What's new

Pre-push verification gate (Rule 19 expanded)

Rule 19 is now a full verification gate — not just tsc --noEmit. Both steps must pass before every git push, regardless of repo type:

• Type check — tsc --noEmit / next build / mypy / pyright
• Test suite — npx vitest run / python3 -m pytest / npm test / jest

Each catches a different failure class. Type check alone missed 2 incidents in May 2026.

Mechanical guard + 20 test cases

verification_guard.py checks whether both steps ran before a push. 20 test cases including verbatim command sequences from both May 2026 incidents:

• Incident #1 (e55211c): aacSpeak import dropped, vitest passed (mocked), Vercel failed
• Incident #2 (6ca43ff): translation fix pushed, 2 tests failing, only next build ran

Patch

npm publish requires OTP. Run when ready:

npm install -g [email protected]

What's new

Two-namespace skill architecture

• skill:* — Platform skills. Read-only cache. Written only by sync-skills.sh or fetched from Synalux. Users cannot overwrite.
• user_skill:* — User-local skills. Written via dashboard POST /api/skills. Only loaded when user_local.enabled=true in routing table (off by default). Never sent to Supabase.

Synalux dynamic skill content (no redeploy needed)

• GET /api/v1/skills/content checks Supabase platform_skills table first, falls back to filesystem.
• POST /api/v1/admin/skills — platform admin only — update skill content live.
• Auto-learn hooks can write corrections to platform_skills table automatically.
• Audit log on every change.

Skill routing schema v2

• resolveSkillsForProject returns { names, user_local } — callers now get the user_local policy alongside skill names.
• Routing table gains user_local: { enabled, key_prefix }.

New universal skills

• execute-method-literally — 26-case test suite with verbatim May 2026 session replay
• pre-push-audit Rule 19 — tsc --noEmit before every push

Bug fix

• skill-routing.test.ts updated for v2 return type (was string[], now { names, user_local })

Upgrade

npm install -g [email protected]
# or with npx (no install)
npx [email protected]

No migrations needed. user_skill:* namespace is additive — existing skill:* entries in local SQLite are untouched.

What's new

Skill content now routes via Synalux (paid tier)

Previously, skill SKILL.md content was only available from local SQLite (populated by sync-skills.sh). Paid-tier installs now fetch skill content from the Synalux portal on every session — always up-to-date, no manual sync required. Local SQLite remains the free-tier and offline fallback.

Data flow:

session_load_context
  → Synalux /api/v1/skills/routing   (which skills, all tiers)
  → Synalux /api/v1/skills/content   (what content, paid tier)
     └─ local SQLite fallback        (free tier / offline)
  → injected as [📜 SKILL: name] blocks

New universal skills

Two new skills added to the universal routing list (load on every session):

• execute-method-literally — When user says "revert to tag X / checkout release Y", execute that exact command. Never substitute an equivalent path. Includes a 26-case test suite with verbatim replay of the May 2026 session that codified the rule.
• critical-thinking-debug (hardened) — Added "Counter-rule: Never substitute a method instruction" section with incident history.

Architecture docs

docs/ARCHITECTURE.md — new Section 12: Skill Architecture, with ASCII data flow diagram, tier behaviour table, resolution order, and source-of-truth table.

Upgrade

npm install -g [email protected]

No migration needed. Paid-tier users with SYNALUX_CONFIGURED=true get the Synalux content fetch automatically. Free-tier behaviour is unchanged.

Prism Coder v15.0.0 — Drift Detection + Evidence-First Protocol

Released: 2026-05-10

The headline

AI agents can now detect when they've drifted from your stated goals mid-session, self-correct, and route alerts to the Synalux portal — using three direct Prism MCP calls, no scripts, no cron, no hooks.

What ships

🔄 Proactive session drift detection

session_save_ledger   → snapshot current state
session_cognitive_route → on_track / minor_drift / major_drift
session_compact_ledger + session_load_context → reset if needed

When major_drift is detected, an alert is posted to synalux.ai/api/v1/prism/memory so the drift is visible across sessions and devices.

Real example it caught: A training session promised BFCL ≥90% for three AI models. The agent spent 3+ hours debugging audio bugs instead. Drift check surfaced: "Training goal unmet. Layer3 corpus missing from all training sets. 0 BFCL scores measured." Session immediately re-aligned.

Skill: ~/.agent/skills/session-drift-detection/SKILL.md
Tests: 10 behavioral test cases in skills/session-drift-detection/tests.md

🛡 Evidence-first behavioral protocol

Hard gates that supersede all other agent instructions:

1. No positive claim (done/fixed/working/90%+) without observable evidence
2. Diagnose before asserting causes (run oscillator test before guessing audio output device)
3. Write regression test before pushing any bug fix
4. Training quality gate: BFCL ≥90% before "training done"
5. 60-min drift check for long sessions

Evidence gate table maps every claim type to required proof artifact.

Skill: ~/.agent/skills/evidence-first-protocol/SKILL.md

🔊 TTS audio protection (prism-aac)

• PROTECT_PLAY_MS=600ms: rapid autoSpeak calls are gracefully dropped instead of killing each other
• interrupt parameter replaces shared flag (fixes Speak button being silenced by concurrent tile taps)
• volume=0 guard with console.warn
• 10 unit tests covering all failure classes
• SSML rate × 2 formula (capped at 1.4) confirmed working

🔍 Search keyboard routing (prism-aac)

• Search opens with keyboard visible immediately
• On-screen keys route to search input via searchKeyBridge.ts

📬 Inbox wired (prism-aac + synalux-private)

• /api/v1/prism-aac/inbox/poll returns real Gmail unread + unclaimed SMS
• Per-message TTS on arrival
• Reply button on schedule message tasks

🏪 Marketplace catalog fixed (synalux-private)

marketplace_modules table created and applied to production Supabase.

13 stub fixes (synalux-private)

Accounting providers, Zoom, Telegram/WhatsApp, e-sign, feature-flags, SMS, and more.

Migration

No breaking changes to MCP tools or protocol. Update via:

npm install -g [email protected]
npx prism-mcp-server --version  # should print 15.0.0

What's next (v15.x)

• BFCL ≥90% verified on 72B, 32B, 2B models (in training)
• Layer3 runtime inference server with 3-layer pipeline
• OpenAI-compatible /v1/chat/completions with layer routing

See CHANGELOG.md for full notes — Release object created retroactively to fill the gap on the repo page.

See CHANGELOG.md for full notes — Release object created retroactively to fill the gap on the repo page.

See CHANGELOG.md for full notes — Release object created retroactively to fill the gap on the repo page.

See CHANGELOG.md for full notes — Release object created retroactively to fill the gap on the repo page.

See CHANGELOG.md for full notes — Release object created retroactively to fill the gap on the repo page.

See CHANGELOG.md for full notes — Release object created retroactively to fill the gap on the repo page.

See CHANGELOG.md for full notes — Release object created retroactively to fill the gap on the repo page.

🧠 Project rename — Prism MCP → Prism Coder

The project is now Prism Coder to reflect its full surface — the Mind Palace memory server and the open-weights LLM fleet (prism-coder:7b + prism-coder:14b on HuggingFace + Ollama).

The npm package stays published as prism-mcp-server so existing install URLs and mcp.json entries keep working without churn — but the prism-coder binary that package provides has been the canonical entry point since v12.

npm install -g [email protected]
prism-coder

Algorithm-stability contract

The following exports are now stable public API under SemVer — external consumers can depend on the constants without re-implementing:

• actrActivation.ts — baseLevelActivation, parameterizedSigmoid, compositeRetrievalScore, all ACT_R_* / DEFAULT_* constants
• spreadingActivation.ts — applySpreadingActivation, the 0.7 / 0.3 hybrid score blend, the finalM = 7 cap
• routerExperience.ts — getExperienceBias, MAX_BIAS_CAP = 0.15, MIN_SAMPLES = 5, the bias-scale formula
• compactionHandler.ts — default threshold = 50, keep_recent = 10, MAX_ENTRIES_CHARS = 25_000
• graphMetrics.ts — warning ratios 0.20 / 0.30 / 0.40 / 0.85 with their min-sample gates
• config.ts — PRISM_ACTR_DECAY, PRISM_GRAPH_PRUNE_MIN_STRENGTH, full PRISM_GRAPH_PRUNE_* family

Breaking changes go through deprecation cycles announced in CHANGELOG.md.

Documentation

• docs/WOW_FEATURES.md — citation-grade catalogue of Prism's algorithms with constants, semantics, and reuse patterns.
• docs/releases/v14.0.0-prism-as-foundation.md — what the contract guarantees, why now, and the migration path for systems that have been re-implementing Prism algorithms.

Why a major bump

External systems were already building on Prism algorithms with hand-tuned approximations. Two failure modes when that happens: (1) the consumer's thresholds drift from Prism's over time, and (2) a copy-pasted constant loses its citation in 6 months and nobody remembers why 0.15 was chosen. Formalising the stability contract fixes both.

What's NOT in this release

• No new MCP tools.
• No model changes — prism-coder:7b and prism-coder:14b unchanged from v13.1.x.
• No schema changes.

Tests

• 71 test files / 2147 passing
• Build clean

Full changelog: CHANGELOG.md

Release object attached to existing v13.0.1 tag. See CHANGELOG.md for full notes.

Highlights

Tool-call format normalizer

• normalizeToolCallFormat — coerces three stochastic v18-clean tool-call format variants into the canonical singular wrapper:
  1. Plural wrapper + XML-attr params: <tool_calls><tool_call name=\"X\"><param name=\"Y\" value=\"Z\"/></tool_call></tool_calls>
  2. CJK angle brackets: 〈tool_call〉{...}〈/tool_call〉
  3. <functioncall> envelope with stringified or object arguments
• All three normalize to: <tool_call>{\"name\":\"X\",\"arguments\":{\"Y\":\"Z\"}}</tool_call>
• Wired into callLocalLlm so downstream parsers see only canonical input.
• 12-test suite — 12/12 passing in 82ms.

Training infra hardening

• modal-training-resilience skill applied to 32B resume + polish scripts:
  • GracefulExitCallback at 0.92 × MODAL_TIMEOUT_S
  • save_steps tightened: resume 500→200, polish 200→100
  • local_entrypoint() now raises with explicit --detach instructions
• 103-file training infra catchup — Python builders, deploy scripts, eval tools, DoRA YAML config, research notes that had accumulated untracked over the v17/v18 campaign.
• Production Modelfiles (Modelfile.published, Modelfile.restore) now tracked.

🤖 Generated with Claude Code

Prism Coder IDE v2.1.1

What's New

• Merge Conflict Editor — Accept Current / Incoming / Both with auto-stage on resolve
• Enhanced Builder Panel — expanded component library and layout controls
• Deploy Panel — improved env var management and provider recipes
• Workflow Engine — refined 8-step dev workflow with better status tracking

Includes all v2.1.0 features

Real terminal (xterm + node-pty), inline AI completions (Ollama FIM), Media Studio, Skill Browser, SEO Audit panel, military-grade security audit (44 findings fixed), 217 tests.

Downloads

| Platform | File | Size |
|----------|------|:----:|
| macOS (Apple Silicon) | Prism.Coder-2.1.1-arm64.dmg | 115 MB |
| macOS (zip) | Prism.Coder-2.1.1-arm64.zip | 110 MB |
| Windows (signed) | Prism.Coder-2.1.1-Setup.exe | 103 MB |
| Linux (arm64) | Prism.Coder-2.1.1.AppImage | 121 MB |

macOS: Signed with Developer ID. First launch: right-click → Open if Gatekeeper warns.
Windows: Authenticode-signed. SmartScreen may warn — click More info → Run anyway.

What's New in v2.0.2

🆕 prism-coder:7b v18aac model upgrade (May 2026)

The bundled local LLM is now v18aac:

• AAC realigned eval 47/48 (98%) — beats prior v17.4 (85%) by +13pp
• emergency_qa 13/13 perfect (life-safety priority held)
• text_correct 15/15 perfect, translate 8/8 perfect, ask_ai 5/5, caregiver 6/7
• 🆕 Gesture recognition support — model configures the new 7-gesture facial-blendshape input system with asymmetry-safe handling for hemiplegia/CP/Bell's palsy
• Built on Qwen2.5-Coder-7B-Instruct base with full SFT on commercial-safe data (Apache 2.0 / CC-BY-4.0)

🔄 Hybrid model deployment plan

A separate prism-coder:7b-coder variant (BFCL function-calling-optimized) is in training. Future versions will auto-route per request: AAC tag for clinical/AAC consumers, Coder tag for prism-mcp / IDE function calls.

Install Notes

macOS first-launch: the v2.0.2 .app is signed with a Developer ID certificate but not yet notarized. macOS may show a "developer cannot be verified" warning — right-click the app → Open to bypass once.

Windows first-launch: the v2.0.2 installer is Authenticode-signed with a self-signed Synalux certificate. SmartScreen may warn until the cert builds reputation — click More info → Run anyway.

Downloads

| Platform | File | Size |
|---|---|---|
| macOS (Apple Silicon, DMG) | Prism Coder-2.0.2-arm64.dmg | 114 MB |
| macOS (Apple Silicon, zip) | Prism Coder-2.0.2-arm64.zip | 109 MB |
| Windows (signed installer) | Prism Coder-2.0.2-Setup.exe | 100 MB |
| Linux (AppImage) | Prism Coder-2.0.2.AppImage | 119 MB |
| Linux (Snap) | prism-coder-ide_2.0.2_amd64.snap | 101 MB |

🤖 Generated with Claude Code

Prism Coder IDE v2.0.1 — VS Code + GitHub Parity

The full-stack AI-native desktop IDE that combines coding, building, and deploying. v2.0 closes the VS Code + GitHub parity gap.

What's new in v2.0

• 🐞 Debugger — Node.js debugging via Chrome DevTools Protocol (breakpoints, step-in/out, variables, call stack)
• 🧠 LSP integration — Language Server Protocol bridge for completions, diagnostics, hover, go-to-definition
• 🌐 Remote SSH — connect to remote hosts, edit files, run terminals over SSH (VS Code Remote-SSH parity)
• 📜 Builder version history — per-project bare git repository captures every Builder save; restore any prior state
• 🎨 AI design-to-code — paste a Figma screenshot or design URL → React/Tailwind component via vision model
• ⚙️ prism CLI — standalone Node CLI wrapping git/gh with AI-assisted commit/PR (see CLI.md)
• 📋 GitHub PRs/Issues/Actions — list, create, comment, merge — all without leaving the IDE
• 🛠️ Tasks runner — VS Code tasks.json parser with full JSONC support (comments, trailing commas)
• 🔀 Source Control diff — Monaco DiffEditor side-by-side diff viewer for staged/unstaged changes

Plus all v1.0 features: Agent Mode, Website Builder, Visual Drag & Drop, Auth & Database, DevContainers, Customer Board, Media Studio, One-Click Deploy, SEO + Analytics, Marketplace, Workflow Engine, Git, 12-language i18n.

