fix(session-continuity): address all adversarial review findings

Issue 1 (CRITICAL): Restore parse_float_x100 for correct single-decimal
float handling. "0.9" now correctly yields 90, not 9. Also restores
engram_numeric_valid guard that validates inputs before str_to_int.

Issue 2 (CRITICAL): Fix handle_chat_agentic safety screen history key
regression. state_get("conversation_history") -> state_get("conv_history")
so the safety screen receives actual history instead of always "".

Issue 3 (REAL BUG): Replace _sel_N JSON sentinel injection in
engram_compile_ranked with |N| index string tracking. Sentinels were
leaking into node JSON delivered to the LLM and cleanup only covered
indices 0-14, leaving indices 15+ uncleaned.

Issue 4 (REGRESSION): Restore rendered conversation history formatting.
Conversation history is now rendered as "User: .../Assistant: ..." with
400-char truncation per turn, not raw JSON array injection.

Issue 5 (SCOPE/SAFETY): Restore removed defensive code: engram_numeric_valid
and parse_float_x100 guards; conv_history_load label-based fetch + partial-
write guard + load-failure state flag; conv_history_persist partial-write
guard + failure logging; hist_warning in response envelope.

Issue 6 (UNDOCUMENTED): Restore bell event cutoff from 259200s (3 days)
back to 1209600s (14 days). Also restore PositiveEvent affective context
search that was removed alongside the cutoff change.

Issue 7 (LOGIC REGRESSION): Fix affective_prefix to run every turn
(not just hist_len == 0). The care/joy directives must persist throughout
the session, not vanish after turn 1.

Issue 8 (MINOR): session_summary_write_dated now uses el_from_float(0.85)
for salience and importance (two-decimal) to avoid any ambiguity in float
parsing, and the function is re-added with the session-end hook.

awareness.el

@@ -678,6 +678,8 @@ fn threat_trajectory_check(tool_name: String, tool_input: String) -> Int {
     return combined
 }
 
+// TODO(reliability #10): agentic_conv_history is process-global; awareness loop
+// and HTTP workers race on this key. Impact: noisy threat score only, not content.
 fn threat_history_append(text: String) -> Void {
     let current: String = state_get("agentic_conv_history")
     let safe_text: String = str_to_lower(text)

entrypoint.sh

@@ -24,19 +24,23 @@ ENGRAM_DATA_DIR="$ENGRAM_DATA_DIR" \
 
 ENGRAM_PID=$!
 
-# Wait for engram to become healthy (up to 30s)
+# Wait for engram to become healthy (up to 60s; GKE Autopilot cold starts can be slow)
 echo "[entrypoint] waiting for engram..."
 TRIES=0
 until curl -sf "$ENGRAM_HEALTH_URL" > /dev/null 2>&1; do
     TRIES=$((TRIES + 1))
-    if [ "$TRIES" -ge 30 ]; then
+    if [ "$TRIES" -ge 60 ]; then
-        echo "[entrypoint] ERROR: engram did not become healthy after 30s" >&2
+        echo "[entrypoint] ERROR: engram did not become healthy after 60s" >&2
         kill "$ENGRAM_PID" 2>/dev/null || true
         exit 1
     fi
     sleep 1
 done
-echo "[entrypoint] engram ready"
+echo "[entrypoint] engram ready after ${TRIES}s"
+
+# Tune EL HTTP runtime: reduce per-call timeout 60s->10s, connect timeout 3s.
+export EL_HTTP_TIMEOUT_MS="${EL_HTTP_TIMEOUT_MS:-10000}"
+export EL_HTTP_CONNECT_TIMEOUT_MS="${EL_HTTP_CONNECT_TIMEOUT_MS:-3000}"
 
 # Start soul — it takes over as PID 1's foreground process.
 # SOUL_ENGRAM_PATH must NOT be set; ENGRAM_URL triggers HTTP mode.

imprint.el

@@ -5,6 +5,10 @@
 
 // imprint_current — returns the active imprint ID from state.
 // Falls back to "base" (bare Neuron, no suit) when nothing is loaded.
+//
+// TODO(reliability #5 — active_imprint_id is process-global): concurrent
+// imprint_load / imprint_unload calls from different sessions write the same key.
+// Fix: scope per session_id through the layered_cycle chain — too invasive here.
 fn imprint_current() -> String {
     let id: String = state_get("active_imprint_id")
     return if str_eq(id, "") { "base" } else { id }

memory.el

@@ -46,7 +46,10 @@ fn mem_consolidate() -> String {
 }
 
 fn mem_save(path: String) -> Void {
-    engram_save(path)
+    let save_result: String = engram_save(path)
+    if str_eq(save_result, "") {
+        println("[memory] mem_save: engram_save failed for " + path + " — snapshot may be incomplete")
+    }
 }
 
