gitmem-mcp 1.5.1 → 1.6.0

package/dist/services/license.js

@@ -0,0 +1,200 @@
+/**
+ * License Key Validation for GitMem Pro Tier
+ *
+ * Detection chain:
+ *   1. GITMEM_TIER env var (explicit override — testing/dev)
+ *   2. api_key in config.json or GITMEM_API_KEY env var:
+ *      a. Check license-cache.json → if valid + not expired (72h) → return cached tier
+ *      b. No cache → optimistic "pro" (validated async in runServer)
+ *   3. No key + no SUPABASE_URL + no config.supabase_url → free
+ *   4. No key + SUPABASE_URL set (env var) → pro (backward compat for us)
+ *
+ * Async validation (validateLicense()):
+ *   - Called in runServer() startup (non-blocking)
+ *   - POST to hardcoded validation endpoint with api_key + install_id
+ *   - Success: cache to ~/.gitmem/license-cache.json (72h TTL)
+ *   - Failure: downgrade _tier to free, log warning
+ *   - Network error: honor existing cache if valid, else downgrade
+ */
+import * as fs from "fs";
+import * as path from "path";
+import { getGitmemDir } from "./gitmem-dir.js";
+// Hardcoded validation endpoint — calls RPC directly on our Supabase via PostgREST.
+// Users never see or configure this URL.
+const VALIDATION_URL = "https://cjptxyezuxdiinufgrrm.supabase.co/rest/v1/rpc/gitmem_validate_license";
+// Anon key for our project (safe to embed — RPC is SECURITY DEFINER, RLS blocks direct table access)
+const VALIDATION_ANON_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImNqcHR4eWV6dXhkaWludWZncnJtIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjYxODY3MDMsImV4cCI6MjA4MTc2MjcwM30.L0oZy3LYCMikmZ15IUU5DnfJmucM37DJ14nUkM3AreY";
+// Cache TTL: 72 hours
+const CACHE_TTL_MS = 72 * 60 * 60 * 1000;
+/**
+ * Get license key from env var or config.json
+ */
+export function getLicenseKey() {
+    // Env var takes priority
+    const envKey = process.env.GITMEM_API_KEY;
+    if (envKey)
+        return envKey;
+    // Read from config.json
+    try {
+        const configPath = path.join(getGitmemDir(), "config.json");
+        if (fs.existsSync(configPath)) {
+            const raw = JSON.parse(fs.readFileSync(configPath, "utf-8"));
+            if (raw.api_key && typeof raw.api_key === "string") {
+                return raw.api_key;
+            }
+        }
+    }
+    catch {
+        // File doesn't exist or is invalid
+    }
+    return null;
+}
+/**
+ * Get Pro config (Supabase + OpenRouter credentials) from config.json
+ * Env vars override config.json values.
+ */
+export function getProConfig() {
+    let supabaseUrl = process.env.SUPABASE_URL || "";
+    let supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.SUPABASE_KEY || "";
+    let openrouterKey = process.env.OPENROUTER_API_KEY || "";
+    // Fall back to config.json
+    try {
+        const configPath = path.join(getGitmemDir(), "config.json");
+        if (fs.existsSync(configPath)) {
+            const raw = JSON.parse(fs.readFileSync(configPath, "utf-8"));
+            if (!supabaseUrl && raw.supabase_url)
+                supabaseUrl = raw.supabase_url;
+            if (!supabaseKey && raw.supabase_key)
+                supabaseKey = raw.supabase_key;
+            if (!openrouterKey && raw.openrouter_key)
+                openrouterKey = raw.openrouter_key;
+        }
+    }
+    catch {
+        // File doesn't exist or is invalid
+    }
+    return { supabaseUrl, supabaseKey, openrouterKey };
+}
+/**
+ * Read cached license validation result
+ */
+function readLicenseCache() {
+    try {
+        const cachePath = path.join(getGitmemDir(), "license-cache.json");
+        if (!fs.existsSync(cachePath))
+            return null;
+        const raw = JSON.parse(fs.readFileSync(cachePath, "utf-8"));
