fix: address code review — restore mtime check, bound metadata reads, harden security

Review fixes (from Sage's review): - Restore mtime check in file_already_mined (check_mtime=True for miner) - Restore limit=10000 on MCP metadata fetches to prevent OOM on large palaces - Apply _SAFE_NAME_RE regex in sanitize_name (was dead code) - Drop raw_aaak metadata duplication in diary_write - chmod 0o700 on WAL dir, 0o600 on WAL file - Add check_same_thread=False on KnowledgeGraph SQLite connection - Remove __del__ (unreliable) and dead PRAGMA foreign_keys=ON
2026-04-09 08:52:24 -07:00
parent 0717caea5c
commit c2308a1e36
5 changed files with 35 additions and 14 deletions
@@ -40,6 +40,10 @@ def sanitize_name(value: str, field_name: str = "name") -> str:
    if "\x00" in value:
        raise ValueError(f"{field_name} contains null bytes")

+    # Enforce safe character set
+    if not _SAFE_NAME_RE.match(value):
+        raise ValueError(f"{field_name} contains invalid characters")
+
    return value