prism-mcp-server 7.3.1 → 7.4.0

package/dist/errors.js

@@ -0,0 +1,29 @@
+/**
+ * Thrown when a verification harness gate action evaluates to "abort".
+ * Indicates a strict security or operational policy failure that should halt
+ * downstream execution immediately.
+ */
+export class VerificationGateError extends Error {
+    result;
+    constructor(message, result) {
+        super(message);
+        this.name = "VerificationGateError";
+        this.result = result;
+        // Maintain V8 stack trace natively
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, VerificationGateError);
+        }
+    }
+    /**
+     * Helper to dump the JSON representation of the failure block for logs.
+     */
+    toJSON() {
+        return {
+            message: this.message,
+            project: this.result.project,
+            critical_failures: this.result.critical_failures,
+            pass_rate: this.result.pass_rate,
+            result_json: this.result.result_json,
+        };
+    }
+}

package/dist/server.js

@@ -1184,6 +1184,25 @@ export async function startServer() {
             console.error(`[DarkFactory] Startup failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
         });
     }
+    // ─── v7.4: TurboQuant Compressor Async Warmup ────────────
+    // The first call to getDefaultCompressor() triggers construction of a
+    // 768×768 rotation matrix (~15ms of synchronous CPU). Pre-warm via
+    // setImmediate so it runs after the current event-loop tick completes,
+    // preventing the stdio handshake from being blocked during startup.
+    // Fire-and-forget — non-critical; subsequent calls hit the singleton cache.
+    setImmediate(() => {
+        try {
+            // Dynamic import avoids loading turboquant.ts at module-parse time
+            // (the construction side-effects run only when actually needed).
+            import("./utils/turboquant.js").then(({ getDefaultCompressor }) => {
+                getDefaultCompressor();
+                console.error("[Prism] TurboQuant compressor pre-warmed (rotation matrix ready)");
+            }).catch(err => {
+                console.error(`[TurboQuant] Warmup failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
+            });
+        }
+        catch { /* warmup is a best-effort optimization */ }
+    });
     // Keep the process alive — without this, Node.js would exit
     // because there are no active event loop handles after the
     // synchronous setup completes.