+        const validatedAt = new Date(raw.validated_at).getTime();
+        const now = Date.now();
+        // Check TTL
+        if (now - validatedAt > CACHE_TTL_MS) {
+            console.error("[gitmem:license] Cache expired");
+            return null;
+        }
+        return raw;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Write license validation result to cache
+ */
+function writeLicenseCache(result) {
+    try {
+        const gitmemDir = getGitmemDir();
+        if (!fs.existsSync(gitmemDir)) {
+            fs.mkdirSync(gitmemDir, { recursive: true });
+        }
+        const cachePath = path.join(gitmemDir, "license-cache.json");
+        fs.writeFileSync(cachePath, JSON.stringify(result, null, 2));
+    }
+    catch (err) {
+        console.error("[gitmem:license] Failed to write cache:", err);
+    }
+}
+/**
+ * Delete license cache (used by deactivate)
+ */
+export function clearLicenseCache() {
+    try {
+        const cachePath = path.join(getGitmemDir(), "license-cache.json");
+        if (fs.existsSync(cachePath)) {
+            fs.unlinkSync(cachePath);
+        }
+    }
+    catch {
+        // Ignore
+    }
+}
+/**
+ * Check if license key has a valid cached result (non-async, for tier detection)
+ */
+export function getCachedLicenseTier() {
+    const cache = readLicenseCache();
+    if (cache && cache.valid) {
+        return cache.tier;
+    }
+    return null;
+}
+/**
+ * Validate license key against GitMem's Supabase RPC endpoint.
+ * Calls gitmem_validate_license() via PostgREST using the anon key.
+ * Returns the validation result.
+ *
+ * This is async and should be called non-blocking during startup.
+ */
+export async function validateLicense(apiKey, installId) {
+    try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 10000); // 10s timeout
+        const response = await fetch(VALIDATION_URL, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                apikey: VALIDATION_ANON_KEY,
+                Authorization: `Bearer ${VALIDATION_ANON_KEY}`,
+            },
+            body: JSON.stringify({ p_api_key: apiKey, p_install_id: installId }),
+            signal: controller.signal,
+        });
+        clearTimeout(timeout);
+        if (!response.ok) {
+            const text = await response.text().catch(() => "");
+            return { valid: false, tier: null, message: `HTTP ${response.status}: ${text}` };
+        }
+        // PostgREST RPC returns an array of rows
+        const rows = await response.json();
+        const data = Array.isArray(rows) ? rows[0] : rows;
+        if (!data) {
+            return { valid: false, tier: null, message: "Empty validation response" };
+        }
+        // Cache successful validation
+        if (data.valid && data.tier) {
+            writeLicenseCache({
+                valid: true,
+                tier: data.tier,
+                validated_at: new Date().toISOString(),
+                api_key_prefix: apiKey.substring(0, 16) + "...",
+            });
+        }
+        return data;
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : "Unknown error";
+        // Network error: honor existing cache
+        const cache = readLicenseCache();
+        if (cache && cache.valid) {
+            console.error(`[gitmem:license] Network error, using cached validation: ${message}`);
+            return { valid: true, tier: cache.tier, message: "Using cached validation (offline)" };
+        }
+        return { valid: false, tier: null, message: `Network error: ${message}` };
+    }
+}
+/**
+ * Get the validation URL (for diagnostics/testing)
+ */
+export function getValidationUrl() {
+    return VALIDATION_URL;
+}
+//# sourceMappingURL=license.js.map

