@prmichaelsen/remember-mcp 3.14.11 → 3.14.14

package/dist/server-factory.js

@@ -515,6 +515,21 @@ var init_logger = __esm({
 });
 
 // src/firestore/init.ts
+var init_exports = {};
+__export(init_exports, {
+  FieldValue: () => FieldValue,
+  addDocument: () => addDocument,
+  batchWrite: () => batchWrite,
+  deleteDocument: () => deleteDocument,
+  getDocument: () => getDocument,
+  initFirestore: () => initFirestore,
+  isFirestoreInitialized: () => isFirestoreInitialized,
+  queryDocuments: () => queryDocuments,
+  setDocument: () => setDocument,
+  testFirestoreConnection: () => testFirestoreConnection,
+  updateDocument: () => updateDocument,
+  verifyIdToken: () => verifyIdToken
+});
 import { initializeApp } from "@prmichaelsen/firebase-admin-sdk-v8";
 import {
   getDocument,
@@ -555,370 +570,35 @@ function initFirestore() {
     throw error;
   }
 }
-var initialized;
-var init_init = __esm({
-  "src/firestore/init.ts"() {
-    "use strict";
-    init_config();
-    init_logger();
-    initialized = false;
-  }
-});
-
-// src/services/trust-enforcement.ts
-function buildTrustFilter2(collection, accessorTrustLevel) {
-  return collection.filter.byProperty("trust_score").lessThanOrEqual(accessorTrustLevel);
-}
-function isTrustSufficient2(memoryTrust, accessorTrust) {
-  return accessorTrust >= memoryTrust;
+function isFirestoreInitialized() {
+  return initialized;
 }
-var init_trust_enforcement = __esm({
-  "src/services/trust-enforcement.ts"() {
-    "use strict";
-  }
-});
-
-// src/firestore/paths.ts
-function getBasePrefix2() {
-  const environment = process.env.ENVIRONMENT;
-  if (environment && environment !== "production" && environment !== "prod") {
-    return `${environment}.${APP_NAME2}`;
-  }
-  const isDevelopment = process.env.NODE_ENV === "development";
-  if (isDevelopment) {
-    const customPrefix = process.env.DB_PREFIX;
-    if (customPrefix) {
-      return customPrefix;
-    }
-    return `e0.${APP_NAME2}`;
-  }
-  return APP_NAME2;
-}
-var APP_NAME2, BASE2;
-var init_paths = __esm({
-  "src/firestore/paths.ts"() {
-    "use strict";
-    APP_NAME2 = "remember-mcp";
-    BASE2 = getBasePrefix2();
-  }
-});
-
-// src/types/ghost-config.ts
-var DEFAULT_GHOST_CONFIG2;
-var init_ghost_config = __esm({
-  "src/types/ghost-config.ts"() {
-    "use strict";
-    DEFAULT_GHOST_CONFIG2 = {
-      enabled: false,
-      public_ghost_enabled: false,
-      default_friend_trust: 0.25,
-      default_public_trust: 0,
-      per_user_trust: {},
-      blocked_users: [],
-      enforcement_mode: "query"
-    };
-  }
-});
-
-// src/services/ghost-config.service.ts
-var ghost_config_service_exports = {};
-__export(ghost_config_service_exports, {
-  FirestoreGhostConfigProvider: () => FirestoreGhostConfigProvider2,
-  blockUser: () => blockUser2,
-  getGhostConfig: () => getGhostConfig2,
-  isGhostEnabled: () => isGhostEnabled2,
-  removeUserTrust: () => removeUserTrust2,
-  setGhostConfigFields: () => setGhostConfigFields2,
-  setUserTrust: () => setUserTrust2,
-  unblockUser: () => unblockUser2,
-  validateGhostConfigUpdate: () => validateGhostConfigUpdate2
-});
-function getGhostConfigPath(ownerUserId) {
-  return {
-    collectionPath: `${BASE2}.users/${ownerUserId}/ghost_config`,
-    docId: "settings"
-  };
-}
-async function getGhostConfig2(ownerUserId) {
+async function testFirestoreConnection() {
   try {
-    const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-    const doc = await getDocument(collectionPath, docId);
-    if (!doc) {
-      return { ...DEFAULT_GHOST_CONFIG2 };
+    if (!initialized) {
+      throw new Error("Firestore not initialized");
     }
-    return { ...DEFAULT_GHOST_CONFIG2, ...doc };
+    const { getDocument: getDocument3 } = await import("@prmichaelsen/firebase-admin-sdk-v8");
+    await getDocument3("_health_check", "test");
+    logger.info("Firestore connection test successful", {
