@equationalapplications/core-llm-wiki 3.1.0 → 3.2.0

package/README.md

@@ -302,6 +302,39 @@ wikiMemory.clearVectorCache();
 
 The cache is also automatically invalidated on any mutation (`runLibrarian`, `runHeal`, `runPrune`, `runReembed`, `ingestDocument`, `importDump`, `forget`).
 
+## Security
+
+`@equationalapplications/core-llm-wiki` enforces multiple security layers:
+
+### VectorRanker Adapter Security
+
+If implementing a custom `VectorRanker`:
+
+- **SQL Injection**: ALWAYS use parameterized queries for `entityId`, `factId`, `candidateIds`. Never concatenate into SQL strings.
+- **Entity Isolation**: Filter by `entityId` in all queries to prevent cross-tenant data leaks.
+- **Credential Scrubbing**: Strip API keys, tokens, connection strings from thrown errors before surfacing to host.
+- **Resource Limits**: Cap `limit` and `candidateIds.length` to prevent DoS. Do NOT retain `vector` references beyond callback scope — blocks GC.
+
+See [SECURITY.md](../../SECURITY.md) for complete adapter security guidance and code examples.
+
+### Host Application Security
+
+When using `VectorRanker`:
+
+- **Error Sanitization**: `sanitizeRankerErrors: true` (default) scrubs ranker errors before mirroring via `error.cause`.
+- **Fallback Policy**: Choose `vectorRankerFallback` based on availability vs consistency requirements:
+  - `'js-cosine'` (default): Best availability
+  - `'keyword'`: Fast fallback without semantic ranking
+  - `'empty'`: Strict consistency (no facts on failure)
+  - `'throw'`: Fail-fast error propagation
+- **Deletion Hook Contract**: `forget()` / `runPrune()` reject on hook timeout/failure. Prevents GDPR violations (deleted vectors still retrievable). Handle failures with retry or queue for reconciliation.
+- **Timeout Tuning**: Set `deletionHookTimeoutMs` per deployment (default 30s). Interactive UX: 5s. Background jobs: 60s.
+
+Core WikiMemory provides:
+- **Defensive Copies**: Query/embedding vectors copied before ranker/hook calls
+- **Input Validation**: `sourceRef`/`sourceHash` normalized; embedding dimensions validated
+- **Parameterized Queries**: All SQL uses bind parameters
+
 ## Usage
 
 ```typescript

package/dist/index.d.mts

@@ -145,6 +145,11 @@ interface VectorRankerSemanticResult {
  */
 interface VectorRankerRankArgs {
     entityId: string;
+    /**
+     * Query embedding. Treat as readonly — core provides a defensive copy,
+     * but adapters MUST NOT mutate this array. Mutation can corrupt
+     * WikiMemory's internal vector cache and JS-cosine fallback path.
+     */
     queryVec: Float32Array | number[];
     /**
      * When set (MiniSearch pre-filter path): ranker MUST only produce results for ids in this set.
@@ -172,6 +177,13 @@ interface VectorRanker {
     /**
      * Called after a fact's embedding is successfully persisted to embedding_blob (or cleared).
      * Hosts use this to keep sqlite-vec / external indexes consistent with SQLite as source of truth.
+     *
+     * On deletion paths (forget, prune, hard-delete), core awaits this hook to ensure ANN cleanup
+     * completes before the deletion call resolves (GDPR compliance). Hook failures or timeouts on
+     * those paths reject the deletion call.
+     *
+     * Treat `vector` as readonly — core provides a defensive copy, but adapters MUST NOT mutate.
+     *
      * Optional: if omitted, hosts MUST document "index rebuilt separately" and accept stale ANN until rebuild.
      */
     onEmbeddingPersisted?(event: {
@@ -226,6 +238,29 @@ interface WikiOptions {
      * Ignored when vectorRankerFallback is 'throw'. Default false.
      */
     propagateRankerFailureToRetrievalFallback?: boolean;
+    /**
+     * When true (default), sanitize ranker errors before exposing via error.cause
+     * to prevent credential leakage in host telemetry. Disable only when you
+     * control the ranker implementation.
+     *
+     * Sanitization replaces error message/stack with a generic message preserving
+     * only the error type (constructor name).
+     */
+    sanitizeRankerErrors?: boolean;
+    /**
+     * Timeout (ms) for onEmbeddingPersisted hook on GDPR deletion paths
+     * (forget, _doPrune). Hook must complete within this window or the
+     * deletion operation rejects. Default 30000.
