prism-mcp-server 18.0.0 → 18.0.2

package/README.md

@@ -42,17 +42,17 @@ When major drift is detected, the alert routes to the **Synalux portal** so it's
 
 No scripts. No cron. No hooks. Three tool calls, Prism handles the rest.
 
-### 🛡 PHI Guard *(new in v17)*
+### 🛡 PHI Guard *(v17+)*
 Automatic Protected Health Information detection and redaction in the memory pipeline. Every `session_save_ledger` and `session_save_handoff` call passes through the PHI guard before storage.
 
-**What it catches:** Names, DOBs, SSNs, MRNs, phone numbers, email addresses, and 18 HIPAA identifier categories. Redaction is deterministic (regex + pattern matching, no LLM) — zero false negatives on structured identifiers.
+**What it catches:** DOBs, SSNs, MRNs, phone numbers, email addresses, and other structured HIPAA identifiers (18 categories). Redaction is deterministic (regex + pattern matching, no LLM) — zero false negatives on format-constrained identifiers (SSN, MRN, phone, email). Names require NER for reliable detection and are best-effort.
 
 **Fail-closed:** PHI detection errors log to stderr (never suppressed) and block the save. Metric: `phi_guard.detected` count per category is always emitted for audit compliance.
 
-### ⚡ Prompt-based skill routing *(new in v17)*
+### ⚡ Prompt-based skill routing *(v17+)*
 114 agent skills auto-load based on prompt keywords. No manual skill selection needed — the MCP server scans the user's prompt and injects the relevant skill instructions into the session context before the AI responds.
 
-### 💰 Tier enforcement *(new in v17.1)*
+### 💰 Tier enforcement *(v17.1+)*
 `prism_infer` now enforces subscription-tier gates: model ceiling, max tokens, daily limits, and cloud fallback are all gated by your plan. Free users get local-only inference up to 4b; paid tiers unlock higher models, more tokens, and cloud fallback. Flat-rate seat caps via `max_seats` per plan.
 
 ### 🛡 Local-first — security + speed
@@ -64,7 +64,7 @@ Free tier runs entirely on your machine — SQLite, local embedding model, no AP
 |--|---|---|
 | Tool-call latency | 200ms–3s | **~1.6s (1.7B) / ~1.1s (14B)** |
 | API key required | Yes | **No** |
-| Data sent externally | Every prompt | **Nothing** |
+| Data sent externally | Every prompt | **Nothing (free tier)** |
 | Works offline | ❌ | ✅ |
 | Cost at scale | $0.002–0.06/call | **$0** |
 | HIPAA | Requires BAA | **On-prem = no BAA** |

package/dist/dashboard/authUtils.js

@@ -84,20 +84,23 @@ export async function isAuthenticated(req, config) {
         try {
             const token = authHeader.slice(7);
             const verifyOpts = {
-                clockTolerance: 30, // 30s clock skew tolerance
+                clockTolerance: 30,
+                // audience + issuer are REQUIRED when JWKS is configured — prevents
+                // cross-service token confusion (adversarial review H1, 2026-06-12).
+                audience: config.jwtAudience || "prism-mcp",
+                issuer: config.jwtIssuer || "https://synalux.ai",
             };
-            if (config.jwtAudience)
-                verifyOpts.audience = config.jwtAudience;
-            if (config.jwtIssuer)
-                verifyOpts.issuer = config.jwtIssuer;
             const { payload } = await jwtVerify(token, jwksCache, verifyOpts);
             const payloadDict = payload;
-            // Attach agent_id and AgentLair audit metadata to the request for downstream traceability
             const authReq = req;
             authReq.agent_id =
                 payloadDict.agent_id || payload.sub;
             authReq.al_name = payloadDict.al_name;
-            authReq.al_audit_url = payloadDict.al_audit_url;
+            // al_audit_url is untrusted (attacker-influenceable via token) — do not
+            // act on it or call it. Stored for logging only, never fetched.
+            authReq.al_audit_url = typeof payloadDict.al_audit_url === "string"
+                ? payloadDict.al_audit_url.slice(0, 256)
+                : undefined;
             return true;
         }
         catch (err) {

