prism-mcp-server 15.5.1 → 15.6.0

package/README.md

@@ -4,11 +4,11 @@
 
 **Persistent memory + tool-calling intelligence for AI agents.** *(formerly Prism MCP)*
 
-A Model Context Protocol server that gives Claude, Cursor, and other AI tools a Mind Palace — long-term memory that survives across sessions, with semantic search, cognitive routing, a visual dashboard, and the `prism-coder:1b7` / `prism-coder:8b` / `prism-coder:14b` / `prism-coder:32b` LLM fleet for offline tool-calling. **[→ prism-mcp.com](https://prism-mcp.com)**
+A Model Context Protocol server that gives Claude, Cursor, and other AI tools a Mind Palace — long-term memory that survives across sessions, with semantic search, cognitive routing, a visual dashboard, and the `prism-coder:1b7` / `prism-coder:8b` / `prism-coder:14b` / `prism-coder:32b` LLM fleet for offline tool-calling.
 
 [![npm](https://img.shields.io/npm/v/prism-mcp-server?color=cb0000&label=npm%20%E2%80%94%20prism-mcp-server)](https://www.npmjs.com/package/prism-mcp-server)
 [![VS Marketplace](https://img.shields.io/visual-studio-marketplace/v/synalux-ai.synalux?label=VS%20Code&color=007ACC)](https://marketplace.visualstudio.com/items?itemName=synalux-ai.synalux)
-[![Website](https://img.shields.io/badge/website-prism--mcp.com-6B4FBB)](https://prism-mcp.com)
+[![Website](https://img.shields.io/badge/website-synalux.ai%2Fprism--mcp-6B4FBB)](https://synalux.ai/prism-mcp)
 [![MCP Registry](https://img.shields.io/badge/MCP_Registry-listed-00ADD8)](https://github.com/modelcontextprotocol/servers)
 [![Smithery](https://img.shields.io/badge/Smithery-listed-6B4FBB)](https://smithery.ai/server/@dcostenco/prism-mcp)
 [![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](LICENSE)
@@ -315,9 +315,21 @@ All on-device models are **free for every tier** — no subscription needed for
 
 ## Companions
 
-### 🌐 Website
+### 🌐 Website & Docs
 
-**[prism-mcp.com](https://prism-mcp.com)** — full documentation, dashboard, subscription plans, and model downloads.
+**[synalux.ai/prism-mcp](https://synalux.ai/prism-mcp)** — full documentation, dashboard, subscription plans, and model downloads.
+
+### 💻 Web IDE — Synalux Coder
+
+Use Prism Coder directly in your browser — no install required. Local-first IDE with the prism-coder agent built in. Connects to GitHub repos, Synalux Mail, Drive, and Source for cross-product workflows.
+
+**[synalux.ai/coder](https://synalux.ai/coder)** · also reachable at **[synalux.ai/prism-ide](https://synalux.ai/prism-ide)**
+
+| Feature | Detail |
+|---|---|
+| Agent | prism-coder:7b offline · Claude Sonnet 4 (Standard+) · Claude Opus 4 (Enterprise) |
+| Integrations | GitHub repos, Synalux Mail, Drive, Source — same OAuth, no separate accounts |
+| Compliance | Audit log on every turn · PHI redaction · air-gapped offline mode (HIPAA) |
 
