@prmichaelsen/remember-mcp 3.19.3 → 4.0.0

package/src/tools/request-set-trust-level.spec.ts

@@ -0,0 +1,87 @@
+import { requestSetTrustLevelTool, handleRequestSetTrustLevel } from './request-set-trust-level.js';
+
+// Mock core services
+jest.mock('../core-services.js', () => ({
+  createCoreServices: jest.fn(() => ({
+    memory: {
+      requestSetTrustLevel: jest.fn().mockResolvedValue({
+        token: 'test-token-123',
+        memory_id: 'mem-456',
+        current_trust_level: 5,
+        requested_trust_level: 2,
+        expires_at: '2026-03-20T10:05:00Z',
+      }),
+    },
+  })),
+}));
+
+jest.mock('../utils/debug.js', () => ({
+  createDebugLogger: () => ({
+    info: jest.fn(),
+    trace: jest.fn(),
+    error: jest.fn(),
+    debug: jest.fn(),
+  }),
+}));
+
+describe('remember_request_set_trust_level', () => {
+  describe('tool definition', () => {
+    it('should have correct name', () => {
+      expect(requestSetTrustLevelTool.name).toBe('remember_request_set_trust_level');
+    });
+
+    it('should require memory_id and trust_level', () => {
+      expect(requestSetTrustLevelTool.inputSchema.required).toEqual(['memory_id', 'trust_level']);
+    });
+
+    it('should constrain trust_level to 1-5 integer', () => {
+      const trustProp = requestSetTrustLevelTool.inputSchema.properties.trust_level;
+      expect(trustProp.type).toBe('integer');
+      expect(trustProp.minimum).toBe(1);
+      expect(trustProp.maximum).toBe(5);
+    });
+  });
+
+  describe('handleRequestSetTrustLevel', () => {
+    it('should return token on valid request', async () => {
+      const result = await handleRequestSetTrustLevel(
+        { memory_id: 'mem-456', trust_level: 2 },
+        'user-123'
+      );
+      const parsed = JSON.parse(result!);
+      expect(parsed.token).toBe('test-token-123');
+      expect(parsed.memory_id).toBe('mem-456');
+      expect(parsed.current_trust_level).toBe(5);
+      expect(parsed.requested_trust_level).toBe(2);
+      expect(parsed.current_trust_name).toBe('SECRET');
+      expect(parsed.requested_trust_name).toBe('INTERNAL');
+    });
+
+    it('should reject non-integer trust level', async () => {
+      const result = await handleRequestSetTrustLevel(
+        { memory_id: 'mem-456', trust_level: 1.5 },
+        'user-123'
+      );
+      const parsed = JSON.parse(result!);
+      expect(parsed.error).toBe('Invalid trust level');
+    });
+
+    it('should reject trust level 0', async () => {
+      const result = await handleRequestSetTrustLevel(
+        { memory_id: 'mem-456', trust_level: 0 },
+        'user-123'
+      );
+      const parsed = JSON.parse(result!);
+      expect(parsed.error).toBe('Invalid trust level');
+    });
+
+    it('should reject trust level 6', async () => {
+      const result = await handleRequestSetTrustLevel(
+        { memory_id: 'mem-456', trust_level: 6 },
+        'user-123'
+      );
+      const parsed = JSON.parse(result!);
+      expect(parsed.error).toBe('Invalid trust level');
+    });
+  });
+});

