vestige/crates
Sam Valladares b3f497fcb6
fix(backend): resolve 29 bugs from the full-backend adversarial audit (#139)
A backend-wide audit (18 feature areas, adversarially verified) surfaced 31
real bugs. This fixes 29 of them; each was re-verified by an independent
adversarial pass and the whole workspace stays green (1556 tests, clippy -D
warnings clean).

Data integrity & storage:
- Migrations no longer brick the DB on a mid-migration failure: each runs in a
  transaction (atomic schema change + version bump); V7 repages under WAL.
- decide_memory_pr rejects re-deciding a finalized PR (audit ledger + no
  resurrection of a rejected memory).
- suppress reverse is now a true inverse (was leaving stability permanently
  halved).
- update_node_content flips has_embedding=0 when the embedder isn't ready, so
  the stale embedding is regenerated instead of matching old content forever.
- plan_merge validates survivor_id is a member (was an unchecked-unwrap panic).
- Redmine detail-fetch failure aborts the page (retry) instead of storing a
  journal-less record and skipping it forever.
- ContentStore cache counter accounts for replaced entries; changelog no longer
  loads the whole connections table; source_sync clamps max_pages.

Cognitive correctness:
- Contradiction heuristic requires a real polarity flip (was demoting correct
  memories on benign "do not"/"cannot" notes).
- Hybrid search relevance is the RRF fused score, min-max normalized, so the
  best match ranks first (was capped and outranked by recency/importance).
- Sentiment-boosted stability is clamped to MAX_STABILITY.
- Chain confidence uses the correct geometric-mean root; looks_like_failure no
  longer over-fires on "$500"; contains_marker_word is UTF-8-boundary-safe.
- Prediction merge can't cross min_confidence from below; temporal prediction
  wraps around midnight; match_context tag overlap is clamped to 1.0.

MCP / CLI:
- UTF-8 panic in the " at " intention parser fixed (boundary-safe match).
- vestige backup no longer fails on encrypted DBs (best-effort raw checkpoint).
- --ago-days uses checked Duration + subtraction (no overflow panic).
- smart_ingest honors an explicit forceCreate:false (was silently inverted).
- append_trace_event propagates the seq query error (no duplicate seq=0).
- RewardPattern::matches requires real overlap (was matching everything).

Deferred: the dead trace-recorder wiring (Black Box/Receipts/Memory-PR) is a
feature-completion task for its own change; two dormant speculative-prediction
channels with no production caller are left as-is (fixing dead code adds risk
without user benefit).

Regression tests added for the migration brick, suppress inverse, backfill
bound, contradiction false-positive, and forceCreate handling.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 14:49:21 -05:00
..
vestige-core fix(backend): resolve 29 bugs from the full-backend adversarial audit (#139) 2026-07-02 14:49:21 -05:00
vestige-mcp fix(backend): resolve 29 bugs from the full-backend adversarial audit (#139) 2026-07-02 14:49:21 -05:00