+      module: "firestore-init"
+    });
+    return true;
   } catch (error) {
-    logger.error("Failed to get ghost config", {
-      service: SERVICE,
-      ownerUserId,
+    logger.error("Firestore connection test failed", {
+      module: "firestore-init",
       error: error instanceof Error ? error.message : String(error)
     });
-    return { ...DEFAULT_GHOST_CONFIG2 };
-  }
-}
-async function setGhostConfigFields2(ownerUserId, config2) {
-  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, config2, { merge: true });
-  logger.info("Ghost config updated", {
-    service: SERVICE,
-    ownerUserId,
-    updatedKeys: Object.keys(config2)
-  });
-  return getGhostConfig2(ownerUserId);
-}
-async function setUserTrust2(ownerUserId, targetUserId, trustLevel) {
-  if (trustLevel < 0 || trustLevel > 1) {
-    throw new Error(`Trust level must be between 0 and 1, got ${trustLevel}`);
-  }
-  const current = await getGhostConfig2(ownerUserId);
-  const per_user_trust = { ...current.per_user_trust, [targetUserId]: trustLevel };
-  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, { per_user_trust }, { merge: true });
-  logger.info("User trust level set", {
-    service: SERVICE,
-    ownerUserId,
-    targetUserId,
-    trustLevel
-  });
-}
-async function removeUserTrust2(ownerUserId, targetUserId) {
-  const current = await getGhostConfig2(ownerUserId);
-  const per_user_trust = { ...current.per_user_trust };
-  delete per_user_trust[targetUserId];
-  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, { per_user_trust }, { merge: true });
-  logger.info("User trust override removed", {
-    service: SERVICE,
-    ownerUserId,
-    targetUserId
-  });
-}
-async function blockUser2(ownerUserId, targetUserId) {
-  const current = await getGhostConfig2(ownerUserId);
-  if (current.blocked_users.includes(targetUserId)) {
-    return;
-  }
-  const blocked_users = [...current.blocked_users, targetUserId];
-  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, { blocked_users }, { merge: true });
-  logger.info("User blocked from ghost access", {
-    service: SERVICE,
-    ownerUserId,
-    targetUserId
-  });
-}
-async function unblockUser2(ownerUserId, targetUserId) {
-  const current = await getGhostConfig2(ownerUserId);
-  if (!current.blocked_users.includes(targetUserId)) {
-    return;
-  }
-  const blocked_users = current.blocked_users.filter((id) => id !== targetUserId);
-  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, { blocked_users }, { merge: true });
-  logger.info("User unblocked from ghost access", {
-    service: SERVICE,
-    ownerUserId,
-    targetUserId
-  });
-}
-async function isGhostEnabled2(ownerUserId) {
-  const config2 = await getGhostConfig2(ownerUserId);
-  return config2.enabled;
-}
-function validateGhostConfigUpdate2(config2) {
-  if (config2.default_friend_trust !== void 0) {
-    if (config2.default_friend_trust < 0 || config2.default_friend_trust > 1) {
-      throw new Error(`default_friend_trust must be between 0 and 1, got ${config2.default_friend_trust}`);
-    }
-  }
-  if (config2.default_public_trust !== void 0) {
-    if (config2.default_public_trust < 0 || config2.default_public_trust > 1) {
-      throw new Error(`default_public_trust must be between 0 and 1, got ${config2.default_public_trust}`);
-    }
-  }
-  if (config2.enforcement_mode !== void 0) {
-    const valid = ["query", "prompt", "hybrid"];
-    if (!valid.includes(config2.enforcement_mode)) {
-      throw new Error(`enforcement_mode must be one of ${valid.join(", ")}, got ${config2.enforcement_mode}`);
-    }
-  }
-  if (config2.per_user_trust !== void 0) {
-    for (const [userId, level] of Object.entries(config2.per_user_trust)) {
-      if (level < 0 || level > 1) {
-        throw new Error(`Trust level for ${userId} must be between 0 and 1, got ${level}`);
-      }
-    }
+    return false;
   }
 }
