prism-mcp-server 19.2.5 → 19.2.6

package/dist/server.js

@@ -80,6 +80,7 @@ import { getTracer, initTelemetry } from "./utils/telemetry.js";
 import { context as otelContext, trace, SpanStatusCode } from "@opentelemetry/api";
 import { ddInfo, ddError as ddLogError } from "./utils/ddLogger.js";
 import { inferenceMetricsHandler } from "./utils/inferenceMetrics.js";
+import { recordInvocation } from "./utils/analytics.js";
 // ─── Import Tool Definitions (schemas) and Handlers (implementations) ─────
 import { WEB_SEARCH_TOOL, BRAVE_WEB_SEARCH_CODE_MODE_TOOL, LOCAL_SEARCH_TOOL, BRAVE_LOCAL_SEARCH_CODE_MODE_TOOL, CODE_MODE_TRANSFORM_TOOL, BRAVE_ANSWERS_TOOL, RESEARCH_PAPER_ANALYSIS_TOOL, webSearchHandler, braveWebSearchCodeModeHandler, localSearchHandler, braveLocalSearchCodeModeHandler, codeModeTransformHandler, braveAnswersHandler, researchPaperAnalysisHandler, } from "./tools/index.js";
 // Session memory tools — only used if Supabase is configured
@@ -975,7 +976,9 @@ export function createServer() {
                         };
                 }
                 rootSpan.setStatus({ code: SpanStatusCode.OK });
-                ddInfo("mcp.tool.success", { tool: name, project: args?.project, durationMs: Date.now() - _ddStart });
+                const _ddDuration = Date.now() - _ddStart;
+                ddInfo("mcp.tool.success", { tool: name, project: args?.project, durationMs: _ddDuration });
+                recordInvocation(name, String(args?.project ?? ""), args, JSON.stringify(result?.content?.[0]?.text ?? "").slice(0, 2000), _ddDuration, true);
                 // ═══ v5.3: Hivemind Watchdog Alert Injection (Telepathy) ═══
                 // CRITICAL: Append alerts DIRECTLY to tool response content
                 // so the LLM actually reads them. sendLoggingMessage goes to
@@ -1015,13 +1018,16 @@ export function createServer() {
                 return result;
             }
             catch (error) {
-                console.error(`Error in tool handler: ${error instanceof Error ? error.message : String(error)}`);
-                ddLogError("mcp.tool.error", error instanceof Error ? error : undefined, { tool: name, project: args?.project, durationMs: Date.now() - _ddStart });
-                rootSpan.recordException(error instanceof Error ? error : new Error(String(error)));
+                const errMsg = error instanceof Error ? error.message : String(error);
+                const _ddErrDuration = Date.now() - _ddStart;
+                console.error(`Error in tool handler: ${errMsg}`);
+                ddLogError("mcp.tool.error", error instanceof Error ? error : undefined, { tool: name, project: args?.project, durationMs: _ddErrDuration });
+                rootSpan.recordException(error instanceof Error ? error : new Error(errMsg));
                 rootSpan.setStatus({
                     code: SpanStatusCode.ERROR,
-                    message: error instanceof Error ? error.message : String(error),
+                    message: errMsg,
                 });
+                recordInvocation(name, String(args?.project ?? ""), args, "", _ddErrDuration, false, errMsg);
                 return {
                     content: [
                         {

package/dist/tools/v12Handlers.js

@@ -114,10 +114,10 @@ export async function extractEntitiesHandler(args) {
 }
 // ─── API Analytics Handler ───────────────────────────────────
 export async function apiAnalyticsHandler(args) {
-    const { action, project, days } = args;
+    const { scope, project, days } = args;
     try {
         const analytics = await import("../utils/analytics.js");
-        if (action === "dashboard" || !action) {
+        if (scope === "system" || !scope) {
             const dashboard = await analytics.getSystemAnalytics(days || 30);
             return {
                 content: [{
@@ -130,7 +130,7 @@ export async function apiAnalyticsHandler(args) {
                     }],
             };
         }
-        if (action === "project" && project) {
+        if (scope === "project" && project) {
             const projectStats = await analytics.getProjectAnalytics(project, days || 30);
             return {
                 content: [{
@@ -149,7 +149,7 @@ export async function apiAnalyticsHandler(args) {
                     type: "text",
                     text: JSON.stringify({
                         status: "ok",
-                        message: "Use action='dashboard' for aggregate stats or action='project' with project='name' for per-project stats.",
+                        message: "Use scope='system' for aggregate stats or scope='project' with project='name' for per-project stats.",
                     }, null, 2),
                 }],
         };

package/dist/utils/analytics.js

@@ -1,100 +1,123 @@
 /**
- * v12.2: API Usage Analytics — Per-Project Call Tracking
+ * API Usage Analytics — Per-Project Call Tracking
  *
  * Tracks every MCP tool invocation with timing, token estimates,
- * and project association. Provides aggregate analytics for the
- * Mind Palace Dashboard.
