@prmichaelsen/remember-mcp 2.5.2 → 2.6.2

package/dist/tools/confirm.d.ts

@@ -7,6 +7,18 @@
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
 /**
  * Tool definition for remember_confirm
+ *
+ * CRITICAL SAFETY: This tool must ONLY be called after explicit user confirmation
+ * in a separate message. Never chain with other tools or call immediately after
+ * receiving a token. The confirmation workflow requires:
+ *
+ * 1. Agent calls remember_publish (or other confirmable action)
+ * 2. Agent receives token in response
+ * 3. Agent presents details to user and asks for confirmation
+ * 4. User responds in SEPARATE message with explicit yes/no
+ * 5. Agent calls remember_confirm or remember_deny in NEW response
+ *
+ * Chaining confirmations bypasses user consent and violates security model.
  */
 export declare const confirmTool: Tool;
 interface ConfirmArgs {

package/dist/tools/deny.d.ts

@@ -6,6 +6,18 @@
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
 /**
  * Tool definition for remember_deny
+ *
+ * CRITICAL SAFETY: This tool must ONLY be called after explicit user denial
+ * in a separate message. Never chain with other tools or call immediately after
+ * receiving a token. The denial workflow requires:
+ *
+ * 1. Agent calls remember_publish (or other confirmable action)
+ * 2. Agent receives token in response
+ * 3. Agent presents details to user and asks for confirmation
+ * 4. User responds in SEPARATE message with explicit denial
+ * 5. Agent calls remember_deny in NEW response
+ *
+ * Proper user consent workflow must be followed.
  */
 export declare const denyTool: Tool;
 interface DenyArgs {

package/dist/tools/query-space.d.ts

@@ -17,6 +17,7 @@ interface QuerySpaceArgs {
     min_weight?: number;
     date_from?: string;
     date_to?: string;
+    include_comments?: boolean;
     limit?: number;
     format?: 'detailed' | 'compact';
 }

package/dist/tools/search-space.d.ts

@@ -18,6 +18,7 @@ interface SearchSpaceArgs {
     max_weight?: number;
     date_from?: string;
     date_to?: string;
+    include_comments?: boolean;
     limit?: number;
     offset?: number;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prmichaelsen/remember-mcp",
-  "version": "2.5.2",
+  "version": "2.6.2",
   "description": "Multi-tenant memory system MCP server with vector search and relationships",
   "main": "dist/server.js",
   "type": "module",

package/src/config.ts

@@ -1,4 +1,5 @@
 import dotenv from 'dotenv';
+import { logger } from './utils/logger.js';
 
 dotenv.config();
 
@@ -52,5 +53,11 @@ export function validateConfig(): void {
     );
   }
 
-  console.log('[Config] Configuration validated');
+  // Import logger here to avoid circular dependency
+  // Use dynamic import synchronously (logger is already loaded by this point)
+  import('./utils/logger.js').then(({ logger }) => {
+    logger.info('Configuration validated', {
+      module: 'config',
+    });
+  });
 }

package/src/firestore/init.ts

@@ -1,5 +1,6 @@
 import { initializeApp } from '@prmichaelsen/firebase-admin-sdk-v8';
 import { config } from '../config.js';
+import { logger } from '../utils/logger.js';
 
 let initialized = false;
 
@@ -23,11 +24,20 @@ export function initFirestore(): void {
     });
 
     initialized = true;
-    console.log('[Firestore] Initialized successfully');
+    logger.info('Firestore initialized successfully', {
+      module: 'firestore-init',
+    });
   } catch (error) {
-    console.error('[Firestore] Initialization failed:', error);
-    console.error('[Firestore] Make sure FIREBASE_ADMIN_SERVICE_ACCOUNT_KEY is valid JSON');
-    console.error('[Firestore] Check for proper escaping in .env file');
+    logger.error('Firestore initialization failed', {
+      module: 'firestore-init',
+      error: error instanceof Error ? error.message : String(error),
+    });
+    logger.error('Make sure FIREBASE_ADMIN_SERVICE_ACCOUNT_KEY is valid JSON', {
+      module: 'firestore-init',
+    });
+    logger.error('Check for proper escaping in .env file', {
+      module: 'firestore-init',
+    });
     throw error;
   }
 }
@@ -52,10 +62,15 @@ export async function testFirestoreConnection(): Promise<boolean> {
     const { getDocument } = await import('@prmichaelsen/firebase-admin-sdk-v8');
     await getDocument('_health_check', 'test');
     