 ### 🧩 VS Code Extension — Synalux
 

package/dist/server.js

@@ -89,6 +89,8 @@ MEMORY_HISTORY_TOOL, MEMORY_CHECKOUT_TOOL,
 SESSION_SAVE_IMAGE_TOOL, SESSION_VIEW_IMAGE_TOOL, 
 // ─── v2.2.0: Health Check tool definition ───
 SESSION_HEALTH_CHECK_TOOL, 
+// ─── Hygiene: embedding backfill (orphaned but handler-wired) ───
+SESSION_BACKFILL_EMBEDDINGS_TOOL, 
 // ─── Phase 2: GDPR Memory Deletion tool definition ───
 SESSION_FORGET_MEMORY_TOOL, 
 // ─── Phase 2: GDPR Export tool definition ───
@@ -199,6 +201,7 @@ function buildSessionMemoryTools(autoloadList) {
         SESSION_VIEW_IMAGE_TOOL, // session_view_image — retrieve image from vault (v2.0)
         // ─── v2.2.0: Health Check tool ───
         SESSION_HEALTH_CHECK_TOOL, // session_health_check — brain integrity checker (v2.2.0)
+        SESSION_BACKFILL_EMBEDDINGS_TOOL, // session_backfill_embeddings — repair NULL embeddings (handler+route already wired)
         // ─── Phase 2: GDPR Memory Deletion tool ───
         SESSION_FORGET_MEMORY_TOOL, // session_forget_memory — GDPR-compliant memory deletion (Phase 2)
         // ─── v3.1: TTL Retention tool ───
@@ -1062,6 +1065,73 @@ export function createSandboxServer() {
  * responses to stdout. Log messages go to stderr.
  */
 export async function startServer() {
+    // Stale-dist guard. Catches the failure mode where src/ commits land but
+    // `npm run build` is skipped, so Claude Desktop runs an outdated
+    // dist/server.js (silent — tool fixes invisible in the running binary).
+    // Read-only probe; safe to run before acquireLock(). No-ops in npm
+    // installs where src/ isn't shipped alongside dist/.
+    try {
+        const { statSync, readdirSync, existsSync, readFileSync } = await import("fs");
+        const { dirname, join, basename } = await import("path");
+        const { fileURLToPath } = await import("url");
+        // Derive layout from package.json so we don't hardcode "src" / "server.js"
+        // / "node_modules". Falls back to sane defaults only if package.json is
+        // missing (e.g. in unusual install layouts).
+        const here = dirname(fileURLToPath(import.meta.url));
+        const repoRoot = join(here, "..");
+        let distEntry = "server.js";
+        let srcSubdir = "src";
+        const skipDirPrefixes = ["."]; // dotfile dirs (.git, .cache, …)
+        const skipDirNames = new Set(["node_modules"]); // npm convention
+        try {
+            const pkg = JSON.parse(readFileSync(join(repoRoot, "package.json"), "utf8"));
+            if (typeof pkg.main === "string" && pkg.main.length > 0) {
+                distEntry = basename(pkg.main);
+            }
+        }
+        catch { /* keep fallback */ }
+        try {
+            const tsconfig = JSON.parse(readFileSync(join(repoRoot, "tsconfig.json"), "utf8"));
+            const rootDir = tsconfig?.compilerOptions?.rootDir;
+            if (typeof rootDir === "string" && rootDir.length > 0) {
+                srcSubdir = rootDir.replace(/^\.\//, "");
+            }
+        }
+        catch { /* keep fallback */ }
+        const distPath = join(here, distEntry);
+        const srcDir = join(repoRoot, srcSubdir);
+        if (existsSync(distPath) && existsSync(srcDir)) {
+            const distMtime = statSync(distPath).mtimeMs;
+            const walk = (d) => {
+                let newest = 0;
+                for (const e of readdirSync(d, { withFileTypes: true })) {
+                    if (e.isDirectory()) {
+                        if (skipDirNames.has(e.name))
+                            continue;
+                        if (skipDirPrefixes.some(p => e.name.startsWith(p)))
+                            continue;
+                        newest = Math.max(newest, walk(join(d, e.name)));
+                    }
+                    else if (e.isFile()) {
+                        newest = Math.max(newest, statSync(join(d, e.name)).mtimeMs);
+                    }
+                }
+                return newest;
+            };
+            const srcMtime = walk(srcDir);
+            if (srcMtime > distMtime) {
+                const msPerDay = 24 * 60 * 60 * 1000;
+                const lagDays = Math.round((srcMtime - distMtime) / msPerDay);
+                const bar = "═".repeat(72);
+                console.error(`\n${bar}\n[Prism] ⚠️  STALE DIST — ${srcSubdir}/ is ${lagDays}d newer than ${distEntry}\n` +
+                    `[Prism]    Running binary may be missing fixes/tools.\n` +
+                    `[Prism]    Fix: cd ${repoRoot} && npm run build, then restart Claude Desktop.\n${bar}\n`);
+            }
+        }
+    }
+    catch {
+        // Never block server boot on the freshness probe.
+    }
     // MUST BE FIRST: Kill any zombie processes and acquire the singleton PID lock
     // before touching SQLite. This prevents lock contention on prism-config.db.
     acquireLock();

package/dist/storage/portalContracts.js

@@ -0,0 +1,42 @@
+/**
+ * Portal wire contracts — Zod schemas for every action payload that
+ * prism-mcp-server sends to or receives from the Synalux portal.
+ *
+ * WHY THIS FILE EXISTS:
+ *   The 2026-05-24 incident: `knowledge_search` sent `queryText` but
+ *   the portal expected `query`. Both sides had passing unit tests
+ *   because each test was written to match its own implementation,
+ *   not the shared wire contract. This file is the single source of
+ *   truth for that contract. A field rename here is a compile error
+ *   in synalux.ts AND a schema-validation failure in route.ts —
+ *   forcing both sides to update together.
+ *
+ * ADDING A NEW ACTION:
+ *   1. Add RequestSchema + ResponseSchema below.
+ *   2. Import and validate in synalux.ts (outgoing) + route.ts (incoming).
+ *   3. Add a schema-contract test in synalux-portal-contract.test.ts.
+ */
+import { z } from "zod";
+// ─── knowledge_search ────────────────────────────────────────────
+export const KnowledgeSearchRequestSchema = z.object({
+    action: z.literal("knowledge_search"),
+    project: z.string().optional(),
+    keywords: z.array(z.string()).default([]),
+    category: z.string().optional(),
+    /** Free-text filter applied via Postgres textSearch on summary.
+     *  WIRE NAME: `query` — NOT `queryText` (incident 2026-05-24). */
+    query: z.string().optional(),
+    limit: z.number().int().min(1).max(50).default(10),
+    role: z.string().optional(),
+    /** 'user' returns only the caller's entries; 'workspace' broadens to all
+     *  workspace_members rows after server-side membership verification.
+     *  Optional with no default — the portal applies its own default (currently
+     *  'user') so this schema doesn't impose a policy on the wire format. */
+    scope: z.enum(["user", "workspace"]).optional(),
+});
+export const KnowledgeSearchResponseSchema = z.object({
+    status: z.literal("success"),
+    action: z.literal("knowledge_search"),
+    count: z.number(),
+    results: z.array(z.record(z.string(), z.unknown())),
+});

