npm - @prmichaelsen/remember-mcp - Versions diffs - 3.14.11 → 3.14.14 - Mend

@prmichaelsen/remember-mcp 3.14.11 → 3.14.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/CHANGELOG.md +20 -0
package/agent/milestones/milestone-18-performance-tuning.md +45 -0
package/agent/progress.yaml +86 -2
package/agent/tasks/task-77-parallelize-checkiffriend.md +62 -0
package/agent/tasks/task-78-cache-checkiffriend.md +78 -0
package/agent/tasks/task-79-memoize-core-services.md +75 -0
package/agent/tasks/task-80-parallelize-startup-health-checks.md +57 -0
package/agent/tasks/task-81-optimize-ghost-config-block-unblock.md +64 -0
package/agent/tasks/task-82-native-weaviate-offset.md +69 -0
package/agent/tasks/task-83-eliminate-redundant-validatetoken.md +53 -0
package/agent/tasks/task-84-static-imports-server-factory.md +52 -0
package/dist/core-services.d.ts +3 -1
package/dist/server-factory.js +250 -482
package/dist/server.js +29 -140
package/dist/services/access-control.d.ts +5 -5
package/dist/services/ghost-config.service.d.ts +2 -0
package/package.json +1 -1
package/src/core-services.ts +16 -2
package/src/server-factory.ts +5 -3
package/src/server.ts +5 -3
package/src/services/access-control.spec.ts +11 -11
package/src/services/access-control.ts +74 -8
package/src/services/ghost-config.service.spec.ts +22 -15
package/src/services/ghost-config.service.ts +9 -15
package/src/tools/query-memory.ts +1 -2
package/src/tools/search-memory.ts +5 -8
package/dist/services/trust-enforcement.d.ts +0 -83
package/dist/services/trust-enforcement.spec.d.ts +0 -2
package/dist/utils/weaviate-filters.d.ts +0 -56
package/dist/utils/weaviate-filters.spec.d.ts +0 -8
package/src/services/trust-enforcement.spec.ts +0 -309
package/src/services/trust-enforcement.ts +0 -197
package/src/utils/weaviate-filters.spec.ts +0 -312
package/src/utils/weaviate-filters.ts +0 -236

