prism-mcp-server 2.5.0 → 2.5.2

package/README.md

@@ -12,6 +12,29 @@
 >
 > Built with **SQLite + F32_BLOB vector search**, **optimistic concurrency control**, **MCP Prompts & Resources**, **auto-compaction**, **Gemini-powered Morning Briefings**, **MemoryTrace explainability**, and optional **Supabase cloud sync**.
 
+## Table of Contents
+
+- [What's New (v2.5.0)](#whats-new-in-v250---enterprise-memory-)
+- [How Prism Compares](#how-prism-compares)
+- [Quick Start](#quick-start-zero-config--local-mode)
+- [Mind Palace Dashboard](#-the-mind-palace-dashboard)
+- [Integration Examples](#integration-examples)
+- [Use Cases](#use-cases)
+- [Architecture](#architecture)
+- [Tool Reference](#tool-reference)
+- [LangChain / LangGraph Integration](#langchain--langgraph-integration)
+- [Environment Variables](#environment-variables)
+- [Progressive Context Loading](#progressive-context-loading)
+- [Time Travel](#time-travel-version-history)
+- [Agent Telepathy](#agent-telepathy-multi-client-sync)
+- [Knowledge Accumulation](#knowledge-accumulation)
+- [GDPR Compliance](#gdpr-compliance)
+- [Observability & Tracing](#observability--tracing)
+- [Supabase Setup](#supabase-setup-cloud-mode)
+- [Project Structure](#project-structure)
+- [Hybrid Search Pipeline](#hybrid-search-pipeline-brave--vertex-ai)
+- [🚀 Roadmap](#-roadmap)
+
 ---
 
 ## What's New in v2.5.0 — Enterprise Memory 🏗️
@@ -19,10 +42,20 @@
 | Feature | Description |
 |---|---|
 | 🔍 **Memory Tracing (Phase 1)** | Every search now returns a structured `MemoryTrace` with latency breakdown (`embedding_ms`, `storage_ms`, `total_ms`), search strategy, and scoring metadata — surfaced as a separate `content[1]` block for LangSmith integration. |
-| 🛡️ **GDPR Memory Deletion (Phase 2)** | New `session_forget_memory` tool with soft-delete (tombstoning via `deleted_at`) and hard-delete. Ownership guards prevent cross-user deletion. `deleted_reason` column captures GDPR Article 17 justification. Top-K Hole solved by filtering inside SQL, not post-query. |
+| 🛡️ **GDPR Memory Deletion (Phase 2)** | New `session_forget_memory` tool with soft-delete (tombstoning via `deleted_at`) and hard-delete. Ownership guards prevent cross-user deletion. `deleted_reason` column captures GDPR Article 17 justification. Top-K Hole solved by filtering inside SQL, not post-query (ensures we always return exactly K results, rather than returning fewer because deleted items were filtered out after the vector search). |
 | 🔗 **LangChain Integration (Phase 3)** | `PrismMemoryRetriever` and `PrismKnowledgeRetriever` — async-first `BaseRetriever` subclasses that wrap Prism MCP's traced search endpoints. Trace metadata flows automatically into `Document.metadata["trace"]` for LangSmith visibility. |
 | 🧩 **LangGraph Research Agent** | Full example in `examples/langgraph-agent/` — a 5-node agentic research loop with MCP bridge, persistent memory, and `EnsembleRetriever` hybrid search. |
 
+<details>
+<summary><strong>What's in v2.5.1 — Version Sync & Embedding Safety</strong></summary>
+
+| Feature | Description |
+|---|---|
+| 🔄 **Dynamic Versioning** | Server version is now derived from `package.json` at startup — MCP handshake, dashboard badge, and npm metadata always stay in sync. Falls back to `0.0.0` if unreadable. |
+| 🛡️ **Embedding Dimension Validation** | `generateEmbedding()` now validates the returned vector is exactly 768 dimensions at runtime, catching model regressions before storing bad vectors. Removed `as any` cast in favor of proper `EmbedContentRequest` typing. |
+
+</details>
+
 <details>
 <summary><strong>What's in v2.3.12 — Stability & Fixes</strong></summary>
 
