prism-mcp-server 4.3.0 → 4.6.1

package/dist/tools/handlers.js

@@ -20,7 +20,7 @@
  * helps the AI understand how much token budget was saved.
  */
 import { performWebSearch, performWebSearchRaw, performLocalSearch, performLocalSearchRaw, performBraveAnswers } from "../utils/braveApi.js";
-import { analyzePaperWithGemini } from "../utils/googleAi.js";
+import { getLLMProvider } from "../utils/llm/factory.js";
 import { isBraveWebSearchArgs, isBraveLocalSearchArgs, isBraveAnswersArgs, isGeminiResearchPaperAnalysisArgs, isBraveWebSearchCodeModeArgs, isBraveLocalSearchCodeModeArgs, isCodeModeTransformArgs } from "./definitions.js";
 import { runInSandbox } from "../utils/executor.js";
 import { CODE_MODE_TEMPLATES, getTemplateNames } from "../templates/codeMode.js";
@@ -216,8 +216,31 @@ export async function researchPaperAnalysisHandler(args) {
         };
     }
     try {
-        debugLog(`Analyzing research paper with Gemini (${analysisType} analysis)...`);
-        const analysis = await analyzePaperWithGemini(paperContent, analysisType, additionalContext);
+        debugLog(`Analyzing research paper (${analysisType} analysis)...`);
+        // Build the analysis prompt (mirrors the original analyzePaperWithGemini logic)
+        let prompt = `I need you to perform a detailed ${analysisType} analysis of the following research paper.\n\n`;
+        if (additionalContext) {
+            prompt += `Additional context: ${additionalContext}\n\n`;
+        }
+        prompt += `Research paper content:\n${paperContent}\n\n`;
+        switch (analysisType.toLowerCase()) {
+            case "summary":
+                prompt += "Provide a comprehensive summary including the research question, methodology, key findings, and conclusions.";
+                break;
+            case "critique":
+                prompt += "Provide a critical evaluation of the research methodology, validity of findings, limitations, and suggestions for improvement.";
+                break;
+            case "literature review":
+                prompt += "Analyze how this paper fits into the broader research landscape, identifying key related works and research gaps.";
+                break;
+            case "key findings":
+                prompt += "Extract and explain the most significant findings and their implications.";
+                break;
+            default:
+                prompt += "Perform a comprehensive analysis including summary, methodology assessment, key findings, limitations, and significance.";
+        }
+        const llm = getLLMProvider();
+        const analysis = await llm.generateText(prompt);
         return {
             content: [{ type: "text", text: analysis }],
             isError: false,

package/dist/tools/index.js

@@ -26,8 +26,8 @@ export { webSearchHandler, braveWebSearchCodeModeHandler, localSearchHandler, br
 // This file always exports them — server.ts decides whether to include them in the tool list.
 //
 // v0.4.0: Added SESSION_COMPACT_LEDGER_TOOL and SESSION_SEARCH_MEMORY_TOOL
-export { SESSION_SAVE_LEDGER_TOOL, SESSION_SAVE_HANDOFF_TOOL, SESSION_LOAD_CONTEXT_TOOL, KNOWLEDGE_SEARCH_TOOL, KNOWLEDGE_FORGET_TOOL, SESSION_COMPACT_LEDGER_TOOL, SESSION_SEARCH_MEMORY_TOOL, MEMORY_HISTORY_TOOL, MEMORY_CHECKOUT_TOOL, SESSION_SAVE_IMAGE_TOOL, SESSION_VIEW_IMAGE_TOOL, SESSION_HEALTH_CHECK_TOOL, SESSION_FORGET_MEMORY_TOOL, KNOWLEDGE_SET_RETENTION_TOOL, SESSION_SAVE_EXPERIENCE_TOOL, KNOWLEDGE_UPVOTE_TOOL, KNOWLEDGE_DOWNVOTE_TOOL, KNOWLEDGE_SYNC_RULES_TOOL } from "./sessionMemoryDefinitions.js";
-export { sessionSaveLedgerHandler, sessionSaveHandoffHandler, sessionLoadContextHandler, knowledgeSearchHandler, knowledgeForgetHandler, sessionSearchMemoryHandler, backfillEmbeddingsHandler, memoryHistoryHandler, memoryCheckoutHandler, sessionSaveImageHandler, sessionViewImageHandler, sessionHealthCheckHandler, sessionForgetMemoryHandler, knowledgeSetRetentionHandler, sessionSaveExperienceHandler, knowledgeUpvoteHandler, knowledgeDownvoteHandler, knowledgeSyncRulesHandler } from "./sessionMemoryHandlers.js";
