@prmichaelsen/remember-mcp 3.0.0 → 3.13.0

package/dist/services/access-control.d.ts

@@ -0,0 +1,103 @@
+/**
+ * Access control service — per-memory access checks with escalation prevention.
+ *
+ * In ghost mode (default), query-level filtering handles trust at the Weaviate layer.
+ * This service is needed for:
+ * 1. Trust escalation penalty tracking
+ * 2. Block management
+ * 3. Prompt/hybrid enforcement modes (per-memory access checks)
+ * 4. Future direct access tools
+ *
+ * See agent/design/access-control-result-pattern.md
+ * See agent/design/local.ghost-persona-system.md
+ */
+import type { Memory } from '../types/memory.js';
+import type { AccessResult } from '../types/access-result.js';
+import type { GhostConfig } from '../types/ghost-config.js';
+/** Block record for a specific (accessor, memory) pair */
+export interface MemoryBlock {
+    blocked_at: string;
+    reason: string;
+    attempt_count: number;
+}
+/** Attempt record for escalation tracking */
+export interface AttemptRecord {
+    count: number;
+    last_attempt_at: string;
+}
+/**
+ * Provider interface for GhostConfig lookups.
+ * In-memory stub now, Firestore implementation in M16.
+ */
+export interface GhostConfigProvider {
+    getGhostConfig(ownerUserId: string): Promise<GhostConfig | null>;
+}
+/**
+ * Provider interface for block and attempt tracking.
+ * In-memory stub now, Firestore implementation in M16.
+ */
+export interface EscalationStore {
+    getBlock(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<MemoryBlock | null>;
+    setBlock(ownerUserId: string, accessorUserId: string, memoryId: string, block: MemoryBlock): Promise<void>;
+    removeBlock(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<void>;
+    getAttempts(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<AttemptRecord | null>;
+    incrementAttempts(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<AttemptRecord>;
+}
+/** Stub GhostConfig provider — returns null (ghost not configured) */
+export declare class StubGhostConfigProvider implements GhostConfigProvider {
+    private configs;
+    getGhostConfig(ownerUserId: string): Promise<GhostConfig | null>;
+    /** Test helper: set a GhostConfig for a user */
+    setGhostConfig(ownerUserId: string, config: GhostConfig): void;
+}
+/** In-memory escalation store for development/testing */
+export declare class InMemoryEscalationStore implements EscalationStore {
+    private blocks;
+    private attempts;
+    private key;
+    getBlock(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<MemoryBlock | null>;
+    setBlock(ownerUserId: string, accessorUserId: string, memoryId: string, block: MemoryBlock): Promise<void>;
+    removeBlock(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<void>;
+    getAttempts(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<AttemptRecord | null>;
+    incrementAttempts(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<AttemptRecord>;
+}
+/**
+ * Check if an accessor has permission to access a specific memory.
+ *
+ * Flow:
+ * 1. Self-access → always granted (owner)
+ * 2. Ghost not enabled → no_permission
+ * 3. Accessor blocked by owner → no_permission
+ * 4. Memory-specific block → blocked
+ * 5. Insufficient trust → insufficient_trust (+ penalty, possible block)
+ * 6. Sufficient trust → granted (trusted; trust 1.0 memories capped to existence-only by formatting layer)
+ */
+export declare function checkMemoryAccess(accessorUserId: string, memory: Memory, ghostConfigProvider: GhostConfigProvider, escalationStore: EscalationStore): Promise<AccessResult>;
+/**
+ * Handle an insufficient trust access attempt.
+ * Applies -0.1 penalty, blocks after 3 attempts.
+ */
+export declare function handleInsufficientTrust(ownerUserId: string, accessorUserId: string, memoryId: string, requiredTrust: number, actualTrust: number, escalationStore: EscalationStore): Promise<AccessResult>;
+/**
+ * Check if access to a specific memory is blocked.
+ */
+export declare function isMemoryBlocked(ownerUserId: string, accessorUserId: string, memoryId: string, escalationStore: EscalationStore): Promise<boolean>;
+/**
+ * Reset a memory-specific block (e.g., via grant_access).
+ */
+export declare function resetBlock(ownerUserId: string, accessorUserId: string, memoryId: string, escalationStore: EscalationStore): Promise<void>;
+/**
+ * Resolve the trust level for an accessor from GhostConfig.
+ *
+ * Priority: per_user_trust → default_friend_trust → default_public_trust → 0
+ *
+ * Note: "friend" vs "public" distinction will be determined by the calling
+ * context in M16 (friend list, social graph). For now, non-per_user accessors
+ * fall through to default_public_trust.
+ */
+export declare function resolveAccessorTrustLevel(ghostConfig: GhostConfig, accessorUserId: string): number;
+/**
+ * Format an AccessResult into a human-readable message.
+ */
+export declare function formatAccessResultMessage(result: AccessResult): string;
+//# sourceMappingURL=access-control.d.ts.map

