@prmichaelsen/remember-mcp 3.20.1 → 4.0.1

package/CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.0.0] - 2026-03-20
+
+### BREAKING CHANGES
+- **Trust removed from create/update**: `trust` parameter removed from `remember_create_memory`, `remember_update_memory`, `remember_create_internal_memory`, `remember_update_internal_memory`. Trust now defaults to SECRET (5) on creation.
+- **Trust scale changed**: All trust references updated from 0-1 float to 1-5 integer scale (1=PUBLIC, 2=INTERNAL, 3=CONFIDENTIAL, 4=RESTRICTED, 5=SECRET).
+
+### Added
+- `remember_request_set_trust_level` tool — two-phase confirmation flow to change a memory's trust level (request → token → confirm)
+- `secret_token` optional parameter on `remember_confirm` and `remember_deny` for ConfirmationGuardService support
+- `set_trust_level` action handler in `remember_confirm` for confirming trust level changes
+- 15 new tests: request-set-trust-level (7), confirm (3), deny (2), trust-validator (3 updated)
+
+### Changed
+- Updated `@prmichaelsen/remember-core` to 1.0.0
+- Trust filter schemas (`trust_min`) updated to integer 1-5 range in search-memory and query-memory
+- Ghost config tool schemas updated to 1-5 integer trust scale
+- Local trust-validator rewritten for 1-5 integer scale
+- 510 total tests (509 passed, 1 skipped)
+
 ## [3.20.0] - 2026-03-14
 