package/dist/services/supabase-client.d.ts

@@ -37,6 +37,9 @@ export declare function getRecord<T = unknown>(table: string, id: string): Promi
 export declare function upsertRecord<T = unknown>(table: string, data: Record<string, unknown>): Promise<T>;
 /**
  * Semantic search across tables
+ *
+ * Generates an embedding for the query, then calls the gitmem_semantic_search
+ * RPC function directly via PostgREST.
  */
 export declare function semanticSearch<T = unknown>(options: SupabaseSearchOptions): Promise<T[]>;
 /**
@@ -115,6 +118,9 @@ export declare function directPatch<T = unknown>(table: string, filters: Record<
 export declare function loadScarsWithEmbeddings<T = unknown>(project?: string, limit?: number): Promise<T[]>;
 /**
  * Scar search with severity weighting
+ *
+ * Generates an embedding for the query, then calls the gitmem_scar_search
+ * RPC function directly via PostgREST. No Edge Function required.
  */
 export declare function scarSearch<T = unknown>(query: string, matchCount?: number, project?: Project): Promise<T[]>;
 /**

package/dist/services/supabase-client.js

@@ -45,9 +45,11 @@ export function escapePostgRESTValue(value) {
     // PostgREST uses ( ) , as structural delimiters in or=() expressions
     return value.replace(/[(),]/g, "");
 }
-// Configuration from environment
-const SUPABASE_URL = process.env.SUPABASE_URL || "";
-const SUPABASE_KEY = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.SUPABASE_KEY || "";
+// Configuration from environment, with config.json fallback for Pro tier
+import { getProConfig } from "./license.js";
+const _proConfig = getProConfig();
+const SUPABASE_URL = _proConfig.supabaseUrl;
+const SUPABASE_KEY = _proConfig.supabaseKey;
 // Direct REST API base URL
 const SUPABASE_REST_URL = SUPABASE_URL ? `${SUPABASE_URL}/rest/v1` : "";
 /**
@@ -141,21 +143,45 @@ export async function upsertRecord(table, data) {
 }
 /**
  * Semantic search across tables
+ *
+ * Generates an embedding for the query, then calls the gitmem_semantic_search
+ * RPC function directly via PostgREST.
  */
 export async function semanticSearch(options) {
-    const { query, tables, match_count = 10, project } = options;
-    const args = {
-        query,
-        match_count,
-    };
-    if (tables && tables.length > 0) {
-        args.tables = tables;
+    if (!isConfigured()) {
+        throw new Error("Supabase not configured");
     }
-    if (project) {
-        args.project = project;
+    const { query, match_count = 10 } = options;
+    // Generate embedding for the query
+    const { embed } = await import("./embedding.js");
+    const embedding = await embed(query);
+    if (!embedding) {
+        console.error("[semantic-search] No embedding provider configured — cannot run semantic search");
+        return [];
+    }
+    // Call the RPC function directly via PostgREST
+    const rpcName = `${getTableName("").replace(/_$/, "")}_semantic_search`;
+    const url = `${SUPABASE_URL}/rest/v1/rpc/${rpcName}`;
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            apikey: SUPABASE_KEY,
+            Authorization: `Bearer ${SUPABASE_KEY}`,
+        },
+        body: JSON.stringify({
+            query_embedding: `[${embedding.join(",")}]`,
+            match_count,
+            similarity_threshold: 0.0,
+        }),
+        signal: AbortSignal.timeout(15_000),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Supabase RPC error: ${response.status} - ${text.slice(0, 200)}`);
     }
-    const result = await callMcp("semantic_search", args);
-    return result.results || [];
+    const rows = (await response.json());
+    return rows || [];
 }
 // ============================================================================
 // DIRECT SUPABASE QUERIES (bypass ww-mcp for bulk operations)
@@ -408,17 +434,44 @@ export async function loadScarsWithEmbeddings(project, limit = 500) {
 }
 /**
  * Scar search with severity weighting
+ *
+ * Generates an embedding for the query, then calls the gitmem_scar_search
+ * RPC function directly via PostgREST. No Edge Function required.
  */
 export async function scarSearch(query, matchCount = 5, project) {
-    const args = {
-        query,
-        match_count: matchCount,
-    };
-    if (project) {
-        args.project = project;
+    if (!isConfigured()) {
+        throw new Error("Supabase not configured");
+    }
+    // Generate embedding for the query
+    const { embed } = await import("./embedding.js");
+    const embedding = await embed(query);
+    if (!embedding) {
+        console.error("[scar-search] No embedding provider configured — cannot run semantic search");
+        return [];
+    }
+    // Call the RPC function directly via PostgREST
+    const rpcName = `${getTableName("").replace(/_$/, "")}_scar_search`;
+    const url = `${SUPABASE_URL}/rest/v1/rpc/${rpcName}`;
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            apikey: SUPABASE_KEY,
+            Authorization: `Bearer ${SUPABASE_KEY}`,
+        },
+        body: JSON.stringify({
+            query_embedding: `[${embedding.join(",")}]`,
+            match_count: matchCount,
+            similarity_threshold: 0.0,
+        }),
+        signal: AbortSignal.timeout(15_000),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Supabase RPC error: ${response.status} - ${text.slice(0, 200)}`);
     }
-    const result = await callMcp("scar_search", args);
-    return result.results || [];
+    const rows = (await response.json());
+    return rows || [];
 }
 /**
  * Scar search with caching

