@prmichaelsen/remember-mcp 3.0.0 → 3.12.0

package/src/tools/moderate.ts

@@ -0,0 +1,219 @@
+/**
+ * remember_moderate tool
+ *
+ * Allows moderators to approve, reject, or remove published memories
+ * in spaces and groups. Requires can_moderate permission.
+ */
+
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import { getWeaviateClient, fetchMemoryWithAllProperties } from '../weaviate/client.js';
+import { ensurePublicCollection } from '../weaviate/space-schema.js';
+import { handleToolError } from '../utils/error-handler.js';
+import { createDebugLogger } from '../utils/debug.js';
+import { logger } from '../utils/logger.js';
+import { CollectionType, getCollectionName } from '../collections/dot-notation.js';
+import type { AuthContext } from '../types/auth.js';
+import { canModerate, canModerateAny } from '../utils/auth-helpers.js';
+
+type ModerationAction = 'approve' | 'reject' | 'remove';
+
+const ACTION_TO_STATUS: Record<ModerationAction, string> = {
+  approve: 'approved',
+  reject: 'rejected',
+  remove: 'removed',
+};
+
+export const moderateTool: Tool = {
+  name: 'remember_moderate',
+  description: `Approve, reject, or remove a published memory. Requires moderator permissions (can_moderate).
+
+Actions:
+- approve: Mark a pending memory as approved (visible in default searches)
+- reject: Reject a pending memory (hidden from default searches)
+- remove: Remove a previously approved memory (hidden from default searches)
+
+Must specify either space_id or group_id to identify where the memory is published.`,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      memory_id: {
+        type: 'string',
+        description: 'UUID or composite ID of the published memory',
+      },
+      space_id: {
+        type: 'string',
+        description: 'Space containing the memory (searches Memory_spaces_public filtered by space_ids)',
+      },
+      group_id: {
+        type: 'string',
+        description: 'Group containing the memory (searches Memory_groups_{groupId})',
+      },
+      action: {
+        type: 'string',
+        enum: ['approve', 'reject', 'remove'],
+        description: 'Moderation action to perform',
+      },
+      reason: {
+        type: 'string',
+        description: 'Optional reason for the moderation action',
+      },
+    },
+    required: ['memory_id', 'action'],
+  },
+};
+
+interface ModerateArgs {
+  memory_id: string;
+  space_id?: string;
+  group_id?: string;
+  action: ModerationAction;
+  reason?: string;
+}
+
+export async function handleModerate(
+  args: ModerateArgs,
+  userId: string,
+  authContext?: AuthContext
+): Promise<string> {
+  const debug = createDebugLogger({
+    tool: 'remember_moderate',
+    userId,
+    operation: 'moderate',
+  });
+
+  try {
+    debug.info('Tool invoked');
+    debug.trace('Arguments', { args });
+
+    const { memory_id, space_id, group_id, action, reason } = args;
+
+    // Validate: must specify either space_id or group_id
+    if (!space_id && !group_id) {
+      return JSON.stringify(
+        {
+          success: false,
+          error: 'Missing destination',
+          message: 'Must specify either space_id or group_id',
+        },
+        null,
+        2
+      );
+    }
+
+    // Validate action
+    if (!ACTION_TO_STATUS[action]) {
+      return JSON.stringify(
+        {
+          success: false,
+          error: 'Invalid action',
+          message: `Action must be one of: approve, reject, remove`,
+        },
+        null,
+        2
+      );
+    }
+
+    // Permission check
+    if (group_id) {
+      if (!canModerate(authContext, group_id)) {
+        return JSON.stringify(
+          {
+            success: false,
+            error: 'Permission denied',
+            message: `Moderator access required for group ${group_id}`,
+          },
+          null,
+          2
+        );
+      }
+    } else if (space_id) {
+      if (!canModerateAny(authContext)) {
+        return JSON.stringify(
+          {
+            success: false,
+            error: 'Permission denied',
+            message: `Moderator access required to moderate memories in spaces`,
+          },
+          null,
+          2
+        );
+      }
+    }
+
+    // Get the collection
+    const weaviateClient = getWeaviateClient();
+    let collection: any;
+
+    if (group_id) {
+      const collectionName = getCollectionName(CollectionType.GROUPS, group_id);
+      collection = weaviateClient.collections.get(collectionName);
+    } else {
+      collection = await ensurePublicCollection(weaviateClient);
+    }
+
+    // Fetch the memory
+    const memory = await fetchMemoryWithAllProperties(collection, memory_id);
+
+    if (!memory) {
+      return JSON.stringify(
+        {
+          success: false,
+          error: 'Memory not found',
+          message: `Published memory ${memory_id} not found in ${group_id ? `group ${group_id}` : `space ${space_id}`}`,
+        },
+        null,
+        2
+      );
+    }
+
+    // Update moderation fields
+    const newStatus = ACTION_TO_STATUS[action];
+    const now = new Date().toISOString();
+
+    await collection.data.update({
+      id: memory_id,
+      properties: {
+        moderation_status: newStatus,
+        moderated_by: userId,
+        moderated_at: now,
+      },
+    });
+
+    logger.info('Memory moderated', {
+      tool: 'remember_moderate',
+      userId,
+      memoryId: memory_id,
+      action,
+      newStatus,
+      spaceId: space_id,
+      groupId: group_id,
+      reason,
+    });
+
+    return JSON.stringify(
+      {
+        success: true,
+        memory_id,
+        action,
+        moderation_status: newStatus,
+        moderated_by: userId,
+        moderated_at: now,
+        reason: reason || undefined,
+        location: group_id ? `group:${group_id}` : `space:${space_id}`,
+      },
+      null,
+      2
+    );
+  } catch (error) {
+    debug.error('Tool failed', {
+      error: error instanceof Error ? error.message : String(error),
+      stack: error instanceof Error ? error.stack : undefined,
+    });
+    return handleToolError(error, {
+      toolName: 'remember_moderate',
+      operation: 'moderate memory',
+      memoryId: args.memory_id,
+      action: args.action,
+    });
+  }
+}