 ### Added

package/agent/milestones/milestone-23-trust-level-protection.md

@@ -0,0 +1,122 @@
+# Milestone 23: Trust Level Protection (Breaking)
+
+**Goal**: Align remember-mcp with remember-core M80 trust level protection — remove direct trust setting, add confirmation-gated trust change flow, update trust scale to integer 1-5
+**Duration**: 1 week
+**Dependencies**: remember-core >= 0.72.0
+**Status**: Not Started
+
+---
+
+## Overview
+
+remember-core M80 removes trust from CreateMemoryInput/UpdateMemoryInput and introduces a two-phase confirmation flow for trust level changes (`requestSetTrustLevel` → token → `confirmSetTrustLevel`). Additionally, the ConfirmationGuardService adds optional HMAC secret token challenge on confirm/deny operations.
+
+This is a **major breaking change** for remember-mcp consumers:
+- `trust` parameter removed from 4 MCP tool schemas (create-memory, update-memory, create-internal-memory, update-internal-memory)
+- Trust defaults to SECRET (5) on creation
+- Trust can only be changed via a new dedicated confirmation flow
+- Trust scale changes from 0-1 float to 1-5 integer
+
+**Version**: 3.x → 4.0.0
+
+---
+
+## Deliverables
+
+### 1. Schema Changes
+- Remove `trust` parameter from create-memory, update-memory, create-internal-memory, update-internal-memory tool schemas
+- Update all tool descriptions referencing trust scale (0-1 → 1-5)
+
+### 2. New MCP Tool
+- `remember_request_set_trust_level` — request a trust level change, returns confirmation token
+- Reuses existing confirm/deny flow for the actual change
+
+### 3. Confirm/Deny Updates
+- `remember_confirm` and `remember_deny` support optional `secret_token` parameter
+- Guard-aware error messages (cooldown, backoff)
+
+### 4. Dependency & Version
+- remember-core bumped to >= 0.72.0
+- remember-mcp version bumped to 4.0.0
+- CHANGELOG updated with breaking change documentation
+
+---
+
+## Success Criteria
+
+- [ ] `trust` parameter absent from create/update tool schemas
+- [ ] `remember_request_set_trust_level` tool registered and functional
+- [ ] `remember_confirm` / `remember_deny` accept optional `secret_token`
+- [ ] All trust scale references updated to 1-5 integer
+- [ ] remember-core >= 0.72.0 installed
+- [ ] All existing tests updated and passing
+- [ ] Version 4.0.0 with CHANGELOG entry
+- [ ] TypeScript compiles without errors
+- [ ] Build successful
+
+---
+
+## Key Files to Create
+
+```
+src/
+├── tools/
+│   └── request-set-trust-level.ts        (new tool)
+│   └── request-set-trust-level.spec.ts   (new tests)
+```
+
+## Key Files to Modify
+
+```
+src/
+├── tools/
+│   ├── create-memory.ts          (remove trust param)
+│   ├── update-memory.ts          (remove trust param)
+│   ├── create-internal-memory.ts (remove trust param)
+│   ├── update-internal-memory.ts (remove trust param)
+│   ├── confirm.ts                (add secret_token)
+│   ├── deny.ts                   (add secret_token)
+│   └── *.spec.ts                 (update tests)
+├── server.ts                     (register new tool)
+├── server-factory.ts             (register new tool)
+├── services/trust-validator.ts   (update to 1-5 scale)
+├── types/memory.ts               (remove trust from interfaces)
+package.json                      (bump versions)
+CHANGELOG.md                      (breaking change entry)
+```
+
+---
+
+## Tasks
+
+1. [Task 525: Remove trust from create/update tools](../tasks/milestone-23-trust-level-protection/task-525-remove-trust-from-create-update.md) — Remove trust parameter from 4 MCP tool schemas and handlers
+2. [Task 526: Add remember_request_set_trust_level tool](../tasks/milestone-23-trust-level-protection/task-526-add-request-set-trust-level-tool.md) — New two-phase trust change MCP tool
+3. [Task 527: Update confirm/deny for secret_token](../tasks/milestone-23-trust-level-protection/task-527-update-confirm-deny-secret-token.md) — Add optional secret_token to confirm/deny tools
+4. [Task 528: Update trust scale references](../tasks/milestone-23-trust-level-protection/task-528-update-trust-scale-references.md) — 0-1 float → 1-5 integer across codebase
+5. [Task 529: Version bump and release](../tasks/milestone-23-trust-level-protection/task-529-version-bump-and-release.md) — Bump remember-core, version 4.0.0, CHANGELOG, tests
+
+---
+
+## Testing Requirements
+
+- [ ] Unit tests for new request-set-trust-level tool
+- [ ] Updated tests for create/update tools (trust param removed)
+- [ ] Updated tests for confirm/deny (secret_token param)
+- [ ] Trust validator tests updated for 1-5 scale
+- [ ] All existing tests passing
+
+---
+
+## Risks and Mitigation
+
+| Risk | Impact | Probability | Mitigation Strategy |
+|------|--------|-------------|---------------------|
+| remember-core 0.72.0 not yet published to npm | High | Low | Check npm registry; if not published, install from local path |
+| Downstream consumers break on trust removal | Medium | High | Major version bump (4.0.0) signals breaking change |
+| ConfirmationGuardService optional — unclear when to wire | Low | Medium | Keep guard optional in remember-mcp, document when to enable |
+
+---
+
+**Next Milestone**: TBD
+**Blockers**: remember-core >= 0.72.0 must be available
+**Notes**: This milestone aligns remember-mcp with remember-core's trust philosophy: trust is a sensitive setting that should require explicit user confirmation to change, not be silently set during memory creation.

package/agent/progress.yaml

@@ -2,11 +2,11 @@
 
 project:
   name: remember-mcp
-  version: 3.19.0
+  version: 4.0.0
   started: 2026-02-11
   status: in_progress
-  current_milestone: M22
-  last_updated: 2026-03-07
+  current_milestone: M23
+  last_updated: 2026-03-20
 
 milestones:
   - id: M1
@@ -419,6 +419,22 @@ milestones:
       See: agent/milestones/milestone-22-admin-debugging-tools.md
       Design: agent/design/local.admin-debugging-tools.md
 