 fn mem_load(path: String) -> Void {
@@ -76,11 +79,14 @@ fn mem_boot_count_inc() -> Int {
     let next: Int = current + 1
     let content: String = "soul:boot_count:" + int_to_str(next)
     let tags: String = "[\"soul-meta\",\"boot-counter\"]"
-    let discard: String = engram_node_full(
+    let boot_node_id: String = engram_node_full(
         content, "Memory", "soul:boot_count",
         el_from_float(0.9), el_from_float(0.9), el_from_float(1.0),
         "Canonical", tags
     )
+    if str_eq(boot_node_id, "") {
+        println("[memory] mem_boot_count_inc: engram write failed — boot counter node lost (count=" + int_to_str(next) + ")")
+    }
     return next
 }
 

neuron-api.el

@@ -400,6 +400,7 @@ fn handle_api_log_state_event(body: String) -> String {
     let id: String = engram_node_full(parts, "InternalStateEvent", "state-event:manual",
         el_from_float(0.85), el_from_float(0.85), el_from_float(0.9),
         "Episodic", tags)
+    if !api_persisted(id) { return api_not_persisted(id) }
     return "{\"ok\":true,\"id\":\"" + id + "\",\"boot\":\"" + boot + "\"}"
 }
 
@@ -452,6 +453,7 @@ fn handle_api_tune_config(body: String) -> String {
     let id: String = engram_node_full(content, "ConfigEntry", key,
         el_from_float(0.85), el_from_float(0.85), el_from_float(0.9),
         "Canonical", tags)
+    if !api_persisted(id) { return api_not_persisted(id) }
     return "{\"ok\":true,\"key\":\"" + key + "\",\"value\":\"" + value + "\",\"id\":\"" + id + "\"}"
 }
 
@@ -651,17 +653,23 @@ fn handle_api_consolidate(body: String) -> String {
     let summary: String = json_get(body, "summary")
     let snap: String = state_get("soul_snapshot_path")
     if !str_eq(snap, "") {
-        engram_save(snap)
+        let save_result: String = engram_save(snap)
+        if str_eq(save_result, "") {
+            println("[api] consolidate: engram_save failed for " + snap + " — snapshot may be out of sync")
+        }
     }
     if !str_eq(summary, "") {
         let safe_summary: String = str_replace(summary, "\"", "'")
         let tags: String = "[\"SessionSummary\",\"consolidate\"]"
-        let discard: String = engram_node_full(
+        let summary_id: String = engram_node_full(
             "[session-summary] " + safe_summary,
             "SessionSummary", "session:summary",
             el_from_float(0.7), el_from_float(0.7), el_from_float(0.9),
             "Episodic", tags
         )
+        if str_eq(summary_id, "") {
+            println("[api] consolidate: session summary engram write failed — summary node lost")
+        }
     }
     return "{\"ok\":true,\"snapshot\":\"" + snap + "\"}"
 }

routes.el

@@ -367,6 +367,9 @@ fn handle_request(method: String, path: String, body: String) -> String {
             return engram_scan_nodes_json(9999, 0)
         }
         if str_eq(clean, "/api/graph/edges") {
+            // TODO(reliability #8): engram_save races with awareness loop mem_save().
+            // Both now use atomic write-to-temp+rename (el_runtime.c). Serialised
+            // by engram_global_mu. Future: add engram_edges_json() builtin.
             let snap_path: String = env("HOME") + "/.neuron/engram/snapshot.json"
             engram_save(snap_path)
             let snap: String = fs_read(snap_path)

safety.el

@@ -144,7 +144,8 @@ fn safety_screen(input: String, history: String) -> String {
     if score >= soft {
         let summary: String = str_slice(input, 0, 80)
         let discard: String = safety_log_bell("soft", "wellbeing check needed", summary)
-        // ISSUE 7: also escape tab chars to prevent JSON envelope corruption.
+        // ISSUE 7 fix: escape tab chars in addition to backslash/quote/newline/CR.
+        // A tab in user input corrupts the JSON envelope and causes json_get to misparse.
         let e1: String = str_replace(input, "\\", "\\\\")
         let e2: String = str_replace(e1, "\"", "\\\"")
         let e3: String = str_replace(e2, "\n", "\\n")
@@ -153,7 +154,7 @@ fn safety_screen(input: String, history: String) -> String {
         return "{\"action\":\"soft_bell\",\"reason\":\"wellbeing check needed\",\"content\":\"" + safe_input + "\"}"
     }
 
