memory-journal-mcp 4.4.2 → 5.0.0

package/dist/database/SqliteAdapter.js

@@ -8,82 +8,8 @@ import initSqlJs from 'sql.js';
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { logger } from '../utils/logger.js';
-import { validateDateFormatPattern } from '../utils/security-utils.js';
-// Schema SQL for initialization
-const SCHEMA_SQL = `
--- Main journal entries table
-CREATE TABLE IF NOT EXISTS memory_journal (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    entry_type TEXT NOT NULL,
-    content TEXT NOT NULL,
-    timestamp TEXT DEFAULT CURRENT_TIMESTAMP,
-    is_personal INTEGER DEFAULT 1,
-    significance_type TEXT,
-    auto_context TEXT,
-    deleted_at TEXT,
-    -- GitHub integration fields
-    project_number INTEGER,
-    project_owner TEXT,
-    issue_number INTEGER,
-    issue_url TEXT,
-    pr_number INTEGER,
-    pr_url TEXT,
-    pr_status TEXT,
-    workflow_run_id INTEGER,
-    workflow_name TEXT,
-    workflow_status TEXT
-);
-
--- Tags table
-CREATE TABLE IF NOT EXISTS tags (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    name TEXT UNIQUE NOT NULL,
-    usage_count INTEGER DEFAULT 0
-);
-
--- Junction table for entry-tag relationships
-CREATE TABLE IF NOT EXISTS entry_tags (
-    entry_id INTEGER NOT NULL,
-    tag_id INTEGER NOT NULL,
-    PRIMARY KEY (entry_id, tag_id),
-    FOREIGN KEY (entry_id) REFERENCES memory_journal(id) ON DELETE CASCADE,
-    FOREIGN KEY (tag_id) REFERENCES tags(id) ON DELETE CASCADE
-);
-
--- Relationships between entries
-CREATE TABLE IF NOT EXISTS relationships (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    from_entry_id INTEGER NOT NULL,
-    to_entry_id INTEGER NOT NULL,
-    relationship_type TEXT NOT NULL,
-    description TEXT,
-    created_at TEXT DEFAULT CURRENT_TIMESTAMP,
-    FOREIGN KEY (from_entry_id) REFERENCES memory_journal(id) ON DELETE CASCADE,
-    FOREIGN KEY (to_entry_id) REFERENCES memory_journal(id) ON DELETE CASCADE
-);
-
--- Embeddings for vector search (stored as JSON for sql.js compatibility)
-CREATE TABLE IF NOT EXISTS embeddings (
-    entry_id INTEGER PRIMARY KEY,
-    embedding TEXT NOT NULL,
-    model_name TEXT NOT NULL,
-    FOREIGN KEY (entry_id) REFERENCES memory_journal(id) ON DELETE CASCADE
-);
-
--- Indexes for performance
-CREATE INDEX IF NOT EXISTS idx_memory_journal_timestamp ON memory_journal(timestamp);
-CREATE INDEX IF NOT EXISTS idx_memory_journal_type ON memory_journal(entry_type);
-CREATE INDEX IF NOT EXISTS idx_memory_journal_personal ON memory_journal(is_personal);
-CREATE INDEX IF NOT EXISTS idx_memory_journal_deleted ON memory_journal(deleted_at);
-CREATE INDEX IF NOT EXISTS idx_memory_journal_project ON memory_journal(project_number);
-CREATE INDEX IF NOT EXISTS idx_memory_journal_issue ON memory_journal(issue_number);
-CREATE INDEX IF NOT EXISTS idx_memory_journal_pr ON memory_journal(pr_number);
-CREATE INDEX IF NOT EXISTS idx_tags_name ON tags(name);
-CREATE INDEX IF NOT EXISTS idx_entry_tags_entry ON entry_tags(entry_id);
-CREATE INDEX IF NOT EXISTS idx_entry_tags_tag ON entry_tags(tag_id);
-CREATE INDEX IF NOT EXISTS idx_relationships_from ON relationships(from_entry_id);
-CREATE INDEX IF NOT EXISTS idx_relationships_to ON relationships(to_entry_id);
-`;
+import { validateDateFormatPattern, sanitizeSearchQuery, assertNoPathTraversal, } from '../utils/security-utils.js';
+import { SCHEMA_SQL, TEAM_SCHEMA_SQL } from './schema.js';
 /**
  * SQLite Database Adapter for Memory Journal using sql.js
  */
@@ -128,11 +54,174 @@ export class SqliteAdapter {
         }
         // Initialize schema
         this.db.run(SCHEMA_SQL);
+        // Migrate existing databases that may lack newer columns
+        this.migrateSchema();
+        // Enable foreign key enforcement (SQLite disables by default)
+        // Required for ON DELETE CASCADE in entry_tags, relationships, embeddings
+        this.db.run('PRAGMA foreign_keys = ON');
         this.initialized = true;
         logger.info('Database opened', { module: 'SqliteAdapter', dbPath: this.dbPath });
         // Immediate flush after initialization to persist schema
         this.flushSave();
     }
+    /**
+     * Migrate existing databases that may lack newer columns.