package/dist/services/access-control.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=access-control.spec.d.ts.map

package/dist/services/credentials-provider.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Credentials Provider
+ *
+ * Resolves user credentials (group memberships, permissions) from an access token.
+ * Currently uses a stub implementation; future: HTTP provider hitting /api/credentials/agentbase.
+ */
+import type { CredentialsProvider, UserCredentials } from '../types/auth.js';
+/**
+ * Stub credentials provider — returns empty group memberships.
+ * Used until an HTTP-based provider is wired up.
+ */
+export declare class StubCredentialsProvider implements CredentialsProvider {
+    getCredentials(_accessToken: string, userId: string): Promise<UserCredentials>;
+}
+/**
+ * Factory to create the appropriate credentials provider.
+ * Future: reads config to pick stub vs HTTP implementation.
+ */
+export declare function createCredentialsProvider(): CredentialsProvider;
+/**
+ * Singleton credentials provider instance
+ */
+export declare const credentialsProvider: CredentialsProvider;
+//# sourceMappingURL=credentials-provider.d.ts.map

package/dist/services/credentials-provider.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=credentials-provider.spec.d.ts.map

package/dist/services/escalation.service.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Firestore-backed Escalation Store
+ *
+ * Persists trust escalation tracking (attempt counts, blocks) to Firestore.
+ * Replaces InMemoryEscalationStore for production use.
+ *
+ * Firestore path: {BASE}.users/{ownerUserId}/ghost_escalation/{accessorUserId}:{memoryId}
+ *
+ * See agent/design/local.ghost-persona-system.md
+ */
+import type { EscalationStore, MemoryBlock, AttemptRecord } from './access-control.js';
+/**
+ * Firestore-backed escalation store for production use.
+ */
+export declare class FirestoreEscalationStore implements EscalationStore {
+    getBlock(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<MemoryBlock | null>;
+    setBlock(ownerUserId: string, accessorUserId: string, memoryId: string, block: MemoryBlock): Promise<void>;
+    removeBlock(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<void>;
+    getAttempts(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<AttemptRecord | null>;
+    incrementAttempts(ownerUserId: string, accessorUserId: string, memoryId: string): Promise<AttemptRecord>;
+}
+//# sourceMappingURL=escalation.service.d.ts.map

package/dist/services/escalation.service.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=escalation.service.spec.d.ts.map

package/dist/services/ghost-config.service.d.ts

@@ -0,0 +1,55 @@
+/**
+ * GhostConfig Firestore Service
+ *
+ * CRUD operations for ghost/persona configuration stored in Firestore.
+ * Implements GhostConfigProvider interface from access-control.ts.
+ *
+ * Firestore path: {BASE}.users/{ownerUserId}/ghost_config/settings
+ *
+ * See agent/design/local.ghost-persona-system.md
+ */
+import type { GhostConfig } from '../types/ghost-config.js';
+import type { GhostConfigProvider } from './access-control.js';
+/**
+ * Get a user's ghost configuration.
+ * Returns defaults merged with stored config, or null if no config exists.
+ */
+export declare function getGhostConfig(ownerUserId: string): Promise<GhostConfig>;
+/**
+ * Set (upsert) a user's ghost configuration.
+ * Merges partial config with existing values.
+ */
+export declare function setGhostConfigFields(ownerUserId: string, config: Partial<GhostConfig>): Promise<GhostConfig>;
+/**
+ * Set a per-user trust level override.
+ */
+export declare function setUserTrust(ownerUserId: string, targetUserId: string, trustLevel: number): Promise<void>;
+/**
+ * Remove a per-user trust override (reverts to default).
+ */
+export declare function removeUserTrust(ownerUserId: string, targetUserId: string): Promise<void>;
+/**
+ * Block a user from ghost access.
+ */
+export declare function blockUser(ownerUserId: string, targetUserId: string): Promise<void>;
+/**
+ * Unblock a user from ghost access.
+ */
+export declare function unblockUser(ownerUserId: string, targetUserId: string): Promise<void>;
+/**
+ * Check if a user's ghost is enabled.
+ */
+export declare function isGhostEnabled(ownerUserId: string): Promise<boolean>;
+/**
+ * Validate a partial GhostConfig update.
+ * Throws if any field values are invalid.
+ */
+export declare function validateGhostConfigUpdate(config: Partial<GhostConfig>): void;
+/**
+ * Firestore-backed GhostConfigProvider implementation.
+ * Replaces StubGhostConfigProvider for production use.
+ */
+export declare class FirestoreGhostConfigProvider implements GhostConfigProvider {
+    getGhostConfig(ownerUserId: string): Promise<GhostConfig | null>;
+}
+//# sourceMappingURL=ghost-config.service.d.ts.map