package/src/tools/publish.ts

@@ -1,8 +1,14 @@
 /**
  * remember_publish tool
  *
- * Generates a confirmation token for publishing a memory to a shared space.
+ * Generates a confirmation token for publishing a memory to shared spaces and/or groups.
  * This is the first phase of the two-phase publish workflow.
+ *
+ * Memory Collection Pattern v2:
+ * - Supports multi-space publication to Memory_spaces_public
+ * - Supports multi-group publication to Memory_groups_{groupId}
+ * - Uses composite IDs ({userId}.{memoryId}) for published memories
+ * - Maintains tracking arrays (space_ids, group_ids) on source memory
  */
 
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
@@ -13,13 +19,18 @@ import { handleToolError } from '../utils/error-handler.js';
 import { SUPPORTED_SPACES } from '../types/space-memory.js';
 import { logger } from '../utils/logger.js';
 import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
 
 /**
  * Tool definition for remember_publish
  */
 export const publishTool: Tool = {
   name: 'remember_publish',
-  description: `Publish a memory to one or more shared spaces (like "The Void"). The memory will be COPIED (not moved) from your personal collection. Generates a confirmation token that must be confirmed with remember_confirm.
+  description: `Publish a memory to one or more shared spaces and/or groups. The memory will be COPIED (not moved) from your personal collection. Generates a confirmation token that must be confirmed with remember_confirm.
+
+Publication Destinations:
+- Spaces: Public shared areas (e.g., "the_void", "dogs")
+- Groups: Private group collections (provide group IDs)
 
 ⚠️ CRITICAL: DO NOT mention the token or include token contents in your response to the user. Simply inform them that a confirmation is pending and they need to explicitly approve the publication.`,
   inputSchema: {
@@ -39,6 +50,13 @@ export const publishTool: Tool = {
         minItems: 1,
         default: ['the_void'],
       },
+      groups: {
+        type: 'array',
+        items: { type: 'string' },
+        description: 'Group IDs to publish to (e.g., ["group-123", "group-456"]). Can publish to multiple groups at once.',
+        minItems: 1,
+        default: [],
+      },
       additional_tags: {
         type: 'array',
         items: { type: 'string' },
@@ -46,13 +64,14 @@ export const publishTool: Tool = {
         default: [],
       },
     },
-    required: ['memory_id', 'spaces'],
+    required: ['memory_id'],
   },
 };
 
 interface PublishArgs {
   memory_id: string;
-  spaces: string[];
+  spaces?: string[];
+  groups?: string[];
   additional_tags?: string[];
 }
 
