prism-mcp-server 9.2.7 → 9.4.0

package/README.md

@@ -826,8 +826,13 @@ The Generator strips the `console.log`, resubmits, and the next `EVALUATE` retur
 
 ## 🆕 What's New
 
-> **Current release: v9.2.4 — Cross-Backend Reconciliation**
+> **Current release: v9.4.0 — Adversarial Security Hardening & Bidirectional Sync**
 
+- 🔒 **v9.4.0 — Security Hardening & Bidirectional Sync:** Two-pass adversarial audit found 18 vulnerabilities (4C/5H/9M) across Prism and Synalux — 17 fixed. Critical: fail-closed rate limiter, path traversal guards, error sanitization. High: plan name alignment (revenue fix), CORS allowlist, settings injection prevention. New: bidirectional `prism sync push` CLI command pushes local SQLite → Supabase, NextAuth JWT enrichment eliminates N+1 DB queries, concurrency counter guaranteed via `try/finally`, 10MB request body limits.
+- 🎯 **v9.3.0 — TurboQuant ResidualNorm Tiebreaker:** Configurable ranking optimization for Tier-2 search. When compressed cosine scores are within ε of each other, prefers the candidate with lower `residualNorm` (more trustworthy compressed representation). `PRISM_TURBOQUANT_TIEBREAKER_EPSILON=0.005` gives +2pp R@1, +1pp R@5. Empirically validated at N=5K with A/B test. 1066 tests, 0 regressions. Inspired by [@m13v's suggestion](https://github.com/xiaowu0162/LongMemEval/issues/31).
+- 🔒 **v9.2.7 — Security Hardening:** Typed `PrototypePollutionError` class (replaces generic `Error` in `sanitizeForMerge()` — enables catch-site discrimination and forensic logging with `offendingKey`), explicit null-byte path injection guard in `SafetyController.validateActionsInScope()` (C-string truncation attack vector), and corrected CRDT merge semantics documentation (Remove-Wins-from-Either, not Add-Wins). 1055 tests, 0 regressions.
+- 🪟 **v9.2.6 — Windows CI Timeout Fix:** CLI integration tests timed out on Windows + Node 22.x GitHub Actions runners. Added `{ timeout: 30_000 }` to the describe block. 6 new residual distribution tests validating TurboQuant's QJL correction stability (zero R@5 delta between P50 and P95 residual vectors at d=128, 2K corpus).
+- 🔧 **v9.2.5 — Reconciliation Credential Probe Fix:** `supabaseReady` guard only resolved credentials when `requestedBackend === "supabase"`, causing reconciliation to silently skip. Added second credential probe for local + reconciliation path. Fixed Supabase schema mismatch on `key_context` column.
 - 🔄 **v9.2.4 — Cross-Backend Reconciliation:** Automatic two-layer sync from Supabase → SQLite on startup. When Claude Desktop writes handoffs and ledger entries to Supabase, Antigravity (local SQLite) now automatically detects stale data and pulls newer handoffs + the 20 most recent ledger entries. 5-second timeout prevents startup freeze. Targeted ID lookups (not full table scans) keep it safe for large databases. 13 tests including malformed JSON resilience, multi-role dedup, and timeout handling.
 - 🔧 **v9.2.3 — Code Review Hardening:** 10x faster split-brain detection (lightweight direct queries replace full `StorageBackend` construction), variable shadowing fix in CLI, resource leak fix in SQLite alternate client.
 - 🚨 **v9.2.2 — Critical: Split-Brain Detection & Prevention:** When multiple MCP clients use different storage backends (e.g., Claude Desktop → Supabase, Antigravity → SQLite), session state could silently diverge, causing agents to act on stale TODOs and outdated context. **New: `--storage` flag** on `prism load` CLI lets callers explicitly select which backend to read from. **New: Split-Brain Drift Detection** in `session_load_context` — compares active and alternate backend versions at load time and warns prominently when they diverge. Session loader script updated to respect `PRISM_STORAGE` environment variable.
@@ -854,7 +859,7 @@ Standard memory servers (like Mem0, Zep, or the baseline Anthropic MCP) act as p
 | **Storage Engine** | **BYO SQLite or Supabase** | Managed Cloud / VectorDBs | Managed Cloud / Postgres | Local SQLite only |
 | **Context Assembly** | **Progressive (Quick/Std/Deep)** | Top-K Semantic Search | Top-K + Temporal Summaries | Basic Entity Search |
 | **Memory Mechanics** | **ACT-R Activation, Spreading Activation, Hebbian Consolidation, Rejection Gate** | Basic Vector + Entity | Fading Temporal Graph | None (Infinite growth) |
-| **Multi-Agent Sync** | **CRDT (Add-Wins / LWW)** | Cloud locks | Postgres locks | ❌ None (Data races) |
+| **Multi-Agent Sync** | **CRDT (Remove-Wins / LWW)** | Cloud locks | Postgres locks | ❌ None (Data races) |
 | **Data Compression** | **TurboQuant (7x smaller vectors)** | ❌ Standard F32 Vectors | ❌ Standard Vectors | ❌ No Vectors |
 | **Observability** | **OTel Traces + Built-in PWA UI** | Cloud Dashboard | Cloud Dashboard | ❌ None |
 | **Maintenance** | **Autonomous Background Scheduler** | Manual/API driven | Automated (Cloud) | ❌ Manual |
@@ -909,6 +914,10 @@ prism load my-project --level deep             # Full context with all enrichmen
 prism load my-project --level quick --json     # Machine-readable JSON
 prism load my-project --role dev --json        # Role-scoped loading
 
