@prmichaelsen/remember-mcp 3.14.11 → 3.14.14

package/src/services/ghost-config.service.ts

@@ -9,7 +9,7 @@
  * See agent/design/local.ghost-persona-system.md
  */
 
-import { getDocument, setDocument } from '../firestore/init.js';
+import { getDocument, setDocument, FieldValue } from '../firestore/init.js';
 import { BASE } from '../firestore/paths.js';
 import { logger } from '../utils/logger.js';
 import type { GhostConfig, TrustEnforcementMode } from '../types/ghost-config.js';
@@ -121,19 +121,16 @@ export async function removeUserTrust(
 
 /**
  * Block a user from ghost access.
+ * Uses FieldValue.arrayUnion for atomic add without reading first (idempotent).
  */
 export async function blockUser(
   ownerUserId: string,
   targetUserId: string
 ): Promise<void> {
-  const current = await getGhostConfig(ownerUserId);
-  if (current.blocked_users.includes(targetUserId)) {
-    return; // already blocked
-  }
-
-  const blocked_users = [...current.blocked_users, targetUserId];
   const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, { blocked_users }, { merge: true });
+  await setDocument(collectionPath, docId, {
+    blocked_users: FieldValue.arrayUnion(targetUserId),
+  }, { merge: true });
 
   logger.info('User blocked from ghost access', {
     service: SERVICE,
@@ -144,19 +141,16 @@ export async function blockUser(
 
 /**
  * Unblock a user from ghost access.
+ * Uses FieldValue.arrayRemove for atomic remove without reading first (safe if not present).
  */
 export async function unblockUser(
   ownerUserId: string,
   targetUserId: string
 ): Promise<void> {
-  const current = await getGhostConfig(ownerUserId);
-  if (!current.blocked_users.includes(targetUserId)) {
-    return; // not blocked
-  }
-
-  const blocked_users = current.blocked_users.filter(id => id !== targetUserId);
   const { collectionPath, docId } = getGhostConfigPath(ownerUserId);
-  await setDocument(collectionPath, docId, { blocked_users }, { merge: true });
+  await setDocument(collectionPath, docId, {
+    blocked_users: FieldValue.arrayRemove(targetUserId),
+  }, { merge: true });
 
   logger.info('User unblocked from ghost access', {
     service: SERVICE,

package/src/tools/query-memory.ts

@@ -7,8 +7,7 @@ import type { Memory, SearchFilters, DeletedFilter } from '../types/memory.js';
 import { getMemoryCollection } from '../weaviate/schema.js';
 import { logger } from '../utils/logger.js';
 import { handleToolError } from '../utils/error-handler.js';
-import { buildCombinedSearchFilters, buildDeletedFilter, combineFiltersWithAnd } from '../utils/weaviate-filters.js';
-import { buildTrustFilter } from '../services/trust-enforcement.js';
+import { buildCombinedSearchFilters, buildDeletedFilter, combineFiltersWithAnd, buildTrustFilter } from '@prmichaelsen/remember-core';
 import { createDebugLogger } from '../utils/debug.js';
 import type { AuthContext } from '../types/auth.js';
 

package/src/tools/search-memory.ts

@@ -7,8 +7,7 @@ import type { Memory, Relationship, SearchOptions, SearchResult, SearchFilters }
 import { getMemoryCollection } from '../weaviate/schema.js';
 import { logger } from '../utils/logger.js';
 import { handleToolError } from '../utils/error-handler.js';
-import { buildCombinedSearchFilters, buildMemoryOnlyFilters, buildDeletedFilter, combineFiltersWithAnd } from '../utils/weaviate-filters.js';
-import { buildTrustFilter } from '../services/trust-enforcement.js';
+import { buildCombinedSearchFilters, buildMemoryOnlyFilters, buildDeletedFilter, combineFiltersWithAnd, buildTrustFilter } from '@prmichaelsen/remember-core';
 import { createDebugLogger } from '../utils/debug.js';
 import type { AuthContext } from '../types/auth.js';
 
@@ -182,10 +181,11 @@ export async function handleSearchMemory(
     // Combine deleted filter, trust filter, ghost exclusion, and search filters
     const combinedFilters = combineFiltersWithAnd([deletedFilter, trustFilter, ghostExclusionFilter, searchFilters].filter(f => f !== null));
 
