prism-mcp-server 17.1.1 → 18.0.1

package/README.md

@@ -28,12 +28,12 @@ Ask "what did I decide about the auth flow last month?" and get the answer with
 ### 🧬 Cognitive routing
 Different memory types live in different stores: episodic (what happened), semantic (what's true), procedural (how to do X). The router picks where to store and where to retrieve.
 
-### 🔄 Proactive session drift detection *(new in v15)*
+### 🔄 Proactive session drift detection *(new in v15, HRR-powered in v17)*
 Your AI agent can now detect when it has drifted from your original goals — mid-session, automatically — and self-correct before you notice the problem.
 
 Three direct Prism calls:
 1. **`session_save_ledger`** — snapshot current state
-2. **`session_cognitive_route`** — compare current work against original goals, returns `on_track / minor_drift / major_drift`
+2. **`session_detect_drift`** — HRR-powered semantic comparison of current work vs original goals, returns `on_track / minor_drift / major_drift` with domain-specific signals (BCBA/Coding/AAC)
 3. **`session_compact_ledger`** — if drifted, compress and reload only what matters
 
 When major drift is detected, the alert routes to the **Synalux portal** so it's visible across sessions and devices — not just in the current conversation.
@@ -42,6 +42,19 @@ When major drift is detected, the alert routes to the **Synalux portal** so it's
 
 No scripts. No cron. No hooks. Three tool calls, Prism handles the rest.
 
+### 🛡 PHI Guard *(v17+)*
+Automatic Protected Health Information detection and redaction in the memory pipeline. Every `session_save_ledger` and `session_save_handoff` call passes through the PHI guard before storage.
+
+**What it catches:** DOBs, SSNs, MRNs, phone numbers, email addresses, and other structured HIPAA identifiers (18 categories). Redaction is deterministic (regex + pattern matching, no LLM) — zero false negatives on format-constrained identifiers (SSN, MRN, phone, email). Names require NER for reliable detection and are best-effort.
+
+**Fail-closed:** PHI detection errors log to stderr (never suppressed) and block the save. Metric: `phi_guard.detected` count per category is always emitted for audit compliance.
+
+### ⚡ Prompt-based skill routing *(v17+)*
+114 agent skills auto-load based on prompt keywords. No manual skill selection needed — the MCP server scans the user's prompt and injects the relevant skill instructions into the session context before the AI responds.
+
+### 💰 Tier enforcement *(v17.1+)*
+`prism_infer` now enforces subscription-tier gates: model ceiling, max tokens, daily limits, and cloud fallback are all gated by your plan. Free users get local-only inference up to 4b; paid tiers unlock higher models, more tokens, and cloud fallback. Flat-rate seat caps via `max_seats` per plan.
+
 ### 🛡 Local-first — security + speed
 Free tier runs entirely on your machine — SQLite, local embedding model, no API keys, no cloud. Paid tier adds cloud sync via Synalux portal.
 
@@ -155,7 +168,58 @@ Categories: abstention, adversarial traps, cascade, disambiguation, edge cases,
 **What it does NOT mean**: these scores measure routing precision on a 17-tool taxonomy, not general intelligence. Claude outperforms on everything outside this task. The value is **offline reliability at zero cost**, not replacing Claude. Code and clinical knowledge come from RAG via `knowledge_search`.
 
