monomind 1.8.0 → 1.9.1

package/packages/@monomind/cli/dist/src/memory/memory-bridge.js

@@ -18,10 +18,53 @@
  */
 import * as path from 'path';
 import * as crypto from 'crypto';
+/**
+ * Validate a deserialized embedding before use in cosineSim/HNSW math.
+ *
+ * SECURITY: stored embeddings come from the same write path that any agent or
+ * imported pattern bundle can use. Without validation, an attacker can store an
+ * embedding of `[1e9 numbers]` (50 MB JSON parse cost), inject NaN values that
+ * poison ranking via NaN-comparison undefined behavior, or pass huge dimensions
+ * that make cosineSim O(N) per row blow up. The 1000-row search cap then
+ * amplifies a single poisoned row into multi-GB allocations on every search.
+ *
+ * Returns the parsed embedding when valid, or null when the JSON should be
+ * skipped (caller treats it like "no embedding stored").
+ */
+const MAX_EMBEDDING_DIMS = 8192;
+const MAX_EMBEDDING_JSON_BYTES = MAX_EMBEDDING_DIMS * 32; // ~256KB ceiling
+export function safeParseEmbedding(raw) {
+    if (typeof raw !== 'string' || raw.length === 0)
+        return null;
+    if (raw.length > MAX_EMBEDDING_JSON_BYTES)
+        return null;
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+    if (!Array.isArray(parsed))
+        return null;
+    if (parsed.length === 0 || parsed.length > MAX_EMBEDDING_DIMS)
+        return null;
+    for (let i = 0; i < parsed.length; i++) {
+        const v = parsed[i];
+        if (typeof v !== 'number' || !Number.isFinite(v))
+            return null;
+    }
+    return parsed;
+}
 // ===== Lazy singleton =====
+// registryInstance is typed as `any` because ControllerRegistry lives in @monomind/memory
+// and cross-package type resolution is currently broken. When that is fixed, replace with
+// the real import: import type { ControllerRegistry } from '@monomind/memory'.
 let registryPromise = null;
 let registryInstance = null;
 let bridgeAvailable = null;
+/** Backpressure flag for A-MEM Zettelkasten linking — see bridgeStoreEntry. */
+let _amemInFlight = false;
 /**
  * Resolve database path with path traversal protection.
  * Only allows paths within or below the project's .swarm directory,
@@ -34,9 +77,10 @@ function getDbPath(customPath) {
     if (customPath === ':memory:')
         return ':memory:';
     const resolved = path.resolve(customPath);
-    // Ensure the path doesn't escape the working directory
+    // Ensure the path doesn't escape the working directory (path-separator-aware check)
     const cwd = process.cwd();
-    if (!resolved.startsWith(cwd)) {
+    const rel = path.relative(cwd, resolved);
+    if (rel.startsWith('..') || path.isAbsolute(rel)) {
         return path.join(swarmDir, 'memory.db'); // fallback to safe default
     }
     return resolved;
@@ -49,7 +93,7 @@ function generateId(prefix) {
 }
 /**
  * Lazily initialize the ControllerRegistry singleton.
- * Returns null if @monoes/memory is not available.
+ * Returns null if @monomind/memory is not available.
  */
 async function getRegistry(dbPath) {
     if (bridgeAvailable === false)
@@ -59,7 +103,7 @@ async function getRegistry(dbPath) {
     if (!registryPromise) {
         registryPromise = (async () => {
             try {
-                const { ControllerRegistry } = await import('@monoes/memory');
+                const { ControllerRegistry } = await import('@monomind/memory');
                 const registry = new ControllerRegistry();
                 // Suppress noisy console.log during init
                 const origLog = console.log;
@@ -117,7 +161,7 @@ function bm25Score(queryTerms, docContent, avgDocLength, docCount, termDocFreqs)
     const docLength = docWords.length;
     let score = 0;
     for (const term of queryTerms) {
-        const tf = docWords.filter(w => w === term || w.includes(term)).length;
+        const tf = docWords.filter(w => w === term).length;
         if (tf === 0)
             continue;
         const df = termDocFreqs.get(term) || 1;
@@ -229,6 +273,7 @@ async function logAttestation(registry, operation, entryId, metadata) {
         // Non-fatal — attestation is observability, not correctness
     }
 }
+const _dbInitialized = new WeakSet();
 /**
  * Get the AgentDB database handle and ensure memory_entries table exists.
