@prmichaelsen/remember-mcp 2.2.1 → 2.3.0

package/src/services/confirmation-token.service.spec.ts

@@ -0,0 +1,254 @@
+/**
+ * Unit tests for Confirmation Token Service
+ */
+
+import { ConfirmationTokenService, type ConfirmationRequest } from '../../src/services/confirmation-token.service';
+import * as firestoreInit from '../../src/firestore/init';
+
+// Mock Firestore functions
+jest.mock('../../src/firestore/init', () => ({
+  getDocument: jest.fn(),
+  addDocument: jest.fn(),
+  updateDocument: jest.fn(),
+  queryDocuments: jest.fn(),
+}));
+
+describe('ConfirmationTokenService', () => {
+  let service: ConfirmationTokenService;
+  const mockUserId = 'test-user-123';
+  const mockToken = '550e8400-e29b-41d4-a716-446655440000';
+
+  beforeEach(() => {
+    service = new ConfirmationTokenService();
+    jest.clearAllMocks();
+  });
+
+  afterEach(() => {
+    jest.restoreAllMocks();
+  });
+
+  describe('createRequest', () => {
+    it('should create a new confirmation request with token', async () => {
+      const mockDocRef = { id: 'request-123', path: 'users/test-user-123/requests/request-123' };
+      (firestoreInit.addDocument as jest.Mock).mockResolvedValue(mockDocRef);
+
+      const payload = { memory_id: 'mem-123', additional_tags: [] };
+      const result = await service.createRequest(mockUserId, 'publish_memory', payload, 'the_void');
+
+      expect(result.requestId).toBe('request-123');
+      expect(result.token).toBeDefined();
+      expect(typeof result.token).toBe('string');
+      expect(result.token.length).toBeGreaterThan(0);
+      expect(firestoreInit.addDocument).toHaveBeenCalledWith(
+        'users/test-user-123/requests',
+        expect.objectContaining({
+          user_id: mockUserId,
+          action: 'publish_memory',
+          target_collection: 'the_void',
+          payload,
+          status: 'pending',
+        })
+      );
+    });
+
+    it('should set expiry to 5 minutes from now', async () => {
+      const mockDocRef = { id: 'request-123', path: 'path' };
+      (firestoreInit.addDocument as jest.Mock).mockResolvedValue(mockDocRef);
+
+      const beforeTime = Date.now();
+      await service.createRequest(mockUserId, 'publish_memory', {});
+      const afterTime = Date.now();
+
+      const call = (firestoreInit.addDocument as jest.Mock).mock.calls[0][1];
+      const expiresAt = new Date(call.expires_at).getTime();
+      const createdAt = new Date(call.created_at).getTime();
+
+      // Should be 5 minutes (300000ms) after creation
+      const expectedExpiry = createdAt + 5 * 60 * 1000;
+      expect(expiresAt).toBe(expectedExpiry);
+      expect(createdAt).toBeGreaterThanOrEqual(beforeTime);
+      expect(createdAt).toBeLessThanOrEqual(afterTime);
+    });
+  });
+
+  describe('validateToken', () => {
+    it('should return request if token is valid and not expired', async () => {
+      const mockRequest: ConfirmationRequest = {
+        user_id: mockUserId,
+        token: mockToken,
+        action: 'publish_memory',
+        payload: { memory_id: 'mem-123' },
+        created_at: new Date().toISOString(),
+        expires_at: new Date(Date.now() + 60000).toISOString(), // 1 minute from now
+        status: 'pending',
+      };
+
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([
+        { id: 'request-123', data: mockRequest }
+      ]);
+
+      const result = await service.validateToken(mockUserId, mockToken);
+
+      expect(result).toEqual({
+        ...mockRequest,
+        request_id: 'request-123',
+      });
+    });
+
+    it('should return null if token not found', async () => {
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([]);
+
+      const result = await service.validateToken(mockUserId, mockToken);
+
+      expect(result).toBeNull();
+    });
+
+    it('should return null and mark expired if token is expired', async () => {
+      const mockRequest: ConfirmationRequest = {
+        user_id: mockUserId,
+        token: mockToken,
+        action: 'publish_memory',
+        payload: {},
+        created_at: new Date(Date.now() - 10 * 60 * 1000).toISOString(), // 10 minutes ago
+        expires_at: new Date(Date.now() - 5 * 60 * 1000).toISOString(), // 5 minutes ago (expired)
+        status: 'pending',
+      };
+
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([
+        { id: 'request-123', data: mockRequest }
+      ]);
+      (firestoreInit.updateDocument as jest.Mock).mockResolvedValue(undefined);
+
