@prmichaelsen/remember-mcp 4.0.2 → 4.1.0

package/src/tools/request-set-trust-level.ts

@@ -3,10 +3,12 @@
  * Requests a trust level change for a memory via confirmation flow.
  */
 
+import type { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { handleToolError } from '../utils/error-handler.js';
 import { createDebugLogger } from '../utils/debug.js';
 import type { AuthContext } from '../types/auth.js';
 import { createCoreServices } from '../core-services.js';
+import { elicitConfirmation } from '../utils/elicitation.js';
 
 export const requestSetTrustLevelTool = {
   name: 'remember_request_set_trust_level',
@@ -49,7 +51,8 @@ interface RequestSetTrustLevelArgs {
 export async function handleRequestSetTrustLevel(
   args: RequestSetTrustLevelArgs,
   userId: string,
-  authContext?: AuthContext
+  authContext?: AuthContext,
+  server?: Server
 ): Promise<string> {
   const debug = createDebugLogger({
     tool: 'remember_request_set_trust_level',
@@ -84,6 +87,34 @@ export async function handleRequestSetTrustLevel(
       5: 'SECRET',
     };
 
+    const currentName = TRUST_NAMES[result.current_trust_level] || 'UNKNOWN';
+    const requestedName = TRUST_NAMES[result.requested_trust_level] || 'UNKNOWN';
+
+    const confirmation = await elicitConfirmation({
+      server,
+      message: `Change trust level for memory "${args.memory_id}" from ${currentName} (${result.current_trust_level}) to ${requestedName} (${result.requested_trust_level})?`,
+    });
+
+    if (confirmation.type === 'confirmed') {
+      const confirmResult = await memory.confirmSetTrustLevel(result.token);
+      return JSON.stringify({
+        success: true,
+        memory_id: confirmResult.memory_id,
+        previous_trust_level: confirmResult.previous_trust_level,
+        new_trust_level: confirmResult.new_trust_level,
+        updated_at: confirmResult.updated_at,
+        message: `Trust level changed from ${TRUST_NAMES[confirmResult.previous_trust_level] || confirmResult.previous_trust_level} to ${TRUST_NAMES[confirmResult.new_trust_level] || confirmResult.new_trust_level}`,
+      }, null, 2);
+    }
+
+    if (confirmation.type === 'declined') {
+      return JSON.stringify({
+        success: false,
+        message: 'Trust level change cancelled by user.',
+      }, null, 2);
+    }
+
+    // Fallback: return token for legacy confirm/deny flow
     return JSON.stringify({
       token: result.token,
       request_id: result.request_id,
@@ -91,10 +122,10 @@ export async function handleRequestSetTrustLevel(
       memory_id: result.memory_id,
       current_trust_level: result.current_trust_level,
       requested_trust_level: result.requested_trust_level,
-      current_trust_name: TRUST_NAMES[result.current_trust_level] || 'UNKNOWN',
-      requested_trust_name: TRUST_NAMES[result.requested_trust_level] || 'UNKNOWN',
+      current_trust_name: currentName,
+      requested_trust_name: requestedName,
       expires_at: result.expires_at,
-      message: `Trust level change requested: ${TRUST_NAMES[result.current_trust_level] || result.current_trust_level} (${result.current_trust_level}) → ${TRUST_NAMES[result.requested_trust_level] || result.requested_trust_level} (${result.requested_trust_level}). Confirm with token to apply.`,
+      message: `Trust level change requested: ${currentName} (${result.current_trust_level}) → ${requestedName} (${result.requested_trust_level}). Confirm with token to apply.`,
     }, null, 2);
   } catch (error) {
     debug.error('Tool failed', { error: error instanceof Error ? error.message : String(error) });

package/src/tools/retract.ts

@@ -12,10 +12,12 @@
  */
 
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { handleToolError } from '../utils/error-handler.js';
 import { createDebugLogger } from '../utils/debug.js';
 import type { AuthContext } from '../types/auth.js';
 import { createCoreServices } from '../core-services.js';
+import { elicitConfirmation } from '../utils/elicitation.js';
 
 /**
  * Tool definition for remember_retract
@@ -69,7 +71,8 @@ interface RetractArgs {
 export async function handleRetract(
   args: RetractArgs,
   userId: string,
-  authContext?: AuthContext
+  authContext?: AuthContext,
+  server?: Server
 ): Promise<string> {
   const debug = createDebugLogger({
     tool: 'remember_retract',
@@ -88,6 +91,39 @@ export async function handleRetract(
       groups: args.groups,
     });
 