package/dist/services/tier.d.ts

@@ -6,15 +6,23 @@
  *   pro  — Supabase + embeddings, semantic search, cloud persistence, variants
  *   dev  — Everything in pro + compliance, transcripts, metrics
  *
- * Detection:
- *   GITMEM_TIER=free|pro|dev   (explicit override)
- *   Auto-detect: no SUPABASE_URL → free, GITMEM_DEV=1 → dev, else → pro
+ * Detection chain:
+ *   1. GITMEM_TIER env var (explicit override — testing/dev)
+ *   2. api_key in config.json or GITMEM_API_KEY env var:
+ *      a. Check license-cache.json → if valid + not expired (72h) → return cached tier
+ *      b. No cache → optimistic "pro" (validated async in runServer)
+ *   3. No key + no SUPABASE_URL + no config.supabase_url → free
+ *   4. No key + SUPABASE_URL set (env var) → pro (backward compat for us)
  */
 export type GitMemTier = "free" | "pro" | "dev";
 /**
  * Get the current tier (cached after first call)
  */
 export declare function getTier(): GitMemTier;
+/**
+ * Force-set tier (used by license validation on failure)
+ */
+export declare function setTier(tier: GitMemTier): void;
 /**
  * Reset tier detection (for testing)
  */
@@ -33,6 +41,8 @@ export declare function hasTranscripts(): boolean;
 export declare function hasBatchOperations(): boolean;
 /** Whether cache management tools are available (pro, dev) */
 export declare function hasCacheManagement(): boolean;
+/** Whether Pro-tier insights (decay tags, analytics snippets, blindspots) are active (pro, dev) */
+export declare function hasProInsights(): boolean;
 /** Whether detailed performance metrics recording is active (pro, dev — aligned with hasVariants) */
 export declare function hasMetrics(): boolean;
 /** Whether advanced agent detection (5-agent matrix) is active (dev only) */

