Skip to content

Harden for production: surface failures, schema versioning, integration tests, MCP security#2

Merged
debpalash merged 2 commits into
mainfrom
harden/p0-robustness-tests
Jun 25, 2026
Merged

Harden for production: surface failures, schema versioning, integration tests, MCP security#2
debpalash merged 2 commits into
mainfrom
harden/p0-robustness-tests

Conversation

@debpalash

Copy link
Copy Markdown
Collaborator

P0 hardening toward professional use, on top of a security audit.

Robustness: miner surfaces embed/store failures (counts + per-chunk logs + a 'NOT remembered' warning) instead of swallowing them; schema versioning via PRAGMA user_version + a migration shim so future schema changes don't silently break existing palaces.

Tests: scripts/integration-test.sh (14 assertions) exercises the real binary — directory mining, semantic ranking, MCP store→recall, SessionStart/PreCompact hooks, schema version, and adversarial-input survival — wired into CI.

Security (audit-driven): an LLM agent's own tools/call args could cause silent memory corruption in the ReleaseFast build. Fixed: clamp limit to [1,100], type-switch name instead of blind .string, guard @intFromFloat, and validate protocolVersion before reflecting it (response-injection).

🤖 Generated with Claude Code

debpalash and others added 2 commits June 25, 2026 23:04
…suite

Toward production-readiness (P0):
- miner: stop silently swallowing embed/store failures. MineStats gains an
  `errors` count; failed chunks log which file/chunk failed and `mine` reports
  "N chunk(s) were NOT remembered". You now know when content didn't persist.
- db: add SCHEMA_VERSION + `PRAGMA user_version` with a migrateSchema() shim, so
  future schema changes can migrate instead of silently breaking a palace, and a
  palace from a newer build is flagged rather than corrupted.
- scripts/integration-test.sh: end-to-end suite exercising the real binary —
  directory mining, semantic ranking (paraphrase queries), the MCP protocol
  (store -> recall), the SessionStart/PreCompact hooks, and schema versioning.
  Wired into build.yml CI so the hand-verified behavior can't silently regress.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A security audit found that an LLM agent's own tools/call arguments could
trigger silent memory corruption in the ReleaseFast production build:
- limit: clamp to [1,100] — out-of-i32 / negative values were UB via @intcast
  (and overflowed the searcher's `limit * 2`).
- name: type-switch instead of blind `.string` — a non-string name was an
  inactive-union access (UB / out-of-bounds read).
- getInt float path: guard @intFromFloat against NaN / out-of-range (UB).
- initialize protocolVersion: validate it's a safe version token before
  reflecting it into hand-built JSON (was a response-injection vector).
Added an adversarial-input regression test to the integration suite.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@debpalash debpalash merged commit 96311df into main Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant