npm - @prmichaelsen/remember-mcp - Versions diffs - 2.8.0 → 3.12.0 - Mend

@prmichaelsen/remember-mcp 2.8.0 → 3.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

package/AGENT.md +296 -250
package/CHANGELOG.md +468 -0
package/README.md +163 -46
package/agent/commands/acp.clarification-create.md +382 -0
package/agent/commands/acp.command-create.md +0 -1
package/agent/commands/acp.design-create.md +0 -1
package/agent/commands/acp.init.md +0 -1
package/agent/commands/acp.package-create.md +0 -1
package/agent/commands/acp.package-info.md +0 -1
package/agent/commands/acp.package-install.md +0 -1
package/agent/commands/acp.package-list.md +0 -1
package/agent/commands/acp.package-publish.md +0 -1
package/agent/commands/acp.package-remove.md +0 -1
package/agent/commands/acp.package-search.md +0 -1
package/agent/commands/acp.package-update.md +0 -1
package/agent/commands/acp.package-validate.md +0 -1
package/agent/commands/acp.pattern-create.md +0 -1
package/agent/commands/acp.plan.md +0 -1
package/agent/commands/acp.proceed.md +0 -1
package/agent/commands/acp.project-create.md +0 -1
package/agent/commands/acp.project-info.md +309 -0
package/agent/commands/acp.project-list.md +0 -1
package/agent/commands/acp.project-remove.md +379 -0
package/agent/commands/acp.project-set.md +0 -1
package/agent/commands/acp.project-update.md +296 -0
package/agent/commands/acp.report.md +0 -1
package/agent/commands/acp.resume.md +0 -1
package/agent/commands/acp.status.md +0 -1
package/agent/commands/acp.sync.md +0 -1
package/agent/commands/acp.task-create.md +17 -10
package/agent/commands/acp.update.md +0 -1
package/agent/commands/acp.validate.md +0 -1
package/agent/commands/acp.version-check-for-updates.md +0 -1
package/agent/commands/acp.version-check.md +0 -1
package/agent/commands/acp.version-update.md +0 -1
package/agent/commands/command.template.md +0 -5
package/agent/commands/git.commit.md +13 -2
package/agent/commands/git.init.md +0 -1
package/agent/design/comment-memory-type.md +2 -2
package/agent/design/local.collaborative-memory-sync.md +265 -0
package/agent/design/local.content-flags.md +210 -0
package/agent/design/local.ghost-persona-system.md +273 -0
package/agent/design/local.group-acl-integration.md +338 -0
package/agent/design/local.memory-acl-schema.md +352 -0
package/agent/design/local.memory-collection-pattern-v2.md +348 -0
package/agent/design/local.moderation-and-space-config.md +257 -0
package/agent/design/local.v2-api-reference.md +621 -0
package/agent/design/local.v2-migration-guide.md +191 -0
package/agent/design/local.v2-usage-examples.md +265 -0
package/agent/design/permissions-storage-architecture.md +11 -3
package/agent/design/soft-delete-system.md +291 -0
package/agent/design/trust-escalation-prevention.md +9 -2
package/agent/design/trust-system-implementation.md +12 -3
package/agent/milestones/milestone-13-soft-delete-system.md +306 -0
package/agent/milestones/milestone-14-memory-collection-v2.md +182 -0
package/agent/milestones/milestone-15-moderation-space-config.md +126 -0
package/agent/package.template.yaml +0 -17
package/agent/progress.yaml +762 -49
package/agent/scripts/acp.common.sh +2 -0
package/agent/scripts/acp.install.sh +15 -85
package/agent/scripts/acp.package-install-optimized.sh +454 -0
package/agent/scripts/acp.package-install.sh +248 -380
package/agent/scripts/acp.package-validate.sh +0 -99
package/agent/scripts/acp.project-info.sh +218 -0
package/agent/scripts/acp.project-remove.sh +302 -0
package/agent/scripts/acp.project-update.sh +296 -0
package/agent/scripts/acp.yaml-parser.sh +128 -10
package/agent/tasks/milestone-14-memory-collection-v2/task-165-core-infrastructure-setup.md +171 -0
package/agent/tasks/milestone-14-memory-collection-v2/task-166-update-remember-publish.md +191 -0
package/agent/tasks/milestone-14-memory-collection-v2/task-167-update-remember-retract.md +186 -0
