prism-mcp-server 7.2.0 → 7.3.3

package/dist/verification/schema.js

@@ -0,0 +1,64 @@
+import { z } from "zod";
+import { createHash } from "crypto";
+// ─── v7.2.0: Severity Levels ────────────────────────────────
+//  warn  → log and continue
+//  gate  → block progression until resolved
+//  abort → rollback (fail the pipeline)
+export const SeverityLevel = z.enum(["warn", "gate", "abort"]).default("warn");
+// Base for all assertions
+const BaseAssertion = z.object({
+    target: z.string().describe("The SQL query, URL, or file path"),
+    expected: z.any().describe("The expected outcome to match against"),
+});
+// 1. Declarative Assertions (Split for better type inference)
+export const SqliteAssertionSchema = BaseAssertion.extend({ type: z.literal("sqlite_query") });
+export const HttpStatusAssertionSchema = BaseAssertion.extend({ type: z.literal("http_status") });
+export const FileExistsAssertionSchema = BaseAssertion.extend({ type: z.literal("file_exists") });
+export const FileContainsAssertionSchema = BaseAssertion.extend({ type: z.literal("file_contains") });
+// 2. Sandboxed JS Assertion
+export const SandboxedJsAssertionSchema = z.object({
+    type: z.literal("quickjs_eval"),
+    code: z.string().describe("JS code to run in QuickJS. Must return a boolean."),
+    inputs: z.record(z.string(), z.any()).optional().describe("Data to inject as globals into the sandbox"),
+});
+// 3. Main Schema Wrapper (v7.2.0 enhanced)
+export const TestAssertionSchema = z.object({
+    id: z.string(),
+    layer: z.enum(["data", "agent", "pipeline"]),
+    description: z.string(),
+    severity: SeverityLevel,
+    // v7.2.0: per-assertion timeout in ms
+    timeout_ms: z.number().int().min(50).max(120_000).optional().describe("Per-assertion timeout in milliseconds"),
+    // v7.2.0: retry on transient failures (e.g. http_status)
+    retry_count: z.number().int().min(0).max(5).optional().describe("Number of retries on transient failures"),
+    // v7.2.0: assertion dependency chain
+    depends_on: z.string().optional().describe("ID of assertion that must pass first"),
+    // Discriminated union gives pinpoint accuracy on parsing errors
+    assertion: z.discriminatedUnion("type", [
+        SqliteAssertionSchema,
+        HttpStatusAssertionSchema,
+        FileExistsAssertionSchema,
+        FileContainsAssertionSchema,
+        SandboxedJsAssertionSchema
+    ])
+});
+export const TestSuiteSchema = z.object({
+    tests: z.array(TestAssertionSchema)
+});
+// ─── v7.2.0: Rubric Hash Utility ─────────────────────────────
+/**
+ * Compute a deterministic SHA-256 hash over the test assertions.
+ *
+ * Sorts by `id` before hashing so that insertion order does NOT affect
+ * the result. This ensures the hash is stable across environments
+ * even when tests are stored in different orders.
+ *
+ * @param tests - The array of TestAssertion to hash
+ * @returns Lowercase hex SHA-256 digest
+ */
+export function computeRubricHash(tests) {
+    const sorted = [...tests].sort((a, b) => a.id.localeCompare(b.id));
+    return createHash("sha256")
+        .update(JSON.stringify(sorted))
+        .digest("hex");
+}