+  - id: M23
+    name: Trust Level Protection (Breaking)
+    status: completed
+    progress: 100%
+    started: 2026-03-20
+    completed: 2026-03-20
+    estimated_weeks: 1
+    tasks_completed: 5
+    tasks_total: 5
+    file: agent/milestones/milestone-23-trust-level-protection.md
+    notes: |
+      Align with remember-core M80 trust level protection.
+      Remove trust from create/update, add requestSetTrustLevel confirmation flow,
+      update trust scale 0-1 → 1-5, secret_token on confirm/deny.
+      Major breaking version: 3.x → 4.0.0.
+
 tasks:
   milestone_1:
     - id: task-1
@@ -2556,3 +2572,80 @@ task_20_completion:
         ✅ detect_weaviate_drift (expected vs actual schema comparison per collection)
         ✅ 10 unit tests, 497 total tests
         ✅ CHANGELOG, README updated
+
+  milestone_23:
+    - id: task-525
+      name: Remove Trust from Create/Update Tools
+      status: completed
+      file: agent/tasks/milestone-23-trust-level-protection/task-525-remove-trust-from-create-update.md
+      estimated_hours: 2-3
+      started: 2026-03-20T10:00:00Z
+      completed_date: 2026-03-20T10:30:00Z
+      actual_hours: 0.5
+      notes: |
+        ✅ Removed trust from create-memory, update-memory, create-internal-memory, update-internal-memory
+        ✅ Updated tool description to reference remember_request_set_trust_level
+        ✅ Updated create-memory.spec.ts (trust no longer in schema)
+        ✅ 502 tests passing
+
+    - id: task-526
+      name: Add remember_request_set_trust_level Tool
+      status: completed
+      file: agent/tasks/milestone-23-trust-level-protection/task-526-add-request-set-trust-level-tool.md
+      estimated_hours: 3-4
+      dependencies: [task-525]
+      started: 2026-03-20T10:30:00Z
+      completed_date: 2026-03-20T11:00:00Z
+      actual_hours: 0.5
+      notes: |
+        ✅ Created request-set-trust-level.ts with tool and handler
+        ✅ Registered in server.ts and server-factory.ts
+        ✅ 7 tests (schema validation, valid request, invalid trust levels)
+        ✅ 510 tests passing
+
+    - id: task-527
+      name: Update Confirm/Deny for Secret Token
+      status: completed
+      file: agent/tasks/milestone-23-trust-level-protection/task-527-update-confirm-deny-secret-token.md
+      estimated_hours: 2-3
+      started: 2026-03-20T10:00:00Z
+      completed_date: 2026-03-20T10:30:00Z
+      actual_hours: 0.5
+      notes: |
+        ✅ Added secret_token to confirm and deny tool schemas
+        ✅ Added set_trust_level action handler in confirm tool
+        ✅ Created confirm.spec.ts (3 tests) and deny.spec.ts (2 tests)
+        ✅ 502 tests passing
+
+    - id: task-528
+      name: Update Trust Scale References
+      status: completed
+      file: agent/tasks/milestone-23-trust-level-protection/task-528-update-trust-scale-references.md
+      estimated_hours: 2-3
+      dependencies: [task-525]
+      started: 2026-03-20T10:30:00Z
+      completed_date: 2026-03-20T11:00:00Z
+      actual_hours: 0.5
+      notes: |
+        ✅ trust-validator.ts rewritten for 1-5 integer scale
+        ✅ trust-validator.spec.ts updated (all tests pass)
+        ✅ search-memory, query-memory trust_min schemas updated
+        ✅ ghost-config tool descriptions and schemas updated to 1-5
+        ✅ types/memory.ts trust comment updated
+        ✅ 510 tests passing
+
+    - id: task-529
+      name: Version Bump and Release
+      status: completed
+      file: agent/tasks/milestone-23-trust-level-protection/task-529-version-bump-and-release.md
+      estimated_hours: 2-3
+      dependencies: [task-525, task-526, task-527, task-528]
+      started: 2026-03-20T11:00:00Z
+      completed_date: 2026-03-20T11:30:00Z
+      actual_hours: 0.5
+      notes: |
+        ✅ remember-core updated to 1.0.0 (has requestSetTrustLevel, confirmSetTrustLevel, secret_token)
+        ✅ Removed all `as any` casts — proper types now
+        ✅ Version bumped to 4.0.0
+        ✅ CHANGELOG.md with breaking change documentation
+        ✅ 510 tests passing

package/agent/tasks/milestone-23-trust-level-protection/task-525-remove-trust-from-create-update.md

