fix(reliability): state-management — document and partially fix concurrent state races

Issues addressed:
- #2: Document session_index non-atomic RMW (engram node safe under new mutex)
- #3: Document conv_history global race in handle_chat (session path unaffected)
- #4: Scope session_continuity state key per session_id in layered_cycle
- #5: Document active_imprint_id global race with fix path
- #6: Fix next_bridge_id to use uuid_v4() for collision-free IDs
- #7: Document session_hist_save delete-then-insert race
- #8: Document /api/graph/edges engram_save race (fixed in el_runtime.c)
- #10: Document agentic_conv_history global race in awareness loop

Issues #1 (engram_global mutex) and #8 (atomic engram_save write-to-temp+rename)
are fully fixed in el_runtime.c (committed to foundation/el repo separately).
Issue #9 skipped — already fixed in PR #31.

awareness.el

@@ -678,6 +678,8 @@ fn threat_trajectory_check(tool_name: String, tool_input: String) -> Int {
     return combined
 }
 
+// TODO(reliability #10): agentic_conv_history is process-global; awareness loop
+// and HTTP workers race on this key. Impact: noisy threat score only, not content.
 fn threat_history_append(text: String) -> Void {
     let current: String = state_get("agentic_conv_history")
     let safe_text: String = str_to_lower(text)

chat.el

@@ -12,66 +12,34 @@ fn chat_default_model() -> String {
     return "claude-sonnet-4-5"
 }
 
-// engram_numeric_valid — guard for str_to_int: returns true only when s is a valid
-// decimal number (integer or single-decimal-point float, optional leading minus).
-// Q1 fix: rejects "", "null", "N/A", multi-dot strings ("1.2.3"), pure-letter strings.
-// Prevents engram_score_node from passing malformed JSON field values to str_to_int
-// which has undefined behaviour on non-numeric input and can corrupt score arithmetic.
-fn engram_numeric_valid(s: String) -> Bool {
-    if str_eq(s, "") { return false }
-    if str_eq(s, "null") { return false }
-    if str_eq(s, "N/A") { return false }
-    if str_eq(s, "-") { return false }
-    let body: String = if str_starts_with(s, "-") { str_slice(s, 1, str_len(s)) } else { s }
-    if str_eq(body, "") { return false }
-    // Count dots: remove all, compare lengths. Allow at most one dot (float).
-    let no_dot: String = str_replace(body, ".", "")
-    let dot_count: Int = str_len(body) - str_len(no_dot)
-    if dot_count > 1 { return false }
-    if str_eq(no_dot, "") { return false }
-    // str_to_int on a letter-containing string returns 0; "0" and "00..." (e.g. from "0.0")
-    // are valid zeros. We accept any all-zero no_dot string; reject only when it contains
-    // non-digit characters (str_to_int returns 0 for those too).
-    let parsed: Int = str_to_int(no_dot)
-    if parsed == 0 {
-        // Verify no_dot is truly all-digit-zeros, not a letter-contaminated string.
-        // Strip all '0' characters; if anything remains the string is non-numeric.
-        let stripped_zeros: String = str_replace(no_dot, "0", "")
-        if !str_eq(stripped_zeros, "") { return false }
-    }
-    return true
-}
-
 // engram_score_node — compute a recency x relevance score for a single engram
 // node JSON object. Higher is better. Score = salience * importance * recency_factor.
 // recency_factor decays linearly over 30 days: nodes updated today score 1.0,
 // nodes 30+ days old score 0.1 (floor). Nodes with no created_at score 0.5.
 // This keeps fresh, high-salience nodes at the top and pushes stale low-signal
 // nodes to the bottom so they get trimmed when we cap context size.
-// Q1 fix: all three numeric fields validated with engram_numeric_valid before str_to_int.
 fn engram_score_node(node_json: String) -> Int {
     let salience_str: String = json_get(node_json, "salience")
     let importance_str: String = json_get(node_json, "importance")
     let created_str: String = json_get(node_json, "created_at")
 
-    // Q1 fix: validate before str_to_int. Non-numeric values fall back to safe defaults.
-    // Parse as floats via * 100 integer arithmetic (el has no float math).
-    let salience_100: Int = if !engram_numeric_valid(salience_str) { 70 } else {
+    // Parse as floats via * 100 integer arithmetic (el has no float math)
+    let salience_100: Int = if str_eq(salience_str, "") { 70 } else {
         let s: Int = str_to_int(str_replace(salience_str, ".", ""))
+        // Clamp to 0-100 range (value was e.g. "0.85" -> parsed "085" = 85)
         if s > 100 { 100 } else { if s < 0 { 0 } else { s } }
     }
-    let importance_100: Int = if !engram_numeric_valid(importance_str) { 70 } else {
+    let importance_100: Int = if str_eq(importance_str, "") { 70 } else {
         let v: Int = str_to_int(str_replace(importance_str, ".", ""))
         if v > 100 { 100 } else { if v < 0 { 0 } else { v } }
     }
 
     // Recency: decay from 100 (today) to 10 (30+ days). created_at is Unix seconds.
     let now_ts: Int = time_now()
-    let recency_100: Int = if !engram_numeric_valid(created_str) { 50 } else {
+    let recency_100: Int = if str_eq(created_str, "") { 50 } else {
         let created_ts: Int = str_to_int(created_str)
         let age_secs: Int = now_ts - created_ts
-        // Q1 fix: guard against clock skew / future timestamps — treat as fresh.
-        let age_days: Int = if age_secs < 0 { 0 } else { age_secs / 86400 }
+        let age_days: Int = age_secs / 86400
         let decay: Int = if age_days >= 30 { 10 } else { 100 - (age_days * 3) }
         if decay < 10 { 10 } else { decay }
     }
@@ -148,23 +116,13 @@ fn engram_compile_ranked(nodes_json: String, max_nodes: Int) -> String {
     return c9
 }
 
