prism-mcp-server 15.7.3 → 16.0.0

package/README.md

@@ -124,53 +124,78 @@ Three entry points:
 
 See [KNOWLEDGE_INGESTION.md](docs/KNOWLEDGE_INGESTION.md) for full setup guide.
 
-### Cost comparison
+### Routing accuracy
 
-Benchmark: 19 queries (routing + code knowledge + clinical), May 2026:
+**Head-to-head: prism-coder:14b vs Claude Opus** (25-case benchmark, production system prompt, May 2026):
 
-| Architecture | Routing | Code Knowledge | Clinical | Annual Cost (1K/day) |
-|---|---|---|---|---|
-| **Prism cascade** (14b→RAG→Sonnet) | 100% (local) | RAG-powered | Sonnet | **~$330/yr** |
-| Claude Opus for everything | ~30% (no tools) | Training data | Opus | ~$10,600/yr |
+| Metric | prism-coder:14b | Claude Opus 4 |
+|---|---|---|
+| **Overall accuracy** | **96% (24/25)** | 88% (22/25) |
+| **Tool routing** (15 tests) | **93% (14/15)** | 80% (12/15) |
+| **Abstention** (10 tests) | **100% (10/10)** | **100% (10/10)** |
+| **Avg latency** | **0.8s** | 5.5s |
+| **Cost per query** | **$0** | ~$0.017 |
+| **Annual @ 1K/day** | **$0** | ~$6,100 |
 
-**84% cost savings.** Routing is free and 100% accurate. Cloud only for the 20% of queries that need deep reasoning.
+prism-coder:14b beats Opus on tool routing — 7x faster, free, runs offline.
 
-The routing cascade validates each response against the known tool names and escalates on empty, truncated, or hallucinated tool calls.
+**eval_300** (300 cases, 17 tools + NO_TOOL, 9 categories, 3-seed validated):
 
-**Routing accuracy** ([102-case Prism eval](tests/benchmarks/prism-routing-100/README.md), v36/v7 system prompt, 3-seed mean, May 2026):
+| Model | eval_300 strict | Size | Latency |
+|---|---|---|---|
+| **prism-coder:32b** | **300/300 (100%)** | 19 GB | ~1.4s |
+| **prism-coder:14b** | **299/300 (99.7%)** | 9 GB | ~0.8s |
+| **prism-coder:4b** | **300/300 (100%)** | 2.5 GB | ~0.5s |
+| **prism-coder:1.7b** | **300/300 (100%)** | 2.2 GB | ~1.6s |
 
-| Model | Accuracy | Cost/req | Latency | Runs on | AAC | Edge cases |
-|---|---|---|---|---|---|---|
-| Claude Sonnet 4 | **99%** | ~$0.01 | 3.2s | Cloud | 100% | 83% |
-| **prism-coder:32b** swe14 | **100.0%** | **$0** | 1.4s | Mac 24GB+ | **100%** | **100%** |
-| **prism-coder:8b** v36 | **100.0%** | **$0** | **0.8s** | iPhone/iPad 8GB | **100%** | **100%** |
-| **prism-coder:14b** v36 | **100.0%** | **$0** | **1.1s** | Mac 24GB+ / iPad Pro 16GB | **100%** | **100%** |
-| Claude Opus 4.7 | **98.3%** | ~$0.05 | 3.0s | Cloud | 100% | 83% |
-| **prism-coder:1.7b** v42 | **100.0%** | **$0** | 1.6s | Any device | **100%** | **100%** |
-| **14B→32B cascade** | **100.0%** | **~$0** | ~1.1s¹ | Mac 24GB+ | **100%** | **100%** |
+Categories: abstention, adversarial traps, cascade, disambiguation, edge cases, multi-intent, natural phrasing, parameter extraction, verifier prompts.
 
-¹ ~99% of requests served by 14B at 1.1s; 32B for the ~1% 14B misses.
+**What this means**: a child in a hospital without WiFi, a nonverbal adult on an airplane, or a family on a budget gets Claude-grade routing accuracy with zero cloud dependency — the AAC path routes correctly **100% of the time across all tiers**.
 
-**Extended eval — eval_300** (300 cases, 17 tools + NO_TOOL, 9 categories, 3-seed validated, May 2026):
+**What it does NOT mean**: these scores measure routing precision on a 17-tool taxonomy, not general intelligence. Claude outperforms on everything outside this task. The value is **offline reliability at zero cost**, not replacing Claude. Code and clinical knowledge come from RAG via `knowledge_search`.
 
-| Model | eval_300 strict | Categories |
-|---|---|---|
-| **prism-coder:32b** swe14 | **300/300 (100%)** | abstention 20/20, adversarial 70/70, cascade 25/25, disambiguation 40/40, edge_case 25/25, multi_intent 20/20, natural_phrasing 50/50, param_extraction 25/25, verifier 25/25 |
-| **prism-coder:14b** s17 | **299/300 (99.7%)** | 1 failure in adversarial_trap |
+### 🔍 L3 Grounding Verifier
+When `prism_infer` receives an `evidence` payload, the grounding verifier automatically checks the model's response against the provided evidence before returning to the caller. Unverified or hallucinated claims are flagged. This is the third layer (L3) of the cascade — after tool routing (L1) and confidence gating (L2).
 
-The eval_300 suite covers natural phrasing, adversarial traps (CS/meta questions that should NOT trigger tools), disambiguation between similar tools, edge cases (single-word prompts), multi-intent cascades, parameter extraction, and verifier-style prompts.
+### ⚡ Zero-search retrieval *(new in v15.8)*
+Holographic Reduced Representations (HRR) via Rust WASM for instant memory retrieval without a database query.
 