+ * and project association. Uses @libsql/client (same as the rest
+ * of prism's local storage layer).
  *
- * Storage: Local SQLite table `api_analytics` (auto-created).
- * Zero external dependencies — no cloud telemetry.
+ * Storage: `api_analytics` table in ~/.prism-mcp/data.db
  */
 import { debugLog } from "./logger.js";
+import { createClient } from "@libsql/client";
+import { existsSync, mkdirSync } from "node:fs";
 import { homedir } from "node:os";
-import { join } from "node:path";
-// Lazy-init helper for SQLite (avoids import issues with storage layer)
-function getAnalyticsDbPath() {
-    return process.env.PRISM_DB_PATH || join(homedir(), ".prism", "prism.db");
+import { join, dirname } from "node:path";
+// ─── DB Connection ──────────────────────────────────────────
+let _db = null;
+let _tableReady = false;
+function getDbPath() {
+    return process.env.PRISM_ANALYTICS_DB_PATH
+        || join(homedir(), ".prism-mcp", "data.db");
+}
+function getDb() {
+    if (_db)
+        return _db;
+    const dbPath = getDbPath();
+    const dir = dirname(dbPath);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    _db = createClient({ url: `file:${dbPath}` });
+    return _db;
+}
+async function ensureTable() {
+    if (_tableReady)
+        return;
+    await getDb().execute("PRAGMA journal_mode=WAL");
+    await getDb().execute(`
+        CREATE TABLE IF NOT EXISTS api_analytics (
+            id TEXT PRIMARY KEY,
+            tool TEXT NOT NULL,
+            project TEXT NOT NULL,
+            timestamp TEXT NOT NULL,
+            duration_ms INTEGER NOT NULL,
+            input_tokens INTEGER NOT NULL,
+            output_tokens INTEGER NOT NULL,
+            success INTEGER NOT NULL,
+            error_message TEXT
+        )
+    `);
+    _tableReady = true;
+}
+/** Reset DB connection (for tests). */
+export function _resetDb() {
+    _db = null;
+    _tableReady = false;
 }
 // ─── In-Memory Buffer ────────────────────────────────────────
-// Batch writes to SQLite every N invocations or M seconds.
 const BUFFER = [];
 const FLUSH_THRESHOLD = 25;
 const FLUSH_INTERVAL_MS = 30_000;
 let flushTimer = null;
-// ─── Token Estimation ────────────────────────────────────────
-// Rough heuristic: 1 token ≈ 4 characters
 function estimateTokens(text) {
     return Math.ceil(text.length / 4);
 }
 // ─── Recording ───────────────────────────────────────────────
-/**
- * Record a tool invocation for analytics tracking.
- *
- * Call this from server.ts after each tool handler completes.
- * Uses a write buffer to avoid per-call SQLite overhead.
- */
-function _unused_recordInvocation(tool, project, args, response, durationMs, success, errorMessage) {
-    const invocation = {
-        id: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
-        tool,
-        project: project || "unknown",
-        timestamp: new Date().toISOString(),
-        durationMs,
-        inputTokens: estimateTokens(JSON.stringify(args || {})),
-        outputTokens: estimateTokens(response || ""),
-        success,
-        errorMessage,
-    };
-    BUFFER.push(invocation);
-    if (BUFFER.length >= FLUSH_THRESHOLD) {
-        flushBuffer();
+export function recordInvocation(tool, project, args, response, durationMs, success, errorMessage) {
+    // Called before the tool response return in both success and error paths
+    // of server dispatch — a throw here would swallow the tool result. Isolate.