package/agent/tasks/milestone-14-memory-collection-v2/task-168-implement-remember-revise.md +184 -0
package/agent/tasks/milestone-14-memory-collection-v2/task-169-update-remember-search-space.md +179 -0
package/agent/tasks/milestone-14-memory-collection-v2/task-170-update-remember-create-update.md +139 -0
package/agent/tasks/milestone-14-memory-collection-v2/task-172-performance-testing-optimization.md +161 -0
package/agent/tasks/milestone-14-memory-collection-v2/task-173-documentation-examples.md +258 -0
package/agent/tasks/milestone-15-moderation-space-config/task-174-add-moderation-schema-fields.md +57 -0
package/agent/tasks/milestone-15-moderation-space-config/task-175-create-space-config-service.md +64 -0
package/agent/tasks/milestone-15-moderation-space-config/task-176-wire-moderation-publish-flow.md +45 -0
package/agent/tasks/milestone-15-moderation-space-config/task-177-add-moderation-search-filters.md +70 -0
package/agent/tasks/milestone-15-moderation-space-config/task-178-create-remember-moderate-tool.md +69 -0
package/agent/tasks/milestone-15-moderation-space-config/task-179-documentation-integration-tests.md +58 -0
package/agent/tasks/milestone-16-ghost-system/task-187-ghost-config-firestore.md +41 -0
package/agent/tasks/milestone-16-ghost-system/task-188-trust-filter-integration.md +44 -0
package/agent/tasks/milestone-16-ghost-system/task-189-ghost-memory-filtering.md +43 -0
package/agent/tasks/milestone-16-ghost-system/task-190-ghost-config-tools.md +45 -0
package/agent/tasks/milestone-16-ghost-system/task-191-escalation-firestore.md +38 -0
package/agent/tasks/milestone-16-ghost-system/task-192-documentation-verification.md +39 -0
package/agent/tasks/milestone-7-trust-permissions/task-180-access-result-permission-types.md +69 -0
package/agent/tasks/milestone-7-trust-permissions/task-181-firestore-permissions-access-logs.md +56 -0
package/agent/tasks/milestone-7-trust-permissions/task-182-trust-enforcement-service.md +68 -0
package/agent/tasks/milestone-7-trust-permissions/task-183-access-control-service.md +70 -0
package/agent/tasks/milestone-7-trust-permissions/task-184-permission-tools.md +79 -0
package/agent/tasks/milestone-7-trust-permissions/task-185-wire-trust-into-search-query.md +55 -0
package/agent/tasks/milestone-7-trust-permissions/task-186-documentation-verification.md +56 -0
package/agent/tasks/task-70-add-soft-delete-schema-fields.md +165 -0
package/agent/tasks/task-71-implement-delete-confirmation-flow.md +257 -0
package/agent/tasks/task-72-add-deleted-filter-to-search-tools.md +18 -0
package/agent/tasks/task-73-update-relationship-handling.md +18 -0
package/agent/tasks/task-74-add-unit-tests-soft-delete.md +18 -0
package/agent/tasks/task-75-update-documentation-changelog.md +26 -0
package/agent/tasks/task-76-fix-indexnullstate-schema-bug.md +197 -0
package/dist/collections/composite-ids.d.ts +106 -0
package/dist/collections/core-infrastructure.spec.d.ts +11 -0
package/dist/collections/dot-notation.d.ts +106 -0
package/dist/collections/tracking-arrays.d.ts +176 -0
package/dist/constants/content-types.d.ts +1 -0
package/dist/schema/v2-collections-comments.spec.d.ts +8 -0
package/dist/schema/v2-collections.d.ts +210 -0
package/dist/server-factory.d.ts +15 -0
package/dist/server-factory.js +3261 -1316
package/dist/server.js +2926 -1236
package/dist/services/access-control.d.ts +103 -0
package/dist/services/access-control.spec.d.ts +2 -0
package/dist/services/credentials-provider.d.ts +24 -0
package/dist/services/credentials-provider.spec.d.ts +2 -0
package/dist/services/escalation.service.d.ts +22 -0
package/dist/services/escalation.service.spec.d.ts +2 -0
package/dist/services/ghost-config.service.d.ts +55 -0
package/dist/services/ghost-config.service.spec.d.ts +2 -0
package/dist/services/space-config.service.d.ts +23 -0
package/dist/services/space-config.service.spec.d.ts +2 -0
package/dist/services/trust-enforcement.d.ts +83 -0