package/dist/storage/sqlite.js

@@ -566,14 +566,103 @@ export class SqliteStorage {
         status TEXT NOT NULL,
         current_step TEXT NOT NULL,
         iteration INTEGER NOT NULL,
+        eval_revisions INTEGER DEFAULT 0,
         started_at TEXT NOT NULL,
         updated_at TEXT NOT NULL,
         spec TEXT NOT NULL,
         error TEXT,
-        last_heartbeat TEXT
+        last_heartbeat TEXT,
+        contract_payload TEXT,
+        notes TEXT
       )
     `);
+        // ─── v7.4.0 Migration: Adversarial Eval Revisions ─────────
+        try {
+            await this.db.execute(`ALTER TABLE dark_factory_pipelines ADD COLUMN eval_revisions INTEGER DEFAULT 0`);
+            debugLog("[SqliteStorage] v7.4.0 migration: added eval_revisions column");
+            // Backfill existing rows — ALTER TABLE DEFAULT only applies to new inserts;
+            // rows that existed before the migration will have NULL until explicitly set.
+            await this.db.execute(`UPDATE dark_factory_pipelines SET eval_revisions = 0 WHERE eval_revisions IS NULL`);
+            debugLog("[SqliteStorage] v7.4.0 migration: backfilled eval_revisions = 0");
+        }
+        catch (e) {
+            if (!e.message?.includes("duplicate column name"))
+                throw e;
+        }
+        try {
+            await this.db.execute(`ALTER TABLE dark_factory_pipelines ADD COLUMN contract_payload TEXT`);
+            await this.db.execute(`ALTER TABLE dark_factory_pipelines ADD COLUMN notes TEXT`);
+        }
+        catch (e) {
+            if (!e.message?.includes("duplicate column name"))
+                throw e;
+        }
         await this.db.execute(`CREATE INDEX IF NOT EXISTS idx_pipelines_status ON dark_factory_pipelines(user_id, project, status)`);
+        // ─── v7.2.0 Migration: Verification Harness ────────────────
+        await this.db.execute(`
+      CREATE TABLE IF NOT EXISTS verification_harnesses (
+        rubric_hash TEXT PRIMARY KEY,
+        project TEXT NOT NULL,
+        conversation_id TEXT NOT NULL,
+        created_at TEXT NOT NULL,
+        min_pass_rate REAL NOT NULL,
+        tests TEXT NOT NULL,
+        metadata TEXT,
+        user_id TEXT NOT NULL DEFAULT 'default'
+      )
+    `);
+        await this.db.execute(`
+      CREATE TABLE IF NOT EXISTS verification_runs (
+        id TEXT PRIMARY KEY,
+        rubric_hash TEXT NOT NULL,
+        project TEXT NOT NULL,
+        conversation_id TEXT NOT NULL,
+        run_at TEXT NOT NULL,
+        passed INTEGER NOT NULL,
+        pass_rate REAL NOT NULL,
+        critical_failures INTEGER NOT NULL,
+        coverage_score REAL NOT NULL,
+        result_json TEXT NOT NULL,
+        gate_action TEXT NOT NULL,
+        gate_override INTEGER,
+        override_reason TEXT,
+        user_id TEXT NOT NULL DEFAULT 'default',
+        FOREIGN KEY(rubric_hash) REFERENCES verification_harnesses(rubric_hash)
+      )
+    `);
+        await this.db.execute(`CREATE INDEX IF NOT EXISTS idx_verification_runs_project ON verification_runs(project, run_at DESC)`);
+        // ─── v7.3 Migration: Pipeline Orchestration Overrides ────────
+        try {
+            await this.db.execute(`ALTER TABLE verification_runs ADD COLUMN gate_override INTEGER`);
+        }
+        catch (e) {
+            if (!e.message?.includes('duplicate column name'))
+                console.warn('Migration warning:', e.message);
+        }
+        try {
+            await this.db.execute(`ALTER TABLE verification_runs ADD COLUMN override_reason TEXT`);
+        }
+        catch (e) {
+            if (!e.message?.includes('duplicate column name'))
+                console.warn('Migration warning:', e.message);
+        }
+        // ─── H7 Migration: Tenant isolation for verification tables ────────
+        try {
+            await this.db.execute(`ALTER TABLE verification_harnesses ADD COLUMN user_id TEXT NOT NULL DEFAULT 'default'`);
+        }
+        catch (e) {
+            if (!e.message?.includes('duplicate column name'))
+                console.warn('Migration warning:', e.message);
+        }
+        try {
+            await this.db.execute(`ALTER TABLE verification_runs ADD COLUMN user_id TEXT NOT NULL DEFAULT 'default'`);
+        }
+        catch (e) {
+            if (!e.message?.includes('duplicate column name'))
+                console.warn('Migration warning:', e.message);
+        }
+        // H7: Create index after the column exists (post-migration)
+        await this.db.execute(`CREATE INDEX IF NOT EXISTS idx_verification_runs_user ON verification_runs(user_id, project)`);
         // ─── v6.1 Migration: Integrity Check ──────────────────────
         //
         // REVIEWER NOTE: PRAGMA integrity_check scans the B-tree structure of
@@ -2823,16 +2912,19 @@ export class SqliteStorage {
         }
         await this.db.execute({
             sql: `
-        INSERT INTO dark_factory_pipelines (id, project, user_id, status, current_step, iteration, started_at, updated_at, spec, error, last_heartbeat)
-        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        INSERT INTO dark_factory_pipelines (id, project, user_id, status, current_step, iteration, eval_revisions, started_at, updated_at, spec, error, last_heartbeat, contract_payload, notes)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
         ON CONFLICT(id) DO UPDATE SET
           status = excluded.status,
           current_step = excluded.current_step,
           iteration = excluded.iteration,