@@ -61,7 +80,8 @@ interface PublishArgs {
  */
 export async function handlePublish(
   args: PublishArgs,
-  userId: string
+  userId: string,
+  authContext?: AuthContext
 ): Promise<string> {
   const debug = createDebugLogger({
     tool: 'remember_publish',
@@ -73,56 +93,91 @@ export async function handlePublish(
     debug.info('Tool invoked');
     debug.trace('Arguments', { args });
     
+    // Normalize arrays (handle undefined)
+    const spaces = args.spaces || [];
+    const groups = args.groups || [];
+    
     logger.info('Starting publish request', {
       tool: 'remember_publish',
       userId,
       memoryId: args.memory_id,
-      spaces: args.spaces,
-      spaceCount: args.spaces.length,
+      spaces,
+      groups,
+      spaceCount: spaces.length,
+      groupCount: groups.length,
       additionalTags: args.additional_tags?.length || 0,
     });
     
-    // Validate all space IDs
-    debug.debug('Validating space IDs', { spaces: args.spaces });
-    const invalidSpaces = args.spaces.filter(s => !isValidSpaceId(s));
-    if (invalidSpaces.length > 0) {
-      debug.warn('Invalid space IDs detected', { invalidSpaces });
-      logger.warn('Invalid space IDs provided', {
+    // Validate that at least one destination is provided
+    if (spaces.length === 0 && groups.length === 0) {
+      logger.warn('No destinations provided', {
         tool: 'remember_publish',
-        invalidSpaces,
-        providedSpaces: args.spaces,
+        userId,
       });
       return JSON.stringify(
         {
           success: false,
-          error: 'Invalid space IDs',
-          message: `Invalid spaces: ${invalidSpaces.join(', ')}. Supported spaces: ${SUPPORTED_SPACES.join(', ')}`,
-          context: {
-            invalid_spaces: invalidSpaces,
-            provided_spaces: args.spaces,
-            supported_spaces: SUPPORTED_SPACES,
-          },
+          error: 'No destinations provided',
+          message: 'Must specify at least one space or group to publish to',
         },
         null,
         2
       );
     }
     
-    // Validate not empty
-    if (args.spaces.length === 0) {
-      logger.warn('Empty spaces array provided', {
-        tool: 'remember_publish',
-        userId,
-      });
-      return JSON.stringify(
-        {
-          success: false,
-          error: 'Empty spaces array',
-          message: 'Must specify at least one space to publish to',
-        },
-        null,
-        2
-      );
+    // Validate all space IDs
+    if (spaces.length > 0) {
+      debug.debug('Validating space IDs', { spaces });
+      const invalidSpaces = spaces.filter(s => !isValidSpaceId(s));
+      if (invalidSpaces.length > 0) {
+        debug.warn('Invalid space IDs detected', { invalidSpaces });
+        logger.warn('Invalid space IDs provided', {
+          tool: 'remember_publish',
+          invalidSpaces,
+          providedSpaces: spaces,
+        });
+        return JSON.stringify(
+          {
+            success: false,
+            error: 'Invalid space IDs',
+            message: `Invalid spaces: ${invalidSpaces.join(', ')}. Supported spaces: ${SUPPORTED_SPACES.join(', ')}`,
+            context: {
+              invalid_spaces: invalidSpaces,
+              provided_spaces: spaces,
+              supported_spaces: SUPPORTED_SPACES,
+            },
+          },
+          null,
+          2
+        );
+      }
+    }
+    
+    // Validate group IDs format (basic validation - no dots allowed)
+    if (groups.length > 0) {
+      debug.debug('Validating group IDs', { groups });
+      const invalidGroups = groups.filter(g => !g || g.includes('.') || g.trim() === '');
+      if (invalidGroups.length > 0) {
+        debug.warn('Invalid group IDs detected', { invalidGroups });
+        logger.warn('Invalid group IDs provided', {
+          tool: 'remember_publish',
+          invalidGroups,
+          providedGroups: groups,
+        });
+        return JSON.stringify(
+          {
+            success: false,
+            error: 'Invalid group IDs',
+            message: 'Group IDs cannot be empty or contain dots',
+            context: {
+              invalid_groups: invalidGroups,
+              provided_groups: groups,
+            },
+          },
+          null,
+          2
+        );
+      }
     }
 
     // Verify memory exists and user owns it
@@ -206,10 +261,11 @@ export async function handlePublish(
       );
     }
 