@@ -75,6 +108,8 @@
 
 ---
 
+> 💡 **TL;DR:** Prism MCP gives your AI agent persistent memory using a local SQLite database. No cloud accounts, no API keys, and no Postgres/Qdrant containers required. Just `npx -y prism-mcp-server` and you're running.
+
 ## How Prism Compares
 
 | Feature | **Prism MCP** | [MCP Memory](https://github.com/modelcontextprotocol/servers/tree/main/src/memory) | [Mem0](https://github.com/mem0ai/mem0) | [Mnemory](https://github.com/fpytloun/mnemory) | [Basic Memory](https://github.com/basicmachines-co/basic-memory) |
@@ -173,7 +208,7 @@ Then add to your MCP config:
 }
 ```
 
-### Restart your MCP client. That's it — all tools are now available.
+**Restart your MCP client. That's it — all tools are now available.**
 
 ---
 
@@ -183,6 +218,8 @@ Prism MCP spins up a lightweight, zero-dependency HTTP server alongside the MCP
 
 Open **`http://localhost:3000`** in your browser to see exactly what your AI agent is thinking:
 
+![Mind Palace Dashboard](docs/mind-palace-dashboard.png)
+
 - **Current State & TODOs** — See the exact context injected into the LLM's prompt
 - **Git Drift Detection** — Alerts you if you've modified code outside the agent's view
 - **Morning Briefing** — AI-synthesized action plan from your last sessions
@@ -435,7 +472,7 @@ Instead of writing custom JavaScript, pass a `template` name for instant extract
 | `slack_messages` | Slack Web API | `[timestamp] @user: message` |
 | `csv_summary` | CSV text | Column names, row count, sample rows |
 
-**Usage:** `{ "data": "<raw JSON>", "template": "github_issues" }` — no custom code needed.
+**Tool Arguments:** `{ "data": "<raw JSON>", "template": "github_issues" }` — no custom code needed.
 
 ---
 
@@ -533,6 +570,7 @@ For the best experience, configure your AI coding assistant to **automatically c
 Add this rule to your project's `.clauderules` or `CLAUDE.md`:
 
 ```markdown
+
 ## Prism MCP Memory Auto-Load (CRITICAL)
 At the start of every new session, you MUST call `session_load_context`
 at the `standard` level for these projects:
@@ -550,17 +588,19 @@ Do NOT skip this step.
 Add this rule to your `~/.gemini/GEMINI.md` global rules file:
 
 ```markdown
+
 ## Prism MCP Memory Auto-Load (CRITICAL)
+
 **At the start of every new session**, immediately after displaying
 the startup block, you MUST call `session_load_context` (via the
-`athena-public` MCP server) at the `standard` level for these projects:
+`prism-mcp` MCP server) at the `standard` level for these projects:
 - `my-project`
 - `my-other-project`
 
 This ensures accumulated project memory, pending TODOs, and key context
 from previous sessions are always available. Do NOT skip this step.
 
-**IMPORTANT:** The `athena-public` MCP server is always available.
+**IMPORTANT:** The `prism-mcp` MCP server is always available.
 Do NOT display any warnings or notes about MCP server availability
 — just call the tools directly. Never claim the server is unavailable.
 ```
@@ -668,7 +708,9 @@ Every `session_save_ledger` and `session_save_handoff` automatically extracts ke
 | **By age** | `older_than_days: 30` | Forget entries older than 30 days |
 | **Dry run** | `dry_run: true` | Preview what would be deleted |
 
-### GDPR-Compliant Deletion (v2.5)
+## GDPR Compliance
+
+### GDPR-Compliant Deletion
 
 Prism supports surgical, per-entry deletion for GDPR Article 17 compliance:
 