+      const result = await service.validateToken(mockUserId, mockToken);
+
+      expect(result).toBeNull();
+      expect(firestoreInit.updateDocument).toHaveBeenCalledWith(
+        'users/test-user-123/requests',
+        'request-123',
+        { status: 'expired' }
+      );
+    });
+  });
+
+  describe('confirmRequest', () => {
+    it('should confirm a valid request', async () => {
+      const mockRequest: ConfirmationRequest = {
+        user_id: mockUserId,
+        token: mockToken,
+        action: 'publish_memory',
+        payload: { memory_id: 'mem-123' },
+        created_at: new Date().toISOString(),
+        expires_at: new Date(Date.now() + 60000).toISOString(),
+        status: 'pending',
+      };
+
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([
+        { id: 'request-123', data: mockRequest }
+      ]);
+      (firestoreInit.updateDocument as jest.Mock).mockResolvedValue(undefined);
+
+      const result = await service.confirmRequest(mockUserId, mockToken);
+
+      expect(result).not.toBeNull();
+      expect(result?.status).toBe('confirmed');
+      expect(result?.confirmed_at).toBeDefined();
+      expect(firestoreInit.updateDocument).toHaveBeenCalledWith(
+        'users/test-user-123/requests',
+        'request-123',
+        expect.objectContaining({
+          status: 'confirmed',
+          confirmed_at: expect.any(String),
+        })
+      );
+    });
+
+    it('should return null if token is invalid', async () => {
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([]);
+
+      const result = await service.confirmRequest(mockUserId, mockToken);
+
+      expect(result).toBeNull();
+      expect(firestoreInit.updateDocument).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('denyRequest', () => {
+    it('should deny a valid request', async () => {
+      const mockRequest: ConfirmationRequest = {
+        user_id: mockUserId,
+        token: mockToken,
+        action: 'publish_memory',
+        payload: {},
+        created_at: new Date().toISOString(),
+        expires_at: new Date(Date.now() + 60000).toISOString(),
+        status: 'pending',
+      };
+
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([
+        { id: 'request-123', data: mockRequest }
+      ]);
+      (firestoreInit.updateDocument as jest.Mock).mockResolvedValue(undefined);
+
+      const result = await service.denyRequest(mockUserId, mockToken);
+
+      expect(result).toBe(true);
+      expect(firestoreInit.updateDocument).toHaveBeenCalledWith(
+        'users/test-user-123/requests',
+        'request-123',
+        { status: 'denied' }
+      );
+    });
+
+    it('should return false if token is invalid', async () => {
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([]);
+
+      const result = await service.denyRequest(mockUserId, mockToken);
+
+      expect(result).toBe(false);
+    });
+  });
+
+  describe('retractRequest', () => {
+    it('should retract a valid request', async () => {
+      const mockRequest: ConfirmationRequest = {
+        user_id: mockUserId,
+        token: mockToken,
+        action: 'publish_memory',
+        payload: {},
+        created_at: new Date().toISOString(),
+        expires_at: new Date(Date.now() + 60000).toISOString(),
+        status: 'pending',
+      };
+
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([
+        { id: 'request-123', data: mockRequest }
+      ]);
+      (firestoreInit.updateDocument as jest.Mock).mockResolvedValue(undefined);
+
+      const result = await service.retractRequest(mockUserId, mockToken);
+
+      expect(result).toBe(true);
+      expect(firestoreInit.updateDocument).toHaveBeenCalledWith(
+        'users/test-user-123/requests',
+        'request-123',
+        { status: 'retracted' }
+      );
+    });
+
+    it('should return false if token is invalid', async () => {
+      (firestoreInit.queryDocuments as jest.Mock).mockResolvedValue([]);
+
+      const result = await service.retractRequest(mockUserId, mockToken);
+
+      expect(result).toBe(false);
+    });
+  });
+
+  describe('cleanupExpired', () => {
+    it('should return 0 (not implemented - relies on Firestore TTL)', async () => {
+      const result = await service.cleanupExpired();
+
+      expect(result).toBe(0);
+    });
+  });
+});

package/src/services/confirmation-token.service.ts

@@ -0,0 +1,232 @@
+/**
+ * Confirmation Token Service
+ * 
+ * Manages confirmation tokens for sensitive operations like publishing memories.
