What's new

Pre-push verification gate (Rule 19 expanded)

Rule 19 is now a full verification gate — not just tsc --noEmit. Both steps must pass before every git push, regardless of repo type:

• Type check — tsc --noEmit / next build / mypy / pyright
• Test suite — npx vitest run / python3 -m pytest / npm test / jest

Each catches a different failure class. Type check alone missed 2 incidents in May 2026.

Mechanical guard + 20 test cases

verification_guard.py checks whether both steps ran before a push. 20 test cases including verbatim command sequences from both May 2026 incidents:

• Incident #1 (e55211c): aacSpeak import dropped, vitest passed (mocked), Vercel failed
• Incident #2 (6ca43ff): translation fix pushed, 2 tests failing, only next build ran

Patch

npm publish requires OTP. Run when ready:

npm install -g [email protected]

What's new

Two-namespace skill architecture

• skill:* — Platform skills. Read-only cache. Written only by sync-skills.sh or fetched from Synalux. Users cannot overwrite.
• user_skill:* — User-local skills. Written via dashboard POST /api/skills. Only loaded when user_local.enabled=true in routing table (off by default). Never sent to Supabase.

Synalux dynamic skill content (no redeploy needed)

• GET /api/v1/skills/content checks Supabase platform_skills table first, falls back to filesystem.
• POST /api/v1/admin/skills — platform admin only — update skill content live.
• Auto-learn hooks can write corrections to platform_skills table automatically.
• Audit log on every change.

Skill routing schema v2

• resolveSkillsForProject returns { names, user_local } — callers now get the user_local policy alongside skill names.
• Routing table gains user_local: { enabled, key_prefix }.

New universal skills

• execute-method-literally — 26-case test suite with verbatim May 2026 session replay
• pre-push-audit Rule 19 — tsc --noEmit before every push

Bug fix

• skill-routing.test.ts updated for v2 return type (was string[], now { names, user_local })

Upgrade

npm install -g [email protected]
# or with npx (no install)
npx [email protected]

No migrations needed. user_skill:* namespace is additive — existing skill:* entries in local SQLite are untouched.

What's new

Skill content now routes via Synalux (paid tier)

Previously, skill SKILL.md content was only available from local SQLite (populated by sync-skills.sh). Paid-tier installs now fetch skill content from the Synalux portal on every session — always up-to-date, no manual sync required. Local SQLite remains the free-tier and offline fallback.

Data flow:

session_load_context
  → Synalux /api/v1/skills/routing   (which skills, all tiers)
  → Synalux /api/v1/skills/content   (what content, paid tier)
     └─ local SQLite fallback        (free tier / offline)
  → injected as [📜 SKILL: name] blocks

New universal skills

Two new skills added to the universal routing list (load on every session):

• execute-method-literally — When user says "revert to tag X / checkout release Y", execute that exact command. Never substitute an equivalent path. Includes a 26-case test suite with verbatim replay of the May 2026 session that codified the rule.
• critical-thinking-debug (hardened) — Added "Counter-rule: Never substitute a method instruction" section with incident history.

Architecture docs

docs/ARCHITECTURE.md — new Section 12: Skill Architecture, with ASCII data flow diagram, tier behaviour table, resolution order, and source-of-truth table.

Upgrade

npm install -g [email protected]

No migration needed. Paid-tier users with SYNALUX_CONFIGURED=true get the Synalux content fetch automatically. Free-tier behaviour is unchanged.

Prism Coder v15.0.0 — Drift Detection + Evidence-First Protocol

Released: 2026-05-10

The headline

AI agents can now detect when they've drifted from your stated goals mid-session, self-correct, and route alerts to the Synalux portal — using three direct Prism MCP calls, no scripts, no cron, no hooks.

What ships

🔄 Proactive session drift detection

session_save_ledger   → snapshot current state
session_cognitive_route → on_track / minor_drift / major_drift
session_compact_ledger + session_load_context → reset if needed

When major_drift is detected, an alert is posted to synalux.ai/api/v1/prism/memory so the drift is visible across sessions and devices.

Real example it caught: A training session promised BFCL ≥90% for three AI models. The agent spent 3+ hours debugging audio bugs instead. Drift check surfaced: "Training goal unmet. Layer3 corpus missing from all training sets. 0 BFCL scores measured." Session immediately re-aligned.