+# Bidirectional sync (v9.4.0)
+prism sync push                                # Push local SQLite → Supabase
+prism sync push --json                         # Machine-readable output
+
 # Verification harness
 prism verify status                            # Check verification state
 prism verify status --json                     # Machine-readable output
@@ -1225,8 +1234,16 @@ Prism has evolved from smart session logging into a **cognitive memory architect
 | **v7.8** | Multi-Hop Causal Reasoning — spreading activation traverses `caused_by`/`led_to` edges with damped fan effect (`1/ln(fan+e)`) and lateral inhibition | ACT-R spreading activation (Anderson), Collins & Loftus (1975) | ✅ Shipped |
 | **v7.8** | Uncertainty-Aware Rejection Gate — dual-signal (similarity floor + gap distance) safety layer prevents hallucination from low-confidence retrievals | Metacognition research, uncertainty quantification | ✅ Shipped |
 | **v7.8** | Dynamic Fast Weight Decay — `is_rollup` semantic nodes decay 50% slower (`ageModifier = 0.5`) than episodic entries, creating Long-Term Context anchors | ACT-R base-level activation with differential decay rates | ✅ Shipped |
-| **v7.x** | Affect-Tagged Memory — sentiment shapes what gets recalled | Affect-modulated retrieval (neuroscience) | 🔭 Horizon |
-| **v8+** | Zero-Search Retrieval — no index, no ANN, just ask the vector | Holographic Reduced Representations | 🔭 Horizon |
+| **v9.0** | Affect-Tagged Memory — valence-scored retrieval where `\|valence\|` boosts ranking; UX warnings surface historically negative topics | Affect-modulated retrieval (neuroscience), somatic marker hypothesis | ✅ Shipped |
+| **v9.0** | Surprisal Gate — vector-based novelty pricing: high-surprisal saves cost 0.5× tokens, low-surprisal 2.0×; forces LLM data compression | Information-theoretic surprisal (Shannon), predictive coding | ✅ Shipped |
+| **v9.0** | Cognitive Budget — per-project token economy with passive UBI recovery (+100 tokens/hr); agents that over-save enter Cognitive Debt | Resource-bounded rationality (Simon, 1955) | ✅ Shipped |
+| **v9.1** | Task Router v2 — 6-signal weighted heuristic engine routing tasks between cloud host and local LLM based on file-type complexity, scope, and multi-step detection | Heuristic classification, cognitive load theory | ✅ Shipped |
+| **v9.2** | Cross-Backend Reconciliation — automatic Supabase → SQLite sync with idempotent dedup and 5s timeout | Eventual consistency, crdt-style reconciliation | ✅ Shipped |
+| **v9.2** | Split-Brain Drift Detection — dual-backend version comparison with prominent divergence warnings at load time | Byzantine fault detection, split-brain resolution | ✅ Shipped |
+| **v9.2** | TurboQuant QJL Validation — zero R@5 delta between P50 and P95 residual vectors (d=128, N=2K); CV=0.038 at d=768 proves no long tail | QJL estimator (ICLR 2026), Householder orthogonal rotation | ✅ Shipped |
+| **v9.2** | Typed Security Errors — `PrototypePollutionError` with `offendingKey` for forensic logging; null-byte path injection guard in SafetyController | Defense-in-depth (NIST), C-string truncation attack mitigation | ✅ Shipped |
+| **v9.3** | ResidualNorm Tiebreaker — within-ε candidates ranked by compression fidelity (`PRISM_TURBOQUANT_TIEBREAKER_EPSILON`); +2pp R@1, +1pp R@5 at ε=0.005 | Quantization confidence scoring, compression-aware retrieval | ✅ Shipped |
+| **v10+** | Zero-Search Retrieval — no index, no ANN, just ask the vector | Holographic Reduced Representations | 🔭 Horizon |
 
 > Informed by Anderson's ACT-R (Adaptive Control of Thought—Rational), Collins & Loftus spreading activation networks (1975), Kanerva's SDM (1988), Hebb's learning rule, and LeCun's "Why AI Systems Don't Learn" (Dupoux, LeCun, Malik).
 
