persyst-mcp 2.2.4 → 2.2.6

package/hooks/persyst-hook.js

@@ -281,12 +281,11 @@ function spawnWorker() {
 /**
  * Handle SessionStart: load project-wide context and ingest git history.
  */
-async function handleSessionStart(client, input) {
+async function handleSessionStart(input) {
   const cwd = input.cwd || process.cwd();
   const repoName = cwd.replace(/\\/g, '/').split('/').pop();
 
-  // 1. Get project-wide memory context
-  const contextResult = await callTool(client, 'get_optimized_context', {
+  const contextResult = await callTool(null, 'get_optimized_context', {
     query: `Project ${repoName} conventions, architecture, user preferences, coding rules`,
     max_tokens: 2000,
     agent_id: 'claude-code',
@@ -295,7 +294,7 @@ async function handleSessionStart(client, input) {
 
   // 2. Ingest recent git commits (best-effort, don't fail if not a git repo)
   try {
-    await callTool(client, 'ingest_git_commits', {
+    await callTool(null, 'ingest_git_commits', {
       repo_path: cwd,
       count: 15
     });
@@ -312,11 +311,11 @@ async function handleSessionStart(client, input) {
   // 4. Get memory count for status line
   let memoryCount = 0;
   try {
-    const recentResult = await callTool(client, 'get_recent_memories', { limit: 1 });
+    const recentResult = await callTool(null, 'get_recent_memories', { limit: 1 });
     if (recentResult && recentResult.count !== undefined) {
       // The count from get_recent is just the returned count, not total
       // Use a search to estimate total active memories
-      const importantResult = await callTool(client, 'get_important_memories', { limit: 100 });
+      const importantResult = await callTool(null, 'get_important_memories', { limit: 100 });
       memoryCount = importantResult?.count || 0;
     }
   } catch (_) {
@@ -339,7 +338,7 @@ async function handleSessionStart(client, input) {
  * Handle UserPromptSubmit: search for memories relevant to the user's prompt.
  * Also runs Tier 2 heuristic extraction inline (zero-cost).
  */
-async function handleUserPromptSubmit(client, input) {
+async function handleUserPromptSubmit(input) {
   const prompt = input.prompt || '';
 
   // Skip trivial prompts (commands, confirmations, short inputs)
@@ -367,7 +366,7 @@ async function handleUserPromptSubmit(client, input) {
 
   // --- Memory Retrieval (existing behavior) ---
   // Use search_memories for speed on per-prompt lookups (faster than get_optimized_context)
-  const searchResult = await callTool(client, 'search_memories', {
+  const searchResult = await callTool(null, 'search_memories', {
     query: prompt.slice(0, 200), // Truncate very long prompts for search efficiency
     limit: 5,
     agent_id: 'claude-code',
@@ -448,11 +447,11 @@ async function main() {
 
     let response;
     if (eventName === 'SessionStart') {
-      response = await handleSessionStart(null, input);
+      response = await handleSessionStart(input);
     } else if (eventName === 'UserPromptSubmit') {
       // Apply hard timeout for prompt-time hook execution
       response = await Promise.race([
-        handleUserPromptSubmit(null, input),
+        handleUserPromptSubmit(input),
         new Promise((resolve) =>
           setTimeout(() => {
             process.stderr.write(`[persyst-hook] UserPromptSubmit hit ${MAX_HOOK_LATENCY_MS}ms timeout, returning partial.\n`);

package/index.js

@@ -18,7 +18,9 @@
 // If running inside Bun (like Qwen's internal runtime), spawn Node.js instead
 if (process.versions.bun && !process.env.PERSYST_RUN_BY_NODE) {
   const { spawn } = await import('child_process');
-  const child = spawn('C:\\Program Files\\nodejs\\node.exe', [
+  // Prefer NODE env var (set by nvm/fnm/volta), then fall back to 'node' on PATH
+  const nodeExec = process.env.NODE || 'node';
+  const child = spawn(nodeExec, [
     process.argv[1],
     ...process.argv.slice(2)
   ], {
@@ -37,22 +39,42 @@ if (process.versions.bun && !process.env.PERSYST_RUN_BY_NODE) {
 
