prism-mcp-server 19.2.4 → 19.2.6

package/README.md

@@ -412,6 +412,40 @@ prism_infer({
 
 Full TypeScript signatures live in [`src/tools/`](src/tools/); architecture in [`docs/ARCHITECTURE.md`](docs/ARCHITECTURE.md).
 
+### `inference_metrics` — see your local-model usage on demand
+
+Call `inference_metrics` anytime mid-session to see how many `prism_infer` calls ran locally vs cloud, with actual token counts:
+
+```
+📊 Inference Metrics — local-model delegation (this session):
+  Total calls: 5 — Local: 5 (100%) | Cloud: 0 (0%)
+  Tokens: 1,240 in + 380 out = 1,620 total
+  Avg latency: 420ms
+  By model:
+    prism-coder:27b: 3 calls, 1,100 tokens, avg 520ms
+    prism-coder:9b: 2 calls, 520 tokens, avg 270ms
+```
+
+The same block also appears automatically in `session_save_ledger` and `session_save_handoff` responses at session end.
+
+**Note:** This tracks `prism_infer` delegation only — not your host model's (Claude's) own token spend. For that, use Claude Code's `/cost` command.
+
+### Local-model delegation (opt-in)
+
+By default, your AI agent (Claude, Cursor, etc.) handles everything itself. You can optionally enable delegation so the agent offloads cheap, verifiable sub-tasks to local Ollama models at $0:
+
+```bash
+# Enable via Prism config
+prism config set delegation_enabled true
+```
+
+When enabled, the agent's task router may delegate qualifying work — bulk classification, field extraction, mechanical formatting — to `prism_infer` instead of using cloud tokens. The agent always verifies the result and redoes it itself if quality is degraded.
+
+**Guardrails:**
+- **Off by default** — enforced in code, not just convention
+- **Never delegates:** code/text that ships to the user, security/safety logic, planning/reasoning, anything where a silent quality drop isn't obvious
+- **Always verifies:** checks `quality_gate_failed` and `used_cloud` before trusting local output
+
 <details>
 <summary>How Prism survives context compaction</summary>
 

package/dist/server.js

@@ -80,6 +80,7 @@ import { getTracer, initTelemetry } from "./utils/telemetry.js";
 import { context as otelContext, trace, SpanStatusCode } from "@opentelemetry/api";
 import { ddInfo, ddError as ddLogError } from "./utils/ddLogger.js";
 import { inferenceMetricsHandler } from "./utils/inferenceMetrics.js";
+import { recordInvocation } from "./utils/analytics.js";
 // ─── Import Tool Definitions (schemas) and Handlers (implementations) ─────
 import { WEB_SEARCH_TOOL, BRAVE_WEB_SEARCH_CODE_MODE_TOOL, LOCAL_SEARCH_TOOL, BRAVE_LOCAL_SEARCH_CODE_MODE_TOOL, CODE_MODE_TRANSFORM_TOOL, BRAVE_ANSWERS_TOOL, RESEARCH_PAPER_ANALYSIS_TOOL, webSearchHandler, braveWebSearchCodeModeHandler, localSearchHandler, braveLocalSearchCodeModeHandler, codeModeTransformHandler, braveAnswersHandler, researchPaperAnalysisHandler, } from "./tools/index.js";
 // Session memory tools — only used if Supabase is configured
@@ -975,7 +976,9 @@ export function createServer() {
                         };
                 }
                 rootSpan.setStatus({ code: SpanStatusCode.OK });
-                ddInfo("mcp.tool.success", { tool: name, project: args?.project, durationMs: Date.now() - _ddStart });
+                const _ddDuration = Date.now() - _ddStart;
+                ddInfo("mcp.tool.success", { tool: name, project: args?.project, durationMs: _ddDuration });
+                recordInvocation(name, String(args?.project ?? ""), args, JSON.stringify(result?.content?.[0]?.text ?? "").slice(0, 2000), _ddDuration, true);
                 // ═══ v5.3: Hivemind Watchdog Alert Injection (Telepathy) ═══
                 // CRITICAL: Append alerts DIRECTLY to tool response content
                 // so the LLM actually reads them. sendLoggingMessage goes to
@@ -1015,13 +1018,16 @@ export function createServer() {
                 return result;
             }
             catch (error) {
-                console.error(`Error in tool handler: ${error instanceof Error ? error.message : String(error)}`);
-                ddLogError("mcp.tool.error", error instanceof Error ? error : undefined, { tool: name, project: args?.project, durationMs: Date.now() - _ddStart });
-                rootSpan.recordException(error instanceof Error ? error : new Error(String(error)));
+                const errMsg = error instanceof Error ? error.message : String(error);
+                const _ddErrDuration = Date.now() - _ddStart;
+                console.error(`Error in tool handler: ${errMsg}`);
+                ddLogError("mcp.tool.error", error instanceof Error ? error : undefined, { tool: name, project: args?.project, durationMs: _ddErrDuration });
+                rootSpan.recordException(error instanceof Error ? error : new Error(errMsg));
                 rootSpan.setStatus({
                     code: SpanStatusCode.ERROR,
-                    message: error instanceof Error ? error.message : String(error),
+                    message: errMsg,
                 });
+                recordInvocation(name, String(args?.project ?? ""), args, "", _ddErrDuration, false, errMsg);
                 return {
                     content: [
                         {

package/dist/tools/ledgerHandlers.js

@@ -40,8 +40,8 @@ isSessionForgetMemoryArgs, // v3.1: TTL retention policy type guard
 isSessionSaveExperienceArgs, isSessionExportMemoryArgs, normalizeExportFormat, isSessionSaveImageArgs, isSessionViewImageArgs } from "./sessionMemoryDefinitions.js";
 // v4.2: File system access for knowledge_sync_rules
 import { writeFile } from "node:fs/promises";
-import { existsSync } from "node:fs";
-import { join } from "node:path";
+import { existsSync, realpathSync, mkdirSync } from "node:fs";
+import { join, sep } from "node:path";
 // v3.1: In-memory debounce lock for auto-compaction.
 // Prevents multiple concurrent Gemini compaction tasks for the same project
 // when many agents call session_save_ledger at the same time.
@@ -1448,7 +1448,13 @@ export async function sessionExportMemoryHandler(args) {
     // to select the correct .obsidian/.logseq sidecar config.
     const requestedFormat = rawFormat;
     const format = normalizeExportFormat(rawFormat);
-    // Validate output directory
+    // Validate output directory — path traversal confinement (v4.3 security)
+    const homeDir = process.env.HOME || process.env.USERPROFILE || "/tmp";
+    const defaultExportDir = join(homeDir, ".prism-mcp", "exports");
+    // Create default export directory if it doesn't exist
+    if (!existsSync(defaultExportDir)) {
+        mkdirSync(defaultExportDir, { recursive: true });
+    }
     if (!existsSync(output_dir)) {
         return {
             content: [{
@@ -1458,6 +1464,72 @@ export async function sessionExportMemoryHandler(args) {
             isError: true,
         };
     }
+    // Resolve symlinks and ".." to get the canonical path
+    const resolvedDir = realpathSync(output_dir);
+    // Build allow-list of safe export roots
+    const allowedRoots = [
+        defaultExportDir,
+        process.cwd(),
+    ];
+    // Scratch root under tmp — but NOT the world-writable tmp root itself.
+    // os.tmpdir() (typically /tmp, mode 1777) is readable and writable by every
+    // local principal: allowing it as an export root would (a) leak unredacted
+    // ledger/handoff contents to other users and (b) let a co-resident attacker
+    // pre-plant a symlink at the predictable export filename and have writeFile
+    // follow it (arbitrary-file overwrite). Confine to an owner-only subdir.
+    const tmpExportDir = join(os.tmpdir(), ".prism-mcp", "exports");
+    if (!existsSync(tmpExportDir)) {
+        mkdirSync(tmpExportDir, { recursive: true, mode: 0o700 });
+    }
+    allowedRoots.push(realpathSync(tmpExportDir));
+    if (process.env.PRISM_EXPORT_ROOT) {
+        const exportRoot = process.env.PRISM_EXPORT_ROOT;
+        if (existsSync(exportRoot)) {
+            allowedRoots.push(realpathSync(exportRoot));
+        }
+    }
+    // Reject sensitive directories (resolve each so macOS /etc → /private/etc matches)
+    const sensitiveRoots = [
+        join(homeDir, ".ssh"),
+        join(homeDir, ".gnupg"),
+        "/etc",
+        "/var",
+        "/etc/cron.d",
+        "/etc/cron.daily",
+        "/etc/sudoers.d",
+    ].map(p => existsSync(p) ? realpathSync(p) : p);
+    // Check allow-list first — explicitly configured roots take precedence
+    const isAllowedRoot = (dir) => allowedRoots.some((root) => {
+        const resolvedRoot = existsSync(root) ? realpathSync(root) : root;
+        return dir === resolvedRoot || dir.startsWith(resolvedRoot + sep);
+    });
+    for (const sensitive of sensitiveRoots) {
+        if (resolvedDir === sensitive || resolvedDir.startsWith(sensitive + sep)) {
+            // Allow explicitly configured roots even under sensitive parents
+            // (e.g. tmpExportDir under /private/var on macOS, or PRISM_EXPORT_ROOT)
+            if (!isAllowedRoot(resolvedDir)) {
+                return {
+                    content: [{
+                            type: "text",
+                            text: `Error: output_dir resolves to a sensitive system directory ("${resolvedDir}"). Export denied.`,
+                        }],
+                    isError: true,
+                };
+            }
+        }
+    }
+    // Verify resolved path falls under an allowed root
+    if (!isAllowedRoot(resolvedDir)) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `Error: output_dir "${resolvedDir}" is outside allowed export roots. ` +
+                        `Allowed: ${allowedRoots.join(", ")}. ` +
+                        `Set PRISM_EXPORT_ROOT env var to add a custom root.`,
+                }],
+            isError: true,
+        };
+    }
     const storage = await getStorage();
     const exportedFiles = [];
     try {
@@ -1527,14 +1599,27 @@ export async function sessionExportMemoryHandler(args) {
             else {
                 content = JSON.stringify(exportPayload, null, 2);
             }
-            if (format === "vault") {
-                await writeFile(outputPath, content);
+            // Exclusive create (flag: "wx") refuses to write if the path already
+            // exists — including a symlink pre-planted at the predictable export
+            // name. On a genuine collision fall back to a timestamped unique name.
+            let finalPath = outputPath;
+            try {
+                await writeFile(finalPath, content, { flag: "wx" });
             }
-            else {
-                await writeFile(outputPath, content, "utf-8");
+            catch (e) {
+                if (e && e.code === "EEXIST") {
+                    const dot = filename.lastIndexOf(".");
+                    const stem = dot > 0 ? filename.slice(0, dot) : filename;
+                    const extPart = dot > 0 ? filename.slice(dot) : "";
+                    finalPath = join(output_dir, `${stem}-${Date.now()}${extPart}`);
+                    await writeFile(finalPath, content, { flag: "wx" });
+                }
+                else {
+                    throw e;
+                }
             }
-            exportedFiles.push(outputPath);
-            debugLog(`[session_export_memory] Wrote ${content.length} bytes to ${outputPath}`);
+            exportedFiles.push(finalPath);
+            debugLog(`[session_export_memory] Wrote ${content.length} bytes to ${finalPath}`);
         }
         const plural = exportedFiles.length > 1 ? "files" : "file";
         return {