+     * Required because CREATE TABLE IF NOT EXISTS is a no-op on
+     * existing tables — columns added after initial creation are
+     * never added. This method checks for each expected column and
+     * runs ALTER TABLE as needed.
+     * Idempotent — safe to call on databases that already have all columns.
+     */
+    migrateSchema() {
+        const db = this.ensureDb();
+        const tableInfo = db.exec('PRAGMA table_info(memory_journal)');
+        const columns = new Set((tableInfo[0]?.values ?? []).map((row) => String(row[1])));
+        const requiredColumns = [
+            {
+                name: 'significance_type',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN significance_type TEXT',
+            },
+            {
+                name: 'auto_context',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN auto_context TEXT',
+            },
+            { name: 'deleted_at', sql: 'ALTER TABLE memory_journal ADD COLUMN deleted_at TEXT' },
+            {
+                name: 'project_number',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN project_number INTEGER',
+            },
+            {
+                name: 'project_owner',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN project_owner TEXT',
+            },
+            {
+                name: 'issue_number',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN issue_number INTEGER',
+            },
+            { name: 'issue_url', sql: 'ALTER TABLE memory_journal ADD COLUMN issue_url TEXT' },
+            { name: 'pr_number', sql: 'ALTER TABLE memory_journal ADD COLUMN pr_number INTEGER' },
+            { name: 'pr_url', sql: 'ALTER TABLE memory_journal ADD COLUMN pr_url TEXT' },
+            { name: 'pr_status', sql: 'ALTER TABLE memory_journal ADD COLUMN pr_status TEXT' },
+            {
+                name: 'workflow_run_id',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN workflow_run_id INTEGER',
+            },
+            {
+                name: 'workflow_name',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN workflow_name TEXT',
+            },
+            {
+                name: 'workflow_status',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN workflow_status TEXT',
+            },
+        ];
+        const added = [];
+        for (const col of requiredColumns) {
+            if (!columns.has(col.name)) {
+                db.run(col.sql);
+                added.push(col.name);
+            }
+        }
+        // Fix any tags with NULL usage_count (data repair from legacy DBs)
+        db.run('UPDATE tags SET usage_count = 0 WHERE usage_count IS NULL');
+        // Drop legacy FTS5 triggers from Python-era databases.
+        // sql.js WASM does not include FTS5; these triggers cause "no such module: fts5"
+        // on INSERT/UPDATE/DELETE operations. The TypeScript codebase uses LIKE queries.
+        // NOTE: We only drop triggers (regular objects). Dropping FTS5 virtual tables
+        // would also require the fts5 module, so we leave the inert shadow tables in place.