  * Returns null if not available.
@@ -238,6 +283,8 @@ function getDb(registry) {
     if (!agentdb?.database)
         return null;
     const db = agentdb.database;
+    if (_dbInitialized.has(db))
+        return { db, agentdb };
     // Ensure memory_entries table exists (idempotent)
     try {
         db.exec(`CREATE TABLE IF NOT EXISTS memory_entries (
@@ -286,6 +333,7 @@ function getDb(registry) {
     catch {
         // Table already exists or db is read-only — that's fine
     }
+    _dbInitialized.add(db);
     return { db, agentdb };
 }
 // ===== Bridge functions — match memory-initializer.ts signatures =====
@@ -302,7 +350,16 @@ export async function bridgeStoreEntry(options) {
     if (!ctx)
         return null;
     try {
-        const { key, value, namespace = 'default', tags = [], ttl } = options;
+        const { key, value, namespace = 'default', tags: rawTags = [], ttl } = options;
+        // SECURITY: cap tags array length and per-tag length. Without these, any
+        // memory_store caller (every spawned agent) could submit
+        // tags: new Array(1e5).fill("x".repeat(1e4)) → ~1GB persisted blob,
+        // re-parsed on every bridgeGetEntry. Mirrors the embedding/BM25 caps.
+        const MAX_TAGS = 32;
+        const MAX_TAG_LEN = 64;
+        const tags = Array.isArray(rawTags)
+            ? rawTags.filter(t => typeof t === 'string' && t.length > 0 && t.length <= MAX_TAG_LEN).slice(0, MAX_TAGS)
+            : [];
         const id = generateId('entry');
         const now = Date.now();
         // Phase 5: MutationGuard validation before write
@@ -345,11 +402,7 @@ export async function bridgeStoreEntry(options) {
         const stmt = ctx.db.prepare(insertSql);
         stmt.run(id, key, namespace, value, embeddingJson, dimensions || null, model, tags.length > 0 ? JSON.stringify(tags) : null, '{}', now, now, now, // created_at, updated_at, event_at (bi-temporal: default eventAt = ingestion time)
         ttl ? now + (ttl * 1000) : null);
-        // Phase 2: Write-through to TieredCache
-        const safeNs = String(namespace).replace(/:/g, '_');
-        const safeKey = String(key).replace(/:/g, '_');
-        const cacheKey = `entry:${safeNs}:${safeKey}`;
-        await cacheSet(registry, cacheKey, { id, key, namespace, content: value, embedding: embeddingJson });
+        // Phase 2: Write-through to TieredCache deferred — full entry populated on first read
         // Phase 4: AttestationLog write audit
         await logAttestation(registry, 'store', id, { key, namespace, hasEmbedding: !!embeddingJson });
         const storeResult = {
@@ -362,31 +415,42 @@ export async function bridgeStoreEntry(options) {
         };
         // A-MEM: Post-write Zettelkasten linking — find top-3 semantic neighbors and create causal edges
         // Source: https://arxiv.org/abs/2502.12110
-        void (async () => {
-            try {
-                const neighbors = await bridgeSearchEntries({
-                    query: options.value, // A-MEM: search by content, not key string
-                    namespace: options.namespace,
-                    limit: 3,
-                    threshold: 0.7,
-                    dbPath: options.dbPath,
-                });
-                if (neighbors?.results) {
-                    for (const neighbor of neighbors.results) {
-                        if (neighbor.id !== id) {
-                            await bridgeRecordCausalEdge({
-                                sourceId: id,
-                                targetId: neighbor.id,
-                                relation: 'similar',
-                                weight: neighbor.score,
-                                dbPath: options.dbPath,
-                            });
+        //
+        // Backpressure: limit concurrent A-MEM linking to 1 per process. Without this
+        // a burst of N concurrent stores triggers N full-corpus searches in flight,
+        // each O(rows × dims) on cosineSim, which combined with poisoned embeddings
+        // can wedge the process. We drop new linking work if one is already running.