package/dist/tools/v12Handlers.js

@@ -114,10 +114,10 @@ export async function extractEntitiesHandler(args) {
 }
 // ─── API Analytics Handler ───────────────────────────────────
 export async function apiAnalyticsHandler(args) {
-    const { action, project, days } = args;
+    const { scope, project, days } = args;
     try {
         const analytics = await import("../utils/analytics.js");
-        if (action === "dashboard" || !action) {
+        if (scope === "system" || !scope) {
             const dashboard = await analytics.getSystemAnalytics(days || 30);
             return {
                 content: [{
@@ -130,7 +130,7 @@ export async function apiAnalyticsHandler(args) {
                     }],
             };
         }
-        if (action === "project" && project) {
+        if (scope === "project" && project) {
             const projectStats = await analytics.getProjectAnalytics(project, days || 30);
             return {
                 content: [{
@@ -149,7 +149,7 @@ export async function apiAnalyticsHandler(args) {
                     type: "text",
                     text: JSON.stringify({
                         status: "ok",
-                        message: "Use action='dashboard' for aggregate stats or action='project' with project='name' for per-project stats.",
+                        message: "Use scope='system' for aggregate stats or scope='project' with project='name' for per-project stats.",
                     }, null, 2),
                 }],
         };

package/dist/utils/analytics.js

@@ -1,100 +1,123 @@
 /**
- * v12.2: API Usage Analytics — Per-Project Call Tracking
+ * API Usage Analytics — Per-Project Call Tracking
  *
  * Tracks every MCP tool invocation with timing, token estimates,
- * and project association. Provides aggregate analytics for the
- * Mind Palace Dashboard.
+ * and project association. Uses @libsql/client (same as the rest
+ * of prism's local storage layer).
  *
- * Storage: Local SQLite table `api_analytics` (auto-created).
- * Zero external dependencies — no cloud telemetry.
+ * Storage: `api_analytics` table in ~/.prism-mcp/data.db
  */
 import { debugLog } from "./logger.js";
+import { createClient } from "@libsql/client";
+import { existsSync, mkdirSync } from "node:fs";
 import { homedir } from "node:os";
-import { join } from "node:path";
-// Lazy-init helper for SQLite (avoids import issues with storage layer)
-function getAnalyticsDbPath() {
-    return process.env.PRISM_DB_PATH || join(homedir(), ".prism", "prism.db");
+import { join, dirname } from "node:path";
+// ─── DB Connection ──────────────────────────────────────────
+let _db = null;
+let _tableReady = false;
+function getDbPath() {
+    return process.env.PRISM_ANALYTICS_DB_PATH
+        || join(homedir(), ".prism-mcp", "data.db");
+}
+function getDb() {
+    if (_db)
+        return _db;
+    const dbPath = getDbPath();
+    const dir = dirname(dbPath);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    _db = createClient({ url: `file:${dbPath}` });
+    return _db;
+}
+async function ensureTable() {
+    if (_tableReady)
+        return;
+    await getDb().execute("PRAGMA journal_mode=WAL");
+    await getDb().execute(`
+        CREATE TABLE IF NOT EXISTS api_analytics (
+            id TEXT PRIMARY KEY,
+            tool TEXT NOT NULL,
+            project TEXT NOT NULL,
+            timestamp TEXT NOT NULL,
+            duration_ms INTEGER NOT NULL,
+            input_tokens INTEGER NOT NULL,
+            output_tokens INTEGER NOT NULL,
+            success INTEGER NOT NULL,
+            error_message TEXT
+        )
+    `);
+    _tableReady = true;
+}
+/** Reset DB connection (for tests). */
+export function _resetDb() {
+    _db = null;
+    _tableReady = false;
 }
 // ─── In-Memory Buffer ────────────────────────────────────────
-// Batch writes to SQLite every N invocations or M seconds.
 const BUFFER = [];
 const FLUSH_THRESHOLD = 25;
 const FLUSH_INTERVAL_MS = 30_000;
 let flushTimer = null;
-// ─── Token Estimation ────────────────────────────────────────