-    // Build search options
+    // Build search options (native offset handled by Weaviate)
     const searchOptions: any = {
       alpha: alpha,
-      limit: limit + offset, // Get extra for offset
+      limit: limit,
+      offset: offset,
     };
 
     // Add filters if present
@@ -204,14 +204,11 @@ export async function handleSearchMemory(
     // Perform hybrid search with Weaviate v3 API
     const results = await collection.query.hybrid(args.query, searchOptions);
 
-    // Apply offset
-    const paginatedResults = results.objects.slice(offset);
-
     // Separate memories and relationships
     const memories: Partial<Memory>[] = [];
     const relationships: Partial<Relationship>[] = [];
 
-    for (const obj of paginatedResults) {
+    for (const obj of results.objects) {
       const doc: any = {
         id: obj.uuid,
         ...obj.properties,

package/dist/services/trust-enforcement.d.ts

@@ -1,83 +0,0 @@
-/**
- * Trust enforcement service — 3 configurable modes for cross-user memory access.
- *
- * - query mode (default): memories above trust threshold never returned from Weaviate
- * - prompt mode: all memories returned, formatted/redacted by trust level
- * - hybrid mode: query filter for trust 0.0, prompt filter for rest
- *
- * See agent/design/local.ghost-persona-system.md
- */
-import type { Memory } from '../types/memory.js';
-import type { TrustEnforcementMode } from '../types/ghost-config.js';
-/** Trust level thresholds mapping continuous 0-1 values to discrete behavior tiers */
-export declare const TRUST_THRESHOLDS: {
-    readonly FULL_ACCESS: 1;
-    readonly PARTIAL_ACCESS: 0.75;
-    readonly SUMMARY_ONLY: 0.5;
-    readonly METADATA_ONLY: 0.25;
-    readonly EXISTENCE_ONLY: 0;
-};
-/**
- * Build a Weaviate filter that restricts memories by trust score.
- * Only returns memories where trust_score <= accessorTrustLevel.
- *
- * Trust 1.0 memories require accessor trust >= 1.0 to even appear in results.
- * When they do appear, formatMemoryForPrompt caps output to existence-only.
- *
- * @param collection - Weaviate collection instance
- * @param accessorTrustLevel - The accessor's trust level (0-1)
- * @returns Weaviate filter object
- */
-export declare function buildTrustFilter(collection: any, accessorTrustLevel: number): any;
-/**
- * Formatted memory representation for prompt-level enforcement.
- * Content is redacted/formatted based on trust level.
- */
-export interface FormattedMemory {
-    memory_id: string;
-    trust_tier: string;
-    content: string;
-}
-/**
- * Format a memory for inclusion in an LLM prompt, redacted by trust level.
- *
- * Trust tiers:
- * - 1.0  Full Access:    full content, all details
- * - 0.75 Partial Access: content with sensitive fields redacted
- * - 0.5  Summary Only:   title + summary, no content
- * - 0.25 Metadata Only:  type, date, tags — no content or summary
- * - 0.0  Existence Only: "A memory exists about this topic"
- *
- * Trust 1.0 memories are always existence-only for cross-users, regardless of
- * accessor trust level. Use `isSelfAccess = true` to bypass for owner access.
- *
- * @param memory - The memory to format
- * @param accessorTrustLevel - The accessor's trust level (0-1)
- * @param isSelfAccess - True if the accessor is the memory owner (bypasses trust 1.0 cap)
- * @returns Formatted memory for prompt inclusion
- */
-export declare function formatMemoryForPrompt(memory: Memory, accessorTrustLevel: number, isSelfAccess?: boolean): FormattedMemory;
-/**
- * Get a human-readable label for a trust level.
- */
-export declare function getTrustLevelLabel(trust: number): string;
-/**
- * Get LLM instruction text describing what to reveal at a given trust level.
- */
-export declare function getTrustInstructions(trust: number): string;
-/**
- * Redact sensitive fields from a memory for partial access.
- * Returns a copy with location, context, and references cleared.
- */
-export declare function redactSensitiveFields(memory: Memory, _trust: number): Memory;
-/**
- * Check whether an accessor's trust level is sufficient for a memory.
- * Access is granted when accessorTrust >= memoryTrust.
- */
-export declare function isTrustSufficient(memoryTrust: number, accessorTrust: number): boolean;
-/**
- * Determine the enforcement mode to use.
- * Convenience function that returns the mode from GhostConfig or falls back to 'query'.
- */
-export declare function resolveEnforcementMode(mode?: TrustEnforcementMode): TrustEnforcementMode;
-//# sourceMappingURL=trust-enforcement.d.ts.map