package/dist/services/trust-enforcement.spec.d.ts +2 -0
package/dist/services/trust-validator.d.ts +43 -0
package/dist/services/trust-validator.spec.d.ts +2 -0
package/dist/tools/confirm-publish-moderation.spec.d.ts +8 -0
package/dist/tools/confirm.d.ts +8 -1
package/dist/tools/create-memory.d.ts +2 -1
package/dist/tools/create-memory.spec.d.ts +10 -0
package/dist/tools/create-relationship.d.ts +2 -1
package/dist/tools/delete-memory.d.ts +7 -31
package/dist/tools/delete-relationship.d.ts +2 -1
package/dist/tools/deny.d.ts +2 -1
package/dist/tools/find-similar.d.ts +10 -2
package/dist/tools/get-preferences.d.ts +2 -1
package/dist/tools/ghost-config.d.ts +27 -0
package/dist/tools/ghost-config.spec.d.ts +2 -0
package/dist/tools/moderate.d.ts +20 -0
package/dist/tools/moderate.spec.d.ts +5 -0
package/dist/tools/publish.d.ts +11 -3
package/dist/tools/query-memory.d.ts +11 -2
package/dist/tools/query-space.d.ts +4 -1
package/dist/tools/retract.d.ts +29 -0
package/dist/tools/revise.d.ts +45 -0
package/dist/tools/revise.spec.d.ts +8 -0
package/dist/tools/search-memory.d.ts +8 -1
package/dist/tools/search-relationship.d.ts +10 -2
package/dist/tools/search-space.d.ts +25 -5
package/dist/tools/search-space.spec.d.ts +9 -0
package/dist/tools/set-preference.d.ts +2 -1
package/dist/tools/update-memory.d.ts +2 -1
package/dist/tools/update-relationship.d.ts +2 -1
package/dist/types/access-result.d.ts +48 -0
package/dist/types/access-result.spec.d.ts +2 -0
package/dist/types/auth.d.ts +46 -0
package/dist/types/ghost-config.d.ts +36 -0
package/dist/types/memory.d.ts +11 -1
package/dist/types/preferences.d.ts +1 -1
package/dist/types/space-memory.d.ts +3 -0
package/dist/utils/auth-helpers.d.ts +14 -0
package/dist/utils/auth-helpers.spec.d.ts +2 -0
package/dist/utils/test-data-generator.d.ts +124 -0
package/dist/utils/test-data-generator.spec.d.ts +12 -0
package/dist/utils/weaviate-filters.d.ts +19 -0
package/dist/v2-performance.e2e.d.ts +17 -0
package/dist/v2-smoke.e2e.d.ts +14 -0
package/dist/weaviate/client.d.ts +5 -8
package/dist/weaviate/space-schema.d.ts +2 -2
package/docs/performance/v2-benchmarks.md +80 -0
package/jest.e2e.config.js +14 -3
package/package.json +1 -1
package/scripts/.collection-recreation-state.yaml +16 -0
package/scripts/.gitkeep +5 -0
package/scripts/README-collection-recreation.md +224 -0
package/scripts/README.md +51 -0
package/scripts/backup-collections.ts +543 -0
package/scripts/delete-collection.ts +137 -0
package/scripts/migrate-recreate-collections.ts +578 -0
package/scripts/migrate-v1-to-v2.ts +1094 -0
package/scripts/package-lock.json +1113 -0
package/scripts/package.json +27 -0
package/src/collections/composite-ids.ts +193 -0
package/src/collections/core-infrastructure.spec.ts +353 -0
package/src/collections/dot-notation.ts +212 -0
package/src/collections/tracking-arrays.ts +298 -0
package/src/constants/content-types.ts +20 -0
package/src/schema/v2-collections-comments.spec.ts +141 -0
package/src/schema/v2-collections.ts +433 -0
package/src/server-factory.ts +89 -20
package/src/server.ts +45 -17
package/src/services/access-control.spec.ts +383 -0
package/src/services/access-control.ts +291 -0
package/src/services/credentials-provider.spec.ts +22 -0
package/src/services/credentials-provider.ts +34 -0
package/src/services/escalation.service.spec.ts +183 -0
package/src/services/escalation.service.ts +150 -0
package/src/services/ghost-config.service.spec.ts +339 -0
package/src/services/ghost-config.service.ts +219 -0
package/src/services/space-config.service.spec.ts +102 -0
package/src/services/space-config.service.ts +79 -0
package/src/services/trust-enforcement.spec.ts +309 -0
package/src/services/trust-enforcement.ts +197 -0
package/src/services/trust-validator.spec.ts +108 -0
package/src/services/trust-validator.ts +105 -0
package/src/tools/confirm-publish-moderation.spec.ts +240 -0
package/src/tools/confirm.ts +914 -116