+        const dropped = [];
+        const triggers = db.exec("SELECT name FROM sqlite_master WHERE type = 'trigger' AND sql LIKE '%fts%'");
+        // Validate trigger names before interpolating into DDL (defense-in-depth)
+        const SAFE_IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+        for (const row of triggers[0]?.values ?? []) {
+            const name = String(row[0]);
+            if (!SAFE_IDENTIFIER_RE.test(name)) {
+                logger.warning('Skipping trigger with unsafe name during migration', {
+                    module: 'SqliteAdapter',
+                    triggerName: name,
+                });
+                continue;
+            }
+            db.run(`DROP TRIGGER IF EXISTS "${name}"`);
+            dropped.push(`trigger:${name}`);
+        }
+        const changes = [...added.map((c) => `column:${c}`), ...dropped];
+        if (changes.length > 0) {
+            this.flushSave();
+            logger.info('Schema migrated', {
+                module: 'SqliteAdapter',
+                dbPath: this.dbPath,
+                changes,
+            });
+        }
+    }
+    /**
+     * Apply additional schema for team databases (adds author column).
+     * Also migrates legacy team DBs that may be missing columns from the
+     * current main schema (e.g. issue_number, pr_number added after v2).
+     * Idempotent — safe to call on databases that already have all columns.
+     */
+    applyTeamSchema() {
+        const db = this.ensureDb();
+        const tableInfo = db.exec('PRAGMA table_info(memory_journal)');
+        const columns = new Set((tableInfo[0]?.values ?? []).map((row) => String(row[1])));
+        // Columns required by the current schema that legacy team DBs may lack
+        const requiredColumns = [
+            {
+                name: 'issue_number',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN issue_number INTEGER',
+            },
+            { name: 'issue_url', sql: 'ALTER TABLE memory_journal ADD COLUMN issue_url TEXT' },
+            { name: 'pr_number', sql: 'ALTER TABLE memory_journal ADD COLUMN pr_number INTEGER' },
+            { name: 'pr_url', sql: 'ALTER TABLE memory_journal ADD COLUMN pr_url TEXT' },
+            { name: 'pr_status', sql: 'ALTER TABLE memory_journal ADD COLUMN pr_status TEXT' },
+            {
+                name: 'workflow_run_id',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN workflow_run_id INTEGER',
+            },
+            {
+                name: 'workflow_name',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN workflow_name TEXT',
+            },
+            {
+                name: 'workflow_status',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN workflow_status TEXT',
+            },
+            {
+                name: 'project_number',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN project_number INTEGER',
+            },
+            {
+                name: 'project_owner',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN project_owner TEXT',
+            },
+            {
+                name: 'significance_type',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN significance_type TEXT',
+            },
+            {
+                name: 'auto_context',
+                sql: 'ALTER TABLE memory_journal ADD COLUMN auto_context TEXT',
+            },
+            { name: 'deleted_at', sql: 'ALTER TABLE memory_journal ADD COLUMN deleted_at TEXT' },
+            { name: 'author', sql: TEAM_SCHEMA_SQL.trim() },
+        ];
+        const added = [];
+        for (const col of requiredColumns) {
+            if (!columns.has(col.name)) {
+                db.run(col.sql);
+                added.push(col.name);
+            }
+        }
+        if (added.length > 0) {
+            this.flushSave();
+            logger.info('Team schema migrated', {
+                module: 'SqliteAdapter',
+                dbPath: this.dbPath,
+                columnsAdded: added,
+            });
+        }
+    }
     /**
      * Schedule a debounced save to disk.
      * Batches rapid mutations into a single write after SAVE_DEBOUNCE_MS.
@@ -344,8 +433,7 @@ export class SqliteAdapter {
         const result = db.exec(sql, params);
         if (result.length === 0)
             return [];
-        const columns = result[0]?.columns ?? [];
-        return (result[0]?.values ?? []).map((values) => this.rowToEntry(this.rowToObject(columns, values)));
+        return this.rowsToEntries(result[0]?.columns ?? [], result[0]?.values ?? []);
     }
     /**
      * Get a page of active entries for batch processing (e.g., vector index rebuild).
@@ -356,8 +444,7 @@ export class SqliteAdapter {
         const result = db.exec(`SELECT * FROM memory_journal WHERE deleted_at IS NULL ORDER BY id ASC LIMIT ? OFFSET ?`, [limit, offset]);
         if (result.length === 0)
             return [];
-        const columns = result[0]?.columns ?? [];
-        return (result[0]?.values ?? []).map((values) => this.rowToEntry(this.rowToObject(columns, values)));
+        return this.rowsToEntries(result[0]?.columns ?? [], result[0]?.values ?? []);
     }
     /**
      * Get total count of active (non-deleted) entries.