package/dist/server.js CHANGED Viewed

@@ -3676,16 +3676,22 @@ function getMemoryCollection(userId) {
 var coreLogger = createLogger("info");
 var tokenService = new ConfirmationTokenService(coreLogger);
 var preferencesService = new PreferencesDatabaseService(coreLogger);
+var coreServicesCache = /* @__PURE__ */ new Map();
 function createCoreServices(userId) {
+  const cached = coreServicesCache.get(userId);
+  if (cached)
+    return cached;
   const collection = getMemoryCollection(userId);
   const weaviateClient = getWeaviateClient();
-  return {
+  const services = {
     memory: new MemoryService(collection, userId, coreLogger),
     relationship: new RelationshipService(collection, userId, coreLogger),
     space: new SpaceService(weaviateClient, collection, userId, tokenService, coreLogger),
     preferences: preferencesService,
     token: tokenService
   };
+  coreServicesCache.set(userId, services);
+  return services;
 }
 // src/tools/create-memory.ts
@@ -3815,118 +3821,6 @@ async function handleCreateMemory(args, userId, authContext, context) {
 // src/tools/search-memory.ts
 init_logger();
-// src/utils/weaviate-filters.ts
-import { Filters as Filters6 } from "weaviate-client";
-function buildCombinedSearchFilters2(collection, filters) {
-  const memoryFilters = buildDocTypeFilters2(collection, "memory", filters);
-  const relationshipFilters = buildDocTypeFilters2(collection, "relationship", filters);
-  const validFilters = [memoryFilters, relationshipFilters].filter((f) => f !== void 0 && f !== null);
-  if (validFilters.length === 0) {
-    return void 0;
-  } else if (validFilters.length === 1) {
-    return validFilters[0];
-  } else {
-    return combineFiltersWithOr2(validFilters);
-  }
-}
-function buildDocTypeFilters2(collection, docType, filters) {
-  const filterList = [];
-  filterList.push(
-    collection.filter.byProperty("doc_type").equal(docType)
-  );
-  if (docType === "memory" && filters?.types && filters.types.length > 0) {
-    if (filters.types.length === 1) {
-      filterList.push(
-        collection.filter.byProperty("content_type").equal(filters.types[0])
-      );
-    } else {
-      filterList.push(
-        collection.filter.byProperty("content_type").containsAny(filters.types)
-      );
-    }
-  }
-  if (filters?.weight_min !== void 0) {
-    filterList.push(
-      collection.filter.byProperty("weight").greaterThanOrEqual(filters.weight_min)
-    );
-  }
-  if (filters?.weight_max !== void 0) {
-    filterList.push(
-      collection.filter.byProperty("weight").lessThanOrEqual(filters.weight_max)
-    );
-  }
-  if (filters?.trust_min !== void 0) {
-    filterList.push(
-      collection.filter.byProperty("trust_score").greaterThanOrEqual(filters.trust_min)
-    );
-  }
-  if (filters?.trust_max !== void 0) {
-    filterList.push(
-      collection.filter.byProperty("trust_score").lessThanOrEqual(filters.trust_max)
-    );
-  }
-  if (filters?.date_from) {
-    filterList.push(
-      collection.filter.byProperty("created_at").greaterThanOrEqual(new Date(filters.date_from))
-    );
-  }
-  if (filters?.date_to) {
-    filterList.push(
-      collection.filter.byProperty("created_at").lessThanOrEqual(new Date(filters.date_to))
-    );
-  }
-  if (filters?.tags && filters.tags.length > 0) {
-    if (filters.tags.length === 1) {
-      filterList.push(
-        collection.filter.byProperty("tags").containsAny([filters.tags[0]])
-      );
-    } else {
-      filterList.push(
-        collection.filter.byProperty("tags").containsAny(filters.tags)
-      );
-    }
-  }
-  return combineFiltersWithAnd2(filterList);
-}
-function buildMemoryOnlyFilters2(collection, filters) {
-  return buildDocTypeFilters2(collection, "memory", filters);
-}
-function combineFiltersWithAnd2(filters) {
-  const validFilters = filters.filter((f) => f !== void 0 && f !== null);
-  if (validFilters.length === 0) {
-    return void 0;
-  }
-  if (validFilters.length === 1) {
-    return validFilters[0];
-  }
-  return Filters6.and(...validFilters);
-}
-function combineFiltersWithOr2(filters) {
-  const validFilters = filters.filter((f) => f !== void 0 && f !== null);
-  if (validFilters.length === 0) {
-    return void 0;
-  }
-  if (validFilters.length === 1) {
-    return validFilters[0];
-  }
-  return Filters6.or(...validFilters);
-}
-function buildDeletedFilter2(collection, deletedFilter = "exclude") {
-  if (deletedFilter === "exclude") {
-    return collection.filter.byProperty("deleted_at").isNull(true);
-  } else if (deletedFilter === "only") {
-    return collection.filter.byProperty("deleted_at").isNull(false);
-  }
-  return null;
-}
-// src/services/trust-enforcement.ts
-function buildTrustFilter2(collection, accessorTrustLevel) {
-  return collection.filter.byProperty("trust_score").lessThanOrEqual(accessorTrustLevel);
-}
-// src/tools/search-memory.ts
 var searchMemoryTool = {
   name: "remember_search_memory",
   description: `Search memories AND relationships using hybrid semantic and keyword search.
@@ -4057,16 +3951,16 @@ async function handleSearchMemory(args, userId, authContext) {
     const alpha = args.alpha ?? 0.7;
     const limit = args.limit ?? 10;
     const offset = args.offset ?? 0;
-    const deletedFilter = buildDeletedFilter2(collection, args.deleted_filter || "exclude");