-// Rough heuristic: 1 token ≈ 4 characters
 function estimateTokens(text) {
     return Math.ceil(text.length / 4);
 }
 // ─── Recording ───────────────────────────────────────────────
-/**
- * Record a tool invocation for analytics tracking.
- *
- * Call this from server.ts after each tool handler completes.
- * Uses a write buffer to avoid per-call SQLite overhead.
- */
-function _unused_recordInvocation(tool, project, args, response, durationMs, success, errorMessage) {
-    const invocation = {
-        id: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
-        tool,
-        project: project || "unknown",
-        timestamp: new Date().toISOString(),
-        durationMs,
-        inputTokens: estimateTokens(JSON.stringify(args || {})),
-        outputTokens: estimateTokens(response || ""),
-        success,
-        errorMessage,
-    };
-    BUFFER.push(invocation);
-    if (BUFFER.length >= FLUSH_THRESHOLD) {
-        flushBuffer();
+export function recordInvocation(tool, project, args, response, durationMs, success, errorMessage) {
+    // Called before the tool response return in both success and error paths
+    // of server dispatch — a throw here would swallow the tool result. Isolate.
+    try {
+        const invocation = {
+            id: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+            tool,
+            project: project || "unknown",
+            timestamp: new Date().toISOString(),
+            durationMs,
+            inputTokens: estimateTokens(JSON.stringify(args || {})),
+            outputTokens: estimateTokens(response || ""),
+            success,
+            errorMessage,
+        };
+        BUFFER.push(invocation);
+        if (BUFFER.length >= FLUSH_THRESHOLD) {
+            void flushBuffer();
+        }
+        if (!flushTimer) {
+            flushTimer = setTimeout(() => {
+                flushTimer = null;
+                void flushBuffer();
+            }, FLUSH_INTERVAL_MS);
+            if (typeof flushTimer === "object" && "unref" in flushTimer) {
+                flushTimer.unref();
+            }
+        }
     }
-    // Ensure periodic flush
-    if (!flushTimer) {
-        flushTimer = setTimeout(() => {
-            flushBuffer();
-            flushTimer = null;
-        }, FLUSH_INTERVAL_MS);
+    catch (err) {
+        debugLog(`Analytics recordInvocation skipped: ${err}`);
     }
 }
-/**
- * Flush buffered invocations to storage.
- */
 export async function flushBuffer() {
     if (BUFFER.length === 0)
         return 0;
     const batch = BUFFER.splice(0, BUFFER.length);
     try {
-        // @ts-ignore — better-sqlite3 types not installed; runtime dep only
-        const Database = (await import("better-sqlite3")).default;
-        const db = new Database(getAnalyticsDbPath());
-        // Ensure table exists
-        db.exec(`
-      CREATE TABLE IF NOT EXISTS api_analytics (
-        id TEXT PRIMARY KEY,
-        tool TEXT NOT NULL,
-        project TEXT NOT NULL,
-        timestamp TEXT NOT NULL,
-        duration_ms INTEGER NOT NULL,
-        input_tokens INTEGER NOT NULL,
-        output_tokens INTEGER NOT NULL,
-        success INTEGER NOT NULL,
-        error_message TEXT
-      )
-    `);
-        const stmt = db.prepare(`
-      INSERT OR IGNORE INTO api_analytics
-      (id, tool, project, timestamp, duration_ms, input_tokens, output_tokens, success, error_message)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
-    `);
+        await ensureTable();
+        const db = getDb();
         for (const inv of batch) {
-            stmt.run(inv.id, inv.tool, inv.project, inv.timestamp, inv.durationMs, inv.inputTokens, inv.outputTokens, inv.success ? 1 : 0, inv.errorMessage || null);
+            await db.execute({
+                sql: `INSERT OR IGNORE INTO api_analytics
+                      (id, tool, project, timestamp, duration_ms, input_tokens, output_tokens, success, error_message)
+                      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+                args: [
+                    inv.id, inv.tool, inv.project, inv.timestamp,