+    const destinations = [...(args.spaces || []), ...(args.groups || [])].join(', ');
+    const confirmation = await elicitConfirmation({
+      server,
+      message: `Retract memory "${args.memory_id}" from ${destinations || 'all destinations'}?`,
+    });
+
+    if (confirmation.type === 'confirmed') {
+      const confirmResult = await space.confirm({ token: result.token });
+      return JSON.stringify(
+        {
+          success: confirmResult.success,
+          composite_id: confirmResult.composite_id,
+          retracted_from: confirmResult.retracted_from,
+          failed: confirmResult.failed?.length ? confirmResult.failed : undefined,
+          space_ids: confirmResult.space_ids,
+          group_ids: confirmResult.group_ids,
+          is_orphaned: (confirmResult.space_ids?.length === 0) && (confirmResult.group_ids?.length === 0),
+        },
+        null,
+        2
+      );
+    }
+
+    if (confirmation.type === 'declined') {
+      await space.deny({ token: result.token });
+      return JSON.stringify(
+        { success: false, message: 'Retraction cancelled by user.' },
+        null,
+        2
+      );
+    }
+
+    // Fallback: return token for legacy confirm/deny flow
     return JSON.stringify(
       {
         success: true,

package/src/tools/revise.ts

@@ -9,10 +9,12 @@
  */
 
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { handleToolError } from '../utils/error-handler.js';
 import { createDebugLogger } from '../utils/debug.js';
 import type { AuthContext } from '../types/auth.js';
 import { createCoreServices } from '../core-services.js';
+import { elicitConfirmation } from '../utils/elicitation.js';
 
 /** Maximum number of revision history entries to retain */
 const MAX_REVISION_HISTORY = 10;
@@ -108,7 +110,8 @@ export function buildRevisionHistory(
 export async function handleRevise(
   args: ReviseArgs,
   userId: string,
-  authContext?: AuthContext
+  authContext?: AuthContext,
+  server?: Server
 ): Promise<string> {
   const debug = createDebugLogger({
     tool: 'remember_revise',
@@ -125,6 +128,41 @@ export async function handleRevise(
       memory_id: args.memory_id,
     });
 
+    const confirmation = await elicitConfirmation({
+      server,
+      message: `Revise all published copies of memory "${args.memory_id}"?`,
+    });
+
+    if (confirmation.type === 'confirmed') {
+      const confirmResult = await space.confirm({ token: result.token });
+      const results = confirmResult.results || [];
+      const successCount = results.filter((r: any) => r.status === 'success').length;
+      const failedCount = results.filter((r: any) => r.status === 'failed').length;
+      const skippedCount = results.filter((r: any) => r.status === 'skipped').length;
+      return JSON.stringify(
+        {
+          success: confirmResult.success,
+          composite_id: confirmResult.composite_id,
+          revised_at: confirmResult.revised_at,
+          summary: { total: results.length, success: successCount, failed: failedCount, skipped: skippedCount },
+          results,
+          ...(failedCount > 0 ? { warnings: [`Failed to revise ${failedCount} of ${results.length} location(s)`] } : {}),
+        },
+        null,
+        2
+      );
+    }
+
+    if (confirmation.type === 'declined') {
+      await space.deny({ token: result.token });
+      return JSON.stringify(
+        { success: false, message: 'Revision cancelled by user.' },
+        null,
+        2
+      );
+    }
+
+    // Fallback: return token for legacy confirm/deny flow
     return JSON.stringify(
       {
         success: true,

package/src/utils/elicitation.ts

@@ -0,0 +1,53 @@
+/**
+ * MCP Elicitation helper for confirmation flows.
+ *
+ * Checks if the connected client supports elicitation, issues a
+ * confirmation-only prompt via server.elicitInput(), and returns a
+ * discriminated result.  Falls back gracefully when the client (or
+ * server reference) doesn't support elicitation.
+ */
+
+import type { Server } from '@modelcontextprotocol/sdk/server/index.js';
+
+export interface ElicitConfirmParams {
+  server?: Server;
+  message: string;
+}
+
+export type ElicitConfirmResult =
+  | { type: 'confirmed' }
+  | { type: 'declined'; reason: string }
+  | { type: 'unsupported' };
+
+/**
+ * Ask the user for confirmation via MCP elicitation.
+ *
+ * - Returns `{ type: 'confirmed' }` when the user accepts.
+ * - Returns `{ type: 'declined', reason }` when the user declines or cancels.
+ * - Returns `{ type: 'unsupported' }` when elicitation is unavailable
+ *   (no server, client lacks capability, or elicitation throws).
+ */
+export async function elicitConfirmation(
+  params: ElicitConfirmParams
+): Promise<ElicitConfirmResult> {
+  const { server, message } = params;
+
+  if (!server) return { type: 'unsupported' };
+
+  const caps = server.getClientCapabilities();
+  if (!caps?.elicitation) return { type: 'unsupported' };
+
+  try {
+    const result = await server.elicitInput({
+      message,
+      requestedSchema: { type: 'object', properties: {} },
+    });
+
+    if (result.action === 'accept') return { type: 'confirmed' };
+    return { type: 'declined', reason: result.action };
+  } catch {
+    // If elicitation throws (e.g. transport doesn't support it),
+    // fall back to token flow rather than failing the tool call.
+    return { type: 'unsupported' };
+  }
+}