-    const trustFilter = ghostMode ? buildTrustFilter2(collection, ghostMode.accessor_trust_level) : null;
-    const searchFilters = includeRelationships ? buildCombinedSearchFilters2(collection, args.filters) : buildMemoryOnlyFilters2(collection, args.filters);
+    const deletedFilter = buildDeletedFilter(collection, args.deleted_filter || "exclude");
+    const trustFilter = ghostMode ? buildTrustFilter(collection, ghostMode.accessor_trust_level) : null;
+    const searchFilters = includeRelationships ? buildCombinedSearchFilters(collection, args.filters) : buildMemoryOnlyFilters(collection, args.filters);
     const hasExplicitTypeFilter = args.filters?.types && args.filters.types.length > 0;
     const ghostExclusionFilter = !hasExplicitTypeFilter ? collection.filter.byProperty("content_type").notEqual("ghost") : null;
-    const combinedFilters = combineFiltersWithAnd2([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter((f) => f !== null));
+    const combinedFilters = combineFiltersWithAnd([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter((f) => f !== null));
     const searchOptions = {
       alpha,
-      limit: limit + offset
-      // Get extra for offset
+      limit,
+      offset
     };
     if (combinedFilters) {
       searchOptions.filters = combinedFilters;
@@ -4078,10 +3972,9 @@ async function handleSearchMemory(args, userId, authContext) {
       deletedFilter: args.deleted_filter || "exclude"
     });
     const results = await collection.query.hybrid(args.query, searchOptions);
-    const paginatedResults = results.objects.slice(offset);
     const memories = [];
     const relationships = [];
-    for (const obj of paginatedResults) {
+    for (const obj of results.objects) {
       const doc = {
         id: obj.uuid,
         ...obj.properties
@@ -4524,12 +4417,12 @@ async function handleQueryMemory(args, userId, authContext) {
     const minRelevance = args.min_relevance ?? 0.6;
     const includeContext = args.include_context ?? true;
     const format = args.format ?? "detailed";
-    const deletedFilter = buildDeletedFilter2(collection, args.deleted_filter || "exclude");
-    const trustFilter = ghostMode ? buildTrustFilter2(collection, ghostMode.accessor_trust_level) : null;
-    const searchFilters = buildCombinedSearchFilters2(collection, args.filters);
+    const deletedFilter = buildDeletedFilter(collection, args.deleted_filter || "exclude");
+    const trustFilter = ghostMode ? buildTrustFilter(collection, ghostMode.accessor_trust_level) : null;
+    const searchFilters = buildCombinedSearchFilters(collection, args.filters);
     const hasExplicitTypeFilter = args.filters?.types && args.filters.types.length > 0;
     const ghostExclusionFilter = !hasExplicitTypeFilter ? collection.filter.byProperty("content_type").notEqual("ghost") : null;
-    const combinedFilters = combineFiltersWithAnd2([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter((f) => f !== null));
+    const combinedFilters = combineFiltersWithAnd([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter((f) => f !== null));
     const searchOptions = {
       limit,
       distance: 1 - minRelevance,
@@ -5641,7 +5534,7 @@ async function handleDeny(args, userId, authContext) {
 }
 // src/tools/search-space.ts
-import { Filters as Filters7 } from "weaviate-client";
+import { Filters as Filters6 } from "weaviate-client";
 var searchSpaceTool = {
   name: "remember_search_space",
   description: `Search shared spaces and/or groups to discover memories from other users.
@@ -6125,13 +6018,10 @@ async function removeUserTrust2(ownerUserId, targetUserId) {
   });
 }
 async function blockUser2(ownerUserId, targetUserId) {
-  const current = await getGhostConfig2(ownerUserId);
-  if (current.blocked_users.includes(targetUserId)) {
-    return;
-  }
-  const blocked_users = [...current.blocked_users, targetUserId];
   const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, { blocked_users }, { merge: true });
+  await setDocument(collectionPath, docId, {
+    blocked_users: FieldValue.arrayUnion(targetUserId)
+  }, { merge: true });
   logger.info("User blocked from ghost access", {
     service: SERVICE,
     ownerUserId,
@@ -6139,13 +6029,10 @@ async function blockUser2(ownerUserId, targetUserId) {
   });
 }
 async function unblockUser2(ownerUserId, targetUserId) {
-  const current = await getGhostConfig2(ownerUserId);
-  if (!current.blocked_users.includes(targetUserId)) {
-    return;
-  }
-  const blocked_users = current.blocked_users.filter((id) => id !== targetUserId);
   const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, { blocked_users }, { merge: true });
+  await setDocument(collectionPath, docId, {
+    blocked_users: FieldValue.arrayRemove(targetUserId)
+  }, { merge: true });
   logger.info("User unblocked from ghost access", {
     service: SERVICE,
     ownerUserId,
@@ -6361,8 +6248,10 @@ async function initServer() {
   logger.info("Connecting to databases...");
   await initWeaviateClient();
   initFirestore();
-  const weaviateOk = await testWeaviateConnection();
-  const firestoreOk = await testFirestoreConnection();
+  const [weaviateOk, firestoreOk] = await Promise.all([
+    testWeaviateConnection(),
+    testFirestoreConnection()
+  ]);
   if (!weaviateOk || !firestoreOk) {
     throw new Error("Database connection failed");
   }

