Reconcile live runtime data-integrity fixes onto main (UAF + atomic engram_save) #58

Merged

tim.lingo merged 3 commits from fix/runtime-integrity-reconcile into stage

2026-06-17 18:33:22 +00:00

Author	SHA1	Message	Date
Tim Lingo	2dec76c87a	fix(runtime): reconcile live data-integrity fixes onto main (UAF + atomic engram_save) El SDK Release / build-and-release (pull_request) Failing after 17s Details Ports the fixes that until now lived only in the un-versioned el-sdk source the live macOS soul was hand-built from (captured in the [DO NOT MERGE] live-darwin-runtime snapshot) FORWARD onto main, faithfully and minimally — without dragging in the snapshot's deletions of main's newer engram_wm_/engram_load_merge/http_serve_async. 1. UAF (hallucinated/lost-saves root cause): engram_new_id + engram_node_full now use el_strdup_persist, NOT el_strdup. el_strdup tracks into the per-request arena that el_request_end() frees when the creating HTTP request completes — leaving stored nodes with dangling pointers (corrupted ids, 'saved but never listed'). Transplanted verbatim from the live runtime; el_strdup_persist sites 19->27, matching live. 2. Atomic engram_save: write <path>.tmp, fflush+fsync, rename() over target (atomic on POSIX) so a booting soul's engram_load never reads a truncated/0-byte snapshot — the genesis -> nodes=1 -> 63-node-clobber loop. Plus a sparse-write floor: refuse to overwrite a >200KB snapshot with one < 1/16 its size. (Validated in isolation: harness 11/11; rebuilt+booted the darwin soul, round-tripped 5113 nodes, no clobber.) The response-truncation fix is already on main (_tl_fs_read_len binary-safe length). Compiles clean. For Will to build through CI/elb and deploy. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-16 19:46:56 -05:00
will.anderson	35c189759c	feat(runtime): add engram_wm_*, engram_load_merge, http_serve_async — needed by soul CI El SDK Release / build-and-release (push) Successful in 8m44s Details	2026-06-11 13:40:10 -05:00
will.anderson	5c94b8680d	Merge stage into main: corruption fix, model passthrough, UTF-8 escaping El SDK Release / build-and-release (push) Successful in 11m22s Details	2026-06-10 17:37:41 -05:00

Author

SHA1

Message

Date

Tim Lingo

2dec76c87a

fix(runtime): reconcile live data-integrity fixes onto main (UAF + atomic engram_save)

El SDK Release / build-and-release (pull_request) Failing after 17s

Details

Ports the fixes that until now lived only in the un-versioned el-sdk source the live
macOS soul was hand-built from (captured in the [DO NOT MERGE] live-darwin-runtime
snapshot) FORWARD onto main, faithfully and minimally — without dragging in the
snapshot's deletions of main's newer engram_wm_/engram_load_merge/http_serve_async.

1. UAF (hallucinated/lost-saves root cause): engram_new_id + engram_node_full now use
   el_strdup_persist, NOT el_strdup. el_strdup tracks into the per-request arena that
   el_request_end() frees when the creating HTTP request completes — leaving stored
   nodes with dangling pointers (corrupted ids, 'saved but never listed'). Transplanted
   verbatim from the live runtime; el_strdup_persist sites 19->27, matching live.

2. Atomic engram_save: write <path>.tmp, fflush+fsync, rename() over target (atomic on
   POSIX) so a booting soul's engram_load never reads a truncated/0-byte snapshot — the
   genesis -> nodes=1 -> 63-node-clobber loop. Plus a sparse-write floor: refuse to
   overwrite a >200KB snapshot with one < 1/16 its size. (Validated in isolation:
   harness 11/11; rebuilt+booted the darwin soul, round-tripped 5113 nodes, no clobber.)

The response-truncation fix is already on main (_tl_fs_read_len binary-safe length).
Compiles clean. For Will to build through CI/elb and deploy.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-16 19:46:56 -05:00

will.anderson

35c189759c

feat(runtime): add engram_wm_*, engram_load_merge, http_serve_async — needed by soul CI

El SDK Release / build-and-release (push) Successful in 8m44s

Details

2026-06-11 13:40:10 -05:00

will.anderson

5c94b8680d

Merge stage into main: corruption fix, model passthrough, UTF-8 escaping

El SDK Release / build-and-release (push) Successful in 11m22s

Details

2026-06-10 17:37:41 -05:00

Reconcile live runtime data-integrity fixes onto main (UAF + atomic engram_save) #58

3 Commits