+     * Lower for interactive deletes; raise for slow remote ANN backends.
+     */
+    deletionHookTimeoutMs?: number;
+    /**
+     * Escape hatch: skip onEmbeddingPersisted on deletion paths entirely.
+     * Use ONLY when the ANN backend is permanently decommissioned. Vectors
+     * orphaned in the (unreachable) external index are accepted as a tradeoff.
+     * NOT GDPR-safe for live indexes. Default false.
+     */
+    forceDeleteIgnoreRankerHook?: boolean;
 }
 interface MemoryBundle {
     facts: WikiFact[];
@@ -278,6 +313,15 @@ declare class WikiBusyError extends Error {
     readonly entityId: string;
     constructor(operation: WikiBusyOperation, entityId: string);
 }
+declare class PrunePartialFailureError extends Error {
+    readonly deleted: number;
+    readonly failedAt: string;
+    readonly remaining: number;
+    readonly deletedTasks: number;
+    readonly deletedEvents: number;
+    readonly cause: Error;
+    constructor(deleted: number, failedAt: string, remaining: number, cause: Error, deletedTasks?: number, deletedEvents?: number);
+}
 
 declare class WikiMemory {
     private db;
@@ -315,6 +359,12 @@ declare class WikiMemory {
     private _healKey;
     private _warnCrossEntityCollision;
     private _notifyEmbeddingPersisted;
+    /**
+     * GDPR-critical variant: awaits the hook with a timeout and rethrows failures.
+     * Use ONLY on deletion paths. forget() calls after soft-delete UPDATE; runPrune()
+     * calls before hard DELETE. For best-effort sync, use _notifyEmbeddingPersisted.
+     */
+    private _notifyEmbeddingPersistedOrThrow;
     constructor(db: SQLiteAdapter, options: WikiOptions);
     setup(): Promise<void>;
     hasChanged(entityId: string, sourceRef: string, sourceHash: string): Promise<boolean>;
@@ -351,6 +401,12 @@ declare class WikiMemory {
      * Negative return means "a ranks ahead of b" for descending score order.
      */
     private _compareScoredRows;
+    /**
+     * Strip potentially sensitive data from ranker errors before exposing to host callbacks.
+     * Preserves error type for debugging but removes message/stack that may contain credentials.
+     * Recursively sanitizes one level of .cause; deeper chains collapse to type only.
+     */
+    private _sanitizeRankerError;
     /**
      * Score candidate rows using in-process JS cosine similarity.
      * Applies hybrid blending (if weight set) and tie-break sorting before returning.
@@ -416,4 +472,4 @@ declare function formatMemoryDump(dump: MemoryDump): FormattedMemoryDump;
 
 declare function createWiki(db: SQLiteAdapter, options: WikiOptions): WikiMemory;
 
-export { type EntityStatus, type ExtractedFact, type ExtractedTask, type FormatContextOptions, type FormattedMemoryDump, type LLMProvider, type MemoryBundle, type MemoryDump, type ReadOptions, type SQLiteAdapter, type VectorRanker, type VectorRankerFallback, type VectorRankerRankArgs, type VectorRankerSemanticResult, WikiBusyError, type WikiBusyOperation, type WikiCheckpoint, type WikiConfig, type WikiEvent, type WikiFact, WikiMemory, type WikiOptions, type WikiTask, createWiki, formatContext, formatMemoryDump };
+export { type EntityStatus, type ExtractedFact, type ExtractedTask, type FormatContextOptions, type FormattedMemoryDump, type LLMProvider, type MemoryBundle, type MemoryDump, PrunePartialFailureError, type ReadOptions, type SQLiteAdapter, type VectorRanker, type VectorRankerFallback, type VectorRankerRankArgs, type VectorRankerSemanticResult, WikiBusyError, type WikiBusyOperation, type WikiCheckpoint, type WikiConfig, type WikiEvent, type WikiFact, WikiMemory, type WikiOptions, type WikiTask, createWiki, formatContext, formatMemoryDump };

package/dist/index.d.ts

@@ -145,6 +145,11 @@ interface VectorRankerSemanticResult {
  */
 interface VectorRankerRankArgs {
     entityId: string;
+    /**
+     * Query embedding. Treat as readonly — core provides a defensive copy,
+     * but adapters MUST NOT mutate this array. Mutation can corrupt
+     * WikiMemory's internal vector cache and JS-cosine fallback path.