-**Why this matters for a life-critical AAC app**: a child in a hospital without WiFi, a nonverbal adult on an airplane, or a family on a budget gets Claude-grade routing accuracy with zero cloud dependency — and the AAC path (expressing pain, asking for help) routes correctly **100% of the time across all tiers and all seeds tested**.
+**Three adaptive strategies:**
+- **GloVe embeddings** (offline, 50K words) — 87% Top-1 accuracy, stable at 200+ concepts
+- **API embeddings** (Gemini/Voyage) — 90%+ accuracy when online
+- **NeurIPS 2021 projection** — unit-modulus normalization for numerical stability
 
-**What it does NOT mean**: these scores measure routing precision on a narrow 6-tool taxonomy, not general intelligence. Claude outperforms these models on everything outside this task. The value is **offline reliability at zero cost**, not replacing Claude.
+**Retrieval cascade:** HRR (~0.2ms) → FTS5 (~50ms) → Supabase (~200ms)
 
-> **The prompt engineering breakthrough**: Q4_K_M quantized models confuse semantically similar tool names when routing rules use plain keyword lists. Two structural fixes eliminated all confusion: (1) replacing `-> plain text` with `-> respond directly (no tool)`, and (2) adding category labels (`CONVERSATION RECALL:` / `SAVED KNOWLEDGE:`) as semantic anchors stronger than keyword matching. Combined effect: 14B went from 87% → 100% on the 102-case Prism eval (v36/v7 system prompt, 3-seed mean).
+| Metric | HRR (WASM) | FTS5 | Supabase Vector |
+|--------|-----------|------|-----------------|
+| Latency | **0.2ms** | 50ms | 200ms |
+| Speedup | **1x** | 250x slower | 1000x slower |
+| Offline | **Yes** | Yes | No |
+| Accuracy (GloVe) | **87% Top-1** | 95%+ | 95%+ |
+| Hologram size | **8KB** | Index varies | Cloud |
 
-### 🔍 L3 Grounding Verifier
-When `prism_infer` receives an `evidence` payload, the grounding verifier automatically checks the model's response against the provided evidence before returning to the caller. Unverified or hallucinated claims are flagged. This is the third layer (L3) of the cascade — after tool routing (L1) and confidence gating (L2).
+HRR acts as Tier 0 — if confidence is high, FTS5 is skipped entirely. Falls through gracefully when HRR has no match. 97 dedicated tests (72 system + 25 API/client). Built with Rust + `rustfft` + `wasm-bindgen` (229KB binary).
+
+**HRR AAC prediction benchmark** — real-world impact on Prism AAC word prediction (10 scenarios, 54 integration tests):
 
-### ⚡ Zero-search retrieval
-Holographic Reduced Representations (HRR) for instant similarity lookups without an index. ~5ms over 100K memories.
+| Scenario | Baseline Top-1 | +HRR Top-1 | Top-1 Lift | MRR Lift |
+|----------|---------------|------------|-----------|----------|
+| Core AAC phrases | 36.7% | 46.7% | **+27.3%** | +6.0% |
+| Personal vocabulary | 70.4% | 81.5% | **+15.8%** | +9.2% |
+| Mixed (all phrases) | 47.2% | 56.9% | **+20.6%** | +5.7% |
+| Cross-session recall | 80.0% | 80.0% | +0.0% | +0.0% |
+
+Top-1 = correct word is tile #1. MRR = Mean Reciprocal Rank. Zero Top-5 regressions in any scenario. HRR encodes bigrams + trigrams from every spoken phrase; probes take ~0.2ms — safe on every keystroke. All Synalux apps (clinical, AAC, PrismCoach) share HRR via the portal `/api/v1/hrr` endpoint.
+
+**Competitive comparison:**
+
+| System | Retrieval | Offline | Cost | Latency |
+|--------|-----------|---------|------|---------|
+| **Prism Coder** | **HRR + FTS5 + Supabase cascade** | **Yes** | **$0** | **0.2ms** |
+| Mem0 | Vector DB (Qdrant/Pinecone) | No | $249/mo | ~100ms |
+| Zep | Vector DB + temporal graph | No | $99/mo | ~80ms |
+| Hermes (NousResearch) | HRR + SQLite | Yes | Free | ~5ms |
 
 ### 🌐 Multi-agent Hivemind
 Multiple AI agents share the same Mind Palace. Each agent has a role (dev / qa / pm / etc.) and sees scoped context. Heartbeat + roster for coordination.
@@ -423,10 +448,32 @@ As of v14.0.0, Prism's algorithm exports are a **stable public contract** under
 | [PrismAAC](https://github.com/dcostenco/prism-aac) | Spreading-activation phrase ranking (recency × frequency × per-user history). Caregiver corrections auto-harvest into the personalization corpus via the audit-hooks postflight harvester. The on-device 7B model + this algorithm stack is what makes PrismAAC defensible. |
 | Synalux portal | Tier-aware model routing using experience bias on prior outcomes per fingerprint. HIPAA-compliant clinical scribe with on-device-first privacy guarantees. |
 
+## CLI Reference
+
+Prism Coder includes a CLI for session management, code review, and sync operations.
+
+```bash
+prism load <project>          # Load session context (same as session_load_context MCP tool)
+prism save                    # Save session state (ledger + handoff)
+prism ledger <project>        # Save a session log entry (same as session_save_ledger)
+prism handoff <project>       # Update live project state for next session
+prism push                    # Push local SQLite data to Supabase cloud
+prism sync                    # Cross-backend data synchronization
+prism search <query>          # Search code across repos (exact, regex, symbol, semantic)
+prism review <files...>       # AI code review — security, performance, style
+prism scan <files...>         # Security scan — secrets, licenses, Dockerfile
+prism dora                    # Show DORA metrics for current project
+prism scm                     # Source control, AI review, security scanning
+prism verify                  # Manage the verification harness
+prism status                  # Check verification state and config drift
+prism generate                # Bless current rubric as canonical
+prism register-models         # Alias dcostenco/prism-coder:* → prism-coder:*
+```
+
 ## Testing
 
 ```bash
-npm test                           # 1,815 test cases across 71 files (vitest)
+npm test                           # 2,418 test cases across 81 files (vitest)
 npm test -- --coverage             # coverage report
 python3 tests/benchmarks/prism-routing-100/benchmark.py --models 1b7 14b 32b
 ```
@@ -434,12 +481,16 @@ python3 tests/benchmarks/prism-routing-100/benchmark.py --models 1b7 14b 32b
 **Pinned in CI** — 327 tests enforce every constant: ACT-R decay `d=0.25`, spreading-activation hybrid score `0.7/0.3`, experience bias `MIN_SAMPLES=5` / `MAX_BIAS_CAP=0.15`, graph-metrics warning ratios `0.20 / 0.30 / 0.40`, compaction's 25KB prompt-budget. CI catches divergence automatically.
 