-var SERVICE, FirestoreGhostConfigProvider2;
-var init_ghost_config_service = __esm({
-  "src/services/ghost-config.service.ts"() {
+var initialized;
+var init_init = __esm({
+  "src/firestore/init.ts"() {
     "use strict";
-    init_init();
-    init_paths();
+    init_config();
     init_logger();
-    init_ghost_config();
-    SERVICE = "GhostConfigService";
-    FirestoreGhostConfigProvider2 = class {
-      async getGhostConfig(ownerUserId) {
-        const config2 = await getGhostConfig2(ownerUserId);
-        if (!config2.enabled) {
-          return null;
-        }
-        return config2;
-      }
-    };
-  }
-});
-
-// src/services/access-control.ts
-var access_control_exports = {};
-__export(access_control_exports, {
-  InMemoryEscalationStore: () => InMemoryEscalationStore2,
-  StubGhostConfigProvider: () => StubGhostConfigProvider2,
-  checkMemoryAccess: () => checkMemoryAccess2,
-  formatAccessResultMessage: () => formatAccessResultMessage2,
-  handleInsufficientTrust: () => handleInsufficientTrust2,
-  isMemoryBlocked: () => isMemoryBlocked2,
-  resetBlock: () => resetBlock2,
-  resolveAccessorTrustLevel: () => resolveAccessorTrustLevel2
-});
-async function checkMemoryAccess2(accessorUserId, memory, ghostConfigProvider, escalationStore) {
-  const ownerUserId = memory.user_id;
-  const memoryId = memory.id;
-  if (accessorUserId === ownerUserId) {
-    return { status: "granted", memory, access_level: "owner" };
-  }
-  const ghostConfig = await ghostConfigProvider.getGhostConfig(ownerUserId);
-  if (!ghostConfig || !ghostConfig.enabled) {
-    return { status: "no_permission", owner_user_id: ownerUserId, accessor_user_id: accessorUserId };
-  }
-  if (ghostConfig.blocked_users.includes(accessorUserId)) {
-    return { status: "no_permission", owner_user_id: ownerUserId, accessor_user_id: accessorUserId };
-  }
-  const block = await escalationStore.getBlock(ownerUserId, accessorUserId, memoryId);
-  if (block) {
-    return {
-      status: "blocked",
-      memory_id: memoryId,
-      reason: block.reason,
-      blocked_at: block.blocked_at
-    };
-  }
-  const accessorTrust = resolveAccessorTrustLevel2(ghostConfig, accessorUserId);
-  const memoryTrust = memory.trust;
-  if (!isTrustSufficient2(memoryTrust, accessorTrust)) {
-    const result = await handleInsufficientTrust2(
-      ownerUserId,
-      accessorUserId,
-      memoryId,
-      memoryTrust,
-      accessorTrust,
-      escalationStore
-    );
-    return result;
-  }
-  return { status: "granted", memory, access_level: "trusted" };
-}
-async function handleInsufficientTrust2(ownerUserId, accessorUserId, memoryId, requiredTrust, actualTrust, escalationStore) {
-  const attempt = await escalationStore.incrementAttempts(ownerUserId, accessorUserId, memoryId);
-  if (attempt.count >= MAX_ATTEMPTS_BEFORE_BLOCK2) {
-    const block = {
-      blocked_at: (/* @__PURE__ */ new Date()).toISOString(),
-      reason: `Access blocked after ${attempt.count} unauthorized attempts`,
-      attempt_count: attempt.count
-    };
-    await escalationStore.setBlock(ownerUserId, accessorUserId, memoryId, block);
-    return {
-      status: "blocked",
-      memory_id: memoryId,
-      reason: block.reason,
-      blocked_at: block.blocked_at
-    };
-  }
-  return {
-    status: "insufficient_trust",
-    memory_id: memoryId,
-    required_trust: requiredTrust,
-    actual_trust: Math.max(0, actualTrust - TRUST_PENALTY2),
-    attempts_remaining: MAX_ATTEMPTS_BEFORE_BLOCK2 - attempt.count
-  };
-}
-async function isMemoryBlocked2(ownerUserId, accessorUserId, memoryId, escalationStore) {
-  const block = await escalationStore.getBlock(ownerUserId, accessorUserId, memoryId);
-  return block !== null;
-}
-async function resetBlock2(ownerUserId, accessorUserId, memoryId, escalationStore) {
-  await escalationStore.removeBlock(ownerUserId, accessorUserId, memoryId);
-}