package/src/tools/request-set-trust-level.ts

@@ -0,0 +1,107 @@
+/**
+ * remember_request_set_trust_level tool
+ * Requests a trust level change for a memory via confirmation flow.
+ */
+
+import { handleToolError } from '../utils/error-handler.js';
+import { createDebugLogger } from '../utils/debug.js';
+import type { AuthContext } from '../types/auth.js';
+import { createCoreServices } from '../core-services.js';
+
+export const requestSetTrustLevelTool = {
+  name: 'remember_request_set_trust_level',
+  description: `Request a trust level change for a memory. Returns a confirmation token.
+
+Trust levels (1-5 integer scale):
+  1 = PUBLIC — anyone can see
+  2 = INTERNAL — friends/known users
+  3 = CONFIDENTIAL — trusted friends
+  4 = RESTRICTED — close/intimate contacts
+  5 = SECRET — owner only (default for new memories)
+
+After requesting, use remember_confirm with the returned token to apply the change.
+Lowering trust (e.g. 5→1) makes the memory MORE visible. Raising trust makes it LESS visible.
+
+This is the ONLY way to change a memory's trust level. Trust cannot be set during creation or update.`,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      memory_id: {
+        type: 'string',
+        description: 'ID of the memory to change trust level for',
+      },
+      trust_level: {
+        type: 'integer',
+        description: 'New trust level (1-5)',
+        minimum: 1,
+        maximum: 5,
+      },
+    },
+    required: ['memory_id', 'trust_level'],
+  },
+};
+
+interface RequestSetTrustLevelArgs {
+  memory_id: string;
+  trust_level: number;
+}
+
+export async function handleRequestSetTrustLevel(
+  args: RequestSetTrustLevelArgs,
+  userId: string,
+  authContext?: AuthContext
+): Promise<string> {
+  const debug = createDebugLogger({
+    tool: 'remember_request_set_trust_level',
+    userId,
+    operation: 'request set trust level',
+  });
+
+  try {
+    debug.info('Tool invoked');
+    debug.trace('Arguments', { args });
+
+    // Validate trust level is integer 1-5
+    if (!Number.isInteger(args.trust_level) || args.trust_level < 1 || args.trust_level > 5) {
+      return JSON.stringify({
+        error: 'Invalid trust level',
+        message: 'Trust level must be an integer from 1 (PUBLIC) to 5 (SECRET).',
+      }, null, 2);
+    }
+
+    const { memory } = createCoreServices(userId);
+
+    const result = await memory.requestSetTrustLevel({
+      memory_id: args.memory_id,
+      trust_level: args.trust_level,
+    });
+
+    const TRUST_NAMES: Record<number, string> = {
+      1: 'PUBLIC',
+      2: 'INTERNAL',
+      3: 'CONFIDENTIAL',
+      4: 'RESTRICTED',
+      5: 'SECRET',
+    };
+
+    return JSON.stringify({
+      token: result.token,
+      memory_id: result.memory_id,
+      current_trust_level: result.current_trust_level,
+      requested_trust_level: result.requested_trust_level,
+      current_trust_name: TRUST_NAMES[result.current_trust_level] || 'UNKNOWN',
+      requested_trust_name: TRUST_NAMES[result.requested_trust_level] || 'UNKNOWN',
+      expires_at: result.expires_at,
+      message: `Trust level change requested: ${TRUST_NAMES[result.current_trust_level] || result.current_trust_level} (${result.current_trust_level}) → ${TRUST_NAMES[result.requested_trust_level] || result.requested_trust_level} (${result.requested_trust_level}). Confirm with token to apply.`,
+    }, null, 2);
+  } catch (error) {
+    debug.error('Tool failed', { error: error instanceof Error ? error.message : String(error) });
+    handleToolError(error, {
+      toolName: 'remember_request_set_trust_level',
+      operation: 'request set trust level',
+      userId,
+      memoryId: args.memory_id,
+    });
+    return JSON.stringify({ error: 'Unexpected error' });
+  }
+}

package/src/tools/search-memory.ts

@@ -101,8 +101,10 @@ export const searchMemoryTool = {
             description: 'Minimum weight (0-1)',
           },
           trust_min: {
-            type: 'number',
-            description: 'Minimum trust level (0-1)',
+            type: 'integer',
+            description: 'Minimum trust level (1-5: 1=PUBLIC, 2=INTERNAL, 3=CONFIDENTIAL, 4=RESTRICTED, 5=SECRET)',
+            minimum: 1,
+            maximum: 5,
           },
           date_from: {
             type: 'string',

package/src/tools/update-internal-memory.ts

@@ -21,7 +21,6 @@ export const updateInternalMemoryTool = {
       title: { type: 'string' },
       tags: { type: 'array', items: { type: 'string' } },
       weight: { type: 'number', minimum: 0, maximum: 1 },
-      trust: { type: 'number', minimum: 0, maximum: 1 },
     },
     required: ['memory_id'],
   },
@@ -33,7 +32,6 @@ export interface UpdateInternalMemoryArgs {
   title?: string;
   tags?: string[];
   weight?: number;
-  trust?: number;
 }
 
 export async function handleUpdateInternalMemory(
@@ -70,7 +68,6 @@ export async function handleUpdateInternalMemory(
       title: args.title,
       tags: args.tags,
       weight: args.weight,
-      trust: args.trust,
     });
 