+ * Tokens are one-time use with 5-minute expiry.
+ */
+
+import { randomUUID } from 'crypto';
+import { 
+  getDocument, 
+  addDocument, 
+  updateDocument,
+  queryDocuments,
+  type QueryOptions 
+} from '../firestore/init.js';
+
+/**
+ * Confirmation request stored in Firestore
+ */
+export interface ConfirmationRequest {
+  user_id: string;
+  token: string;
+  action: string;
+  target_collection?: string;
+  payload: any;
+  created_at: string;  // ISO 8601 timestamp
+  expires_at: string;  // ISO 8601 timestamp
+  status: 'pending' | 'confirmed' | 'denied' | 'expired' | 'retracted';
+  confirmed_at?: string;  // ISO 8601 timestamp
+}
+
+/**
+ * Service for managing confirmation tokens
+ */
+export class ConfirmationTokenService {
+  private readonly EXPIRY_MINUTES = 5;
+
+  /**
+   * Create a new confirmation request
+   * 
+   * @param userId - User ID who initiated the request
+   * @param action - Action type (e.g., 'publish_memory')
+   * @param payload - Data to store with the request
+   * @param targetCollection - Optional target collection (e.g., 'the_void')
+   * @returns Request ID and token
+   */
+  async createRequest(
+    userId: string,
+    action: string,
+    payload: any,
+    targetCollection?: string
+  ): Promise<{ requestId: string; token: string }> {
+    const token = randomUUID();
+
+    const now = new Date();
+    const expiresAt = new Date(now.getTime() + this.EXPIRY_MINUTES * 60 * 1000);
+
+    const request: ConfirmationRequest = {
+      user_id: userId,
+      token,
+      action,
+      target_collection: targetCollection,
+      payload,
+      created_at: now.toISOString(),
+      expires_at: expiresAt.toISOString(),
+      status: 'pending',
+    };
+
+    // Add document to Firestore (auto-generates ID)
+    const collectionPath = `users/${userId}/requests`;
+    const docRef = await addDocument(collectionPath, request);
+
+    return { requestId: docRef.id, token };
+  }
+
+  /**
+   * Validate and retrieve a confirmation request
+   * 
+   * @param userId - User ID
+   * @param token - Confirmation token
+   * @returns Request with request_id if valid, null otherwise
+   */
+  async validateToken(
+    userId: string,
+    token: string
+  ): Promise<(ConfirmationRequest & { request_id: string }) | null> {
+    const collectionPath = `users/${userId}/requests`;
+
+    // Query for the token
+    const queryOptions: QueryOptions = {
+      where: [
+        { field: 'token', op: '==', value: token },
+        { field: 'status', op: '==', value: 'pending' },
+      ],
+      limit: 1,
+    };
+
+    const results = await queryDocuments(collectionPath, queryOptions);
+
+    if (results.length === 0) {
+      return null;
+    }
+
+    const doc = results[0];
+    const request = doc.data as ConfirmationRequest;
+
+    // Check expiry
+    const expiresAt = new Date(request.expires_at);
+    if (expiresAt.getTime() < Date.now()) {
+      await this.updateStatus(userId, doc.id, 'expired');
+      return null;
+    }
+
+    return {
+      ...request,
+      request_id: doc.id,
+    };
+  }
+
+  /**
+   * Confirm a request
+   * 
+   * @param userId - User ID
+   * @param token - Confirmation token