+export { SESSION_SAVE_LEDGER_TOOL, SESSION_SAVE_HANDOFF_TOOL, SESSION_LOAD_CONTEXT_TOOL, KNOWLEDGE_SEARCH_TOOL, KNOWLEDGE_FORGET_TOOL, SESSION_COMPACT_LEDGER_TOOL, SESSION_SEARCH_MEMORY_TOOL, MEMORY_HISTORY_TOOL, MEMORY_CHECKOUT_TOOL, SESSION_SAVE_IMAGE_TOOL, SESSION_VIEW_IMAGE_TOOL, SESSION_HEALTH_CHECK_TOOL, SESSION_FORGET_MEMORY_TOOL, SESSION_EXPORT_MEMORY_TOOL, KNOWLEDGE_SET_RETENTION_TOOL, SESSION_SAVE_EXPERIENCE_TOOL, KNOWLEDGE_UPVOTE_TOOL, KNOWLEDGE_DOWNVOTE_TOOL, KNOWLEDGE_SYNC_RULES_TOOL } from "./sessionMemoryDefinitions.js";
+export { sessionSaveLedgerHandler, sessionSaveHandoffHandler, sessionLoadContextHandler, knowledgeSearchHandler, knowledgeForgetHandler, sessionSearchMemoryHandler, backfillEmbeddingsHandler, memoryHistoryHandler, memoryCheckoutHandler, sessionSaveImageHandler, sessionViewImageHandler, sessionHealthCheckHandler, sessionForgetMemoryHandler, knowledgeSetRetentionHandler, sessionSaveExperienceHandler, knowledgeUpvoteHandler, knowledgeDownvoteHandler, knowledgeSyncRulesHandler, sessionExportMemoryHandler } from "./sessionMemoryHandlers.js";
 // ── Compaction Handler (v0.4.0 — Enhancement #2) ──
 // The compaction handler is in a separate file because it's significantly
 // more complex than the other session memory handlers (chunked Gemini

package/dist/tools/sessionMemoryDefinitions.js

@@ -605,6 +605,59 @@ export function isSessionForgetMemoryArgs(args) {
         "memory_id" in args &&
         typeof args.memory_id === "string");
 }
+// ─── Phase 2: GDPR Export Tool ─────────────────────────────────────────
+//
+// Complements session_forget_memory (surgical deletion) with a full data
+// portability export. Fulfills GDPR Article 20 (Right to Data Portability).
+// API keys are always redacted from the exported settings object.
+export const SESSION_EXPORT_MEMORY_TOOL = {
+    name: "session_export_memory",
+    description: "Export all of a project's memory to a local file. " +
+        "Fulfills GDPR Article 20 (Right to Data Portability) and the " +
+        "'local-first' portability promise.\n\n" +
+        "**What is exported:**\n" +
+        "- All session ledger entries (summaries, decisions, TODOs, file changes)\n" +
+        "- Current handoff state (live project context)\n" +
+        "- System settings (API keys are \"**REDACTED**\" for security)\n" +
+        "- Visual memory index (descriptions, captions, timestamps; not the raw files)\n\n" +
+        "**Formats:**\n" +
+        "- `json` — machine-readable, suitable for import into another Prism instance\n" +
+        "- `markdown` — human-readable, ideal for Obsidian, Notion, or archiving\n\n" +
+        "⚠️ Output directory must exist and be writable. " +
+        "Filenames are auto-generated: `prism-export-<project>-<date>.(json|md)`",
+    inputSchema: {
+        type: "object",
+        properties: {
+            project: {
+                type: "string",
+                description: "Project to export. If omitted, exports ALL projects into separate files.",
+            },
+            format: {
+                type: "string",
+                enum: ["json", "markdown"],
+                description: "Export format: 'json' (machine-readable) or 'markdown' (human-readable). Default: json.",
+                default: "json",
+            },
+            output_dir: {
+                type: "string",
+                description: "Absolute path to the directory where the export file(s) will be written. " +
+                    "Must exist and be writable. Example: '/Users/admin/Desktop'.",
+            },
+        },
+        required: ["output_dir"],
+    },
+};
+/**
+ * Type guard for session_export_memory arguments.
+ * output_dir is required (must be an absolute path).
+ * project and format are optional.
+ */
+export function isSessionExportMemoryArgs(args) {
+    return (typeof args === "object" &&
+        args !== null &&
+        "output_dir" in args &&
+        typeof args.output_dir === "string");
+}
 // ─── v3.1: Knowledge Set Retention (TTL) ─────────────────────
 export const KNOWLEDGE_SET_RETENTION_TOOL = {
     name: "knowledge_set_retention",

package/dist/tools/sessionMemoryHandlers.js

@@ -18,9 +18,9 @@
 import { debugLog } from "../utils/logger.js";
 import { getStorage } from "../storage/index.js";
 import { toKeywordArray } from "../utils/keywordExtractor.js";
-import { generateEmbedding } from "../utils/embeddingApi.js";
+import { getLLMProvider } from "../utils/llm/factory.js";
 import { getCurrentGitState, getGitDrift } from "../utils/git.js";
-import { getSetting } from "../storage/configStorage.js";
+import { getSetting, getAllSettings } from "../storage/configStorage.js";
 // ─── Phase 1: Explainability & Memory Lineage ────────────────
 // These utilities provide structured tracing metadata for search operations.
 // When `enable_trace: true` is passed to session_search_memory or knowledge_search,
@@ -30,6 +30,7 @@ import { getSetting } from "../storage/configStorage.js";
 import { createMemoryTrace, traceToContentBlock } from "../utils/tracing.js";
 import { GOOGLE_API_KEY, PRISM_USER_ID, PRISM_AUTO_CAPTURE, PRISM_CAPTURE_PORTS } from "../config.js";
 import { captureLocalEnvironment } from "../utils/autoCapture.js";
+import { fireCaptionAsync } from "../utils/imageCaptioner.js";
 import { isSessionSaveLedgerArgs, isSessionSaveHandoffArgs, isSessionLoadContextArgs, isKnowledgeSearchArgs, isKnowledgeForgetArgs, isSessionSearchMemoryArgs, isBackfillEmbeddingsArgs, isMemoryHistoryArgs, isMemoryCheckoutArgs, isSessionHealthCheckArgs, // v2.2.0: health check type guard
 isSessionForgetMemoryArgs, // Phase 2: GDPR-compliant memory deletion type guard
 isKnowledgeSetRetentionArgs, // v3.1: TTL retention policy type guard
@@ -40,7 +41,7 @@ isKnowledgeSyncRulesArgs, } from "./sessionMemoryDefinitions.js";
 // v4.2: File system access for knowledge_sync_rules
 import { readFile, writeFile, mkdir } from "node:fs/promises";
 import { existsSync } from "node:fs";
-import { join, dirname } from "node:path";
+import { join, dirname, resolve, isAbsolute, sep } from "node:path";
 // v3.1: In-memory debounce lock for auto-compaction.
 // Prevents multiple concurrent Gemini compaction tasks for the same project
 // when many agents call session_save_ledger at the same time.
@@ -102,7 +103,7 @@ export async function sessionSaveLedgerHandler(args) {
         const savedEntry = Array.isArray(result) ? result[0] : result;
         const entryId = savedEntry?.id;
         if (entryId) {
-            generateEmbedding(embeddingText)
+            getLLMProvider().generateEmbedding(embeddingText)
                 .then(async (embedding) => {
                 await storage.patchLedger(entryId, {
                     embedding: JSON.stringify(embedding),
@@ -144,6 +145,13 @@ export async function sessionSaveLedgerHandler(args) {
             activeCompactions.delete(project);
         }
     }).catch(() => { });
+    // ─── Fire-and-forget importance decay (v4.3) ──────────────
+    // Decays stale behavioral insights (>30d old) by -1 importance.