package/dist/scholar/webScholar.js

@@ -3,6 +3,9 @@ import { getStorage } from "../storage/index.js";
 import { debugLog } from "../utils/logger.js";
 import { getLLMProvider } from "../utils/llm/factory.js";
 import { randomUUID } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, statSync, unlinkSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
 import { performWebSearchRaw } from "../utils/braveApi.js";
 import { performGoogleSearch } from "../utils/googleSearchApi.js";
 import { getTracer } from "../utils/telemetry.js";
@@ -58,9 +61,20 @@ async function selectTopic() {
     const topics = PRISM_SCHOLAR_TOPICS;
     if (!topics || topics.length === 0)
         return "";
-    const randomPick = topics[Math.floor(Math.random() * topics.length)];
+    // Filter out topics already researched in the last 24h
+    const uncovered = [];
+    for (const t of topics) {
+        if (!(await hasRecentResearch(t, SCHOLAR_PROJECT, PRISM_USER_ID, 24))) {
+            uncovered.push(t);
+        }
+    }
+    if (uncovered.length === 0) {
+        debugLog("[WebScholar] All topics researched in last 24h — sleeping until tomorrow");
+        return "";
+    }
+    const pick = uncovered[Math.floor(Math.random() * uncovered.length)];
     if (!PRISM_ENABLE_HIVEMIND)
-        return randomPick;
+        return pick;
     try {
         const storage = await getStorage();
         const allAgents = await storage.getAllAgents(PRISM_USER_ID);
@@ -68,22 +82,79 @@ async function selectTopic() {
             .filter(a => a.role !== SCHOLAR_ROLE && a.status === "active" && a.current_task)
             .map(a => a.current_task.toLowerCase());
         if (activeTasks.length === 0)
-            return randomPick;
+            return pick;
         const taskText = activeTasks.join(" ");
-        const matched = topics.filter(t => taskText.includes(t.toLowerCase()));
+        const matched = uncovered.filter(t => taskText.includes(t.toLowerCase()));
         if (matched.length > 0)
             return matched[Math.floor(Math.random() * matched.length)];
     }
     catch { }
-    return randomPick;
+    return pick;
+}
+// ─── Dedup + Cross-Process Lock ─────────────────────────────
+async function hasRecentResearch(topic, project, userId, windowHours = 24) {
+    try {
+        const storage = await getStorage();
+        const entries = await storage.getLedgerEntries({
+            project,
+            user_id: userId,
+            event_type: "learning",
+            limit: 20,
+        });
+        const cutoff = new Date(Date.now() - windowHours * 3600_000).toISOString();
+        return entries.some(e => (e.created_at ?? "") > cutoff && (e.summary ?? "").startsWith(`Research: ${topic}\n`));
+    }
+    catch {
+        return false;
+    }
+}
+const LOCK_PATH = join(homedir(), ".prism-mcp", "scholar.lock");
+const LOCK_STALE_MS = 10 * 60_000;
+function acquireFileLock() {
+    try {
+        const lockDir = dirname(LOCK_PATH);
+        if (!existsSync(lockDir))
+            mkdirSync(lockDir, { recursive: true });
+        if (existsSync(LOCK_PATH)) {
+            const stat = statSync(LOCK_PATH);
+            const ageMs = Date.now() - stat.mtimeMs;
+            if (ageMs < LOCK_STALE_MS)
+                return false;
+            unlinkSync(LOCK_PATH);
+        }
+        // wx = exclusive create — throws EEXIST if another process won the race
+        writeFileSync(LOCK_PATH, `${process.pid}\n${new Date().toISOString()}`, { flag: "wx" });
+        return true;
+    }
+    catch (err) {
+        if (err?.code === "EEXIST")
+            return false;
+        return false;
+    }
+}
+function releaseFileLock() {
+    try {
+        if (!existsSync(LOCK_PATH))
+            return;
+        const content = readFileSync(LOCK_PATH, "utf-8");
+        const lockPid = parseInt(content.split("\n")[0], 10);
+        if (lockPid === process.pid) {