+        if (!_amemInFlight) {
+            _amemInFlight = true;
+            void (async () => {
+                try {
+                    const neighbors = await bridgeSearchEntries({
+                        query: options.value,
+                        namespace: options.namespace,
+                        limit: 3,
+                        threshold: 0.7,
+                        dbPath: options.dbPath,
+                    });
+                    if (neighbors?.results) {
+                        for (const neighbor of neighbors.results) {
+                            if (neighbor.id !== id) {
+                                await bridgeRecordCausalEdge({
+                                    sourceId: id,
+                                    targetId: neighbor.id,
+                                    relation: 'similar',
+                                    weight: neighbor.score,
+                                    dbPath: options.dbPath,
+                                });
+                            }
                         }
                     }
                 }
-            }
-            catch { /* non-critical background operation */ }
-        })();
+                catch { /* non-critical background operation */ }
+                finally {
+                    _amemInFlight = false;
+                }
+            })();
+        }
         return storeResult;
     }
     catch {
@@ -438,23 +502,25 @@ export async function bridgeSearchEntries(options) {
         catch {
             return null;
         }
-        // Phase 2: Compute BM25 term stats for the corpus
-        const queryTerms = queryStr.toLowerCase().split(/\s+/).filter(t => t.length > 1);
+        // Phase 2: Compute BM25 term stats for the corpus.
+        // Cap query terms to 32 — bm25Score is O(terms × rows × words/row), so an
+        // attacker passing "x ".repeat(10000) would otherwise burn multi-second CPU per
+        // search, and the post-store fan-out (bridgeStoreEntry IIFE) amplifies this.
+        const MAX_QUERY_TERMS = 32;
+        const queryTerms = Array.from(new Set(queryStr.toLowerCase().split(/\s+/).filter(t => t.length > 1))).slice(0, MAX_QUERY_TERMS);
         const { termDocFreqs, avgDocLength } = computeTermDocFreqs(queryTerms, rows);
         const docCount = rows.length;
         const results = [];
         for (const row of rows) {
             let semanticScore = 0;
             let bm25ScoreVal = 0;
-            // Semantic scoring via cosine similarity
+            // Semantic scoring via cosine similarity (validated to reject oversized,
+            // NaN-poisoned, or non-array embeddings — see safeParseEmbedding above).