-function resolveAccessorTrustLevel2(ghostConfig, accessorUserId) {
-  if (accessorUserId in ghostConfig.per_user_trust) {
-    return ghostConfig.per_user_trust[accessorUserId];
-  }
-  return ghostConfig.default_public_trust ?? 0;
-}
-function formatAccessResultMessage2(result) {
-  switch (result.status) {
-    case "granted":
-      return result.access_level === "owner" ? "Access granted (owner)." : "Access granted (trusted).";
-    case "insufficient_trust":
-      return `Insufficient trust level. Required: ${result.required_trust.toFixed(2)}, actual: ${result.actual_trust.toFixed(2)}. ${result.attempts_remaining} attempt(s) remaining before access is blocked.`;
-    case "blocked":
-      return `Access blocked: ${result.reason}`;
-    case "no_permission":
-      return "No permission to access this user's memories.";
-    case "not_found":
-      return `Memory ${result.memory_id} not found.`;
-    case "deleted":
-      return `Memory ${result.memory_id} was deleted on ${result.deleted_at}.`;
-  }
-}
-var StubGhostConfigProvider2, InMemoryEscalationStore2, TRUST_PENALTY2, MAX_ATTEMPTS_BEFORE_BLOCK2;
-var init_access_control = __esm({
-  "src/services/access-control.ts"() {
-    "use strict";
-    init_trust_enforcement();
-    StubGhostConfigProvider2 = class {
-      configs = /* @__PURE__ */ new Map();
-      async getGhostConfig(ownerUserId) {
-        return this.configs.get(ownerUserId) ?? null;
-      }
-      /** Test helper: set a GhostConfig for a user */
-      setGhostConfig(ownerUserId, config2) {
-        this.configs.set(ownerUserId, config2);
-      }
-    };
-    InMemoryEscalationStore2 = class {
-      blocks = /* @__PURE__ */ new Map();
-      attempts = /* @__PURE__ */ new Map();
-      key(ownerUserId, accessorUserId, memoryId) {
-        return `${ownerUserId}:${accessorUserId}:${memoryId}`;
-      }
-      async getBlock(ownerUserId, accessorUserId, memoryId) {
-        return this.blocks.get(this.key(ownerUserId, accessorUserId, memoryId)) ?? null;
-      }
-      async setBlock(ownerUserId, accessorUserId, memoryId, block) {
-        this.blocks.set(this.key(ownerUserId, accessorUserId, memoryId), block);
-      }
-      async removeBlock(ownerUserId, accessorUserId, memoryId) {
-        this.blocks.delete(this.key(ownerUserId, accessorUserId, memoryId));
-      }
-      async getAttempts(ownerUserId, accessorUserId, memoryId) {
-        return this.attempts.get(this.key(ownerUserId, accessorUserId, memoryId)) ?? null;
-      }
-      async incrementAttempts(ownerUserId, accessorUserId, memoryId) {
-        const k = this.key(ownerUserId, accessorUserId, memoryId);
-        const existing = this.attempts.get(k);
-        const record = {
-          count: (existing?.count ?? 0) + 1,
-          last_attempt_at: (/* @__PURE__ */ new Date()).toISOString()
-        };
-        this.attempts.set(k, record);
-        return record;
-      }
-    };
-    TRUST_PENALTY2 = 0.1;
-    MAX_ATTEMPTS_BEFORE_BLOCK2 = 3;
+    initialized = false;
   }
 });
 
@@ -3992,16 +3672,22 @@ function getMemoryCollection(userId) {
 var coreLogger = createLogger("info");
 var tokenService = new ConfirmationTokenService(coreLogger);
 var preferencesService = new PreferencesDatabaseService(coreLogger);
+var coreServicesCache = /* @__PURE__ */ new Map();
 function createCoreServices(userId) {
+  const cached = coreServicesCache.get(userId);
+  if (cached)
+    return cached;
   const collection = getMemoryCollection(userId);
   const weaviateClient = getWeaviateClient();
-  return {
+  const services = {
     memory: new MemoryService(collection, userId, coreLogger),
     relationship: new RelationshipService(collection, userId, coreLogger),
     space: new SpaceService(weaviateClient, collection, userId, tokenService, coreLogger),
     preferences: preferencesService,
     token: tokenService
   };
+  coreServicesCache.set(userId, services);
+  return services;
 }
 