Skill: ~/.agent/skills/session-drift-detection/SKILL.md
Tests: 10 behavioral test cases in skills/session-drift-detection/tests.md

🛡 Evidence-first behavioral protocol

Hard gates that supersede all other agent instructions:

1. No positive claim (done/fixed/working/90%+) without observable evidence
2. Diagnose before asserting causes (run oscillator test before guessing audio output device)
3. Write regression test before pushing any bug fix
4. Training quality gate: BFCL ≥90% before "training done"
5. 60-min drift check for long sessions

Evidence gate table maps every claim type to required proof artifact.

Skill: ~/.agent/skills/evidence-first-protocol/SKILL.md

🔊 TTS audio protection (prism-aac)

• PROTECT_PLAY_MS=600ms: rapid autoSpeak calls are gracefully dropped instead of killing each other
• interrupt parameter replaces shared flag (fixes Speak button being silenced by concurrent tile taps)
• volume=0 guard with console.warn
• 10 unit tests covering all failure classes
• SSML rate × 2 formula (capped at 1.4) confirmed working

🔍 Search keyboard routing (prism-aac)

• Search opens with keyboard visible immediately
• On-screen keys route to search input via searchKeyBridge.ts

📬 Inbox wired (prism-aac + synalux-private)

• /api/v1/prism-aac/inbox/poll returns real Gmail unread + unclaimed SMS
• Per-message TTS on arrival
• Reply button on schedule message tasks

🏪 Marketplace catalog fixed (synalux-private)

marketplace_modules table created and applied to production Supabase.

13 stub fixes (synalux-private)

Accounting providers, Zoom, Telegram/WhatsApp, e-sign, feature-flags, SMS, and more.

Migration

No breaking changes to MCP tools or protocol. Update via:

npm install -g [email protected]
npx prism-mcp-server --version  # should print 15.0.0

What's next (v15.x)

• BFCL ≥90% verified on 72B, 32B, 2B models (in training)
• Layer3 runtime inference server with 3-layer pipeline
• OpenAI-compatible /v1/chat/completions with layer routing

🧠 Project rename — Prism MCP → Prism Coder

The project is now Prism Coder to reflect its full surface — the Mind Palace memory server and the open-weights LLM fleet (prism-coder:7b + prism-coder:14b on HuggingFace + Ollama).

The npm package stays published as prism-mcp-server so existing install URLs and mcp.json entries keep working without churn — but the prism-coder binary that package provides has been the canonical entry point since v12.

npm install -g [email protected]
prism-coder

Algorithm-stability contract

The following exports are now stable public API under SemVer — external consumers can depend on the constants without re-implementing:

• actrActivation.ts — baseLevelActivation, parameterizedSigmoid, compositeRetrievalScore, all ACT_R_* / DEFAULT_* constants
• spreadingActivation.ts — applySpreadingActivation, the 0.7 / 0.3 hybrid score blend, the finalM = 7 cap
• routerExperience.ts — getExperienceBias, MAX_BIAS_CAP = 0.15, MIN_SAMPLES = 5, the bias-scale formula
• compactionHandler.ts — default threshold = 50, keep_recent = 10, MAX_ENTRIES_CHARS = 25_000
• graphMetrics.ts — warning ratios 0.20 / 0.30 / 0.40 / 0.85 with their min-sample gates
• config.ts — PRISM_ACTR_DECAY, PRISM_GRAPH_PRUNE_MIN_STRENGTH, full PRISM_GRAPH_PRUNE_* family

Breaking changes go through deprecation cycles announced in CHANGELOG.md.

Documentation

• docs/WOW_FEATURES.md — citation-grade catalogue of Prism's algorithms with constants, semantics, and reuse patterns.
• docs/releases/v14.0.0-prism-as-foundation.md — what the contract guarantees, why now, and the migration path for systems that have been re-implementing Prism algorithms.

Why a major bump

External systems were already building on Prism algorithms with hand-tuned approximations. Two failure modes when that happens: (1) the consumer's thresholds drift from Prism's over time, and (2) a copy-pasted constant loses its citation in 6 months and nobody remembers why 0.15 was chosen. Formalising the stability contract fixes both.

What's NOT in this release

• No new MCP tools.
• No model changes — prism-coder:7b and prism-coder:14b unchanged from v13.1.x.
• No schema changes.

Tests

• 71 test files / 2147 passing
• Build clean

Full changelog: CHANGELOG.md