 **Coverage areas**:
-- HRR (Holographic Reduced Representations) edge cases + performance
-- Encrypted sync corruption recovery
+- HRR zero-search retrieval (97 tests: 3 embedding strategies, edge cases, persistence, adaptive cascade, API client, chat integration)
+- Knowledge ingestion (32 tests: chunker, Q&A gen, webhook, security, storage round-trip)
+- Prism infer cascade (110 tests: tier selection, cloud fallback, grounding verifier)
+- Compaction handler (rollup creation, concurrency guard, LLM failure)
+- Model picker (20 tests: 14b default ceiling, 4b verifier, RAM gating)
+- Storage round-trip (12 architectural guard tests preventing bypass)
 - BCBA skill integration
 - Deep storage tier
 - Dashboard rendering
-- Routing benchmarks (102-case Prism eval) — see `tests/benchmarks/prism-routing-100/`
+- Routing benchmarks (eval_300: 300 cases, 17 tools)
 
 ## Migration
 

package/dist/aba-protocol.js

@@ -70,7 +70,7 @@ export const RULE7_VSCODE = [
 ].join('\n');
 // ─── Assemblers ─────────────────────────────────────────────────
 /** Assemble the full ABA protocol for Cloud Portal */
-export function buildCloudPrompt(toolsSection) {
+function _unused_buildCloudPrompt(toolsSection) {
     return [
         toolsSection,
         '',
@@ -106,7 +106,7 @@ export function sanitizeUserInput(text) {
     return sanitizeMcpOutput(text);
 }
 /** Wrap user input in <user_input> tags after sanitization */
-export function wrapUserInput(text) {
+function _unused_wrapUserInput(text) {
     const safe = sanitizeUserInput(text);
     return `<user_input>\n${safe}\n</user_input>`;
 }

package/dist/dashboard/server.js

@@ -870,11 +870,10 @@ return false;}
                         res.writeHead(400, { "Content-Type": "application/json" });
                         return res.end(JSON.stringify({ error: "filename and content are required" }));
                     }
-                    // Write uploaded content to a temp file
-                    const tmpDir = path.join(os.tmpdir(), "prism-import");
-                    fs.mkdirSync(tmpDir, { recursive: true });
-                    const safeFilename = path.basename(filename); // prevent path traversal
-                    const tmpFile = path.join(tmpDir, `upload-${Date.now()}-${safeFilename}`);
+                    // Write uploaded content to a secure temp directory
+                    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "prism-import-"));
+                    const safeFilename = path.basename(filename).replace(/[^a-zA-Z0-9._-]/g, "_");
+                    const tmpFile = path.join(tmpDir, safeFilename);
                     fs.writeFileSync(tmpFile, content, "utf-8");
                     try {
                         const { universalImporter } = await import("../utils/universalImporter.js");

package/dist/dashboard/ui.js

@@ -1842,8 +1842,8 @@ function loadPipelines() {
             var maxIter = (p.parsedSpec && p.parsedSpec.maxIterations) ? p.parsedSpec.maxIterations : '?';
             html += '<div style="padding:0.75rem 1rem;background:rgba(15,23,42,0.6);border-radius:8px;border-left:3px solid ' + statusColor + ';">';
             html += '<div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:0.35rem">';
-            html += '<span style="font-weight:600;color:var(--text-primary)">' + emoji + ' ' + p.status + '</span>';
-            html += '<span style="font-size:0.7rem;font-family:var(--font-mono);color:var(--text-muted)">' + p.id.slice(0, 8) + '…</span>';
+            html += '<span style="font-weight:600;color:var(--text-primary)">' + emoji + ' ' + escapeHtml(p.status) + '</span>';
+            html += '<span style="font-size:0.7rem;font-family:var(--font-mono);color:var(--text-muted)">' + escapeHtml(p.id.slice(0, 8)) + '…</span>';
             html += '</div>';
             html += '<div style="font-size:0.82rem;color:var(--text-secondary);margin-bottom:0.35rem">' + escapeHtml(objective) + '</div>';
             html += '<div style="display:flex;gap:1rem;font-size:0.72rem;color:var(--text-muted);flex-wrap:wrap">';
@@ -1856,7 +1856,7 @@ function loadPipelines() {
                 html += '<div style="font-size:0.72rem;color:var(--accent-rose);margin-top:0.35rem;padding:0.3rem 0.5rem;background:rgba(244,63,94,0.08);border-radius:4px">⚠ ' + escapeHtml(p.error.slice(0, 200)) + '</div>';
             }
             if (isActive) {
-                html += '<div style="margin-top:0.5rem"><button onclick="abortPipeline(this.dataset.id)" data-id="' + p.id + '" class="cleanup-btn" style="font-size:0.72rem">🛑 Abort Pipeline</button></div>';
+                html += '<div style="margin-top:0.5rem"><button onclick="abortPipeline(this.dataset.id)" data-id=''' + escapeHtml(p.id) + ''' class="cleanup-btn" style="font-size:0.72rem">🛑 Abort Pipeline</button></div>';
             }
             html += '</div>';
         }
@@ -4021,7 +4021,7 @@ function loadSchedulerStatus() {
                         parts.push('</div>');
                         errors = [t.ttlSweep.error, t.importanceDecay.error, t.compaction.error, t.deepPurge.error].filter(Boolean);
                         if (errors.length > 0) {
-                            parts.push('<div style="color:var(--accent-rose);margin-top:0.3rem;font-size:0.7rem">⚠️ ' + errors.join(' | ') + '</div>');
+                            parts.push('<div style="color:var(--accent-rose);margin-top:0.3rem;font-size:0.7rem">⚠️ ' + errors.map(escapeHtml).join(' | ') + '</div>');
                         }
                         parts.push('</div>');
                     }
@@ -4199,7 +4199,7 @@ function loadGraphMetrics() {
                             lastRoute = m.cognitive.last_route || '—';
                             lastConcept = m.cognitive.last_concept || '(none)';
                             lastConf = m.cognitive.last_confidence !== null ? Math.round(m.cognitive.last_confidence * 100) + '%' : '—';
-                            parts.push('<br>Last: ' + lastRoute + ' → ' + lastConcept + ' (' + lastConf + ')');
+                            parts.push('<br>Last: ' + escapeHtml(lastRoute) + ' → ' + escapeHtml(lastConcept) + ' (' + lastConf + ')');
                             parts.push('<br><span style="color:var(--text-muted)">' + timeAgo(m.cognitive.last_run_at) + '</span>');
                         }
                         parts.push('</div>');