+                    inv.durationMs, inv.inputTokens, inv.outputTokens,
+                    inv.success ? 1 : 0, inv.errorMessage || null,
+                ],
+            });
         }
-        debugLog(`Analytics: flushed ${batch.length} invocations to SQLite`);
+        debugLog(`Analytics: flushed ${batch.length} invocations`);
         return batch.length;
     }
     catch (err) {
-        // Re-add to buffer on failure, cap max size to prevent unbounded growth
         BUFFER.unshift(...batch);
         if (BUFFER.length > 1000)
             BUFFER.splice(1000);
@@ -103,51 +126,51 @@ export async function flushBuffer() {
     }
 }
 // ─── Query Functions ─────────────────────────────────────────
-/**
- * Get analytics for a specific project.
- */
 export async function getProjectAnalytics(project, days = 30) {
-    await flushBuffer(); // Ensure latest data is written
+    await flushBuffer();
     try {
-        // @ts-ignore — better-sqlite3 types not installed; runtime dep only
-        const Database = (await import("better-sqlite3")).default;
-        const db = new Database(getAnalyticsDbPath());
-        const since = new Date(Date.now() - days * 24 * 60 * 60 * 1000).toISOString();
-        const stats = db.prepare(`
-      SELECT
-        COUNT(*) as total_calls,
-        AVG(CASE WHEN success = 1 THEN 1.0 ELSE 0.0 END) as success_rate,
-        AVG(duration_ms) as avg_duration,
-        SUM(input_tokens) as total_input,
-        SUM(output_tokens) as total_output,
-        MIN(timestamp) as period_start,
-        MAX(timestamp) as period_end
-      FROM api_analytics
-      WHERE project = ? AND timestamp >= ?
-    `).get(project, since);
-        const topTools = db.prepare(`
-      SELECT tool, COUNT(*) as count
-      FROM api_analytics
-      WHERE project = ? AND timestamp >= ?
-      GROUP BY tool ORDER BY count DESC LIMIT 10
-    `).all(project, since);
-        const callsByDay = db.prepare(`
-      SELECT DATE(timestamp) as date, COUNT(*) as count
-      FROM api_analytics
-      WHERE project = ? AND timestamp >= ?
-      GROUP BY DATE(timestamp) ORDER BY date
-    `).all(project, since);
+        await ensureTable();
+        const db = getDb();
+        const since = new Date(Date.now() - days * 86_400_000).toISOString();
+        const stats = await db.execute({
+            sql: `SELECT
+                    COUNT(*) as total_calls,
+                    AVG(CASE WHEN success = 1 THEN 1.0 ELSE 0.0 END) as success_rate,
+                    AVG(duration_ms) as avg_duration,
+                    SUM(input_tokens) as total_input,
+                    SUM(output_tokens) as total_output,
+                    MIN(timestamp) as period_start,
+                    MAX(timestamp) as period_end
+                  FROM api_analytics
+                  WHERE project = ? AND timestamp >= ?`,
+            args: [project, since],
+        });
+        const s = stats.rows[0];
+        const topTools = await db.execute({
+            sql: `SELECT tool, COUNT(*) as count
+                  FROM api_analytics
+                  WHERE project = ? AND timestamp >= ?
+                  GROUP BY tool ORDER BY count DESC LIMIT 10`,
+            args: [project, since],
+        });
+        const callsByDay = await db.execute({
+            sql: `SELECT DATE(timestamp) as date, COUNT(*) as count
+                  FROM api_analytics
+                  WHERE project = ? AND timestamp >= ?
+                  GROUP BY DATE(timestamp) ORDER BY date`,
+            args: [project, since],
+        });
         return {
             project,
-            totalCalls: stats?.total_calls || 0,
-            successRate: stats?.success_rate || 0,
-            avgDurationMs: Math.round(stats?.avg_duration || 0),
-            totalInputTokens: stats?.total_input || 0,
-            totalOutputTokens: stats?.total_output || 0,
-            topTools: topTools.map((r) => ({ tool: r.tool, count: r.count })),
-            callsByDay: callsByDay.map((r) => ({ date: r.date, count: r.count })),
-            periodStart: stats?.period_start || since,