 ### 🔍 L3 Grounding Verifier
-When `prism_infer` receives an `evidence` payload, the grounding verifier automatically checks the model's response against the provided evidence before returning to the caller. Unverified or hallucinated claims are flagged. This is the third layer (L3) of the cascade — after tool routing (L1) and confidence gating (L2).
+
+Fail-closed fact-checking layer. When `prism_infer` receives an `evidence` payload, a separate verifier model (default: `prism-coder:4b`) checks every factual claim in the draft against the evidence before serving it. This is the third layer (L3) of the cascade — after tool routing (L1) and confidence gating (L2).
+
+**Three-tier pre-check:**
+
+| Tier | Condition | Action |
+|---|---|---|
+| **0 — Conversational** | Draft has no numbers, dates, names, codes, or $ amounts | Serve without verification |
+| **0a — No evidence** | Assertive draft + zero evidence snippets | Refuse (fail-closed) |
+| **2 — NLI** | Assertive draft + evidence provided | Verify each claim against evidence |
+
+**Per-claim verdicts:**
+- `ENTAILED` — claim matches evidence (including arithmetic identity: "3" ≈ "three")
+- `CONTRADICTED` — evidence states a different value for the same fact → **refuse**
+- `NEUTRAL` — claim not covered by evidence → **refuse** (fail-closed default)
+
+**Fail-closed guarantees:** HTTP errors, malformed JSON, timeouts → all treated as refusal. The caller gets the specific claim that failed and can retry with more evidence or fall back to cloud.
+
+**Usage with `prism_infer`:**
+```json
+{
+  "prompt": "What was the patient's last A1C?",
+  "evidence": [
+    { "source": "lab_2026-05-01", "content": "HbA1c: 6.8% (ref <7.0)" }
+  ]
+}
+```
+
+**Structured output:**
+```json
+{
+  "output": "The patient's last A1C was 6.8%.",
+  "verification": {
+    "action": "served",
+    "claims": [{ "text": "A1C was 6.8%", "verdict": "ENTAILED" }],
+    "verifierChain": [{ "model": "prism-coder:4b", "verdict": "ENTAILED", "latencyMs": 340 }]
+  }
+}
+```
+
+When a claim is contradicted or unsupported:
+```json
+{
+  "output": "⚠ Verification failed: claim 'A1C was 7.2%' is CONTRADICTED by evidence.",
+  "verification": {
+    "action": "refused_fabricated",
+    "refusalClaim": "A1C was 7.2%"
+  }
+}
+```
+
+The verifier model (`prism-coder:4b`) is intentionally different from the inference model — satisfying the independent-reviewer principle. Requires a paid plan (see [Plans](#plans)). Set `verify: false` to explicitly skip verification even when evidence is provided.
 
 ### 🧠 HRR Semantic Drift Detection (v17.0)
 Detects when long AI agent sessions drift from their original goal — using Holographic Reduced Representations for temporal trajectory encoding and anomaly detection.
@@ -366,6 +430,7 @@ Paid Synalux subscribers get a built-in analytics dashboard at `/app/memory-anal
 | `knowledge_search` | Semantic + keyword search over all memories |
 | `query_memory_natural` | Natural-language Q&A over your Mind Palace |
 | `extract_entities` | Pull people / projects / decisions from text |
+| `session_detect_drift` | HRR-powered semantic drift detection (BCBA/Coding/AAC) |
 | `session_synthesize_edges` | Auto-link related memories into a graph |
 
 (35+ tools total — full TypeScript signatures in `src/tools/`. Architecture overview in [`docs/ARCHITECTURE.md`](docs/ARCHITECTURE.md).)
@@ -675,7 +740,7 @@ prism register-models         # Alias dcostenco/prism-coder:* → prism-coder:*
 ## Testing
 
 ```bash
-npm test                           # 2,418 test cases across 81 files (vitest)
+npm test                           # 2,676 test cases across 89 files (vitest)
 npm test -- --coverage             # coverage report
 python3 tests/benchmarks/prism-routing-100/benchmark.py --models 1b7 14b 32b
 ```

package/dist/scholar/webScholar.js

@@ -3,6 +3,9 @@ import { getStorage } from "../storage/index.js";
 import { debugLog } from "../utils/logger.js";
 import { getLLMProvider } from "../utils/llm/factory.js";
 import { randomUUID } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, statSync, unlinkSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
 import { performWebSearchRaw } from "../utils/braveApi.js";
 import { performGoogleSearch } from "../utils/googleSearchApi.js";
 import { getTracer } from "../utils/telemetry.js";
@@ -58,9 +61,20 @@ async function selectTopic() {
     const topics = PRISM_SCHOLAR_TOPICS;
     if (!topics || topics.length === 0)
         return "";
-    const randomPick = topics[Math.floor(Math.random() * topics.length)];
+    // Filter out topics already researched in the last 24h
+    const uncovered = [];
+    for (const t of topics) {
+        if (!(await hasRecentResearch(t, SCHOLAR_PROJECT, PRISM_USER_ID, 24))) {
+            uncovered.push(t);
+        }
+    }
+    if (uncovered.length === 0) {
+        debugLog("[WebScholar] All topics researched in last 24h — sleeping until tomorrow");
+        return "";
+    }
+    const pick = uncovered[Math.floor(Math.random() * uncovered.length)];
     if (!PRISM_ENABLE_HIVEMIND)
-        return randomPick;
+        return pick;
     try {
         const storage = await getStorage();
         const allAgents = await storage.getAllAgents(PRISM_USER_ID);
@@ -68,22 +82,79 @@ async function selectTopic() {
             .filter(a => a.role !== SCHOLAR_ROLE && a.status === "active" && a.current_task)
             .map(a => a.current_task.toLowerCase());
         if (activeTasks.length === 0)
-            return randomPick;
+            return pick;
         const taskText = activeTasks.join(" ");
-        const matched = topics.filter(t => taskText.includes(t.toLowerCase()));
+        const matched = uncovered.filter(t => taskText.includes(t.toLowerCase()));
         if (matched.length > 0)
             return matched[Math.floor(Math.random() * matched.length)];
     }
     catch { }
-    return randomPick;
+    return pick;
+}
+// ─── Dedup + Cross-Process Lock ─────────────────────────────
+async function hasRecentResearch(topic, project, userId, windowHours = 24) {
+    try {
+        const storage = await getStorage();
+        const entries = await storage.getLedgerEntries({
+            project,
+            user_id: userId,
+            event_type: "learning",
+            limit: 20,
+        });
+        const cutoff = new Date(Date.now() - windowHours * 3600_000).toISOString();
+        return entries.some(e => (e.created_at ?? "") > cutoff && (e.summary ?? "").startsWith(`Research: ${topic}\n`));
+    }
+    catch {
+        return false;
+    }
+}
+const LOCK_PATH = join(homedir(), ".prism-mcp", "scholar.lock");
+const LOCK_STALE_MS = 10 * 60_000;
+function acquireFileLock() {
+    try {
+        const lockDir = dirname(LOCK_PATH);
+        if (!existsSync(lockDir))
+            mkdirSync(lockDir, { recursive: true });
+        if (existsSync(LOCK_PATH)) {
+            const stat = statSync(LOCK_PATH);
+            const ageMs = Date.now() - stat.mtimeMs;
+            if (ageMs < LOCK_STALE_MS)
+                return false;
+            unlinkSync(LOCK_PATH);
+        }
+        // wx = exclusive create — throws EEXIST if another process won the race
+        writeFileSync(LOCK_PATH, `${process.pid}\n${new Date().toISOString()}`, { flag: "wx" });
+        return true;
+    }
+    catch (err) {
+        if (err?.code === "EEXIST")
+            return false;
+        return false;
+    }
+}
+function releaseFileLock() {
+    try {
+        if (!existsSync(LOCK_PATH))
+            return;
+        const content = readFileSync(LOCK_PATH, "utf-8");
+        const lockPid = parseInt(content.split("\n")[0], 10);
+        if (lockPid === process.pid) {
+            unlinkSync(LOCK_PATH);
+        }
+    }
+    catch { }
 }
 // ─── Core Pipeline ───────────────────────────────────────────
 let isRunning = false;
 export async function runWebScholar(overrideTopic, overrideProject) {
     if (isRunning) {
-        debugLog("[WebScholar] Skipped: already running");
+        debugLog("[WebScholar] Skipped: already running in this process");
         return "Skipped: already running";
     }
+    if (!acquireFileLock()) {
+        debugLog("[WebScholar] Skipped: another instance holds the lock");
+        return "Skipped: another instance is running";
+    }
     isRunning = true;
     const tracer = getTracer();
     const span = tracer.startSpan("background.web_scholar");
@@ -97,6 +168,11 @@ export async function runWebScholar(overrideTopic, overrideProject) {
             span.setAttribute("scholar.skipped_reason", "no_topics");
             return "No topics configured";
         }
+        if (await hasRecentResearch(topic, project, PRISM_USER_ID)) {
+            debugLog(`[WebScholar] Skipped: "${topic}" already researched in last 24h`);
+            span.setAttribute("scholar.skipped_reason", "dedup");
+            return `Skipped: "${topic}" already researched recently`;
+        }
         debugLog(`[WebScholar] 🧠 Starting research on: "${topic}"`);
         await hivemindRegister(topic);
         await hivemindHeartbeat(`Searching for: ${topic}`);
@@ -146,11 +222,11 @@ export async function runWebScholar(overrideTopic, overrideProject) {
         await storage.saveLedger({
             id: randomUUID(),
             project: project,
-            conversation_id: "scholar-" + Date.now(),
+            conversation_id: `scholar-${randomUUID().slice(0, 8)}`,
             user_id: PRISM_USER_ID,
             role: "scholar",
             summary: `Research: ${topic}\n\n${summary}`,
-            keywords: [topic, "research"],
+            keywords: [topic, "research", "auto-scholar"],
             event_type: "learning",
             importance: 7,
             created_at: new Date().toISOString()
@@ -164,6 +240,7 @@ export async function runWebScholar(overrideTopic, overrideProject) {
     }
     finally {
         await hivemindIdle();
+        releaseFileLock();
         isRunning = false;
         span.end();
     }
@@ -215,41 +292,3 @@ async function searchSemanticScholar(query, count) {
         return [];
     }
 }
-let watcherInterval = null;
-export async function startScholarWatcher() {
-    if (watcherInterval)
-        return;
-    debugLog("[WebScholar] Starting bridge watcher (polling for research_tasks)");
-    watcherInterval = setInterval(async () => {
-        try {
-            const storage = await getStorage();
-            const pending = await storage.listPendingResearchTasks();
-            for (const task of pending) {
-                debugLog(`[WebScholar] Bridge pickup: Task ${task.id} (topic: ${task.topic})`);
-                await storage.updateResearchTask(task.id, { status: 'RUNNING' });
-                try {
-                    const result = await runWebScholar(task.topic, task.project);
-                    await storage.updateResearchTask(task.id, {
-                        status: 'COMPLETED',
-                        result_summary: result.slice(0, 1000) // snippet
-                    });
-                }
-                catch (err) {
-                    await storage.updateResearchTask(task.id, {
-                        status: 'FAILED',
-                        error_message: err.message || String(err)
-                    });
-                }
-            }
-        }
-        catch (err) {
-            debugLog(`[WebScholar] Bridge poll failed: ${err}`);
-        }
-    }, 10_000); // Poll every 10 seconds
-}
-export function stopScholarWatcher() {
-    if (watcherInterval) {
-        clearInterval(watcherInterval);
-        watcherInterval = null;
-    }
-}

package/dist/server.js

@@ -59,9 +59,9 @@ ListResourcesRequestSchema, ListResourceTemplatesRequestSchema, ReadResourceRequ
 // Claude Desktop that the attached resource has changed.
 // Without this, the paperclipped context becomes stale.
 SubscribeRequestSchema, UnsubscribeRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
-import { SERVER_CONFIG, SESSION_MEMORY_ENABLED, PRISM_USER_ID, PRISM_ENABLE_HIVEMIND, WATCHDOG_INTERVAL_MS, WATCHDOG_STALE_MIN, WATCHDOG_FROZEN_MIN, WATCHDOG_OFFLINE_MIN, WATCHDOG_LOOP_THRESHOLD, PRISM_SCHEDULER_ENABLED, PRISM_SCHEDULER_INTERVAL_MS, PRISM_SCHOLAR_ENABLED, PRISM_HDC_ENABLED, PRISM_TASK_ROUTER_ENABLED_ENV, PRISM_DARK_FACTORY_ENABLED, } from "./config.js";
+import { SERVER_CONFIG, SESSION_MEMORY_ENABLED, PRISM_USER_ID, PRISM_ENABLE_HIVEMIND, WATCHDOG_INTERVAL_MS, WATCHDOG_STALE_MIN, WATCHDOG_FROZEN_MIN, WATCHDOG_OFFLINE_MIN, WATCHDOG_LOOP_THRESHOLD, PRISM_SCHEDULER_ENABLED, PRISM_SCHEDULER_INTERVAL_MS, PRISM_HDC_ENABLED, PRISM_TASK_ROUTER_ENABLED_ENV, PRISM_DARK_FACTORY_ENABLED, } from "./config.js";
 import { startWatchdog, drainAlerts } from "./hivemindWatchdog.js";
-import { startScheduler, startScholarScheduler } from "./backgroundScheduler.js";
+import { startScheduler } from "./backgroundScheduler.js";
 import { startDarkFactoryRunner } from "./darkfactory/runner.js";
 import { getSyncBus } from "./sync/factory.js";
 import { startDashboardServer } from "./dashboard/server.js";
@@ -1353,16 +1353,12 @@ export async function startServer() {
             console.error(`[Scheduler] Startup failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
         });
     }
-    // ─── v5.4: Autonomous Web Scholar Scheduler ──────────────
-    // Background LLM research pipeline. Independent from the
-    // maintenance scheduler — has its own interval and enable flag.
-    if (PRISM_SCHOLAR_ENABLED && SESSION_MEMORY_ENABLED) {
-        storageReady?.then(() => {
-            startScholarScheduler();
-        }).catch(err => {
-            console.error(`[WebScholar] Startup failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
-        });
-    }
+    // ─── v5.4: Autonomous Web Scholar — REMOVED (v18.0.0) ────
+    // Auto-scheduler removed. Scholar now runs server-side via
+    // Vercel cron (/api/v1/cron/scholar) every 6h. The client-side
+    // scheduler caused 5,293 garbage entries when multiple MCP
+    // instances ran in parallel. Manual trigger via MCP tool still
+    // works for local/free-tier users. See: webScholar.ts
     // ─── v7.3: Dark Factory Background Runner ────────────────
     // Autonomous pipeline orchestration engine. Picks up RUNNING
     // pipelines and advances them through PLAN → EXECUTE → VERIFY