package/dist/services/trust-enforcement.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=trust-enforcement.spec.d.ts.map

package/dist/utils/weaviate-filters.d.ts

@@ -1,56 +0,0 @@
-/**
- * Weaviate v3 Filter Builder Utilities
- *
- * Provides helper functions to build Weaviate v3 filters using the fluent API.
- * Replaces old v2 filter format (path/operator/valueText) with v3 collection.filter.byProperty()
- */
-import type { SearchFilters } from '../types/memory.js';
-/**
- * Deleted filter options
- */
-export type DeletedFilter = 'exclude' | 'include' | 'only';
-/**
- * Build filters for searching both memories and relationships
- * Uses OR logic: (doc_type=memory AND memory_filters) OR (doc_type=relationship AND relationship_filters)
- *
- * @param collection - Weaviate collection instance
- * @param filters - Optional search filters
- * @returns Combined filter or undefined if no filters
- */
-export declare function buildCombinedSearchFilters(collection: any, filters?: SearchFilters): any;
-/**
- * Build filters for memory-only search (backward compatibility)
- *
- * @param collection - Weaviate collection instance
- * @param filters - Optional search filters
- * @returns Combined filter or undefined if no filters
- */
-export declare function buildMemoryOnlyFilters(collection: any, filters?: SearchFilters): any;
-/**
- * Build filters specifically for relationship-only search
- *
- * @param collection - Weaviate collection instance
- * @param filters - Optional search filters
- * @returns Combined filter or undefined if no filters
- */
-export declare function buildRelationshipOnlyFilters(collection: any, filters?: SearchFilters): any;
-/**
- * Combine multiple filters with AND logic
- *
- * @param filters - Array of filter objects
- * @returns Combined filter or undefined
- */
-export declare function combineFiltersWithAnd(filters: any[]): any;
-/**
- * Helper to check if a filter result is empty
- */
-export declare function hasFilters(filter: any): boolean;
-/**
- * Build filter for deleted_at field based on deleted_filter parameter
- *
- * @param collection - Weaviate collection instance
- * @param deletedFilter - Filter mode: 'exclude' (default), 'include', or 'only'
- * @returns Filter for deleted_at field, or null if no filter needed
- */
-export declare function buildDeletedFilter(collection: any, deletedFilter?: DeletedFilter): any | null;
-//# sourceMappingURL=weaviate-filters.d.ts.map

package/dist/utils/weaviate-filters.spec.d.ts

@@ -1,8 +0,0 @@
-/**
- * Unit tests for Weaviate v3 filter builders
- *
- * Note: These tests verify filter builder logic, not exact Weaviate filter structure.
- * The actual Filters.and() and Filters.or() methods return Weaviate internal objects.
- */
-export {};
-//# sourceMappingURL=weaviate-filters.spec.d.ts.map