+    try {
+        const invocation = {
+            id: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+            tool,
+            project: project || "unknown",
+            timestamp: new Date().toISOString(),
+            durationMs,
+            inputTokens: estimateTokens(JSON.stringify(args || {})),
+            outputTokens: estimateTokens(response || ""),
+            success,
+            errorMessage,
+        };
+        BUFFER.push(invocation);
+        if (BUFFER.length >= FLUSH_THRESHOLD) {
+            void flushBuffer();
+        }
+        if (!flushTimer) {
+            flushTimer = setTimeout(() => {
+                flushTimer = null;
+                void flushBuffer();
+            }, FLUSH_INTERVAL_MS);
+            if (typeof flushTimer === "object" && "unref" in flushTimer) {
+                flushTimer.unref();
+            }
+        }
     }
-    // Ensure periodic flush
-    if (!flushTimer) {
-        flushTimer = setTimeout(() => {
-            flushBuffer();
-            flushTimer = null;
-        }, FLUSH_INTERVAL_MS);
+    catch (err) {
+        debugLog(`Analytics recordInvocation skipped: ${err}`);
     }
 }
-/**
- * Flush buffered invocations to storage.
- */
 export async function flushBuffer() {
     if (BUFFER.length === 0)
         return 0;
     const batch = BUFFER.splice(0, BUFFER.length);
     try {
-        // @ts-ignore — better-sqlite3 types not installed; runtime dep only
-        const Database = (await import("better-sqlite3")).default;
-        const db = new Database(getAnalyticsDbPath());
-        // Ensure table exists
-        db.exec(`
-      CREATE TABLE IF NOT EXISTS api_analytics (
-        id TEXT PRIMARY KEY,
-        tool TEXT NOT NULL,
-        project TEXT NOT NULL,
-        timestamp TEXT NOT NULL,
-        duration_ms INTEGER NOT NULL,
-        input_tokens INTEGER NOT NULL,
-        output_tokens INTEGER NOT NULL,
-        success INTEGER NOT NULL,
-        error_message TEXT
-      )
-    `);
-        const stmt = db.prepare(`
-      INSERT OR IGNORE INTO api_analytics
-      (id, tool, project, timestamp, duration_ms, input_tokens, output_tokens, success, error_message)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
-    `);
+        await ensureTable();
+        const db = getDb();
         for (const inv of batch) {
-            stmt.run(inv.id, inv.tool, inv.project, inv.timestamp, inv.durationMs, inv.inputTokens, inv.outputTokens, inv.success ? 1 : 0, inv.errorMessage || null);
+            await db.execute({
+                sql: `INSERT OR IGNORE INTO api_analytics
+                      (id, tool, project, timestamp, duration_ms, input_tokens, output_tokens, success, error_message)
+                      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+                args: [
+                    inv.id, inv.tool, inv.project, inv.timestamp,
+                    inv.durationMs, inv.inputTokens, inv.outputTokens,
+                    inv.success ? 1 : 0, inv.errorMessage || null,
+                ],
+            });
         }
-        debugLog(`Analytics: flushed ${batch.length} invocations to SQLite`);
+        debugLog(`Analytics: flushed ${batch.length} invocations`);
         return batch.length;
     }
     catch (err) {
-        // Re-add to buffer on failure, cap max size to prevent unbounded growth
         BUFFER.unshift(...batch);
         if (BUFFER.length > 1000)
             BUFFER.splice(1000);
@@ -103,51 +126,51 @@ export async function flushBuffer() {
     }
 }
 // ─── Query Functions ─────────────────────────────────────────
-/**
- * Get analytics for a specific project.
- */
 export async function getProjectAnalytics(project, days = 30) {
-    await flushBuffer(); // Ensure latest data is written
+    await flushBuffer();
     try {
-        // @ts-ignore — better-sqlite3 types not installed; runtime dep only
-        const Database = (await import("better-sqlite3")).default;
-        const db = new Database(getAnalyticsDbPath());
-        const since = new Date(Date.now() - days * 24 * 60 * 60 * 1000).toISOString();
-        const stats = db.prepare(`
-      SELECT
-        COUNT(*) as total_calls,
-        AVG(CASE WHEN success = 1 THEN 1.0 ELSE 0.0 END) as success_rate,
-        AVG(duration_ms) as avg_duration,
-        SUM(input_tokens) as total_input,
-        SUM(output_tokens) as total_output,
-        MIN(timestamp) as period_start,
-        MAX(timestamp) as period_end
-      FROM api_analytics
-      WHERE project = ? AND timestamp >= ?
-    `).get(project, since);
-        const topTools = db.prepare(`
-      SELECT tool, COUNT(*) as count
-      FROM api_analytics
-      WHERE project = ? AND timestamp >= ?
-      GROUP BY tool ORDER BY count DESC LIMIT 10
-    `).all(project, since);
-        const callsByDay = db.prepare(`
-      SELECT DATE(timestamp) as date, COUNT(*) as count
-      FROM api_analytics
-      WHERE project = ? AND timestamp >= ?