             if (queryEmbedding && row.embedding) {
-                try {
-                    const embedding = JSON.parse(row.embedding);
+                const embedding = safeParseEmbedding(row.embedding);
+                if (embedding && embedding.length === queryEmbedding.length) {
                     semanticScore = cosineSim(queryEmbedding, embedding);
                 }
-                catch {
-                    // Invalid embedding
-                }
             }
             // Phase 2: BM25 keyword scoring (replaces String.includes fallback)
             if (queryTerms.length > 0 && row.content) {
@@ -473,7 +539,7 @@ export async function bridgeSearchEntries(options) {
                     ? `semantic:${semanticScore.toFixed(3)}+bm25:${bm25ScoreVal.toFixed(3)}`
                     : `bm25:${bm25ScoreVal.toFixed(3)}`;
                 results.push({
-                    id: String(row.id).substring(0, 12),
+                    id: String(row.id),
                     key: row.key || String(row.id).substring(0, 15),
                     content: (row.content || '').substring(0, 60) + ((row.content || '').length > 60 ? '...' : ''),
                     score,
@@ -505,7 +571,11 @@ export async function bridgeListEntries(options) {
     if (!ctx)
         return null;
     try {
-        const { namespace, limit = 20, offset = 0 } = options;
+        const rawLimit = options.limit ?? 20;
+        const rawOffset = options.offset ?? 0;
+        const limit = Math.max(1, Math.min(Number.isFinite(rawLimit) ? rawLimit : 20, 500));
+        const offset = Math.max(0, Number.isFinite(rawOffset) ? rawOffset : 0);
+        const { namespace } = options;
         const nsFilter = namespace ? `AND namespace = ?` : '';
         const nsParams = namespace ? [namespace] : [];
         // Count
@@ -531,13 +601,13 @@ export async function bridgeListEntries(options) {
             const rows = stmt.all(...nsParams, limit, offset);
             for (const row of rows) {
                 entries.push({
-                    id: String(row.id).substring(0, 20),
+                    id: String(row.id),
                     key: row.key || String(row.id).substring(0, 15),
                     namespace: row.namespace || 'default',
                     size: (row.content || '').length,
                     accessCount: row.access_count ?? 0,
-                    createdAt: row.created_at || new Date().toISOString(),
-                    updatedAt: row.updated_at || new Date().toISOString(),
+                    createdAt: row.created_at ? new Date(row.created_at).toISOString() : new Date().toISOString(),
+                    updatedAt: row.updated_at ? new Date(row.updated_at).toISOString() : new Date().toISOString(),
                     hasEmbedding: !!(row.embedding && String(row.embedding).length > 10),
                 });
             }
@@ -624,10 +694,16 @@ export async function bridgeGetEntry(options) {
             }
             catch { /* non-critical */ }
         }
+        // Bounded tags read — refuse to JSON.parse a multi-MB tags blob that an
+        // older write may have persisted before the write-side cap was added.
+        const MAX_TAGS_JSON_BYTES = 32 * 64 + 256;
         let tags = [];
-        if (row.tags) {
+        if (row.tags && typeof row.tags === 'string' && row.tags.length <= MAX_TAGS_JSON_BYTES) {
             try {
-                tags = JSON.parse(row.tags);
+                const parsed = JSON.parse(row.tags);
+                if (Array.isArray(parsed)) {
+                    tags = parsed.filter((t) => typeof t === 'string' && t.length <= 64).slice(0, 32);
+                }
             }
             catch { /* invalid */ }
         }
@@ -637,8 +713,8 @@ export async function bridgeGetEntry(options) {
             namespace: row.namespace || 'default',
             content: row.content || '',
             accessCount: (row.access_count ?? 0) + 1,
-            createdAt: row.created_at || new Date().toISOString(),
-            updatedAt: row.updated_at || new Date().toISOString(),
+            createdAt: row.created_at ? new Date(row.created_at).toISOString() : new Date().toISOString(),
+            updatedAt: row.updated_at ? new Date(row.updated_at).toISOString() : new Date().toISOString(),
             hasEmbedding: !!(row.embedding && String(row.embedding).length > 10),
             tags,
         };
@@ -837,11 +913,13 @@ export async function bridgeSearchHNSW(queryEmbedding, options, dbPath) {
             if (!row.embedding)
                 continue;
             try {
-                const emb = JSON.parse(row.embedding);
+                const emb = safeParseEmbedding(row.embedding);
+                if (!emb || emb.length !== queryEmbedding.length)
+                    continue;