package/src/tools/create-memory.spec.ts +126 -0
package/src/tools/create-memory.ts +20 -27
package/src/tools/create-relationship.ts +30 -8
package/src/tools/delete-memory.ts +99 -64
package/src/tools/delete-relationship.ts +15 -6
package/src/tools/deny.ts +8 -1
package/src/tools/find-similar.ts +44 -6
package/src/tools/get-preferences.ts +10 -1
package/src/tools/ghost-config.spec.ts +180 -0
package/src/tools/ghost-config.ts +230 -0
package/src/tools/moderate.spec.ts +277 -0
package/src/tools/moderate.ts +219 -0
package/src/tools/publish.ts +99 -41
package/src/tools/query-memory.ts +44 -9
package/src/tools/query-space.ts +39 -4
package/src/tools/retract.ts +292 -0
package/src/tools/revise.spec.ts +146 -0
package/src/tools/revise.ts +283 -0
package/src/tools/search-memory.ts +46 -10
package/src/tools/search-relationship.ts +30 -7
package/src/tools/search-space.spec.ts +341 -0
package/src/tools/search-space.ts +323 -99
package/src/tools/set-preference.ts +10 -1
package/src/tools/update-memory.ts +24 -5
package/src/tools/update-relationship.ts +10 -1
package/src/types/access-result.spec.ts +193 -0
package/src/types/access-result.ts +62 -0
package/src/types/auth.ts +52 -0
package/src/types/ghost-config.ts +46 -0
package/src/types/memory.ts +20 -1
package/src/types/preferences.ts +2 -2
package/src/types/space-memory.ts +5 -0
package/src/utils/auth-helpers.spec.ts +75 -0
package/src/utils/auth-helpers.ts +25 -0
package/src/utils/test-data-generator.spec.ts +317 -0
package/src/utils/test-data-generator.ts +292 -0
package/src/utils/weaviate-filters.ts +32 -5
package/src/v2-performance.e2e.ts +173 -0
package/src/v2-smoke.e2e.ts +401 -0
package/src/weaviate/client.spec.ts +5 -5
package/src/weaviate/client.ts +55 -35
package/src/weaviate/schema.ts +11 -239
package/src/weaviate/space-schema.spec.ts +28 -25
package/src/weaviate/space-schema.ts +35 -11

package/agent/design/soft-delete-system.md ADDED Viewed

@@ -0,0 +1,291 @@
+# Soft Delete System
+**Concept**: Implement soft delete with confirmation flow for memory deletion
+**Created**: 2026-02-25
+**Status**: Design Specification
+---
+## Overview
+Implement a soft delete system that prevents accidental data loss by requiring confirmation before deletion and marking memories as deleted rather than permanently removing them. This enables recovery and maintains data integrity while providing a safer deletion workflow.
+---
+## Problem Statement
+Current deletion implementation has critical issues:
+- **No confirmation flow**: Memories are instantly deleted without user confirmation
+- **No recovery**: Deleted memories cannot be recovered
+- **No visibility**: Cannot search or view deleted memories
+- **Data loss risk**: Accidental deletions result in permanent data loss
+---
+## Solution
+Implement a comprehensive soft delete system with:
+1. **Confirmation Flow**: Reuse existing token-based confirmation system
+2. **Soft Delete Schema**: Add `deleted_at`, `deleted_by`, `deletion_reason` fields
+3. **Default Filtering**: Exclude deleted memories from all searches by default
+4. **Explicit Override**: `deleted_filter` parameter to include/only show deleted memories
+5. **Relationship Handling**: Mark relationships as "orphaned" when memories deleted
+6. **Breaking Change**: Immediate migration to new behavior (no feature flags)
+---
+## Implementation
+### Schema Changes
+Add three new fields to Memory schema (both `Memory_{user_id}` and `Memory_public`):
+```typescript
+{
+  name: 'deleted_at',
+  dataType: 'date' as any,
+  description: 'Timestamp when memory was soft-deleted (null = not deleted)'
+},
+{
+  name: 'deleted_by',
+  dataType: 'text' as any,
+  description: 'User ID who deleted the memory'
+},
+{
+  name: 'deletion_reason',
+  dataType: 'text' as any,
+  description: 'Optional reason for deletion'
+}
+```
+**Note**: `deleted_at` is nullable. `null` or missing = not deleted.