package/dist/services/ghost-config.service.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=ghost-config.service.spec.d.ts.map

package/dist/services/space-config.service.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Space/Group Configuration Service
+ *
+ * Per-space and per-group behavioral configuration stored in Firestore.
+ * Controls moderation requirements, write modes, and other behavioral rules.
+ */
+import type { WriteMode } from '../types/auth.js';
+export interface SpaceConfig {
+    require_moderation: boolean;
+    default_write_mode: WriteMode;
+}
+export declare const DEFAULT_SPACE_CONFIG: SpaceConfig;
+/**
+ * Get configuration for a space or group.
+ * Returns defaults merged with any stored config.
+ */
+export declare function getSpaceConfig(id: string, type: 'space' | 'group'): Promise<SpaceConfig>;
+/**
+ * Set configuration for a space or group.
+ * Merges partial config with existing values.
+ */
+export declare function setSpaceConfig(id: string, type: 'space' | 'group', config: Partial<SpaceConfig>): Promise<void>;
+//# sourceMappingURL=space-config.service.d.ts.map

package/dist/services/space-config.service.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=space-config.service.spec.d.ts.map

package/dist/services/trust-enforcement.d.ts

@@ -0,0 +1,83 @@
+/**
+ * Trust enforcement service — 3 configurable modes for cross-user memory access.
+ *
+ * - query mode (default): memories above trust threshold never returned from Weaviate
+ * - prompt mode: all memories returned, formatted/redacted by trust level
+ * - hybrid mode: query filter for trust 0.0, prompt filter for rest
+ *
+ * See agent/design/local.ghost-persona-system.md
+ */
+import type { Memory } from '../types/memory.js';
+import type { TrustEnforcementMode } from '../types/ghost-config.js';
+/** Trust level thresholds mapping continuous 0-1 values to discrete behavior tiers */
+export declare const TRUST_THRESHOLDS: {
+    readonly FULL_ACCESS: 1;
+    readonly PARTIAL_ACCESS: 0.75;
+    readonly SUMMARY_ONLY: 0.5;
+    readonly METADATA_ONLY: 0.25;
+    readonly EXISTENCE_ONLY: 0;
+};
+/**
+ * Build a Weaviate filter that restricts memories by trust score.
+ * Only returns memories where trust_score <= accessorTrustLevel.
+ *
+ * Trust 1.0 memories require accessor trust >= 1.0 to even appear in results.
+ * When they do appear, formatMemoryForPrompt caps output to existence-only.
+ *
+ * @param collection - Weaviate collection instance
+ * @param accessorTrustLevel - The accessor's trust level (0-1)
+ * @returns Weaviate filter object
+ */
+export declare function buildTrustFilter(collection: any, accessorTrustLevel: number): any;
+/**
+ * Formatted memory representation for prompt-level enforcement.
+ * Content is redacted/formatted based on trust level.
+ */
+export interface FormattedMemory {
+    memory_id: string;
+    trust_tier: string;
+    content: string;
+}
+/**
+ * Format a memory for inclusion in an LLM prompt, redacted by trust level.
+ *
+ * Trust tiers:
+ * - 1.0  Full Access:    full content, all details
+ * - 0.75 Partial Access: content with sensitive fields redacted
+ * - 0.5  Summary Only:   title + summary, no content
+ * - 0.25 Metadata Only:  type, date, tags — no content or summary
+ * - 0.0  Existence Only: "A memory exists about this topic"
+ *
+ * Trust 1.0 memories are always existence-only for cross-users, regardless of
+ * accessor trust level. Use `isSelfAccess = true` to bypass for owner access.
+ *
+ * @param memory - The memory to format
+ * @param accessorTrustLevel - The accessor's trust level (0-1)
+ * @param isSelfAccess - True if the accessor is the memory owner (bypasses trust 1.0 cap)
+ * @returns Formatted memory for prompt inclusion
+ */
+export declare function formatMemoryForPrompt(memory: Memory, accessorTrustLevel: number, isSelfAccess?: boolean): FormattedMemory;
+/**
+ * Get a human-readable label for a trust level.
+ */
+export declare function getTrustLevelLabel(trust: number): string;
+/**
+ * Get LLM instruction text describing what to reveal at a given trust level.
+ */
+export declare function getTrustInstructions(trust: number): string;
+/**
+ * Redact sensitive fields from a memory for partial access.
+ * Returns a copy with location, context, and references cleared.
+ */
+export declare function redactSensitiveFields(memory: Memory, _trust: number): Memory;
+/**
+ * Check whether an accessor's trust level is sufficient for a memory.
+ * Access is granted when accessorTrust >= memoryTrust.
+ */
+export declare function isTrustSufficient(memoryTrust: number, accessorTrust: number): boolean;
+/**
+ * Determine the enforcement mode to use.
+ * Convenience function that returns the mode from GhostConfig or falls back to 'query'.
+ */
+export declare function resolveEnforcementMode(mode?: TrustEnforcementMode): TrustEnforcementMode;
+//# sourceMappingURL=trust-enforcement.d.ts.map