                 const score = cosineSim(queryEmbedding, emb);
                 if (score >= threshold) {
                     results.push({
-                        id: String(row.id).substring(0, 12),
+                        id: String(row.id),
                         key: row.key || String(row.id).substring(0, 15),
                         content: (row.content || '').substring(0, 60) +
                             ((row.content || '').length > 60 ? '...' : ''),
@@ -873,6 +951,13 @@ export async function bridgeAddToHNSW(id, embedding, entry, dbPath) {
     if (!ctx)
         return null;
     try {
+        if (!Array.isArray(embedding) || embedding.length === 0 || embedding.length > MAX_EMBEDDING_DIMS) {
+            return null;
+        }
+        for (const v of embedding) {
+            if (typeof v !== 'number' || !Number.isFinite(v))
+                return null;
+        }
         const now = Date.now();
         const embeddingJson = JSON.stringify(embedding);
         ctx.db.prepare(`
@@ -1439,6 +1524,11 @@ export async function bridgeConsolidate(params) {
  * - update: calls bulkUpdate(table, updates, conditions) on episodes table
  */
 export async function bridgeBatchOperation(params) {
+    const MAX_BATCH_ENTRIES = 500;
+    const MAX_ENTRY_CONTENT_BYTES = 1 * 1024 * 1024;
+    if (!Array.isArray(params.entries) || params.entries.length > MAX_BATCH_ENTRIES) {
+        return { success: false, error: 'Batch too large or entries not an array' };
+    }
     const registry = await getRegistry();
     if (!registry)
         return null;
@@ -1450,10 +1540,13 @@ export async function bridgeBatchOperation(params) {
         switch (params.operation) {
             case 'insert': {
                 // insertEpisodes expects [{content, metadata?, embedding?}]
-                const episodes = params.entries.map((e) => ({
-                    content: e.value || e.content || JSON.stringify(e),
-                    metadata: e.metadata || { key: e.key },
-                }));
+                const episodes = params.entries.map((e) => {
+                    const rawContent = e.value || e.content || JSON.stringify(e);
+                    const content = typeof rawContent === 'string' && rawContent.length <= MAX_ENTRY_CONTENT_BYTES
+                        ? rawContent
+                        : typeof rawContent === 'string' ? rawContent.slice(0, MAX_ENTRY_CONTENT_BYTES) : '';
+                    return { content, metadata: e.metadata || { key: e.key } };
+                });
                 result = await batch.insertEpisodes(episodes);
                 break;
             }

package/packages/@monomind/cli/dist/src/memory/memory-initializer.js

@@ -10,6 +10,36 @@
  */
 import * as fs from 'fs';
 import * as path from 'path';
+/**
+ * Local validator for stored embeddings — rejects oversized JSON, NaN/Infinity
+ * values, non-arrays, and out-of-bound dimensions before they reach cosineSim
+ * or HNSW math (which would otherwise OOM or poison ranking with NaN).
+ */
+const _MAX_EMBEDDING_DIMS = 8192;
+const _MAX_EMBEDDING_JSON_BYTES = _MAX_EMBEDDING_DIMS * 32;
+function safeParseEmbeddingLocal(raw) {
+    if (typeof raw !== 'string' || raw.length === 0)
+        return null;
+    if (raw.length > _MAX_EMBEDDING_JSON_BYTES)
+        return null;
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+    if (!Array.isArray(parsed))
+        return null;
+    if (parsed.length === 0 || parsed.length > _MAX_EMBEDDING_DIMS)
+        return null;
+    for (let i = 0; i < parsed.length; i++) {
+        const v = parsed[i];
+        if (typeof v !== 'number' || !Number.isFinite(v))
+            return null;
+    }
+    return parsed;
+}
 // ADR-053: Lazy import of AgentDB v1 bridge
 let _bridge;
 async function getBridge() {
@@ -334,9 +364,14 @@ export async function getHNSWIndex(options) {
     }
     // Prevent concurrent initialization
     if (hnswInitializing) {
-        // Wait for initialization to complete
-        while (hnswInitializing) {
+        // Wait for initialization to complete (max 5s)
+        let waitIterations = 0;
+        while (hnswInitializing && waitIterations < 500) {
             await new Promise(resolve => setTimeout(resolve, 10));
+            waitIterations++;
+        }
+        if (hnswInitializing) {
+            throw new Error('HNSW initialization timed out after 5s');
         }
         return hnswIndex;
     }
@@ -401,6 +436,13 @@ export async function getHNSWIndex(options) {
         }
         if (fs.existsSync(dbPath)) {
             try {
+                // Reject symlinks and oversized DB files. Without this a symlink at the
+                // dbPath pointing at /dev/zero or a 100GB sparse file would OOM the CLI
+                // on the next memory operation.
