eagle-mem 4.12.0 → 4.13.0

package/scripts/orchestrate.sh

@@ -203,6 +203,20 @@ orchestrate_worker_effort() {
     esac
 }
 
+# Worker autonomy level. Defaults to "safe" so spawned workers cannot run with
+# unattended full-access sandbox/approval settings on prompts assembled from
+# DB-stored lane descriptions (stored-prompt-injection surface). Set
+# [orchestration] worker_autonomy = "danger" to opt back into the previous
+# full-access behavior.
+orchestrate_worker_autonomy() {
+    local mode
+    mode=$(eagle_config_get "orchestration" "worker_autonomy" "safe")
+    case "$mode" in
+        danger|danger-full-access|full) echo "danger" ;;
+        *) echo "safe" ;;
+    esac
+}
+
 orchestrate_require_worker_cli() {
     case "$1" in
         codex)
@@ -775,6 +789,22 @@ orchestrate_worker_run_script() {
     local complete_note="Worker exited 0; log: $log_path"
     local block_note="Worker exited non-zero; log: $log_path"
 
+    # Autonomy gating: full-access unattended execution is opt-in (see
+    # orchestrate_worker_autonomy). The default "safe" mode keeps a sandbox and
+    # approval/permission gate in place because lane prompts come from
+    # DB-stored descriptions (stored-prompt-injection surface).
+    local autonomy codex_sandbox codex_approval claude_permission
+    autonomy=$(orchestrate_worker_autonomy)
+    if [ "$autonomy" = "danger" ]; then
+        codex_sandbox="danger-full-access"
+        codex_approval='approval_policy="never"'
+        claude_permission="dontAsk"
+    else
+        codex_sandbox="workspace-write"
+        codex_approval='approval_policy="on-request"'
+        claude_permission="acceptEdits"
+    fi
+
     {
         echo '#!/usr/bin/env bash'
         echo 'set +e'
@@ -786,12 +816,12 @@ orchestrate_worker_run_script() {
         printf 'export EAGLE_ORCHESTRATION_LANE=%q\n' "$lane_key"
         printf 'export EAGLE_ORCHESTRATION_WORKTREE=%q\n' "$worktree"
         if [ "$worker_agent" = "codex" ]; then
-            printf 'codex exec --cd %q --model %q -c %q -c %q --sandbox danger-full-access --output-last-message %q - < %q\n' \
-                "$worktree" "$worker_model" "$effort_config" 'approval_policy="never"' "$last_message_path" "$prompt_file"
+            printf 'codex exec --cd %q --model %q -c %q -c %q --sandbox %q --output-last-message %q - < %q\n' \
+                "$worktree" "$worker_model" "$effort_config" "$codex_approval" "$codex_sandbox" "$last_message_path" "$prompt_file"
         else
             printf 'prompt=$(cat %q)\n' "$prompt_file"
-            printf 'claude -p --model %q --effort %q --permission-mode dontAsk --output-format text "$prompt"\n' \
-                "$worker_model" "$worker_effort"
+            printf 'claude -p --model %q --effort %q --permission-mode %q --output-format text "$prompt"\n' \
+                "$worker_model" "$worker_effort" "$claude_permission"
         fi
         echo 'rc=$?'
         printf 'printf "%%s\\n" "$rc" > %q\n' "$exit_path"

package/scripts/session.sh

@@ -104,6 +104,11 @@ save_session() {
                 summary="$2"
                 shift 2
                 ;;
+            --summary-stdin)
+                # Read the summary from stdin so it is not visible in `ps`.
+                summary="$(cat)"
+                shift
+                ;;
             --request)
                 require_value "$1" "${2:-}"
                 request="$2"

package/scripts/statusline-em.sh

@@ -65,7 +65,11 @@ eagle_mem_statusline_stats() {
     project_scope=$(eagle_recall_project_scope_from_cwd "${current_dir:-$project_dir}" "$project_key")
     project_condition=$(eagle_sql_project_scope_condition "project" "$project_scope")
 
-    stats=$("$sqlite_bin" "$em_db" "SELECT
+    # busy_timeout so a momentary SQLITE_BUSY (this is the hottest standalone
+    # query during live sessions) waits for the lock instead of exiting non-zero,
+    # which would otherwise escalate to an integrity-status mislabel below.
+    stats=$("$sqlite_bin" "$em_db" "PRAGMA busy_timeout=10000;
+        SELECT
         COUNT(*) || '|' ||
         (SELECT COUNT(*) FROM agent_memories WHERE $project_condition) || '|' ||
         COALESCE(MAX(COALESCE(last_activity_at, started_at)), 'never')