@@ -0,0 +1,69 @@
+# Task 525: Remove Trust from Create/Update Tools
+
+**Milestone**: [M23 — Trust Level Protection](../../milestones/milestone-23-trust-level-protection.md)
+**Status**: Not Started
+**Estimated Time**: 2-3 hours
+**Dependencies**: None
+
+---
+
+## Objective
+
+Remove the `trust` parameter from all MCP tool schemas and handler interfaces that currently allow direct trust assignment on memory creation or update. Trust now defaults to SECRET (5) in remember-core and can only be changed via the confirmation flow.
+
+## Context
+
+remember-core M80 removed trust from `CreateMemoryInput` and `UpdateMemoryInput`. The MemoryService now hardcodes `trust_score: TrustLevel.SECRET` (5) on creation. Passing trust to core will either be ignored or error. We must remove it from the MCP layer to avoid confusion.
+
+## Steps
+
+### 1. Update `src/tools/create-memory.ts`
+
+- Remove `trust` from the `inputSchema.properties` object (the JSON schema exposed to MCP clients)
+- Remove `trust` from the `CreateMemoryArgs` interface
+- Remove `trust: args.trust` from the object passed to `memoryService.create()`
+- Update the tool description: remove mention of "trust level (access control 0-1)"
+- Add note in description: "Trust defaults to SECRET (level 5). Use `remember_request_set_trust_level` to change trust after creation."
+
+### 2. Update `src/tools/update-memory.ts`
+
+- Remove `trust` from `inputSchema.properties`
+- Remove `trust` from the `UpdateMemoryArgs` interface
+- Remove `trust: args.trust` from the object passed to `memoryService.update()`
+- Update the tool description: remove mention of trust
+
+### 3. Update `src/tools/create-internal-memory.ts`
+
+- Remove `trust` from `inputSchema.properties`
+- Remove `trust` from the `CreateInternalMemoryArgs` interface
+- Remove `trust: args.trust` from the object passed to `memoryService.create()`
+
+### 4. Update `src/tools/update-internal-memory.ts`
+
+- Remove `trust` from `inputSchema.properties`
+- Remove `trust` from the `UpdateInternalMemoryArgs` interface
+- Remove `trust: args.trust` from the object passed to `memoryService.update()`
+
+### 5. Update `src/types/memory.ts`
+
+- If there's a local `Memory` interface with a `trust` field, keep it (read-only, memories still have trust) but ensure it's typed as `number` (1-5 integer)
+- Remove any local input types that include `trust` for creation/update
+
+### 6. Update Tests
+
+- `src/tools/create-memory.spec.ts` — remove any test cases that pass `trust` to create
+- `src/tools/update-memory.spec.ts` — remove test cases that pass `trust` to update
+- `src/tools/internal-tools.spec.ts` — update if trust is tested there
+- Verify no test regressions
+
+---
+
+## Verification
+
+- [ ] `trust` not present in create-memory tool schema
+- [ ] `trust` not present in update-memory tool schema
+- [ ] `trust` not present in create-internal-memory tool schema
+- [ ] `trust` not present in update-internal-memory tool schema
+- [ ] Tool descriptions updated to reference new trust flow
+- [ ] All tests pass
+- [ ] TypeScript compiles without errors

package/agent/tasks/milestone-23-trust-level-protection/task-526-add-request-set-trust-level-tool.md