package/dist/services/access-control.d.ts CHANGED Viewed

@@ -89,13 +89,13 @@ export declare function resetBlock(ownerUserId: string, accessorUserId: string,
 /**
  * Resolve the trust level for an accessor from GhostConfig.
  *
- * Priority: per_user_trust → default_friend_trust → default_public_trust → 0
+ * Priority: per_user_trust → default_friend_trust (if friends) → default_public_trust → 0
  *
- * Note: "friend" vs "public" distinction will be determined by the calling
- * context in M16 (friend list, social graph). For now, non-per_user accessors
- * fall through to default_public_trust.
+ * Checks Firestore relationships collection to determine friend status.
  */
-export declare function resolveAccessorTrustLevel(ghostConfig: GhostConfig, accessorUserId: string): number;
+export declare function resolveAccessorTrustLevel(ghostConfig: GhostConfig, ownerUserId: string, accessorUserId: string): Promise<number>;
+/** Clear the friend status cache (for tests or forced refresh) */
+export declare function invalidateFriendCache(): void;
 /**
  * Format an AccessResult into a human-readable message.
  */

package/dist/services/ghost-config.service.d.ts CHANGED Viewed

@@ -30,10 +30,12 @@ export declare function setUserTrust(ownerUserId: string, targetUserId: string,
 export declare function removeUserTrust(ownerUserId: string, targetUserId: string): Promise<void>;
 /**
  * Block a user from ghost access.
+ * Uses FieldValue.arrayUnion for atomic add without reading first (idempotent).
  */
 export declare function blockUser(ownerUserId: string, targetUserId: string): Promise<void>;
 /**
  * Unblock a user from ghost access.
+ * Uses FieldValue.arrayRemove for atomic remove without reading first (safe if not present).
  */
 export declare function unblockUser(ownerUserId: string, targetUserId: string): Promise<void>;
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@prmichaelsen/remember-mcp",
-  "version": "3.14.11",
+  "version": "3.14.14",
   "description": "Multi-tenant memory system MCP server with vector search and relationships",
   "main": "dist/server.js",
   "type": "module",

package/src/core-services.ts CHANGED Viewed

@@ -30,21 +30,35 @@ const coreLogger: Logger = createLogger('info');
 const tokenService = new ConfirmationTokenService(coreLogger);
 const preferencesService = new PreferencesDatabaseService(coreLogger);
+/** Cached CoreServices per userId — avoids re-instantiation on every tool call */
+const coreServicesCache = new Map<string, CoreServices>();
 /**
- * Create core services scoped to a specific user.
+ * Create (or return cached) core services scoped to a specific user.
  * Call after databases have been initialized (initWeaviateClient + initFirestore).
  */
 export function createCoreServices(userId: string): CoreServices {
+  const cached = coreServicesCache.get(userId);
+  if (cached) return cached;
   const collection = getMemoryCollection(userId);
   const weaviateClient = getWeaviateClient();
-  return {
+  const services: CoreServices = {
     memory: new MemoryService(collection, userId, coreLogger),
     relationship: new RelationshipService(collection, userId, coreLogger),
     space: new SpaceService(weaviateClient, collection, userId, tokenService, coreLogger),
     preferences: preferencesService,
     token: tokenService,
   };
+  coreServicesCache.set(userId, services);
+  return services;
+}
+/** Clear the core services cache (for tests or forced refresh) */
+export function invalidateCoreServicesCache(): void {
+  coreServicesCache.clear();
 }
 export { coreLogger, tokenService, preferencesService };