package/dist/services/tier.js

@@ -6,23 +6,42 @@
  *   pro  — Supabase + embeddings, semantic search, cloud persistence, variants
  *   dev  — Everything in pro + compliance, transcripts, metrics
  *
- * Detection:
- *   GITMEM_TIER=free|pro|dev   (explicit override)
- *   Auto-detect: no SUPABASE_URL → free, GITMEM_DEV=1 → dev, else → pro
+ * Detection chain:
+ *   1. GITMEM_TIER env var (explicit override — testing/dev)
+ *   2. api_key in config.json or GITMEM_API_KEY env var:
+ *      a. Check license-cache.json → if valid + not expired (72h) → return cached tier
+ *      b. No cache → optimistic "pro" (validated async in runServer)
+ *   3. No key + no SUPABASE_URL + no config.supabase_url → free
+ *   4. No key + SUPABASE_URL set (env var) → pro (backward compat for us)
  */
+import { getLicenseKey, getCachedLicenseTier, getProConfig } from "./license.js";
 let _tier = null;
 /**
- * Detect tier from environment variables
+ * Detect tier from environment variables, license key, and config
  */
 function detectTier() {
+    // 1. Explicit override via env var (testing/dev)
     const explicit = process.env.GITMEM_TIER?.toLowerCase();
     if (explicit === "free" || explicit === "pro" || explicit === "dev") {
         return explicit;
     }
-    const supabaseUrl = process.env.SUPABASE_URL;
+    // 2. License key present → check cache or optimistic pro
+    const apiKey = getLicenseKey();
+    if (apiKey) {
+        // 2a. Check cached validation
+        const cachedTier = getCachedLicenseTier();
+        if (cachedTier === "pro" || cachedTier === "dev") {
+            return cachedTier;
+        }
+        // 2b. Key present but no valid cache → optimistic pro
+        // (validated async in runServer, downgraded if invalid)
+        return "pro";
+    }
+    // 3. No key — check for Supabase URL (env var or config.json)
+    const supabaseUrl = process.env.SUPABASE_URL || getProConfig().supabaseUrl;
     if (!supabaseUrl)
         return "free";
-    // Dev tier markers
+    // 4. Supabase URL set but no license key → backward compat (internal dev)
     if (process.env.GITMEM_DEV === "true" || process.env.GITMEM_DEV === "1") {
         return "dev";
     }
@@ -38,6 +57,13 @@ export function getTier() {
     }
     return _tier;
 }
+/**
+ * Force-set tier (used by license validation on failure)
+ */
+export function setTier(tier) {
+    _tier = tier;
+    console.error(`[gitmem] Tier updated: ${tier}`);
+}
 /**
  * Reset tier detection (for testing)
  */
@@ -75,6 +101,10 @@ export function hasBatchOperations() {
 export function hasCacheManagement() {
     return getTier() !== "free";
 }
+/** Whether Pro-tier insights (decay tags, analytics snippets, blindspots) are active (pro, dev) */
+export function hasProInsights() {
+    return getTier() !== "free";
+}
 /** Whether detailed performance metrics recording is active (pro, dev — aligned with hasVariants) */
 export function hasMetrics() {
     return getTier() !== "free";
@@ -96,7 +126,8 @@ export function hasEnforcementFields() {
  */
 export function getTablePrefix() {
     // Default prefix for all tiers. Override with GITMEM_TABLE_PREFIX env var.
-    return process.env.GITMEM_TABLE_PREFIX || "orchestra_";
+    // User schema uses gitmem_ prefix. Orchestra infra uses orchestra_ (set via env var).
+    return process.env.GITMEM_TABLE_PREFIX || "gitmem_";
 }
 /**
  * Get the fully-qualified table name for a base table name