+          eval_revisions = excluded.eval_revisions,
           updated_at = excluded.updated_at,
           spec = excluded.spec,
           error = excluded.error,
-          last_heartbeat = excluded.last_heartbeat
+          last_heartbeat = excluded.last_heartbeat,
+          contract_payload = excluded.contract_payload,
+          notes = excluded.notes
       `,
             args: [
                 updatedState.id,
@@ -2841,11 +2933,14 @@ export class SqliteStorage {
                 updatedState.status,
                 updatedState.current_step,
                 updatedState.iteration,
+                updatedState.eval_revisions ?? 0,
                 updatedState.started_at,
                 updatedState.updated_at,
                 updatedState.spec,
                 updatedState.error || null,
-                updatedState.last_heartbeat || null
+                updatedState.last_heartbeat || null,
+                updatedState.contract_payload ? JSON.stringify(updatedState.contract_payload) : null,
+                updatedState.notes || null
             ]
         });
     }
@@ -2856,7 +2951,11 @@ export class SqliteStorage {
         });
         if (result.rows.length === 0)
             return null;
-        return result.rows[0];
+        const row = result.rows[0];
+        return {
+            ...row,
+            contract_payload: row.contract_payload ? JSON.parse(row.contract_payload) : undefined
+        };
     }
     async listPipelines(project, status, userId) {
         const conditions = ['user_id = ?'];
@@ -2872,6 +2971,99 @@ export class SqliteStorage {
         const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
         const sql = `SELECT * FROM dark_factory_pipelines ${where} ORDER BY updated_at DESC`;
         const result = await this.db.execute({ sql, args });
-        return result.rows;
+        return result.rows.map((row) => ({
+            ...row,
+            contract_payload: row.contract_payload ? JSON.parse(row.contract_payload) : undefined
+        }));
+    }
+    // ─── Verification Harness (v7.2.0) ───────────────────────────
+    async saveVerificationHarness(harness, userId) {
+        await this.db.execute({
+            sql: `
+        INSERT INTO verification_harnesses (rubric_hash, project, conversation_id, created_at, min_pass_rate, tests, metadata, user_id)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+        ON CONFLICT(rubric_hash) DO UPDATE SET
+          metadata = excluded.metadata
+      `,
+            args: [
+                harness.rubric_hash,
+                harness.project,
+                harness.conversation_id,
+                harness.created_at,
+                harness.min_pass_rate,
+                JSON.stringify(harness.tests),
+                harness.metadata ? JSON.stringify(harness.metadata) : null,
+                userId
+            ]
+        });
+    }
+    async getVerificationHarness(rubric_hash, userId) {
+        const result = await this.db.execute({
+            sql: `SELECT * FROM verification_harnesses WHERE rubric_hash = ? AND user_id = ?`,
+            args: [rubric_hash, userId]
+        });
+        if (result.rows.length === 0)
+            return null;
+        const row = result.rows[0];
+        return {
+            ...row,
+            tests: JSON.parse(row.tests),
+            metadata: row.metadata ? JSON.parse(row.metadata) : undefined
+        };
+    }
+    async saveVerificationRun(result, userId) {
+        await this.db.execute({
+            sql: `
+        INSERT INTO verification_runs (
+          id, rubric_hash, project, conversation_id, run_at, 
+          passed, pass_rate, critical_failures, coverage_score, result_json, gate_action, gate_override, override_reason, user_id
+        )
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        ON CONFLICT(id) DO NOTHING
+      `,
+            args: [
+                result.id,
+                result.rubric_hash,
+                result.project,
+                result.conversation_id,
+                result.run_at,
+                result.passed ? 1 : 0,
+                result.pass_rate,
+                result.critical_failures,
+                result.coverage_score,
+                result.result_json,
+                result.gate_action,
+                result.gate_override ? 1 : 0,
+                result.override_reason || null,
+                userId
+            ]
+        });
+    }
+    async listVerificationRuns(project, userId) {
+        const result = await this.db.execute({
+            sql: `SELECT * FROM verification_runs WHERE project = ? AND user_id = ? ORDER BY run_at DESC`,
+            args: [project, userId]
+        });
+        return result.rows.map(row => ({
+            ...row,
+            passed: Boolean(row.passed),
+            gate_override: row.gate_override === 1,
+            override_reason: row.override_reason || undefined
+        }));
+    }
+    async getVerificationRun(id, userId) {
+        const result = await this.db.execute({
+            sql: `SELECT * FROM verification_runs WHERE id = ? AND user_id = ?`,
+            args: [id, userId]
+        });
+        if (result.rows.length === 0)
+            return null;
+        const row = result.rows[0];
+        return {
+            ...row,
+            passed: Boolean(row.passed),
+            gate_override: row.gate_override === 1,
+            override_reason: row.override_reason || undefined
+        };
     }
 }