+     */
     queryVec: Float32Array | number[];
     /**
      * When set (MiniSearch pre-filter path): ranker MUST only produce results for ids in this set.
@@ -172,6 +177,13 @@ interface VectorRanker {
     /**
      * Called after a fact's embedding is successfully persisted to embedding_blob (or cleared).
      * Hosts use this to keep sqlite-vec / external indexes consistent with SQLite as source of truth.
+     *
+     * On deletion paths (forget, prune, hard-delete), core awaits this hook to ensure ANN cleanup
+     * completes before the deletion call resolves (GDPR compliance). Hook failures or timeouts on
+     * those paths reject the deletion call.
+     *
+     * Treat `vector` as readonly — core provides a defensive copy, but adapters MUST NOT mutate.
+     *
      * Optional: if omitted, hosts MUST document "index rebuilt separately" and accept stale ANN until rebuild.
      */
     onEmbeddingPersisted?(event: {
@@ -226,6 +238,29 @@ interface WikiOptions {
      * Ignored when vectorRankerFallback is 'throw'. Default false.
      */
     propagateRankerFailureToRetrievalFallback?: boolean;
+    /**
+     * When true (default), sanitize ranker errors before exposing via error.cause
+     * to prevent credential leakage in host telemetry. Disable only when you
+     * control the ranker implementation.
+     *
+     * Sanitization replaces error message/stack with a generic message preserving
+     * only the error type (constructor name).
+     */
+    sanitizeRankerErrors?: boolean;
+    /**
+     * Timeout (ms) for onEmbeddingPersisted hook on GDPR deletion paths
+     * (forget, _doPrune). Hook must complete within this window or the
+     * deletion operation rejects. Default 30000.
+     * Lower for interactive deletes; raise for slow remote ANN backends.
+     */
+    deletionHookTimeoutMs?: number;
+    /**
+     * Escape hatch: skip onEmbeddingPersisted on deletion paths entirely.
+     * Use ONLY when the ANN backend is permanently decommissioned. Vectors
+     * orphaned in the (unreachable) external index are accepted as a tradeoff.
+     * NOT GDPR-safe for live indexes. Default false.
+     */
+    forceDeleteIgnoreRankerHook?: boolean;
 }
 interface MemoryBundle {
     facts: WikiFact[];
@@ -278,6 +313,15 @@ declare class WikiBusyError extends Error {
     readonly entityId: string;
     constructor(operation: WikiBusyOperation, entityId: string);
 }
+declare class PrunePartialFailureError extends Error {
+    readonly deleted: number;
+    readonly failedAt: string;
+    readonly remaining: number;
+    readonly deletedTasks: number;
+    readonly deletedEvents: number;
+    readonly cause: Error;
+    constructor(deleted: number, failedAt: string, remaining: number, cause: Error, deletedTasks?: number, deletedEvents?: number);
+}
 
 declare class WikiMemory {
     private db;
@@ -315,6 +359,12 @@ declare class WikiMemory {
     private _healKey;
     private _warnCrossEntityCollision;
     private _notifyEmbeddingPersisted;
+    /**
+     * GDPR-critical variant: awaits the hook with a timeout and rethrows failures.
+     * Use ONLY on deletion paths. forget() calls after soft-delete UPDATE; runPrune()
+     * calls before hard DELETE. For best-effort sync, use _notifyEmbeddingPersisted.
+     */
+    private _notifyEmbeddingPersistedOrThrow;
     constructor(db: SQLiteAdapter, options: WikiOptions);
     setup(): Promise<void>;
     hasChanged(entityId: string, sourceRef: string, sourceHash: string): Promise<boolean>;
@@ -351,6 +401,12 @@ declare class WikiMemory {
      * Negative return means "a ranks ahead of b" for descending score order.
      */
     private _compareScoredRows;
+    /**
+     * Strip potentially sensitive data from ranker errors before exposing to host callbacks.
+     * Preserves error type for debugging but removes message/stack that may contain credentials.
+     * Recursively sanitizes one level of .cause; deeper chains collapse to type only.
+     */
+    private _sanitizeRankerError;
     /**
      * Score candidate rows using in-process JS cosine similarity.
      * Applies hybrid blending (if weight set) and tie-break sorting before returning.