package/dist/services/trust-enforcement.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=trust-enforcement.spec.d.ts.map

package/dist/services/trust-validator.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Trust validator — validation and suggestions for trust-sensitive operations.
+ *
+ * See agent/design/local.ghost-persona-system.md
+ */
+import type { ContentType } from '../types/memory.js';
+/**
+ * Validation result for trust assignment.
+ */
+export interface TrustValidationResult {
+    valid: boolean;
+    warning?: string;
+}
+/**
+ * Validate a trust level assignment.
+ * Warns if trust < 0.25 (very private — existence-only for most accessors).
+ * Returns invalid for out-of-range values.
+ *
+ * @param trustLevel - The trust level being assigned (0-1)
+ * @param content - Optional content for context-aware validation
+ */
+export declare function validateTrustAssignment(trustLevel: number, content?: string): TrustValidationResult;
+/**
+ * Suggest an appropriate trust level based on content type and tags.
+ *
+ * Guidelines:
+ * - System/audit/action: 0.5 (internal, summary access for trusted users)
+ * - Personal (journal, memory, event): 0.75 (share with close friends)
+ * - Business (invoice, contract): 0.5 (summary only for collaborators)
+ * - Communication (email, conversation): 0.5 (summary only)
+ * - Creative/content: 0.25 (metadata for discovery, full access for trusted)
+ * - Default: 0.25 (conservative — metadata only)
+ *
+ * Tag overrides:
+ * - 'private' or 'secret': 0.1 (near-hidden)
+ * - 'public': 1.0 (open to all)
+ *
+ * @param contentType - The type of content
+ * @param tags - Optional tags that may affect suggestion
+ * @returns Suggested trust level (0-1)
+ */
+export declare function suggestTrustLevel(contentType: ContentType, tags?: string[]): number;
+//# sourceMappingURL=trust-validator.d.ts.map

package/dist/services/trust-validator.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=trust-validator.spec.d.ts.map

package/dist/tools/confirm-publish-moderation.spec.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Tests for moderation status wiring in the publish flow.
+ *
+ * Verifies that executePublishMemory() sets moderation_status
+ * based on SpaceConfig.require_moderation for each destination.
+ */
+export {};
+//# sourceMappingURL=confirm-publish-moderation.spec.d.ts.map

package/dist/tools/confirm.d.ts

@@ -3,8 +3,15 @@
  *
  * Generic confirmation tool that executes any pending action.
  * This is the second phase of the confirmation workflow.
+ *
+ * Memory Collection Pattern v2:
+ * - Multi-space publication to Memory_spaces_public
+ * - Multi-group publication to Memory_groups_{groupId}
+ * - Composite IDs ({userId}.{memoryId}) for published memories
+ * - Tracking arrays (space_ids, group_ids) on source and published memories
  */
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_confirm
  *
@@ -27,6 +34,6 @@ interface ConfirmArgs {
 /**
  * Handle remember_confirm tool execution
  */
-export declare function handleConfirm(args: ConfirmArgs, userId: string): Promise<string>;
+export declare function handleConfirm(args: ConfirmArgs, userId: string, authContext?: AuthContext): Promise<string>;
 export {};
 //# sourceMappingURL=confirm.d.ts.map