package/src/server-factory.ts CHANGED Viewed

@@ -45,6 +45,10 @@ import { querySpaceTool, handleQuerySpace } from './tools/query-space.js';
 import { moderateTool, handleModerate } from './tools/moderate.js';
 import { ghostConfigTool, handleGhostConfig } from './tools/ghost-config.js';
+// Import services (static — avoids dynamic import overhead on hot path)
+import { getGhostConfig } from './services/ghost-config.service.js';
+import { resolveAccessorTrustLevel } from './services/access-control.js';
 export interface ServerOptions {
   name?: string;
   version?: string;
@@ -175,10 +179,8 @@ export async function createServer(
   // Resolve ghost mode trust level from Firestore if ghost mode is configured
   let resolvedGhostMode: import('./types/auth.js').GhostModeContext | undefined;
   if (options.ghostMode) {
-    const { getGhostConfig } = await import('./services/ghost-config.service.js');
-    const { resolveAccessorTrustLevel } = await import('./services/access-control.js');
     const ghostConfig = await getGhostConfig(options.ghostMode.owner_user_id);
-    const trustLevel = resolveAccessorTrustLevel(ghostConfig, options.ghostMode.accessor_user_id);
+    const trustLevel = await resolveAccessorTrustLevel(ghostConfig, options.ghostMode.owner_user_id, options.ghostMode.accessor_user_id);
     resolvedGhostMode = {
       owner_user_id: options.ghostMode.owner_user_id,
       accessor_user_id: options.ghostMode.accessor_user_id,

package/src/server.ts CHANGED Viewed

@@ -57,9 +57,11 @@ async function initServer(): Promise<Server> {
   await initWeaviateClient();
   initFirestore();
-  // Test connections
-  const weaviateOk = await testWeaviateConnection();
-  const firestoreOk = await testFirestoreConnection();
+  // Test connections in parallel
+  const [weaviateOk, firestoreOk] = await Promise.all([
+    testWeaviateConnection(),
+    testFirestoreConnection(),
+  ]);
   if (!weaviateOk || !firestoreOk) {
     throw new Error('Database connection failed');

package/src/services/access-control.spec.ts CHANGED Viewed

@@ -207,36 +207,36 @@ describe('checkMemoryAccess', () => {
 // ─── resolveAccessorTrustLevel ─────────────────────────────────────────────
 describe('resolveAccessorTrustLevel', () => {
-  it('returns per_user_trust when set', () => {
+  it('returns per_user_trust when set', async () => {
     const config = createEnabledGhostConfig({ per_user_trust: { 'alice': 0.9 } });
-    expect(resolveAccessorTrustLevel(config, 'alice')).toBe(0.9);
+    expect(await resolveAccessorTrustLevel(config, 'owner', 'alice')).toBe(0.9);
   });
-  it('falls through to default_public_trust when no per_user_trust', () => {
+  it('falls through to default_public_trust when no per_user_trust', async () => {
     const config = createEnabledGhostConfig({ default_public_trust: 0.3 });
-    expect(resolveAccessorTrustLevel(config, 'stranger')).toBe(0.3);
+    expect(await resolveAccessorTrustLevel(config, 'owner', 'stranger')).toBe(0.3);
   });
-  it('returns 0 when default_public_trust not set', () => {
+  it('returns 0 when default_public_trust not set', async () => {
     const config = createEnabledGhostConfig({ default_public_trust: 0 });
-    expect(resolveAccessorTrustLevel(config, 'unknown')).toBe(0);
+    expect(await resolveAccessorTrustLevel(config, 'owner', 'unknown')).toBe(0);
   });
-  it('per_user_trust takes priority over default', () => {
+  it('per_user_trust takes priority over default', async () => {
     const config = createEnabledGhostConfig({
       default_public_trust: 0.1,
       per_user_trust: { 'bob': 0.8 },
     });
-    expect(resolveAccessorTrustLevel(config, 'bob')).toBe(0.8);
-    expect(resolveAccessorTrustLevel(config, 'carol')).toBe(0.1);
+    expect(await resolveAccessorTrustLevel(config, 'owner', 'bob')).toBe(0.8);
+    expect(await resolveAccessorTrustLevel(config, 'owner', 'carol')).toBe(0.1);
   });
-  it('per_user_trust of 0 is used (not falsy fallthrough)', () => {
+  it('per_user_trust of 0 is used (not falsy fallthrough)', async () => {
     const config = createEnabledGhostConfig({
       default_public_trust: 0.5,
       per_user_trust: { 'restricted': 0 },
     });
-    expect(resolveAccessorTrustLevel(config, 'restricted')).toBe(0);
+    expect(await resolveAccessorTrustLevel(config, 'owner', 'restricted')).toBe(0);
   });
 });