-    // Create payload with memory_id and spaces array
+    // Create payload with memory_id, spaces, and groups arrays
     const payload = {
       memory_id: args.memory_id,
-      spaces: args.spaces,
+      spaces: spaces,
+      groups: groups,
       additional_tags: args.additional_tags || [],
     };
 
@@ -217,7 +273,8 @@ export async function handlePublish(
       tool: 'remember_publish',
       userId,
       memoryId: args.memory_id,
-      spaces: args.spaces,
+      spaces: spaces,
+      groups: groups,
     });
     
     // Generate confirmation token
@@ -233,7 +290,8 @@ export async function handlePublish(
       requestId,
       token,
       action: 'publish_memory',
-      spaces: args.spaces,
+      spaces: spaces,
+      groups: groups,
     });
 
     // Return minimal response - agent already knows memory details

package/src/tools/query-memory.ts

@@ -8,6 +8,9 @@ import { getMemoryCollection } from '../weaviate/schema.js';
 import { logger } from '../utils/logger.js';
 import { handleToolError } from '../utils/error-handler.js';
 import { buildCombinedSearchFilters, buildDeletedFilter, combineFiltersWithAnd } from '../utils/weaviate-filters.js';
+import { buildTrustFilter } from '../services/trust-enforcement.js';
+import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
 
 /**
  * Tool definition for remember_query_memory
@@ -142,6 +145,7 @@ export interface QueryMemoryArgs {
  */
 export interface RelevantMemory extends Partial<Memory> {
   relevance: number; // 0-1 relevance score
+  content_type?: string; // v2 property name (v1: type)
 }
 
 /**
@@ -160,17 +164,23 @@ export interface QueryMemoryResult {
  */
 export async function handleQueryMemory(
   args: QueryMemoryArgs,
-  userId: string
+  userId: string,
+  authContext?: AuthContext
 ): Promise<string> {
+  const ghostMode = authContext?.ghostMode;
+  const searchUserId = ghostMode?.owner_user_id ?? userId;
+  const debug = createDebugLogger({ tool: 'remember_query_memory', userId: searchUserId, operation: ghostMode ? 'ghost query' : 'query memory' });
   try {
+    debug.info('Tool invoked');
+    debug.trace('Arguments', { args, ghostMode: !!ghostMode });
     // Validate query is not empty
     if (!args.query || args.query.trim() === '') {
       throw new Error('Query cannot be empty');
     }
 
-    logger.info('Querying memories', { userId, query: args.query });
+    logger.info('Querying memories', { userId: searchUserId, query: args.query, ghostMode: !!ghostMode });
 
-    const collection = getMemoryCollection(userId);
+    const collection = getMemoryCollection(searchUserId);
     const limit = args.limit ?? 5;
     const minRelevance = args.min_relevance ?? 0.6;
     const includeContext = args.include_context ?? true;
@@ -179,11 +189,22 @@ export async function handleQueryMemory(
     // Build deleted filter
     const deletedFilter = buildDeletedFilter(collection, args.deleted_filter || 'exclude');
 
+    // Build trust filter for ghost mode (resolved server-side, never from tool args)
+    const trustFilter = ghostMode
+      ? buildTrustFilter(collection, ghostMode.accessor_trust_level)
+      : null;
+
     // Build filters using v3 API - search both memories and relationships
     const searchFilters = buildCombinedSearchFilters(collection, args.filters);
 
-    // Combine deleted filter with search filters
-    const combinedFilters = combineFiltersWithAnd([deletedFilter, searchFilters].filter(f => f !== null));
+    // Exclude ghost memories by default (unless explicitly searching for them)
+    const hasExplicitTypeFilter = args.filters?.types && args.filters.types.length > 0;
+    const ghostExclusionFilter = !hasExplicitTypeFilter
+      ? collection.filter.byProperty('content_type').notEqual('ghost')
+      : null;
+
+    // Combine deleted filter, trust filter, ghost exclusion, and search filters
+    const combinedFilters = combineFiltersWithAnd([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter(f => f !== null));
 