-    console.log('[Firestore] Connection successful');
+    logger.info('Firestore connection test successful', {
+      module: 'firestore-init',
+    });
     return true;
   } catch (error) {
-    console.error('[Firestore] Connection test failed:', error);
+    logger.error('Firestore connection test failed', {
+      module: 'firestore-init',
+      error: error instanceof Error ? error.message : String(error),
+    });
     return false;
   }
 }

package/src/services/confirmation-token.service.ts

@@ -1,18 +1,19 @@
 /**
  * Confirmation Token Service
- * 
+ *
  * Manages confirmation tokens for sensitive operations like publishing memories.
  * Tokens are one-time use with 5-minute expiry.
  */
 
 import { randomUUID } from 'crypto';
-import { 
-  getDocument, 
-  addDocument, 
+import {
+  getDocument,
+  addDocument,
   updateDocument,
   queryDocuments,
-  type QueryOptions 
+  type QueryOptions
 } from '../firestore/init.js';
+import { logger } from '../utils/logger.js';
 
 /**
  * Confirmation request stored in Firestore
@@ -69,21 +70,22 @@ export class ConfirmationTokenService {
 
       // Add document to Firestore (auto-generates ID)
       const collectionPath = `users/${userId}/requests`;
-      console.log('[ConfirmationTokenService] Creating request:', {
+      logger.info('Creating confirmation request', {
+        service: 'ConfirmationTokenService',
         userId,
         action,
         targetCollection,
         collectionPath,
-        requestData: {
-          token,
-          action,
-          payloadKeys: Object.keys(payload),
-        },
+        payloadKeys: Object.keys(payload),
       });
       
-      console.log('[ConfirmationTokenService] Calling addDocument...');
+      logger.debug('Calling Firestore addDocument', {
+        service: 'ConfirmationTokenService',
+        collectionPath,
+      });
       const docRef = await addDocument(collectionPath, request);
-      console.log('[ConfirmationTokenService] addDocument returned:', {
+      logger.debug('Firestore addDocument returned', {
+        service: 'ConfirmationTokenService',
         hasDocRef: !!docRef,
         hasId: !!docRef?.id,
         docRefId: docRef?.id,
@@ -92,7 +94,8 @@ export class ConfirmationTokenService {
       // Validate docRef
       if (!docRef) {
         const error = new Error('Firestore addDocument returned null/undefined');
-        console.error('[ConfirmationTokenService] CRITICAL: addDocument returned null', {
+        logger.error('CRITICAL: addDocument returned null', {
+          service: 'ConfirmationTokenService',
           userId,
           collectionPath,
         });
@@ -101,7 +104,8 @@ export class ConfirmationTokenService {
       
       if (!docRef.id) {
         const error = new Error('Firestore addDocument returned docRef without ID');
-        console.error('[ConfirmationTokenService] CRITICAL: docRef has no ID', {
+        logger.error('CRITICAL: docRef has no ID', {
+          service: 'ConfirmationTokenService',
           userId,
           collectionPath,
           docRef,
@@ -109,7 +113,8 @@ export class ConfirmationTokenService {
         throw error;
       }
       
-      console.log('[ConfirmationTokenService] Request created successfully:', {
+      logger.info('Confirmation request created successfully', {
+        service: 'ConfirmationTokenService',
         requestId: docRef.id,
         token,
         expiresAt: request.expires_at,
@@ -117,7 +122,8 @@ export class ConfirmationTokenService {
 
       return { requestId: docRef.id, token };
     } catch (error) {
-      console.error('[ConfirmationTokenService] FAILED to create request:', {
+      logger.error('Failed to create confirmation request', {
+        service: 'ConfirmationTokenService',
         error: error instanceof Error ? error.message : String(error),
         stack: error instanceof Error ? error.stack : undefined,
         userId,
@@ -143,7 +149,8 @@ export class ConfirmationTokenService {
   ): Promise<(ConfirmationRequest & { request_id: string }) | null> {
     const collectionPath = `users/${userId}/requests`;
     
-    console.log('[ConfirmationTokenService] Validating token:', {
+    logger.debug('Validating confirmation token', {
+      service: 'ConfirmationTokenService',
       userId,
       token,
       collectionPath,
@@ -160,20 +167,25 @@ export class ConfirmationTokenService {
 
     const results = await queryDocuments(collectionPath, queryOptions);
     
-    console.log('[ConfirmationTokenService] Query results:', {
+    logger.debug('Token query results', {
+      service: 'ConfirmationTokenService',
       resultsFound: results.length,
       hasResults: results.length > 0,
     });
 
     if (results.length === 0) {
-      console.log('[ConfirmationTokenService] Token not found or not pending');
+      logger.info('Token not found or not pending', {
+        service: 'ConfirmationTokenService',
+        userId,
+      });
       return null;
     }
 
     const doc = results[0];
     const request = doc.data as ConfirmationRequest;
     