@@ -689,7 +731,77 @@ Prism supports surgical, per-entry deletion for GDPR Article 17 compliance:
 **How it works:**
 - **Soft delete** sets `deleted_at = NOW()` + `deleted_reason`. The entry stays in the DB for audit but is excluded from ALL search results (vector, FTS5, and context loading).
 - **Hard delete** physically removes the row. FTS5 triggers auto-clean the full-text index.
-- **Top-K Hole Prevention**: `deleted_at IS NULL` filtering happens INSIDE the SQL query, BEFORE the `LIMIT` clause — so `LIMIT 5` always returns 5 live results, never fewer.
+- **Top-K Hole Prevention**: `deleted_at IS NULL` filtering happens INSIDE the SQL query, BEFORE the `LIMIT` clause — so `LIMIT 5` always returns 5 live results, never fewer. *(A "Top-K Hole" occurs when deleted entries are filtered out after the vector search, causing fewer than K results to be returned. Prism avoids this by filtering inside SQL before the LIMIT.)*
+
+### Article 17 — Right to Erasure ("Right to be Forgotten")
+
+| Requirement | How Prism Satisfies It |
+|-------------|----------------------|
+| **Individual deletion** | `session_forget_memory` operates on a single `memory_id` — the data subject can request deletion of *specific* memories, not just bulk wipes. |
+| **Soft delete (audit trail)** | `deleted_at` + `deleted_reason` columns prove *when* and *why* data was deleted — required for SOC2 audit logs. |
+| **Hard delete (full erasure)** | `hard_delete: true` physically removes the row from the database. No tombstone, no trace. True erasure as required by Article 17(1). |
+| **Justification logging** | The `reason` parameter captures the GDPR justification (e.g., `"User requested data deletion"`, `"Data retention policy expired"`). |
+
+### Article 25 — Data Protection by Design and by Default
+
+| Requirement | How Prism Satisfies It |
+|-------------|----------------------|
+| **Ownership guards** | `softDeleteLedger()` and `hardDeleteLedger()` verify `user_id` before executing. User A cannot delete User B's data. |
+| **Database-level filtering** | `deleted_at IS NULL` is inside the SQL `WHERE` clause, *before* `LIMIT`. Soft-deleted data never leaks into search results — not even accidentally. |
+| **Default = safe** | The system defaults to soft delete (reversible). Hard delete requires an explicit `hard_delete: true` flag — preventing accidental permanent data loss. |
+| **Multi-tenant isolation** | `PRISM_USER_ID` environment variable ensures all operations are scoped to a single tenant. |
+
+### Coverage Summary
+
+| GDPR Right | Status | Implementation |
+|-----------|--------|----------------|
+| Right to Erasure (Art. 17) | ✅ Implemented | `session_forget_memory` (soft + hard delete) |
+| Data Protection by Design (Art. 25) | ✅ Implemented | Ownership guards, DB-level filtering, safe defaults |
+| Audit Trail | ✅ Implemented | `deleted_at` + `deleted_reason` columns |
+| User Isolation | ✅ Implemented | `user_id` verification on all delete operations |
+| Right to Portability (Art. 20) | ⬜ Roadmap | `session_export_memory` (planned) |
+| Consent Management | ➖ Out of scope | Application-layer responsibility |
+
+> **Note:** No software is "GDPR certified" on its own — GDPR is an organizational compliance framework. Prism provides the technical controls that a DPO (Data Protection Officer) needs to satisfy the data deletion and privacy-by-design requirements.
+
+---
+
+## Observability & Tracing
+
+Prism MCP includes a custom **MemoryTrace** engine that provides per-query observability for every memory operation. This is not the OpenTelemetry SDK — it's a lightweight, zero-dependency tracing system purpose-built for MCP.
+
+### What MemoryTrace Provides
+
+| Capability | MemoryTrace | Full OpenTelemetry SDK |
+|------------|:-----------:|:----------------------:|
+| Per-query latency breakdown (`embedding_ms`, `storage_ms`, `total_ms`) | ✅ | ✅ |
+| Search strategy attribution (`semantic`, `keyword`, `hybrid`) | ✅ | ❌ (custom) |
+| Result scoring metadata | ✅ | ❌ (custom) |
+| LangSmith integration (via retriever metadata) | ✅ | ✅ |
+| W3C `traceparent` / distributed trace context | ❌ | ✅ |
+| Export to Jaeger / Zipkin / Datadog | ❌ | ✅ |
+| Auto-instrumentation of HTTP / DB calls | ❌ | ✅ |
+| External SDK dependency | **None** | `@opentelemetry/sdk-*` |
+
+### Example MemoryTrace Output
+
+```json
+{
+  "type": "text",
+  "text": "{\"trace\":{\"strategy\":\"semantic\",\"latency\":{\"embedding_ms\":45,\"storage_ms\":12,\"total_ms\":57},\"result_count\":3,\"threshold\":0.7}}"
+}
+```
+
+Traces are returned as `content[1]` in MCP responses — a separate content block that keeps structured telemetry out of the LLM's context window while making it available to orchestration layers like LangSmith.
+
+### Roadmap
+
+| Feature | Status |
+|---------|--------|
+| MemoryTrace (current) | ✅ Shipped |
+| OpenTelemetry SDK integration | ⬜ Planned |
+| Span export to Jaeger/Zipkin | ⬜ Planned |
+| W3C Trace Context propagation | ⬜ Planned |
 