@@ -438,9 +525,9 @@ export class SqliteAdapter {
         const { limit = 10, isPersonal, projectNumber, issueNumber, prNumber } = options;
         let sql = `
             SELECT * FROM memory_journal
-            WHERE deleted_at IS NULL AND content LIKE ?
+            WHERE deleted_at IS NULL AND content LIKE ? ESCAPE '\\'
         `;
-        const params = [`%${query}%`];
+        const params = [`%${sanitizeSearchQuery(query)}%`];
         if (isPersonal !== undefined) {
             sql += ` AND is_personal = ?`;
             params.push(isPersonal ? 1 : 0);
@@ -462,8 +549,7 @@ export class SqliteAdapter {
         const result = db.exec(sql, params);
         if (result.length === 0)
             return [];
-        const columns = result[0]?.columns ?? [];
-        return (result[0]?.values ?? []).map((values) => this.rowToEntry(this.rowToObject(columns, values)));
+        return this.rowsToEntries(result[0]?.columns ?? [], result[0]?.values ?? []);
     }
     /**
      * Search by date range
@@ -471,14 +557,28 @@ export class SqliteAdapter {
     searchByDateRange(startDate, endDate, options = {}) {
         const db = this.ensureDb();
         const { entryType, tags, isPersonal, projectNumber } = options;
-        let sql = `
-            SELECT DISTINCT m.* FROM memory_journal m
-            LEFT JOIN entry_tags et ON m.id = et.entry_id
-            LEFT JOIN tags t ON et.tag_id = t.id
-            WHERE m.deleted_at IS NULL
-            AND m.timestamp >= ? AND m.timestamp <= ?
-        `;
+        let sql;
         const params = [startDate, endDate + ' 23:59:59'];
+        // Only JOIN tag tables when filtering by tags (avoids DISTINCT overhead)
+        if (tags && tags.length > 0) {
+            sql = `
+                SELECT DISTINCT m.* FROM memory_journal m
+                JOIN entry_tags et ON m.id = et.entry_id
+                JOIN tags t ON et.tag_id = t.id
+                WHERE m.deleted_at IS NULL
+                AND m.timestamp >= ? AND m.timestamp <= ?
+            `;
+            const placeholders = tags.map(() => '?').join(',');
+            sql += ` AND t.name IN (${placeholders})`;
+            params.push(...tags);
+        }
+        else {
+            sql = `
+                SELECT * FROM memory_journal m
+                WHERE m.deleted_at IS NULL
+                AND m.timestamp >= ? AND m.timestamp <= ?
+            `;
+        }
         if (entryType) {
             sql += ` AND m.entry_type = ?`;
             params.push(entryType);
@@ -491,17 +591,12 @@ export class SqliteAdapter {
             sql += ` AND m.project_number = ?`;
             params.push(projectNumber);
         }
-        if (tags && tags.length > 0) {
-            const placeholders = tags.map(() => '?').join(',');
-            sql += ` AND t.name IN (${placeholders})`;
-            params.push(...tags);
-        }
-        sql += ` ORDER BY m.timestamp DESC`;
+        sql += ` ORDER BY m.timestamp DESC LIMIT ?`;
+        params.push(options.limit ?? 500);
         const result = db.exec(sql, params);
         if (result.length === 0)
             return [];
-        const columns = result[0]?.columns ?? [];
-        return (result[0]?.values ?? []).map((values) => this.rowToEntry(this.rowToObject(columns, values)));
+        return this.rowsToEntries(result[0]?.columns ?? [], result[0]?.values ?? []);
     }
     // =========================================================================
     // Tag Operations
@@ -510,22 +605,26 @@ export class SqliteAdapter {
      * Get or create tags and link to entry
      */
     linkTagsToEntry(entryId, tagNames) {
+        if (tagNames.length === 0)
+            return;
         const db = this.ensureDb();
-        for (const tagName of tagNames) {
-            // Insert or ignore tag
-            db.run('INSERT OR IGNORE INTO tags (name, usage_count) VALUES (?, 0)', [tagName]);
-            // Get tag ID
-            const result = db.exec('SELECT id FROM tags WHERE name = ?', [tagName]);
-            const tagId = result[0]?.values[0]?.[0];
-            if (tagId !== undefined) {
-                // Link tag to entry
-                db.run('INSERT OR IGNORE INTO entry_tags (entry_id, tag_id) VALUES (?, ?)', [