     return JSON.stringify({

package/src/tools/update-memory.ts

@@ -50,12 +50,6 @@ export const updateMemoryTool = {
         minimum: 0,
         maximum: 1,
       },
-      trust: {
-        type: 'number',
-        description: 'Updated access control level (0-1)',
-        minimum: 0,
-        maximum: 1,
-      },
       tags: {
         type: 'array',
         items: { type: 'string' },
@@ -138,7 +132,6 @@ export interface UpdateMemoryArgs {
   title?: string;
   type?: string;
   weight?: number;
-  trust?: number;
   tags?: string[];
   references?: string[];
   structured_content?: Record<string, any>;
@@ -190,7 +183,6 @@ export async function handleUpdateMemory(
       title: args.title,
       type: args.type,
       weight: args.weight,
-      trust: args.trust,
       tags: args.tags,
       references: args.references,
       parent_id: args.parent_id,

package/src/types/memory.ts

@@ -159,7 +159,7 @@ export interface Memory {
 
   // Significance & Trust
   weight: number; // 0-1, significance/priority
-  trust: number; // 0-1, access control level
+  trust: number; // 1-5 integer, access control level (1=PUBLIC, 5=SECRET)
   confidence?: number; // 0-1, system confidence in accuracy
 
   // Location (from platform)

package/src/utils/admin.spec.ts

@@ -0,0 +1,70 @@
+import { isAdmin, adminPermissionError } from './admin.js';
+
+describe('isAdmin', () => {
+  const originalEnv = process.env.ADMIN_USER_IDS;
+
+  afterEach(() => {
+    if (originalEnv !== undefined) {
+      process.env.ADMIN_USER_IDS = originalEnv;
+    } else {
+      delete process.env.ADMIN_USER_IDS;
+    }
+  });
+
+  it('returns true when userId matches a single admin ID', () => {
+    process.env.ADMIN_USER_IDS = 'user123';
+    expect(isAdmin('user123')).toBe(true);
+  });
+
+  it('returns false when userId does not match', () => {
+    process.env.ADMIN_USER_IDS = 'user123';
+    expect(isAdmin('other_user')).toBe(false);
+  });
+
+  it('returns true when userId matches one of multiple admin IDs', () => {
+    process.env.ADMIN_USER_IDS = 'user1,user2,user3';
+    expect(isAdmin('user2')).toBe(true);
+  });
+
+  it('returns false when ADMIN_USER_IDS is empty string', () => {
+    process.env.ADMIN_USER_IDS = '';
+    expect(isAdmin('user123')).toBe(false);
+  });
+
+  it('returns false when ADMIN_USER_IDS is undefined', () => {
+    delete process.env.ADMIN_USER_IDS;
+    expect(isAdmin('user123')).toBe(false);
+  });
+
+  it('trims whitespace around IDs', () => {
+    process.env.ADMIN_USER_IDS = '  user1 , user2 , user3  ';
+    expect(isAdmin('user2')).toBe(true);
+  });
+
+  it('filters out empty entries from trailing commas', () => {
+    process.env.ADMIN_USER_IDS = 'user1,,user2,';
+    expect(isAdmin('user1')).toBe(true);
+    expect(isAdmin('user2')).toBe(true);
+    expect(isAdmin('')).toBe(false);
+  });
+
+  it('re-reads env var on each call (not cached)', () => {
+    process.env.ADMIN_USER_IDS = 'user1';
+    expect(isAdmin('user1')).toBe(true);
+    expect(isAdmin('user2')).toBe(false);
+
+    process.env.ADMIN_USER_IDS = 'user2';
+    expect(isAdmin('user1')).toBe(false);
+    expect(isAdmin('user2')).toBe(true);
+  });
+});
+
+describe('adminPermissionError', () => {
+  it('returns correct error structure', () => {
+    const result = adminPermissionError();
+    expect(result).toEqual({
+      content: [{ type: 'text', text: 'Permission denied: admin access required' }],
+      isError: true,
+    });
+  });
+});

package/src/utils/admin.ts

@@ -0,0 +1,27 @@
+/**
+ * Admin gate utilities
+ * Checks if a userId is in the ADMIN_USER_IDS env var.
+ * Re-reads env on each call (not cached) for hot-reload support.
+ */
+
+/**
+ * Check if a userId is an admin.
+ * Reads ADMIN_USER_IDS env var on each call.
+ */
+export function isAdmin(userId: string): boolean {
+  const adminIds = (process.env.ADMIN_USER_IDS || '')
+    .split(',')
+    .map(id => id.trim())
+    .filter(Boolean);
+  return adminIds.includes(userId);
+}
+
+/**
+ * Standard permission error response for non-admin users.
+ */
+export function adminPermissionError() {
+  return {
+    content: [{ type: 'text' as const, text: 'Permission denied: admin access required' }],
+    isError: true,
+  };
+}