package/scripts/tasks.sh

@@ -153,10 +153,13 @@ tasks_list() {
             in_progress)
                 icon="${CYAN}>${RESET}"
                 marker=" ${CYAN}[in_progress]${RESET}"
-                # Staleness check for discipline
+                # Staleness check for discipline. Route through eagle_db (busy_timeout
+                # + FTS5-capable sqlite3) and escape $updated_at — it is a DB-read value
+                # interpolated back into SQL, so a quote would be second-order injection.
                 if [ -n "$updated_at" ]; then
-                    local age_days
-                    age_days=$(echo "SELECT (julianday('now') - julianday('$updated_at'))" | sqlite3 "$EAGLE_MEM_DB" 2>/dev/null | cut -d. -f1)
+                    local age_days updated_at_sql
+                    updated_at_sql=$(eagle_sql_escape "$updated_at")
+                    age_days=$(eagle_db "SELECT (julianday('now') - julianday('$updated_at_sql'));" 2>/dev/null | cut -d. -f1)
                     if [ -n "$age_days" ] && [ "$age_days" -gt 7 ]; then
                         marker+=" ${RED}[STALE - ${age_days}d]${RESET}"
                     fi

package/scripts/test.sh

@@ -25,7 +25,11 @@ run_check() {
         eagle_ok "$name"
     else
         eagle_fail "$name"
-        ((errors++))
+        # Assignment form (not ((errors++))) so a failing check does not abort
+        # the whole runner under `set -e`: ((errors++)) returns exit 1 when the
+        # pre-increment value is 0, killing the suite at the first failure and
+        # skipping the failure-count summary below.
+        errors=$((errors + 1))
     fi
 }
 
@@ -68,6 +72,14 @@ run_check "Trust Surfaces (DB integrity, JSON errors, statusline)" "bash \"$SCRI
 run_check "Recall Observability (UserPromptSubmit recall event)" "bash \"$SCRIPTS_DIR/../tests/test_recall_observability.sh\""
 run_check "Eagle Event Log (hook/action observability)" "bash \"$SCRIPTS_DIR/../tests/test_eagle_events.sh\""
 run_check "Dashboard Surface (local HTML memory view)" "bash \"$SCRIPTS_DIR/../tests/test_dashboard.sh\""
+run_check "Clean Session Capture (capture_source, fill-only upsert, no clobber)" "bash \"$SCRIPTS_DIR/../tests/test_clean_session_capture.sh\""
+run_check "Context Budget (SessionStart injection ceiling: normal unchanged, pathological capped + logged)" "bash \"$SCRIPTS_DIR/../tests/test_context_budget.sh\""
+run_check "CLAUDE.md Capture Doctrine (installer rewrites outdated section)" "bash \"$SCRIPTS_DIR/../tests/test_claude_md_capture_doctrine.sh\""
+run_check "Redaction Coverage (provider input, recall events, enrich job, autonomy, log paths)" "bash \"$SCRIPTS_DIR/../tests/test_redaction_coverage.sh\""
+run_check "Data Integrity Hardening (migrate idempotency, SQL escaping, summary precedence)" "bash \"$SCRIPTS_DIR/../tests/test_data_integrity_hardening.sh\""
+run_check "Mod-Tracker Concurrency (lock TTL, no lost append, observation dedup race)" "bash \"$SCRIPTS_DIR/../tests/test_mod_tracker_concurrency.sh\""
+run_check "Reliability Retention (scan in-flight vs freshness, eagle_events prune)" "bash \"$SCRIPTS_DIR/../tests/test_reliability_retention.sh\""
+run_check "Test Runner No-Abort (failing check does not kill the suite under set -e)" "bash \"$SCRIPTS_DIR/../tests/test_test_runner_no_abort.sh\""
 