 ---
 
@@ -718,12 +830,16 @@ Go to **Settings → API** and copy:
 
 ### 4. Configure
 
+Add these to your MCP client's configuration file (e.g., `claude_desktop_config.json` under `"env"`), or export them if running the server manually:
+
 ```bash
 export SUPABASE_URL="https://your-project.supabase.co"
 export SUPABASE_KEY="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
 export PRISM_STORAGE="supabase"
 ```
 
+> **Note:** Claude Desktop, Cursor, and other MCP clients spawn isolated processes — terminal `export` commands won't be inherited. Always set env vars in the client's config JSON.
+
 ### Security
 
 1. **Use the anon key** for MCP server config
@@ -808,6 +924,36 @@ See [`vertex-ai/`](vertex-ai/) for setup and benchmarks.
 
 ---
 
+## 🚀 Roadmap
+
+> **[View the full project board →](https://github.com/users/dcostenco/projects/1/views/1)**
+
+### 🚀 Future Ideas
+
+| Feature | Issue | Description |
+|---------|-------|-------------|
+| OpenTelemetry SDK Integration | [#6](https://github.com/dcostenco/prism-mcp/issues/6) | W3C-compliant tracing with Jaeger/Zipkin export |
+| GDPR Right to Portability | [#7](https://github.com/dcostenco/prism-mcp/issues/7) | `session_export_memory` tool for Art. 20 compliance |
+| Multi-agent CRDT Conflict Resolution | [#9](https://github.com/dcostenco/prism-mcp/issues/9) | Conflict-free replicated data types for concurrent agent edits |
+| Memory Analytics Dashboard | [#10](https://github.com/dcostenco/prism-mcp/issues/10) | Usage trends, token costs, and memory health metrics |
+| Pluggable LLM Providers | [#13](https://github.com/dcostenco/prism-mcp/issues/13) | Anthropic, OpenAI, Ollama provider adapters |
+| VLM / OCR for Visual Memory | [#14](https://github.com/dcostenco/prism-mcp/issues/14) | Auto-extract text and insights from stored images |
+| Automated Data Retention (TTL) | [#16](https://github.com/dcostenco/prism-mcp/issues/16) | Time-based memory expiration policies |
+| Obsidian / Logseq Export Bridge | [#17](https://github.com/dcostenco/prism-mcp/issues/17) | Export memory to Markdown knowledge bases |
+| Interactive Knowledge Graph Editor | [#19](https://github.com/dcostenco/prism-mcp/issues/19) | Visual graph editor inside the Mind Palace dashboard |
+
+### 🧰 Infrastructure & Stack
+
+| Feature | Issue | Description |
+|---------|-------|-------------|
+| Supabase RPC Soft-Delete Filtering | [#8](https://github.com/dcostenco/prism-mcp/issues/8) | Server-side RPC filtering for GDPR-deleted records |
+| Pluggable Embedding Providers | [#11](https://github.com/dcostenco/prism-mcp/issues/11) | Swap Gemini for OpenAI, Cohere, or local models |
+| Automated Test Suite | [#12](https://github.com/dcostenco/prism-mcp/issues/12) | Unit, integration, and E2E test coverage with CI/CD |
+| Mind Palace Auth & Secure Access | [#15](https://github.com/dcostenco/prism-mcp/issues/15) | Authentication for the dashboard when exposed remotely |
+| TypeScript LangGraph & Vercel AI SDK Examples | [#18](https://github.com/dcostenco/prism-mcp/issues/18) | Reference implementations for popular frameworks |
+
+---
+
 ## License
 