+            unlinkSync(LOCK_PATH);
+        }
+    }
+    catch { }
 }
 // ─── Core Pipeline ───────────────────────────────────────────
 let isRunning = false;
 export async function runWebScholar(overrideTopic, overrideProject) {
     if (isRunning) {
-        debugLog("[WebScholar] Skipped: already running");
+        debugLog("[WebScholar] Skipped: already running in this process");
         return "Skipped: already running";
     }
+    if (!acquireFileLock()) {
+        debugLog("[WebScholar] Skipped: another instance holds the lock");
+        return "Skipped: another instance is running";
+    }
     isRunning = true;
     const tracer = getTracer();
     const span = tracer.startSpan("background.web_scholar");
@@ -97,6 +168,11 @@ export async function runWebScholar(overrideTopic, overrideProject) {
             span.setAttribute("scholar.skipped_reason", "no_topics");
             return "No topics configured";
         }
+        if (await hasRecentResearch(topic, project, PRISM_USER_ID)) {
+            debugLog(`[WebScholar] Skipped: "${topic}" already researched in last 24h`);
+            span.setAttribute("scholar.skipped_reason", "dedup");
+            return `Skipped: "${topic}" already researched recently`;
+        }
         debugLog(`[WebScholar] 🧠 Starting research on: "${topic}"`);
         await hivemindRegister(topic);
         await hivemindHeartbeat(`Searching for: ${topic}`);
@@ -146,11 +222,11 @@ export async function runWebScholar(overrideTopic, overrideProject) {
         await storage.saveLedger({
             id: randomUUID(),
             project: project,
-            conversation_id: "scholar-" + Date.now(),
+            conversation_id: `scholar-${randomUUID().slice(0, 8)}`,
             user_id: PRISM_USER_ID,
             role: "scholar",
             summary: `Research: ${topic}\n\n${summary}`,
-            keywords: [topic, "research"],
+            keywords: [topic, "research", "auto-scholar"],
             event_type: "learning",
             importance: 7,
             created_at: new Date().toISOString()
@@ -164,6 +240,7 @@ export async function runWebScholar(overrideTopic, overrideProject) {
     }
     finally {
         await hivemindIdle();
+        releaseFileLock();
         isRunning = false;
         span.end();
     }
@@ -215,41 +292,3 @@ async function searchSemanticScholar(query, count) {
         return [];
     }
 }
-let watcherInterval = null;
-export async function startScholarWatcher() {
-    if (watcherInterval)
-        return;
-    debugLog("[WebScholar] Starting bridge watcher (polling for research_tasks)");
-    watcherInterval = setInterval(async () => {
-        try {
-            const storage = await getStorage();
-            const pending = await storage.listPendingResearchTasks();
-            for (const task of pending) {
-                debugLog(`[WebScholar] Bridge pickup: Task ${task.id} (topic: ${task.topic})`);
-                await storage.updateResearchTask(task.id, { status: 'RUNNING' });
-                try {
-                    const result = await runWebScholar(task.topic, task.project);
-                    await storage.updateResearchTask(task.id, {
-                        status: 'COMPLETED',
-                        result_summary: result.slice(0, 1000) // snippet
-                    });
-                }
-                catch (err) {
-                    await storage.updateResearchTask(task.id, {
-                        status: 'FAILED',
-                        error_message: err.message || String(err)
-                    });
-                }
-            }
-        }
-        catch (err) {
-            debugLog(`[WebScholar] Bridge poll failed: ${err}`);
-        }
-    }, 10_000); // Poll every 10 seconds
-}
-export function stopScholarWatcher() {
-    if (watcherInterval) {
-        clearInterval(watcherInterval);
-        watcherInterval = null;
-    }
-}