 echo ""
 if [ "$errors" -eq 0 ]; then

package/tests/test_claude_md_capture_doctrine.sh

@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+# ═══════════════════════════════════════════════════════════
+# Regression: eagle_patch_claude_md must rewrite an outdated
+# Eagle Mem capture section to the CLI-first doctrine.
+#
+# Guards against the v4.12.0 bug where the detection used
+# `grep -qF 'request: \[what user asked\] | completed:'` — under
+# grep -F the backslashes are literal, so it never matched the
+# real `[what user asked]` text and the section was never updated,
+# silently defeating the clean-capture feature on every install.
+# ═══════════════════════════════════════════════════════════
+set -uo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+pass=0
+fail=0
+ok()   { echo "  ok: $1"; pass=$((pass+1)); }
+bad()  { echo "  FAIL: $1"; fail=$((fail+1)); }
+
+run_case() {
+    local label="$1" body="$2"
+    local tmp; tmp=$(mktemp -d)
+    mkdir -p "$tmp/.claude"
+    printf '%s\n' "$body" > "$tmp/.claude/CLAUDE.md"
+
+    ( export HOME="$tmp"; . "$REPO_DIR/lib/common.sh" >/dev/null 2>&1; eagle_patch_claude_md >/dev/null 2>&1 )
+
+    if grep -qF 'session save --session-id' "$tmp/.claude/CLAUDE.md"; then
+        ok "$label: CLI-first doctrine present after patch"
+    else
+        bad "$label: section was NOT rewritten to CLI-first"
+    fi
+    if [ "$(grep -c '## Eagle Mem — Persistent Memory' "$tmp/.claude/CLAUDE.md")" = "1" ]; then
+        ok "$label: exactly one Eagle Mem section (no duplication)"
+    else
+        bad "$label: section count != 1"
+    fi
+    rm -rf "$tmp"
+}
+
+# Case 1: old <eagle-summary>-emit section with surrounding user content.
+run_case "old-eagle-summary" '# Custom global instructions
+
+Pre-section user content.
+
+---
+
+## Eagle Mem — Persistent Memory
+
+**Rule:** Before your final response, emit an `<eagle-summary>` block.
+
+```
+<eagle-summary>
+request: [what user asked] | completed: [what shipped]
+</eagle-summary>
+```
+
+---
+
+## Behavioral Rules
+
+Post-section user content that must survive.'
+
+# Verify surrounding content survives the rewrite (separate explicit check).
+TMP=$(mktemp -d); mkdir -p "$TMP/.claude"
+printf '%s\n' '# Custom
+
+KEEP_BEFORE_MARKER
+
+---
+
+## Eagle Mem — Persistent Memory
+
+**Rule:** emit an `<eagle-summary>` block.
+
+---
+
+## Behavioral Rules
+
+KEEP_AFTER_MARKER' > "$TMP/.claude/CLAUDE.md"
+( export HOME="$TMP"; . "$REPO_DIR/lib/common.sh" >/dev/null 2>&1; eagle_patch_claude_md >/dev/null 2>&1 )
+grep -q 'KEEP_BEFORE_MARKER' "$TMP/.claude/CLAUDE.md" && ok "preserve: content before section kept" || bad "preserve: clobbered content before section"
+grep -q 'KEEP_AFTER_MARKER'  "$TMP/.claude/CLAUDE.md" && ok "preserve: content after section kept"  || bad "preserve: clobbered content after section"
+grep -q 'emit an `<eagle-summary>` block' "$TMP/.claude/CLAUDE.md" && bad "preserve: stale emit instruction still present" || ok "preserve: stale emit instruction removed"
+
+# Idempotency: rewriting again must not add a second section.
+before=$(cksum "$TMP/.claude/CLAUDE.md" | awk '{print $1}')
+( export HOME="$TMP"; . "$REPO_DIR/lib/common.sh" >/dev/null 2>&1; eagle_patch_claude_md >/dev/null 2>&1 )
+[ "$(grep -c '## Eagle Mem — Persistent Memory' "$TMP/.claude/CLAUDE.md")" = "1" ] && ok "idempotent: still one section after 2nd run" || bad "idempotent: section duplicated on 2nd run"
+rm -rf "$TMP"
+
+echo ""
+echo "test_claude_md_capture_doctrine: $pass passed, $fail failed"
+[ "$fail" -eq 0 ] || exit 1

