONLY: 0;
+};
+/**
+ * Build a Weaviate filter that restricts memories by trust score.
+ * Only returns memories where trust_score <= accessorTrustLevel.
+ *
+ * @param collection - Weaviate collection instance
+ * @param accessorTrustLevel - The accessor's trust level (0-1)
+ * @returns Weaviate filter object
+ */
+export declare function buildTrustFilter(collection: any, accessorTrustLevel: number): any;
+/**
+ * Formatted memory representation for prompt-level enforcement.
+ * Content is redacted/formatted based on trust level.
+ */
+export interface FormattedMemory {
+    memory_id: string;
+    trust_tier: string;
+    content: string;
+}
+/**
+ * Format a memory for inclusion in an LLM prompt, redacted by trust level.
+ *
+ * Trust tiers:
+ * - 1.0  Full Access:    full content, all details
+ * - 0.75 Partial Access: content with sensitive fields redacted
+ * - 0.5  Summary Only:   title + summary, no content
+ * - 0.25 Metadata Only:  type, date, tags — no content or summary
+ * - 0.0  Existence Only: "A memory exists about this topic"
+ *
+ * Trust 1.0 memories are always existence-only for cross-users, regardless of
+ * accessor trust level. Use `isSelfAccess = true` to bypass for owner access.
+ *
+ * @param memory - The memory to format
+ * @param accessorTrustLevel - The accessor's trust level (0-1)
+ * @param isSelfAccess - True if the accessor is the memory owner (bypasses trust 1.0 cap)
+ * @returns Formatted memory for prompt inclusion
+ */
+export declare function formatMemoryForPrompt(memory: Memory, accessorTrustLevel: number, isSelfAccess?: boolean): FormattedMemory;
+/**
+ * Get a human-readable label for a trust level.
+ */
+export declare function getTrustLevelLabel(trust: number): string;
+/**
+ * Get LLM instruction text describing what to reveal at a given trust level.
+ */
+export declare function getTrustInstructions(trust: number): string;
+/**
+ * Redact sensitive fields from a memory for partial access.
+ * Returns a copy with location, context, and references cleared.
+ */
+export declare function redactSensitiveFields(memory: Memory, _trust: number): Memory;
+/**
+ * Check whether an accessor's trust level is sufficient for a memory.
+ * Access is granted when accessorTrust >= memoryTrust.
+ */
+export declare function isTrustSufficient(memoryTrust: number, accessorTrust: number): boolean;
+/**
+ * Determine the enforcement mode to use.
+ * Convenience function that returns the mode from GhostConfig or falls back to 'query'.
+ */
+export declare function resolveEnforcementMode(mode?: TrustEnforcementMode): TrustEnforcementMode;
+//# sourceMappingURL=trust-enforcement.service.d.ts.map

package/dist/services/trust-enforcement.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-enforcement.service.d.ts","sourceRoot":"","sources":["../../src/services/trust-enforcement.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAI3E,sFAAsF;AACtF,eAAO,MAAM,gBAAgB;;;;;;CAMnB,CAAC;AAIX;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,GAAG,EAAE,kBAAkB,EAAE,MAAM,GAAG,GAAG,CAEjF;AAID;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,YAAY,UAAQ,GAAG,eAAe,CAwDvH;AAID;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMxD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAc1D;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAe5E;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAErF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,CAAC,EAAE,oBAAoB,GAAG,oBAAoB,CAExF"}