@@ -416,4 +472,4 @@ declare function formatMemoryDump(dump: MemoryDump): FormattedMemoryDump;
 
 declare function createWiki(db: SQLiteAdapter, options: WikiOptions): WikiMemory;
 
-export { type EntityStatus, type ExtractedFact, type ExtractedTask, type FormatContextOptions, type FormattedMemoryDump, type LLMProvider, type MemoryBundle, type MemoryDump, type ReadOptions, type SQLiteAdapter, type VectorRanker, type VectorRankerFallback, type VectorRankerRankArgs, type VectorRankerSemanticResult, WikiBusyError, type WikiBusyOperation, type WikiCheckpoint, type WikiConfig, type WikiEvent, type WikiFact, WikiMemory, type WikiOptions, type WikiTask, createWiki, formatContext, formatMemoryDump };
+export { type EntityStatus, type ExtractedFact, type ExtractedTask, type FormatContextOptions, type FormattedMemoryDump, type LLMProvider, type MemoryBundle, type MemoryDump, PrunePartialFailureError, type ReadOptions, type SQLiteAdapter, type VectorRanker, type VectorRankerFallback, type VectorRankerRankArgs, type VectorRankerSemanticResult, WikiBusyError, type WikiBusyOperation, type WikiCheckpoint, type WikiConfig, type WikiEvent, type WikiFact, WikiMemory, type WikiOptions, type WikiTask, createWiki, formatContext, formatMemoryDump };

package/dist/index.js

@@ -132,6 +132,18 @@ var WikiBusyError = class extends Error {
     this.entityId = entityId;
   }
 };
+var PrunePartialFailureError = class extends Error {
+  constructor(deleted, failedAt, remaining, cause, deletedTasks = 0, deletedEvents = 0) {
+    super(`Prune partially failed: deleted ${deleted}, failed at ${failedAt}, ${remaining} remaining`);
+    this.name = "PrunePartialFailureError";
+    this.deleted = deleted;
+    this.failedAt = failedAt;
+    this.remaining = remaining;
+    this.deletedTasks = deletedTasks;
+    this.deletedEvents = deletedEvents;
+    this.cause = cause;
+  }
+};
 
 // src/prompts.ts
 var LIBRARIAN_SYSTEM_PROMPT = `You are a knowledge extraction agent. Your job is to analyze recent episodic events and extract stable facts and actionable tasks about the user or entity.
@@ -198,6 +210,7 @@ function parseEmbedding(blob, text) {
 }
 
 // src/WikiMemory.ts
+var HOOK_TIMEOUT_MARKER = /* @__PURE__ */ Symbol("WikiMemoryHookTimeout");
 function parseJsonResponse(text) {
   const firstBrace = text.indexOf("{");
   const firstBracket = text.indexOf("[");
@@ -581,7 +594,55 @@ var _WikiMemory = class _WikiMemory {
     console.warn(`[WikiMemory] importDump: ${type} id "${id}" already belongs to entity "${existingEntityId}"; skipping for entity "${targetEntityId}"`);
   }
   async _notifyEmbeddingPersisted(entityId, factId, vector) {
-    await this.options.vectorRanker?.onEmbeddingPersisted?.({ entityId, factId, vector });
+    if (!this.options.vectorRanker?.onEmbeddingPersisted) return;
+    const vectorCopy = vector ? vector.slice() : null;
+    await this.options.vectorRanker.onEmbeddingPersisted({
+      entityId,
+      factId,
+      vector: vectorCopy
+    });
+  }
+  /**
+   * GDPR-critical variant: awaits the hook with a timeout and rethrows failures.
+   * Use ONLY on deletion paths. forget() calls after soft-delete UPDATE; runPrune()
+   * calls before hard DELETE. For best-effort sync, use _notifyEmbeddingPersisted.