-    console.log('[ConfirmationTokenService] Request found:', {
+    logger.info('Confirmation request found', {
+      service: 'ConfirmationTokenService',
       requestId: doc.id,
       action: request.action,
       status: request.status,
@@ -183,7 +195,11 @@ export class ConfirmationTokenService {
     // Check expiry
     const expiresAt = new Date(request.expires_at);
     if (expiresAt.getTime() < Date.now()) {
-      console.log('[ConfirmationTokenService] Token expired');
+      logger.info('Token expired', {
+        service: 'ConfirmationTokenService',
+        requestId: doc.id,
+        expiresAt: request.expires_at,
+      });
       await this.updateStatus(userId, doc.id, 'expired');
       return null;
     }
@@ -298,7 +314,10 @@ export class ConfirmationTokenService {
     // Note: firebase-admin-sdk-v8 doesn't support collectionGroup queries
     // This would need to be implemented differently or rely on Firestore TTL
     // For now, return 0 and rely on Firestore TTL policy
-    console.warn('[ConfirmationTokenService] cleanupExpired not implemented - rely on Firestore TTL');
+    logger.warn('cleanupExpired not implemented - relying on Firestore TTL', {
+      service: 'ConfirmationTokenService',
+      note: 'Configure Firestore TTL policy on requests collection group',
+    });
     return 0;
   }
 }

package/src/tools/confirm.ts

@@ -1,6 +1,6 @@
 /**
  * remember_confirm tool
- * 
+ *
  * Generic confirmation tool that executes any pending action.
  * This is the second phase of the confirmation workflow.
  */
@@ -10,13 +10,36 @@ import { confirmationTokenService, type ConfirmationRequest } from '../services/
 import { getWeaviateClient, getMemoryCollectionName } from '../weaviate/client.js';
 import { ensurePublicCollection } from '../weaviate/space-schema.js';
 import { handleToolError } from '../utils/error-handler.js';
+import { logger } from '../utils/logger.js';
 
 /**
  * Tool definition for remember_confirm
+ *
+ * CRITICAL SAFETY: This tool must ONLY be called after explicit user confirmation
+ * in a separate message. Never chain with other tools or call immediately after
+ * receiving a token. The confirmation workflow requires:
+ *
+ * 1. Agent calls remember_publish (or other confirmable action)
+ * 2. Agent receives token in response
+ * 3. Agent presents details to user and asks for confirmation
+ * 4. User responds in SEPARATE message with explicit yes/no
+ * 5. Agent calls remember_confirm or remember_deny in NEW response
+ *
+ * Chaining confirmations bypasses user consent and violates security model.
  */
 export const confirmTool: Tool = {
   name: 'remember_confirm',
-  description: 'Confirm and execute a pending action using the token. Works for any action that requires confirmation (publish, delete, etc.).',
+  description: `Confirm and execute a pending action using the token. Works for any action that requires confirmation (publish, delete, etc.).
+
+⚠️ CRITICAL SAFETY REQUIREMENTS:
+Before executing this tool, you MUST:
+1. Have received the confirmation token in a PREVIOUS tool response
+2. Have presented the token details to the user for review
+3. Have received EXPLICIT user confirmation in a SEPARATE user message
+4. NEVER chain this tool with other tool calls in the same response
+5. ALWAYS treat confirmations as standalone, deliberate actions
+
+Violating these requirements bypasses user consent and is a security violation.`,
   inputSchema: {
     type: 'object',
     properties: {
@@ -41,7 +64,8 @@ export async function handleConfirm(
   userId: string
 ): Promise<string> {
   try {
-    console.log('[remember_confirm] Starting confirmation:', {
+    logger.info('Starting confirmation', {
+      tool: 'remember_confirm',
       userId,
       token: args.token,
     });
@@ -49,13 +73,17 @@ export async function handleConfirm(
     // Validate and confirm token
     const request = await confirmationTokenService.confirmRequest(userId, args.token);
     
-    console.log('[remember_confirm] Token validation result:', {
+    logger.debug('Token validation result', {
+      tool: 'remember_confirm',
       requestFound: !!request,
       action: request?.action,
     });
 
     if (!request) {
-      console.log('[remember_confirm] Token invalid or expired');
+      logger.info('Token invalid or expired', {
+        tool: 'remember_confirm',
+        userId,
+      });
       return JSON.stringify(
         {
           success: false,
@@ -67,7 +95,11 @@ export async function handleConfirm(
       );
     }
 