+                const stat = fs.lstatSync(dbPath);
+                if (stat.isSymbolicLink() || stat.size > 256 * 1024 * 1024) {
+                    return null;
+                }
                 const initSqlJs = (await import('sql.js')).default;
                 const SQL = await initSqlJs();
                 const fileBuffer = fs.readFileSync(dbPath);
@@ -417,7 +459,9 @@ export async function getHNSWIndex(options) {
                         const [id, key, ns, content, embeddingJson] = row;
                         if (embeddingJson) {
                             try {
-                                const embedding = JSON.parse(embeddingJson);
+                                const embedding = safeParseEmbeddingLocal(embeddingJson);
+                                if (!embedding)
+                                    continue;
                                 const vector = new Float32Array(embedding);
                                 await db.insert({
                                     id: String(id),
@@ -461,7 +505,9 @@ function saveHNSWMetadata() {
         const swarmDir = path.join(process.cwd(), '.swarm');
         const metadataPath = path.join(swarmDir, 'hnsw.metadata.json');
         const metadata = Array.from(hnswIndex.entries.entries());
-        fs.writeFileSync(metadataPath, JSON.stringify(metadata));
+        const tmp = metadataPath + '.tmp';
+        fs.writeFileSync(tmp, JSON.stringify(metadata));
+        fs.renameSync(tmp, metadataPath);
     }
     catch {
         // Silently fail - metadata save is best-effort
@@ -799,10 +845,11 @@ export function flashAttentionSearch(query, vectors, options = {}) {
  * Initial metadata to insert after schema creation
  */
 export function getInitialMetadata(backend) {
+    const safeBackend = backend.replace(/'/g, "''");
     return `
 INSERT OR REPLACE INTO metadata (key, value) VALUES
   ('schema_version', '3.0.0'),
-  ('backend', '${backend}'),
+  ('backend', '${safeBackend}'),
   ('created_at', '${new Date().toISOString()}'),
   ('sql_js', 'true'),
   ('vector_embeddings', 'enabled'),
@@ -863,9 +910,11 @@ export async function ensureSchemaColumns(dbPath) {
             }
         }
         if (modified) {
-            // Save updated database
+            // Save updated database (atomic to avoid corruption on crash)
             const data = db.export();
-            fs.writeFileSync(dbPath, Buffer.from(data));
+            const tmp = dbPath + '.tmp';
+            fs.writeFileSync(tmp, Buffer.from(data));
+            fs.renameSync(tmp, dbPath);
         }
         db.close();
         return { success: true, columnsAdded };
@@ -931,7 +980,7 @@ export async function checkAndMigrateLegacy(options) {
  * a singleton ControllerRegistry and initializes it with the given dbPath.
  * After this call, all enabled controllers are ready for immediate use.
  *
- * Failures are isolated: if @monoes/memory or agentdb is not installed,
+ * Failures are isolated: if @monomind/memory or agentdb is not installed,
  * this returns an empty result without throwing.