 // src/tools/create-memory.ts
@@ -4131,114 +3817,6 @@ async function handleCreateMemory(args, userId, authContext, context) {
 
 // src/tools/search-memory.ts
 init_logger();
-
-// src/utils/weaviate-filters.ts
-import { Filters as Filters6 } from "weaviate-client";
-function buildCombinedSearchFilters2(collection, filters) {
-  const memoryFilters = buildDocTypeFilters2(collection, "memory", filters);
-  const relationshipFilters = buildDocTypeFilters2(collection, "relationship", filters);
-  const validFilters = [memoryFilters, relationshipFilters].filter((f) => f !== void 0 && f !== null);
-  if (validFilters.length === 0) {
-    return void 0;
-  } else if (validFilters.length === 1) {
-    return validFilters[0];
-  } else {
-    return combineFiltersWithOr2(validFilters);
-  }
-}
-function buildDocTypeFilters2(collection, docType, filters) {
-  const filterList = [];
-  filterList.push(
-    collection.filter.byProperty("doc_type").equal(docType)
-  );
-  if (docType === "memory" && filters?.types && filters.types.length > 0) {
-    if (filters.types.length === 1) {
-      filterList.push(
-        collection.filter.byProperty("content_type").equal(filters.types[0])
-      );
-    } else {
-      filterList.push(
-        collection.filter.byProperty("content_type").containsAny(filters.types)
-      );
-    }
-  }
-  if (filters?.weight_min !== void 0) {
-    filterList.push(
-      collection.filter.byProperty("weight").greaterThanOrEqual(filters.weight_min)
-    );
-  }
-  if (filters?.weight_max !== void 0) {
-    filterList.push(
-      collection.filter.byProperty("weight").lessThanOrEqual(filters.weight_max)
-    );
-  }
-  if (filters?.trust_min !== void 0) {
-    filterList.push(
-      collection.filter.byProperty("trust_score").greaterThanOrEqual(filters.trust_min)
-    );
-  }
-  if (filters?.trust_max !== void 0) {
-    filterList.push(
-      collection.filter.byProperty("trust_score").lessThanOrEqual(filters.trust_max)
-    );
-  }
-  if (filters?.date_from) {
-    filterList.push(
-      collection.filter.byProperty("created_at").greaterThanOrEqual(new Date(filters.date_from))
-    );
-  }
-  if (filters?.date_to) {
-    filterList.push(
-      collection.filter.byProperty("created_at").lessThanOrEqual(new Date(filters.date_to))
-    );
-  }
-  if (filters?.tags && filters.tags.length > 0) {
-    if (filters.tags.length === 1) {
-      filterList.push(
-        collection.filter.byProperty("tags").containsAny([filters.tags[0]])
-      );
-    } else {
-      filterList.push(
-        collection.filter.byProperty("tags").containsAny(filters.tags)
-      );
-    }
-  }
-  return combineFiltersWithAnd2(filterList);
-}
-function buildMemoryOnlyFilters2(collection, filters) {
-  return buildDocTypeFilters2(collection, "memory", filters);
-}
-function combineFiltersWithAnd2(filters) {
-  const validFilters = filters.filter((f) => f !== void 0 && f !== null);
-  if (validFilters.length === 0) {
-    return void 0;
-  }
-  if (validFilters.length === 1) {
-    return validFilters[0];
-  }
-  return Filters6.and(...validFilters);
-}
-function combineFiltersWithOr2(filters) {
-  const validFilters = filters.filter((f) => f !== void 0 && f !== null);
-  if (validFilters.length === 0) {
-    return void 0;
-  }
-  if (validFilters.length === 1) {
-    return validFilters[0];
-  }
-  return Filters6.or(...validFilters);
-}
-function buildDeletedFilter2(collection, deletedFilter = "exclude") {
-  if (deletedFilter === "exclude") {
-    return collection.filter.byProperty("deleted_at").isNull(true);
-  } else if (deletedFilter === "only") {
-    return collection.filter.byProperty("deleted_at").isNull(false);
-  }
-  return null;
-}
-
-// src/tools/search-memory.ts
-init_trust_enforcement();
 var searchMemoryTool = {
   name: "remember_search_memory",
   description: `Search memories AND relationships using hybrid semantic and keyword search.