@@ -1258,7 +1275,7 @@ Prism MCP is open-source and free for individual developers. For teams and enter
 
 ## 📦 Milestones & Roadmap
 
-> **Current: v9.2.4** — Cross-Backend Reconciliation ([CHANGELOG](CHANGELOG.md))
+> **Current: v9.3.0** — TurboQuant ResidualNorm Tiebreaker ([CHANGELOG](CHANGELOG.md))
 
 | Release | Headline |
 |---------|----------|

package/dist/cli.js

@@ -7,7 +7,7 @@ import { getStorage, closeStorage } from './storage/index.js';
 import { getSetting } from './storage/configStorage.js';
 import { PRISM_USER_ID, SERVER_CONFIG } from './config.js';
 import { getCurrentGitState } from './utils/git.js';
-import { sessionLoadContextHandler } from './tools/ledgerHandlers.js';
+import { sessionLoadContextHandler, sessionSaveLedgerHandler, sessionSaveHandoffHandler } from './tools/ledgerHandlers.js';
 const program = new Command();
 program
     .name('prism')
@@ -131,6 +131,149 @@ program
         process.exit(1);
     }
 });
+// ─── prism save ───────────────────────────────────────────────
+// Saves session state using the same storage layer as the MCP
+// session_save_ledger and session_save_handoff tools. Works with
+// both SQLite and Supabase.
+//
+// Designed for Antigravity and other environments that cannot use
+// MCP tools directly. This is the counterpart to `prism load`.
+//
+// Two subcommands:
+//   prism save ledger <project>  — append immutable session log entry
+//   prism save handoff <project> — update live project state for next session
+const saveCmd = program
+    .command('save')
+    .description('Save session state (ledger entries and handoff)');
+/**
+ * Parse a CLI string argument that may be a JSON array or a plain string.
+ * Returns string[] for arrays, wraps plain strings in an array.
+ */
+function parseJsonArrayArg(val, fieldName) {
+    if (!val)
+        return undefined;
+    const trimmed = val.trim();
+    if (trimmed.startsWith('[')) {
+        try {
+            const parsed = JSON.parse(trimmed);
+            if (!Array.isArray(parsed))
+                throw new Error('not an array');
+            return parsed.map(String);
+        }
+        catch (err) {
+            console.error(`Error: --${fieldName} must be a valid JSON array. Got: ${trimmed}`);
+            process.exit(1);
+        }
+    }
+    // Plain string → single-element array
+    return [trimmed];
+}
+saveCmd
+    .command('ledger <project>')
+    .description('Save an immutable session log entry (same as session_save_ledger MCP tool)')
+    .requiredOption('-c, --conversation-id <id>', 'Unique conversation/session identifier')
+    .requiredOption('-m, --summary <text>', 'Summary of what was accomplished')
+    .option('-t, --todos <json>', 'Open TODO items as JSON array, e.g. \'["item1","item2"]\'')
+    .option('-f, --files-changed <json>', 'Files changed as JSON array')
+    .option('-d, --decisions <json>', 'Key decisions as JSON array')
+    .option('-r, --role <role>', 'Agent role for Hivemind scoping')
+    .option('-s, --storage <backend>', 'Storage backend: local (SQLite) or supabase')
+    .option('--json', 'Emit machine-readable JSON output')
+    .action(async (project, options) => {
+    try {
+        // Storage override
+        if (options.storage) {
+            const validStorages = ['local', 'supabase'];
+            if (!validStorages.includes(options.storage)) {
+                console.error(`Error: Invalid storage "${options.storage}". Must be one of: ${validStorages.join(', ')}`);
+                process.exit(1);
+            }
+            process.env.PRISM_STORAGE = options.storage;
+        }
+        const args = {
+            project,
+            conversation_id: options.conversationId,
+            summary: options.summary,
+            todos: parseJsonArrayArg(options.todos, 'todos'),
+            files_changed: parseJsonArrayArg(options.filesChanged, 'files-changed'),
+            decisions: parseJsonArrayArg(options.decisions, 'decisions'),
+            role: options.role,
+        };
+        const result = await sessionSaveLedgerHandler(args);
+        if (options.json) {
+            console.log(JSON.stringify({
+                success: !result.isError,
+                text: result.content[0]?.text || '',
+            }, null, 2));
+        }
+        else {
+            console.log(result.content[0]?.text || 'Done');
+        }
+        if (result.isError) {
+            await closeStorage();
+            process.exit(1);
+        }
+        await closeStorage();
+    }
+    catch (err) {
+        console.error(`Error saving ledger: ${err instanceof Error ? err.message : String(err)}`);
+        await closeStorage().catch(() => { });
+        process.exit(1);
+    }
+});
+saveCmd
+    .command('handoff <project>')
+    .description('Update the live project state for next session (same as session_save_handoff MCP tool)')