-      GROUP BY DATE(timestamp) ORDER BY date
-    `).all(project, since);
+        await ensureTable();
+        const db = getDb();
+        const since = new Date(Date.now() - days * 86_400_000).toISOString();
+        const stats = await db.execute({
+            sql: `SELECT
+                    COUNT(*) as total_calls,
+                    AVG(CASE WHEN success = 1 THEN 1.0 ELSE 0.0 END) as success_rate,
+                    AVG(duration_ms) as avg_duration,
+                    SUM(input_tokens) as total_input,
+                    SUM(output_tokens) as total_output,
+                    MIN(timestamp) as period_start,
+                    MAX(timestamp) as period_end
+                  FROM api_analytics
+                  WHERE project = ? AND timestamp >= ?`,
+            args: [project, since],
+        });
+        const s = stats.rows[0];
+        const topTools = await db.execute({
+            sql: `SELECT tool, COUNT(*) as count
+                  FROM api_analytics
+                  WHERE project = ? AND timestamp >= ?
+                  GROUP BY tool ORDER BY count DESC LIMIT 10`,
+            args: [project, since],
+        });
+        const callsByDay = await db.execute({
+            sql: `SELECT DATE(timestamp) as date, COUNT(*) as count
+                  FROM api_analytics
+                  WHERE project = ? AND timestamp >= ?
+                  GROUP BY DATE(timestamp) ORDER BY date`,
+            args: [project, since],
+        });
         return {
             project,
-            totalCalls: stats?.total_calls || 0,
-            successRate: stats?.success_rate || 0,
-            avgDurationMs: Math.round(stats?.avg_duration || 0),
-            totalInputTokens: stats?.total_input || 0,
-            totalOutputTokens: stats?.total_output || 0,
-            topTools: topTools.map((r) => ({ tool: r.tool, count: r.count })),
-            callsByDay: callsByDay.map((r) => ({ date: r.date, count: r.count })),
-            periodStart: stats?.period_start || since,
-            periodEnd: stats?.period_end || new Date().toISOString(),
+            totalCalls: Number(s?.total_calls) || 0,
+            successRate: Number(s?.success_rate) || 0,
+            avgDurationMs: Math.round(Number(s?.avg_duration) || 0),
+            totalInputTokens: Number(s?.total_input) || 0,
+            totalOutputTokens: Number(s?.total_output) || 0,
+            topTools: topTools.rows.map((r) => ({ tool: r.tool, count: Number(r.count) })),
+            callsByDay: callsByDay.rows.map((r) => ({ date: r.date, count: Number(r.count) })),
+            periodStart: s?.period_start || since,
+            periodEnd: s?.period_end || new Date().toISOString(),
         };
     }
     catch (err) {
@@ -161,37 +184,37 @@ export async function getProjectAnalytics(project, days = 30) {
         };
     }
 }
-/**
- * Get system-wide analytics across all projects.
- */
 export async function getSystemAnalytics(days = 30) {
     await flushBuffer();
     try {
-        // @ts-ignore — better-sqlite3 types not installed; runtime dep only
-        const Database = (await import("better-sqlite3")).default;
-        const db = new Database(getAnalyticsDbPath());
-        const since = new Date(Date.now() - days * 24 * 60 * 60 * 1000).toISOString();
-        const stats = db.prepare(`
-      SELECT COUNT(*) as total, COUNT(DISTINCT project) as projects,
-             AVG(CASE WHEN success = 1 THEN 1.0 ELSE 0.0 END) as success_rate,
-             AVG(duration_ms) as avg_duration
-      FROM api_analytics WHERE timestamp >= ?