+### Tool Modifications
+#### `remember_delete_memory` (Modified)
+**Old Behavior**: Immediately deletes memory from Weaviate
+**New Behavior**: Creates confirmation token and returns it
+```typescript
+// Input
+{
+  memory_id: string;
+  reason?: string;  // Optional deletion reason
+}
+// Output
+{
+  success: true;
+  token: string;
+  expires_at: string;
+  preview: {
+    memory_id: string;
+    content: string;
+    relationships_count: number;
+    will_orphan: string[];  // IDs of relationships that will be orphaned
+  }
+}
+```
+#### `remember_confirm` (Enhanced)
+Already handles confirmation. Will be enhanced to support `delete_memory` action:
+```typescript
+// When confirming deletion
+{
+  action: 'delete_memory',
+  payload: {
+    memory_id: string;
+    reason?: string;
+  }
+}
+// Execution:
+// 1. Update memory: deleted_at = now(), deleted_by = user_id, deletion_reason = reason
+// 2. Mark relationships as orphaned (implementation TBD)
+// 3. Return success
+```
+#### `remember_deny` (No Changes)
+Already handles denial of any pending action.
+### Search Tool Modifications
+All search tools get new `deleted_filter` parameter:
+```typescript
+deleted_filter?: 'exclude' | 'include' | 'only'
+// Default: 'exclude'
+```
+**Affected Tools**:
+- `remember_search_memory`
+- `remember_query_memory`
+- `remember_find_similar`
+- `remember_search_relationship`
+**Filter Implementation** (Weaviate query level):
+```typescript
+// deleted_filter: 'exclude' (default)
+.where(Filters.or(
+  collection.filter.byProperty('deleted_at').isNull(true),
+  // ... other filters
+))
+// deleted_filter: 'include'
+// No filter applied
+// deleted_filter: 'only'
+.where(
+  collection.filter.byProperty('deleted_at').isNull(false)
+)
+```
+### Relationship Handling
+**When memory is soft-deleted**:
+- Relationships remain in database
+- Relationships are marked as "orphaned" (implementation TBD - may use a flag or computed property)
+- Searching relationships excludes deleted memories by default
+**Creating relationships**:
+- Cannot create relationship with deleted memory
+- Error: "Cannot create relationship: memory {id} is deleted"
+**Updating deleted memories**:
+- Error: "Cannot update deleted memory"
+- User must restore first (future enhancement)
+---
+## Benefits
+1. **Safety**: Confirmation flow prevents accidental deletions
+2. **Recovery**: Soft delete enables future restoration feature
+3. **Audit Trail**: Track who deleted what and when
+4. **Flexibility**: `deleted_filter` parameter allows searching deleted memories when needed
+5. **Data Integrity**: Relationships preserved (orphaned but not lost)
+---
+## Trade-offs
+1. **Storage**: Deleted memories consume storage (acceptable trade-off)
+2. **Complexity**: Additional filtering logic in all search tools
+3. **Breaking Change**: Immediate behavior change (no backward compatibility)
+4. **No Restoration**: Phase 1 doesn't include restoration tool (future enhancement)
+5. **Shared Spaces**: Deleted published memories remain in spaces (future: `remember_retract`)
+---
+## Migration Strategy
+### Existing Data
+**Approach**: Treat missing `deleted_at` field as "not deleted"
+- No migration script needed
+- Existing memories implicitly have `deleted_at: null`
+- Weaviate `isNull(true)` filter handles this correctly
+### API Changes
+**Breaking Change**: Immediate migration
+- `remember_delete_memory` behavior changes immediately
+- All search tools add `deleted_filter` parameter (default: 'exclude')
+- No feature flags or gradual rollout
+- Version bump: v2.8.0 → v3.0.0 (major version)
+---
+## Future Enhancements
+### Phase 2: Recovery (Future)
+- `remember_restore_memory` tool
+- Confirmation flow for restoration
+- Automatic relationship restoration
+### Phase 3: Permanent Deletion (Not Planned)
+- No permanent deletion feature
+- Soft delete is sufficient
+- Storage cost is acceptable
+### Phase 4: Shared Space Integration (Future)
+- `remember_retract` tool to unpublish memories
+- Separate from deletion
+- Requires confirmation
+### Phase 5: Moderation (Future)
+- Space moderators can hide memories
+- Uses `moderation_flags` instead of `deleted_at`
+- Separate from user deletion
+---
+## Security Considerations
+### Access Control
+**Deleted memories**:
+- Only owner can search their deleted memories (`deleted_filter: 'include'` or `'only'`)
+- Other users cannot see deleted memories (filtered out)
+- Shared space memories remain visible until retracted (future enhancement)
+**Confirmation tokens**:
+- Reuse existing token service
+- 5-minute expiry
+- One-time use
+---
+## Testing Strategy
+1. **Unit Tests**:
+   - Schema field validation
+   - Filter logic (exclude/include/only)
+   - Confirmation flow
+   - Relationship orphaning
+2. **Integration Tests**:
+   - End-to-end deletion workflow
+   - Search with deleted_filter variations
+   - Relationship creation with deleted memories (should fail)
+   - Update deleted memory (should fail)
+3. **Edge Cases**:
+   - Delete already deleted memory
+   - Confirm expired token
+   - Search with invalid deleted_filter value
+---
+## Documentation Updates
+1. **README.md**: Update deletion workflow examples
+2. **CHANGELOG.md**: Document breaking change (v3.0.0)
+3. **Tool Descriptions**: Update all affected tools
+4. **Migration Guide**: Document behavior changes
+---
+## Open Questions
+**From Clarification Document**:
+1. **Agent Permission** (Item 3.2, Question 3):
+   > "Should agents be able to search deleted memories without explicit user permission, or should this require a special flag?"