package/src/services/trust-enforcement.spec.ts

@@ -1,309 +0,0 @@
-import {
-  buildTrustFilter,
-  formatMemoryForPrompt,
-  getTrustLevelLabel,
-  getTrustInstructions,
-  redactSensitiveFields,
-  isTrustSufficient,
-  resolveEnforcementMode,
-  TRUST_THRESHOLDS,
-} from './trust-enforcement.js';
-import type { Memory } from '../types/memory.js';
-
-// ─── Test Fixtures ─────────────────────────────────────────────────────────
-
-const mockMemory: Memory = {
-  id: 'mem-1',
-  user_id: 'user-owner',
-  doc_type: 'memory',
-  content: 'My private journal entry about my feelings.',
-  title: 'Journal Entry: Feb 2026',
-  summary: 'Reflections on the month of February.',
-  type: 'journal',
-  weight: 0.5,
-  trust: 0.75,
-  location: {
-    gps: { latitude: 37.7749, longitude: -122.4194, timestamp: '2026-01-01T00:00:00Z' },
-    address: { formatted: '123 Main St, San Francisco, CA' },
-    source: 'gps',
-    confidence: 0.9,
-    is_approximate: false,
-  },
-  context: {
-    timestamp: '2026-02-15T10:00:00Z',
-    source: { type: 'manual' },
-    participants: [{ user_id: 'user-owner', role: 'user' }],
-    environment: { device: 'laptop' },
-    notes: 'Written during morning coffee',
-  },
-  relationships: ['rel-1'],
-  access_count: 5,
-  last_accessed_at: '2026-02-20T08:00:00Z',
-  created_at: '2026-02-15T10:00:00Z',
-  updated_at: '2026-02-20T08:00:00Z',
-  version: 2,
-  tags: ['personal', 'reflection'],
-  references: ['https://private-blog.example.com/entry-1'],
-  base_weight: 0.5,
-};
-
-// Mock Weaviate collection
-function createMockCollection() {
-  const filterResult = { lessThanOrEqual: jest.fn().mockReturnValue('trust_filter') };
-  return {
-    filter: {
-      byProperty: jest.fn().mockReturnValue(filterResult),
-    },
-    _filterResult: filterResult,
-  };
-}
-
-// ─── buildTrustFilter ──────────────────────────────────────────────────────
-
-describe('buildTrustFilter', () => {
-  it('creates a filter for trust_score <= accessorTrustLevel', () => {
-    const collection = createMockCollection();
-    const result = buildTrustFilter(collection, 0.5);
-    expect(collection.filter.byProperty).toHaveBeenCalledWith('trust_score');
-    expect(collection._filterResult.lessThanOrEqual).toHaveBeenCalledWith(0.5);
-    expect(result).toBe('trust_filter');
-  });
-
-  it('works with trust level 0', () => {
-    const collection = createMockCollection();
-    buildTrustFilter(collection, 0);
-    expect(collection._filterResult.lessThanOrEqual).toHaveBeenCalledWith(0);
-  });
-
-  it('works with trust level 1 (includes trust 1.0 memories for acknowledgment)', () => {
-    const collection = createMockCollection();
-    buildTrustFilter(collection, 1.0);
-    expect(collection._filterResult.lessThanOrEqual).toHaveBeenCalledWith(1.0);
-  });
-});
-
-// ─── formatMemoryForPrompt ─────────────────────────────────────────────────
-
-describe('formatMemoryForPrompt', () => {
-  it('returns full content at trust 1.0', () => {
-    const result = formatMemoryForPrompt(mockMemory, 1.0);
-    expect(result.trust_tier).toBe('Full Access');
-    expect(result.content).toContain(mockMemory.content);
-    expect(result.content).toContain(mockMemory.title!);
-    expect(result.content).toContain(mockMemory.summary!);
-    expect(result.content).toContain('personal, reflection');
-    expect(result.content).toContain(mockMemory.created_at);
-    expect(result.memory_id).toBe('mem-1');
-  });
-
-  it('returns redacted content at trust 0.75', () => {
-    const result = formatMemoryForPrompt(mockMemory, 0.75);
-    expect(result.trust_tier).toBe('Partial Access');
-    expect(result.content).toContain(mockMemory.content);
-    expect(result.content).toContain('personal, reflection');
-    // Should not contain full summary (only in full access)
-    expect(result.content).not.toContain(mockMemory.summary!);
-  });
-
-  it('returns summary only at trust 0.5', () => {