@@ -4369,16 +3947,16 @@ async function handleSearchMemory(args, userId, authContext) {
     const alpha = args.alpha ?? 0.7;
     const limit = args.limit ?? 10;
     const offset = args.offset ?? 0;
-    const deletedFilter = buildDeletedFilter2(collection, args.deleted_filter || "exclude");
-    const trustFilter = ghostMode ? buildTrustFilter2(collection, ghostMode.accessor_trust_level) : null;
-    const searchFilters = includeRelationships ? buildCombinedSearchFilters2(collection, args.filters) : buildMemoryOnlyFilters2(collection, args.filters);
+    const deletedFilter = buildDeletedFilter(collection, args.deleted_filter || "exclude");
+    const trustFilter = ghostMode ? buildTrustFilter(collection, ghostMode.accessor_trust_level) : null;
+    const searchFilters = includeRelationships ? buildCombinedSearchFilters(collection, args.filters) : buildMemoryOnlyFilters(collection, args.filters);
     const hasExplicitTypeFilter = args.filters?.types && args.filters.types.length > 0;
     const ghostExclusionFilter = !hasExplicitTypeFilter ? collection.filter.byProperty("content_type").notEqual("ghost") : null;
-    const combinedFilters = combineFiltersWithAnd2([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter((f) => f !== null));
+    const combinedFilters = combineFiltersWithAnd([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter((f) => f !== null));
     const searchOptions = {
       alpha,
-      limit: limit + offset
-      // Get extra for offset
+      limit,
+      offset
     };
     if (combinedFilters) {
       searchOptions.filters = combinedFilters;
@@ -4390,10 +3968,9 @@ async function handleSearchMemory(args, userId, authContext) {
       deletedFilter: args.deleted_filter || "exclude"
     });
     const results = await collection.query.hybrid(args.query, searchOptions);
-    const paginatedResults = results.objects.slice(offset);
     const memories = [];
     const relationships = [];
-    for (const obj of paginatedResults) {
+    for (const obj of results.objects) {
       const doc = {
         id: obj.uuid,
         ...obj.properties
@@ -4709,7 +4286,6 @@ async function handleFindSimilar(args, userId, authContext) {
 
 // src/tools/query-memory.ts
 init_logger();
-init_trust_enforcement();
 var queryMemoryTool = {
   name: "remember_query_memory",
   description: `Query memories using natural language for RAG (Retrieval-Augmented Generation).
@@ -4837,12 +4413,12 @@ async function handleQueryMemory(args, userId, authContext) {
     const minRelevance = args.min_relevance ?? 0.6;
     const includeContext = args.include_context ?? true;
     const format = args.format ?? "detailed";
-    const deletedFilter = buildDeletedFilter2(collection, args.deleted_filter || "exclude");
-    const trustFilter = ghostMode ? buildTrustFilter2(collection, ghostMode.accessor_trust_level) : null;
-    const searchFilters = buildCombinedSearchFilters2(collection, args.filters);
+    const deletedFilter = buildDeletedFilter(collection, args.deleted_filter || "exclude");
+    const trustFilter = ghostMode ? buildTrustFilter(collection, ghostMode.accessor_trust_level) : null;
+    const searchFilters = buildCombinedSearchFilters(collection, args.filters);
     const hasExplicitTypeFilter = args.filters?.types && args.filters.types.length > 0;
     const ghostExclusionFilter = !hasExplicitTypeFilter ? collection.filter.byProperty("content_type").notEqual("ghost") : null;
-    const combinedFilters = combineFiltersWithAnd2([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter((f) => f !== null));
+    const combinedFilters = combineFiltersWithAnd([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter((f) => f !== null));
     const searchOptions = {
       limit,
       distance: 1 - minRelevance,
@@ -5954,7 +5530,7 @@ async function handleDeny(args, userId, authContext) {
 }
 
 // src/tools/search-space.ts
-import { Filters as Filters7 } from "weaviate-client";
+import { Filters as Filters6 } from "weaviate-client";
 var searchSpaceTool = {
   name: "remember_search_space",
   description: `Search shared spaces and/or groups to discover memories from other users.