package/tests/test_context_budget.sh

@@ -0,0 +1,117 @@
+#!/usr/bin/env bash
+# ═══════════════════════════════════════════════════════════
+# Eagle Mem — SessionStart injection budget regression suite
+# Proves the global recall-injection ceiling:
+#   (a) normal-sized recall is emitted UNCHANGED (no trimming)
+#   (b) a pathologically large recall is capped at the budget,
+#       drops whole low-priority sections from the bottom, keeps the
+#       highest-priority top sections, and LOGS a trim (observable)
+# ═══════════════════════════════════════════════════════════
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+tmp_dir=$(mktemp -d)
+trap 'rm -rf "$tmp_dir"' EXIT
+
+fail() { echo "FAIL: $1" >&2; exit 1; }
+
+assert_eq() {
+    [ "$1" = "$2" ] || fail "$3 (expected='$2' actual='$1')"
+}
+
+assert_contains() {
+    case "$1" in *"$2"*) ;; *) fail "$3 (missing: $2)" ;; esac
+}
+
+assert_not_contains() {
+    case "$1" in *"$2"*) fail "$3 (unexpectedly present: $2)" ;; esac
+}
+
+. "$ROOT_DIR/lib/common.sh"
+
+trim_count_file="$tmp_dir/.trim-count"
+export EAGLE_INJECT_TRIM_COUNT="$trim_count_file"
+
+# ─── Budget helper: sane default + floor against self-defeating values ──
+default_budget=$(eagle_sessionstart_inject_budget)
+[ "$default_budget" -ge 4000 ] 2>/dev/null \
+    || fail "default budget unexpectedly small ($default_budget)"
+
+floored=$(EAGLE_MEM_DIR="$tmp_dir" bash -c "
+    . '$ROOT_DIR/lib/common.sh'
+    mkdir -p '$tmp_dir'
+    printf '[context_budget]\nsessionstart_chars = 10\n' > '$tmp_dir/config.toml'
+    eagle_sessionstart_inject_budget
+")
+[ "$floored" -ge 4000 ] 2>/dev/null \
+    || fail "tiny configured budget was not floored ($floored)"
+
+# ─── (a) Normal-sized recall — emitted UNCHANGED ──────────────────────
+normal_body="=== Eagle Mem: Project Overview ===
+A small project overview that fits comfortably.
+=== Eagle Mem: Recent Recall ===
+One recent session summary.
+=== Eagle Mem: Stored Memories ===
+  - [project][claude] Some memory: short description (today)
+=== Eagle Mem: Core Files ===
+  - main.sh
+=== Eagle Mem: Working Set ===
+  - app.ts (2 edits)"
+
+normal_out=$(printf '%s' "$normal_body" | eagle_trim_inject_body 24000)
+normal_dropped=$(cat "$trim_count_file")
+
+assert_eq "$normal_out" "$normal_body" "normal recall was modified by the budget"
+assert_eq "$normal_dropped" "0" "normal recall reported a non-zero trim"
+
+# ─── (b) Pathological recall — capped, low-priority dropped, top kept ──
+# Build a body whose top section is small but whose trailing sections are
+# huge, so the ceiling must engage.
+huge=$(head -c 9000 /dev/zero | tr '\0' 'x')
+big_body="=== Eagle Mem: Project Overview ===
+KEEP_OVERVIEW_MARKER top-priority overview must survive.
+=== Eagle Mem: Recent Recall ===
+$huge
+=== Eagle Mem: Tasks ===
+$huge
+=== Eagle Mem: Core Files ===
+$huge
+=== Eagle Mem: Working Set ===
+$huge"
+
+budget=12000
+big_out=$(printf '%s' "$big_body" | eagle_trim_inject_body "$budget")
+big_dropped=$(cat "$trim_count_file")
+
+[ "${#big_out}" -le "$budget" ] 2>/dev/null \
+    || fail "trimmed body still exceeds budget (${#big_out} > $budget)"
+[ "$big_dropped" -gt 0 ] 2>/dev/null \
+    || fail "pathological recall did not report any trimmed sections"
+assert_contains "$big_out" "KEEP_OVERVIEW_MARKER" \
+    "top-priority Overview section was dropped"
+assert_not_contains "$big_out" "=== Eagle Mem: Working Set ===" \
+    "lowest-priority Working Set section survived past the budget"
+
+# ─── Termination safety: a single oversized first section is kept whole ──
+oversized=$(head -c 20000 /dev/zero | tr '\0' 'y')
+solo_body="=== Eagle Mem: Project Overview ===
+$oversized"
+solo_out=$(printf '%s' "$solo_body" | eagle_trim_inject_body 5000)
+solo_dropped=$(cat "$trim_count_file")
+assert_contains "$solo_out" "=== Eagle Mem: Project Overview ===" \
+    "oversized lone section was discarded instead of kept whole"
+assert_eq "$solo_dropped" "0" "oversized lone section reported a phantom trim"
+
+# A body with no section markers is returned verbatim (no infinite loop).
+nomarker_out=$(printf '%s' "$oversized" | eagle_trim_inject_body 5000)
+assert_eq "${#nomarker_out}" "${#oversized}" "marker-less body was altered"
+
+# ─── Observable trim: the hook logs a WARN when it trims ──────────────
+# The hook engages the ceiling and logs a WARN with the dropped-section count
+# whenever it trims; assert that observable surface exists in the hook.
+grep -q 'SessionStart: injection over budget' "$ROOT_DIR/hooks/session-start.sh" \
+    || fail "session-start.sh missing observable over-budget WARN log"
+grep -q 'trimmed .* low-priority section' "$ROOT_DIR/hooks/session-start.sh" \
+    || fail "session-start.sh WARN log does not report trimmed section count"
+
+echo "PASS: SessionStart injection budget (normal unchanged, pathological capped + logged)"