+    // Matches SQLite's automatic decay behavior on every save.
+    // Non-fatal: errors are logged but never surfaced to the caller.
+    storage.decayImportance(project, PRISM_USER_ID, 30).catch((err) => {
+        debugLog(`[session_save_ledger] Background decay failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
+    });
     return {
         content: [{
                 type: "text",
@@ -824,7 +832,7 @@ export async function sessionSearchMemoryHandler(args) {
     // This is the most variable component: 50ms on a good day, 2000ms under load.
     const embeddingStart = performance.now();
     try {
-        queryEmbedding = await generateEmbedding(query);
+        queryEmbedding = await getLLMProvider().generateEmbedding(query);
     }
     catch (err) {
         return {
@@ -1013,7 +1021,7 @@ export async function backfillEmbeddingsHandler(args) {
                 failed++;
                 continue;
             }
-            const embedding = await generateEmbedding(textToEmbed);
+            const embedding = await getLLMProvider().generateEmbedding(textToEmbed);
             await storage.patchLedger(e.id, {
                 embedding: JSON.stringify(embedding),
             });
@@ -1244,6 +1252,8 @@ export async function sessionSaveImageHandler(args) {
     const fileSize = fs.statSync(vaultPath).size;
     const sizeKB = (fileSize / 1024).toFixed(1);
     debugLog(`[Visual Memory] Saved image [${imageId}] for "${project}" (${sizeKB}KB, ${ext})`);
+    // Fire-and-forget VLM captioning (2-5s — don’t block the MCP response)
+    fireCaptionAsync(project, imageId, vaultPath, description);
     return {
         content: [{
                 type: "text",
@@ -1251,7 +1261,8 @@ export async function sessionSaveImageHandler(args) {
                     `• ID: \`${imageId}\`\n` +
                     `• Description: ${description}\n` +
                     `• Format: ${ext} (${sizeKB}KB)\n` +
-                    `• Vault: ${vaultPath}\n\n` +
+                    `• Vault: ${vaultPath}\n` +
+                    `• Captioning: ⏳ queued (will be searchable in ~5s)\n\n` +
                     `Use \`session_view_image("${project}", "${imageId}")\` to retrieve it later.`,
             }],
         isError: false,
@@ -1321,7 +1332,8 @@ export async function sessionViewImageHandler(args) {
                 type: "text",
                 text: `🖼️ Visual Memory [${image_id}]: ${imgMeta.description}\n` +
                     `Saved: ${imgMeta.timestamp?.split("T")[0] || "unknown"}\n` +
-                    `Format: ${ext.replace(".", "").toUpperCase()} (${(fileSize / 1024).toFixed(1)}KB)`,
+                    `Format: ${ext.replace(".", "").toUpperCase()} (${(fileSize / 1024).toFixed(1)}KB)` +
+                    (imgMeta.caption ? `\n\n🤖 VLM Caption:\n${imgMeta.caption}` : "\n\n⏳ Caption: generating..."),
             },
             {
                 type: "image",
@@ -1645,7 +1657,7 @@ export async function sessionSaveExperienceHandler(args) {
         const savedEntry = Array.isArray(result) ? result[0] : result;
         const entryId = savedEntry?.id;
         if (entryId) {
-            generateEmbedding(embeddingText)
+            getLLMProvider().generateEmbedding(embeddingText)
                 .then(async (embedding) => {
                 await storage.patchLedger(entryId, {
                     embedding: JSON.stringify(embedding),
@@ -1679,15 +1691,21 @@ export async function knowledgeUpvoteHandler(args) {
         throw new Error("Invalid arguments for knowledge_upvote");
     }
     const storage = await getStorage();
-    await storage.adjustImportance(args.id, 1, PRISM_USER_ID);
-    debugLog(`[knowledge_upvote] Upvoted entry ${args.id}`);
-    return {
-        content: [{
-                type: "text",
-                text: `👍 Entry ${args.id} upvoted (+1 importance).`,
-            }],
-        isError: false,
-    };
+    try {
+        await storage.adjustImportance(args.id, 1, PRISM_USER_ID);
+        debugLog(`[knowledge_upvote] Upvoted entry ${args.id}`);