-                    entryId,
-                    tagId,
-                ]);
-                // Increment usage
-                db.run('UPDATE tags SET usage_count = usage_count + 1 WHERE id = ?', [tagId]);
-            }
+        // Batch: insert all tags in one statement
+        const insertPlaceholders = tagNames.map(() => '(?, 0)').join(', ');
+        db.run(`INSERT OR IGNORE INTO tags (name, usage_count) VALUES ${insertPlaceholders}`, tagNames);
+        // Batch: fetch all tag IDs in one query
+        const selectPlaceholders = tagNames.map(() => '?').join(', ');
+        const result = db.exec(`SELECT id, name FROM tags WHERE name IN (${selectPlaceholders})`, tagNames);
+        const tagIds = [];
+        for (const row of result[0]?.values ?? []) {
+            const tagId = row[0];
+            tagIds.push(tagId);
+            // Link tag to entry
+            db.run('INSERT OR IGNORE INTO entry_tags (entry_id, tag_id) VALUES (?, ?)', [
+                entryId,
+                tagId,
+            ]);
+            // Increment usage
+            db.run('UPDATE tags SET usage_count = usage_count + 1 WHERE id = ?', [tagId]);
         }
     }
     /**
@@ -547,7 +646,7 @@ export class SqliteAdapter {
      */
     listTags() {
         const db = this.ensureDb();
-        const result = db.exec('SELECT * FROM tags WHERE usage_count > 0 ORDER BY usage_count DESC');
+        const result = db.exec('SELECT id, name, COALESCE(usage_count, 0) as usage_count FROM tags WHERE COALESCE(usage_count, 0) > 0 ORDER BY usage_count DESC');
         if (result.length === 0)
             return [];
         return (result[0]?.values ?? []).map((v) => ({
@@ -682,55 +781,51 @@ export class SqliteAdapter {
      */
     getStatistics(groupBy = 'week') {
         const db = this.ensureDb();
-        // Total entries
-        const totalResult = db.exec(`
-            SELECT COUNT(*) as count FROM memory_journal WHERE deleted_at IS NULL
-        `);
-        const totalEntries = totalResult[0]?.values[0]?.[0] ?? 0;
-        // By type
-        const byTypeResult = db.exec(`
+        // Combined query 1: total entries + breakdown by type
+        const combinedResult = db.exec(`
+            SELECT COUNT(*) as count FROM memory_journal WHERE deleted_at IS NULL;
             SELECT entry_type, COUNT(*) as count
             FROM memory_journal
             WHERE deleted_at IS NULL
             GROUP BY entry_type
         `);
+        const totalEntries = combinedResult[0]?.values[0]?.[0] ?? 0;
         const entriesByType = {};
-        for (const row of byTypeResult[0]?.values ?? []) {
+        for (const row of combinedResult[1]?.values ?? []) {
             entriesByType[row[0]] = row[1];
         }
-        // By period - use validated date format pattern (defense-in-depth)
+        // Combined query 2: period breakdown + decision density (using CASE)
         const dateFormat = validateDateFormatPattern(groupBy);
-        const byPeriodResult = db.exec(`
-            SELECT strftime('${dateFormat}', timestamp) as period, COUNT(*) as count
+        const periodResult = db.exec(`
+            SELECT
+                strftime('${dateFormat}', timestamp) as period,
+                COUNT(*) as total_count,
+                SUM(CASE WHEN significance_type IS NOT NULL THEN 1 ELSE 0 END) as significant_count
             FROM memory_journal
             WHERE deleted_at IS NULL
             GROUP BY period
             ORDER BY period DESC
             LIMIT 52
         `);
-        const entriesByPeriod = (byPeriodResult[0]?.values ?? []).map((v) => ({
+        const entriesByPeriod = (periodResult[0]?.values ?? []).map((v) => ({
             period: v[0],
             count: v[1],
         }));
-        // =========================================================================
-        // Enhanced Analytics Metrics (v4.3.0)
-        // =========================================================================
-        // Decision Density: significant entries per period
-        const decisionDensityResult = db.exec(`
-            SELECT strftime('${dateFormat}', timestamp) as period, COUNT(*) as count