@@ -6342,8 +5918,153 @@ async function handleModerate(args, userId, authContext) {
   }
 }
 
+// src/services/ghost-config.service.ts
+init_init();
+
+// src/firestore/paths.ts
+var APP_NAME2 = "remember-mcp";
+function getBasePrefix2() {
+  const environment = process.env.ENVIRONMENT;
+  if (environment && environment !== "production" && environment !== "prod") {
+    return `${environment}.${APP_NAME2}`;
+  }
+  const isDevelopment = process.env.NODE_ENV === "development";
+  if (isDevelopment) {
+    const customPrefix = process.env.DB_PREFIX;
+    if (customPrefix) {
+      return customPrefix;
+    }
+    return `e0.${APP_NAME2}`;
+  }
+  return APP_NAME2;
+}
+var BASE2 = getBasePrefix2();
+
+// src/services/ghost-config.service.ts
+init_logger();
+
+// src/types/ghost-config.ts
+var DEFAULT_GHOST_CONFIG2 = {
+  enabled: false,
+  public_ghost_enabled: false,
+  default_friend_trust: 0.25,
+  default_public_trust: 0,
+  per_user_trust: {},
+  blocked_users: [],
+  enforcement_mode: "query"
+};
+
+// src/services/ghost-config.service.ts
+var SERVICE = "GhostConfigService";
+function getGhostConfigPath(ownerUserId) {
+  return {
+    collectionPath: `${BASE2}.users/${ownerUserId}/ghost_config`,
+    docId: "settings"
+  };
+}
+async function getGhostConfig2(ownerUserId) {
+  try {
+    const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+    const doc = await getDocument(collectionPath, docId);
+    if (!doc) {
+      return { ...DEFAULT_GHOST_CONFIG2 };
+    }
+    return { ...DEFAULT_GHOST_CONFIG2, ...doc };
+  } catch (error) {
+    logger.error("Failed to get ghost config", {
+      service: SERVICE,
+      ownerUserId,
+      error: error instanceof Error ? error.message : String(error)
+    });
+    return { ...DEFAULT_GHOST_CONFIG2 };
+  }
+}
+async function setGhostConfigFields2(ownerUserId, config2) {
+  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+  await setDocument(collectionPath, docId, config2, { merge: true });
+  logger.info("Ghost config updated", {
+    service: SERVICE,
+    ownerUserId,
+    updatedKeys: Object.keys(config2)
+  });
+  return getGhostConfig2(ownerUserId);
+}
+async function setUserTrust2(ownerUserId, targetUserId, trustLevel) {
+  if (trustLevel < 0 || trustLevel > 1) {
+    throw new Error(`Trust level must be between 0 and 1, got ${trustLevel}`);
+  }
+  const current = await getGhostConfig2(ownerUserId);
+  const per_user_trust = { ...current.per_user_trust, [targetUserId]: trustLevel };
+  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+  await setDocument(collectionPath, docId, { per_user_trust }, { merge: true });
+  logger.info("User trust level set", {
+    service: SERVICE,
+    ownerUserId,
+    targetUserId,
+    trustLevel
+  });
+}
+async function removeUserTrust2(ownerUserId, targetUserId) {
+  const current = await getGhostConfig2(ownerUserId);
+  const per_user_trust = { ...current.per_user_trust };
+  delete per_user_trust[targetUserId];
+  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+  await setDocument(collectionPath, docId, { per_user_trust }, { merge: true });
+  logger.info("User trust override removed", {
+    service: SERVICE,
+    ownerUserId,
+    targetUserId
+  });
+}
+async function blockUser2(ownerUserId, targetUserId) {
+  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+  await setDocument(collectionPath, docId, {
+    blocked_users: FieldValue.arrayUnion(targetUserId)
+  }, { merge: true });
+  logger.info("User blocked from ghost access", {
+    service: SERVICE,
+    ownerUserId,
+    targetUserId
+  });
+}
+async function unblockUser2(ownerUserId, targetUserId) {
+  const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
+  await setDocument(collectionPath, docId, {
+    blocked_users: FieldValue.arrayRemove(targetUserId)
+  }, { merge: true });
+  logger.info("User unblocked from ghost access", {
+    service: SERVICE,
+    ownerUserId,
+    targetUserId
+  });
+}
+function validateGhostConfigUpdate2(config2) {
+  if (config2.default_friend_trust !== void 0) {
+    if (config2.default_friend_trust < 0 || config2.default_friend_trust > 1) {
+      throw new Error(`default_friend_trust must be between 0 and 1, got ${config2.default_friend_trust}`);
+    }
+  }
+  if (config2.default_public_trust !== void 0) {
+    if (config2.default_public_trust < 0 || config2.default_public_trust > 1) {
+      throw new Error(`default_public_trust must be between 0 and 1, got ${config2.default_public_trust}`);
+    }
+  }
+  if (config2.enforcement_mode !== void 0) {
+    const valid = ["query", "prompt", "hybrid"];
+    if (!valid.includes(config2.enforcement_mode)) {
+      throw new Error(`enforcement_mode must be one of ${valid.join(", ")}, got ${config2.enforcement_mode}`);
+    }
+  }
+  if (config2.per_user_trust !== void 0) {
+    for (const [userId, level] of Object.entries(config2.per_user_trust)) {
+      if (level < 0 || level > 1) {
+        throw new Error(`Trust level for ${userId} must be between 0 and 1, got ${level}`);
+      }
+    }
+  }
+}
+
 // src/tools/ghost-config.ts
-init_ghost_config_service();
 var ghostConfigTool = {
   name: "remember_ghost_config",
   description: `Manage ghost/persona configuration. Controls who can interact with your ghost and at what trust level.