+        return {
+            content: [{ type: "text", text: `👍 Entry ${args.id} upvoted (+1 importance).` }],
+            isError: false,
+        };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return {
+            content: [{ type: "text", text: `❌ Failed to upvote entry ${args.id}: ${msg}` }],
+            isError: true,
+        };
+    }
 }
 // ─── v4.0: Knowledge Downvote Handler ────────────────────────
 /**
@@ -1699,15 +1717,21 @@ export async function knowledgeDownvoteHandler(args) {
         throw new Error("Invalid arguments for knowledge_downvote");
     }
     const storage = await getStorage();
-    await storage.adjustImportance(args.id, -1, PRISM_USER_ID);
-    debugLog(`[knowledge_downvote] Downvoted entry ${args.id}`);
-    return {
-        content: [{
-                type: "text",
-                text: `👎 Entry ${args.id} downvoted (-1 importance).`,
-            }],
-        isError: false,
-    };
+    try {
+        await storage.adjustImportance(args.id, -1, PRISM_USER_ID);
+        debugLog(`[knowledge_downvote] Downvoted entry ${args.id}`);
+        return {
+            content: [{ type: "text", text: `👎 Entry ${args.id} downvoted (-1 importance).` }],
+            isError: false,
+        };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return {
+            content: [{ type: "text", text: `❌ Failed to downvote entry ${args.id}: ${msg}` }],
+            isError: true,
+        };
+    }
 }
 // ─── v4.2: Knowledge Sync Rules Handler ─────────────────────
 //
@@ -1729,7 +1753,7 @@ const SENTINEL_END = "<!-- PRISM:AUTO-RULES:END -->";
  */
 function formatRulesBlock(insights, project) {
     const header = `## Prism Graduated Insights (auto-synced)\n\n` +
-        `> These rules were automatically generated by [Prism MCP](https://github.com/fdarcy/prism) ` +
+        `> These rules were automatically generated by [Prism MCP](https://github.com/dcostenco/prism-mcp) ` +
         `from behavioral memory for project \"${project}\".\n` +
         `> Last synced: ${new Date().toISOString().split("T")[0]}\n\n`;
     const rules = insights.map(i => {
@@ -1804,8 +1828,32 @@ export async function knowledgeSyncRulesHandler(args) {
             isError: false,
         };
     }
-    // 5. Idempotent file write
-    const targetPath = join(normalizedRepoPath, target_file);
+    // 5. Idempotent file write — with path traversal protection
+    // Reject absolute paths (e.g. "/etc/hosts")
+    if (isAbsolute(target_file)) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `❌ Security Error: target_file cannot be an absolute path. Got: "${target_file}"`,
+                }],
+            isError: true,
+        };
+    }
+    // Resolve both paths to their canonical forms, then assert containment
+    const resolvedRepo = resolve(normalizedRepoPath);
+    const targetPath = resolve(resolvedRepo, target_file);
+    // Ensure the resolved target is strictly inside the repo root
+    // (handles "../../../etc/hosts" style traversal)
+    if (!targetPath.startsWith(resolvedRepo + sep)) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `❌ Security Error: Path traversal blocked.\n` +
+                        `"${target_file}" resolves outside the repo root "${resolvedRepo}".`,
+                }],
+            isError: true,
+        };
+    }
     // Ensure directory exists (handles nested target_file like ".config/rules.md")
     const targetDir = dirname(targetPath);
     if (!existsSync(targetDir)) {
@@ -1833,3 +1881,188 @@ export async function knowledgeSyncRulesHandler(args) {
         isError: false,
     };
 }
+// ────────────────────────────────────────────────────────
+// GDPR Export Handler (v4.5.1)
+// Implements session_export_memory.
+// Article 20: Right to Data Portability — fully local, no network calls.
+// ────────────────────────────────────────────────────────
+import { isSessionExportMemoryArgs, } from "./sessionMemoryDefinitions.js";
+// Keys whose values must be redacted from the export.