+   */
+  async _notifyEmbeddingPersistedOrThrow(entityId, factId, vector) {
+    if (!this.options.vectorRanker?.onEmbeddingPersisted) return;
+    if (this.options.forceDeleteIgnoreRankerHook === true) return;
+    const vectorCopy = vector ? vector.slice() : null;
+    const rawTimeout = this.options.deletionHookTimeoutMs ?? 3e4;
+    if (typeof rawTimeout !== "number" || !Number.isFinite(rawTimeout) || rawTimeout <= 0) {
+      throw new Error("Invalid deletionHookTimeoutMs: must be a positive finite number");
+    }
+    const timeoutMs = rawTimeout;
+    let timeoutHandle;
+    const timeoutPromise = new Promise((_, reject) => {
+      timeoutHandle = setTimeout(
+        () => {
+          const timeoutError = new Error(`onEmbeddingPersisted timed out after ${timeoutMs}ms`);
+          timeoutError[HOOK_TIMEOUT_MARKER] = true;
+          reject(timeoutError);
+        },
+        timeoutMs
+      );
+    });
+    const hookPromise = Promise.resolve(
+      this.options.vectorRanker.onEmbeddingPersisted({
+        entityId,
+        factId,
+        vector: vectorCopy
+      })
+    );
+    try {
+      await Promise.race([hookPromise, timeoutPromise]);
+    } catch (err) {
+      hookPromise.catch(() => {
+      });
+      throw err;
+    } finally {
+      if (timeoutHandle) clearTimeout(timeoutHandle);
+    }
   }
   async setup() {
     const entriesExistedBeforeSetup = await this.db.getFirstAsync(
@@ -765,27 +826,71 @@ var _WikiMemory = class _WikiMemory {
       let deletedEntries = 0;
       let deletedTasks = 0;
       let deletedEvents = 0;
-      const deletedEntryIds = [];
       if (retainSoftDeletedFor !== null) {
         const cutoff = now - retainSoftDeletedFor * 864e5;
         const entriesToDelete = await this.db.getAllAsync(
-          `SELECT id FROM ${this.prefix}entries
+          `SELECT id, entity_id FROM ${this.prefix}entries
            WHERE entity_id = ? AND deleted_at IS NOT NULL AND deleted_at < ?`,
           [entityId, cutoff]
         );
-        deletedEntryIds.push(...entriesToDelete.map((e) => e.id));
-        const entryResult = await this.db.runAsync(
-          `DELETE FROM ${this.prefix}entries
-           WHERE entity_id = ? AND deleted_at IS NOT NULL AND deleted_at < ?`,
-          [entityId, cutoff]
-        );
-        deletedEntries = entryResult.changes;
+        const succeeded = [];
+        let failure = null;
+        for (const row of entriesToDelete) {
+          try {
+            await this._notifyEmbeddingPersistedOrThrow(row.entity_id, row.id, null);
+            succeeded.push({ entity_id: row.entity_id, id: row.id });
+          } catch (err) {
+            failure = { factId: row.id, cause: err };
+            break;
+          }
+        }
+        if (succeeded.length > 0) {
+          const chunkSize = 500;
+          for (let i = 0; i < succeeded.length; i += chunkSize) {
+            const chunk = succeeded.slice(i, i + chunkSize);
+            const placeholders = chunk.map(() => "?").join(",");
+            const entryResult = await this.db.runAsync(
+              `DELETE FROM ${this.prefix}entries WHERE entity_id = ? AND deleted_at IS NOT NULL AND deleted_at < ? AND id IN (${placeholders})`,
+              [entityId, cutoff, ...chunk.map((r) => r.id)]
+            );
+            deletedEntries += entryResult.changes;
+          }
+        }
         const taskResult = await this.db.runAsync(
           `DELETE FROM ${this.prefix}tasks
            WHERE entity_id = ? AND deleted_at IS NOT NULL AND deleted_at < ?`,
           [entityId, cutoff]
         );
         deletedTasks = taskResult.changes;
+        if (failure) {
+          await this.rebuildMiniSearchIndex(entityId);
+          this.vectorCache.delete(entityId);
+          const remaining = entriesToDelete.length - succeeded.length - 1;
+          const isTimeout = failure.cause?.[HOOK_TIMEOUT_MARKER] === true;
+          if (isTimeout) {
+            throw new PrunePartialFailureError(
+              succeeded.length,
+              failure.factId,
+              remaining,
+              new Error("Deletion hook timed out"),
+              deletedTasks,
+              0
+              // events not yet deleted at this point
+            );
+          }
+          const errMsg = failure.cause?.message ?? "";
+          const isValidationError = errMsg.startsWith("Invalid deletionHookTimeoutMs");