 // Fix PATH on Windows if running in environments like Qwen Desktop that override PATH
 if (process.platform === 'win32') {
-  const nodeBin = 'C:\\Program Files\\nodejs';
-  const gitBin = 'C:\\Program Files\\Git\\cmd';
-  const systemBin = 'C:\\WINDOWS\\system32;C:\\WINDOWS';
-  
   const currentPath = process.env.PATH || '';
   const paths = currentPath.split(';');
-  
-  if (!paths.includes(nodeBin)) paths.push(nodeBin);
-  if (!paths.includes(gitBin)) paths.push(gitBin);
-  
-  // Make sure system folders are there
+
+  // Dynamically find node and git on PATH using where.exe
+  const { execFileSync } = await import('child_process');
+  for (const cmd of ['node', 'git']) {
+    try {
+      const result = execFileSync('where.exe', [cmd], { encoding: 'utf8', timeout: 2000 });
+      const binDir = result.trim().split('\r\n')[0].trim();
+      if (binDir) {
+        const dir = binDir.substring(0, binDir.lastIndexOf('\\'));
+        if (dir && !paths.some(p => p.toLowerCase() === dir.toLowerCase())) {
+          paths.push(dir);
+        }
+      }
+    } catch {
+      // where.exe failed — fall back to common paths
+      if (cmd === 'node') {
+        for (const p of ['C:\\Program Files\\nodejs', process.env.NVM_SYMLINK, `${process.env.USERPROFILE}\\AppData\\Roaming\\nvm\\v20.11.0`].filter(Boolean)) {
+          if (!paths.some(ex => ex.toLowerCase() === p.toLowerCase())) paths.push(p);
+        }
+      } else if (cmd === 'git') {
+        for (const p of ['C:\\Program Files\\Git\\cmd', 'C:\\Program Files\\Git\\bin', `${process.env.LOCALAPPDATA}\\Programs\\Git\\cmd`].filter(Boolean)) {
+          if (!paths.some(ex => ex.toLowerCase() === p.toLowerCase())) paths.push(p);
+        }
+      }
+    }
+  }
+
+  // Ensure system folders are present
+  const systemBin = 'C:\\WINDOWS\\system32;C:\\WINDOWS';
   const sysPaths = systemBin.split(';');
   sysPaths.forEach(p => {
-    if (!paths.includes(p)) paths.push(p);
+    if (!paths.some(ex => ex.toLowerCase() === p.toLowerCase())) paths.push(p);
   });
-  
+
   process.env.PATH = paths.join(';');
 }
 
@@ -80,6 +102,14 @@ if (subcommand === 'setup') {
 } else if (subcommand === 'worker') {
   // Run the background extraction worker directly
   await import('./bin/extract-worker.js');
+} else if (subcommand === 'export') {
+  // Export memories to a JSONL file
+  process.argv.splice(2, 1);
+  await import('./bin/export.js');
+} else if (subcommand === 'import') {
+  // Import memories from a JSONL file
+  process.argv.splice(2, 1);
+  await import('./bin/import.js');
 } else {
   // Default: start the MCP server
   const { startServer } = await import('./src/server.js');

package/package.json

@@ -1,17 +1,21 @@
 {
   "name": "persyst-mcp",
-  "version": "2.2.4",
-  "description": "Local-first MCP memory server with hybrid keyword + semantic search for coding agents",
+  "version": "2.2.6",
+  "description": "Local-first, compliance-grade MCP memory layer with hybrid keyword + semantic search for coding agents",
   "type": "module",
   "main": "index.js",
+  "exports": {
+    ".": "./index.js",
+    "./sdk": {
+      "types": "./src/sdk.d.ts",
+      "default": "./src/sdk.js"
+    }
+  },
   "bin": {
-    "persyst-mcp": "index.js",
-    "persyst-setup": "bin/setup.js",
-    "persyst-aider": "bin/aider.js",
-    "persyst-init": "bin/init.js",
-    "persyst-ingest": "bin/ingest.js",
-    "persyst-extract": "bin/extract.js",
-    "persyst-worker": "bin/extract-worker.js"
+    "persyst-mcp": "./bin/mcp.js",
+    "persyst-setup": "./bin/setup.js",
+    "persyst-init": "./bin/init.js",
+    "persyst": "./index.js"
   },
   "engines": {
     "node": ">=18.0.0"
@@ -27,7 +31,7 @@
   "scripts": {
     "start": "node index.js",
     "test": "cross-env NODE_ENV=test node test/smoke.js",
-    "test:heavy": "cross-env NODE_ENV=test node --test --test-concurrency=1 test/test_*.js",
+    "test:heavy": "node test/run_sequentially.js",
     "worker": "node bin/extract-worker.js",
     "extract": "node bin/extract.js"
   },
@@ -60,6 +64,7 @@
     "@huggingface/transformers": "^4.2.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "better-sqlite3": "^12.10.0",
+    "chokidar": "^5.0.0",
     "sqlite-vec": "^0.1.9",
     "zod": "^3.23.0"
   },

package/src/attestation.js

@@ -9,7 +9,7 @@ import crypto from 'crypto';
 import { mkdirSync, readFileSync, writeFileSync, existsSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
-import db, { getLastAttestation, insertAttestation, getAttestationById } from './database.js';
+import db, { stmts, getLastAttestation, insertAttestation, getAttestationById } from './database.js';
 
 const KEYS_DIR = join(homedir(), '.persyst', 'keys');
 