package/dist/storage/supabase.js

@@ -1222,7 +1222,13 @@ export class SupabaseStorage {
                 updated_at: updatedState.updated_at,
                 spec: updatedState.spec,
                 error: updatedState.error || null,
-                last_heartbeat: updatedState.last_heartbeat || null
+                last_heartbeat: updatedState.last_heartbeat || null,
+                // ─── v7.4: Adversarial Evaluation fields ───
+                eval_revisions: updatedState.eval_revisions ?? 0,
+                contract_payload: updatedState.contract_payload
+                    ? JSON.stringify(updatedState.contract_payload)
+                    : null,
+                notes: updatedState.notes || null,
             }, { on_conflict: "id" }, { Prefer: "return=minimal,resolution=merge-duplicates" });
         }
         catch (e) {
@@ -1244,7 +1250,15 @@ export class SupabaseStorage {
             const rows = Array.isArray(result) ? result : [];
             if (rows.length === 0)
                 return null;
-            return rows[0];
+            const row = rows[0];
+            // ─── v7.4: Deserialize contract_payload from JSON TEXT ───
+            if (row.contract_payload && typeof row.contract_payload === "string") {
+                try {
+                    row.contract_payload = JSON.parse(row.contract_payload);
+                }
+                catch { /* leave as-is */ }
+            }
+            return row;
         }
         catch (e) {
             if (e.message?.includes("PGRST202") || e.message?.includes("Could not find the relation"))
@@ -1263,7 +1277,17 @@ export class SupabaseStorage {
             if (status)
                 query.status = `eq.${status}`;
             const result = await supabaseGet("dark_factory_pipelines", query);
-            return (Array.isArray(result) ? result : []);
+            const rows = (Array.isArray(result) ? result : []);
+            // ─── v7.4: Deserialize contract_payload from JSON TEXT ───
+            return rows.map(row => {
+                if (row.contract_payload && typeof row.contract_payload === "string") {
+                    try {
+                        row.contract_payload = JSON.parse(row.contract_payload);
+                    }
+                    catch { /* leave as-is */ }
+                }
+                return row;
+            });
         }
         catch (e) {
             if (e.message?.includes("PGRST202") || e.message?.includes("Could not find the relation"))
@@ -1271,4 +1295,120 @@ export class SupabaseStorage {
             throw e;
         }
     }
+    // ─── Verification Harness (v7.2.0) ───────────────────────────
+    async saveVerificationHarness(harness, userId) {
+        try {
+            await supabasePost("verification_harnesses", {
+                rubric_hash: harness.rubric_hash,
+                project: harness.project,
+                conversation_id: harness.conversation_id,
+                created_at: harness.created_at,
+                min_pass_rate: harness.min_pass_rate,
+                tests: JSON.stringify(harness.tests),
+                metadata: harness.metadata ? JSON.stringify(harness.metadata) : null,
+                user_id: userId
+            }, { on_conflict: "rubric_hash" }, { Prefer: "return=representation,resolution=merge-duplicates" });
+        }
+        catch (e) {
+            if (e.message?.includes("PGRST116") || e.message?.includes("duplicate key")) {
+                return;
+            }
+            throw e;
+        }
+    }
+    async getVerificationHarness(rubric_hash, userId) {
+        try {
+            const rows = await supabaseGet("verification_harnesses", {
+                "rubric_hash": `eq.${rubric_hash}`,
+                "user_id": `eq.${userId}`
+            });
+            if (!Array.isArray(rows) || rows.length === 0)
+                return null;
+            const row = rows[0];
+            return {
+                ...row,
+                tests: JSON.parse(row.tests),
+                metadata: row.metadata ? JSON.parse(row.metadata) : undefined
+            };
+        }
+        catch (e) {
+            if (e.message?.includes("PGRST202") || e.message?.includes("Could not find the relation"))
+                return null;
+            throw e;
+        }
+    }
+    async saveVerificationRun(result, userId) {
+        try {
+            await supabasePost("verification_runs", {
+                id: result.id,
+                rubric_hash: result.rubric_hash,
+                project: result.project,
+                conversation_id: result.conversation_id,
+                run_at: result.run_at,
+                // H2 fix: Use native booleans for Supabase/PostgreSQL (not 0/1 integers)
+                passed: result.passed,
+                pass_rate: result.pass_rate,
+                critical_failures: result.critical_failures,
+                coverage_score: result.coverage_score,
+                result_json: result.result_json,
+                gate_action: result.gate_action,
+                gate_override: result.gate_override ?? false,
+                override_reason: result.override_reason || null,
+                user_id: userId
+            }, { on_conflict: "id" }, { Prefer: "return=representation,resolution=ignore-duplicates" });
+        }
+        catch (e) {
+            if (e.message?.includes("PGRST116") || e.message?.includes("duplicate key")) {
+                return;
+            }
+            throw e;
+        }
+    }
+    async listVerificationRuns(project, userId) {
+        try {
+            const query = {
+                project: `eq.${project}`,
+                user_id: `eq.${userId}`,
+                order: "run_at.desc"
+            };
+            const rows = await supabaseGet("verification_runs", query);
+            if (!Array.isArray(rows))
+                return [];
+            return rows.map((row) => ({
+                ...row,
+                passed: Boolean(row.passed),
+                // H2 fix: Use Boolean() consistently (native booleans from Supabase)
+                gate_override: Boolean(row.gate_override),
+                override_reason: row.override_reason || undefined
+            }));
+        }
+        catch (e) {
+            if (e.message?.includes("PGRST202") || e.message?.includes("Could not find the relation"))
+                return [];
+            throw e;
+        }
+    }
+    async getVerificationRun(id, userId) {
+        try {
+            const rows = await supabaseGet("verification_runs", {
+                id: `eq.${id}`,
+                user_id: `eq.${userId}`
+            });
+            if (!Array.isArray(rows) || rows.length === 0)
+                return null;
+            const row = rows[0];
+            return {
+                ...row,
+                passed: Boolean(row.passed),
+                // H2 fix: Use Boolean() consistently (native booleans from Supabase)
+                gate_override: Boolean(row.gate_override),
+                override_reason: row.override_reason || undefined
+            };
+        }
+        catch (e) {
+            if (e.message?.includes("PGRST202") || e.message?.includes("Could not find the relation"))
+                return null;
+            throw e;
+        }
+    }
 }