@@ -6519,6 +6240,55 @@ async function handleGhostConfig(args, userId, authContext) {
   }
 }
 
+// src/services/access-control.ts
+async function resolveAccessorTrustLevel2(ghostConfig, ownerUserId, accessorUserId) {
+  if (accessorUserId in ghostConfig.per_user_trust) {
+    return ghostConfig.per_user_trust[accessorUserId];
+  }
+  const isFriend = await checkIfFriend(ownerUserId, accessorUserId);
+  if (isFriend) {
+    return ghostConfig.default_friend_trust ?? 0.25;
+  }
+  return ghostConfig.default_public_trust ?? 0;
+}
+var friendCache = /* @__PURE__ */ new Map();
+var FRIEND_CACHE_TTL_MS = 6e4;
+async function checkIfFriend(ownerUserId, accessorUserId) {
+  const cacheKey = [ownerUserId, accessorUserId].sort().join(":");
+  const cached = friendCache.get(cacheKey);
+  if (cached && Date.now() < cached.expiresAt) {
+    return cached.result;
+  }
+  try {
+    const { queryDocuments: queryDocuments3 } = await Promise.resolve().then(() => (init_init(), init_exports));
+    const BASE3 = process.env.FIRESTORE_BASE_PATH || "agentbase";
+    const [forward, reverse] = await Promise.all([
+      queryDocuments3(`${BASE3}.relationships`, {
+        where: [
+          { field: "from_user_id", op: "==", value: ownerUserId },
+          { field: "to_user_id", op: "==", value: accessorUserId },
+          { field: "friend", op: "==", value: true }
+        ],
+        limit: 1
+      }),
+      queryDocuments3(`${BASE3}.relationships`, {
+        where: [
+          { field: "from_user_id", op: "==", value: accessorUserId },
+          { field: "to_user_id", op: "==", value: ownerUserId },
+          { field: "friend", op: "==", value: true }
+        ],
+        limit: 1
+      })
+    ]);
+    const result = forward.length > 0 || reverse.length > 0;
+    friendCache.set(cacheKey, { result, expiresAt: Date.now() + FRIEND_CACHE_TTL_MS });
+    return result;
+  } catch (error) {
+    console.error("[checkIfFriend] Error checking friend status:", error);
+    return false;
+  }
+}
+
 // src/server-factory.ts
 var databasesInitialized = false;
 var initializationPromise = null;
@@ -6570,10 +6340,8 @@ async function createServer(accessToken, userId, options = {}) {
   );
   let resolvedGhostMode;
   if (options.ghostMode) {
-    const { getGhostConfig: getGhostConfig3 } = await Promise.resolve().then(() => (init_ghost_config_service(), ghost_config_service_exports));
-    const { resolveAccessorTrustLevel: resolveAccessorTrustLevel3 } = await Promise.resolve().then(() => (init_access_control(), access_control_exports));
-    const ghostConfig = await getGhostConfig3(options.ghostMode.owner_user_id);
-    const trustLevel = resolveAccessorTrustLevel3(ghostConfig, options.ghostMode.accessor_user_id);
+    const ghostConfig = await getGhostConfig2(options.ghostMode.owner_user_id);
+    const trustLevel = await resolveAccessorTrustLevel2(ghostConfig, options.ghostMode.owner_user_id, options.ghostMode.accessor_user_id);
     resolvedGhostMode = {
       owner_user_id: options.ghostMode.owner_user_id,
       accessor_user_id: options.ghostMode.accessor_user_id,