+   * @returns Confirmed request if valid, null otherwise
+   */
+  async confirmRequest(
+    userId: string,
+    token: string
+  ): Promise<(ConfirmationRequest & { request_id: string }) | null> {
+    const request = await this.validateToken(userId, token);
+    if (!request) {
+      return null;
+    }
+
+    await this.updateStatus(userId, request.request_id, 'confirmed');
+    
+    return {
+      ...request,
+      status: 'confirmed',
+      confirmed_at: new Date().toISOString(),
+    };
+  }
+
+  /**
+   * Deny a request
+   * 
+   * @param userId - User ID
+   * @param token - Confirmation token
+   * @returns True if denied successfully, false otherwise
+   */
+  async denyRequest(
+    userId: string,
+    token: string
+  ): Promise<boolean> {
+    const request = await this.validateToken(userId, token);
+    if (!request) {
+      return false;
+    }
+
+    await this.updateStatus(userId, request.request_id, 'denied');
+    return true;
+  }
+
+  /**
+   * Retract a request
+   * 
+   * @param userId - User ID
+   * @param token - Confirmation token
+   * @returns True if retracted successfully, false otherwise
+   */
+  async retractRequest(
+    userId: string,
+    token: string
+  ): Promise<boolean> {
+    const request = await this.validateToken(userId, token);
+    if (!request) {
+      return false;
+    }
+
+    await this.updateStatus(userId, request.request_id, 'retracted');
+    return true;
+  }
+
+  /**
+   * Update request status
+   * 
+   * @param userId - User ID
+   * @param requestId - Request document ID
+   * @param status - New status
+   */
+  private async updateStatus(
+    userId: string,
+    requestId: string,
+    status: ConfirmationRequest['status']
+  ): Promise<void> {
+    const collectionPath = `users/${userId}/requests`;
+
+    const updateData: Partial<ConfirmationRequest> = {
+      status,
+    };
+
+    if (status === 'confirmed') {
+      updateData.confirmed_at = new Date().toISOString();
+    }
+
+    await updateDocument(collectionPath, requestId, updateData);
+  }
+
+  /**
+   * Clean up expired requests (optional - Firestore TTL handles deletion)
+   * 
+   * Note: Configure Firestore TTL policy on 'requests' collection group
+   * with 'expires_at' field for automatic deletion within 24 hours.
+   * 
+   * This method is optional for immediate cleanup if needed.
+   * 
+   * @returns Count of deleted requests
+   */
+  async cleanupExpired(): Promise<number> {
+    // Note: firebase-admin-sdk-v8 doesn't support collectionGroup queries
+    // This would need to be implemented differently or rely on Firestore TTL
+    // For now, return 0 and rely on Firestore TTL policy
+    console.warn('[ConfirmationTokenService] cleanupExpired not implemented - rely on Firestore TTL');
+    return 0;
+  }
+}
+
+/**
+ * Singleton instance of the confirmation token service
+ */
+export const confirmationTokenService = new ConfirmationTokenService();

package/src/tools/confirm.ts

@@ -0,0 +1,176 @@
+/**
+ * remember_confirm tool
+ * 
+ * Generic confirmation tool that executes any pending action.
+ * This is the second phase of the confirmation workflow.