@@ -0,0 +1,108 @@
+# Task 526: Add remember_request_set_trust_level Tool
+
+**Milestone**: [M23 — Trust Level Protection](../../milestones/milestone-23-trust-level-protection.md)
+**Status**: Not Started
+**Estimated Time**: 3-4 hours
+**Dependencies**: [Task 525](task-525-remove-trust-from-create-update.md)
+
+---
+
+## Objective
+
+Create a new MCP tool `remember_request_set_trust_level` that initiates a two-phase confirmation flow for changing a memory's trust level. This replaces the removed direct trust setting on create/update.
+
+## Context
+
+remember-core M80 added `MemoryService.requestSetTrustLevel()` and `MemoryService.confirmSetTrustLevel()`. The request phase creates a confirmation token; the confirm phase (via existing `remember_confirm`) applies the trust change.
+
+**API from remember-core:**
+```typescript
+// Phase 1: Request
+interface SetTrustLevelInput {
+  memory_id: string;
+  trust_level: number; // 1-5 integer (TrustLevel enum)
+}
+interface SetTrustLevelRequestResult {
+  token: string;
+  memory_id: string;
+  requested_trust_level: number;
+  current_trust_level: number;
+  expires_at: string;
+}
+
+// Phase 2: Confirm (via existing MemoryService.confirmSetTrustLevel(token))
+interface SetTrustLevelConfirmResult {
+  memory_id: string;
+  previous_trust_level: number;
+  new_trust_level: number;
+  updated_at: string;
+  version: number;
+}
+```
+
+## Steps
+
+### 1. Create `src/tools/request-set-trust-level.ts`
+
+**Tool schema:**
+```typescript
+{
+  name: 'remember_request_set_trust_level',
+  description: `Request a trust level change for a memory. Returns a confirmation token.
+
+Trust levels (1-5):
+  1 = PUBLIC — anyone can see
+  2 = INTERNAL — friends/known users
+  3 = CONFIDENTIAL — trusted friends
+  4 = RESTRICTED — close/intimate contacts
+  5 = SECRET — owner only (default for new memories)
+
+After requesting, use remember_confirm with the returned token to apply the change.
+Lowering trust (e.g. 5→1) makes the memory MORE visible. Raising trust makes it LESS visible.`,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      memory_id: { type: 'string', description: 'ID of the memory to change trust level for' },
+      trust_level: { type: 'integer', description: 'New trust level (1-5)', minimum: 1, maximum: 5 },
+    },
+    required: ['memory_id', 'trust_level'],
+  },
+}
+```
+
+**Handler:**
+- Call `memoryService.requestSetTrustLevel({ memory_id, trust_level })`
+- Return the `SetTrustLevelRequestResult` as JSON
+- Include user-friendly message: "Trust level change requested. Current: {current}, Requested: {requested}. Confirm with token: {token}"
+
+### 2. Register Tool in `src/server.ts` and `src/server-factory.ts`
+
+- Import the handler
+- Add to tool list and tool call handler switch
+
+### 3. Handle Confirmation in Existing Flow
+
+The `remember_confirm` tool already handles confirmation tokens. When the confirmed request has `action: 'set_trust_level'`, the core service calls `confirmSetTrustLevel(token)` internally. Verify this works end-to-end:
+
+- Check if SpaceService.confirm() or MemoryService handles this action type
+- If the existing confirm flow doesn't route to `confirmSetTrustLevel`, we need to add routing logic in the confirm handler
+
+### 4. Create Tests `src/tools/request-set-trust-level.spec.ts`
+
+Test cases:
+- Successful trust level change request (returns token)
+- Invalid trust level (0, 6, 1.5) returns error
+- Missing memory_id returns error
+- Missing trust_level returns error
+- Mock memoryService.requestSetTrustLevel behavior
+
+---
+
+## Verification
+
+- [ ] `remember_request_set_trust_level` tool registered and visible in tool list
+- [ ] Returns confirmation token on valid request
+- [ ] Rejects invalid trust levels
+- [ ] Confirmation via `remember_confirm` applies the trust change
+- [ ] Tests passing
+- [ ] TypeScript compiles without errors

package/agent/tasks/milestone-23-trust-level-protection/task-527-update-confirm-deny-secret-token.md