package/dist/storage/sqlite.js

@@ -732,6 +732,16 @@ export class SqliteStorage {
     // (e.g., { project: "eq.my-app", archived_at: "is.null" }).
     // This parser converts those into SQL WHERE clauses + args so
     // handlers work identically with both Supabase and SQLite.
+    // Bug 8.1: column names in WHERE clauses are interpolated directly into SQL.
+    // Values are parameterized (safe), but an unvalidated key like
+    // "1=1 OR summary" would inject arbitrary SQL into the condition.
+    // This allowlist is the same defense-in-depth pattern used in patchLedger.
+    static ALLOWED_FILTER_COLUMNS = new Set([
+        "id", "project", "user_id", "conversation_id", "summary",
+        "archived_at", "deleted_at", "is_rollup", "role", "event_type",
+        "created_at", "updated_at", "session_date", "importance", "title",
+        "agent_name", "last_accessed_at", "confidence_score", "rollup_count",
+    ]);
     parsePostgRESTFilters(params) {
         const conditions = [];
         const args = [];
@@ -779,6 +789,12 @@ export class SqliteStorage {
                 limit = parseInt(value, 10);
                 continue;
             }
+            // Bug 8.1 guard: reject any key that isn't in the known column allowlist.
+            // Prevents SQL injection via column-name interpolation.
+            if (!SqliteStorage.ALLOWED_FILTER_COLUMNS.has(key)) {
+                throw new Error(`[SqliteStorage] parsePostgRESTFilters: rejected unknown filter column "${key}". ` +
+                    `Allowed: ${[...SqliteStorage.ALLOWED_FILTER_COLUMNS].join(", ")}`);
+            }
             // PostgREST filter operators
             if (value.startsWith("eq.")) {
                 // Handle boolean mapping: SQLite uses 0/1 for booleans

package/dist/storage/synalux.js

@@ -34,6 +34,17 @@
 import { SupabaseStorage } from "./supabase.js";
 import { debugLog } from "../utils/logger.js";
 import { PRISM_SYNALUX_BASE_URL, PRISM_SYNALUX_API_KEY } from "../config.js";
+import { KnowledgeSearchRequestSchema } from "./portalContracts.js";
+function resolveKnowledgeScope(callerScope) {
+    if (callerScope === "user" || callerScope === "workspace") {
+        return callerScope;
+    }
+    const envScope = process.env.PRISM_KNOWLEDGE_SCOPE;
+    if (envScope === "user" || envScope === "workspace") {
+        return envScope;
+    }
+    return undefined;
+}
 /** Refresh JWT this many ms before expiry to avoid edge-case 401s. */
 const JWT_REFRESH_LEEWAY_MS = 60_000;
 export class SynaluxStorage extends SupabaseStorage {
@@ -258,15 +269,19 @@ export class SynaluxStorage extends SupabaseStorage {
     // filters. Falls back to plain text search when only queryText is
     // supplied.
     async searchKnowledge(params) {
-        const result = await this.portalPost("/api/v1/prism/memory", {
+        const wireBody = KnowledgeSearchRequestSchema.parse({
             action: "knowledge_search",
             project: params.project ?? undefined,
             keywords: params.keywords ?? [],
             category: params.category ?? undefined,
-            queryText: params.queryText ?? undefined,
+            query: params.queryText ?? undefined,
             limit: params.limit ?? 10,
             role: params.role ?? undefined,
+            // Scope precedence: explicit caller param > PRISM_KNOWLEDGE_SCOPE env
+            // > undefined (portal decides). No hardcoded default here.
+            scope: resolveKnowledgeScope(params.scope),
         });
+        const result = await this.portalPost("/api/v1/prism/memory", wireBody);
         const count = typeof result.count === "number" ? result.count : 0;
         const results = Array.isArray(result.results) ? result.results : [];
         return { count, results };