  */
 async function activateControllerRegistry(dbPath, verbose) {
@@ -1032,15 +1081,20 @@ export async function initializeMemoryDatabase(options) {
             db.run(MEMORY_SCHEMA);
             // Insert initial metadata
             db.run(getInitialMetadata(backend));
-            // Save to file
+            // Save to file atomically — direct writeFileSync to dbPath would corrupt
+            // the SQLite file if the process crashes mid-write. tmp+rename is atomic on POSIX.
             const data = db.export();
             const buffer = Buffer.from(data);
-            fs.writeFileSync(dbPath, buffer);
+            const dbTmp = dbPath + '.tmp';
+            fs.writeFileSync(dbTmp, buffer);
+            fs.renameSync(dbTmp, dbPath);
             // Close database
             db.close();
-            // Also create schema file for reference
+            // Also create schema file for reference (atomic)
             const schemaPath = path.join(dbDir, 'schema.sql');
-            fs.writeFileSync(schemaPath, MEMORY_SCHEMA + '\n' + getInitialMetadata(backend));
+            const schemaTmp = schemaPath + '.tmp';
+            fs.writeFileSync(schemaTmp, MEMORY_SCHEMA + '\n' + getInitialMetadata(backend));
+            fs.renameSync(schemaTmp, schemaPath);
             // ADR-053: Activate ControllerRegistry so controllers (ReasoningBank,
             // SkillLibrary, ExplainableRecall, etc.) are instantiated during init
             const controllerResult = await activateControllerRegistry(dbPath, verbose);
@@ -1086,9 +1140,11 @@ export async function initializeMemoryDatabase(options) {
             };
         }
         else {
-            // Fall back to schema file approach
+            // Fall back to schema file approach (atomic writes)
             const schemaPath = path.join(dbDir, 'schema.sql');
-            fs.writeFileSync(schemaPath, MEMORY_SCHEMA + '\n' + getInitialMetadata(backend));
+            const schemaTmpFb = schemaPath + '.tmp';
+            fs.writeFileSync(schemaTmpFb, MEMORY_SCHEMA + '\n' + getInitialMetadata(backend));
+            fs.renameSync(schemaTmpFb, schemaPath);
             // Create minimal valid SQLite file
             const sqliteHeader = Buffer.alloc(4096, 0);
             // SQLite format 3 header
@@ -1101,7 +1157,9 @@ export async function initializeMemoryDatabase(options) {
             sqliteHeader[25] = 0x40;
             sqliteHeader[26] = 0x20; // min embedded payload
             sqliteHeader[27] = 0x20; // leaf payload
-            fs.writeFileSync(dbPath, sqliteHeader);
+            const dbTmpFb = dbPath + '.tmp';
+            fs.writeFileSync(dbTmpFb, sqliteHeader);
+            fs.renameSync(dbTmpFb, dbPath);
             // ADR-053: Activate ControllerRegistry even on fallback path
             const controllerResult = await activateControllerRegistry(dbPath, verbose);
             return {
@@ -1224,9 +1282,11 @@ export async function applyTemporalDecay(dbPath) {
     `;
         db.run(decayQuery, [now, now, now]);
         const changes = db.getRowsModified();
-        // Save
+        // Save atomically
         const data = db.export();
-        fs.writeFileSync(path_, Buffer.from(data));
+        const dbTmpDecay = path_ + '.tmp';
+        fs.writeFileSync(dbTmpDecay, Buffer.from(data));
+        fs.renameSync(dbTmpDecay, path_);
         db.close();
         return {
             success: true,
@@ -1398,6 +1458,13 @@ export async function loadEmbeddingModel(options) {
  * Uses ONNX model if available, falls back to deterministic hash
  */
 export async function generateEmbedding(text) {
+    // Cap input text — caller may pass arbitrarily large content. Without this
+    // cap, the hash-fallback below burns O(text.length × dimension) sin() calls
+    // per call, and ONNX tokenization can saturate memory on multi-MB inputs.