package/tests/test_data_integrity_hardening.sh

@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+# ═══════════════════════════════════════════════════════════
+# Eagle Mem — Data integrity hardening regression test
+# Covers:
+#   - migrate.sh idempotency (re-run is a no-op, _migrations unchanged)
+#   - SQL escaping units (single quotes, FTS metachars, GLOB/LIKE patterns
+#     stored verbatim and queryable — no injection, no crash)
+#   - Summary precedence: eagle_insert_summary vs _fill_only — capture_source
+#     AND project stickiness on agent rows (finding #8 clobber)
+# ═══════════════════════════════════════════════════════════
+set -uo pipefail
+
+ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+tmp_dir=$(mktemp -d)
+trap 'rm -rf "$tmp_dir"' EXIT
+
+export EAGLE_MEM_DIR="$tmp_dir/em"
+export EAGLE_AGENT_SOURCE="claude-code"
+export EAGLE_MEM_DISABLE_HOOKS=1
+mkdir -p "$EAGLE_MEM_DIR"
+
+pass=0; fail=0
+ok()  { echo "  ok: $1"; pass=$((pass+1)); }
+bad() { echo "  FAIL: $1" >&2; fail=$((fail+1)); }
+
+bash "$ROOT_DIR/db/migrate.sh" >/dev/null 2>&1
+
+. "$ROOT_DIR/lib/common.sh"
+. "$ROOT_DIR/lib/db.sh"
+
+# ── migrate.sh idempotency ──────────────────────────────────
+mig_before=$(eagle_db "SELECT COUNT(*) || ':' || COALESCE(MAX(id),0) FROM _migrations;")
+mig_out=$(bash "$ROOT_DIR/db/migrate.sh" 2>&1); mig_rc=$?
+[ "$mig_rc" -eq 0 ] && ok "migrate 2nd run exits 0" || bad "migrate 2nd run rc=$mig_rc out=$mig_out"
+case "$mig_out" in
+    *applied:*) bad "migrate 2nd run re-applied a migration: $mig_out" ;;
+    *) ok "migrate 2nd run applied nothing" ;;
+esac
+mig_after=$(eagle_db "SELECT COUNT(*) || ':' || COALESCE(MAX(id),0) FROM _migrations;")
+[ "$mig_before" = "$mig_after" ] && ok "_migrations unchanged on 2nd run ($mig_after)" || bad "_migrations drifted: $mig_before -> $mig_after"
+
+# ── SQL escaping units ──────────────────────────────────────
+# Each payload is stored verbatim via eagle_insert_summary (escaped) and read
+# back; a quote/metachar that broke out of the literal would error or truncate.
+SID_Q="esc-quote-001"
+eagle_upsert_session "$SID_Q" "esc/proj" "$tmp_dir" "" "test" "claude-code"
+quote_payload="it's a \"trap\"; DROP TABLE summaries;-- '' or 1=1"
+eagle_insert_summary "$SID_Q" "esc/proj" "$quote_payload" "" "" "" "" "[]" "[]" "" "" "" "" "claude-code" "agent"
+got_q=$(eagle_db "SELECT request FROM summaries WHERE session_id='$SID_Q';")
+[ "$got_q" = "$quote_payload" ] && ok "single-quote/SQL-injection payload stored verbatim" || bad "quote payload mangled -> '$got_q'"
+# summaries table still present (no DROP executed)
+have_tbl=$(eagle_db "SELECT name FROM sqlite_master WHERE type='table' AND name='summaries';")
+[ "$have_tbl" = "summaries" ] && ok "summaries table intact after injection attempt" || bad "summaries table missing — injection executed"
+
+SID_F="esc-fts-002"
+eagle_upsert_session "$SID_F" "esc/proj" "$tmp_dir" "" "test" "claude-code"
+fts_payload='NEAR("foo" bar)* AND col:val OR -baz {set}'
+eagle_insert_summary "$SID_F" "esc/proj" "$fts_payload" "" "" "" "" "[]" "[]" "" "" "" "" "claude-code" "agent"
+got_f=$(eagle_db "SELECT request FROM summaries WHERE session_id='$SID_F';")
+[ "$got_f" = "$fts_payload" ] && ok "FTS-metachar payload stored verbatim" || bad "FTS payload mangled -> '$got_f'"
+# FTS search over a benign token must not crash even though row has metachars
+srch=$(eagle_search_summaries "foo" "" 5 2>&1); srch_rc=$?
+[ "$srch_rc" -eq 0 ] && ok "FTS search over metachar corpus did not crash (rc=0)" || bad "FTS search crashed rc=$srch_rc: $srch"
+
+SID_G="esc-glob-003"
+eagle_upsert_session "$SID_G" "esc/proj" "$tmp_dir" "" "test" "claude-code"
+glob_payload='100% OFF _now_ [a-z]* path\to\file'
+eagle_insert_observation "$SID_G" "esc/proj" "Bash" "$glob_payload" "[]" "[]"
+got_g=$(eagle_db "SELECT tool_input_summary FROM observations WHERE session_id='$SID_G';")