-            periodEnd: stats?.period_end || new Date().toISOString(),
+            totalCalls: Number(s?.total_calls) || 0,
+            successRate: Number(s?.success_rate) || 0,
+            avgDurationMs: Math.round(Number(s?.avg_duration) || 0),
+            totalInputTokens: Number(s?.total_input) || 0,
+            totalOutputTokens: Number(s?.total_output) || 0,
+            topTools: topTools.rows.map((r) => ({ tool: r.tool, count: Number(r.count) })),
+            callsByDay: callsByDay.rows.map((r) => ({ date: r.date, count: Number(r.count) })),
+            periodStart: s?.period_start || since,
+            periodEnd: s?.period_end || new Date().toISOString(),
         };
     }
     catch (err) {
@@ -161,37 +184,37 @@ export async function getProjectAnalytics(project, days = 30) {
         };
     }
 }
-/**
- * Get system-wide analytics across all projects.
- */
 export async function getSystemAnalytics(days = 30) {
     await flushBuffer();
     try {
-        // @ts-ignore — better-sqlite3 types not installed; runtime dep only
-        const Database = (await import("better-sqlite3")).default;
-        const db = new Database(getAnalyticsDbPath());
-        const since = new Date(Date.now() - days * 24 * 60 * 60 * 1000).toISOString();
-        const stats = db.prepare(`
-      SELECT COUNT(*) as total, COUNT(DISTINCT project) as projects,
-             AVG(CASE WHEN success = 1 THEN 1.0 ELSE 0.0 END) as success_rate,
-             AVG(duration_ms) as avg_duration
-      FROM api_analytics WHERE timestamp >= ?
-    `).get(since);
-        const topProjects = db.prepare(`
-      SELECT project, COUNT(*) as calls FROM api_analytics
-      WHERE timestamp >= ? GROUP BY project ORDER BY calls DESC LIMIT 10
-    `).all(since);
-        const topTools = db.prepare(`
-      SELECT tool, COUNT(*) as calls FROM api_analytics
-      WHERE timestamp >= ? GROUP BY tool ORDER BY calls DESC LIMIT 10
-    `).all(since);
+        await ensureTable();
+        const db = getDb();
+        const since = new Date(Date.now() - days * 86_400_000).toISOString();
+        const stats = await db.execute({
+            sql: `SELECT COUNT(*) as total, COUNT(DISTINCT project) as projects,
+                         AVG(CASE WHEN success = 1 THEN 1.0 ELSE 0.0 END) as success_rate,
+                         AVG(duration_ms) as avg_duration
+                  FROM api_analytics WHERE timestamp >= ?`,
+            args: [since],
+        });
+        const s = stats.rows[0];
+        const topProjects = await db.execute({
+            sql: `SELECT project, COUNT(*) as calls FROM api_analytics
+                  WHERE timestamp >= ? GROUP BY project ORDER BY calls DESC LIMIT 10`,
+            args: [since],
+        });
+        const topTools = await db.execute({
+            sql: `SELECT tool, COUNT(*) as calls FROM api_analytics
+                  WHERE timestamp >= ? GROUP BY tool ORDER BY calls DESC LIMIT 10`,
+            args: [since],
+        });
         return {
-            totalProjects: stats?.projects || 0,
-            totalCalls: stats?.total || 0,
-            globalSuccessRate: stats?.success_rate || 0,
-            avgDurationMs: Math.round(stats?.avg_duration || 0),
-            topProjects: topProjects.map((r) => ({ project: r.project, calls: r.calls })),
-            topTools: topTools.map((r) => ({ tool: r.tool, calls: r.calls })),
+            totalProjects: Number(s?.projects) || 0,
+            totalCalls: Number(s?.total) || 0,
+            globalSuccessRate: Number(s?.success_rate) || 0,
+            avgDurationMs: Math.round(Number(s?.avg_duration) || 0),
+            topProjects: topProjects.rows.map((r) => ({ project: r.project, calls: Number(r.calls) })),
+            topTools: topTools.rows.map((r) => ({ tool: r.tool, calls: Number(r.calls) })),
             callsByHour: [],
         };
     }
@@ -202,4 +225,4 @@ export async function getSystemAnalytics(days = 30) {
         };
     }
 }
-debugLog("v12.2: API analytics module loaded");
+debugLog("API analytics module loaded (@libsql/client)");