package/dist/tools/recall.js

@@ -14,7 +14,7 @@
  */
 import * as supabase from "../services/supabase-client.js";
 import { localScarSearch, isLocalSearchReady } from "../services/local-vector-search.js";
-import { hasSupabase, hasVariants, hasMetrics, getTableName } from "../services/tier.js";
+import { hasSupabase, hasVariants, hasMetrics, hasProInsights, getTableName } from "../services/tier.js";
 import { getProject } from "../services/session-state.js";
 import { getStorage } from "../services/storage.js";
 import { Timer, recordMetrics, buildPerformanceData, buildComponentPerformance, calculateContextBytes, } from "../services/metrics.js";
@@ -82,12 +82,16 @@ No past lessons match this plan closely enough. Scars accumulate as you work —
         const starterTag = scar.is_starter ? ` ${dimText("[starter]")}` : "";
         // Confidence tier: marginal matches (< 0.55) get flagged — 66% N/A rate in this range
         const confidenceTag = scar.similarity < 0.55 ? ` ${dimText("[low confidence]")}` : "";
-        lines.push(`${sev} **${scar.title}** (${scar.severity}, ${scar.similarity.toFixed(2)}) ${dimText(`id:${scar.id.slice(0, 8)}`)}${starterTag}${confidenceTag}`);
+        // Pro: decay tag for scars with reduced behavioral relevance
+        const decayTag = hasProInsights() && scar.decay_multiplier !== undefined && scar.decay_multiplier < 0.8
+            ? ` ${dimText(`[decay: ${Math.round(scar.decay_multiplier * 100)}%]`)}`
+            : "";
+        lines.push(`${sev} **${scar.title}** (${scar.severity}, ${scar.similarity.toFixed(2)}) ${dimText(`id:${scar.id.slice(0, 8)}`)}${starterTag}${confidenceTag}${decayTag}`);
         // Inline archival hint: scars with high dismiss rates get annotated
         if (dismissals) {
             const counts = dismissals.get(scar.id);
-            if (counts && counts.surfaced >= 5 && (counts.dismissed / counts.surfaced) >= 0.7) {
-                lines.push(`  _[${counts.dismissed}x dismissed — consider archiving with gm-archive]_`);
+            if (counts && counts.surfaced >= 3 && (counts.dismissed / counts.surfaced) >= 0.6) {
+                lines.push(`  _[dismissed ${counts.dismissed}/${counts.surfaced} times — re-evaluate whether this still applies]_`);
             }
         }
         // Use variant enforcement text if available (blind to variant name)
@@ -145,6 +149,14 @@ No past lessons match this plan closely enough. Scars accumulate as you work —
         lines.push("");
     }
     lines.push("**Acknowledge these lessons before proceeding.**");
+    // Pro: graph nudge when triples exist on any scar
+    if (hasProInsights() && scars.some(s => s.related_triples && s.related_triples.length > 0)) {
+        const firstScarWithTriples = scars.find(s => s.related_triples && s.related_triples.length > 0);
+        if (firstScarWithTriples) {
+            lines.push("");
+            lines.push(dimText(`Pro: Use graph_traverse(lens: 'connected_to', node: '${firstScarWithTriples.title}') to explore deeper connections.`));
+        }
+    }
     return lines.join("\n");
 }
 /**