-            FROM memory_journal
-            WHERE deleted_at IS NULL AND significance_type IS NOT NULL
-            GROUP BY period
-            ORDER BY period DESC
-            LIMIT 52
-        `);
-        const decisionDensity = (decisionDensityResult[0]?.values ?? []).map((v) => ({
+        const decisionDensity = (periodResult[0]?.values ?? [])
+            .filter((v) => v[2] > 0)
+            .map((v) => ({
             period: v[0],
-            significantCount: v[1],
+            significantCount: v[2],
         }));
-        // Relationship Complexity: total relationships and avg per entry
-        const relCountResult = db.exec(`SELECT COUNT(*) FROM relationships`);
-        const totalRelationships = relCountResult[0]?.values[0]?.[0] ?? 0;
+        // Combined query 3: relationship counts + causal breakdown
+        const relResult = db.exec(`
+            SELECT COUNT(*) FROM relationships;
+            SELECT relationship_type, COUNT(*) as count
+            FROM relationships
+            WHERE relationship_type IN ('blocked_by', 'resolved', 'caused')
+            GROUP BY relationship_type
+        `);
+        const totalRelationships = relResult[0]?.values[0]?.[0] ?? 0;
         const avgPerEntry = totalEntries > 0 ? totalRelationships / totalEntries : 0;
         // Activity Trend: week-over-week growth
         const currentPeriod = entriesByPeriod[0]?.period ?? '';
@@ -741,14 +836,8 @@ export class SqliteAdapter {
             ? Math.round(((currentCount - previousCount) / previousCount) * 100)
             : null;
         // Causal Metrics: counts for causal relationship types
-        const causalResult = db.exec(`
-            SELECT relationship_type, COUNT(*) as count
-            FROM relationships
-            WHERE relationship_type IN ('blocked_by', 'resolved', 'caused')
-            GROUP BY relationship_type
-        `);
         const causalMetrics = { blocked_by: 0, resolved: 0, caused: 0 };
-        for (const row of causalResult[0]?.values ?? []) {
+        for (const row of relResult[1]?.values ?? []) {
             const relType = row[0];
             causalMetrics[relType] = row[1];
         }
@@ -786,6 +875,10 @@ export class SqliteAdapter {
     exportToFile(backupName) {
         const db = this.ensureDb();
         const backupsDir = this.getBackupsDir();
+        // Validate backup name against path traversal before sanitization
+        if (backupName) {
+            assertNoPathTraversal(backupName);
+        }
         // Ensure backups directory exists
         if (!fs.existsSync(backupsDir)) {
             fs.mkdirSync(backupsDir, { recursive: true });
@@ -854,7 +947,7 @@ export class SqliteAdapter {
      */
     deleteOldBackups(keepCount) {
         const backups = this.listBackups(); // Already sorted newest-first
-        if (keepCount < 1) {
+        if (keepCount < 1 || Number.isNaN(keepCount)) {
             throw new Error('keepCount must be at least 1');
         }
         const toKeep = backups.slice(0, keepCount);
@@ -883,9 +976,7 @@ export class SqliteAdapter {
      */
     async restoreFromFile(filename) {
         // Validate filename (prevent path traversal)
-        if (filename.includes('/') || filename.includes('\\') || filename.includes('..')) {
-            throw new Error('Invalid backup filename: path separators not allowed');
-        }
+        assertNoPathTraversal(filename);
         const backupsDir = this.getBackupsDir();
         const backupPath = path.join(backupsDir, filename);
         if (!fs.existsSync(backupPath)) {
@@ -906,6 +997,7 @@ export class SqliteAdapter {
         // Initialize new database from backup
         const SQL = await import('sql.js').then((m) => m.default());
         this.db = new SQL.Database(backupBuffer);
+        this.db.run('PRAGMA foreign_keys = ON');
         this.initialized = true;
         // Get new entry count
         const newCountResult = this.db.exec('SELECT COUNT(*) FROM memory_journal WHERE deleted_at IS NULL');
@@ -988,7 +1080,9 @@ export class SqliteAdapter {
         return obj;
     }
     /**
-     * Convert database row to JournalEntry
+     * Convert database row to JournalEntry.