package/dist/server.js

@@ -59,9 +59,9 @@ ListResourcesRequestSchema, ListResourceTemplatesRequestSchema, ReadResourceRequ
 // Claude Desktop that the attached resource has changed.
 // Without this, the paperclipped context becomes stale.
 SubscribeRequestSchema, UnsubscribeRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
-import { SERVER_CONFIG, SESSION_MEMORY_ENABLED, PRISM_USER_ID, PRISM_ENABLE_HIVEMIND, WATCHDOG_INTERVAL_MS, WATCHDOG_STALE_MIN, WATCHDOG_FROZEN_MIN, WATCHDOG_OFFLINE_MIN, WATCHDOG_LOOP_THRESHOLD, PRISM_SCHEDULER_ENABLED, PRISM_SCHEDULER_INTERVAL_MS, PRISM_SCHOLAR_ENABLED, PRISM_HDC_ENABLED, PRISM_TASK_ROUTER_ENABLED_ENV, PRISM_DARK_FACTORY_ENABLED, } from "./config.js";
+import { SERVER_CONFIG, SESSION_MEMORY_ENABLED, PRISM_USER_ID, PRISM_ENABLE_HIVEMIND, WATCHDOG_INTERVAL_MS, WATCHDOG_STALE_MIN, WATCHDOG_FROZEN_MIN, WATCHDOG_OFFLINE_MIN, WATCHDOG_LOOP_THRESHOLD, PRISM_SCHEDULER_ENABLED, PRISM_SCHEDULER_INTERVAL_MS, PRISM_HDC_ENABLED, PRISM_TASK_ROUTER_ENABLED_ENV, PRISM_DARK_FACTORY_ENABLED, } from "./config.js";
 import { startWatchdog, drainAlerts } from "./hivemindWatchdog.js";
-import { startScheduler, startScholarScheduler } from "./backgroundScheduler.js";
+import { startScheduler } from "./backgroundScheduler.js";
 import { startDarkFactoryRunner } from "./darkfactory/runner.js";
 import { getSyncBus } from "./sync/factory.js";
 import { startDashboardServer } from "./dashboard/server.js";
@@ -1353,16 +1353,12 @@ export async function startServer() {
             console.error(`[Scheduler] Startup failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
         });
     }
-    // ─── v5.4: Autonomous Web Scholar Scheduler ──────────────
-    // Background LLM research pipeline. Independent from the
-    // maintenance scheduler — has its own interval and enable flag.
-    if (PRISM_SCHOLAR_ENABLED && SESSION_MEMORY_ENABLED) {
-        storageReady?.then(() => {
-            startScholarScheduler();
-        }).catch(err => {
-            console.error(`[WebScholar] Startup failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
-        });
-    }
+    // ─── v5.4: Autonomous Web Scholar — REMOVED (v18.0.0) ────
+    // Auto-scheduler removed. Scholar now runs server-side via
+    // Vercel cron (/api/v1/cron/scholar) every 6h. The client-side
+    // scheduler caused 5,293 garbage entries when multiple MCP
+    // instances ran in parallel. Manual trigger via MCP tool still
+    // works for local/free-tier users. See: webScholar.ts
     // ─── v7.3: Dark Factory Background Runner ────────────────
     // Autonomous pipeline orchestration engine. Picks up RUNNING
     // pipelines and advances them through PLAN → EXECUTE → VERIFY

package/dist/tools/ingestHandler.js

@@ -63,6 +63,10 @@ async function generateQAPairs(chunk, source) {
         debugLog("[ingest] No ANTHROPIC_API_KEY — skipping Q&A generation, storing raw chunks");
         return [{ prompt: `What does this ${source} code do?`, response: chunk.slice(0, 500) }];
     }
+    // PHI redaction BEFORE sending to cloud LLM — the chunk may contain
+    // client names in file paths, inline identifiers, or clinical notes.
+    const { scanAndRedactPHI } = await import("../utils/phiGuard.js");
+    const redactedChunk = scanAndRedactPHI(chunk).redacted;
     try {
         const res = await fetch("https://api.anthropic.com/v1/messages", {
             method: "POST",
@@ -75,7 +79,7 @@ async function generateQAPairs(chunk, source) {
                 model: "claude-haiku-4-5-20251001",
                 max_tokens: 2048,
                 system: 'Generate 3 Q&A training pairs as JSON array: [{"prompt":"...","response":"..."}]. Focus on what the code does, how it works, and key patterns.',
-                messages: [{ role: "user", content: `Source: ${source}\n\`\`\`\n${chunk.slice(0, 5000)}\n\`\`\`` }],
+                messages: [{ role: "user", content: `Source: ${source}\n\`\`\`\n${redactedChunk.slice(0, 5000)}\n\`\`\`` }],
             }),
         });
         if (!res.ok) {

package/dist/tools/ledgerHandlers.js

@@ -98,7 +98,7 @@ export async function sessionSaveLedgerHandler(args) {
     const conversation_id = args.conversation_id;
     const summary = sanitizeMemoryInput(args.summary);
     const todos = args.todos ? sanitizeArray(args.todos) : undefined;
-    const files_changed = args.files_changed;
+    const files_changed = args.files_changed ? sanitizeArray(args.files_changed) : undefined;
     const decisions = args.decisions ? sanitizeArray(args.decisions) : undefined;
     const role = args.role;
     const storage = await getStorage();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prism-mcp-server",
-  "version": "18.0.0",
+  "version": "18.0.2",
   "mcpName": "io.github.dcostenco/prism-coder",
   "description": "Prism Coder — Cognitive memory + tool-calling intelligence for AI agents. Mind Palace persistent memory (BFCL Gold Certified, 100% Tool-Call Accuracy, 114 Agent Skills, PHI Guard, Tier Enforcement, Prompt-Based Skill Routing, Zero-Search HDC/HRR retrieval, HRR Semantic Drift Detection across BCBA/Coding/AAC domains, HIPAA-hardened local-first storage, SLERP-optimized GRPO alignment) plus the prism-coder 1.7B–32B open-weights LLM fleet.",
   "module": "index.ts",