+   > Response: "Clarification needed"
+   **Recommendation**: Allow agents to search deleted memories if user explicitly requests it in natural language (e.g., "search my deleted memories"). The `deleted_filter` parameter provides the mechanism. No additional permission system needed.
+---
+**Status**: Design Specification Complete
+**Recommendation**: Proceed with milestone and task creation
+**Priority**: Highest (per user feedback)
+**Estimated Effort**: 2-3 weeks

package/agent/design/trust-escalation-prevention.md CHANGED Viewed

@@ -1,9 +1,16 @@
 # Trust Escalation Prevention
-**Concept**: Automatic trust reduction for repeated unauthorized access attempts
-**Created**: 2026-02-11
+**Concept**: Automatic trust reduction for repeated unauthorized access attempts
+**Created**: 2026-02-11
+**Updated**: 2026-02-27
 **Status**: Design Specification
+> **NOTE (2026-02-27)**: Trust escalation applies to ghost/persona conversations (confirmed in
+> clarification-3). When a user repeatedly asks a ghost about topics above their trust level,
+> the escalation system triggers: -0.1 trust per failed attempt, block after 3 attempts. The
+> ghost's system prompt warns progressively before backend escalation kicks in.
+> See `local.ghost-persona-system.md` for ghost-specific escalation behavior.
 ---
 ## Overview

package/agent/design/trust-system-implementation.md CHANGED Viewed

@@ -1,8 +1,17 @@
 # Trust System Implementation - Prompt-Based Enforcement
-**Concept**: Trust enforcement through LLM prompting and validation
-**Created**: 2026-02-11
-**Status**: Design Specification
+**Concept**: Trust enforcement through LLM prompting and validation
+**Created**: 2026-02-11
+**Updated**: 2026-02-27
+**Status**: Superseded by Ghost/Persona Design
+> **NOTE (2026-02-27)**: This document describes **prompt-based enforcement** as the primary
+> trust mechanism. Per the ghost/persona design (`local.ghost-persona-system.md`), the primary
+> enforcement is now **query-level filtering** at the Weaviate layer — memories above the
+> accessor's trust threshold are never returned. Prompt-based enforcement remains as one of
+> three configurable modes (query, prompt, hybrid), but query is the default. The prompt-based
+> approach described here applies only when enforcement_mode is set to 'prompt' or 'hybrid'.
+> See `local.ghost-persona-system.md` for the current architecture.
 ---

package/agent/milestones/milestone-13-soft-delete-system.md ADDED Viewed

@@ -0,0 +1,306 @@
+# Milestone 13: Soft Delete System
+**Goal**: Implement safe deletion with confirmation flow and recovery capabilities
+**Duration**: 2-3 weeks
+**Dependencies**: M10 (Shared Spaces - for confirmation token service)
+**Status**: Not Started
+**Priority**: Highest
+---
+## Overview
+Implement a comprehensive soft delete system that prevents accidental data loss by requiring confirmation before deletion and marking memories as deleted rather than permanently removing them. This enables future recovery features and maintains data integrity while providing a safer deletion workflow.
+**Key Innovation**: Reuse existing confirmation token service from `remember_publish` for a consistent user experience across all destructive operations.