+// Matches any setting key ending with "_api_key" or "_secret".
+const REDACT_PATTERNS = [/_api_key$/i, /_secret$/i, /^password$/i];
+function redactSettings(settings) {
+    const redacted = {};
+    for (const [k, v] of Object.entries(settings)) {
+        redacted[k] = REDACT_PATTERNS.some(p => p.test(k)) ? "**REDACTED**" : v;
+    }
+    return redacted;
+}
+function toMarkdown(exportData) {
+    const data = exportData;
+    const d = data.prism_export;
+    const lines = [];
+    lines.push(`# Prism Memory Export: \`${d.project}\``);
+    lines.push(``);
+    lines.push(`> Exported: ${d.exported_at}  |  Version: ${d.version}`);
+    lines.push(``);
+    // ── Settings
+    lines.push(`## ⚙️ Settings`);
+    lines.push(``);
+    lines.push(`| Key | Value |`);
+    lines.push(`|-----|-------|`);
+    for (const [k, v] of Object.entries(d.settings)) {
+        lines.push(`| \`${k}\` | ${v} |`);
+    }
+    lines.push(``);
+    // ── Handoff State
+    lines.push(`## 🎯 Live Project State (Handoff)`);
+    lines.push(``);
+    lines.push(`\`\`\`json`);
+    lines.push(JSON.stringify(d.handoff, null, 2));
+    lines.push(`\`\`\``);
+    lines.push(``);
+    // ── Visual Memory
+    if (Array.isArray(d.visual_memory) && d.visual_memory.length > 0) {
+        lines.push(`## 🖼️ Visual Memory (${d.visual_memory.length} images)`);
+        lines.push(``);
+        for (const img of d.visual_memory) {
+            lines.push(`### ${img.id ?? "??"}`);
+            lines.push(`- **Description:** ${img.description ?? "-"}`);
+            lines.push(`- **Saved:** ${String(img.timestamp ?? "-").split("T")[0]}`);
+            if (img.caption)
+                lines.push(`- **VLM Caption:** ${img.caption}`);
+        }
+        lines.push(``);
+    }
+    // ── Ledger
+    lines.push(`## 📚 Session Ledger (${d.ledger.length} entries)`);
+    lines.push(``);
+    for (const entry of d.ledger) {
+        const date = entry.created_at?.split("T")[0] ?? "unknown";
+        const type = entry.event_type ?? "session";
+        lines.push(`---`);
+        lines.push(``);
+        lines.push(`### ${date} \u00b7 \`${type}\` ${entry.id ? `\`${entry.id.slice(0, 8)}\`` : ""}`);
+        lines.push(``);
+        lines.push(entry.summary);
+        if (entry.decisions?.length) {
+            lines.push(``);
+            lines.push(`**Decisions:**`);
+            entry.decisions.forEach(d => lines.push(`- ${d}`));
+        }
+        if (entry.todos?.length) {
+            lines.push(``);
+            lines.push(`**TODOs:**`);
+            entry.todos.forEach(t => lines.push(`- [ ] ${t}`));
+        }
+        if (entry.files_changed?.length) {
+            lines.push(``);
+            lines.push(`**Files:** ${entry.files_changed.join(", ")}`);
+        }
+        lines.push(``);
+    }
+    return lines.join("\n");
+}
+/**
+ * Export a project's full memory (ledger + handoff + settings + visual memory)
+ * to a local file. No network calls. API keys always redacted.