package/dist/utils/ddLogger.js

@@ -18,6 +18,7 @@ const CONTEXT_ALLOWLIST = new Set([
     "ceiling_clamped", "requested_tokens", "effective_tokens", "tokens_clamped",
     "cloud_requested", "cloud_allowed", "cloud_blocked",
     "verify_requested", "verify_allowed", "verify_blocked",
+    "tool", "project", "success", "durationMs",
 ]);
 const queue = [];
 let flushTimer = null;

package/dist/utils/notifier.js

@@ -11,6 +11,8 @@
  * Zero external dependencies — uses native fetch API.
  */
 import { debugLog } from "./logger.js";
+import { lookup } from "node:dns/promises";
+import { Agent } from "undici";
 // ─── Default Config ──────────────────────────────────────────
 const DEFAULT_CONFIG = {
     enabled: false,
@@ -99,43 +101,62 @@ function isPrivateIP(ip) {
         return true;
     return false;
 }
-function isAllowedUrl(url) {
+async function validateUrl(url) {
     try {
         const parsed = new URL(url);
-        // Block non-HTTP(S) schemes
         if (parsed.protocol !== "http:" && parsed.protocol !== "https:")
-            return false;
+            return { allowed: false };
         const hostname = parsed.hostname.toLowerCase();
-        // Block localhost variants
         if (hostname === "localhost" || hostname === "localhost.localdomain")
-            return false;
-        // Block .internal, .local, .arpa TLDs
+            return { allowed: false };
         if (hostname.endsWith(".internal") || hostname.endsWith(".local") || hostname.endsWith(".arpa"))
-            return false;
-        // Block private/loopback IPs (covers 0.0.0.0, 127.x, 10.x, 172.16-31.x, 192.168.x, ::1, etc.)
+            return { allowed: false };
         if (isPrivateIP(hostname))
-            return false;
-        // Block bracketed IPv6
+            return { allowed: false };
         if (hostname.startsWith("[") && isPrivateIP(hostname))
-            return false;
-        return true;
+            return { allowed: false };
+        try {
+            const addrs = await lookup(hostname, { all: true });
+            for (const { address } of addrs) {
+                if (isPrivateIP(address))
+                    return { allowed: false };
+            }
+            // Return the first validated address so senders can pin DNS
+            return { allowed: true, resolvedAddr: addrs[0].address, resolvedFamily: addrs[0].family };
+        }
+        catch {
+            return { allowed: false };
+        }
     }
     catch {
-        return false;
+        return { allowed: false };
     }
 }
+function pinnedDispatcher(address, family) {
+    return new Agent({
+        connect: {
+            lookup: (_hostname, _opts, cb) => {
+                cb(null, address, family);
+            },
+        },
+    });
+}
 // ─── Channel Senders ─────────────────────────────────────────
 async function sendWebhook(url, payload) {
-    if (!isAllowedUrl(url)) {
+    const check = await validateUrl(url);
+    if (!check.allowed) {
         debugLog(`Webhook URL blocked by SSRF policy: ${url}`);
         return false;
     }
+    const dispatcher = pinnedDispatcher(check.resolvedAddr, check.resolvedFamily);
     try {
         const response = await fetch(url, {
             method: "POST",
             headers: { "Content-Type": "application/json" },
             body: JSON.stringify(payload),
+            redirect: "error",
             signal: AbortSignal.timeout(10_000),
+            dispatcher,
         });
         return response.ok;
     }
@@ -143,9 +164,13 @@ async function sendWebhook(url, payload) {
         debugLog(`Webhook notification failed: ${err}`);
         return false;
     }
+    finally {
+        await dispatcher.close().catch(() => { });