 MIT

package/dist/config.js

@@ -1,3 +1,6 @@
+import { readFileSync } from "node:fs";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
 /**
  * Configuration & Environment Variables
  *
@@ -18,11 +21,25 @@
  * with reduced functionality (the corresponding tools will be unavailable).
  */
 // ─── Server Identity ──────────────────────────────────────────
-// REVIEWER NOTE: v1.5.0 includes all v0.4.0 enhancements PLUS
-// multi-tenant Row Level Security (RLS) for production hosting.
+function resolveServerVersion() {
+    try {
+        const moduleDir = dirname(fileURLToPath(import.meta.url));
+        const packageJsonPath = resolve(moduleDir, "../package.json");
+        const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf-8"));
+        if (typeof packageJson?.version === "string" && packageJson.version.trim()) {
+            return packageJson.version.trim();
+        }
+    }
+    catch {
+        // Fallback below keeps server booting even if package metadata is unavailable.
+    }
+    return "0.0.0";
+}
+// REVIEWER NOTE: derive version from package.json so MCP handshake,
+// dashboard badge, and package metadata stay in sync.
 export const SERVER_CONFIG = {
     name: "prism-mcp",
-    version: "2.3.9",
+    version: resolveServerVersion(),
 };
 // ─── Required: Brave Search API Key ───────────────────────────
 export const BRAVE_API_KEY = process.env.BRAVE_API_KEY;