+    if (typeof text !== 'string')
+        text = String(text ?? '');
+    if (text.length > 16 * 1024)
+        text = text.slice(0, 16 * 1024);
     // ADR-053: Try AgentDB v1 bridge first
     const bridge = await getBridge();
     if (bridge) {
@@ -1652,9 +1719,11 @@ export async function verifyMemoryInit(dbPath, options) {
         }
         // Cleanup test entry
         db.run(`DELETE FROM memory_entries WHERE id = ?`, [testId]);
-        // Save changes
+        // Save changes atomically
         const data = db.export();
-        fs.writeFileSync(dbPath, Buffer.from(data));
+        const dbTmpHealth = dbPath + '.tmp';
+        fs.writeFileSync(dbTmpHealth, Buffer.from(data));
+        fs.renameSync(dbTmpHealth, dbPath);
         db.close();
         const passed = tests.filter(t => t.passed).length;
         const failed = tests.filter(t => !t.passed).length;
@@ -1744,19 +1813,22 @@ export async function storeEntry(options) {
             now,
             ttl ? now + (ttl * 1000) : null
         ]);
-        // Save
+        // Save atomically
         const data = db.export();
-        fs.writeFileSync(dbPath, Buffer.from(data));
+        const dbTmpStore = dbPath + '.tmp';
+        fs.writeFileSync(dbTmpStore, Buffer.from(data));
+        fs.renameSync(dbTmpStore, dbPath);
         db.close();
-        // Add to HNSW index for faster future searches
+        // Add to HNSW index for faster future searches (validated to reject malformed embeddings)
         if (embeddingJson) {
-            const embResult = JSON.parse(embeddingJson);
-            await addToHNSWIndex(id, embResult, {
-                id,
-                key,
-                namespace,
-                content: value
-            });
+            const embResult = safeParseEmbeddingLocal(embeddingJson);
+            if (embResult)
+                await addToHNSWIndex(id, embResult, {
+                    id,
+                    key,
+                    namespace,
+                    content: value
+                });
         }
         return {
             success: true,
@@ -1834,13 +1906,10 @@ export async function searchEntries(options) {
                 const [id, key, ns, content, embeddingJson] = row;
                 let score = 0;
                 if (embeddingJson) {
-                    try {
-                        const embedding = JSON.parse(embeddingJson);
+                    const embedding = safeParseEmbeddingLocal(embeddingJson);
+                    if (embedding && embedding.length === queryEmbedding.length) {
                         score = cosineSim(queryEmbedding, embedding);
                     }
-                    catch {
-                        // Invalid embedding, use keyword score
-                    }
                 }
                 // Fallback to keyword matching
                 if (score < threshold) {
@@ -2032,15 +2101,6 @@ export async function getEntry(options) {
             return { success: true, found: false };
         }
         const [id, entryKey, ns, content, embedding, accessCount, createdAt, updatedAt, tagsJson] = result[0].values[0];
-        // Update access count
-        db.run(`
-      UPDATE memory_entries
-      SET access_count = access_count + 1, last_accessed_at = strftime('%s', 'now') * 1000
-      WHERE id = ?
-    `, [String(id)]);
-        // Save updated database
-        const data = db.export();
-        fs.writeFileSync(dbPath, Buffer.from(data));
         db.close();
         let tags = [];
         if (tagsJson) {
@@ -2167,9 +2227,11 @@ export async function deleteEntry(options) {
         // Get remaining count
         const countResult = db.exec(`SELECT COUNT(*) FROM memory_entries WHERE status = 'active'`);
         const remainingEntries = countResult[0]?.values?.[0]?.[0] || 0;
-        // Save updated database
+        // Save updated database atomically
         const data = db.export();
-        fs.writeFileSync(dbPath, Buffer.from(data));
+        const dbTmpDelete = dbPath + '.tmp';
+        fs.writeFileSync(dbTmpDelete, Buffer.from(data));
+        fs.renameSync(dbTmpDelete, dbPath);
         db.close();
         // Clean up in-memory HNSW index so ghost vectors don't appear in searches.
         // Remove the entry from the HNSW entries map and invalidate the index.