Downloads

| Platform | Package | Size |
|----------|---------|:----:|
| macOS (Apple Silicon) | Prism Coder-2.0.1-arm64.dmg | 114 MB |
| macOS (Apple Silicon, zip) | Prism Coder-2.0.1-arm64.zip | 110 MB |
| Windows | Prism Coder-2.0.1-Setup.exe | 100 MB |
| Linux | Prism Coder-2.0.1-arm64.AppImage | 120 MB |

macOS first-launch

The .app is signed with a Developer ID certificate but not yet notarized. macOS may show a "developer cannot be verified" warning — right-click the app → Open to bypass once. Notarization tracking in v2.1.

Windows first-launch

The .exe is Authenticode-signed with a self-signed Synalux certificate (CN=Prism Coder by Synalux, timestamped via DigiCert). SmartScreen may still warn until the cert builds reputation — click More info → Run anyway. EV cert tracking in v2.1.

Linux

The AppImage is built for arm64. After download: chmod +x "Prism Coder-2.0.1-arm64.AppImage" then double-click to run.

VS Code parity status

| Feature | v1.0 | v2.0 |
|---------|:----:|:----:|
| Editor + extensions UI | ✅ | ✅ |
| Source Control (git basics) | ✅ | ✅ |
| Source Control diff viewer | ❌ | ✅ |
| Tasks (tasks.json) | ❌ | ✅ |
| Debugger (DAP/CDP) | ❌ | ✅ |
| LSP bridge | ❌ | ✅ |
| Remote SSH | ❌ | ✅ |
| Settings sync | ❌ | 🟡 partial |

GitHub parity status

| Feature | v1.0 | v2.0 |
|---------|:----:|:----:|
| Issues (list/create/comment) | ❌ | ✅ |
| Pull Requests | ❌ | ✅ |
| Actions / Workflow runs | ❌ | ✅ |
| gh CLI passthrough | ❌ | ✅ |

Tests

61 tests covering v1.2 + v2.0 features (Debugger, LSP, Remote, Version History, Design-to-Code, GitHub Ops, Tasks, Diff Viewer, prism CLI).

Windows Installation Fix

• Fixed: NSIS installer now uses one-click install (no custom directory option that caused path issues)
• Fixed: mammoth module unpacked from asar for proper .docx support
• Fixed: missing default exports in 14 components
• Version: 1.0.1

Download

• Windows: Prism Coder-1.0.1-Setup.exe (99 MB)

If Windows SmartScreen shows a warning, click "More info" → "Run anyway" (app is not yet code-signed).

Security Hardening Release

Military-grade code review with 83 findings remediated across 30 files.

CRITICAL fixes (17)

• Path traversal in session_save_image / session_view_image
• Dashboard credential keys removed from settable API
• Dashboard binds to 127.0.0.1 when auth disabled
• Security scan fails closed (not open) on LLM error
• Sanitizer expanded from 5 to 12 injection tag types
• SSRF prevention in freeSearch (private IP blocking)
• Backup restore restricted to ~/.prism/backups/
• Raw DB result removed from ledger save response
• Fetch timeouts on 16 external API endpoints

HIGH fixes (27)

• AES-256-GCM IV corrected to 12 bytes (NIST standard)
• Timing-safe checksum comparison (crypto.timingSafeEqual)
• Prompt injection boundaries in factMerger + healthCheck
• Cloud delegate HTTPS enforcement + taskHistory cap
• SCM client path injection validation
• Notification webhook SSRF protection
• .git/ and node_modules/ blocked in knowledge_sync_rules
• Experience handler input sanitization

MEDIUM fixes (39)

• Supabase Realtime tenant-scoped (user_id filter)
• PID lock atomic exclusive creation (TOCTOU fix)
• SyncBus atomic write (write-then-rename)
• Import API restricted to ~/.prism-mcp/imports/
• UUID validation on memory_id
• Analytics buffer capped at 1000
• ABA protocol sanitizer unified with shared sanitizer
• Session cookie Secure flag for HTTPS

2,016 tests passing. 51 security tests added. Full report: SECURITY_AUDIT.md

Prism MCP v12.5.6

• Gemini 3.1 Pro Experimental as default for paid tiers
• Claude Sonnet 4.6 / Haiku 4.5 added to allowed models
• i18n: all 11 translations synced as full README copies
• Pre-commit hook for automatic i18n regeneration

Prism MCP v12.5.5

i18n Full Sync

• All 11 i18n READMEs are now full copies of the main README (1796 lines each)
• Includes all Synalux SCM, pricing, benchmarks, setup guides, architecture content

Pre-commit Hook

• Auto-regenerates i18n files when README.md is committed
• scripts/generate_i18n.py rewritten for full-copy generation with path adjustments

Languages

es, fr, pt, ro, uk, ru, de, ja, ko, zh, ar

What's Changed

Bug Fixes

• Fix CI build: Resolved 48 TypeScript errors in ledgerHandlers.test.ts — mock type annotations now match StorageBackend interface
• Fix Windows CI: Vitest worker teardown crash on Windows runners (Node 20 & 22)
• Fix publish workflow: Tag-only trigger, added build step, bumped to Node 22

Training Pipeline

• export_gguf.sh: Relative paths, pre-fused model detection, llama.cpp GGUF conversion
• run_grpo_deploy.sh: Fixed mlx_lm.fuse syntax, added --dequantize
• Modelfile.bfcl: New Modelfile for BFCL tool-call evaluation

Install

npm install -g [email protected]

Full Changelog: https://github.com/dcostenco/prism-coder/compare/v9.3.0...v12.5.4

Full-stack AI-native desktop IDE. Downloads: Windows (.exe), macOS Apple Silicon (.dmg), Linux (.AppImage).