@@ -69,7 +69,7 @@ export function createAttestation(query, memories, agentId = null, sessionId = n
     return {
       id: m.id,
       content_hash: contentHash,
-      score: parseFloat(scoreVal)
+      score: Math.round(parseFloat(scoreVal) * 10000)
     };
   });
 
@@ -135,6 +135,22 @@ export function verifyAttestationRecord(attestation) {
     };
 
     const dataToSign = JSON.stringify(doc);
+    const fullRecord = {
+      ...doc,
+      signature: attestation.signature
+    };
+    const computedHash = crypto.createHash('sha256').update(JSON.stringify(fullRecord)).digest('hex');
+
+    // Check hash first — if it matches, doc reconstruction is correct
+    const hashMatch = computedHash === attestation.hash;
+    if (!hashMatch) {
+      console.error('[persyst-attest] HASH MISMATCH for', attestation.attestation_id);
+      console.error('[persyst-attest] stored hash:', attestation.hash);
+      console.error('[persyst-attest] computed hash:', computedHash);
+      console.error('[persyst-attest] doc:', JSON.stringify(doc));
+      return { valid: false, error: 'Attestation hash mismatch' };
+    }
+
     const publicKey = getPublicKey();
 
     // Verify signature
@@ -150,20 +166,14 @@ export function verifyAttestationRecord(attestation) {
     );
 
     if (!isSignatureValid) {
+      console.error('[persyst-attest] SIG VERIFY FAIL for', attestation.attestation_id);
+      console.error('[persyst-attest] Hash matches but signature invalid');
+      console.error('[persyst-attest] dataToSign:', dataToSign);
+      console.error('[persyst-attest] signature:', attestation.signature);
+      console.error('[persyst-attest] public key:', publicKey);
       return { valid: false, error: 'Signature verification failed' };
     }
 
-    // Verify hash integrity
-    const fullRecord = {
-      ...doc,
-      signature: attestation.signature
-    };
-    const computedHash = crypto.createHash('sha256').update(JSON.stringify(fullRecord)).digest('hex');
-
-    if (computedHash !== attestation.hash) {
-      return { valid: false, error: 'Attestation hash mismatch' };
-    }
-
     return { valid: true };
   } catch (err) {
     return { valid: false, error: err.message };
@@ -171,7 +181,10 @@ export function verifyAttestationRecord(attestation) {
 }
 
 /**
- * Verifies signature and chain integrity.
+ * Iteratively verifies signature and chain integrity.
+ * Walks backwards from the target attestation to the genesis link,
+ * confirming each previous_hash matches the predecessor's actual hash
+ * and that sequence order strictly increases.
  */
 export function verifyChainIntegrity(attestationId) {
   const att = getAttestationById(attestationId);
@@ -184,29 +197,37 @@ export function verifyChainIntegrity(attestationId) {
     return selfVerify;
   }
 
-  // If there's a previous link, check it
-  if (att.previous_hash) {
-    const prevAtt = getAttestationByHash(att.previous_hash);
+  // Iterative chain walk — no recursion, no stack overflow risk
+  const MAX_CHAIN_DEPTH = 10000;
+  let current = att;
+  let depth = 0;
+
+  while (current.previous_hash) {
+    if (depth >= MAX_CHAIN_DEPTH) {
+      return { valid: false, error: 'Broken chain: chain length exceeds maximum' };
+    }
+
+    const prevAtt = stmts.getAttestationByHash.get(current.previous_hash);
     if (!prevAtt) {
-      return { valid: false, error: `Broken chain: Previous attestation with hash ${att.previous_hash} not found` };
+      return { valid: false, error: `Broken chain: Previous attestation with hash ${current.previous_hash} not found` };
     }
 
-    if (prevAtt.id >= att.id) {
-      return { valid: false, error: `Broken chain: Invalid sequence order` };
+    if (prevAtt.hash !== current.previous_hash) {
+      return { valid: false, error: 'Broken chain: previous_hash does not match predecessor hash' };
+    }
+
+    if (prevAtt.id >= current.id) {
+      return { valid: false, error: 'Broken chain: Invalid sequence order' };
     }
 
     const prevVerify = verifyAttestationRecord(prevAtt);
     if (!prevVerify.valid) {
       return { valid: false, error: `Broken chain: Previous link is invalid: ${prevVerify.error}` };
     }
-  }
 
-  return { valid: true, attestation: att };
-}
+    current = prevAtt;
+    depth++;
+  }
 
-/**
- * Helper to fetch attestation by hash since it's not exposed globally.
- */
-function getAttestationByHash(hash) {
-  return db.prepare('SELECT * FROM attestations WHERE hash = ?').get(hash) || null;
+  return { valid: true, attestation: current };
 }