package/dist/dashboard/webhookRouter.js

@@ -18,12 +18,41 @@
 import { createHmac, timingSafeEqual } from "crypto";
 import { handleGitHubWebhook } from "../tools/ingestHandler.js";
 import { debugLog } from "../utils/logger.js";
+import { ddInfo, ddWarn } from "../utils/ddLogger.js";
 const WEBHOOK_SECRET = process.env.GITHUB_WEBHOOK_SECRET || "";
 const GITHUB_TOKEN = process.env.GITHUB_TOKEN || "";
+const PRISM_INGEST_API_KEY = process.env.PRISM_INGEST_API_KEY || "";
+const IS_PRODUCTION = process.env.NODE_ENV === "production";
+// ─── Rate Limiting (in-memory, per-IP) ─────────────────────────
+const rateLimitMap = new Map();
+const RATE_LIMIT_WINDOW_MS = 60_000;
+const RATE_LIMIT_MAX = 10;
+function checkRateLimit(ip) {
+    const now = Date.now();
+    const entry = rateLimitMap.get(ip);
+    if (!entry || now > entry.resetAt) {
+        rateLimitMap.set(ip, { count: 1, resetAt: now + RATE_LIMIT_WINDOW_MS });
+        return true;
+    }
+    entry.count++;
+    return entry.count <= RATE_LIMIT_MAX;
+}
+// Cleanup stale entries every 5 minutes
+setInterval(() => {
+    const now = Date.now();
+    for (const [ip, entry] of rateLimitMap) {
+        if (now > entry.resetAt)
+            rateLimitMap.delete(ip);
+    }
+}, 300_000);
 // ─── Signature Verification ────────────────────────────────────
 function verifySignature(payload, signature) {
     if (!WEBHOOK_SECRET) {
-        debugLog("[webhook] GITHUB_WEBHOOK_SECRET not set — accepting all requests (dev mode)");
+        if (IS_PRODUCTION) {
+            debugLog("[webhook] GITHUB_WEBHOOK_SECRET not set in production — rejecting");
+            return false;
+        }
+        debugLog("[webhook] GITHUB_WEBHOOK_SECRET not set — accepting (dev mode only)");
         return true;
     }
     if (!signature)
@@ -38,8 +67,45 @@ function verifySignature(payload, signature) {
         return false;
     }
 }
+// ─── Input Validation ──────────────────────────────────────────
+const REPO_NAME_RE = /^[a-zA-Z0-9._-]+\/[a-zA-Z0-9._-]+$/;
+const SAFE_PATH_RE = /^[a-zA-Z0-9._\-\/]+$/;
+function validateRepoName(name) {
+    return REPO_NAME_RE.test(name) && !name.includes("..");
+}
+function validateFilePath(path) {
+    return SAFE_PATH_RE.test(path) && !path.includes("..") && !path.startsWith("/");
+}
+// ─── Ingest API Auth ───────────────────────────────────────────
+function verifyIngestAuth(authHeader) {
+    if (!authHeader)
+        return false;
+    if (!PRISM_INGEST_API_KEY && !WEBHOOK_SECRET) {
+        if (IS_PRODUCTION)
+            return false;
+        return true;
+    }
+    const expectedKey = PRISM_INGEST_API_KEY || WEBHOOK_SECRET;
+    const token = authHeader.replace(/^Bearer\s+/i, "");
+    if (token.length !== expectedKey.length)
+        return false;
+    try {
+        return timingSafeEqual(Buffer.from(token), Buffer.from(expectedKey));
+    }
+    catch {
+        return false;
+    }
+}
 // ─── Fetch File Content from GitHub API ─────────────────────────
 async function fetchFileFromGitHub(repoFullName, filePath, ref) {
+    if (!validateRepoName(repoFullName)) {
+        debugLog(`[webhook] Invalid repo name rejected: ${repoFullName}`);
+        return null;
+    }
+    if (!validateFilePath(filePath)) {
+        debugLog(`[webhook] Invalid file path rejected: ${filePath}`);
+        return null;
+    }
     const headers = {
         "Accept": "application/vnd.github.v3.raw",
         "User-Agent": "prism-mcp-webhook",
@@ -48,8 +114,8 @@ async function fetchFileFromGitHub(repoFullName, filePath, ref) {
         headers["Authorization"] = `Bearer ${GITHUB_TOKEN}`;
     }
     try {
-        const url = `https://api.github.com/repos/${repoFullName}/contents/${filePath}?ref=${ref}`;
-        const res = await fetch(url, { headers });
+        const url = `https://api.github.com/repos/${encodeURIComponent(repoFullName.split("/")[0])}/${encodeURIComponent(repoFullName.split("/")[1])}/contents/${filePath.split("/").map(encodeURIComponent).join("/")}?ref=${encodeURIComponent(ref)}`;
+        const res = await fetch(url, { headers, signal: AbortSignal.timeout(10_000) });
         if (!res.ok)
             return null;
         return await res.text();
@@ -79,6 +145,13 @@ function readBody(req, maxBytes = 10_000_000) {
 export async function handleWebhookRequest(req, res, pathname) {
     // ── GitHub Webhook ─────────────────────────────────────────
     if (pathname === "/api/github/webhook" && req.method === "POST") {
+        const ip = req.headers["x-forwarded-for"]?.split(",")[0]?.trim() || req.socket?.remoteAddress || "unknown";
+        if (!checkRateLimit(`wh:${ip}`)) {
+            ddWarn("webhook.rate_limited", { ip, endpoint: "github" });
+            res.writeHead(429, { "Content-Type": "application/json", "Retry-After": "60" });
+            res.end(JSON.stringify({ error: "Rate limit exceeded" }));
+            return true;
+        }
         try {
             const body = await readBody(req);
             const signature = req.headers["x-hub-signature-256"];
@@ -89,7 +162,13 @@ export async function handleWebhookRequest(req, res, pathname) {
             }
             const event = req.headers["x-github-event"] || "unknown";
             const payload = JSON.parse(body);
-            debugLog(`[webhook] GitHub event: ${event}, repo: ${payload.repository?.full_name}`);
+            if (!payload.repository?.full_name || !validateRepoName(payload.repository.full_name)) {
+                res.writeHead(400, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({ error: "Invalid repository name" }));
+                return true;
+            }
+            debugLog(`[webhook] GitHub event: ${event}, repo: ${payload.repository.full_name}`);
+            ddInfo("webhook.github.received", { event, repo: payload.repository.full_name });
             const result = await handleGitHubWebhook(event, payload, fetchFileFromGitHub);
             res.writeHead(200, { "Content-Type": "application/json" });
             res.end(JSON.stringify(result));
@@ -98,22 +177,27 @@ export async function handleWebhookRequest(req, res, pathname) {
             const msg = err instanceof Error ? err.message : String(err);
             debugLog(`[webhook] Error: ${msg}`);
             res.writeHead(500, { "Content-Type": "application/json" });
-            res.end(JSON.stringify({ ok: false, message: msg }));
+            res.end(JSON.stringify({ ok: false, message: "Internal error" }));
         }
         return true;
     }
     // ── Generic Ingest API (open interface) ────────────────────
     if (pathname === "/api/v1/prism/ingest" && req.method === "POST") {
+        const ip = req.headers["x-forwarded-for"]?.split(",")[0]?.trim() || req.socket?.remoteAddress || "unknown";
+        if (!checkRateLimit(`ingest:${ip}`)) {
+            res.writeHead(429, { "Content-Type": "application/json", "Retry-After": "60" });
+            res.end(JSON.stringify({ error: "Rate limit exceeded" }));
+            return true;
+        }
         try {
-            const body = await readBody(req);
-            const payload = JSON.parse(body);
-            // Minimal auth: require API key or JWT in Authorization header
             const auth = req.headers["authorization"] || "";
-            if (!auth && WEBHOOK_SECRET) {
+            if (!verifyIngestAuth(auth)) {
                 res.writeHead(401, { "Content-Type": "application/json" });
-                res.end(JSON.stringify({ error: "Authorization required" }));
+                res.end(JSON.stringify({ error: "Invalid or missing API key" }));
                 return true;
             }
+            const body = await readBody(req);
+            const payload = JSON.parse(body);
             const { ingestKnowledge } = await import("../tools/ingestHandler.js");
             const result = await ingestKnowledge({
                 project: payload.project || "default",
@@ -128,7 +212,7 @@ export async function handleWebhookRequest(req, res, pathname) {
         catch (err) {
             const msg = err instanceof Error ? err.message : String(err);
             res.writeHead(500, { "Content-Type": "application/json" });
-            res.end(JSON.stringify({ ok: false, message: msg }));
+            res.end(JSON.stringify({ ok: false, message: "Internal error" }));
         }
         return true;
     }
@@ -139,14 +223,7 @@ export async function handleWebhookRequest(req, res, pathname) {
             status: "ready",
             secret_configured: !!WEBHOOK_SECRET,
             github_token_configured: !!GITHUB_TOKEN,
-            setup_instructions: {
-                step1: "Set GITHUB_WEBHOOK_SECRET environment variable",
-                step2: "In GitHub: Settings → Webhooks → Add webhook",
-                step3: "Payload URL: https://your-domain/api/github/webhook",
-                step4: "Content type: application/json",
-                step5: "Secret: (same as GITHUB_WEBHOOK_SECRET)",
-                step6: "Events: Just the push event",
-            },
+            ingest_key_configured: !!PRISM_INGEST_API_KEY,
         }));
         return true;
     }