TurboQuant ResidualNorm Tiebreaker

Enterprise-grade configurable ranking optimization for Tier-2 TurboQuant search.

What's New

• PRISM_TURBOQUANT_TIEBREAKER_EPSILON - New env var (default: 0, disabled). When two compressed cosine scores are within epsilon of each other, prefers the candidate with lower residualNorm - its compressed representation captured more signal energy, making its score more trustworthy.
• • Recommended: 0.005 for enterprise deployments with large corpora on Tier-2 fallback search
• • Applied to both SQLite and Supabase Tier-2 backends. Tier-1 native vector search (libSQL/pgvector) is unaffected.

Empirical Validation (d=128, N=5K, 100 trials, M4 Max)

| Threshold | R@1 Delta | R@5 Delta |
|-----------|-------|-------|
| epsilon=0.001 | +1pp | +0pp |
| epsilon=0.005 | +2pp | +1pp |
| epsilon=0.010 | +1pp | -1pp |
| epsilon=0.020 | -3pp | -9pp |

Hardening

• Input validation - NaN, Infinity, and negative epsilon values clamped to 0
• • Internal field stripping - _residualNorm transient property deleted before returning results
• • 11 new tests (1066 total across 50 suites, zero regressions)

Install

npx [email protected]

Inspired by @m13v's suggestion in the LongMemEval benchmark discussion.

Full changelog: CHANGELOG.md

Fixes verification tests bleeding into GitHub Actions environment.

🤖 Autonomous Cognitive OS (v9.0)

Memory isn't just about storing data; it's about economics and emotion. v9.0 transforms Prism from a passive memory database into a living Cognitive Operating System that forces agents to learn compression and develop intuition.

Most AI agents have an infinite memory budget. They dump massive, repetitive logs into vector databases until the context window chokes. Prism v9.0 fixes this by introducing Token-Economic Reinforcement Learning and Affect-Tagged Memory.

See CHANGELOG.md for the full release history, including all features and architectural edge cases patched during review.

⚔️ v7.4.0 — Adversarial Evaluation (Anti-Sycophancy)

Dark Factory gains a full adversarial evaluation loop — the signature feature of this release. The pipeline now fights itself to produce high-quality output, solving the fundamental problem of LLMs grading their own homework.

What's New

Split-Brain Anti-Sycophancy

• PLAN_CONTRACT step locks a machine-parseable scoring rubric to disk before any code is written
• EVALUATE step runs in a fully isolated context — Evaluator sees only the rubric and final output, never the Generator's scratchpad
• Evaluator cannot fail the Generator without receipts — every pass_fail: false finding must include an evidence object with file, line, and description
• Generator feedback loop — failed evaluations serialise the full findings array and inject it directly into the Generator's retry prompt (EXECUTE rev N+1). The Generator is never flying blind.
• Conservative plan_viable=false default on malformed LLM output — escalates to full PLAN re-plan rather than burning revision budget on a broken response format

Storage Parity

• New eval_revisions, contract_payload, and notes columns on dark_factory_pipelines (SQLite + Supabase)
• SQLite backfill migration for existing rows included

Stability

• contract_rubric.json write failures immediately mark pipeline FAILED — no more infinite RUNNING deadlocks on disk/permission errors
• Experience ledger integration: evaluation outcomes emitted as learning events for the ML routing feedback loop

Test Coverage

982 tests passing (78 new adversarial eval tests)

Documentation

• Full Adversarial Evaluation walkthrough with the "No Passwords in Logs" end-to-end scenario
• Updated CHANGELOG, README (capability matrix, feature list, comparison table), and ROADMAP

Install / Upgrade

npx -y prism-mcp-server@latest

See CHANGELOG.md for the full diff.

What's New

Added

• Deep Storage Mode: New deep_storage_purge tool to reclaim ~90% of vector storage by dropping float32 vectors for entries with TurboQuant compressed blobs.
• Knowledge Graph Editor: The Mind Palace neural graph is now fully interactive — click nodes to rename or delete keywords, filter by project/date/importance, and surgically groom your agent's semantic memory.

Fixed

• Auto-Load Reliability: Hardened auto-load prompt instructions and added hook scripts for Claude Code and Gemini/Antigravity to ensure memory is loaded on the first turn (bypassing model CoT hallucinations).

Engineering

• 303/303 automated tests passing across 13 suites.