-    const result = formatMemoryForPrompt(mockMemory, 0.5);
-    expect(result.trust_tier).toBe('Summary Only');
-    expect(result.content).toContain(mockMemory.title!);
-    expect(result.content).toContain(mockMemory.summary!);
-    expect(result.content).not.toContain(mockMemory.content);
-  });
-
-  it('returns (No summary available) when summary missing at trust 0.5', () => {
-    const noSummary = { ...mockMemory, summary: undefined };
-    const result = formatMemoryForPrompt(noSummary, 0.5);
-    expect(result.content).toContain('(No summary available)');
-  });
-
-  it('returns metadata only at trust 0.25', () => {
-    const result = formatMemoryForPrompt(mockMemory, 0.25);
-    expect(result.trust_tier).toBe('Metadata Only');
-    expect(result.content).toContain('[journal]');
-    expect(result.content).toContain('personal, reflection');
-    expect(result.content).not.toContain(mockMemory.content);
-    expect(result.content).not.toContain(mockMemory.summary!);
-  });
-
-  it('returns existence only at trust 0', () => {
-    const result = formatMemoryForPrompt(mockMemory, 0);
-    expect(result.trust_tier).toBe('Existence Only');
-    expect(result.content).toBe('A memory exists about this topic.');
-    expect(result.content).not.toContain(mockMemory.content);
-    expect(result.content).not.toContain(mockMemory.title!);
-  });
-
-  it('handles memory without title gracefully', () => {
-    const noTitle = { ...mockMemory, title: undefined };
-    const result = formatMemoryForPrompt(noTitle, 1.0);
-    expect(result.content).toContain('Untitled');
-  });
-
-  it('handles memory with empty tags', () => {
-    const noTags = { ...mockMemory, tags: [] };
-    const result = formatMemoryForPrompt(noTags, 1.0);
-    expect(result.content).not.toContain('Tags:');
-  });
-
-  describe('trust 1.0 memories (existence-only for cross-users)', () => {
-    const trust1Memory = { ...mockMemory, trust: 1.0 };
-
-    it('returns existence-only for cross-user even at accessor trust 1.0', () => {
-      const result = formatMemoryForPrompt(trust1Memory, 1.0);
-      expect(result.trust_tier).toBe('Existence Only');
-      expect(result.content).toBe('A memory exists about this topic.');
-    });
-
-    it('returns existence-only for cross-user at any trust level', () => {
-      for (const trust of [0, 0.25, 0.5, 0.75, 1.0]) {
-        const result = formatMemoryForPrompt(trust1Memory, trust);
-        expect(result.trust_tier).toBe('Existence Only');
-        expect(result.content).not.toContain(trust1Memory.content);
-      }
-    });
-
-    it('returns full content for owner (isSelfAccess = true)', () => {
-      const result = formatMemoryForPrompt(trust1Memory, 1.0, true);
-      expect(result.trust_tier).toBe('Full Access');
-      expect(result.content).toContain(trust1Memory.content);
-    });
-
-    it('does not leak title, summary, or tags for cross-user', () => {
-      const result = formatMemoryForPrompt(trust1Memory, 1.0);
-      expect(result.content).not.toContain(trust1Memory.title!);
-      expect(result.content).not.toContain(trust1Memory.summary!);
-      expect(result.content).not.toContain('personal');
-    });
-  });
-});
-
-// ─── getTrustLevelLabel ────────────────────────────────────────────────────
-
-describe('getTrustLevelLabel', () => {
-  it('returns Full Access at 1.0', () => {
-    expect(getTrustLevelLabel(1.0)).toBe('Full Access');
-  });
-
-  it('returns Partial Access at 0.75', () => {
-    expect(getTrustLevelLabel(0.75)).toBe('Partial Access');
-  });
-
-  it('returns Summary Only at 0.5', () => {
-    expect(getTrustLevelLabel(0.5)).toBe('Summary Only');
-  });
-
-  it('returns Metadata Only at 0.25', () => {
-    expect(getTrustLevelLabel(0.25)).toBe('Metadata Only');
-  });
-
-  it('returns Existence Only at 0', () => {
-    expect(getTrustLevelLabel(0)).toBe('Existence Only');
-  });
-
-  it('maps intermediate values to nearest lower threshold', () => {