package/dist/tools/routerExperience.js

@@ -54,6 +54,20 @@ export async function getExperienceBias(project, taskKeywords, storageBackend) {
                     relevantCount++;
                 }
             }
+            // GAP-1 fix: Ingest validation_result events into ML routing bias.
+            // The v7.2 spec requires that "Router learning ingests raw verification
+            // signals (pass_rate, critical_failures, coverage_score, rubric_hash)."
+            // confidence_score >= 80 indicates a passing verification suite.
+            if (eventType === "validation_result") {
+                const confidence = raw.confidence_score || 50;
+                if (confidence >= 80) {
+                    successCount++;
+                }
+                else {
+                    failureCount++;
+                }
+                relevantCount++;
+            }
         }
         if (relevantCount < MIN_SAMPLES) {
             return {

package/dist/verification/clawValidator.js

@@ -17,6 +17,7 @@
  *  - claw-code-agent MCP server must be available
  *  - PRISM_VERIFICATION_HARNESS_ENABLED=true
  */
+import { createHash } from "crypto";
 import { TestSuiteSchema } from "./schema.js";
 /**
  * Build the prompt for Claw validation.
@@ -213,7 +214,7 @@ export function mergeSuggestedAssertions(suite, suggestions) {
                 ...suite.tests,
                 ...suggestions.map((s) => ({
                     ...s,
-                    id: s.id || `claw-suggestion-${Date.now()}-${Math.random().toString(36).slice(2, 6)}`,
+                    id: s.id || `claw-suggestion-${createHash("sha256").update(JSON.stringify(s)).digest("hex").slice(0, 12)}`,
                     severity: s.severity || "warn",
                 })),
             ],