+ */
+export async function sessionExportMemoryHandler(args) {
+    if (!isSessionExportMemoryArgs(args)) {
+        return {
+            content: [{ type: "text", text: "Error: output_dir (string) is required." }],
+            isError: true,
+        };
+    }
+    const { output_dir, format = "json" } = args;
+    const requestedProject = args.project;
+    // Validate output directory
+    if (!existsSync(output_dir)) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `Error: output_dir does not exist: "${output_dir}". Please create it first.`,
+                }],
+            isError: true,
+        };
+    }
+    const storage = await getStorage();
+    const exportedFiles = [];
+    try {
+        // Determine which projects to export
+        let projects;
+        if (requestedProject) {
+            projects = [requestedProject];
+        }
+        else {
+            projects = await storage.listProjects();
+            if (projects.length === 0) {
+                return {
+                    content: [{ type: "text", text: "No projects found in memory — nothing to export." }],
+                    isError: false,
+                };
+            }
+        }
+        // Fetch settings once (shared across all projects)
+        const rawSettings = await getAllSettings();
+        const safeSettings = redactSettings(rawSettings);
+        const exportedAt = new Date().toISOString();
+        const dateSuffix = exportedAt.split("T")[0]; // YYYY-MM-DD
+        for (const project of projects) {
+            debugLog(`[session_export_memory] Exporting project "${project}" as ${format}`);
+            // Fetch handoff (live context)
+            const ctx = await storage.loadContext(project, "deep", PRISM_USER_ID);
+            // Fetch full ledger (all non-deleted entries)
+            const ledger = await storage.getLedgerEntries({ project });
+            // Strip raw embedding vectors from the export (large binary data)
+            const cleanLedger = ledger.map(({ embedding: _emb, ...rest }) => rest);
+            const visualMemory = ctx?.metadata?.visual_memory ?? [];
+            const exportPayload = {
+                prism_export: {
+                    version: "4.5",
+                    exported_at: exportedAt,
+                    project,
+                    settings: safeSettings,
+                    handoff: ctx ?? null,
+                    visual_memory: visualMemory,
+                    ledger: cleanLedger,
+                },
+            };
+            // Serialize
+            const ext = format === "markdown" ? "md" : "json";
+            const filename = `prism-export-${project}-${dateSuffix}.${ext}`;
+            const outputPath = join(output_dir, filename);
+            let content;
+            if (format === "markdown") {
+                content = toMarkdown(exportPayload);
+            }
+            else {
+                content = JSON.stringify(exportPayload, null, 2);
+            }
+            await writeFile(outputPath, content, "utf-8");
+            exportedFiles.push(outputPath);
+            debugLog(`[session_export_memory] Wrote ${content.length} bytes to ${outputPath}`);
+        }
+        const plural = exportedFiles.length > 1 ? "files" : "file";
+        return {
+            content: [{
+                    type: "text",
+                    text: `✅ Memory exported successfully (${format.toUpperCase()})\n\n` +
+                        `**Project(s):** ${projects.join(", ")}\n` +
+                        `**${exportedFiles.length} ${plural} written:**\n` +
+                        exportedFiles.map(f => `  \u2022 \`${f}\``).join("\n") +
+                        `\n\n⚠️ API keys have been redacted. Vault image files are NOT included — ` +
+                        `only metadata and captions. Re-run \`session_save_image\` to re-attach images.`,
+                }],
+            isError: false,
+        };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        console.error(`[session_export_memory] Error: ${msg}`);
+        return {
+            content: [{ type: "text", text: `Export failed: ${msg}` }],
+            isError: true,
+        };
+    }
+}

package/dist/utils/briefing.js

@@ -12,8 +12,7 @@
  *   - Reuses GOOGLE_API_KEY from config.ts (same key as embeddings)
  * ═══════════════════════════════════════════════════════════════════
  */
-import { GoogleGenerativeAI } from "@google/generative-ai";
-import { GOOGLE_API_KEY } from "../config.js";
+import { getLLMProvider } from "./llm/factory.js";
 import { debugLog } from "./logger.js";
 /**
  * Generates a 3-bullet Morning Briefing using Gemini.
@@ -23,12 +22,13 @@ import { debugLog } from "./logger.js";
  * @returns Formatted briefing text, or a graceful fallback string
  */
 export async function generateMorningBriefing(context, recentEntries) {
-    if (!GOOGLE_API_KEY) {
-        return "☀️ Good morning! (Morning Briefing unavailable — no GOOGLE_API_KEY configured)";
+    let llm;
+    try {
+        llm = getLLMProvider();
+    }
+    catch {
+        return "☀️ Good morning! (Morning Briefing unavailable — LLM provider not configured)";
     }
-    const genAI = new GoogleGenerativeAI(GOOGLE_API_KEY);
-    // 2.5-flash for speed — briefings should take ≤3s
-    const model = genAI.getGenerativeModel({ model: "gemini-2.5-flash" });
     const todosBlock = context.pendingTodos?.length
         ? `Pending TODOs:\n${context.pendingTodos.map(t => `  • ${t}`).join("\n")}`
         : "No pending TODOs.";
@@ -57,13 +57,12 @@ Rules:
 - No preamble, no closing remarks — just the 3 bullets.