+---
+## Deliverables
+### 1. Schema Updates (3 new fields)
+- Add `deleted_at` field (date, nullable) - Timestamp of deletion
+- Add `deleted_by` field (text) - User ID who deleted the memory
+- Add `deletion_reason` field (text) - Optional reason for deletion
+### 2. Confirmation Flow
+- Modify `remember_delete_memory` to create confirmation token
+- Enhance `remember_confirm` to handle `delete_memory` action
+- Include deletion preview (content, relationship count, orphaned relationships)
+### 3. Search Tool Updates (4 tools)
+- Add `deleted_filter` parameter to `remember_search_memory`
+- Add `deleted_filter` parameter to `remember_query_memory`
+- Add `deleted_filter` parameter to `remember_find_similar`
+- Add `deleted_filter` parameter to `remember_search_relationship`
+### 4. Relationship Handling
+- Mark relationships as "orphaned" when memory deleted
+- Prevent creating relationships with deleted memories
+- Exclude deleted memories from relationship searches by default
+### 5. Error Handling
+- Return error when updating deleted memory
+- Return error when creating relationship with deleted memory
+- Clear error messages with actionable guidance
+### 6. Documentation Updates
+- Update README with new deletion workflow
+- Document breaking changes in CHANGELOG (v3.0.0)
+- Update tool descriptions
+- Add migration guide
+### 7. Testing
+- Unit tests for schema fields
+- Unit tests for confirmation flow
+- Unit tests for deleted_filter parameter
+- Unit tests for relationship orphaning
+- Integration tests for full deletion workflow
+---
+## Success Criteria
+- [ ] Schema has 3 new fields: `deleted_at`, `deleted_by`, `deletion_reason`
+- [ ] `remember_delete_memory` creates confirmation token (not immediate delete)
+- [ ] `remember_confirm` handles `delete_memory` action
+- [ ] Deletion preview shows content and relationship impact
+- [ ] All 4 search tools have `deleted_filter` parameter
+- [ ] Default behavior excludes deleted memories from all searches
+- [ ] `deleted_filter: "include"` shows all memories (deleted + active)
+- [ ] `deleted_filter: "only"` shows only deleted memories
+- [ ] Relationships marked as orphaned when memory deleted
+- [ ] Cannot create relationship with deleted memory (returns error)
+- [ ] Cannot update deleted memory (returns error)
+- [ ] All existing tests still passing
+- [ ] New soft delete tests passing
+- [ ] TypeScript compiles without errors
+- [ ] Build successful
+- [ ] Documentation updated with examples
+- [ ] CHANGELOG documents breaking changes
+- [ ] Version bumped to v3.0.0 (major version)
+---
+## Key Files to Create/Modify
+```
+src/
+├── weaviate/
+│   ├── schema.ts                    # Add 3 new fields to Memory schema
+│   └── space-schema.ts              # Add 3 new fields to Memory_public
+├── tools/
+│   ├── delete-memory.ts             # Modify to create confirmation token
+│   ├── confirm.ts                   # Enhance to handle delete_memory action
+│   ├── search-memory.ts             # Add deleted_filter parameter
+│   ├── query-memory.ts              # Add deleted_filter parameter
+│   ├── find-similar.ts              # Add deleted_filter parameter
+│   ├── search-relationship.ts       # Add deleted_filter parameter
+│   ├── create-relationship.ts       # Prevent relationships with deleted memories
+│   └── update-memory.ts             # Prevent updating deleted memories
+├── utils/
+│   └── weaviate-filters.ts          # Add deleted_filter helper functions
+└── types/
+    └── memory.ts                    # Add DeletedFilter type
+tests/
+└── unit/
+    ├── schema.test.ts               # Test new fields
+    ├── space-schema.test.ts         # Test new fields in public collection
+    ├── delete-memory.test.ts        # Test confirmation flow
+    ├── confirm.test.ts              # Test delete_memory action
+    ├── search-memory.test.ts        # Test deleted_filter
+    ├── query-memory.test.ts         # Test deleted_filter
+    ├── find-similar.test.ts         # Test deleted_filter
+    └── search-relationship.test.ts  # Test deleted_filter
+agent/
+└── design/
+    └── soft-delete-system.md        # ✅ Already created
+```
+---
+## Implementation Tasks
+See individual task documents:
+- Task 70: Add Soft Delete Schema Fields
+- Task 71: Implement Delete Confirmation Flow
+- Task 72: Add deleted_filter to Search Tools
+- Task 73: Update Relationship Handling for Deleted Memories
+- Task 74: Add Unit Tests for Soft Delete
+- Task 75: Update Documentation and CHANGELOG
+---
+## Architecture Notes
+### Soft Delete vs Hard Delete