package/dist/tools/create-memory.d.ts

@@ -3,6 +3,7 @@
  * Creates a new memory in the user's collection
  */
 import type { ContentType, MemoryContext } from '../types/memory.js';
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_create_memory
  */
@@ -109,5 +110,5 @@ export interface CreateMemoryResult {
 /**
  * Handle remember_create_memory tool
  */
-export declare function handleCreateMemory(args: CreateMemoryArgs, userId: string, context?: Partial<MemoryContext>): Promise<string>;
+export declare function handleCreateMemory(args: CreateMemoryArgs, userId: string, authContext?: AuthContext, context?: Partial<MemoryContext>): Promise<string>;
 //# sourceMappingURL=create-memory.d.ts.map

package/dist/tools/create-memory.spec.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Unit tests for remember_create_memory and remember_update_memory tools (Task 170)
+ *
+ * Tests cover:
+ * - Tool definition schemas
+ * - Tracking arrays (space_ids, group_ids) are NOT user-settable via input schema
+ * - Required fields and optional fields
+ */
+export {};
+//# sourceMappingURL=create-memory.spec.d.ts.map

package/dist/tools/create-relationship.d.ts

@@ -3,6 +3,7 @@
  * Create a relationship connecting 2...N memories
  */
 import type { MemoryContext } from '../types/memory.js';
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_create_relationship
  */
@@ -75,5 +76,5 @@ export interface CreateRelationshipResult {
 /**
  * Handle remember_create_relationship tool
  */
-export declare function handleCreateRelationship(args: CreateRelationshipArgs, userId: string, context?: Partial<MemoryContext>): Promise<string>;
+export declare function handleCreateRelationship(args: CreateRelationshipArgs, userId: string, authContext?: AuthContext, context?: Partial<MemoryContext>): Promise<string>;
 //# sourceMappingURL=create-relationship.d.ts.map

package/dist/tools/delete-memory.d.ts

@@ -3,6 +3,7 @@
  * Request to delete a memory (requires confirmation)
  */
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_delete_memory
  */
@@ -18,5 +19,5 @@ export interface DeleteMemoryArgs {
  * Handle remember_delete_memory tool
  * Creates confirmation token and returns preview
  */
-export declare function handleDeleteMemory(args: DeleteMemoryArgs, userId: string): Promise<string>;
+export declare function handleDeleteMemory(args: DeleteMemoryArgs, userId: string, authContext?: AuthContext): Promise<string>;
 //# sourceMappingURL=delete-memory.d.ts.map

package/dist/tools/delete-relationship.d.ts

@@ -2,6 +2,7 @@
  * remember_delete_relationship tool
  * Delete a relationship and clean up references in connected memories
  */
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_delete_relationship
  */
@@ -37,5 +38,5 @@ export interface DeleteRelationshipResult {
 /**
  * Handle remember_delete_relationship tool
  */
-export declare function handleDeleteRelationship(args: DeleteRelationshipArgs, userId: string): Promise<string>;
+export declare function handleDeleteRelationship(args: DeleteRelationshipArgs, userId: string, authContext?: AuthContext): Promise<string>;
 //# sourceMappingURL=delete-relationship.d.ts.map

package/dist/tools/deny.d.ts

@@ -4,6 +4,7 @@
  * Generic denial tool for any pending action.
  */
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_deny
  *
@@ -26,6 +27,6 @@ interface DenyArgs {
 /**
  * Handle remember_deny tool execution
  */
-export declare function handleDeny(args: DenyArgs, userId: string): Promise<string>;
+export declare function handleDeny(args: DenyArgs, userId: string, authContext?: AuthContext): Promise<string>;
 export {};
 //# sourceMappingURL=deny.d.ts.map

package/dist/tools/find-similar.d.ts

@@ -3,6 +3,7 @@
  * Find similar memories using vector similarity search
  */
 import type { Memory, DeletedFilter } from '../types/memory.js';
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_find_similar
  */
@@ -80,5 +81,5 @@ export interface FindSimilarResult {
 /**
  * Handle remember_find_similar tool
  */
-export declare function handleFindSimilar(args: FindSimilarArgs, userId: string): Promise<string>;
+export declare function handleFindSimilar(args: FindSimilarArgs, userId: string, authContext?: AuthContext): Promise<string>;
 //# sourceMappingURL=find-similar.d.ts.map