package/dist/tools/graphHandlers.js

@@ -19,7 +19,6 @@ import { formatRulesBlock, applySentinelBlock } from "./commonHelpers.js";
 import { debugLog } from "../utils/logger.js";
 import { recordCognitiveRoute } from "../observability/graphMetrics.js";
 import { getStorage } from "../storage/index.js";
-import { toKeywordArray } from "../utils/keywordExtractor.js";
 import { getLLMProvider } from "../utils/llm/factory.js";
 import { getSetting } from "../storage/configStorage.js";
 // ─── Phase 1: Explainability & Memory Lineage ────────────────
@@ -67,14 +66,21 @@ export async function knowledgeSearchHandler(args) {
     debugLog(`[knowledge_search] Searching: project=${project || "all"}, query="${query || ""}", category=${category || "any"}, limit=${limit}`);
     // Phase 1: Capture total start time for latency measurement
     const totalStart = performance.now();
-    const searchKeywords = query ? toKeywordArray(query) : [];
     const storage = await getStorage();
+    // NOTE: do NOT auto-derive keywords from the free-text query. The portal
+    // applies keywords as a hard .overlaps() AND-filter; deriving them from
+    // the query (via toKeywordArray) turns "BFCL" into keywords=['bfcl']
+    // which excludes every row whose keywords[] column doesn't contain
+    // 'bfcl' — even when the summary clearly matches "BFCL" via textSearch.
+    // Free-text search must rely on textSearch alone. Callers who want a
+    // keyword overlap filter should pass keywords explicitly via a future
+    // input-schema field, not via implicit extraction.
     // Phase 1: Capture storage-specific start time to isolate DB latency
     // from keyword extraction and other overhead
     const storageStart = performance.now();
     const data = await storage.searchKnowledge({
         project: project || null,
-        keywords: searchKeywords,
+        keywords: [],
         category: category || null,
         queryText: query || null,
         limit: Math.min(limit, 50),
@@ -207,6 +213,16 @@ export async function knowledgeSearchHandler(args) {
     catch (graphErr) {
         debugLog(`[knowledge_search] Graph expansion failed (non-fatal): ${graphErr instanceof Error ? graphErr.message : String(graphErr)}`);
     }
+    // Machine-readable evidence snippets for direct pass-through to prism_infer
+    if (data.results && Array.isArray(data.results) && data.results.length > 0) {
+        const evidenceSnippets = data.results.map((r, i) => ({
+            source: `knowledge_search:${r.id ?? i}`,
+            content: (r.content ?? r.summary ?? r.text ?? "").slice(0, 1000),
+        })).filter((s) => s.content);
+        if (evidenceSnippets.length > 0) {
+            contentBlocks.push({ type: "text", text: JSON.stringify({ evidence_snippets: evidenceSnippets }) });
+        }
+    }
     return { content: contentBlocks, isError: false };
 }
 export async function knowledgeForgetHandler(args) {
@@ -553,6 +569,16 @@ export async function sessionSearchMemoryHandler(args) {
             });
             contentBlocks.push(traceToContentBlock(trace));
         }
+        // Machine-readable evidence snippets for direct pass-through to prism_infer
+        {
+            const evidenceSnippets = results.map((r, i) => ({
+                source: `session_search_memory:${r.id ?? i}`,
+                content: (r.summary ?? "").slice(0, 1000),
+            })).filter((s) => s.content);
+            if (evidenceSnippets.length > 0) {
+                contentBlocks.push({ type: "text", text: JSON.stringify({ evidence_snippets: evidenceSnippets }) });
+            }
+        }
         // ── v6.0 Phase 3: 1-Hop Graph Expansion ──────────────────
         // After direct hits, traverse outbound links from each result to
         // find associated memories. Graph-expanded results are BONUS — they