+    .option('-m, --last-summary <text>', 'Summary of the most recent session')
+    .option('-t, --open-todos <json>', 'Current open TODO items as JSON array')
+    .option('-k, --key-context <text>', 'Free-form critical context for next session')
+    .option('-b, --active-branch <branch>', 'Git branch or context to resume on')
+    .option('-v, --expected-version <n>', 'Version for optimistic concurrency control', parseInt)
+    .option('-r, --role <role>', 'Agent role for Hivemind scoping')
+    .option('-s, --storage <backend>', 'Storage backend: local (SQLite) or supabase')
+    .option('--json', 'Emit machine-readable JSON output')
+    .action(async (project, options) => {
+    try {
+        // Storage override
+        if (options.storage) {
+            const validStorages = ['local', 'supabase'];
+            if (!validStorages.includes(options.storage)) {
+                console.error(`Error: Invalid storage "${options.storage}". Must be one of: ${validStorages.join(', ')}`);
+                process.exit(1);
+            }
+            process.env.PRISM_STORAGE = options.storage;
+        }
+        const args = {
+            project,
+            last_summary: options.lastSummary,
+            open_todos: parseJsonArrayArg(options.openTodos, 'open-todos'),
+            key_context: options.keyContext,
+            active_branch: options.activeBranch,
+            expected_version: options.expectedVersion,
+            role: options.role,
+        };
+        const result = await sessionSaveHandoffHandler(args);
+        if (options.json) {
+            console.log(JSON.stringify({
+                success: !result.isError,
+                text: result.content[0]?.text || '',
+            }, null, 2));
+        }
+        else {
+            console.log(result.content[0]?.text || 'Done');
+        }
+        if (result.isError) {
+            await closeStorage();
+            process.exit(1);
+        }
+        await closeStorage();
+    }
+    catch (err) {
+        console.error(`Error saving handoff: ${err instanceof Error ? err.message : String(err)}`);
+        await closeStorage().catch(() => { });
+        process.exit(1);
+    }
+});
 // ─── prism verify ─────────────────────────────────────────────
 const verifyCmd = program
     .command('verify')
@@ -171,4 +314,58 @@ verifyCmd
         await storage.close();
     }
 });
+// ─── prism sync ───────────────────────────────────────────────
+// M4: Bidirectional reconciliation commands.
+// `prism sync push` pushes local SQLite data to Supabase.
+const syncCmd = program
+    .command('sync')
+    .description('Cross-backend data synchronization');
+syncCmd
+    .command('push')
+    .description('Push local SQLite data to Supabase (handoffs + recent ledger)')
+    .option('--json', 'Emit machine-readable JSON output')
+    .action(async (options) => {
+    try {
+        // Force local storage mode to read from SQLite
+        process.env.PRISM_STORAGE = 'local';
+        const storage = await getStorage();
+        // Verify Supabase credentials are available
+        const { getSetting } = await import('./storage/configStorage.js');
+        const sbUrl = process.env.SUPABASE_URL || await getSetting('SUPABASE_URL');
+        const sbKey = process.env.SUPABASE_KEY || await getSetting('SUPABASE_KEY');
+        if (!sbUrl || !sbKey) {
+            console.error('❌ Supabase credentials not configured. Set SUPABASE_URL and SUPABASE_KEY.');
+            await closeStorage();
+            process.exit(1);
+        }
+        // Ensure process.env has the credentials for supabaseApi.ts
+        process.env.SUPABASE_URL = sbUrl;
+        process.env.SUPABASE_KEY = sbKey;
+        const { pushReconciliation } = await import('./storage/reconcile.js');
+        const { SqliteStorage } = await import('./storage/sqlite.js');
+        const sqliteInstance = storage;
+        const getTimestamps = () => sqliteInstance.getHandoffTimestamps();
+        const result = await pushReconciliation(storage, getTimestamps);
+        if (options.json) {
+            console.log(JSON.stringify(result, null, 2));
+        }
+        else {
+            if (result.handoffsPushed === 0 && result.ledgerEntriesPushed === 0) {
+                console.log('✅ Supabase is already up-to-date with local data.');
+            }
+            else {
+                console.log(`✅ Pushed ${result.handoffsPushed} handoff(s) + ${result.ledgerEntriesPushed} ledger entries to Supabase`);
+                if (result.projects.length > 0) {
+                    console.log(`   Projects: ${result.projects.join(', ')}`);
+                }
+            }
+        }
+        await closeStorage();
+    }
+    catch (err) {
+        console.error(`Error during sync push: ${err instanceof Error ? err.message : String(err)}`);
+        await closeStorage().catch(() => { });
+        process.exit(1);
+    }
+});
 program.parse(process.argv);