Install

npx -y prism-mcp-server

Full Changelog: https://github.com/dcostenco/prism-mcp/blob/bcba/CHANGELOG.md
npm: https://www.npmjs.com/package/prism-mcp-server

What's New in v4.2.0

🗂️ Project Repo Paths

Map each project to its repo directory in the Mind Palace dashboard. session_save_ledger validates files_changed paths against configured repo paths and warns on mismatch — prevents cross-project contamination.

🔄 Universal Auto-Load

Auto-load projects via dynamic tool descriptions — works across all MCP clients (Claude, Cursor, Gemini, Antigravity) without lifecycle hooks. Dashboard is the sole source of truth.

🏠 Dashboard-First Config

Removed PRISM_AUTOLOAD_PROJECTS env var override. The Mind Palace dashboard is now the single source of truth for auto-load project configuration.

npm: npx -y [email protected]

Bug Fix

• Fix: Ensure ~/.prism-mcp/ directory exists before opening the configStorage SQLite database
  • In Docker/CI (Glama), the directory doesn't exist, causing SQLITE_CANTOPEN error 14 and a fatal crash
  • Added mkdirSync(dir, { recursive: true }) in getClient() before createClient(), mirroring the pattern in sqlite.ts
  • Wrapped initConfigStorage() in try/catch for graceful degradation in sandboxed/read-only filesystem environments

Full Changelog: https://github.com/dcostenco/prism-mcp/compare/v3.1.0...v3.1.1

What's New in v3.0.1

🧹 Brain Health Clean-up

New Fix Issues button in the Mind Palace Dashboard's Brain Health card — detects orphaned handoffs, missing embeddings, and stale rollups, then cleans them up in one click without needing the MCP tool.

👤 Agent Identity Settings

Dashboard Settings → Agent Identity panel lets you set a Default Role (dev, qa, pm…) and Agent Name (e.g. Dmitri). Both values auto-apply as fallbacks in all memory and Hivemind tools — no need to pass them per call.

📜 Role-Scoped Skills

Each agent role can have its own persistent skill/rules document stored in the dashboard (⚙️ Settings → Skills). Automatically injected into every session_load_context response so the agent boots with its rules pre-loaded.

🔤 Resource Formatting Fix

memory://{project}/handoff resources now render as formatted plain text (Last Summary, TODOs, Keywords) instead of a raw JSON blob — readable in Claude Desktop's paperclip attach panel.

Install / Update:

npx -y [email protected]

Or update your claude_desktop_config.json / .cursor/mcp.json — npx always pulls the latest.

What's New in v3.0.0 — Agent Hivemind 🐝

New Features

• Role-Scoped Memory — Each agent role (dev, qa, pm, lead, security, ux) gets its own isolated memory lane. Defaults to global for full backward compatibility.
• Agent Registry — agent_register, agent_heartbeat, agent_list_team tools — agents announce presence, pulse status, and discover teammates. Stale agents auto-pruned after 30 min.
• Team Roster Injection — Loading context with a role automatically injects an active teammates list into the response.
• Dashboard Settings — New ⚙️ Settings modal with runtime (theme, context depth, auto-capture) and boot settings (storage backend, Hivemind toggle) backed by a persistent config micro-DB.
• Hivemind Radar — Real-time dashboard widget showing active agents, roles, current tasks, and heartbeat timestamps.
• Conditional Tool Registration — PRISM_ENABLE_HIVEMIND env var gates Hivemind tools. Users who don't need multi-agent features keep the same lean tool count as v2.x.

Bug Fixes & Polish

• Fixed configStorage.ts path: ~/.prism → ~/.prism-mcp (consistent with all other Prism files)
• Added clear Boot Settings documentation: storage backend and Hivemind mode require a server restart to take effect
• npm pkg fix applied to bin entry format

Supabase Migrations

• 024_agent_hivemind.sql — Agent registry tables, role-scoped memory, RLS policies (USING (true))
• 025_fix_handoff_constraint.sql — Repair migration for databases that applied the faulty unique constraint

Testing

• 58 tests across 4 suites (storage, tools, dashboard, load) with Vitest
• Concurrent write stress tests, role isolation verification, 0.2ms/write performance benchmarks

Full changelog: https://github.com/dcostenco/prism-mcp/blob/main/README.md#whats-new-in-v300---agent-hivemind-

What's New in v2.5.0 — Enterprise Memory 🏗️

| Feature | Description |
|---|---|
| 🔍 Memory Tracing (Phase 1) | Every search returns a structured MemoryTrace with latency breakdown (embedding_ms, storage_ms, total_ms), search strategy, and scoring metadata — surfaced as content[1] for LangSmith integration. |
| 🛡️ GDPR Memory Deletion (Phase 2) | session_forget_memory tool with soft-delete (tombstoning) and hard-delete. Ownership guards, deleted_reason column for Article 17 justification, Top-K Hole prevention. |
| 🔗 LangChain Integration (Phase 3) | PrismMemoryRetriever and PrismKnowledgeRetriever — async-first BaseRetriever subclasses with trace metadata flowing into Document.metadata["trace"]. |
| 🧩 LangGraph Research Agent | 5-node agentic research loop in examples/langgraph-agent/ with MCP bridge, persistent memory, and hybrid search. |

Full Changelog

See README for details.