-    console.log('[remember_confirm] Executing action:', request.action);
+    logger.info('Executing confirmed action', {
+      tool: 'remember_confirm',
+      action: request.action,
+      userId,
+    });
 
     // GENERIC: Execute action based on type
     // This is where the generic pattern delegates to action-specific executors
@@ -99,7 +131,8 @@ async function executePublishMemory(
   userId: string
 ): Promise<string> {
   try {
-    console.log('[executePublishMemory] Starting execution:', {
+    logger.info('Executing publish memory action', {
+      function: 'executePublishMemory',
       userId,
       memoryId: request.payload.memory_id,
       spaces: request.payload.spaces,
@@ -112,19 +145,27 @@ async function executePublishMemory(
       getMemoryCollectionName(userId)
     );
     
-    console.log('[executePublishMemory] Fetching original memory from:', getMemoryCollectionName(userId));
+    logger.debug('Fetching original memory', {
+      function: 'executePublishMemory',
+      collectionName: getMemoryCollectionName(userId),
+      memoryId: request.payload.memory_id,
+    });
 
     const originalMemory = await userCollection.query.fetchObjectById(
       request.payload.memory_id
     );
     
-    console.log('[executePublishMemory] Original memory fetch result:', {
+    logger.debug('Original memory fetch result', {
+      function: 'executePublishMemory',
       found: !!originalMemory,
       memoryId: request.payload.memory_id,
     });
 
     if (!originalMemory) {
-      console.log('[executePublishMemory] Memory not found');
+      logger.info('Original memory not found', {
+        function: 'executePublishMemory',
+        memoryId: request.payload.memory_id,
+      });
       return JSON.stringify(
         {
           success: false,
@@ -138,7 +179,12 @@ async function executePublishMemory(
 
     // Verify ownership again
     if (originalMemory.properties.user_id !== userId) {
-      console.log('[executePublishMemory] Permission denied - wrong owner');
+      logger.warn('Permission denied - wrong owner', {
+        function: 'executePublishMemory',
+        memoryId: request.payload.memory_id,
+        memoryOwner: originalMemory.properties.user_id,
+        requestingUser: userId,
+      });
       return JSON.stringify(
         {
           success: false,
@@ -150,12 +196,17 @@ async function executePublishMemory(
       );
     }
     
-    console.log('[executePublishMemory] Ensuring public collection');
+    logger.debug('Ensuring public collection exists', {
+      function: 'executePublishMemory',
+    });
 
     // Get unified public collection
     const publicCollection = await ensurePublicCollection(weaviateClient);
     
-    console.log('[executePublishMemory] Public collection ready');
+    logger.debug('Public collection ready', {
+      function: 'executePublishMemory',
+      collectionName: 'Memory_public',
+    });
 
     // Create published memory (copy with modifications)
     const originalTags = Array.isArray(originalMemory.properties.tags)
@@ -183,7 +234,8 @@ async function executePublishMemory(
       version: 1,
     };
 
-    console.log('[executePublishMemory] Inserting into Memory_public:', {
+    logger.info('Inserting memory into Memory_public', {
+      function: 'executePublishMemory',
       spaces: request.payload.spaces,
       spaceCount: request.payload.spaces?.length || 0,
       memoryId: request.payload.memory_id,
@@ -194,9 +246,10 @@ async function executePublishMemory(
     // Insert directly into unified public collection
     const result = await publicCollection.data.insert(publishedMemory as any);
     
-    console.log('[executePublishMemory] Insert result:', {
-      success: !!result,
+    logger.info('Memory published successfully', {
+      function: 'executePublishMemory',
       spaceMemoryId: result,
+      spaces: request.payload.spaces,
     });
 
     // Return minimal response with spaces array

package/src/tools/deny.ts

@@ -10,10 +10,32 @@ import { handleToolError } from '../utils/error-handler.js';
 