package/dist/config.js

@@ -73,12 +73,12 @@ if (!BRAVE_ANSWERS_API_KEY && process.env.PRISM_DEBUG_LOGGING === "true") {
 export const VOYAGE_API_KEY = process.env.VOYAGE_API_KEY;
 // ─── v2.0: Storage Backend Selection ─────────────────────────
 // REVIEWER NOTE: Step 1 of v2.0 introduces a storage abstraction.
-// Currently only "supabase" is implemented. "local" (SQLite) is
-// coming in Step 2. Default is "supabase" for backward compat.
+// Both "local" (SQLite) and "supabase" (PostgreSQL) are implemented.
+// Default is "local" for zero-config operation.
 //
-// Set PRISM_STORAGE=local to use SQLite (once implemented).
-// Set PRISM_STORAGE=supabase to use Supabase REST API (default).
-export const PRISM_STORAGE = process.env.PRISM_STORAGE || "supabase";
+// Set PRISM_STORAGE=supabase to use Supabase REST API.
+// Set PRISM_STORAGE=local to use SQLite (default).
+export const PRISM_STORAGE = process.env.PRISM_STORAGE || "local";
 // Logged at debug level — see debug() at bottom of file
 // ─── Optional: Supabase (Session Memory Module) ───────────────
 // When both SUPABASE_URL and SUPABASE_KEY are set, session memory tools
@@ -268,3 +268,17 @@ export const PRISM_DARK_FACTORY_ENABLED = process.env.PRISM_DARK_FACTORY_ENABLED
 export const PRISM_DARK_FACTORY_POLL_MS = parseInt(process.env.PRISM_DARK_FACTORY_POLL_MS || "30000", 10);
 /** Default max wall-clock time per pipeline (ms). Default: 15 minutes. */
 export const PRISM_DARK_FACTORY_MAX_RUNTIME_MS = parseInt(process.env.PRISM_DARK_FACTORY_MAX_RUNTIME_MS || "900000", 10);
+// ─── v9.3: TurboQuant ResidualNorm Tiebreaker ─────────────────
+// When two compressed cosine scores are within ε of each other,
+// prefer the candidate with lower residualNorm (its compressed
+// representation captured more signal energy, making its score
+// more trustworthy). Empirically validated: ε=0.005 gives +2pp
+// R@1, +1pp R@5 on random d=128 vectors. Set to 0 to disable.
+//
+// Only affects Tier-2 TurboQuant JS-side search (both SQLite and
+// Supabase backends). Tier-1 native vector search is unaffected.
+/** Tiebreaker threshold for TurboQuant Tier-2 ranking. 0 = disabled (default). */
+const rawTiebreakerEpsilon = parseFloat(process.env.PRISM_TURBOQUANT_TIEBREAKER_EPSILON || "0");
+export const PRISM_TURBOQUANT_TIEBREAKER_EPSILON = Number.isFinite(rawTiebreakerEpsilon) && rawTiebreakerEpsilon >= 0
+    ? rawTiebreakerEpsilon
+    : 0;

package/dist/dashboard/graphRouter.js

@@ -16,10 +16,20 @@
  */
 import { recordSynthesisRun, recordTestMeRequest, getGraphMetricsSnapshot } from "../observability/graphMetrics.js";
 /** Read HTTP request body as string */
+/** SECURITY: 10MB limit prevents memory exhaustion from oversized POST payloads. */
+const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10MB
 function readBody(req) {
     return new Promise((resolve, reject) => {
         const chunks = [];
-        req.on("data", (chunk) => { chunks.push(chunk); });
+        let totalBytes = 0;
+        req.on("data", (chunk) => {
+            totalBytes += chunk.length;
+            if (totalBytes > MAX_BODY_BYTES) {
+                req.destroy(new Error("Request body too large (>10MB)"));
+                return reject(new Error("Request body too large"));
+            }
+            chunks.push(chunk);
+        });
         req.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
         req.on("error", reject);
     });

package/dist/dashboard/server.js

@@ -35,10 +35,20 @@ import { handleGraphRoutes } from "./graphRouter.js";
 import { safeCompare, generateToken, isAuthenticated, createRateLimiter, initJWKS, } from "./authUtils.js";
 const PORT = parseInt(process.env.PRISM_DASHBOARD_PORT || "3000", 10);
 /** Read HTTP request body as string (Buffer-based to avoid GC thrash on large imports) */
+/** SECURITY: 10MB limit prevents memory exhaustion from oversized POST payloads. */
+const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10MB
 function readBody(req) {
     return new Promise((resolve, reject) => {
         const chunks = [];
-        req.on("data", (chunk) => { chunks.push(chunk); });
+        let totalBytes = 0;
+        req.on("data", (chunk) => {
+            totalBytes += chunk.length;
+            if (totalBytes > MAX_BODY_BYTES) {
+                req.destroy(new Error("Request body too large (>10MB)"));
+                return reject(new Error("Request body too large"));
+            }
+            chunks.push(chunk);
+        });
         req.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
         req.on("error", reject);
     });
@@ -165,8 +175,13 @@ return false;}
         // v6.5.1: CORS — restrict origin when auth is enabled to prevent CSRF
         if (AUTH_ENABLED) {
             const origin = req.headers.origin || "";
-            // Only echo back the origin if present (browser-initiated requests)
-            if (origin) {
+            // SECURITY: Allowlist-based CORS — don't echo arbitrary origins with credentials
+            const allowedOrigins = new Set([
+                `http://localhost:${PORT}`,
+                `http://127.0.0.1:${PORT}`,
+                process.env.PRISM_DASHBOARD_ORIGIN || "",
+            ].filter(Boolean));
+            if (origin && allowedOrigins.has(origin)) {
                 res.setHeader("Access-Control-Allow-Origin", origin);
                 res.setHeader("Access-Control-Allow-Credentials", "true");
             }
@@ -176,6 +191,9 @@ return false;}
         }
         res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
         res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+        // SECURITY: Prevent clickjacking via X-Frame-Options and CSP
+        res.setHeader("X-Frame-Options", "DENY");
+        res.setHeader("Content-Security-Policy", "frame-ancestors 'none'");
         if (req.method === "OPTIONS") {
             res.writeHead(204);
             return res.end();
@@ -614,6 +632,26 @@ return false;}
                     const body = await readBody(req);
                     const parsed = JSON.parse(body);
                     if (parsed.key && parsed.value !== undefined) {
+                        // SECURITY: Allowlist of dashboard-settable keys to prevent
+                        // credential overwrite (SUPABASE_KEY, STRIPE_SECRET_KEY, etc.)
+                        const SETTABLE_KEYS = new Set([
+                            "PRISM_STORAGE", "SUPABASE_URL", "SUPABASE_KEY",
+                            "BRAVE_API_KEY", "BRAVE_ANSWERS_API_KEY",
+                            "GOOGLE_API_KEY", "VOYAGE_API_KEY",
+                            "FIRECRAWL_API_KEY", "TAVILY_API_KEY",
+                            "embedding_provider", "embedding_model",
+                            "PRISM_ENABLE_HIVEMIND", "PRISM_DARK_FACTORY_ENABLED",
+                            "PRISM_TASK_ROUTER_ENABLED", "PRISM_SCHOLAR_ENABLED",
+                            "PRISM_HDC_ENABLED", "PRISM_ACTR_ENABLED",
+                            "PRISM_GRAPH_PRUNING_ENABLED",
+                        ]);
+                        const isSkillKey = parsed.key.startsWith("skill:");
+                        const isTTLKey = parsed.key.startsWith("ttl:");
+                        const isAutoloadKey = parsed.key.startsWith("autoload:");
+                        if (!SETTABLE_KEYS.has(parsed.key) && !isSkillKey && !isTTLKey && !isAutoloadKey) {
+                            res.writeHead(403, { "Content-Type": "application/json" });
+                            return res.end(JSON.stringify({ error: `Setting key "${parsed.key}" is not allowed via the dashboard.` }));
+                        }
                         const { setSetting } = await import("../storage/configStorage.js");
                         await setSetting(parsed.key, String(parsed.value));
                         res.writeHead(200, { "Content-Type": "application/json" });
@@ -788,6 +826,16 @@ return false;}
                         res.writeHead(400, { "Content-Type": "application/json" });
                         return res.end(JSON.stringify({ error: "path is required" }));
                     }
+                    // SECURITY: Restrict import paths to prevent arbitrary file reads.
+                    // Only allow files from home directory, /tmp, and current working directory.
+                    const resolvedPath = path.resolve(filePath);
+                    const homeDir = os.homedir();
+                    const allowedPrefixes = [homeDir, os.tmpdir(), process.cwd()];
+                    const isAllowed = allowedPrefixes.some(prefix => resolvedPath.startsWith(prefix + path.sep) || resolvedPath === prefix);
+                    if (!isAllowed) {
+                        res.writeHead(403, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ error: `Import path must be under home directory or /tmp` }));
+                    }
                     // Verify file exists before starting import
                     if (!fs.existsSync(filePath)) {
                         res.writeHead(400, { "Content-Type": "application/json" });