package/dist/hivemindWatchdog.js

@@ -66,7 +66,7 @@ export function drainAlerts(project) {
 /**
  * Get count of pending alerts (for testing/debugging).
  */
-export function getPendingAlertCount() {
+function _unused_getPendingAlertCount() {
     return pendingAlerts.size;
 }
 // ─── Watchdog Lifecycle ──────────────────────────────────────

package/dist/storage/configStorage.js

@@ -117,7 +117,7 @@ export async function setSetting(key, value) {
                 args: [key, value],
             });
             // Keep the cache in sync so getSettingSync() reflects the new value immediately.
-            if (settingsCache) {
+            if (settingsCache && typeof key === "string" && !["__proto__", "constructor", "prototype"].includes(key)) {
                 settingsCache[key] = value;
             }
             return; // Success — exit

package/dist/tools/commonHelpers.js

@@ -48,6 +48,8 @@ export function applySentinelBlock(existingContent, rulesBlock) {
 export function redactSettings(settings) {
     const redacted = {};
     for (const [k, v] of Object.entries(settings || {})) {
+        if (typeof k !== "string" || k === "__proto__" || k === "constructor" || k === "prototype")
+            continue;
         redacted[k] = REDACT_PATTERNS.some(p => p.test(k)) ? "**REDACTED**" : v;
     }
     return redacted;

package/dist/tools/ingestHandler.js

@@ -98,8 +98,20 @@ async function generateQAPairs(chunk, source) {
 export async function ingestKnowledge(args) {
     const { project, source_label, chunk_size = 4000, } = args;
     let content = args.content || "";
-    if (args.file_path && existsSync(args.file_path)) {
-        content = readFileSync(args.file_path, "utf-8");
+    if (args.file_path) {
+        const resolved = require("path").resolve(args.file_path);
+        const blocked = ["/etc", "/var", "/usr", "/sys", "/proc", "/dev", "/root",
+            "/.ssh", "/.env", "/.git/config", "/private/etc"].some(p => resolved.startsWith(p) || resolved.includes("/."));
+        if (blocked) {
+            return {
+                project, source: source_label || "unknown", chunks_processed: 0,
+                entries_created: 0, status: "failed",
+                errors: ["Path not allowed: system/hidden files are blocked"],
+            };
+        }
+        if (existsSync(resolved)) {
+            content = readFileSync(resolved, "utf-8");
+        }
     }
     if (!content || content.trim().length < 100) {
         return {

package/dist/tools/ledgerHandlers.js

@@ -1433,7 +1433,8 @@ export async function sessionExportMemoryHandler(args) {
             };
             // Serialize
             const ext = format === "markdown" ? "md" : format === "vault" ? "zip" : "json";
-            const filename = `prism-export-${project}-${dateSuffix}.${ext}`;
+            const safeProject = project.replace(/[^a-zA-Z0-9_-]/g, "_");
+            const filename = `prism-export-${safeProject}-${dateSuffix}.${ext}`;
             const outputPath = join(output_dir, filename);
             let content;
             if (format === "vault") {

package/dist/tools/skillRouting.js

@@ -29,7 +29,7 @@ let cached = null;
 let inflight = null;
 async function fetchOnce() {
     try {
-        const res = await fetch(`${SYNALUX_BASE}/api/v1/skills/routing`, {
+        const res = await fetch(`${SYNALUX_BASE}/.well-known/prism/skills-routing.json`, {
             headers: { Accept: 'application/json' },
             // Routing is on every session_load_context, must not block long.
             signal: AbortSignal.timeout(2_500),

package/dist/utils/analytics.js

@@ -33,7 +33,7 @@ function estimateTokens(text) {
  * Call this from server.ts after each tool handler completes.
  * Uses a write buffer to avoid per-call SQLite overhead.
  */
-export function recordInvocation(tool, project, args, response, durationMs, success, errorMessage) {
+function _unused_recordInvocation(tool, project, args, response, durationMs, success, errorMessage) {
     const invocation = {
         id: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
         tool,