package/dist/tools/index.js

@@ -26,7 +26,7 @@ export { webSearchHandler, braveWebSearchCodeModeHandler, localSearchHandler, br
 // This file always exports them — server.ts decides whether to include them in the tool list.
 //
 // v0.4.0: Added SESSION_COMPACT_LEDGER_TOOL and SESSION_SEARCH_MEMORY_TOOL
-export { SESSION_SAVE_LEDGER_TOOL, SESSION_SAVE_HANDOFF_TOOL, SESSION_LOAD_CONTEXT_TOOL, KNOWLEDGE_SEARCH_TOOL, KNOWLEDGE_FORGET_TOOL, SESSION_COMPACT_LEDGER_TOOL, SESSION_SEARCH_MEMORY_TOOL, MEMORY_HISTORY_TOOL, MEMORY_CHECKOUT_TOOL, SESSION_SAVE_IMAGE_TOOL, SESSION_VIEW_IMAGE_TOOL, SESSION_HEALTH_CHECK_TOOL, SESSION_FORGET_MEMORY_TOOL, SESSION_EXPORT_MEMORY_TOOL, KNOWLEDGE_SET_RETENTION_TOOL, SESSION_SAVE_EXPERIENCE_TOOL, KNOWLEDGE_UPVOTE_TOOL, KNOWLEDGE_DOWNVOTE_TOOL, KNOWLEDGE_SYNC_RULES_TOOL, DEEP_STORAGE_PURGE_TOOL, SESSION_INTUITIVE_RECALL_TOOL, SESSION_BACKFILL_LINKS_TOOL, MAINTENANCE_VACUUM_TOOL, isDeepStoragePurgeArgs, SESSION_SYNTHESIZE_EDGES_TOOL, isSessionSynthesizeEdgesArgs, SESSION_COGNITIVE_ROUTE_TOOL, isSessionCognitiveRouteArgs, SESSION_TASK_ROUTE_TOOL, isSessionTaskRouteArgs, ONBOARDING_WIZARD_TOOL, EXTRACT_ENTITIES_TOOL, API_ANALYTICS_TOOL, BACKUP_DATABASE_TOOL, CONFIGURE_NOTIFICATIONS_TOOL, QUERY_MEMORY_NATURAL_TOOL } from "./sessionMemoryDefinitions.js";
+export { SESSION_SAVE_LEDGER_TOOL, SESSION_SAVE_HANDOFF_TOOL, SESSION_LOAD_CONTEXT_TOOL, KNOWLEDGE_SEARCH_TOOL, KNOWLEDGE_FORGET_TOOL, SESSION_COMPACT_LEDGER_TOOL, SESSION_SEARCH_MEMORY_TOOL, MEMORY_HISTORY_TOOL, MEMORY_CHECKOUT_TOOL, SESSION_SAVE_IMAGE_TOOL, SESSION_VIEW_IMAGE_TOOL, SESSION_HEALTH_CHECK_TOOL, SESSION_BACKFILL_EMBEDDINGS_TOOL, SESSION_FORGET_MEMORY_TOOL, SESSION_EXPORT_MEMORY_TOOL, KNOWLEDGE_SET_RETENTION_TOOL, SESSION_SAVE_EXPERIENCE_TOOL, KNOWLEDGE_UPVOTE_TOOL, KNOWLEDGE_DOWNVOTE_TOOL, KNOWLEDGE_SYNC_RULES_TOOL, DEEP_STORAGE_PURGE_TOOL, SESSION_INTUITIVE_RECALL_TOOL, SESSION_BACKFILL_LINKS_TOOL, MAINTENANCE_VACUUM_TOOL, isDeepStoragePurgeArgs, SESSION_SYNTHESIZE_EDGES_TOOL, isSessionSynthesizeEdgesArgs, SESSION_COGNITIVE_ROUTE_TOOL, isSessionCognitiveRouteArgs, SESSION_TASK_ROUTE_TOOL, isSessionTaskRouteArgs, ONBOARDING_WIZARD_TOOL, EXTRACT_ENTITIES_TOOL, API_ANALYTICS_TOOL, BACKUP_DATABASE_TOOL, CONFIGURE_NOTIFICATIONS_TOOL, QUERY_MEMORY_NATURAL_TOOL } from "./sessionMemoryDefinitions.js";
 // 1. Ledger (Core CRUD & State)
 export { sessionSaveLedgerHandler, sessionSaveHandoffHandler, sessionLoadContextHandler, sessionSaveExperienceHandler, sessionSaveImageHandler, sessionViewImageHandler, memoryHistoryHandler, memoryCheckoutHandler, sessionForgetMemoryHandler, sessionExportMemoryHandler } from "./ledgerHandlers.js";
 // 2. Graph (Semantic Search & Weighting)