package/dist/storage/reconcile.js

@@ -235,3 +235,154 @@ async function reconcileLedger(localStorage, projects) {
     }
     return totalSynced;
 }
+/**
+ * Push newer local handoffs and ledger entries to Supabase.
+ *
+ * @param localStorage - The initialized SQLite storage instance
+ * @param getLocalTimestamps - Function to bulk-read local handoff timestamps
+ */
+export async function pushReconciliation(localStorage, getLocalTimestamps) {
+    const result = { handoffsPushed: 0, ledgerEntriesPushed: 0, projects: [] };
+    try {
+        // Step 1: Get all local handoffs
+        let localTimestamps;
+        if (getLocalTimestamps) {
+            localTimestamps = await getLocalTimestamps();
+        }
+        else {
+            debugLog("[Push Reconcile] No getLocalTimestamps provided — nothing to push");
+            return result;
+        }
+        if (localTimestamps.size === 0) {
+            debugLog("[Push Reconcile] No local handoffs — nothing to push");
+            return result;
+        }
+        // Step 2: Fetch all remote handoff timestamps for comparison
+        const remoteHandoffs = await withTimeout(supabaseGet("session_handoffs", {
+            user_id: `eq.${PRISM_USER_ID}`,
+            select: "project,role,updated_at",
+        }), RECONCILE_TIMEOUT_MS, "fetch remote handoff timestamps");
+        const remoteTimestamps = new Map();
+        if (Array.isArray(remoteHandoffs)) {
+            for (const r of remoteHandoffs) {
+                const key = `${r.project}::${r.role || "global"}`;
+                remoteTimestamps.set(key, r.updated_at);
+            }
+        }
+        // Step 3: Find local handoffs that are newer than remote
+        const projectsToPush = new Set();
+        for (const [key, localUpdatedAt] of localTimestamps) {
+            const remoteUpdatedAt = remoteTimestamps.get(key);
+            const localIsNewer = !remoteUpdatedAt
+                || (localUpdatedAt && new Date(localUpdatedAt) > new Date(remoteUpdatedAt));
+            if (localIsNewer) {
+                const [project, role] = key.split("::");
+                projectsToPush.add(project);
+                // Load the full handoff from local storage
+                const ctx = await localStorage.loadContext(project, "quick", PRISM_USER_ID, role || "global");
+                if (!ctx)
+                    continue;
+                // Upsert to Supabase
+                try {
+                    const { supabasePost } = await import("../utils/supabaseApi.js");
+                    await withTimeout(supabasePost("session_handoffs", {
+                        project,
+                        user_id: PRISM_USER_ID,
+                        role: role || "global",
+                        last_summary: ctx.last_summary ?? null,
+                        pending_todo: ctx.pending_todo ?? [],
+                        active_decisions: ctx.active_decisions ?? [],
+                        keywords: ctx.keywords ?? [],
+                        key_context: ctx.key_context ?? null,
+                        active_branch: ctx.active_branch ?? null,
+                        metadata: ctx.metadata ?? {},
+                    }, {
+                        on_conflict: "project,user_id,role",
+                    }, {
+                        "Prefer": "return=representation,resolution=merge-duplicates",
+                    }), RECONCILE_TIMEOUT_MS, `push handoff ${project}`);
+                    result.handoffsPushed++;
+                    result.projects.push(project);
+                    debugLog(`[Push Reconcile] Pushed handoff "${project}" (role: ${role || "global"}) to Supabase`);
+                }
+                catch (pushErr) {
+                    debugLog(`[Push Reconcile] Failed to push handoff "${project}": ` +
+                        `${pushErr instanceof Error ? pushErr.message : String(pushErr)}`);
+                }
+            }
+        }
+        // Step 4: Push recent ledger entries for pushed projects
+        if (projectsToPush.size > 0) {
+            const { supabasePost, supabaseGet: sbGet } = await import("../utils/supabaseApi.js");
+            for (const project of projectsToPush) {
+                try {
+                    // Get local recent entries
+                    const localEntries = await localStorage.getLedgerEntries({
+                        project: `eq.${project}`,
+                        user_id: `eq.${PRISM_USER_ID}`,
+                        archived_at: "is.null",
+                        deleted_at: "is.null",
+                        order: "created_at.desc",
+                        limit: "20",
+                        select: "id,project,conversation_id,summary,user_id,role,todos,files_changed,decisions,keywords,event_type,importance,created_at,session_date",
+                    });
+                    if (!Array.isArray(localEntries) || localEntries.length === 0)
+                        continue;
+                    // Check which IDs already exist in Supabase
+                    const localIds = localEntries.map(e => e.id);
+                    const remoteExisting = await withTimeout(sbGet("session_ledger", {
+                        id: `in.(${localIds.join(",")})`,
+                        select: "id",
+                    }), RECONCILE_TIMEOUT_MS, `check remote ledger for ${project}`);
+                    const existingRemoteIds = new Set((Array.isArray(remoteExisting) ? remoteExisting : []).map((e) => e.id));
+                    // Push entries that don't exist remotely
+                    for (const entry of localEntries) {
+                        if (existingRemoteIds.has(entry.id))
+                            continue;
+                        try {
+                            await supabasePost("session_ledger", {
+                                id: entry.id,
+                                project: entry.project,
+                                conversation_id: entry.conversation_id || "pushed",
+                                summary: entry.summary,
+                                user_id: PRISM_USER_ID,
+                                role: entry.role || "global",
+                                todos: safeParseArray(entry.todos),
+                                files_changed: safeParseArray(entry.files_changed),
+                                decisions: safeParseArray(entry.decisions),
+                                keywords: safeParseArray(entry.keywords),
+                                event_type: entry.event_type || "session",
+                                importance: entry.importance || 0,
+                            });
+                            result.ledgerEntriesPushed++;
+                        }
+                        catch (insertErr) {
+                            const msg = insertErr instanceof Error ? insertErr.message : String(insertErr);
+                            // Skip duplicate key violations silently
+                            if (!msg.includes("duplicate") && !msg.includes("23505")) {
+                                debugLog(`[Push Reconcile] Failed to push ledger entry ${entry.id}: ${msg}`);
+                            }
+                        }
+                    }
+                }
+                catch (err) {
+                    debugLog(`[Push Reconcile] Ledger push failed for "${project}": ` +
+                        `${err instanceof Error ? err.message : String(err)}`);
+                }
+            }
+        }
+        if (result.handoffsPushed > 0 || result.ledgerEntriesPushed > 0) {
+            debugLog(`[Push Reconcile] Pushed ${result.handoffsPushed} handoff(s)` +
+                `${result.ledgerEntriesPushed > 0 ? ` + ${result.ledgerEntriesPushed} ledger entries` : ""}` +
+                ` from SQLite → Supabase: ${result.projects.join(", ")}`);
+        }
+        else {
+            debugLog("[Push Reconcile] Supabase already up-to-date with local data");
+        }
+    }
+    catch (err) {
+        debugLog(`[Push Reconcile] Failed (non-fatal): ` +
+            `${err instanceof Error ? err.message : String(err)}`);
+    }
+    return result;
+}