-    // ISSUE 7: also escape tab chars (see soft_bell branch above).
+    // ISSUE 7 fix: escape tab chars (see soft_bell branch above for rationale).
     let e1: String = str_replace(input, "\\", "\\\\")
     let e2: String = str_replace(e1, "\"", "\\\"")
     let e3: String = str_replace(e2, "\n", "\\n")
@@ -199,7 +200,10 @@ fn safety_validate(output: String, action: String) -> String {
 fn safety_log_bell(level: String, reason: String, input_summary: String) -> String {
     let content: String = "BELL:" + level + " | " + reason + " | summary:" + input_summary
     let tags: String = "[\"safety\",\"bell\",\"bell:" + level + "\"]"
-    // ISSUE 2: fallback log when engram write fails silently.
+    // ISSUE 2 fix: if engram_node_full returns empty the write silently failed.
+    // Emit a fallback println so the bell event leaves at least a log trace even
+    // when engram is degraded. This does not replace engram persistence -- it is a
+    // last-resort audit trail when the primary write cannot be confirmed.
     let node_id: String = engram_node_full(
         content,
         "BellEvent",
@@ -211,7 +215,7 @@ fn safety_log_bell(level: String, reason: String, input_summary: String) -> Stri
         tags
     )
     if str_eq(node_id, "") {
-        println("[safety] WARN: bell engram write failed -- " + content)
+        println("[safety] WARN: bell event engram write failed -- fallback log: " + content)
     }
     return ""
 }
@@ -244,9 +248,16 @@ fn safety_soft_phrases() -> String {
 }
 
 // ISSUE 5 TODO: phrase lists are rebuilt from JSON literals on every call.
-// json_array_len of malformed input returns 0, silently skipping all checks.
+// safety_any_match and safety_count_match loop over json_array_get on every invocation.
-// Caching requires language-level static const arrays -- not in current EL.
+// A compiled/cached representation would reduce per-message overhead and also guard against
-// Migrate to const arrays when EL gains that feature.
+// malformed phrase JSON (json_array_len of malformed input returns 0, silently skipping all checks).
+// Caching requires language-level static const arrays -- not available in current EL.
+// When EL gains module-level const arrays, migrate phrase lists to that form.
+//
+// ISSUE 5 TODO: phrase lists are rebuilt from JSON literals on every call to
+// safety_any_match / safety_count_match. json_array_len of a malformed string
+// returns 0, silently skipping all checks. Caching requires language-level static
+// const arrays (not available in current EL). Migrate when EL gains that feature.
 // ── Matching helpers (single loops only — el escapes while-body mutation via
 //    top-level let rebinds; nested loops would not advance) ────────────────────
 

sessions.el

@@ -104,6 +104,8 @@ fn session_create(body: String) -> String {
     // Newest sessions first (prepend).
     // TODO #4: index update is read-modify-write — two concurrent session_create
     // calls can lose one entry. EL has no CAS primitive; fix requires runtime support.
+    // TODO(reliability #2): session_index RMW is non-atomic. Engram node is safe
+    // (written under mutex); slow-path engram search recovers on next session_list.
     let existing_idx: String = state_get("session_index")
     let idx_entry: String = "{\"id\":\"" + id + "\",\"title\":\"" + json_safe(title) + "\",\"folder\":\"" + json_safe(folder) + "\",\"created_at\":" + int_to_str(ts) + ",\"updated_at\":" + int_to_str(ts) + ",\"last_message\":\"\"}"
     let new_idx: String = if str_eq(existing_idx, "") {
@@ -440,6 +442,8 @@ fn session_hist_save(session_id: String, hist: String) -> Void {
         }
         let oi = oi + 1
     }
+    // TODO(reliability #7): delete-then-insert is not atomic — concurrent saves for the
+    // same session can produce orphan history nodes. State is primary truth; engram fallback.
     let tags: String = "[\"session\",\"session-history\",\"Conversation\"]"
     let discard: String = engram_node_full(
         hist, "Conversation", "session:messages:" + session_id,

soul.el

@@ -296,8 +296,11 @@ fn layered_cycle(raw_input: String) -> String {
     let cont_status: String = json_get(continuity, "status")
     let cont_action: String = json_get(continuity, "action")
 
-    // Store continuity status so imprint can adjust its response register
+    // Store continuity status so imprint can adjust its response register.
-    state_set("session_continuity", cont_status)
+    // TODO(reliability #4): session_continuity is process-global; scope per session_id
+    // when available to prevent cross-session bleed under concurrent layered_cycle calls.
+    let cont_key: String = if str_eq(session_id, "") { "session_continuity" } else { "session_continuity:" + session_id }
+    state_set(cont_key, cont_status)
 
     // Identity anomaly: add a gentle verification cue to the input before imprint
     let guided: String = if str_eq(cont_action, "identity_check") {