@@ -0,0 +1,60 @@
+# Task 527: Update Confirm/Deny for Secret Token
+
+**Milestone**: [M23 — Trust Level Protection](../../milestones/milestone-23-trust-level-protection.md)
+**Status**: Not Started
+**Estimated Time**: 2-3 hours
+**Dependencies**: None
+
+---
+
+## Objective
+
+Add optional `secret_token` parameter to `remember_confirm` and `remember_deny` MCP tools to support the ConfirmationGuardService's HMAC challenge when enabled.
+
+## Context
+
+remember-core 0.72.0 adds `ConfirmationGuardService` — a two-layer protection preventing agents from auto-confirming sensitive operations. When enabled:
+
+1. `ConfirmInput` and `DenyInput` accept optional `secret_token`
+2. If guard is configured on SpaceService, `secret_token` is required
+3. Invalid secret triggers exponential backoff (cooldown)
+4. After 5 failures, token is permanently expired
+
+The guard is optional — when not configured, confirm/deny work as before. The MCP tools should accept `secret_token` but not require it.
+
+## Steps
+
+### 1. Update `src/tools/confirm.ts`
+
+- Add `secret_token` to inputSchema properties:
+  ```typescript
+  secret_token: {
+    type: 'string',
+    description: 'HMAC secret token for guard-protected operations. Required when confirmation guard is enabled.',
+  }
+  ```
+- Pass `secret_token` to `spaceService.confirm({ token, secret_token })`
+- Update tool description to mention secret_token is optional and only needed when guard is enabled
+- Handle guard-specific errors: cooldown messages, backoff info, max attempts exceeded
+
+### 2. Update `src/tools/deny.ts`
+
+- Same changes as confirm: add `secret_token` to schema and pass through
+- Pass `secret_token` to `spaceService.deny({ token, secret_token })`
+
+### 3. Update Tests
+
+- `src/tools/confirm.spec.ts` — add test for passing secret_token through
+- `src/tools/deny.spec.ts` — add test for passing secret_token through
+- Test that missing secret_token still works (guard not configured scenario)
+
+---
+
+## Verification
+
+- [ ] `remember_confirm` accepts optional `secret_token` parameter
+- [ ] `remember_deny` accepts optional `secret_token` parameter
+- [ ] secret_token passed through to core service calls
+- [ ] Existing confirm/deny behavior unchanged when secret_token not provided
+- [ ] Tests passing
+- [ ] TypeScript compiles without errors

package/agent/tasks/milestone-23-trust-level-protection/task-528-update-trust-scale-references.md

@@ -0,0 +1,73 @@
+# Task 528: Update Trust Scale References
+
+**Milestone**: [M23 — Trust Level Protection](../../milestones/milestone-23-trust-level-protection.md)
+**Status**: Not Started
+**Estimated Time**: 2-3 hours
+**Dependencies**: [Task 525](task-525-remove-trust-from-create-update.md)
+
+---
+
+## Objective
+
+Update all references to the trust scale from the legacy 0-1 float to the new 1-5 integer scale across tool descriptions, validators, types, and tests.
+
+## Context
+
+remember-core migrated trust from a 0-1 float to a 1-5 integer enum:
+- 1 = PUBLIC
+- 2 = INTERNAL
+- 3 = CONFIDENTIAL
+- 4 = RESTRICTED
+- 5 = SECRET
+
+The old scale (0 = no trust, 1 = full trust) is inverted from the new scale (1 = most visible, 5 = most restricted). All MCP tool descriptions, local validators, and types must be updated.
+
+## Steps
+
+### 1. Update Tool Descriptions
+
+Search all `src/tools/*.ts` for trust references in tool descriptions. Key files:
+- `search-memory.ts` — trust filter descriptions
+- `query-memory.ts` — trust filter descriptions
+- `search-by.ts` — trust filter
+- `search-internal-memory-by.ts` — trust filter
+- `search-space-by.ts` — trust references
+- `get-core.ts` — trust in output descriptions
+- `ghost-config.ts` — trust level descriptions
+- `set-preference.ts` — trust-related preferences
+
+Update descriptions from "0-1" to "1-5 integer" with the level names.
+
+### 2. Update `src/services/trust-validator.ts`
+
+This local file may still reference the 0-1 scale. Check if it's still used or if remember-core's `validateTrustAssignment` / `suggestTrustLevel` have replaced it. If local, update to 1-5 scale. If duplicated from core, remove and import from core.
+
+### 3. Update `src/services/trust-validator.spec.ts`
+
+Update test expectations to match 1-5 scale.
+
+### 4. Update `src/types/memory.ts`
+
+- Update any `trust` field type annotations or comments from "0-1" to "1-5 integer"
+- If there are local TrustLevel constants, replace with imports from remember-core
+
+### 5. Update Search Filter Schemas
+
+Any tool that accepts `min_trust` or `max_trust` filters:
+- Update `minimum`/`maximum` from 0/1 to 1/5
+- Update descriptions to reference integer scale
+
+### 6. Update Tests
+
+- Update any test assertions that use 0-1 trust values to use 1-5
+- Update test data generators if they produce trust values
+
+---
+
+## Verification
+
+- [ ] No references to "0-1" trust scale in tool descriptions
+- [ ] All trust filter schemas use minimum: 1, maximum: 5
+- [ ] Trust validator uses 1-5 scale
+- [ ] All tests pass with updated trust values
+- [ ] TypeScript compiles without errors