+[ "$got_g" = "$glob_payload" ] && ok "GLOB/LIKE-metachar payload stored verbatim in observations" || bad "glob payload mangled -> '$got_g'"
+
+# guardrail field escaping (single quote)
+if declare -F eagle_add_guardrail >/dev/null 2>&1; then
+    eagle_add_guardrail "esc/proj" "don't touch '; DELETE FROM guardrails;--" "*.sh" "test" >/dev/null 2>&1
+    grc=$(eagle_db "SELECT rule FROM guardrails WHERE project='esc/proj' ORDER BY id DESC LIMIT 1;")
+    case "$grc" in *"don't touch"*) ok "guardrail rule with quote stored verbatim" ;; *) bad "guardrail rule mangled -> '$grc'" ;; esac
+    gcount=$(eagle_db "SELECT name FROM sqlite_master WHERE type='table' AND name='guardrails';")
+    [ "$gcount" = "guardrails" ] && ok "guardrails table intact after injection attempt" || bad "guardrails table dropped — injection executed"
+else
+    ok "eagle_add_guardrail not present — skipped (non-fatal)"
+fi
+
+# ── Summary precedence / clobber (finding #8) ───────────────
+# An agent-authored row must NOT have its project rekeyed by a later hook-path
+# writer that arrives with a drifted project key.
+SID_P="precedence-004"
+eagle_upsert_session "$SID_P" "real/project" "$tmp_dir" "" "test" "claude-code"
+eagle_insert_summary "$SID_P" "real/project" "agent req" "" "" "agent done" "" "[]" "[]" "" "agent decision" "" "" "claude-code" "agent"
+[ "$(eagle_db "SELECT capture_source FROM summaries WHERE session_id='$SID_P';")" = "agent" ] && ok "P: capture_source=agent after agent insert" || bad "P: capture_source not agent"
+[ "$(eagle_db "SELECT project FROM summaries WHERE session_id='$SID_P';")" = "real/project" ] && ok "P: project=real/project after agent insert" || bad "P: project wrong"
+
+# Later hook writer with a DRIFTED project key + heuristic capture_source.
+eagle_insert_summary "$SID_P" "DRIFTED/wrong-key" "" "" "" "" "" "[]" "[]" "" "" "" "" "claude-code" "hook"
+proj_after=$(eagle_db "SELECT project FROM summaries WHERE session_id='$SID_P';")
+[ "$proj_after" = "real/project" ] && ok "P: agent row project NOT clobbered by drifted hook write" || bad "P: project clobbered -> '$proj_after'"
+[ "$(eagle_db "SELECT capture_source FROM summaries WHERE session_id='$SID_P';")" = "agent" ] && ok "P: capture_source stays agent" || bad "P: capture_source downgraded"
+[ "$(eagle_db "SELECT completed FROM summaries WHERE session_id='$SID_P';")" = "agent done" ] && ok "P: agent completed preserved" || bad "P: completed clobbered"
+
+# Contrast: a hook-authored row (capture_source != agent) SHOULD still accept a
+# project correction (the normal drift-repair path must not regress).
+SID_H="precedence-005"
+eagle_upsert_session "$SID_H" "hookproj/a" "$tmp_dir" "" "test" "claude-code"
+eagle_insert_summary "$SID_H" "hookproj/a" "hook req" "" "" "hook done" "" "[]" "[]" "" "" "" "" "claude-code" "hook"
+eagle_insert_summary "$SID_H" "hookproj/b" "" "" "" "" "" "[]" "[]" "" "" "" "" "claude-code" "hook"
+proj_h=$(eagle_db "SELECT project FROM summaries WHERE session_id='$SID_H';")
+[ "$proj_h" = "hookproj/b" ] && ok "H: hook row project STILL repairable (no regression)" || bad "H: hook project not updated -> '$proj_h'"
+
+# fill_only must never change project or downgrade capture_source on agent row
+eagle_insert_summary_fill_only "$SID_P" "ANOTHER/drift" "" "" "fill learned" "" "" "[]" "[]" "" "" "" "" "claude-code" "enrich"
+[ "$(eagle_db "SELECT project FROM summaries WHERE session_id='$SID_P';")" = "real/project" ] && ok "P: fill_only did not change project" || bad "P: fill_only changed project"
+case "$(eagle_db "SELECT learned FROM summaries WHERE session_id='$SID_P';")" in *"fill learned"*) ok "P: fill_only filled empty learned gap" ;; *) bad "P: fill_only did not fill learned" ;; esac
+
+echo ""
+echo "test_data_integrity_hardening: $pass passed, $fail failed"
+[ "$fail" -eq 0 ]