package/dist/utils/ddLogger.js

@@ -0,0 +1,74 @@
+/**
+ * Datadog Server-Side Logger
+ *
+ * Sends structured logs to Datadog HTTP Logs API.
+ * No agent needed — direct HTTPS POST to intake.
+ *
+ * Env: DD_API_KEY, DD_SITE (default datadoghq.com)
+ */
+const DD_API_KEY = process.env.DD_API_KEY || "";
+const DD_SITE = process.env.DD_SITE || "datadoghq.com";
+const SERVICE = "prism-mcp";
+const INTAKE_URL = `https://http-intake.logs.${DD_SITE}/api/v2/logs`;
+const queue = [];
+let flushTimer = null;
+const FLUSH_INTERVAL_MS = 5_000;
+const MAX_BATCH = 50;
+function scheduleFlush() {
+    if (flushTimer)
+        return;
+    flushTimer = setTimeout(flush, FLUSH_INTERVAL_MS);
+}
+async function flush() {
+    flushTimer = null;
+    if (queue.length === 0 || !DD_API_KEY)
+        return;
+    const batch = queue.splice(0, MAX_BATCH);
+    try {
+        await fetch(INTAKE_URL, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "DD-API-KEY": DD_API_KEY,
+            },
+            body: JSON.stringify(batch),
+            signal: AbortSignal.timeout(5_000),
+        });
+    }
+    catch {
+        // Silent — don't crash the app if DD is unreachable
+    }
+    if (queue.length > 0)
+        scheduleFlush();
+}
+export function ddLog(level, message, context) {
+    if (!DD_API_KEY)
+        return;
+    queue.push({
+        ddsource: "nodejs",
+        ddtags: `env:${process.env.NODE_ENV || "development"},service:${SERVICE}`,
+        hostname: process.env.HOSTNAME || "prism-mcp",
+        service: SERVICE,
+        status: level,
+        message,
+        ...context,
+        timestamp: new Date().toISOString(),
+    });
+    scheduleFlush();
+}
+export function ddError(message, error, context) {
+    ddLog("error", message, {
+        ...context,
+        error: error ? {
+            message: error.message,
+            stack: error.stack?.split("\n").slice(0, 5).join("\n"),
+            name: error.name,
+        } : undefined,
+    });
+}
+export function ddInfo(message, context) {
+    ddLog("info", message, context);
+}
+export function ddWarn(message, context) {
+    ddLog("warn", message, context);
+}

package/dist/utils/llm/adapters/gemini.js

@@ -77,17 +77,67 @@ export class GeminiAdapter {
         return result.response.text();
     }
     // ─── Embedding Generation ────────────────────────────────────────────────
+    static _embeddingCache = new Map();
+    static _inflight = new Map();
+    static EMBED_CACHE_MAX = 256;
+    static EMBED_CACHE_TTL_MS = 5 * 60 * 1000;
+    getCachedEmbedding(key) {
+        const entry = GeminiAdapter._embeddingCache.get(key);
+        if (!entry)
+            return null;
+        if (Date.now() - entry.ts > GeminiAdapter.EMBED_CACHE_TTL_MS) {
+            GeminiAdapter._embeddingCache.delete(key);
+            return null;
+        }
+        // Move to tail for LRU on read
+        GeminiAdapter._embeddingCache.delete(key);
+        GeminiAdapter._embeddingCache.set(key, entry);
+        return entry.embedding;
+    }
+    setCachedEmbedding(key, embedding) {
+        // Delete-then-set moves the key to tail for correct LRU eviction
+        GeminiAdapter._embeddingCache.delete(key);
+        if (GeminiAdapter._embeddingCache.size >= GeminiAdapter.EMBED_CACHE_MAX) {
+            const oldest = GeminiAdapter._embeddingCache.keys().next().value;
+            if (oldest !== undefined)
+                GeminiAdapter._embeddingCache.delete(oldest);
+        }
+        GeminiAdapter._embeddingCache.set(key, { embedding, ts: Date.now() });
+    }
     async generateEmbedding(text) {
         // Guard: empty string would produce a useless/degenerate embedding.
         // Better to fail loudly here than store a zero-vector in the DB.
         if (!text || !text.trim()) {
             throw new Error("Cannot generate embedding for empty text.");
         }
+        const trimmedText = text.trim();
+        const cacheKey = `${trimmedText.substring(0, 500)}|L${trimmedText.length}`;
+        const cached = this.getCachedEmbedding(cacheKey);
+        if (cached) {
+            debugLog(`[GeminiAdapter] Embedding cache HIT`);
+            return cached;
+        }
+        // In-flight dedup: if another call is already generating this embedding, await it
+        const inflight = GeminiAdapter._inflight.get(cacheKey);
+        if (inflight) {
+            debugLog(`[GeminiAdapter] Embedding in-flight dedup HIT`);
+            return inflight;
+        }
+        const promise = this._generateEmbeddingImpl(trimmedText, cacheKey);
+        GeminiAdapter._inflight.set(cacheKey, promise);
+        try {
+            return await promise;
+        }
+        finally {
+            GeminiAdapter._inflight.delete(cacheKey);
+        }
+    }
+    async _generateEmbeddingImpl(inputTextRaw, cacheKey) {
         // ── Truncation Guard ───────────────────────────────────────────────────
         // gemini-embedding-001 has a ~2048 token context window.
         // Long session summaries (esp. code-heavy ones) can easily exceed this.
         // We truncate proactively rather than let the API return a 400 error.
-        let inputText = text;
+        let inputText = inputTextRaw;
         if (inputText.length > MAX_EMBEDDING_CHARS) {
             debugLog(`[GeminiAdapter] Embedding input truncated from ${inputText.length}` +
                 ` to ~${MAX_EMBEDDING_CHARS} chars (word-safe)`);
@@ -130,6 +180,7 @@ export class GeminiAdapter {
             throw new Error(`Embedding dimension mismatch: expected ${EMBEDDING_DIMS},` +
                 ` got ${values?.length ?? "unknown"}`);
         }
+        this.setCachedEmbedding(cacheKey, values);
         return values;
     }
     // ─── Image Description (VLM) ─────────────────────────────────────────────