+**Soft Delete** (Implemented):
+- Memory remains in Weaviate
+- `deleted_at` field set to current timestamp
+- Filtered out by default
+- Can be searched with `deleted_filter: "include"` or `"only"`
+- Enables future restoration feature
+**Hard Delete** (Not Implemented):
+- Memory permanently removed from Weaviate
+- Cannot be recovered
+- Not planned for this milestone
+### Confirmation Token Reuse
+**Existing Service**: `ConfirmationTokenService` (from M10)
+- Already handles token generation, validation, expiry
+- Stores tokens in Firestore: `users/{user_id}/requests/{request_id}`
+- 5-minute expiry
+- One-time use
+**New Action**: `delete_memory`
+```typescript
+{
+  action: 'delete_memory',
+  payload: {
+    memory_id: string;
+    reason?: string;
+  }
+}
+```
+### Filter Implementation
+**Weaviate Query Level**:
+```typescript
+// deleted_filter: 'exclude' (default)
+collection.query.hybrid(query)
+  .where(Filters.or(
+    collection.filter.byProperty('deleted_at').isNull(true),
+    // ... other filters
+  ))
+// deleted_filter: 'include'
+// No deleted_at filter applied
+// deleted_filter: 'only'
+collection.query.hybrid(query)
+  .where(
+    collection.filter.byProperty('deleted_at').isNull(false)
+  )
+```
+### Relationship Orphaning
+**Implementation Options**:
+1. **Computed Property** (Recommended): Check if any memory in relationship is deleted
+2. **Flag Field**: Add `is_orphaned` boolean to relationship
+3. **Status Field**: Add `status: "active" | "orphaned"` to relationship
+**Recommendation**: Use computed property (Option 1) - no schema changes needed, always accurate.
+### Breaking Changes
+**Version**: v2.8.0 → v3.0.0 (major version bump)
+**Changes**:
+1. `remember_delete_memory` behavior changes (immediate → confirmation)
+2. All search tools add `deleted_filter` parameter
+3. Default search behavior excludes deleted memories
+**Migration Path**:
+- No code changes required for users
+- Behavior change is immediate
+- Existing memories implicitly have `deleted_at: null`
+---
+## Testing Strategy
+1. **Unit Tests**: Schema fields, filter logic, confirmation flow
+2. **Integration Tests**: End-to-end deletion workflow
+3. **Edge Cases**: Delete deleted memory, expired tokens, invalid filters
+4. **Performance Tests**: Search with large numbers of deleted memories
+---
+## Future Phases
+**Phase 2: Recovery** (Future - Not in M13):
+- `remember_restore_memory` tool
+- Confirmation flow for restoration
+- Automatic relationship restoration
+- Restore to original state
+**Phase 3: Shared Space Integration** (Future):
+- `remember_retract` tool to unpublish memories
+- Separate from deletion
+- Requires confirmation
+- Removes from shared spaces
+**Phase 4: Moderation** (Future):
+- Space moderators can hide memories
+- Uses `moderation_flags` instead of `deleted_at`
+- Separate from user deletion
+- Per-space moderation
+---
+## Breaking Changes
+**API Changes**:
+- `remember_delete_memory` now returns confirmation token (not immediate delete)
+- All search tools add `deleted_filter` parameter (default: 'exclude')
+- Default search behavior changes (excludes deleted memories)
+**Data Changes**:
+- None (existing memories implicitly have `deleted_at: null`)
+**Behavior Changes**:
+- Deletion requires confirmation (two-step process)
+- Deleted memories remain in database (soft delete)
+- Cannot update or create relationships with deleted memories
+---
+## Security Considerations
+**Access Control**:
+- Only owner can delete their memories
+- Only owner can search their deleted memories
+- Confirmation tokens are user-specific
+- Deleted memories not visible to other users
+**Data Retention**:
+- Deleted memories remain in database indefinitely
+- No automatic purge policy
+- Storage cost is acceptable trade-off for safety
+---
+## Documentation Requirements
+1. **README.md**:
+   - Update deletion workflow section
+   - Add examples of `deleted_filter` usage
+   - Document confirmation flow
+2. **CHANGELOG.md**:
+   - Document breaking changes (v3.0.0)
+   - List all modified tools
+   - Provide migration guidance
+3. **Tool Descriptions**:
+   - Update `remember_delete_memory` description
+   - Add `deleted_filter` parameter to 4 search tools
+   - Update error messages
+4. **Migration Guide**:
+   - Explain behavior changes
+   - Provide code examples
+   - Document version bump rationale
+---
+**Next Milestone**: M5 - Template System (deferred until M13 complete)
+**Blockers**: None (builds on M10 confirmation token service)
+**Priority**: Highest (per user feedback)