package/dist/tools/get-preferences.d.ts

@@ -3,6 +3,7 @@
  * Retrieve user preferences with defaults
  */
 import { UserPreferences, PreferenceCategory } from '../types/preferences.js';
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_get_preferences
  */
@@ -37,5 +38,5 @@ export interface GetPreferencesResult {
 /**
  * Handle remember_get_preferences tool
  */
-export declare function handleGetPreferences(args: GetPreferencesArgs, userId: string): Promise<string>;
+export declare function handleGetPreferences(args: GetPreferencesArgs, userId: string, authContext?: AuthContext): Promise<string>;
 //# sourceMappingURL=get-preferences.d.ts.map

package/dist/tools/ghost-config.d.ts

@@ -0,0 +1,27 @@
+/**
+ * remember_ghost_config tool
+ *
+ * Manage ghost/persona configuration: enable/disable ghost,
+ * set trust defaults, manage per-user trust, block/unblock users.
+ */
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { AuthContext } from '../types/auth.js';
+import type { TrustEnforcementMode } from '../types/ghost-config.js';
+type GhostConfigAction = 'get' | 'set' | 'set_trust' | 'remove_trust' | 'block' | 'unblock';
+export declare const ghostConfigTool: Tool;
+interface GhostConfigArgs {
+    action: GhostConfigAction;
+    enabled?: boolean;
+    public_ghost_enabled?: boolean;
+    default_friend_trust?: number;
+    default_public_trust?: number;
+    enforcement_mode?: TrustEnforcementMode;
+    target_user_id?: string;
+    trust_level?: number;
+}
+/**
+ * Handle remember_ghost_config tool
+ */
+export declare function handleGhostConfig(args: GhostConfigArgs, userId: string, authContext?: AuthContext): Promise<string>;
+export {};
+//# sourceMappingURL=ghost-config.d.ts.map

package/dist/tools/ghost-config.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=ghost-config.spec.d.ts.map

package/dist/tools/moderate.d.ts

@@ -0,0 +1,20 @@
+/**
+ * remember_moderate tool
+ *
+ * Allows moderators to approve, reject, or remove published memories
+ * in spaces and groups. Requires can_moderate permission.
+ */
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { AuthContext } from '../types/auth.js';
+type ModerationAction = 'approve' | 'reject' | 'remove';
+export declare const moderateTool: Tool;
+interface ModerateArgs {
+    memory_id: string;
+    space_id?: string;
+    group_id?: string;
+    action: ModerationAction;
+    reason?: string;
+}
+export declare function handleModerate(args: ModerateArgs, userId: string, authContext?: AuthContext): Promise<string>;
+export {};
+//# sourceMappingURL=moderate.d.ts.map

package/dist/tools/moderate.spec.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for remember_moderate tool.
+ */
+export {};
+//# sourceMappingURL=moderate.spec.d.ts.map

package/dist/tools/publish.d.ts

@@ -1,22 +1,30 @@
 /**
  * remember_publish tool
  *
- * Generates a confirmation token for publishing a memory to a shared space.
+ * Generates a confirmation token for publishing a memory to shared spaces and/or groups.
  * This is the first phase of the two-phase publish workflow.
+ *
+ * Memory Collection Pattern v2:
+ * - Supports multi-space publication to Memory_spaces_public
+ * - Supports multi-group publication to Memory_groups_{groupId}
+ * - Uses composite IDs ({userId}.{memoryId}) for published memories
+ * - Maintains tracking arrays (space_ids, group_ids) on source memory
  */
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { AuthContext } from '../types/auth.js';
 /**
  * Tool definition for remember_publish
  */
 export declare const publishTool: Tool;
 interface PublishArgs {
     memory_id: string;
-    spaces: string[];
+    spaces?: string[];
+    groups?: string[];
     additional_tags?: string[];
 }
 /**
  * Handle remember_publish tool execution
  */
-export declare function handlePublish(args: PublishArgs, userId: string): Promise<string>;
+export declare function handlePublish(args: PublishArgs, userId: string, authContext?: AuthContext): Promise<string>;
 export {};
 //# sourceMappingURL=publish.d.ts.map