-    `).get(since);
-        const topProjects = db.prepare(`
-      SELECT project, COUNT(*) as calls FROM api_analytics
-      WHERE timestamp >= ? GROUP BY project ORDER BY calls DESC LIMIT 10
-    `).all(since);
-        const topTools = db.prepare(`
-      SELECT tool, COUNT(*) as calls FROM api_analytics
-      WHERE timestamp >= ? GROUP BY tool ORDER BY calls DESC LIMIT 10
-    `).all(since);
+        await ensureTable();
+        const db = getDb();
+        const since = new Date(Date.now() - days * 86_400_000).toISOString();
+        const stats = await db.execute({
+            sql: `SELECT COUNT(*) as total, COUNT(DISTINCT project) as projects,
+                         AVG(CASE WHEN success = 1 THEN 1.0 ELSE 0.0 END) as success_rate,
+                         AVG(duration_ms) as avg_duration
+                  FROM api_analytics WHERE timestamp >= ?`,
+            args: [since],
+        });
+        const s = stats.rows[0];
+        const topProjects = await db.execute({
+            sql: `SELECT project, COUNT(*) as calls FROM api_analytics
+                  WHERE timestamp >= ? GROUP BY project ORDER BY calls DESC LIMIT 10`,
+            args: [since],
+        });
+        const topTools = await db.execute({
+            sql: `SELECT tool, COUNT(*) as calls FROM api_analytics
+                  WHERE timestamp >= ? GROUP BY tool ORDER BY calls DESC LIMIT 10`,
+            args: [since],
+        });
         return {
-            totalProjects: stats?.projects || 0,
-            totalCalls: stats?.total || 0,
-            globalSuccessRate: stats?.success_rate || 0,
-            avgDurationMs: Math.round(stats?.avg_duration || 0),
-            topProjects: topProjects.map((r) => ({ project: r.project, calls: r.calls })),
-            topTools: topTools.map((r) => ({ tool: r.tool, calls: r.calls })),
+            totalProjects: Number(s?.projects) || 0,
+            totalCalls: Number(s?.total) || 0,
+            globalSuccessRate: Number(s?.success_rate) || 0,
+            avgDurationMs: Math.round(Number(s?.avg_duration) || 0),
+            topProjects: topProjects.rows.map((r) => ({ project: r.project, calls: Number(r.calls) })),
+            topTools: topTools.rows.map((r) => ({ tool: r.tool, calls: Number(r.calls) })),
             callsByHour: [],
         };
     }
@@ -202,4 +225,4 @@ export async function getSystemAnalytics(days = 30) {
         };
     }
 }
-debugLog("v12.2: API analytics module loaded");
+debugLog("API analytics module loaded (@libsql/client)");

package/dist/utils/ddLogger.js

@@ -18,6 +18,7 @@ const CONTEXT_ALLOWLIST = new Set([
     "ceiling_clamped", "requested_tokens", "effective_tokens", "tokens_clamped",
     "cloud_requested", "cloud_allowed", "cloud_blocked",
     "verify_requested", "verify_allowed", "verify_blocked",
+    "tool", "project", "success", "durationMs",
 ]);
 const queue = [];
 let flushTimer = null;

package/dist/utils/notifier.js

@@ -12,6 +12,7 @@
  */
 import { debugLog } from "./logger.js";
 import { lookup } from "node:dns/promises";
+import { Agent } from "undici";
 // ─── Default Config ──────────────────────────────────────────
 const DEFAULT_CONFIG = {
     enabled: false,
@@ -100,49 +101,54 @@ function isPrivateIP(ip) {
         return true;
     return false;
 }
-async function isAllowedUrl(url) {
+async function validateUrl(url) {
     try {
         const parsed = new URL(url);
-        // Block non-HTTP(S) schemes
         if (parsed.protocol !== "http:" && parsed.protocol !== "https:")
-            return false;
+            return { allowed: false };
         const hostname = parsed.hostname.toLowerCase();
-        // Block localhost variants
         if (hostname === "localhost" || hostname === "localhost.localdomain")
-            return false;
-        // Block .internal, .local, .arpa TLDs
+            return { allowed: false };
         if (hostname.endsWith(".internal") || hostname.endsWith(".local") || hostname.endsWith(".arpa"))
-            return false;
-        // Block private/loopback IPs (covers 0.0.0.0, 127.x, 10.x, 172.16-31.x, 192.168.x, ::1, etc.)