+     * Used for single-entry methods (getEntryById, getEntryByIdIncludeDeleted)
+     * where the N+1 overhead of one tag query is negligible.
      */
     rowToEntry(row) {
         const id = row['id'];
@@ -1016,7 +1110,75 @@ export class SqliteAdapter {
         };
     }
     /**
-     * Get raw database for advanced operations
+     * Convert multiple database rows to JournalEntry[] with batch tag fetching.
+     * Uses a single IN (...) query to fetch all tags for all entries at once,
+     * eliminating the N+1 query pattern of per-row getTagsForEntry calls.
+     */
+    rowsToEntries(columns, values) {
+        if (values.length === 0)
+            return [];
+        // Step 1: Convert all rows to objects
+        const rows = values.map((v) => this.rowToObject(columns, v));
+        const ids = rows.map((r) => r['id']);
+        // Step 2: Batch-fetch all tags in one query
+        const tagMap = this.batchGetTagsForEntries(ids);
+        // Step 3: Assemble entries using the pre-fetched tag map
+        return rows.map((row) => {
+            const id = row['id'];
+            return {
+                id,
+                entryType: row['entry_type'],
+                content: row['content'],
+                timestamp: row['timestamp'],
+                isPersonal: row['is_personal'] === 1,
+                significanceType: row['significance_type'],
+                autoContext: row['auto_context'],
+                deletedAt: row['deleted_at'],
+                tags: tagMap.get(id) ?? [],
+                projectNumber: row['project_number'] ?? null,
+                projectOwner: row['project_owner'] ?? null,
+                issueNumber: row['issue_number'] ?? null,
+                issueUrl: row['issue_url'] ?? null,
+                prNumber: row['pr_number'] ?? null,
+                prUrl: row['pr_url'] ?? null,
+                prStatus: row['pr_status'] ?? null,
+                workflowRunId: row['workflow_run_id'] ?? null,
+                workflowName: row['workflow_name'] ?? null,
+                workflowStatus: row['workflow_status'] ?? null,
+            };
+        });
+    }
+    /**
+     * Batch-fetch tags for multiple entry IDs in a single query.
+     * Returns a Map<entryId, tagNames[]>.
+     * Eliminates the N+1 query problem for multi-row result sets.
+     */
+    batchGetTagsForEntries(ids) {
+        const tagMap = new Map();
+        if (ids.length === 0)
+            return tagMap;
+        const db = this.ensureDb();
+        const placeholders = ids.map(() => '?').join(', ');
+        const result = db.exec(`SELECT et.entry_id, t.name
+             FROM entry_tags et
+             JOIN tags t ON et.tag_id = t.id
+             WHERE et.entry_id IN (${placeholders})`, ids);
+        for (const row of result[0]?.values ?? []) {
+            const entryId = row[0];
+            const tagName = row[1];
+            const existing = tagMap.get(entryId);
+            if (existing) {
+                existing.push(tagName);
+            }
+            else {
+                tagMap.set(entryId, [tagName]);
+            }
+        }
+        return tagMap;
+    }
+    /**
+     * Get raw sql.js Database handle for advanced queries.
+     * @internal Callers MUST use parameterized queries — never concatenate user input into SQL.
      */
     getRawDb() {
         return this.ensureDb();