package/src/services/access-control.ts CHANGED Viewed

@@ -16,7 +16,7 @@ import type { Memory } from '../types/memory.js';
 import type { AccessResult } from '../types/access-result.js';
 import type { GhostConfig } from '../types/ghost-config.js';
 import { DEFAULT_GHOST_CONFIG } from '../types/ghost-config.js';
-import { isTrustSufficient } from './trust-enforcement.js';
+import { isTrustSufficient } from '@prmichaelsen/remember-core';
 // ─── Types ─────────────────────────────────────────────────────────────────
@@ -164,7 +164,7 @@ export async function checkMemoryAccess(
   }
   // 5. Check trust level
-  const accessorTrust = resolveAccessorTrustLevel(ghostConfig, accessorUserId);
+  const accessorTrust = await resolveAccessorTrustLevel(ghostConfig, ownerUserId, accessorUserId);
   const memoryTrust = memory.trust;
   if (!isTrustSufficient(memoryTrust, accessorTrust)) {
@@ -250,22 +250,88 @@ export async function resetBlock(
 /**
  * Resolve the trust level for an accessor from GhostConfig.
  *
- * Priority: per_user_trust → default_friend_trust → default_public_trust → 0
+ * Priority: per_user_trust → default_friend_trust (if friends) → default_public_trust → 0
  *
- * Note: "friend" vs "public" distinction will be determined by the calling
- * context in M16 (friend list, social graph). For now, non-per_user accessors
- * fall through to default_public_trust.
+ * Checks Firestore relationships collection to determine friend status.
  */
-export function resolveAccessorTrustLevel(ghostConfig: GhostConfig, accessorUserId: string): number {
+export async function resolveAccessorTrustLevel(
+  ghostConfig: GhostConfig,
+  ownerUserId: string,
+  accessorUserId: string
+): Promise<number> {
   // 1. Per-user override
   if (accessorUserId in ghostConfig.per_user_trust) {
     return ghostConfig.per_user_trust[accessorUserId];
   }
-  // 2. Fall through to public trust (friend detection deferred to M16)
+  // 2. Check if accessor is a friend
+  const isFriend = await checkIfFriend(ownerUserId, accessorUserId);
+  if (isFriend) {
+    return ghostConfig.default_friend_trust ?? 0.25;
+  }
+  // 3. Fall through to public trust
   return ghostConfig.default_public_trust ?? 0;
 }
+// ─── Friend Cache ─────────────────────────────────────────────────────────
+/** TTL cache for friend status lookups (avoids redundant Firestore reads) */
+const friendCache = new Map<string, { result: boolean; expiresAt: number }>();
+const FRIEND_CACHE_TTL_MS = 60_000; // 60 seconds
+/** Clear the friend status cache (for tests or forced refresh) */
+export function invalidateFriendCache(): void {
+  friendCache.clear();
+}
+/**
+ * Check if accessor is a friend of owner by querying relationships collection.
+ * Results are cached for 60 seconds per user pair.
+ */
+async function checkIfFriend(ownerUserId: string, accessorUserId: string): Promise<boolean> {
+  // Check cache first (sorted key so a:b and b:a hit the same entry)
+  const cacheKey = [ownerUserId, accessorUserId].sort().join(':');
+  const cached = friendCache.get(cacheKey);
+  if (cached && Date.now() < cached.expiresAt) {
+    return cached.result;
+  }
+  try {
+    const { queryDocuments } = await import('../firestore/init.js');
+    const BASE = process.env.FIRESTORE_BASE_PATH || 'agentbase';
+    // Run both direction queries in parallel
+    const [forward, reverse] = await Promise.all([
+      queryDocuments(`${BASE}.relationships`, {
+        where: [
+          { field: 'from_user_id', op: '==', value: ownerUserId },
+          { field: 'to_user_id', op: '==', value: accessorUserId },
+          { field: 'friend', op: '==', value: true },
+        ],
+        limit: 1,
+      }),
+      queryDocuments(`${BASE}.relationships`, {
+        where: [
+          { field: 'from_user_id', op: '==', value: accessorUserId },
+          { field: 'to_user_id', op: '==', value: ownerUserId },
+          { field: 'friend', op: '==', value: true },
+        ],
+        limit: 1,
+      }),
+    ]);
+    const result = forward.length > 0 || reverse.length > 0;
+    friendCache.set(cacheKey, { result, expiresAt: Date.now() + FRIEND_CACHE_TTL_MS });
+    return result;
+  } catch (error) {
+    console.error('[checkIfFriend] Error checking friend status:', error);
+    // On error, treat as not friends (safer default)
+    return false;
+  }
+}
 // ─── Message Formatting ───────────────────────────────────────────────────
 /**