+            return { allowed: false };
         if (isPrivateIP(hostname))
-            return false;
-        // Block bracketed IPv6
+            return { allowed: false };
         if (hostname.startsWith("[") && isPrivateIP(hostname))
-            return false;
-        // Resolve hostname and reject if ANY address is private (closes
-        // attacker.example → 169.254.169.254 / 127.0.0.1 bypass)
+            return { allowed: false };
         try {
             const addrs = await lookup(hostname, { all: true });
             for (const { address } of addrs) {
                 if (isPrivateIP(address))
-                    return false;
+                    return { allowed: false };
             }
+            // Return the first validated address so senders can pin DNS
+            return { allowed: true, resolvedAddr: addrs[0].address, resolvedFamily: addrs[0].family };
         }
         catch {
-            return false;
+            return { allowed: false };
         }
-        return true;
     }
     catch {
-        return false;
+        return { allowed: false };
     }
 }
+function pinnedDispatcher(address, family) {
+    return new Agent({
+        connect: {
+            lookup: (_hostname, _opts, cb) => {
+                cb(null, address, family);
+            },
+        },
+    });
+}
 // ─── Channel Senders ─────────────────────────────────────────
 async function sendWebhook(url, payload) {
-    if (!(await isAllowedUrl(url))) {
+    const check = await validateUrl(url);
+    if (!check.allowed) {
         debugLog(`Webhook URL blocked by SSRF policy: ${url}`);
         return false;
     }
+    const dispatcher = pinnedDispatcher(check.resolvedAddr, check.resolvedFamily);
     try {
         const response = await fetch(url, {
             method: "POST",
@@ -150,6 +156,7 @@ async function sendWebhook(url, payload) {
             body: JSON.stringify(payload),
             redirect: "error",
             signal: AbortSignal.timeout(10_000),
+            dispatcher,
         });
         return response.ok;
     }
@@ -157,9 +164,13 @@ async function sendWebhook(url, payload) {
         debugLog(`Webhook notification failed: ${err}`);
         return false;
     }
+    finally {
+        await dispatcher.close().catch(() => { });
+    }
 }
 async function sendSlack(webhookUrl, payload) {
-    if (!(await isAllowedUrl(webhookUrl))) {
+    const check = await validateUrl(webhookUrl);
+    if (!check.allowed) {
         debugLog(`Slack webhook URL blocked by SSRF policy: ${webhookUrl}`);
         return false;
     }
@@ -200,6 +211,7 @@ async function sendSlack(webhookUrl, payload) {
                 : []),
         ],
     };
+    const dispatcher = pinnedDispatcher(check.resolvedAddr, check.resolvedFamily);
     try {
         const response = await fetch(webhookUrl, {
             method: "POST",
@@ -207,6 +219,7 @@ async function sendSlack(webhookUrl, payload) {
             body: JSON.stringify(slackPayload),
             redirect: "error",
             signal: AbortSignal.timeout(10_000),
+            dispatcher,
         });
         return response.ok;
     }
@@ -214,13 +227,17 @@ async function sendSlack(webhookUrl, payload) {
         debugLog(`Slack notification failed: ${err}`);
         return false;
     }
+    finally {
+        await dispatcher.close().catch(() => { });
+    }
 }
 async function sendEmail(endpoint, payload) {
-    if (!(await isAllowedUrl(endpoint))) {
+    const check = await validateUrl(endpoint);
+    if (!check.allowed) {
         debugLog(`Email endpoint URL blocked by SSRF policy: ${endpoint}`);
         return false;
     }
-    // Email via webhook relay (e.g., SendGrid, Mailgun, or custom endpoint)
+    const dispatcher = pinnedDispatcher(check.resolvedAddr, check.resolvedFamily);
     try {
         const response = await fetch(endpoint, {
             method: "POST",
@@ -233,6 +250,7 @@ async function sendEmail(endpoint, payload) {
             }),
             redirect: "error",
             signal: AbortSignal.timeout(10_000),
+            dispatcher,
         });
         return response.ok;
     }
@@ -240,6 +258,9 @@ async function sendEmail(endpoint, payload) {
         debugLog(`Email notification failed: ${err}`);
         return false;
     }
+    finally {
+        await dispatcher.close().catch(() => { });
+    }
 }
 // ─── Public API ──────────────────────────────────────────────
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prism-mcp-server",
-  "version": "19.2.5",
+  "version": "19.2.6",
   "mcpName": "io.github.dcostenco/prism-coder",
   "description": "Prism Coder — Cognitive memory + tool-calling intelligence for AI agents. Mind Palace persistent memory (BFCL Gold Certified, 100% Tool-Call Accuracy, 114 Agent Skills, PHI Guard, Tier Enforcement, Prompt-Based Skill Routing, Zero-Search HDC/HRR retrieval, HRR Semantic Drift Detection across BCBA/Coding/AAC domains, HIPAA-hardened local-first storage, SLERP-optimized GRPO alignment) plus the prism-coder 1.7B–32B open-weights LLM fleet.",
   "module": "index.ts",
@@ -105,7 +105,7 @@
     "@types/mozilla-readability": "^0.2.1",
     "@types/turndown": "^5.0.6",
     "dotenv": "^17.4.2",
-    "tsx": "^4.19.3",
+    "tsx": "^4.22.4",
     "vitest": "^4.1.1"
   },
   "peerDependencies": {