-    expect(getTrustLevelLabel(0.9)).toBe('Partial Access');
-    expect(getTrustLevelLabel(0.6)).toBe('Summary Only');
-    expect(getTrustLevelLabel(0.3)).toBe('Metadata Only');
-    expect(getTrustLevelLabel(0.1)).toBe('Existence Only');
-  });
-});
-
-// ─── getTrustInstructions ──────────────────────────────────────────────────
-
-describe('getTrustInstructions', () => {
-  it('returns appropriate instructions for each tier', () => {
-    expect(getTrustInstructions(1.0)).toContain('full access');
-    expect(getTrustInstructions(0.75)).toContain('partial access');
-    expect(getTrustInstructions(0.5)).toContain('summary');
-    expect(getTrustInstructions(0.25)).toContain('metadata');
-    expect(getTrustInstructions(0)).toContain('acknowledge');
-  });
-});
-
-// ─── redactSensitiveFields ─────────────────────────────────────────────────
-
-describe('redactSensitiveFields', () => {
-  it('clears GPS and address from location', () => {
-    const redacted = redactSensitiveFields(mockMemory, 0.75);
-    expect(redacted.location.gps).toBeNull();
-    expect(redacted.location.address).toBeNull();
-    expect(redacted.location.source).toBe('unavailable');
-  });
-
-  it('clears context participants and environment', () => {
-    const redacted = redactSensitiveFields(mockMemory, 0.75);
-    expect(redacted.context.participants).toBeUndefined();
-    expect(redacted.context.environment).toBeUndefined();
-    expect(redacted.context.notes).toBeUndefined();
-  });
-
-  it('clears references', () => {
-    const redacted = redactSensitiveFields(mockMemory, 0.75);
-    expect(redacted.references).toBeUndefined();
-  });
-
-  it('preserves content and tags', () => {
-    const redacted = redactSensitiveFields(mockMemory, 0.75);
-    expect(redacted.content).toBe(mockMemory.content);
-    expect(redacted.tags).toEqual(mockMemory.tags);
-    expect(redacted.title).toBe(mockMemory.title);
-  });
-
-  it('preserves core context fields', () => {
-    const redacted = redactSensitiveFields(mockMemory, 0.75);
-    expect(redacted.context.timestamp).toBe(mockMemory.context.timestamp);
-    expect(redacted.context.source).toEqual(mockMemory.context.source);
-  });
-
-  it('does not mutate original memory', () => {
-    const originalLocation = mockMemory.location.gps;
-    redactSensitiveFields(mockMemory, 0.75);
-    expect(mockMemory.location.gps).toBe(originalLocation);
-  });
-});
-
-// ─── isTrustSufficient ─────────────────────────────────────────────────────
-
-describe('isTrustSufficient', () => {
-  it('returns true when accessor trust >= memory trust', () => {
-    expect(isTrustSufficient(0.5, 0.75)).toBe(true);
-    expect(isTrustSufficient(0.5, 0.5)).toBe(true);
-    expect(isTrustSufficient(0, 0)).toBe(true);
-    expect(isTrustSufficient(1.0, 1.0)).toBe(true);
-  });
-
-  it('returns false when accessor trust < memory trust', () => {
-    expect(isTrustSufficient(0.75, 0.5)).toBe(false);
-    expect(isTrustSufficient(1.0, 0.99)).toBe(false);
-    expect(isTrustSufficient(0.25, 0)).toBe(false);
-  });
-});
-
-// ─── resolveEnforcementMode ────────────────────────────────────────────────
-
-describe('resolveEnforcementMode', () => {
-  it('returns the provided mode', () => {
-    expect(resolveEnforcementMode('query')).toBe('query');
-    expect(resolveEnforcementMode('prompt')).toBe('prompt');
-    expect(resolveEnforcementMode('hybrid')).toBe('hybrid');
-  });
-
-  it('defaults to query when undefined', () => {
-    expect(resolveEnforcementMode(undefined)).toBe('query');
-  });
-});
-
-// ─── TRUST_THRESHOLDS ──────────────────────────────────────────────────────
-
-describe('TRUST_THRESHOLDS', () => {
-  it('has correct values', () => {
-    expect(TRUST_THRESHOLDS.FULL_ACCESS).toBe(1.0);
-    expect(TRUST_THRESHOLDS.PARTIAL_ACCESS).toBe(0.75);
-    expect(TRUST_THRESHOLDS.SUMMARY_ONLY).toBe(0.5);
-    expect(TRUST_THRESHOLDS.METADATA_ONLY).toBe(0.25);
-    expect(TRUST_THRESHOLDS.EXISTENCE_ONLY).toBe(0.0);
-  });
-});