Includes @supabase/supabase-js dependency and version bump to 2.3.12.

Republished cleanly to fix Glama registry build resolution.

Windows Black Screen Fix, Debug Logging, Excess Loading Fixes

fix: update dashboard version badge to display correct version

�� v2.3.0 — AI Reasoning Engine

New Features

• 🕸️ Neural Knowledge Graph — Interactive Vis.js force-directed graph on the Mind Palace Dashboard. Visualize how projects connect through shared keywords and categories.
• 🛡️ Prompt Injection Shield — Gemini-powered security scan in session_health_check. Detects system override attempts, jailbreaks, and data exfiltration hidden in agent memory. Tuned to avoid false positives on normal dev commands.
• 🧬 Fact Merger — Async LLM contradiction resolution on every handoff save. If old context says "Postgres" and new says "MySQL", Gemini silently merges the facts in the background. Zero latency impact (fire-and-forget).

Included from v2.2.0

• 🩺 Brain Health Check — session_health_check tool (Unix fsck for AI memory). Detects missing embeddings, duplicate entries, orphaned handoffs, and stale rollups. Use auto_fix: true to repair.
• 📊 Mind Palace Health — Brain health indicator on the dashboard.

Install

npx -y prism-mcp-server

🔧 Bug Fix

Semantic search returning 0 results — the compiled dist/utils/embeddingApi.js was stale, calling model.embedContent(inputText) (plain string) instead of passing the full config object with outputDimensionality: 768. This caused gemini-embedding-001 to return 3072 dimensions (model default) instead of 768, which can't be stored in the vector(768) Supabase column.

Changes

• Fix taskType to use TaskType.SEMANTIC_SIMILARITY enum
• Add as any cast for outputDimensionality (SDK v0.24.1 types don't include it yet)
• Add comprehensive semantic search test suite (18 tests: unit + Supabase integration)
• Bump version to 2.1.2

Action Required After Upgrade

Run session_backfill_embeddings to regenerate embeddings for any entries saved with the previous broken 3072-dim vectors.

Full Changelog: https://github.com/dcostenco/prism-mcp/compare/v2.1.1...v2.1.2

Critical Bug Fixes

�� Embedding API 404 (P0)

• Affected tools: session_search_memory, backfill_embeddings
• Root cause: text-embedding-004 was deprecated Jan 14, 2026. The default v1 API endpoint returns 404.
• Fix: Migrated to gemini-embedding-001 with explicit v1beta API endpoint.

🐛 Missing session_handoffs_history Table (P0)

• Affected tools: memory_history, memory_checkout (Time Travel)
• Root cause: Table was defined in SQLite storage but never created in Supabase migrations.
• Fix: Added migration 023_handoff_history.sql with indexes and RLS policies.

Other Improvements

• All migration scripts (015–020) are now idempotent and safe to re-run
• Added conversation_id and todos columns to session_ledger
• Updated search_knowledge RPC with p_user_id for multi-tenant support
• Made title column nullable for v2.0 code compatibility
• Included consolidated migration helper (FULL_MIGRATION_016_to_020.sql) for fresh installs

Upgrade

npm install [email protected]

For Supabase users, run migrations 021 and 023 in the SQL Editor.

🧠 Prism MCP v2.1.0 "The Mind Palace"

Prism MCP has been completely rebuilt to support local-first workflows, visual agent memory, and multi-client synchronization.

What's New

| Feature | Description |
|---|---|
| 🏠 Local-First SQLite | Run Prism entirely locally with zero cloud dependencies. Full vector search (libSQL F32_BLOB) and FTS5 included. |
| 🔮 Mind Palace UI | A beautiful glassmorphism dashboard at localhost:3000 to inspect your agent's memory, visual vault, and Git drift. |
| 🕰️ Time Travel | memory_history and memory_checkout act like git revert for your agent's brain — full version history with OCC. |
| 🖼️ Visual Memory | Agents can save screenshots to a local media vault. Auto-capture mode snapshots your local dev server on every handoff save. |
| 📡 Agent Telepathy | Multi-client sync: if your agent in Cursor saves state, Claude Desktop gets a live notification instantly. |
| 🌅 Morning Briefing | Gemini auto-synthesizes a 3-bullet action plan if it's been >4 hours since your last session. |
| 📝 Code Mode Templates | 8 pre-built QuickJS extraction templates for GitHub, Jira, OpenAPI, Slack, CSV, and DOM parsing — zero reasoning tokens. |
| 🔍 Reality Drift Detection | Prism captures Git state on save and warns if files changed outside the agent's view. |

Quick Start (Zero Config)

{
  "mcpServers": {
    "prism-mcp": {
      "command": "npx",
      "args": ["-y", "prism-mcp-server"]
    }
  }
}

That's it — zero env vars needed. Add BRAVE_API_KEY for search, GOOGLE_API_KEY for Morning Briefings.