package/dist/storage/sqlite.js

@@ -1594,6 +1594,9 @@ export class SqliteStorage {
         `;
                 const fallbackResult = await this.db.execute({ sql: fallbackSql, args: fallbackArgs });
                 // Score each entry using asymmetric cosine similarity
+                // Track residualNorm for optional tiebreaker (v9.3)
+                const { PRISM_TURBOQUANT_TIEBREAKER_EPSILON } = await import("../config.js");
+                const eps = PRISM_TURBOQUANT_TIEBREAKER_EPSILON;
                 const scored = [];
                 for (const row of fallbackResult.rows) {
                     try {
@@ -1613,6 +1616,7 @@ export class SqliteStorage {
                                 is_rollup: Boolean(row.is_rollup),
                                 importance: row.importance ?? 0,
                                 last_accessed_at: row.last_accessed_at || null,
+                                _residualNorm: eps > 0 ? compressed.residualNorm : undefined,
                             });
                         }
                     }
@@ -1620,9 +1624,20 @@ export class SqliteStorage {
                         // Skip entries with corrupt compressed data
                     }
                 }
-                // Sort by similarity descending and limit
-                scored.sort((a, b) => b.similarity - a.similarity);
+                // Sort by similarity descending, with optional residualNorm tiebreaker
+                // When ε > 0: candidates within ε of each other are ranked by lower
+                // residualNorm (its compressed representation is more trustworthy).
+                scored.sort((a, b) => {
+                    const diff = b.similarity - a.similarity;
+                    if (eps > 0 && Math.abs(diff) < eps && a._residualNorm != null && b._residualNorm != null) {
+                        return a._residualNorm - b._residualNorm;
+                    }
+                    return diff;
+                });
                 const baseResults = scored.slice(0, params.limit);
+                // Strip internal tiebreaker field before returning
+                for (const r of baseResults)
+                    delete r._residualNorm;
                 debugLog(`[SqliteStorage] Tier-2 TurboQuant fallback: scored ${fallbackResult.rows.length} entries, ` +
                     `${scored.length} above threshold`);
                 if (params.activation?.enabled) {

package/dist/storage/supabase.js

@@ -280,6 +280,9 @@ export class SupabaseStorage {
                     queryParams.role = `eq.${params.role}`;
                 const rows = await supabaseGet("session_ledger", queryParams);
                 const scored = [];
+                // v9.3: Import tiebreaker config for optional residualNorm ranking
+                const { PRISM_TURBOQUANT_TIEBREAKER_EPSILON } = await import("../config.js");
+                const eps = PRISM_TURBOQUANT_TIEBREAKER_EPSILON;
                 for (const row of (Array.isArray(rows) ? rows : [])) {
                     try {
                         const compressedBase64 = row.embedding_compressed;
@@ -295,6 +298,7 @@ export class SupabaseStorage {
                                 session_date: (row.session_date || row.created_at),
                                 decisions: Array.isArray(row.decisions) ? row.decisions : [],
                                 files_changed: Array.isArray(row.files_changed) ? row.files_changed : [],
+                                _residualNorm: eps > 0 ? compressed.residualNorm : undefined,
                             });
                         }
                     }
@@ -302,10 +306,21 @@ export class SupabaseStorage {
                         // Skip entries with corrupt compressed data
                     }
                 }
-                scored.sort((a, b) => b.similarity - a.similarity);
+                // Sort by similarity descending, with optional residualNorm tiebreaker
+                scored.sort((a, b) => {
+                    const diff = b.similarity - a.similarity;
+                    if (eps > 0 && Math.abs(diff) < eps && a._residualNorm != null && b._residualNorm != null) {
+                        return a._residualNorm - b._residualNorm;
+                    }
+                    return diff;
+                });
                 debugLog(`[SupabaseStorage] Tier-2 TurboQuant fallback: scored ${rows.length} entries, ` +
                     `${scored.length} above threshold`);
-                return scored.slice(0, params.limit);
+                const results = scored.slice(0, params.limit);
+                // Strip internal tiebreaker field before returning
+                for (const r of results)
+                    delete r._residualNorm;
+                return results;
             }
             catch (tier2Err) {
                 // Both tiers failed — return empty; caller falls through to FTS5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prism-mcp-server",
-  "version": "9.2.7",
+  "version": "9.4.0",
   "mcpName": "io.github.dcostenco/prism-mcp",
   "description": "The Mind Palace for AI Agents — a true Cognitive Architecture with Hebbian learning (episodic→semantic consolidation), ACT-R spreading activation (multi-hop causal reasoning), uncertainty-aware rejection gates (agents that know when they don't know), adversarial evaluation (anti-sycophancy), fail-closed Dark Factory pipelines, persistent memory (SQLite/Supabase), multi-agent Hivemind, time travel & visual dashboard. Zero-config local mode.",
   "module": "index.ts",
@@ -101,7 +101,7 @@
     "typescript": "^5.0.0"
   },
   "dependencies": {
-    "@anthropic-ai/sdk": "^0.80.0",
+    "@anthropic-ai/sdk": "^0.81.0",
     "@google-cloud/discoveryengine": "^2.5.3",
     "@google/generative-ai": "^0.24.1",
     "@libsql/client": "^0.17.2",