package/dist/utils/llm/adapters/openai.js

@@ -102,18 +102,47 @@ export class OpenAIAdapter {
         return response.choices[0]?.message?.content ?? "";
     }
     // ─── Embedding Generation ────────────────────────────────────────────────
+    static _embeddingCache = new Map();
+    static _inflight = new Map();
+    static EMBED_CACHE_MAX = 256;
+    static EMBED_CACHE_TTL_MS = 5 * 60 * 1000;
     async generateEmbedding(text) {
         // Guard: empty input produces a degenerate embedding — fail loudly.
         if (!text || !text.trim()) {
             throw new Error("Cannot generate embedding for empty text.");
         }
-        // Read embedding model at call time for hot-swap support.
+        const trimmedText = text.trim();
+        const cacheKey = `${trimmedText.substring(0, 500)}|L${trimmedText.length}`;
+        const entry = OpenAIAdapter._embeddingCache.get(cacheKey);
+        if (entry && Date.now() - entry.ts < OpenAIAdapter.EMBED_CACHE_TTL_MS) {
+            debugLog(`[OpenAIAdapter] Embedding cache HIT`);
+            // Move to tail for LRU on read
+            OpenAIAdapter._embeddingCache.delete(cacheKey);
+            OpenAIAdapter._embeddingCache.set(cacheKey, entry);
+            return entry.embedding;
+        }
+        // In-flight dedup
+        const inflight = OpenAIAdapter._inflight.get(cacheKey);
+        if (inflight) {
+            debugLog(`[OpenAIAdapter] Embedding in-flight dedup HIT`);
+            return inflight;
+        }
+        const promise = this._generateEmbeddingImpl(trimmedText, cacheKey);
+        OpenAIAdapter._inflight.set(cacheKey, promise);
+        try {
+            return await promise;
+        }
+        finally {
+            OpenAIAdapter._inflight.delete(cacheKey);
+        }
+    }
+    async _generateEmbeddingImpl(inputTextRaw, cacheKey) {
         const model = getSettingSync("openai_embedding_model", "text-embedding-3-small");
         // ── Truncation Guard ───────────────────────────────────────────────────
         // text-embedding-3-small accepts up to 8191 tokens.
         // We apply the same preventive truncation as GeminiAdapter so behavior
         // is consistent regardless of which provider is active.
-        let inputText = text;
+        let inputText = inputTextRaw;
         if (inputText.length > MAX_EMBEDDING_CHARS) {
             debugLog(`[OpenAIAdapter] Embedding input truncated from ${inputText.length}` +
                 ` to ~${MAX_EMBEDDING_CHARS} chars (word-safe)`);
@@ -148,6 +177,13 @@ export class OpenAIAdapter {
                 `If using a local model, use one that natively outputs ${EMBEDDING_DIMS} dims ` +
                 `(e.g. nomic-embed-text) or supports the Matryoshka 'dimensions' parameter.`);
         }
+        OpenAIAdapter._embeddingCache.delete(cacheKey);
+        if (OpenAIAdapter._embeddingCache.size >= OpenAIAdapter.EMBED_CACHE_MAX) {
+            const oldest = OpenAIAdapter._embeddingCache.keys().next().value;
+            if (oldest !== undefined)
+                OpenAIAdapter._embeddingCache.delete(oldest);
+        }
+        OpenAIAdapter._embeddingCache.set(cacheKey, { embedding, ts: Date.now() });
         return embedding;
     }
     // ─── Image Description (VLM) ─────────────────────────────────────────────

package/dist/utils/localLlm.js

@@ -201,7 +201,7 @@ export async function callLocalLlm(userPrompt, model = PRISM_LOCAL_LLM_MODEL, sy
  *
  * @returns true if Ollama responds to /api/tags within 3 seconds.
  */
-export async function isLocalLlmAvailable() {
+async function _unused_isLocalLlmAvailable() {
     if (!PRISM_LOCAL_LLM_ENABLED)
         return false;
     try {

package/dist/utils/logger.js

@@ -1,12 +1,21 @@
 import { PRISM_DEBUG_LOGGING } from "../config.js";
+/**
+ * Sanitize a string for safe logging — strips control characters,
+ * newlines, and ANSI escape sequences that could be used for log
+ * injection or terminal escape attacks.
+ */
+function sanitizeForLog(msg) {
+    return msg
+        .replace(/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g, "") // control chars (keep \n \r \t)
+        .replace(/\r?\n/g, " ⏎ ") // newlines → visible marker
+        .replace(/\x1b\[[0-9;]*[a-zA-Z]/g, ""); // ANSI escape sequences
+}
 /**
  * Logs a message to stderr only if PRISM_DEBUG_LOGGING is true.
- * Use this for verbose traces (e.g., initialization, request tracking)
- * that should be hidden from users by default but remain available
- * for troubleshooting.
+ * Input is sanitized to prevent log injection attacks.
  */
 export function debugLog(message) {
     if (PRISM_DEBUG_LOGGING) {
-        console.error(message);
+        console.error(sanitizeForLog(message));
     }
 }

