npm - prism-mcp-server - Versions diffs - 18.0.1 → 18.0.2 - Mend

prism-mcp-server 18.0.1 → 18.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +1 -1
package/dist/dashboard/authUtils.js +10 -7
package/dist/tools/ingestHandler.js +5 -1
package/dist/tools/ledgerHandlers.js +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -64,7 +64,7 @@ Free tier runs entirely on your machine — SQLite, local embedding model, no AP
 |--|---|---|
 | Tool-call latency | 200ms–3s | **~1.6s (1.7B) / ~1.1s (14B)** |
 | API key required | Yes | **No** |
-| Data sent externally | Every prompt | **Nothing** |
+| Data sent externally | Every prompt | **Nothing (free tier)** |
 | Works offline | ❌ | ✅ |
 | Cost at scale | $0.002–0.06/call | **$0** |
 | HIPAA | Requires BAA | **On-prem = no BAA** |

package/dist/dashboard/authUtils.js CHANGED Viewed

@@ -84,20 +84,23 @@ export async function isAuthenticated(req, config) {
         try {
             const token = authHeader.slice(7);
             const verifyOpts = {
-                clockTolerance: 30, // 30s clock skew tolerance
+                clockTolerance: 30,
+                // audience + issuer are REQUIRED when JWKS is configured — prevents
+                // cross-service token confusion (adversarial review H1, 2026-06-12).
+                audience: config.jwtAudience || "prism-mcp",
+                issuer: config.jwtIssuer || "https://synalux.ai",
             };
-            if (config.jwtAudience)
-                verifyOpts.audience = config.jwtAudience;
-            if (config.jwtIssuer)
-                verifyOpts.issuer = config.jwtIssuer;
             const { payload } = await jwtVerify(token, jwksCache, verifyOpts);
             const payloadDict = payload;
-            // Attach agent_id and AgentLair audit metadata to the request for downstream traceability
             const authReq = req;
             authReq.agent_id =
                 payloadDict.agent_id || payload.sub;
             authReq.al_name = payloadDict.al_name;
-            authReq.al_audit_url = payloadDict.al_audit_url;
+            // al_audit_url is untrusted (attacker-influenceable via token) — do not
+            // act on it or call it. Stored for logging only, never fetched.
+            authReq.al_audit_url = typeof payloadDict.al_audit_url === "string"
+                ? payloadDict.al_audit_url.slice(0, 256)
+                : undefined;
             return true;
         }
         catch (err) {

package/dist/tools/ingestHandler.js CHANGED Viewed

@@ -63,6 +63,10 @@ async function generateQAPairs(chunk, source) {
         debugLog("[ingest] No ANTHROPIC_API_KEY — skipping Q&A generation, storing raw chunks");
         return [{ prompt: `What does this ${source} code do?`, response: chunk.slice(0, 500) }];
     }
+    // PHI redaction BEFORE sending to cloud LLM — the chunk may contain
+    // client names in file paths, inline identifiers, or clinical notes.
+    const { scanAndRedactPHI } = await import("../utils/phiGuard.js");
+    const redactedChunk = scanAndRedactPHI(chunk).redacted;
     try {
         const res = await fetch("https://api.anthropic.com/v1/messages", {
             method: "POST",
@@ -75,7 +79,7 @@ async function generateQAPairs(chunk, source) {
                 model: "claude-haiku-4-5-20251001",
                 max_tokens: 2048,
                 system: 'Generate 3 Q&A training pairs as JSON array: [{"prompt":"...","response":"..."}]. Focus on what the code does, how it works, and key patterns.',
-                messages: [{ role: "user", content: `Source: ${source}\n\`\`\`\n${chunk.slice(0, 5000)}\n\`\`\`` }],
+                messages: [{ role: "user", content: `Source: ${source}\n\`\`\`\n${redactedChunk.slice(0, 5000)}\n\`\`\`` }],
             }),
         });
         if (!res.ok) {

package/dist/tools/ledgerHandlers.js CHANGED Viewed

@@ -98,7 +98,7 @@ export async function sessionSaveLedgerHandler(args) {
     const conversation_id = args.conversation_id;
     const summary = sanitizeMemoryInput(args.summary);
     const todos = args.todos ? sanitizeArray(args.todos) : undefined;
-    const files_changed = args.files_changed;
+    const files_changed = args.files_changed ? sanitizeArray(args.files_changed) : undefined;
     const decisions = args.decisions ? sanitizeArray(args.decisions) : undefined;
     const role = args.role;
     const storage = await getStorage();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "prism-mcp-server",
-  "version": "18.0.1",
+  "version": "18.0.2",
   "mcpName": "io.github.dcostenco/prism-coder",
   "description": "Prism Coder — Cognitive memory + tool-calling intelligence for AI agents. Mind Palace persistent memory (BFCL Gold Certified, 100% Tool-Call Accuracy, 114 Agent Skills, PHI Guard, Tier Enforcement, Prompt-Based Skill Routing, Zero-Search HDC/HRR retrieval, HRR Semantic Drift Detection across BCBA/Coding/AAC domains, HIPAA-hardened local-first storage, SLERP-optimized GRPO alignment) plus the prism-coder 1.7B–32B open-weights LLM fleet.",
   "module": "index.ts",