package/dist/verification/severityPolicy.js

@@ -0,0 +1,98 @@
+// ─── v7.2.0: Severity Gate Enforcement ──────────────────────
+// Separated from the runner for testability.
+//
+// Rules:
+//  - "warn" failures  → logged, always continue
+//  - "gate" failures  → block. Return "block" action with failed assertions list
+//  - "abort" failures → immediate abort. Return "abort" action
+//
+// When PRISM_VERIFICATION_DEFAULT_SEVERITY is set, it overrides
+// individual assertion severity levels (acts as a floor).
+/**
+ * Map severity string to numeric rank for comparison.
+ * Higher = more severe.
+ */
+function severityRank(s) {
+    switch (s) {
+        case "warn": return 0;
+        case "gate": return 1;
+        case "abort": return 2;
+        default: {
+            // M4 fix: Exhaustive check — future SeverityLevel additions will cause a compile error
+            const _exhaustive = s;
+            return _exhaustive;
+        }
+    }
+}
+/**
+ * Resolve the effective severity for an assertion, considering
+ * the global default severity override (acts as a floor).
+ */
+export function resolveEffectiveSeverity(assertionSeverity, defaultSeverity) {
+    const assertRank = severityRank(assertionSeverity);
+    const defaultRank = severityRank(defaultSeverity);
+    // Use whichever is more severe (floor behavior)
+    return assertRank >= defaultRank ? assertionSeverity : defaultSeverity;
+}
+/**
+ * Evaluate all assertion results against severity gates.
+ *
+ * Returns a SeverityGateResult indicating the overall action:
+ *  - "continue" → all clear, or only "warn"-level failures
+ *  - "block"    → at least one "gate"-level failure (no "abort")
+ *  - "abort"    → at least one "abort"-level failure
+ */
+export function evaluateSeverityGates(results, config) {
+    const failures = results.filter(r => !r.passed && !r.skipped);
+    if (failures.length === 0) {
+        return {
+            action: "continue",
+            failed_assertions: [],
+            summary: "All assertions passed."
+        };
+    }
+    // Resolve effective severities and categorize failures
+    const abortFailures = [];
+    const gateFailures = [];
+    const warnFailures = [];
+    for (const f of failures) {
+        const effective = resolveEffectiveSeverity(f.severity, config.default_severity);
+        switch (effective) {
+            case "abort":
+                abortFailures.push(f);
+                break;
+            case "gate":
+                gateFailures.push(f);
+                break;
+            case "warn":
+            default:
+                warnFailures.push(f);
+                break;
+        }
+    }
+    // Abort takes precedence over gate
+    if (abortFailures.length > 0) {
+        const ids = abortFailures.map(a => a.id).join(", ");
+        return {
+            action: "abort",
+            failed_assertions: [...abortFailures, ...gateFailures, ...warnFailures],
+            summary: `ABORT: ${abortFailures.length} abort-level failure(s) [${ids}]. ` +
+                `${gateFailures.length} gate, ${warnFailures.length} warn failures also present.`
+        };
+    }
+    if (gateFailures.length > 0) {
+        const ids = gateFailures.map(a => a.id).join(", ");
+        return {
+            action: "block",
+            failed_assertions: [...gateFailures, ...warnFailures],
+            summary: `BLOCKED: ${gateFailures.length} gate-level failure(s) [${ids}]. ` +
+                `${warnFailures.length} warn-level failures also present.`
+        };
+    }
+    // Only warn-level failures → continue
+    return {
+        action: "continue",
+        failed_assertions: warnFailures,
+        summary: `CONTINUE: ${warnFailures.length} warn-level failure(s) logged, no blocking issues.`
+    };
+}

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "prism-mcp-server",
-  "version": "7.2.0",
+  "version": "7.3.3",
   "mcpName": "io.github.dcostenco/prism-mcp",
-  "description": "The Mind Palace for AI Agents — persistent memory (SQLite/Supabase), behavioral learning & IDE rules sync, multimodal VLM image captioning, pluggable LLM providers (OpenAI/Anthropic/Gemini/Ollama), OpenTelemetry distributed tracing, GDPR export, multi-agent Hivemind sync, time travel, visual Mind Palace dashboard. Zero-config local mode.",
+  "description": "The Mind Palace for AI Agents — fail-closed Dark Factory autonomous pipelines (3-gate parse→type→scope validation), persistent memory (SQLite/Supabase), ACT-R cognitive retrieval, behavioral learning & IDE rules sync, multi-agent Hivemind, time travel, visual dashboard. Zero-config local mode.",
   "module": "index.ts",
   "type": "module",
   "main": "dist/server.js",
   "bin": {
+    "prism": "dist/cli.js",
     "prism-mcp-server": "dist/server.js",
     "prism-import": "dist/utils/universalImporter.js"
   },
@@ -15,6 +16,7 @@
   ],
   "scripts": {
     "build": "tsc",
+    "lint:dashboard": "node scripts/lint-dashboard-es5.cjs",
     "start": "node dist/server.js",
     "test": "vitest run",
     "test:watch": "vitest",
@@ -68,7 +70,11 @@
     "dashboard",
     "actr",
     "cognitive-memory",
-    "activation-memory"
+    "activation-memory",
+    "dark-factory",
+    "autonomous-pipeline",
+    "fail-closed",
+    "path-traversal-prevention"
   ],
   "homepage": "https://github.com/dcostenco/prism-mcp",
   "repository": {
@@ -90,7 +96,6 @@
   },
   "dependencies": {
     "@anthropic-ai/sdk": "^0.80.0",
-    "@tavily/core": "^0.6.0",
     "@google-cloud/discoveryengine": "^2.5.3",
     "@google/generative-ai": "^0.24.1",
     "@libsql/client": "^0.17.2",
@@ -102,7 +107,9 @@
     "@opentelemetry/sdk-trace-node": "^2.6.1",
     "@opentelemetry/semantic-conventions": "^1.40.0",
     "@supabase/supabase-js": "^2.99.3",
+    "@tavily/core": "^0.6.0",
     "cheerio": "^1.2.0",
+    "commander": "^14.0.3",
     "dotenv": "^16.5.0",
     "fflate": "^0.8.2",
     "jsdom": "^29.0.1",
@@ -110,6 +117,7 @@
     "p-limit": "^7.3.0",
     "quickjs-emscripten": "^0.32.0",
     "stream-json": "^2.0.0",
-    "turndown": "^7.2.2"
+    "turndown": "^7.2.2",
+    "zod": "^4.3.6"
   }
 }