package/tests/test_mod_tracker_concurrency.sh

@@ -0,0 +1,142 @@
+#!/usr/bin/env bash
+# ═══════════════════════════════════════════════════════════
+# Eagle Mem — mod-tracker concurrency regression test (finding #6)
+# Asserts:
+#   1. Many parallel writers never wedge the lock (no leaked *.lock dir).
+#   2. A pending append created DURING a drain is NOT lost (drains via mv, so
+#      only captured files are deleted; concurrent appends survive).
+#   3. A stale lock dir (older than TTL) is reclaimed, not wedged forever.
+#   4. The edit-history writer is lock-guarded and loses no append.
+# ═══════════════════════════════════════════════════════════
+set -uo pipefail
+
+ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+tmp_dir=$(mktemp -d)
+trap 'rm -rf "$tmp_dir"' EXIT
+
+export EAGLE_MEM_DIR="$tmp_dir/em"
+export EAGLE_AGENT_SOURCE="claude-code"
+export EAGLE_MEM_DISABLE_HOOKS=1
+export EAGLE_MOD_LOCK_TTL=2
+mkdir -p "$EAGLE_MEM_DIR"
+
+pass=0; fail=0
+ok()  { echo "  ok: $1"; pass=$((pass+1)); }
+bad() { echo "  FAIL: $1" >&2; fail=$((fail+1)); }
+
+. "$ROOT_DIR/lib/common.sh"
+
+# Pull the tracker functions out of post-tool-use.sh without running the hook
+# body. State-machine awk: capture the TTL assignment plus each named function
+# (header at column 0 through its closing `}` at column 0). No overlapping
+# ranges, so no duplicated lines.
+fn_src="$tmp_dir/tracker_fns.sh"
+awk '
+    /^EAGLE_MOD_LOCK_TTL=/ { print; next }
+    /^(eagle_acquire_dir_lock|eagle_track_modified_path|eagle_track_edit_history_path)\(\) \{/ { capture=1 }
+    capture { print }
+    capture && /^}$/ { capture=0 }
+' "$ROOT_DIR/hooks/post-tool-use.sh" > "$fn_src"
+bash -n "$fn_src" || { bad "extracted tracker fns have syntax errors"; cat "$fn_src" >&2; echo "$pass passed, $fail failed"; exit 1; }
+. "$fn_src"
+declare -F eagle_track_modified_path >/dev/null && ok "loaded eagle_track_modified_path" || { bad "could not load tracker fns"; echo "$pass passed, $fail failed"; exit 1; }
+declare -F eagle_acquire_dir_lock >/dev/null && ok "loaded eagle_acquire_dir_lock" || bad "could not load lock helper"
+
+SID="conc-aaa111bbb222"
+mod_dir="$EAGLE_MEM_DIR/mod-tracker"
+mod_file="$mod_dir/$SID"
+mod_lock="${mod_file}.lock"
+
+# ── 1. Parallel writers, no wedge ──────────────────────────
+N=40
+for i in $(seq 1 "$N"); do
+    eagle_track_modified_path "/p/file_${i}.txt" "$SID" &
+done
+wait
+[ ! -d "$mod_lock" ] && ok "1: lock dir not leaked after $N parallel writers" || bad "1: lock dir wedged"
+# Whatever is committed must be valid paths from our set (no corruption).
+committed=$(cat "$mod_file" 2>/dev/null | wc -l | tr -d ' ')
+[ "$committed" -ge 1 ] && ok "1: committed file has $committed line(s)" || bad "1: committed file empty"
+bad_lines=$(grep -vE '^/p/file_[0-9]+\.txt$' "$mod_file" 2>/dev/null | wc -l | tr -d ' ')
+[ "$bad_lines" = "0" ] && ok "1: no corrupted/interleaved lines in committed file" || bad "1: $bad_lines corrupted lines"
+
+# ── 2. Append during drain is NOT lost ─────────────────────
+# Hold the lock ourselves, create a pending file, snapshot starts, then a NEW
+# pending append lands. The drain must mv-capture only pre-existing pending
+# files and never delete the late append.
+rm -rf "$mod_dir"; mkdir -p "$mod_dir"
+printf '%s\n' "/p/early.txt" > "${mod_file}.pending.111"
+# Simulate: acquire lock, mv-drain existing pending, but a concurrent writer
+# adds a brand-new pending file before we rm. Reproduce the exact sequence the
+# fixed code uses.
+mkdir "$mod_lock"
+# drain step (mv existing pending out of the way)
+for pf in "${mod_file}".pending.*; do
+    [ -e "$pf" ] || continue
+    mv "$pf" "${pf}.draining.$$" 2>/dev/null || true
+done
+# CONCURRENT appender lands a new pending file AFTER our snapshot/mv:
+printf '%s\n' "/p/late.txt" > "${mod_file}.pending.999"