 /**
  * Tool definition for remember_deny
+ *
+ * CRITICAL SAFETY: This tool must ONLY be called after explicit user denial
+ * in a separate message. Never chain with other tools or call immediately after
+ * receiving a token. The denial workflow requires:
+ *
+ * 1. Agent calls remember_publish (or other confirmable action)
+ * 2. Agent receives token in response
+ * 3. Agent presents details to user and asks for confirmation
+ * 4. User responds in SEPARATE message with explicit denial
+ * 5. Agent calls remember_deny in NEW response
+ *
+ * Proper user consent workflow must be followed.
  */
 export const denyTool: Tool = {
   name: 'remember_deny',
-  description: 'Deny a pending action. The request will be marked as denied and the token invalidated. Works for any action that requires confirmation.',
+  description: `Deny a pending action. The request will be marked as denied and the token invalidated. Works for any action that requires confirmation.
+
+⚠️ CRITICAL SAFETY REQUIREMENTS:
+Before executing this tool, you MUST:
+1. Have received the confirmation token in a PREVIOUS tool response
+2. Have presented the token details to the user for review
+3. Have received EXPLICIT user denial in a SEPARATE user message
+4. NEVER chain this tool with other tool calls in the same response
+5. ALWAYS treat denials as standalone, deliberate actions
+
+This ensures proper user consent workflow is followed.`,
   inputSchema: {
     type: 'object',
     properties: {

package/src/tools/publish.ts

@@ -1,6 +1,6 @@
 /**
  * remember_publish tool
- * 
+ *
  * Generates a confirmation token for publishing a memory to a shared space.
  * This is the first phase of the two-phase publish workflow.
  */
@@ -11,6 +11,7 @@ import { getWeaviateClient, getMemoryCollectionName } from '../weaviate/client.j
 import { isValidSpaceId } from '../weaviate/space-schema.js';
 import { handleToolError } from '../utils/error-handler.js';
 import { SUPPORTED_SPACES } from '../types/space-memory.js';
+import { logger } from '../utils/logger.js';
 
 /**
  * Tool definition for remember_publish
@@ -60,7 +61,8 @@ export async function handlePublish(
   userId: string
 ): Promise<string> {
   try {
-    console.log('[remember_publish] Starting publish request:', {
+    logger.info('Starting publish request', {
+      tool: 'remember_publish',
       userId,
       memoryId: args.memory_id,
       spaces: args.spaces,
@@ -71,7 +73,11 @@ export async function handlePublish(
     // Validate all space IDs
     const invalidSpaces = args.spaces.filter(s => !isValidSpaceId(s));
     if (invalidSpaces.length > 0) {
-      console.log('[remember_publish] Invalid space IDs:', invalidSpaces);
+      logger.warn('Invalid space IDs provided', {
+        tool: 'remember_publish',
+        invalidSpaces,
+        providedSpaces: args.spaces,
+      });
       return JSON.stringify(
         {
           success: false,
@@ -90,7 +96,10 @@ export async function handlePublish(
     
     // Validate not empty
     if (args.spaces.length === 0) {
-      console.log('[remember_publish] Empty spaces array');
+      logger.warn('Empty spaces array provided', {
+        tool: 'remember_publish',
+        userId,
+      });
       return JSON.stringify(
         {
           success: false,
@@ -105,19 +114,28 @@ export async function handlePublish(
     // Verify memory exists and user owns it
     const weaviateClient = getWeaviateClient();
     const collectionName = getMemoryCollectionName(userId);
-    console.log('[remember_publish] Fetching memory from collection:', collectionName);
+    logger.debug('Fetching memory from collection', {
+      tool: 'remember_publish',
+      collectionName,
+      memoryId: args.memory_id,
+    });
     
     const userCollection = weaviateClient.collections.get(collectionName);
 
     const memory = await userCollection.query.fetchObjectById(args.memory_id);
     
-    console.log('[remember_publish] Memory fetch result:', {
+    logger.debug('Memory fetch result', {
+      tool: 'remember_publish',
       found: !!memory,
       memoryId: args.memory_id,
     });
 
     if (!memory) {
-      console.log('[remember_publish] Memory not found');
+      logger.info('Memory not found', {
+        tool: 'remember_publish',
+        memoryId: args.memory_id,
+        collectionName,
+      });
       return JSON.stringify(
         {
           success: false,
@@ -175,7 +193,12 @@ export async function handlePublish(
       additional_tags: args.additional_tags || [],
     };
 
-    console.log('[remember_publish] Generating confirmation token');
+    logger.info('Generating confirmation token', {
+      tool: 'remember_publish',
+      userId,
+      memoryId: args.memory_id,
+      spaces: args.spaces,
+    });
     
     // Generate confirmation token
     const { requestId, token} = await confirmationTokenService.createRequest(
@@ -185,10 +208,12 @@ export async function handlePublish(
       undefined  // No single target_collection anymore
     );
     
-    console.log('[remember_publish] Token generated:', {
+    logger.info('Confirmation token generated', {
+      tool: 'remember_publish',
       requestId,
       token,
       action: 'publish_memory',
+      spaces: args.spaces,
     });
 
     // Return minimal response - agent already knows memory details