package/dist/tools/ledgerHandlers.js

@@ -801,11 +801,15 @@ export async function sessionLoadContextHandler(args) {
                 const eff = computeEffectiveImportance(s.importance, s.last_accessed_at, s.created_at, Boolean(s.is_rollup));
                 impStr = ` [Imp: ${eff}]`;
             }
-            return `  [${s.session_date?.split("T")[0]}]${impStr} ${s.summary}`;
+            const dateStr = (s.session_date || s.created_at || s.date || "unknown").split("T")[0];
+            return `  [${dateStr}]${impStr} ${s.summary}`;
         }).join("\n") + `\n`;
     }
     if (d.session_history?.length) {
-        formattedContext += `\n📂 Session History (${d.session_history.length} entries):\n` + d.session_history.map((s) => `  [${s.session_date?.split("T")[0]}] ${s.summary}`).join("\n") + `\n`;
+        formattedContext += `\n📂 Session History (${d.session_history.length} entries):\n` + d.session_history.map((s) => {
+            const dateStr = (s.session_date || s.created_at || s.date || "unknown").split("T")[0];
+            return `  [${dateStr}] ${s.summary}`;
+        }).join("\n") + `\n`;
     }
     if (d.recent_validations?.length) {
         formattedContext += `\n🔬 Recent Validations:\n` + d.recent_validations.map((v) => {

package/dist/tools/prismInferHandler.js

@@ -91,12 +91,12 @@ export const PRISM_INFER_TOOL = {
                 type: "boolean",
                 description: "Enable the L3 grounding verifier. Default: true when `evidence` is provided, " +
                     "false otherwise. When enabled, the model's draft is checked by a different model " +
-                    "(prism-coder:1b7 by default) against the supplied `evidence`. Drafts with " +
+                    "(prism-coder:4b by default) against the supplied `evidence`. Drafts with " +
                     "NEUTRAL or CONTRADICTED claims are refused.",
             },
             verifier_model: {
                 type: "string",
-                description: "Override the verifier model. Default: prism-coder:1b7.",
+                description: "Override the verifier model. Default: prism-coder:4b.",
             },
             verifier_timeout_ms: {
                 type: "number",

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "prism-mcp-server",
-  "version": "17.1.1",
+  "version": "18.0.1",
   "mcpName": "io.github.dcostenco/prism-coder",
-  "description": "Prism Coder — Cognitive memory + tool-calling intelligence for AI agents. Mind Palace persistent memory (BFCL Gold Certified, 100% Tool-Call Accuracy, 114 Agent Skills, Zero-Search HDC/HRR retrieval, HRR Semantic Drift Detection across BCBA/Coding/AAC domains, HIPAA-hardened local-first storage, SLERP-optimized GRPO alignment) plus the prism-coder 1.7B–32B open-weights LLM fleet.",
+  "description": "Prism Coder — Cognitive memory + tool-calling intelligence for AI agents. Mind Palace persistent memory (BFCL Gold Certified, 100% Tool-Call Accuracy, 114 Agent Skills, PHI Guard, Tier Enforcement, Prompt-Based Skill Routing, Zero-Search HDC/HRR retrieval, HRR Semantic Drift Detection across BCBA/Coding/AAC domains, HIPAA-hardened local-first storage, SLERP-optimized GRPO alignment) plus the prism-coder 1.7B–32B open-weights LLM fleet.",
   "module": "index.ts",
   "type": "module",
   "main": "dist/server.js",