package/agent/tasks/milestone-23-trust-level-protection/task-529-version-bump-and-release.md

@@ -0,0 +1,87 @@
+# Task 529: Version Bump and Release
+
+**Milestone**: [M23 — Trust Level Protection](../../milestones/milestone-23-trust-level-protection.md)
+**Status**: Not Started
+**Estimated Time**: 2-3 hours
+**Dependencies**: [Task 525](task-525-remove-trust-from-create-update.md), [Task 526](task-526-add-request-set-trust-level-tool.md), [Task 527](task-527-update-confirm-deny-secret-token.md), [Task 528](task-528-update-trust-scale-references.md)
+
+---
+
+## Objective
+
+Update remember-core dependency to >= 0.72.0, bump remember-mcp to 4.0.0 (major breaking), update CHANGELOG, ensure all tests pass.
+
+## Context
+
+This is a major version bump because:
+- `trust` parameter removed from create/update tools (breaking for any consumer passing trust)
+- Trust scale changed from 0-1 to 1-5 (breaking for any consumer interpreting trust values)
+- New tool added (non-breaking but part of the release)
+
+## Steps
+
+### 1. Update remember-core Dependency
+
+```bash
+npm i @prmichaelsen/remember-core@latest
+```
+
+Verify the installed version is >= 0.72.0.
+
+### 2. Version Bump
+
+Update `package.json` version from current to `4.0.0`.
+
+### 3. Update CHANGELOG.md
+
+Add entry:
+
+```markdown
+## [4.0.0] - 2026-03-20
+
+### BREAKING CHANGES
+- **Trust removed from create/update**: `trust` parameter removed from `remember_create_memory`, `remember_update_memory`, `remember_create_internal_memory`, `remember_update_internal_memory`. Trust now defaults to SECRET (5) on creation.
+- **Trust scale changed**: All trust references updated from 0-1 float to 1-5 integer scale (1=PUBLIC, 2=INTERNAL, 3=CONFIDENTIAL, 4=RESTRICTED, 5=SECRET).
+
+### Added
+- `remember_request_set_trust_level` tool — two-phase confirmation flow to change a memory's trust level
+- `secret_token` optional parameter on `remember_confirm` and `remember_deny` for ConfirmationGuardService support
+
+### Changed
+- Updated `@prmichaelsen/remember-core` to >= 0.72.0
+- Trust filter schemas updated to integer 1-5 range
+```
+
+### 4. Update README.md
+
+- Update tool count if changed
+- Update tool listing to include `remember_request_set_trust_level`
+- Update any trust-related documentation
+
+### 5. Run Full Test Suite
+
+```bash
+npm test
+```
+
+Fix any remaining test failures.
+
+### 6. Build Verification
+
+```bash
+npm run build
+```
+
+Ensure clean build with no TypeScript errors.
+
+---
+
+## Verification
+
+- [ ] remember-core >= 0.72.0 installed
+- [ ] package.json version is 4.0.0
+- [ ] CHANGELOG.md has 4.0.0 entry with breaking changes documented
+- [ ] README.md updated
+- [ ] All tests pass
+- [ ] Build succeeds
+- [ ] TypeScript compiles without errors