Migration from v1.5

• No breaking changes. Existing Supabase users can keep PRISM_STORAGE=supabase and everything works as before.
• New users get PRISM_STORAGE=local (SQLite) by default — zero cloud setup needed.
• All new tools (memory_history, memory_checkout, session_save_image, session_view_image) are automatically available.

Critical Fixes

• Fixed package.json main/bin paths pointing to build/ instead of dist/ (would have broken every npx install)
• Added files array to prevent npm from stripping compiled output
• Added shebang line for npm bin compatibility

Full Changelog: https://github.com/dcostenco/prism-mcp/compare/v1.5.1...v2.1.0

🛡️ Multi-Tenant Row Level Security (Enhancement #6)

Production-ready for cloud-hosted team deployments.

Core Changes

• PRISM_USER_ID environment variable — isolate data per user on shared Supabase instances
• user_id column added to session_ledger and session_handoffs tables
• All 5 RPCs rewritten with p_user_id parameter for tenant isolation
• RLS enabled on both tables with application-level enforcement
• Composite unique constraint (user_id, project) on session_handoffs
• Backward compatible — defaults to "default" for existing single-user installs

New Tool: session_backfill_embeddings

• Scans for ledger entries with missing embeddings (from API outages)
• Batch-generates via Gemini text-embedding-004
• Supports dry_run, per-project filter, limit cap (20/50)
• Per-entry error handling — failures are counted, not thrown

Edge Case Fixes

• Unicode-safe embedding truncation — truncates at word boundary instead of raw char position, preventing surrogate pair splitting (emoji 🚀 / CJK)
• 9 session memory tools (was 8) — full end-to-end tool wiring

Files Changed

• Migration: 020_multi_tenant_rls.sql (321 lines)
• Config: PRISM_USER_ID + version bump
• Handlers: 21+ locations updated with user_id scoping
• README: RLS docs, comparison table, env config

What's in v1.5.0 (cumulative)

| Feature | Status |
|---|---|
| 🧠 MCP Prompts (/resume_session) | ✅ |
| 📎 MCP Resources (memory://) | ✅ |
| 🔒 Optimistic Concurrency Control | ✅ |
| 🧹 Ledger Compaction (Gemini) | ✅ |
| 🔍 Semantic Search (pgvector) | ✅ |
| ♻️ Resource Subscriptions | ✅ |
| 🛡️ Multi-Tenant RLS | ✅ NEW |
| 🔧 Embedding Backfill Tool | ✅ NEW |

🧠 Brain-Inspired Knowledge System

New Features

Knowledge Accumulation — Every session save now auto-extracts keywords using in-process NLP (0.005ms/call). Zero LLM calls, zero external dependencies. Knowledge accumulates naturally and becomes searchable.

knowledge_search — Query accumulated knowledge across all sessions by keyword, category, or free text. 13 auto-detected categories including debugging, architecture, deployment, api-integration, ai-ml, and more.

knowledge_forget — Prune bad or outdated memories with 4 modes:

• By project — clear all knowledge for a project
• By category — forget only debugging sessions, keep architecture decisions
• By age — forget entries older than N days
• Full reset — wipe everything (requires explicit confirmation)
• Dry run — preview what would be deleted before committing

Knowledge Cache Preload — session_load_context now auto-includes a knowledge_cache section with hot keywords, top categories, and session count. At deep level, includes cross-project knowledge transfer via keyword overlap.

Performance

• Keyword extraction: 0.005ms per call (40,000× faster than graph-based alternatives)
• Knowledge cache computation: ~5-10ms added to context load
• Zero new external dependencies
• Zero new database tables (uses existing Supabase TEXT[] columns + GIN indexes)

How It Compares

| Dimension | BCBA | Knowledge Graph | Graphiti/FalkorDB | Hindsight |
|---|---|---|---|---|
| Write overhead | 0.005ms | ~200ms | ~500ms+ | ~300ms |
| External deps | None | Neo4j/JSON | FalkorDB (Docker) | pgvector + embeddings |
| LLM at save | No | No | Yes | Yes |
| Forget/prune | ✅ 4 modes | ❌ Manual | ⚠️ TTL only | ❌ None |
| Cache preload | ✅ | ❌ | ❌ | ❌ |

Files Changed (10 files, +1309 lines)

• src/utils/keywordExtractor.ts — [NEW] Zero-dependency keyword + category extraction
• supabase/migrations/016_knowledge_accumulation.sql — [NEW] GIN indexes + search_knowledge RPC + enhanced get_session_context
• tests/test_knowledge_system.js — [NEW] 19 unit tests + integration scaffolding
• src/tools/sessionMemoryDefinitions.ts — Added KNOWLEDGE_SEARCH_TOOL + KNOWLEDGE_FORGET_TOOL
• src/tools/sessionMemoryHandlers.ts — Added search + forget handlers
• src/utils/supabaseApi.ts — Added supabaseDelete function
• src/server.ts — Registered 2 new tools (12 total)
• README.md — Knowledge system docs + competitive differentiation
• package.json — Version 0.3.0

Migration

Run supabase/migrations/016_knowledge_accumulation.sql in your Supabase SQL Editor to enable knowledge features.

Tests

19 passed, 0 failed (0.005ms/call)