package/dist/tools/prismInferHandler.js

@@ -24,6 +24,7 @@ import { getSynaluxJwt, invalidateSynaluxJwt } from "../utils/synaluxJwt.js";
 import { getAvailableMemoryBytes } from "../utils/availableMemory.js";
 import { PRISM_SYNALUX_BASE_URL, PRISM_LOCAL_LLM_URL, } from "../config.js";
 import { debugLog } from "../utils/logger.js";
+import { verifyGrounding } from "../utils/groundingVerifier.js";
 // ─── Tool Definition ────────────────────────────────────────────
 export const PRISM_INFER_TOOL = {
     name: "prism_infer",
@@ -69,6 +70,37 @@ export const PRISM_INFER_TOOL = {
                 type: "number",
                 description: "Override per-call timeout. Default scales with model size: 32B=120s, 14B=60s, 8B=30s, 1.7B=15s.",
             },
+            evidence: {
+                type: "array",
+                description: "Optional evidence snippets the model output must be grounded in. " +
+                    "When supplied with `verify: true`, every assertive claim in the draft " +
+                    "(numbers, names, dates, codes, $ amounts) must be ENTAILED by one of " +
+                    "these snippets or the draft is refused.",
+                items: {
+                    type: "object",
+                    properties: {
+                        source: { type: "string", description: "Label for the snippet (e.g. 'tool:knowledge_search#3')." },
+                        content: { type: "string", description: "The evidence text itself." },
+                    },
+                    required: ["source", "content"],
+                },
+            },
+            verify: {
+                type: "boolean",
+                description: "Enable the L3 grounding verifier. Default: true when `evidence` is provided, " +
+                    "false otherwise. When enabled, the model's draft is checked by a different model " +
+                    "(prism-coder:1b7 by default) against the supplied `evidence`. Drafts with " +
+                    "NEUTRAL or CONTRADICTED claims are refused.",
+            },
+            verifier_model: {
+                type: "string",
+                description: "Override the verifier model. Default: prism-coder:1b7.",
+            },
+            verifier_timeout_ms: {
+                type: "number",
+                description: "Override the verifier hard timeout. Default 2000 ms.",
+                default: 2000,
+            },
         },
         required: ["prompt"],
     },
@@ -92,6 +124,23 @@ export function isPrismInferArgs(args) {
     if (a.model_ceiling !== undefined &&
         !["32b", "14b", "8b", "1b7"].includes(a.model_ceiling))
         return false;
+    if (a.verify !== undefined && typeof a.verify !== "boolean")
+        return false;
+    if (a.verifier_model !== undefined && typeof a.verifier_model !== "string")
+        return false;
+    if (a.verifier_timeout_ms !== undefined && typeof a.verifier_timeout_ms !== "number")
+        return false;
+    if (a.evidence !== undefined) {
+        if (!Array.isArray(a.evidence))
+            return false;
+        for (const e of a.evidence) {
+            if (!e || typeof e !== "object")
+                return false;
+            const es = e;
+            if (typeof es.source !== "string" || typeof es.content !== "string")
+                return false;
+        }
+    }
     return true;
 }
 // ─── Ollama helpers ────────────────────────────────────────────
@@ -269,15 +318,14 @@ export async function runInfer(args, deps) {
             const timeout = args.timeout_ms ?? DEFAULT_TIMEOUTS[tier.tag] ?? 60_000;
             const result = await deps.callLocal(deps.ollamaUrl, ollamaName, args.prompt, args.system, maxTokens, temperature, timeout);
             if (result.ok) {
-                return {
-                    output: result.text,
+                return await applyVerification(result.text, args, deps, {
                     backend: `ollama-${tier.tag.replace("prism-coder:", "")}`,
                     model_picked: tier.tag,
                     ram_free_mb: ramFreeMb,
                     latency_ms: Date.now() - t0,
                     used_cloud: false,
                     attempts,
-                };
+                });
             }
             attempts.push({ tier: tier.tag, reason: result.reason });
         }
@@ -292,15 +340,14 @@ export async function runInfer(args, deps) {
         const cloudTimeout = args.timeout_ms ?? 90_000;
         const cloud = await deps.callCloud(args.prompt, maxTokens, cloudTimeout);
         if (cloud.ok && cloud.output) {
-            return {
-                output: cloud.output,
+            return await applyVerification(cloud.output, args, deps, {
                 backend: cloud.backend ?? "synalux",
                 model_picked: null,
                 ram_free_mb: ramFreeMb,
                 latency_ms: Date.now() - t0,
                 used_cloud: true,
                 attempts,
-            };
+            });
         }
         attempts.push({ tier: "synalux", reason: cloud.reason ?? "unknown" });
     }
@@ -312,6 +359,36 @@ export async function runInfer(args, deps) {
     err.attempts = attempts;
     throw err;
 }
+/**
+ * Wraps a successful inference result with the L3 grounding verifier
+ * when the caller opted in via `verify: true`. The verifier substitutes
+ * the model's draft with a refusal string if any claim is not entailed
+ * by the supplied evidence; we surface that as a non-null `verification`
+ * field so callers can route refusals separately from successes.
+ */
+async function applyVerification(draft, args, deps, partial) {
+    const shouldVerify = args.verify ?? (args.evidence !== undefined && args.evidence.length > 0);
+    if (!shouldVerify) {
+        return { ...partial, output: draft };
+    }
+    const verifier = deps.callVerifier ?? verifyGrounding;
+    const outcome = await verifier({
+        draft,
+        evidence: args.evidence ?? [],
+        verifierModel: args.verifier_model,
+        timeoutMs: args.verifier_timeout_ms,
+        ollamaUrl: deps.ollamaUrl,
+    });
+    return {
+        ...partial,
+        output: outcome.finalText,
+        verification: {
+            action: outcome.action,
+            verifierChain: outcome.verifierChain,
+            refusalClaim: outcome.refusalClaim,
+        },
+    };
+}
 /**
  * MCP-shaped handler. Wraps runInfer with real deps + MCP envelope.
  */
@@ -334,6 +411,7 @@ export async function prismInferHandler(args) {
             ` free_ram=${result.ram_free_mb}MB` +
             ` latency=${result.latency_ms}ms` +
             ` used_cloud=${result.used_cloud}` +
+            (result.verification ? ` verify=${result.verification.action}` : "") +
             (result.attempts.length ? ` attempts=${JSON.stringify(result.attempts)}` : "");
         return {
             content: [