package/dist/utils/notifier.js

@@ -47,6 +47,58 @@ function meetsMinSeverity(severity) {
         SEVERITY_ORDER.indexOf(currentConfig.minSeverity));
 }
 // ─── SSRF Protection ─────────────────────────────────────────
+function isPrivateIP(ip) {
+    // Normalize: strip brackets for IPv6
+    const clean = ip.replace(/^\[|\]$/g, "").toLowerCase();
+    // IPv6 loopback and unspecified
+    if (clean === "::1" || clean === "::" || clean === "0:0:0:0:0:0:0:1" || clean === "0:0:0:0:0:0:0:0")
+        return true;
+    // IPv4-mapped IPv6 — two forms:
+    // Dotted: ::ffff:127.0.0.1 → extract IPv4 directly
+    // Hex:    ::ffff:7f00:1 (Node normalizes dotted to this) → decode hex groups
+    const v4mapped = clean.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/);
+    const v4hex = clean.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/);
+    let ipv4 = clean;
+    if (v4mapped) {
+        ipv4 = v4mapped[1];
+    }
+    else if (v4hex) {
+        const hi = parseInt(v4hex[1], 16);
+        const lo = parseInt(v4hex[2], 16);
+        ipv4 = `${(hi >> 8) & 0xff}.${hi & 0xff}.${(lo >> 8) & 0xff}.${lo & 0xff}`;
+    }
+    // Parse as IPv4 — handles decimal, but reject octal/hex by requiring standard dotted-quad
+    const parts = ipv4.split(".");
+    if (parts.length === 4) {
+        const nums = parts.map(p => {
+            if (!/^\d{1,3}$/.test(p))
+                return -1;
+            return parseInt(p, 10);
+        });
+        if (nums.every(n => n >= 0 && n <= 255)) {
+            const [a, b] = nums;
+            if (a === 0)
+                return true; // 0.0.0.0/8
+            if (a === 10)
+                return true; // 10.0.0.0/8
+            if (a === 127)
+                return true; // 127.0.0.0/8 (all loopback)
+            if (a === 172 && b >= 16 && b <= 31)
+                return true; // 172.16.0.0/12
+            if (a === 192 && b === 168)
+                return true; // 192.168.0.0/16
+            if (a === 169 && b === 254)
+                return true; // 169.254.0.0/16 link-local
+            if (a === 100 && b >= 64 && b <= 127)
+                return true; // 100.64.0.0/10 CGNAT
+        }
+    }
+    // Reject non-standard IP formats (octal 0177.0.0.1, hex 0x7f000001, decimal 2130706433)
+    // If it looks like a number or has 0x/0 prefix, block it
+    if (/^0x[0-9a-f]+$/i.test(clean) || /^0\d+$/.test(clean) || /^\d{4,}$/.test(clean))
+        return true;
+    return false;
+}
 function isAllowedUrl(url) {
     try {
         const parsed = new URL(url);
@@ -54,32 +106,22 @@ function isAllowedUrl(url) {
         if (parsed.protocol !== "http:" && parsed.protocol !== "https:")
             return false;
         const hostname = parsed.hostname.toLowerCase();
-        // Block localhost and loopback
-        if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1" || hostname === "[::1]")
+        // Block localhost variants
+        if (hostname === "localhost" || hostname === "localhost.localdomain")
             return false;
-        // Block .internal and .local TLDs
-        if (hostname.endsWith(".internal") || hostname.endsWith(".local"))
+        // Block .internal, .local, .arpa TLDs
+        if (hostname.endsWith(".internal") || hostname.endsWith(".local") || hostname.endsWith(".arpa"))
+            return false;
+        // Block private/loopback IPs (covers 0.0.0.0, 127.x, 10.x, 172.16-31.x, 192.168.x, ::1, etc.)
+        if (isPrivateIP(hostname))
+            return false;
+        // Block bracketed IPv6
+        if (hostname.startsWith("[") && isPrivateIP(hostname))
             return false;
-        // Block private IP ranges
-        const ipParts = hostname.split(".").map(Number);
-        if (ipParts.length === 4 && ipParts.every(p => Number.isFinite(p))) {
-            // 10.0.0.0/8
-            if (ipParts[0] === 10)
-                return false;
-            // 172.16.0.0/12
-            if (ipParts[0] === 172 && ipParts[1] >= 16 && ipParts[1] <= 31)
-                return false;
-            // 192.168.0.0/16
-            if (ipParts[0] === 192 && ipParts[1] === 168)
-                return false;
-            // 169.254.0.0/16 (link-local)
-            if (ipParts[0] === 169 && ipParts[1] === 254)
-                return false;
-        }
         return true;
     }
     catch {
-        return false; // Malformed URL
+        return false;
     }
 }
 // ─── Channel Senders ─────────────────────────────────────────

package/dist/utils/universalImporter.js

@@ -36,6 +36,7 @@
  *   For ambiguous files, --format= is mandatory.
  * ═══════════════════════════════════════════════════════════════════
  */
+import { debugLog } from "./logger.js";
 import { getStorage } from "../storage/index.js";
 import { claudeAdapter } from "./migration/claudeAdapter.js";
 import { geminiAdapter } from "./migration/geminiAdapter.js";
@@ -128,16 +129,16 @@ export async function universalImporter(options) {
         if (sniffed) {
             adapter = adapters.find((a) => a.id === sniffed);
             if (adapter) {
-                console.log(`🔍 Auto-detected format: ${sniffed} (via content sniffing)`);
+                debugLog(`🔍 Auto-detected format: ${sniffed} (via content sniffing)`);
             }
         }
     }
     if (!adapter) {
         throw new Error(`Could not determine adapter for file: ${filePathArg}. Use --format to specify.`);
     }
-    console.log(`🚀 Starting migration from ${adapter.id} to Prism...`);
+    debugLog(`🚀 Starting migration from ${adapter.id} to Prism...`);
     if (dryRun)
-        console.log("⚠️ DRY RUN MODE - storage writes disabled.");
+        debugLog("⚠️ DRY RUN MODE - storage writes disabled.");
     // ── Storage + Concurrency ──────────────────────────────────────
     const storage = await getStorage();
     const limit = pLimit(5);
@@ -169,7 +170,7 @@ export async function universalImporter(options) {
         conversationCount++;
         if (verbose) {
             const turnCount = turns.length;
-            console.log(`📦 Conversation #${conversationCount}: ${turnCount} turns (${sessionDate}) → ${conversationId}`);
+            debugLog(`📦 Conversation #${conversationCount}: ${turnCount} turns (${sessionDate}) → ${conversationId}`);
         }
         if (dryRun) {
             successCount += turns.length;
@@ -188,7 +189,7 @@ export async function universalImporter(options) {
             if (existing.length > 0) {
                 skipCount += turns.length;
                 if (verbose) {
-                    console.log(`⏭️  Skipping duplicate: ${conversationId}`);
+                    debugLog(`⏭️  Skipping duplicate: ${conversationId}`);
                 }
                 return;
             }
@@ -229,13 +230,13 @@ export async function universalImporter(options) {
         // ── Final Flush ──────────────────────────────────────────────
         // Flush the last conversation (no trailing time gap to trigger it)
         await flushConversation();
-        console.log("\n✅ Migration complete!");
-        console.log(`   Conversations: ${conversationCount}`);
-        console.log(`   Turns processed: ${successCount}`);
+        debugLog("\n✅ Migration complete!");
+        debugLog(`   Conversations: ${conversationCount}`);
+        debugLog(`   Turns processed: ${successCount}`);
         if (skipCount > 0)
-            console.log(`   Skipped (dup): ${skipCount}`);
+            debugLog(`   Skipped (dup): ${skipCount}`);
         if (failCount > 0)
-            console.log(`   Failed:         ${failCount}`);
+            debugLog(`   Failed:         ${failCount}`);
         return { successCount, failCount, skipCount, conversationCount };
     }
     catch (err) {
@@ -261,7 +262,7 @@ async function runCLI() {
     const dryRun = args.includes("--dry-run") || args.includes("-d");
     const verbose = args.includes("--verbose") || args.includes("-v");
     if (!filePathArg) {
-        console.log(`
+        debugLog(`
 Prism Universal History Importer
 Usage: node universalImporter.js <file> [options]
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prism-mcp-server",
-  "version": "15.7.3",
+  "version": "16.0.0",
   "mcpName": "io.github.dcostenco/prism-coder",
   "description": "Prism Coder — Cognitive memory + tool-calling intelligence for AI agents. Mind Palace persistent memory (BFCL Gold Certified, 100% Tool-Call Accuracy, 54 Agent Skills, Zero-Search HDC/HRR retrieval, HIPAA-hardened local-first storage, SLERP-optimized GRPO alignment) plus the prism-coder:7b / 14b open-weights LLM fleet.",
   "module": "index.ts",