+          const sanitizedCause = isValidationError ? failure.cause : this._sanitizeRankerError(failure.cause);
+          throw new PrunePartialFailureError(
+            succeeded.length,
+            failure.factId,
+            remaining,
+            sanitizedCause,
+            deletedTasks,
+            0
+            // events not yet deleted at this point
+          );
+        }
       }
       if (retainEventsFor !== null) {
         const cutoff = now - retainEventsFor * 864e5;
@@ -802,14 +907,6 @@ var _WikiMemory = class _WikiMemory {
       }
       await this.rebuildMiniSearchIndex(entityId);
       this.vectorCache.delete(entityId);
-      const uniqueDeletedIds = Array.from(new Set(deletedEntryIds));
-      for (const factId of uniqueDeletedIds) {
-        try {
-          await this._notifyEmbeddingPersisted(entityId, factId, null);
-        } catch (hookErr) {
-          console.warn(`[WikiMemory] onEmbeddingPersisted hook failed during prune for ${factId}:`, hookErr);
-        }
-      }
       return { entries: deletedEntries, tasks: deletedTasks, events: deletedEvents };
     } finally {
       this.activeMaintenanceJobs.delete(pruneKey);
@@ -1063,7 +1160,10 @@ var _WikiMemory = class _WikiMemory {
               } catch (rankerErr) {
                 const rankerError = rankerErr instanceof Error ? rankerErr : new Error(String(rankerErr));
                 const policy = this.options.vectorRankerFallback ?? "js-cosine";
-                this.options.onVectorRankerFallback?.({ error: rankerError, policy });
+                this.options.onVectorRankerFallback?.({
+                  error: this._sanitizeRankerError(rankerError),
+                  policy
+                });
                 if (policy === "throw") {
                   rankerShouldRethrow = true;
                   throw rankerError;
@@ -1127,8 +1227,9 @@ var _WikiMemory = class _WikiMemory {
                   scored = [];
                 }
                 if (this.options.propagateRankerFailureToRetrievalFallback) {
-                  const mirrored = new Error("Vector ranker failed, falling back");
-                  mirrored.cause = rankerError;
+                  const mirrored = new Error("Vector ranker failed, falling back", {
+                    cause: this._sanitizeRankerError(rankerErr)
+                  });
                   pendingRankerFallbackError = mirrored;
                 }
               }
@@ -1288,12 +1389,31 @@ var _WikiMemory = class _WikiMemory {
     if (updatedAtDiff !== 0) return updatedAtDiff;
     return a.id.localeCompare(b.id);
   }
+  /**
+   * Strip potentially sensitive data from ranker errors before exposing to host callbacks.
+   * Preserves error type for debugging but removes message/stack that may contain credentials.
+   * Recursively sanitizes one level of .cause; deeper chains collapse to type only.
+   */
+  _sanitizeRankerError(err) {
+    if (this.options.sanitizeRankerErrors === false) {
+      return err instanceof Error ? err : new Error(String(err));
+    }
+    const typeName = err instanceof Error ? err.constructor?.name ?? "Error" : typeof err;
+    const innerCause = err instanceof Error && err.cause !== void 0 ? new Error(`Caused by: ${err.cause?.constructor?.name ?? typeof err.cause}`) : void 0;
+    const sanitized = new Error(
+      `VectorRanker ${typeName} (message scrubbed for security)`,
+      innerCause ? { cause: innerCause } : void 0
+    );
+    sanitized.name = typeName;
+    return sanitized;
+  }
   /**
    * Score candidate rows using in-process JS cosine similarity.
    * Applies hybrid blending (if weight set) and tie-break sorting before returning.
    */
   async _rankWithJsCosine(args) {
-    const { entityId, queryVec, candidateRows, weight, miniSearchScores, populateCache, limit } = args;
+    const queryVec = args.queryVec instanceof Float32Array ? args.queryVec.slice() : Array.from(args.queryVec);
+    const { entityId, candidateRows, weight, miniSearchScores, populateCache, limit } = args;
     let entityCache = this.vectorCache.get(entityId);
     const tooLarge = populateCache && candidateRows.length > _WikiMemory.MAX_VECTOR_CACHE_FACTS_PER_ENTITY;
     if (tooLarge && entityCache) {
@@ -1344,14 +1464,15 @@ var _WikiMemory = class _WikiMemory {
    * Returns scored results ready for hybrid blending and tie-break sorting.