package/dist/utils/groundingVerifier.js

@@ -0,0 +1,203 @@
+/**
+ * groundingVerifier — runtime accountability for prism_infer
+ * ============================================================
+ *
+ * When a caller passes `evidence` + `verify: true` to prism_infer, this
+ * module checks that every factual claim in the model's draft is
+ * entailed by one of the evidence snippets. Sibling of synalux-portal's
+ * chat-verifier — same architecture, lighter footprint (no DB audit,
+ * stateless MCP), pointed at free-form generation instead of tool-call
+ * responses.
+ *
+ * Cascade role: prism-coder:1b7 is the default verifier on every
+ * device (server, iPad). Larger tiers (8B/14B/32B) draft; 1b7 verifies.
+ * Different model from the drafter — satisfies the Patronus rule.
+ *
+ * Failure modes:
+ *   - Verifier model unreachable / timeout → fail-closed refusal
+ *   - Verifier returns malformed JSON → fail-closed refusal
+ *   - NEUTRAL or CONTRADICTED claim → fail-closed refusal that names
+ *     the failed claim
+ *
+ * The refusal text always names which claim couldn't be grounded so
+ * the calling agent can decide whether to retry with more evidence or
+ * fall back to cloud.
+ */
+import { PRISM_LOCAL_LLM_URL } from "../config.js";
+// ─── Pre-checks ─────────────────────────────────────────────────────────
+const ASSERTIVE_RX = /\b(?:\d{1,5}|[A-Z]\d{2}\.\d|ICD-?10|CPT|\$\d|\d{4}-\d{2}-\d{2}|[A-Z][a-z]{2,}\s+[A-Z][a-z]{2,})\b/;
+/**
+ * Returns true when the draft makes at least one assertion that could be
+ * fabricated — numbers, dates, ICD/CPT codes, two-word names, dollar
+ * amounts. Conversational replies skip the verifier entirely.
+ */
+export function draftHasAssertiveClaims(draft) {
+    if (!draft)
+        return false;
+    return ASSERTIVE_RX.test(draft);
+}
+// ─── Verifier prompt (grammar-constrained JSON) ─────────────────────────
+const VERIFIER_SYSTEM_PROMPT = `You are a strict factual-grounding verifier. Your job is to REJECT ungrounded claims.
+Given EVIDENCE (one or more text snippets) and DRAFT_ANSWER, find every
+factual claim (counts, names, dates, codes, dollar amounts) and assign:
+
+  ENTAILED     — the EXACT value appears verbatim in EVIDENCE text, or is an
+                 arithmetic identity (e.g. "3" and "three"). STRICT: if you
+                 must infer, estimate, or extrapolate, it is NOT ENTAILED.
+  CONTRADICTED — the claim states a DIFFERENT value than what EVIDENCE says
+                 for the same fact.
+  NEUTRAL      — the claim is not addressed in EVIDENCE at all.
+
+CRITICAL DEFAULT RULE: when in doubt, use NEUTRAL — never guess ENTAILED.
+Prefer false negatives over false positives. If the evidence does not
+explicitly state the value, it is NEUTRAL.
+
+Do NOT report opinions, refusals, or hedges as claims. Conversational
+phrasing ("Hello", "I can help") is not a claim.
+
+Output JSON only — no prose, no apology.`;
+const VERIFIER_JSON_SCHEMA = {
+    type: "object",
+    properties: {
+        claims: {
+            type: "array",
+            items: {
+                type: "object",
+                properties: {
+                    text: { type: "string" },
+                    verdict: { type: "string", enum: ["ENTAILED", "NEUTRAL", "CONTRADICTED"] },
+                    evidence_span: { type: ["string", "null"] },
+                },
+                required: ["text", "verdict", "evidence_span"],
+                additionalProperties: false,
+            },
+        },
+    },
+    required: ["claims"],
+    additionalProperties: false,
+};
+// ─── Refusal text ───────────────────────────────────────────────────────
+function refusalText(action, failedClaim) {
+    switch (action) {
+        case "refused_fabricated":
+            return `I can't ground "${failedClaim}" in the evidence provided. ` +
+                "If this claim is correct, supply the supporting source as evidence and retry.";
+        case "refused_no_evidence":
+            return `I can't ground "${failedClaim}" — no evidence was provided this turn. ` +
+                "Provide evidence snippets via the `evidence` argument and retry.";
+        case "refused_timeout":
+            return `I couldn't verify "${failedClaim}" within the allowed time. ` +
+                "The verifier model may be cold-loading; try again in a moment.";
+        case "served":
+            return ""; // unreachable
+    }
+}
+export async function verifyGrounding(opts) {
+    const verifierModel = opts.verifierModel ?? "prism-coder:1b7";
+    const timeoutMs = opts.timeoutMs ?? 2000;
+    const ollamaUrl = opts.ollamaUrl ?? PRISM_LOCAL_LLM_URL;
+    const fetchImpl = opts.fetchImpl ?? fetch;
+    const verifierChain = [];
+    // Tier 0 — conversational drafts skip the verifier entirely.
+    if (!draftHasAssertiveClaims(opts.draft)) {
+        return {
+            action: "served",
+            finalText: opts.draft,
+            claims: [],
+            verifierChain,
+        };
+    }
+    // Tier 0a — assertive draft with NO evidence is fail-closed:
+    // the model is making claims it cannot back up.
+    if (opts.evidence.length === 0) {
+        const claim = firstAssertiveSpan(opts.draft);
+        return {
+            action: "refused_no_evidence",
+            finalText: refusalText("refused_no_evidence", claim),
+            claims: [{ claim, verdict: "NEUTRAL", evidence_span: null }],
+            verifierChain,
+            refusalClaim: claim,
+        };
+    }
+    // Tier 2 — NLI verifier call.
+    const t0 = Date.now();
+    const evidenceText = opts.evidence
+        .map((e, i) => `[${i}] ${e.source}\n${e.content}`)
+        .join("\n\n");
+    const payload = {
+        model: verifierModel,
+        messages: [
+            { role: "system", content: VERIFIER_SYSTEM_PROMPT },
+            { role: "user", content: `EVIDENCE:\n${evidenceText}\n\nDRAFT_ANSWER:\n${opts.draft}` },
+        ],
+        stream: false,
+        response_format: {
+            type: "json_schema",
+            json_schema: { name: "verifier", schema: VERIFIER_JSON_SCHEMA, strict: true },
+        },
+        temperature: 0,
+    };
+    let parsedClaims = null;
+    try {
+        const res = await fetchImpl(`${ollamaUrl}/v1/chat/completions`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(payload),
+            signal: AbortSignal.timeout(timeoutMs),
+        });
+        if (!res.ok)
+            throw new Error(`HTTP ${res.status}`);
+        const data = (await res.json());
+        const content = data?.choices?.[0]?.message?.content;
+        if (typeof content !== "string")
+            throw new Error("no content");
+        const parsed = JSON.parse(content);
+        if (!parsed || !Array.isArray(parsed.claims))
+            throw new Error("malformed");
+        parsedClaims = parsed.claims.map((c) => ({
+            claim: String(c.text ?? ""),
+            verdict: ["ENTAILED", "NEUTRAL", "CONTRADICTED"].includes(c.verdict)
+                ? c.verdict
+                : "NEUTRAL",
+            evidence_span: typeof c.evidence_span === "string" ? c.evidence_span : null,
+        }));
+    }
+    catch {
+        const latencyMs = Date.now() - t0;
+        verifierChain.push({ model: verifierModel, verdict: "NEUTRAL", latencyMs });
+        const claim = firstAssertiveSpan(opts.draft);
+        return {
+            action: "refused_timeout",
+            finalText: refusalText("refused_timeout", claim),
+            claims: [{ claim, verdict: "NEUTRAL", evidence_span: null }],
+            verifierChain,
+            refusalClaim: claim,
+        };
+    }
+    const latencyMs = Date.now() - t0;
+    const failing = parsedClaims.find(c => c.verdict !== "ENTAILED");
+    const rollup = failing ? failing.verdict : "ENTAILED";
+    verifierChain.push({ model: verifierModel, verdict: rollup, latencyMs });
+    if (failing) {
+        return {
+            action: "refused_fabricated",
+            finalText: refusalText("refused_fabricated", failing.claim),
+            claims: parsedClaims,
+            verifierChain,
+            refusalClaim: failing.claim,
+        };
+    }
+    return {
+        action: "served",
+        finalText: opts.draft,
+        claims: parsedClaims,
+        verifierChain,
+    };
+}
+// ─── helpers ────────────────────────────────────────────────────────────
+function firstAssertiveSpan(draft) {
+    const m = draft.match(ASSERTIVE_RX);
+    if (m)
+        return m[0];
+    return draft.slice(0, 80);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prism-mcp-server",
-  "version": "15.5.1",
+  "version": "15.6.0",
   "mcpName": "io.github.dcostenco/prism-coder",
   "description": "Prism Coder — Cognitive memory + tool-calling intelligence for AI agents. Mind Palace persistent memory (BFCL Gold Certified, 100% Tool-Call Accuracy, 54 Agent Skills, Zero-Search HDC/HRR retrieval, HIPAA-hardened local-first storage, SLERP-optimized GRPO alignment) plus the prism-coder:7b / 14b open-weights LLM fleet.",
   "module": "index.ts",