package/dist/dashboard/server.js

@@ -17,45 +17,51 @@
  * ═══════════════════════════════════════════════════════════════════
  */
 import * as http from "http";
-import { execSync } from "child_process";
+import { exec } from "child_process";
 import { getStorage } from "../storage/index.js";
-import { PRISM_USER_ID } from "../config.js";
+import { PRISM_USER_ID, SERVER_CONFIG } from "../config.js";
 import { renderDashboardHTML } from "./ui.js";
 const PORT = parseInt(process.env.PRISM_DASHBOARD_PORT || "3000", 10);
 /**
  * Kill any existing process holding the dashboard port.
  * This prevents zombie dashboard processes from surviving IDE restarts
  * and serving stale versions of the UI.
+ *
+ * CRITICAL: Uses async exec() instead of execSync() to avoid blocking
+ * the Node.js event loop. Blocking during startup prevents the MCP
+ * stdio transport from responding to the initialize handshake in time,
+ * causing Antigravity to report MCP_SERVER_INIT_ERROR.
  */
-function killPortHolder(port) {
-    try {
-        // lsof returns PIDs listening on the port; -t gives terse (PID-only) output
-        const pids = execSync(`lsof -ti tcp:${port}`, { encoding: "utf-8" })
-            .trim()
-            .split("\n")
-            .filter(Boolean);
-        if (pids.length === 0)
-            return;
-        // Don't kill ourselves
-        const myPid = String(process.pid);
-        const stalePids = pids.filter(p => p !== myPid);
-        if (stalePids.length > 0) {
-            console.error(`[Dashboard] Killing stale process(es) on port ${port}: ${stalePids.join(", ")}`);
-            execSync(`kill ${stalePids.join(" ")}`, { encoding: "utf-8" });
-            // Brief pause to let the OS release the port
-            execSync("sleep 0.3");
-        }
-    }
-    catch (err) {
-        // lsof exits with code 1 when no matches found — that's expected.
-        // Any other failure (lsof missing, permission denied, etc.) gets a warning.
-        const isNoMatch = err instanceof Error &&
-            "status" in err &&
-            err.status === 1;
-        if (!isNoMatch) {
-            console.error(`[Dashboard] killPortHolder: could not check port ${port} (lsof may not be installed) — skipping.`);
-        }
-    }
+async function killPortHolder(port) {
+    return new Promise((resolve) => {
+        exec(`lsof -ti tcp:${port}`, { encoding: "utf-8" }, (err, stdout) => {
+            if (err) {
+                // lsof exits with code 1 when no matches found — that's expected.
+                // Any other failure (lsof missing, permission denied, etc.) gets a warning.
+                const isNoMatch = err.code === 1;
+                if (!isNoMatch) {
+                    console.error(`[Dashboard] killPortHolder: could not check port ${port} (lsof may not be installed) — skipping.`);
+                }
+                return resolve();
+            }
+            const pids = stdout.trim().split("\n").filter(Boolean);
+            if (pids.length === 0)
+                return resolve();
+            // Don't kill ourselves
+            const myPid = String(process.pid);
+            const stalePids = pids.filter(p => p !== myPid);
+            if (stalePids.length > 0) {
+                console.error(`[Dashboard] Killing stale process(es) on port ${port}: ${stalePids.join(", ")}`);
+                exec(`kill ${stalePids.join(" ")}`, () => {
+                    // Brief pause to let the OS release the port
+                    setTimeout(resolve, 300);
+                });
+            }
+            else {
+                resolve();
+            }
+        });
+    });
 }
 export async function startDashboardServer() {
     // Clean up any zombie dashboard process from a previous session
@@ -78,7 +84,7 @@ export async function startDashboardServer() {
                     "Content-Type": "text/html; charset=utf-8",
                     "Cache-Control": "no-store, no-cache, must-revalidate",
                 });
-                return res.end(renderDashboardHTML());
+                return res.end(renderDashboardHTML(SERVER_CONFIG.version));
             }
             // ─── API: List all projects ───
             if (url.pathname === "/api/projects") {

package/dist/dashboard/ui.js

@@ -13,7 +13,7 @@
  *   - Responsive grid layout
  * ═══════════════════════════════════════════════════════════════════
  */
-export function renderDashboardHTML() {
+export function renderDashboardHTML(version) {
     return `<!DOCTYPE html>
 <html lang="en">
 <head>
@@ -279,7 +279,7 @@ export function renderDashboardHTML() {
       <div class="logo">
         <span class="logo-icon">🧠</span>
         Prism Mind Palace
-        <span class="version-badge">v2.3.7</span>
+        <span class="version-badge">v${version}</span>
       </div>
       <div class="selector">
         <select id="projectSelect">

package/dist/server.js

@@ -39,7 +39,7 @@
  */
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { CallToolRequestSchema, ListToolsRequestSchema, InitializeRequestSchema, 
+import { CallToolRequestSchema, ListToolsRequestSchema, 
 // ─── v0.4.0: MCP Prompts support (Enhancement #1) ───
 // REVIEWER NOTE: These schemas enable the /resume_session
 // slash command in Claude Desktop. ListPrompts tells the
@@ -175,9 +175,7 @@ export function createServer() {
         version: SERVER_CONFIG.version,
     }, {
         capabilities: {
-            tools: {
-                tools: ALL_TOOLS,
-            },
+            tools: {},
             // ─── v0.4.0: Prompt capability (Enhancement #1) ───
             // REVIEWER NOTE: Declaring `prompts: {}` tells Claude Desktop
             // that we support the prompts/list and prompts/get methods.
@@ -196,24 +194,12 @@ export function createServer() {
         },
     });
     // ── Handler: Initialize ──
-    // REVIEWER NOTE: The initialize handler is unchanged from v0.3.0
-    // except that it now reports the expanded capabilities.
-    server.setRequestHandler(InitializeRequestSchema, async (request) => {
-        return {
-            protocolVersion: request.params.protocolVersion,
-            serverInfo: {
-                name: SERVER_CONFIG.name,
-                version: SERVER_CONFIG.version,
-            },
-            capabilities: {
-                tools: {
-                    tools: ALL_TOOLS,
-                },
-                ...(SESSION_MEMORY_ENABLED ? { prompts: {} } : {}),
-                ...(SESSION_MEMORY_ENABLED ? { resources: { subscribe: true } } : {}),
-            },
-        };
-    });
+    // NOTE: The SDK's built-in _oninitialize() handles the Initialize request.
+    // It stores _clientCapabilities, _clientVersion, negotiates protocol version,
+    // and returns capabilities from the Server constructor config.
+    // Do NOT override InitializeRequestSchema — doing so bypasses critical
+    // internal state management and can cause MCP clients (like Antigravity)
+    // to fail during the init handshake.
     // ── Handler: List Tools ──
     server.setRequestHandler(ListToolsRequestSchema, async () => {
         return {
@@ -537,9 +523,7 @@ export function createSandboxServer() {
         version: SERVER_CONFIG.version,
     }, {
         capabilities: {
-            tools: {
-                tools: [...BASE_TOOLS, ...SESSION_MEMORY_TOOLS],
-            },
+            tools: {},
             prompts: {},
             resources: { subscribe: true },
         },

package/dist/utils/embeddingApi.js

@@ -85,13 +85,20 @@ export async function generateEmbedding(text) {
     const model = genAI.getGenerativeModel({ model: "gemini-embedding-001" }, { apiVersion: "v1beta" } // gemini-embedding-001 requires v1beta
     );
     debugLog(`[embedding] Generating 768-dim embedding for ${inputText.length} chars`);
-    const result = await model.embedContent({
+    const request = {
         content: {
             role: "user",
             parts: [{ text: inputText }],
         },
         taskType: TaskType.SEMANTIC_SIMILARITY,
-        outputDimensionality: 768,
-    });
-    return result.embedding.values;
+        // SDK runtime supports this for gemini-embedding-001 even when older
+        // type defs may lag; keep cast localized at request boundary.
+        ...{ outputDimensionality: 768 },
+    };
+    const result = await model.embedContent(request);
+    const values = result.embedding.values;
+    if (!Array.isArray(values) || values.length !== 768) {
+        throw new Error(`Embedding dimension mismatch: expected 768, got ${values?.length ?? 'unknown'}`);
+    }
+    return values;
 }

package/dist/utils/googleAi.js

@@ -38,7 +38,7 @@ export async function createMcpClient() {
         command: "node",
         args: ["index.js"], // Server entry point
     });
-    const client = new Client({ name: "gemini-mcp-client", version: "1.0.0" }, { capabilities: { tools: {} } });
+    const client = new Client({ name: "gemini-mcp-client", version: "1.0.0" });
     await client.connect(transport);
     return { client, transport };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prism-mcp-server",
-  "version": "2.5.0",
+  "version": "2.5.2",
   "mcpName": "io.github.dcostenco/prism-mcp",
   "description": "The Mind Palace for AI Agents — local-first MCP server with persistent memory (SQLite/Supabase), visual dashboard, time travel, multi-agent sync, Morning Briefings, reality drift detection, code mode templates, semantic vector search, and Brave Search + Gemini analysis. Zero-config local mode.",
   "module": "index.ts",
@@ -79,7 +79,7 @@
     "@google-cloud/discoveryengine": "^2.5.3",
     "@google/generative-ai": "^0.24.1",
     "@libsql/client": "^0.17.2",
-    "@modelcontextprotocol/sdk": "^1.9.0",
+    "@modelcontextprotocol/sdk": "^1.27.1",
     "@supabase/supabase-js": "^2.99.3",
     "dotenv": "^16.5.0",
     "quickjs-emscripten": "^0.32.0"