    */
   async _rankWithVectorRanker(args) {
-    const { entityId, queryVec, candidateIds, weight, miniSearchScores, limit } = args;
+    const { entityId, candidateIds, weight, miniSearchScores, limit } = args;
     const ranker = this.options.vectorRanker;
     if (!ranker) {
       throw new Error("vectorRanker not configured");
     }
+    const queryVecCopy = args.queryVec instanceof Float32Array ? args.queryVec.slice() : Array.from(args.queryVec);
     const rankerResults = await ranker.rankBySimilarity({
       entityId,
-      queryVec,
+      queryVec: queryVecCopy,
       candidateIds,
       limit
     });
@@ -2171,11 +2292,15 @@ The following document anchors are provided for contradiction detection only. Do
       let deletedTasks = 0;
       const deletedEntryIds = [];
       if (params.clearAll) {
-        const entriesToDelete = await this.db.getAllAsync(
+        const newDeletions = await this.db.getAllAsync(
           `SELECT id FROM ${this.prefix}entries WHERE entity_id = ? AND deleted_at IS NULL`,
           [entityId]
         );
-        deletedEntryIds.push(...entriesToDelete.map((e) => e.id));
+        const alreadySoftDeleted = await this.db.getAllAsync(
+          `SELECT id FROM ${this.prefix}entries WHERE entity_id = ? AND deleted_at IS NOT NULL`,
+          [entityId]
+        );
+        deletedEntryIds.push(...newDeletions.map((e) => e.id), ...alreadySoftDeleted.map((e) => e.id));
         const [entriesRes, tasksRes] = await Promise.all([
           this.db.runAsync(`UPDATE ${this.prefix}entries SET deleted_at = ?, updated_at = ? WHERE entity_id = ? AND deleted_at IS NULL`, [now, now, entityId]),
           this.db.runAsync(`UPDATE ${this.prefix}tasks SET deleted_at = ?, updated_at = ? WHERE entity_id = ? AND deleted_at IS NULL`, [now, now, entityId])
@@ -2195,13 +2320,13 @@ The following document anchors are provided for contradiction detection only. Do
         if (params.sourceHash !== void 0 && !sourceHash) throw new Error("Invalid sourceHash (must be 64-char hex string)");
         if (params.entryId) {
           const entry = await this.db.getFirstAsync(
-            `SELECT id FROM ${this.prefix}entries WHERE id = ? AND entity_id = ? AND deleted_at IS NULL`,
+            `SELECT id FROM ${this.prefix}entries WHERE id = ? AND entity_id = ?`,
             [params.entryId, entityId]
           );
           if (entry) deletedEntryIds.push(entry.id);
         }
         if (sourceRef || sourceHash) {
-          let q = `SELECT id FROM ${this.prefix}entries WHERE entity_id = ? AND deleted_at IS NULL`;
+          let q = `SELECT id FROM ${this.prefix}entries WHERE entity_id = ?`;
           const args = [entityId];
           if (sourceRef) {
             q += ` AND source_ref = ?`;
@@ -2244,9 +2369,26 @@ The following document anchors are provided for contradiction detection only. Do
       const uniqueDeletedIds = Array.from(new Set(deletedEntryIds));
       for (const factId of uniqueDeletedIds) {
         try {
-          await this._notifyEmbeddingPersisted(entityId, factId, null);
+          await this._notifyEmbeddingPersistedOrThrow(entityId, factId, null);
         } catch (hookErr) {
-          console.warn(`[WikiMemory] onEmbeddingPersisted hook failed during forget for ${factId}:`, hookErr);
+          const isTimeout = hookErr?.[HOOK_TIMEOUT_MARKER] === true;
+          if (isTimeout) {
+            throw new Error(
+              `forget(${entityId}/${factId}) failed: ${hookErr.message}`
+            );
+          }
+          const errMsg = hookErr?.message ?? "";
+          const isValidationError = errMsg.startsWith("Invalid deletionHookTimeoutMs");
+          if (isValidationError) {
+            throw new Error(
+              `forget(${entityId}/${factId}) failed: ${errMsg}`,
+              { cause: hookErr }
+            );
+          }
+          throw new Error(
+            `forget(${entityId}/${factId}) failed: ANN cleanup hook rejected`,
+            { cause: this._sanitizeRankerError(hookErr) }
+          );
         }
       }
       return { deleted: { entries: deletedEntries, tasks: deletedTasks } };
@@ -2595,6 +2737,7 @@ function createWiki(db, options) {
   return new WikiMemory(db, options);
 }
 
+exports.PrunePartialFailureError = PrunePartialFailureError;
 exports.WikiBusyError = WikiBusyError;
 exports.WikiMemory = WikiMemory;
 exports.createWiki = createWiki;