 - Each bullet starts with a relevant emoji.`;
     try {
-        const result = await model.generateContent(prompt);
-        const text = result.response.text().trim();
+        const text = (await llm.generateText(prompt)).trim();
         debugLog(`[Morning Briefing] Generated for "${context.project}" (${text.length} chars)`);
         return text;
     }
     catch (error) {
-        console.error(`[Morning Briefing] Gemini call failed: ${error instanceof Error ? error.message : String(error)}`);
+        console.error(`[Morning Briefing] LLM call failed: ${error instanceof Error ? error.message : String(error)}`);
         return "☀️ Good morning! Ready to continue — check your TODOs above to pick up where you left off.";
     }
 }

package/dist/utils/factMerger.js

@@ -33,8 +33,7 @@
  *   - Uses gemini-2.5-flash for speed (~2-3s per merge)
  * ═══════════════════════════════════════════════════════════════════
  */
-import { GoogleGenerativeAI } from "@google/generative-ai"; // Gemini SDK for LLM calls
-import { GOOGLE_API_KEY } from "../config.js"; // API key from environment
+import { getLLMProvider } from "./llm/factory.js";
 import { debugLog } from "./logger.js";
 /**
  * Merge old and new key_context using Gemini to resolve contradictions.
@@ -56,9 +55,13 @@ import { debugLog } from "./logger.js";
  *   // Result: "We use MySQL for the main DB"
  */
 export async function consolidateFacts(oldContext, newContext) {
-    // Guard: need API key to call Gemini
-    if (!GOOGLE_API_KEY) {
-        debugLog("[FactMerger] Skipped — no GOOGLE_API_KEY configured");
+    // Guard: need LLM provider — factory throws if no API key
+    let llm;
+    try {
+        llm = getLLMProvider();
+    }
+    catch {
+        debugLog("[FactMerger] Skipped — LLM provider unavailable (no API key configured)");
         return newContext; // fallback: just use the new context as-is
     }
     // Guard: if either context is empty, no merging needed
@@ -73,13 +76,7 @@ export async function consolidateFacts(oldContext, newContext) {
         debugLog("[FactMerger] Old and new context are identical — skipping merge");
         return newContext; // no changes needed
     }
-    // Initialize Gemini with the configured API key
-    const genAI = new GoogleGenerativeAI(GOOGLE_API_KEY);
-    // Use gemini-2.5-flash for speed — merges should complete in ~2-3s
-    const model = genAI.getGenerativeModel({
-        model: "gemini-2.5-flash",
-    });
-    // Build the merge prompt — instructs Gemini to resolve contradictions
+    // Build the merge prompt — instructs LLM to resolve contradictions
     // and deduplicate while keeping the NEW UPDATE as source of truth
     const prompt = "You are a memory consolidation engine for an AI agent.\n\n" +
         "OLD MEMORY:\n" + oldContext + "\n\n" +
@@ -92,10 +89,8 @@ export async function consolidateFacts(oldContext, newContext) {
         "4. Preserve unique facts from both old and new that don't conflict.\n" +
         "5. Return ONLY the consolidated raw text. No markdown, no preamble, " +
         "no explanation — just the merged facts.";
-    // Call Gemini to perform the intelligent merge
-    const result = await model.generateContent(prompt);
-    // Extract and trim the merged text from Gemini's response
-    const mergedText = result.response.text().trim();
+    // Call LLM to perform the intelligent merge
+    const mergedText = (await llm.generateText(prompt)).trim();
     // Log the merge result for debugging (to stderr, not stdout)
     debugLog("[FactMerger] Merged context (" +
         oldContext.length + " chars old + " +