+# finish drain: build committed from draining files only, delete draining only
+{ cat "$mod_file" 2>/dev/null; for d in "${mod_file}".pending.*.draining.*; do [ -e "$d" ] && cat "$d"; done; } | tail -3 > "${mod_file}.tmp"
+mv "${mod_file}.tmp" "$mod_file"
+rm -f "${mod_file}".pending.*.draining.* 2>/dev/null || true
+rmdir "$mod_lock"
+# The late append must still be present as a pending file (not deleted).
+[ -f "${mod_file}.pending.999" ] && ok "2: concurrent append during drain survived (not deleted)" || bad "2: late append LOST"
+grep -q "/p/early.txt" "$mod_file" && ok "2: early pending drained into committed file" || bad "2: early pending lost"
+
+# ── 3. Stale lock reclaim ──────────────────────────────────
+rm -rf "$mod_dir"; mkdir -p "$mod_dir"
+mkdir "$mod_lock"
+# Age the lock past TTL (EAGLE_MOD_LOCK_TTL=2s) by backdating its mtime.
+touch -t "$(date -v-1H '+%Y%m%d%H%M.%S' 2>/dev/null || date -d '1 hour ago' '+%Y%m%d%H%M.%S')" "$mod_lock" 2>/dev/null || true
+# A new writer should reclaim the stale lock and succeed (not hang/fail).
+eagle_track_modified_path "/p/after_stale.txt" "$SID"
+[ ! -d "$mod_lock" ] && ok "3: stale lock reclaimed and released" || bad "3: stale lock not reclaimed"
+grep -q "/p/after_stale.txt" "$mod_file" && ok "3: write after stale-lock reclaim recorded" || bad "3: write lost after stale reclaim"
+
+# ── 4. edit-history writer is locked and loses nothing ─────
+edit_dir="$EAGLE_MEM_DIR/edit-tracker"
+edit_file="$edit_dir/$SID"
+rm -rf "$edit_dir"
+M=40
+for i in $(seq 1 "$M"); do
+    eagle_track_edit_history_path "/e/edit_${i}.txt" "$SID" &
+done
+wait
+[ ! -d "${edit_file}.lock" ] && ok "4: edit-history lock not leaked" || bad "4: edit-history lock wedged"
+edit_count=$(sort -u "$edit_file" 2>/dev/null | grep -cE '^/e/edit_[0-9]+\.txt$' || echo 0)
+[ "$edit_count" = "$M" ] && ok "4: all $M edit-history appends present (append-only, none lost)" || bad "4: only $edit_count/$M edit-history appends present"
+bad_e=$(grep -vE '^/e/edit_[0-9]+\.txt$' "$edit_file" 2>/dev/null | wc -l | tr -d ' ')
+[ "$bad_e" = "0" ] && ok "4: no torn/interleaved edit-history lines" || bad "4: $bad_e torn lines"
+
+# ── 5. Observation dedup is race-safe (finding #7) ─────────
+# Two concurrent identical observations must dedupe to ONE row. The fixed code
+# wraps the check-then-insert in BEGIN IMMEDIATE so the second writer blocks,
+# then sees the first row via NOT EXISTS.
+. "$ROOT_DIR/lib/db.sh"
+bash "$ROOT_DIR/db/migrate.sh" >/dev/null 2>&1
+OSID="obs-dedup-7777"
+eagle_upsert_session "$OSID" "obs/proj" "$tmp_dir" "" "test" "claude-code"
+for i in $(seq 1 12); do
+    eagle_insert_observation "$OSID" "obs/proj" "Bash" "ls -la /tmp" "[]" "[]" &
+done
+wait
+obs_rows=$(eagle_db "SELECT COUNT(*) FROM observations WHERE session_id='$OSID' AND tool_input_summary='ls -la /tmp';")
+[ "$obs_rows" = "1" ] && ok "5: 12 concurrent identical observations deduped to 1 row" || bad "5: dedup race produced $obs_rows rows (expected 1)"
+
+# eagle_db_strict exists and aborts a multi-statement script on first error.
+if declare -F eagle_db_strict >/dev/null; then
+    ok "5: eagle_db_strict variant present"
+    # A failing first statement must prevent the second from running.
+    eagle_db_strict "INSERT INTO nonexistent_table_xyz VALUES (1); INSERT INTO observations (session_id, project, tool_name) VALUES ('strict-canary','obs/proj','Bash');" >/dev/null 2>&1 || true
+    canary=$(eagle_db "SELECT COUNT(*) FROM observations WHERE session_id='strict-canary';")
+    [ "$canary" = "0" ] && ok "5: eagle_db_strict bailed before 2nd statement" || bad "5: eagle_db_strict did not bail ($canary canary rows)"
+else
+    bad "5: eagle_db_strict missing"
+fi
+
+echo ""
+echo "test_mod_tracker_concurrency: $pass passed, $fail failed"
+[ "$fail" -eq 0 ]