package/dist/tools/session-close.js

@@ -10,7 +10,7 @@ import { v4 as uuidv4 } from "uuid";
 import { detectAgent } from "../services/agent-detection.js";
 import * as supabase from "../services/supabase-client.js";
 import { embed, isEmbeddingAvailable } from "../services/embedding.js";
-import { hasSupabase, getTableName } from "../services/tier.js";
+import { hasSupabase, hasProInsights, getTableName } from "../services/tier.js";
 import { getStorage } from "../services/storage.js";
 import { clearCurrentSession, getSurfacedScars, getConfirmations, getReflections, getObservations, getChildren, getThreads, getSessionActivity, isRecallCalled } from "../services/session-state.js";
 import { normalizeThreads, mergeThreadStates, migrateStringThread, saveThreadsFile } from "../services/thread-manager.js"; // 
@@ -20,6 +20,7 @@ import { validateSessionClose, buildCloseCompliance, } from "../services/complia
 import { normalizeReflectionKeys } from "../constants/closing-questions.js";
 import { Timer, recordMetrics, buildPerformanceData, updateRelevanceData, } from "../services/metrics.js";
 import { wrapDisplay, truncate, productLine, dimText, STATUS, ANSI } from "../services/display-protocol.js";
+import { queryScarUsageByDateRange, enrichScarUsageTitles, formatBlindspotSnippet } from "../services/analytics.js";
 import { recordScarUsageBatch } from "./record-scar-usage-batch.js";
 import { getEffectTracker } from "../services/effect-tracker.js";
 import { saveTranscript } from "./save-transcript.js";
@@ -264,7 +265,7 @@ async function sessionCloseFree(params, timer) {
         };
     }
 }
-function formatCloseDisplay(sessionId, compliance, params, learningsCount, success, errors, transcriptStatus) {
+function formatCloseDisplay(sessionId, compliance, params, learningsCount, success, errors, transcriptStatus, blindspotSnippet) {
     const lines = [];
     // Header: branded product line
     const status = success ? STATUS.complete : STATUS.failed;
@@ -320,6 +321,11 @@ function formatCloseDisplay(sessionId, compliance, params, learningsCount, succe
             lines.push(`  ${indicator} ${truncate(s.reference_context || s.scar_identifier || "", 70)}`);
         }
     }
+    // Pro: blindspot section
+    if (blindspotSnippet) {
+        lines.push("");
+        lines.push(blindspotSnippet);
+    }
     // Transcript — only on failure
     if (transcriptStatus && !transcriptStatus.saved) {
         lines.push("");
@@ -1147,11 +1153,31 @@ export async function sessionClose(params) {
             params = { ...params, scars_to_record: bridgedScars };
         }
     }
+    // Pro: fetch blindspot data in parallel with session persistence
+    let blindspotSnippet = null;
+    const blindspotPromise = (async () => {
+        if (!hasProInsights())
+            return;
+        try {
+            const endDate = new Date().toISOString();
+            const startDate = new Date(Date.now() - 30 * 86400000).toISOString();
+            const project = isRetroactive ? "default" : existingSession?.project || "default";
+            const rawUsages = await queryScarUsageByDateRange(startDate, endDate, project);
+            const usages = await enrichScarUsageTitles(rawUsages);
+            blindspotSnippet = formatBlindspotSnippet(usages);
+        }
+        catch (error) {
+            console.error("[session_close] Blindspot fetch failed (non-fatal):", error);
+        }
+    })();
     // 6. Persist to Supabase (direct REST API, bypasses ww-mcp)
     try {
         // Upsert session WITHOUT embedding (fast path)
         // Embedding + thread detection run fire-and-forget after
-        await supabase.directUpsert(getTableName("sessions"), sessionData);
+        await Promise.all([
+            supabase.directUpsert(getTableName("sessions"), sessionData),
+            blindspotPromise,
+        ]);
         // Tracked fire-and-forget embedding generation + session update + thread detection
         if (isEmbeddingAvailable()) {
             getEffectTracker().track("embedding", "session_close", async () => {
@@ -1262,7 +1288,7 @@ export async function sessionClose(params) {
             }
             catch { /* already gone */ }
         }
-        const display = formatCloseDisplay(sessionId, closeCompliance, params, learningsCount, true, validation.warnings.length > 0 ? validation.warnings : undefined, transcriptStatus);
+        const display = formatCloseDisplay(sessionId, closeCompliance, params, learningsCount, true, validation.warnings.length > 0 ? validation.warnings : undefined, transcriptStatus, blindspotSnippet);
         return {
             success: true,
             session_id: sessionId,
@@ -1278,7 +1304,7 @@ export async function sessionClose(params) {
         const perfData = buildPerformanceData("session_close", latencyMs, 0);
         // Clear session state even on error (session is done either way)
         clearCurrentSession();
-        const errorDisplay = formatCloseDisplay(sessionId, closeCompliance, params, learningsCount, false, [`Failed to persist session: ${errorMessage}`], transcriptStatus);
+        const errorDisplay = formatCloseDisplay(sessionId, closeCompliance, params, learningsCount, false, [`Failed to persist session: ${errorMessage}`], transcriptStatus, blindspotSnippet);
         return {
             success: false,
             session_id: sessionId,