package/src/services/ghost-config.service.spec.ts CHANGED Viewed

@@ -15,6 +15,10 @@ import * as firestoreInit from '../firestore/init';
 jest.mock('../firestore/init', () => ({
   getDocument: jest.fn(),
   setDocument: jest.fn(),
+  FieldValue: {
+    arrayUnion: (...elements: any[]) => ({ _type: 'arrayUnion', _value: elements }),
+    arrayRemove: (...elements: any[]) => ({ _type: 'arrayRemove', _value: elements }),
+  },
 }));
 jest.mock('../firestore/paths', () => ({
@@ -179,8 +183,7 @@ describe('GhostConfigService', () => {
   });
   describe('blockUser', () => {
-    it('adds user to blocked list', async () => {
-      mockGetDocument.mockResolvedValue({ blocked_users: [] });
+    it('adds user to blocked list using FieldValue.arrayUnion', async () => {
       mockSetDocument.mockResolvedValue(undefined);
       await blockUser('owner-1', 'bad-user');
@@ -188,21 +191,23 @@ describe('GhostConfigService', () => {
       expect(mockSetDocument).toHaveBeenCalledWith(
         'test-remember-mcp.users/owner-1/ghost_config',
         'settings',
-        { blocked_users: ['bad-user'] },
+        { blocked_users: { _type: 'arrayUnion', _value: ['bad-user'] } },
         { merge: true }
       );
+      // No read needed — arrayUnion is idempotent
+      expect(mockGetDocument).not.toHaveBeenCalled();
     });
-    it('does not duplicate already blocked user', async () => {
-      mockGetDocument.mockResolvedValue({ blocked_users: ['bad-user'] });
+    it('does not duplicate already blocked user (arrayUnion is idempotent)', async () => {
+      mockSetDocument.mockResolvedValue(undefined);
       await blockUser('owner-1', 'bad-user');
-      expect(mockSetDocument).not.toHaveBeenCalled();
+      // arrayUnion handles dedup atomically — always writes
+      expect(mockSetDocument).toHaveBeenCalledTimes(1);
     });
-    it('preserves existing blocked users', async () => {
-      mockGetDocument.mockResolvedValue({ blocked_users: ['user-a'] });
+    it('preserves existing blocked users (arrayUnion appends atomically)', async () => {
       mockSetDocument.mockResolvedValue(undefined);
       await blockUser('owner-1', 'user-b');
@@ -210,15 +215,14 @@ describe('GhostConfigService', () => {
       expect(mockSetDocument).toHaveBeenCalledWith(
         'test-remember-mcp.users/owner-1/ghost_config',
         'settings',
-        { blocked_users: ['user-a', 'user-b'] },
+        { blocked_users: { _type: 'arrayUnion', _value: ['user-b'] } },
         { merge: true }
       );
     });
   });
   describe('unblockUser', () => {
-    it('removes user from blocked list', async () => {
-      mockGetDocument.mockResolvedValue({ blocked_users: ['bad-user', 'other'] });
+    it('removes user from blocked list using FieldValue.arrayRemove', async () => {
       mockSetDocument.mockResolvedValue(undefined);
       await unblockUser('owner-1', 'bad-user');
@@ -226,17 +230,20 @@ describe('GhostConfigService', () => {
       expect(mockSetDocument).toHaveBeenCalledWith(
         'test-remember-mcp.users/owner-1/ghost_config',
         'settings',
-        { blocked_users: ['other'] },
+        { blocked_users: { _type: 'arrayRemove', _value: ['bad-user'] } },
         { merge: true }
       );
+      // No read needed — arrayRemove is safe if element not present
+      expect(mockGetDocument).not.toHaveBeenCalled();
     });
-    it('does nothing if user not blocked', async () => {
-      mockGetDocument.mockResolvedValue({ blocked_users: [] });
+    it('is safe when user not blocked (arrayRemove is idempotent)', async () => {
+      mockSetDocument.mockResolvedValue(undefined);
       await unblockUser('owner-1', 'not-blocked');
-      expect(mockSetDocument).not.toHaveBeenCalled();
+      // arrayRemove always writes — safe no-op if element not present
+      expect(mockSetDocument).toHaveBeenCalledTimes(1);
     });
   });