+    }
 }
 async function sendSlack(webhookUrl, payload) {
-    if (!isAllowedUrl(webhookUrl)) {
+    const check = await validateUrl(webhookUrl);
+    if (!check.allowed) {
         debugLog(`Slack webhook URL blocked by SSRF policy: ${webhookUrl}`);
         return false;
     }
@@ -186,12 +211,15 @@ async function sendSlack(webhookUrl, payload) {
                 : []),
         ],
     };
+    const dispatcher = pinnedDispatcher(check.resolvedAddr, check.resolvedFamily);
     try {
         const response = await fetch(webhookUrl, {
             method: "POST",
             headers: { "Content-Type": "application/json" },
             body: JSON.stringify(slackPayload),
+            redirect: "error",
             signal: AbortSignal.timeout(10_000),
+            dispatcher,
         });
         return response.ok;
     }
@@ -199,13 +227,17 @@ async function sendSlack(webhookUrl, payload) {
         debugLog(`Slack notification failed: ${err}`);
         return false;
     }
+    finally {
+        await dispatcher.close().catch(() => { });
+    }
 }
 async function sendEmail(endpoint, payload) {
-    if (!isAllowedUrl(endpoint)) {
+    const check = await validateUrl(endpoint);
+    if (!check.allowed) {
         debugLog(`Email endpoint URL blocked by SSRF policy: ${endpoint}`);
         return false;
     }
-    // Email via webhook relay (e.g., SendGrid, Mailgun, or custom endpoint)
+    const dispatcher = pinnedDispatcher(check.resolvedAddr, check.resolvedFamily);
     try {
         const response = await fetch(endpoint, {
             method: "POST",
@@ -216,7 +248,9 @@ async function sendEmail(endpoint, payload) {
                 project: payload.project,
                 details: payload.details,
             }),
+            redirect: "error",
             signal: AbortSignal.timeout(10_000),
+            dispatcher,
         });
         return response.ok;
     }
@@ -224,6 +258,9 @@ async function sendEmail(endpoint, payload) {
         debugLog(`Email notification failed: ${err}`);
         return false;
     }
+    finally {
+        await dispatcher.close().catch(() => { });
+    }
 }
 // ─── Public API ──────────────────────────────────────────────
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prism-mcp-server",
-  "version": "19.2.4",
+  "version": "19.2.6",
   "mcpName": "io.github.dcostenco/prism-coder",
   "description": "Prism Coder — Cognitive memory + tool-calling intelligence for AI agents. Mind Palace persistent memory (BFCL Gold Certified, 100% Tool-Call Accuracy, 114 Agent Skills, PHI Guard, Tier Enforcement, Prompt-Based Skill Routing, Zero-Search HDC/HRR retrieval, HRR Semantic Drift Detection across BCBA/Coding/AAC domains, HIPAA-hardened local-first storage, SLERP-optimized GRPO alignment) plus the prism-coder 1.7B–32B open-weights LLM fleet.",
   "module": "index.ts",
@@ -105,7 +105,7 @@
     "@types/mozilla-readability": "^0.2.1",
     "@types/turndown": "^5.0.6",
     "dotenv": "^17.4.2",
-    "tsx": "^4.19.3",
+    "tsx": "^4.22.4",
     "vitest": "^4.1.1"
   },
   "peerDependencies": {
@@ -129,9 +129,10 @@
     "@modelcontextprotocol/sdk": "^1.27.1",
     "@mozilla/readability": "^0.6.0",
     "@opentelemetry/api": "^1.9.1",
-    "@opentelemetry/exporter-trace-otlp-http": "^0.214.0",
-    "@opentelemetry/resources": "^2.6.1",
-    "@opentelemetry/sdk-trace-node": "^2.6.1",
+    "@opentelemetry/core": "^2.8.0",
+    "@opentelemetry/exporter-trace-otlp-http": "^0.219.0",
+    "@opentelemetry/resources": "^2.8.0",
+    "@opentelemetry/sdk-trace-node": "^2.8.0",
     "@opentelemetry/semantic-conventions": "^1.40.0",
     "@supabase/supabase-js": "^2.99.3",
     "cheerio": "^1.2.0",