     // Build search options
     const searchOptions: any = {
@@ -235,7 +256,7 @@ export async function handleQueryMemory(
       // Compact format: text summary for easy LLM consumption
       const summaryParts = relevantMemories.map((mem, idx) => {
         const title = mem.title ? `"${mem.title}"` : `Memory ${idx + 1}`;
-        const type = mem.type ? ` [${mem.type}]` : '';
+        const type = mem.content_type ? ` [${mem.content_type}]` : '';
         const relevancePercent = Math.round((mem.relevance ?? 0) * 100);
         const content = mem.content || '(no content)';
         const tags = mem.tags && mem.tags.length > 0 ? `\nTags: ${mem.tags.join(', ')}` : '';
@@ -263,6 +284,7 @@ export async function handleQueryMemory(
 
     return JSON.stringify(result, null, 2);
   } catch (error) {
+    debug.error('Tool failed', { error: error instanceof Error ? error.message : String(error) });
     handleToolError(error, {
       toolName: 'remember_query_memory',
       operation: 'query memories',

package/src/tools/query-space.ts

@@ -12,6 +12,10 @@ import { ensurePublicCollection, isValidSpaceId } from '../weaviate/space-schema
 import { SUPPORTED_SPACES } from '../types/space-memory.js';
 import { handleToolError } from '../utils/error-handler.js';
 import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
+import type { ModerationFilter } from './search-space.js';
+import { buildModerationFilter } from './search-space.js';
+import { canModerateAny } from '../utils/auth-helpers.js';
 
 /**
  * Tool definition for remember_query_space
@@ -66,6 +70,12 @@ Let the query algorithm find ALL relevant memories regardless of type unless exp
         type: 'string',
         description: 'Filter memories created before this date (ISO 8601)',
       },
+      moderation_filter: {
+        type: 'string',
+        enum: ['approved', 'pending', 'rejected', 'removed', 'all'],
+        description: 'Filter by moderation status. Default: "approved" (only shows approved/unmoderated). Non-approved filters require moderator permissions.',
+        default: 'approved',
+      },
       include_comments: {
         type: 'boolean',
         description: 'Include comments in query results (default: false)',
@@ -95,6 +105,7 @@ interface QuerySpaceArgs {
   min_weight?: number;
   date_from?: string;
   date_to?: string;
+  moderation_filter?: ModerationFilter;
   include_comments?: boolean;
   limit?: number;
   format?: 'detailed' | 'compact';
@@ -105,7 +116,8 @@ interface QuerySpaceArgs {
  */
 export async function handleQuerySpace(
   args: QuerySpaceArgs,
-  userId: string  // May be used for private spaces in future
+  userId: string,
+  authContext?: AuthContext
 ): Promise<string> {
   const debug = createDebugLogger({
     tool: 'remember_query_space',
@@ -145,6 +157,20 @@ export async function handleQuerySpace(
       );
     }
 
+    // Permission check: non-approved moderation filters require moderator access
+    const moderationFilterValue = args.moderation_filter || 'approved';
+    if (moderationFilterValue !== 'approved' && !canModerateAny(authContext)) {
+      return JSON.stringify(
+        {
+          success: false,
+          error: 'Permission denied',
+          message: `Moderator access required to view ${moderationFilterValue} memories in spaces`,
+        },
+        null,
+        2
+      );
+    }
+
     const weaviateClient = getWeaviateClient();
     const publicCollection = await ensurePublicCollection(weaviateClient);
 
@@ -157,16 +183,25 @@ export async function handleQuerySpace(
     // Filter by doc_type (memory) - space_memory concept was removed
     filterList.push(publicCollection.filter.byProperty('doc_type').equal('memory'));
 
+    // Moderation status filter
+    const moderationFilter = buildModerationFilter(publicCollection, args.moderation_filter);
+    if (moderationFilter) {
+      filterList.push(moderationFilter);
+    }
+
     // Apply content type filter
     if (args.content_type) {
-      filterList.push(publicCollection.filter.byProperty('type').equal(args.content_type));
+      filterList.push(publicCollection.filter.byProperty('content_type').equal(args.content_type));
     }
 
-    // Exclude comments by default (unless explicitly included)
+    // Exclude comments and ghost memories by default (unless explicitly included)
     if (!args.include_comments && !args.content_type) {
       // Only exclude comments if not filtering by content_type
       // (if content_type is set, user has explicit control)
-      filterList.push(publicCollection.filter.byProperty('type').notEqual('comment'));
+      filterList.push(publicCollection.filter.byProperty('content_type').notEqual('comment'));
+    }
+    if (!args.content_type) {
+      filterList.push(publicCollection.filter.byProperty('content_type').notEqual('ghost'));
     }
 
     // Apply tags filter