+ */
+
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import { confirmationTokenService, type ConfirmationRequest } from '../services/confirmation-token.service.js';
+import { getWeaviateClient, getMemoryCollectionName } from '../weaviate/client.js';
+import { ensureSpaceCollection } from '../weaviate/space-schema.js';
+import { handleToolError } from '../utils/error-handler.js';
+
+/**
+ * Tool definition for remember_confirm
+ */
+export const confirmTool: Tool = {
+  name: 'remember_confirm',
+  description: 'Confirm and execute a pending action using the token. Works for any action that requires confirmation (publish, delete, etc.).',
+  inputSchema: {
+    type: 'object',
+    properties: {
+      token: {
+        type: 'string',
+        description: 'The confirmation token from the action tool',
+      },
+    },
+    required: ['token'],
+  },
+};
+
+interface ConfirmArgs {
+  token: string;
+}
+
+/**
+ * Handle remember_confirm tool execution
+ */
+export async function handleConfirm(
+  args: ConfirmArgs,
+  userId: string
+): Promise<string> {
+  try {
+    // Validate and confirm token
+    const request = await confirmationTokenService.confirmRequest(userId, args.token);
+
+    if (!request) {
+      return JSON.stringify(
+        {
+          success: false,
+          error: 'Invalid or expired token',
+          message: 'The confirmation token is invalid, expired, or has already been used.',
+        },
+        null,
+        2
+      );
+    }
+
+    // GENERIC: Execute action based on type
+    // This is where the generic pattern delegates to action-specific executors
+    if (request.action === 'publish_memory') {
+      return await executePublishMemory(request, userId);
+    }
+
+    // Add other action types here as needed
+    // if (request.action === 'retract_memory') {
+    //   return await executeRetractMemory(request, userId);
+    // }
+
+    throw new Error(`Unknown action type: ${request.action}`);
+  } catch (error) {
+    handleToolError(error, {
+      toolName: 'remember_confirm',
+      userId,
+      operation: 'confirm action',
+      token: args.token,
+    });
+  }
+}
+
+/**
+ * Execute publish memory action
+ */
+async function executePublishMemory(
+  request: ConfirmationRequest & { request_id: string },
+  userId: string
+): Promise<string> {
+  try {
+    // Fetch the memory NOW (during confirmation, not from stored payload)
+    const weaviateClient = getWeaviateClient();
+    const userCollection = weaviateClient.collections.get(
+      getMemoryCollectionName(userId)
+    );
+
+    const originalMemory = await userCollection.query.fetchObjectById(
+      request.payload.memory_id
+    );
+
+    if (!originalMemory) {
+      return JSON.stringify(
+        {
+          success: false,
+          error: 'Memory not found',
+          message: `Original memory ${request.payload.memory_id} no longer exists`,
+        },
+        null,
+        2
+      );
+    }
+
+    // Verify ownership again
+    if (originalMemory.properties.user_id !== userId) {
+      return JSON.stringify(
+        {
+          success: false,
+          error: 'Permission denied',
+          message: 'You can only publish your own memories',
+        },
+        null,
+        2
+      );
+    }
+
+    // Get target collection
+    const targetCollection = await ensureSpaceCollection(
+      weaviateClient,
+      request.target_collection || 'the_void'
+    );
+
+    // Create published memory (copy with modifications)
+    const originalTags = Array.isArray(originalMemory.properties.tags)
+      ? originalMemory.properties.tags
+      : [];
+    const additionalTags = Array.isArray(request.payload.additional_tags)
+      ? request.payload.additional_tags
+      : [];
+
+    const publishedMemory = {
+      ...originalMemory.properties,
+      // Override specific fields
+      space_id: request.target_collection || 'the_void',
+      author_id: userId, // Always attributed
+      published_at: new Date().toISOString(),
+      discovery_count: 0,
+      doc_type: 'space_memory',
+      attribution: 'user' as const,
+      // Merge additional tags
+      tags: [...originalTags, ...additionalTags],
+      // Update timestamps
+      created_at: new Date().toISOString(),
+      updated_at: new Date().toISOString(),
+      version: 1,
+    };
+
+    const result = await targetCollection.data.insert({
+      properties: publishedMemory as any,
+    });
+
+    // Return minimal response - agent already knows original memory
+    return JSON.stringify(
+      {
+        success: true,
+        space_memory_id: result,
+      },
+      null,
+      2
+    );
+  } catch (error) {
+    handleToolError(error, {
+      toolName: 'remember_confirm',
+      userId,
+      operation: 'execute publish_memory',
+      action: 'publish_memory',
+    });
+  }
+}