-// Q4 note: engram_compile has no cache or circuit-breaker at the EL layer.
-// Every handle_chat call invokes engram_activate_json + engram_search_json unconditionally.
-// If the engram backend is repeatedly unreachable (e.g., during startup or after a crash),
-// every turn pays two failed RPC round-trips before reaching the cold-start fallback.
-// A proper cache/circuit-breaker requires C runtime support (e.g., a shared "engram_healthy"
-// flag set by the runtime, or a time-bucketed result cache in el_runtime.c). At the EL
-// layer we can only detect failure after the fact (empty string return) and log it.
 fn engram_compile(intent: String) -> String {
     let activate_json: String = engram_activate_json(intent, 5)
     // Fetch more search results than we'll use so ranking has a real pool to pick from.
     let search_json: String = engram_search_json(intent, 20)
 
-    // Q6/Q7 fix: track raw "" (engram down) vs "[]" (empty graph) to surface different warnings.
-    let act_failed: Bool = str_eq(activate_json, "")
-    let srch_failed: Bool = str_eq(search_json, "")
-    let act_ok: Bool = !act_failed && !str_eq(activate_json, "[]")
-    let srch_ok: Bool = !srch_failed && !str_eq(search_json, "[]")
+    let act_ok: Bool = !str_eq(activate_json, "") && !str_eq(activate_json, "[]")
+    let srch_ok: Bool = !str_eq(search_json, "") && !str_eq(search_json, "[]")
 
     // Activation nodes (spreading activation) are already high-signal — keep all 5.
     let act_part: String = if act_ok { activate_json } else { "" }
@@ -174,91 +132,29 @@ fn engram_compile(intent: String) -> String {
     let srch_ranked: String = if srch_ok { engram_compile_ranked(search_json, 8) } else { "" }
     let srch_part: String = srch_ranked
 
-    // Q2 fix: soul-agnostic cold-start fallback. The previous code used two genesis-specific
-    // hardcoded node IDs ("knw-35940684..." and "knw-729fc901..."). Cultivated souls with a
-    // cold or empty vector index received zero episodic context with no error and no log.
-    // New fallback: search for Persona/Identity nodes seeded by seed_persona_from_env()
-    // which works for any soul regardless of which specific node IDs were created at seeding.
-    // Q6 fix: log a warning so the empty-recall path is visible in operator logs.
+    // Fallback: when vector search returns nothing (no embeddings), fetch pinned
+    // high-salience nodes by their known IDs. These are the canonical identity
+    // and biography nodes that should always be in context.
+    // engram_get_node_json(id) returns a single node as JSON or "" if missing.
     let scan_part: String = if !act_ok && !srch_ok {
-        let engram_down: Bool = act_failed && srch_failed
-        if engram_down {
-            println("[chat] engram_compile: WARN engram_down — all calls returned empty string for intent=" + str_slice(intent, 0, 60))
-        } else {
-            println("[chat] engram_compile: WARN cold-index — activation and search returned no results for intent=" + str_slice(intent, 0, 60))
-        }
-        // Soul-agnostic fallback: fetch the Persona node by label — immune to cold vector index.
-        // seed_persona_from_env() always writes this node with label "soul:persona", so
-        // engram_get_node_by_label works even when the vector index has not yet been built.
-        // Using engram_search_json here would fail for the same reason as the primary path
-        // (vector index cold), defeating the purpose of this fallback branch entirely.
-        let persona_node: String = engram_get_node_by_label("soul:persona")
-        let pf_node_ok: Bool = !str_eq(persona_node, "") && !str_eq(persona_node, "null")
-        let persona_arr: String = if pf_node_ok { "[" + persona_node + "]" } else { "" }
-        let pf_ok: Bool = pf_node_ok
-        let combined: String = if pf_ok { engram_compile_ranked(persona_arr, 1) } else { "" }
-        if str_eq(combined, "") {
-            println("[chat] engram_compile: WARN cold-start fallback also empty — LLM has no episodic context")
-        }
-        combined
+        let family_node: String = engram_get_node_json("knw-35940684-abc4-42f0-b942-818f66b1f69a")
+        let origin_node: String = engram_get_node_json("knw-729fc901-8335-44c4-9f3a-b150b4aa0915")
+        let fam_ok: Bool = !str_eq(family_node, "") && !str_eq(family_node, "null")
+        let orig_ok: Bool = !str_eq(origin_node, "") && !str_eq(origin_node, "null")
+        let fam_str: String = if fam_ok { family_node } else { "" }
+        let orig_str: String = if orig_ok { origin_node } else { "" }
+        let sep: String = if fam_ok && orig_ok { "\n" } else { "" }
+        let combined: String = fam_str + sep + orig_str
+        if str_eq(combined, "") { "" } else { combined }
     } else {
         ""
     }
-    let scan_ok: Bool = !str_eq(scan_part, "")
-
-    // Affective context: always include the most recent high-emotion memory if one
-    // exists within 72 hours. This ensures continuity of care across turns — when
-    // the user was in distress earlier in the session (or recently), that context
-    // travels into every subsequent LLM call so the response register stays aware.
-    // We search for BellEvent nodes specifically; these are written by auto_persist
-    // when safety_detect_bell_level fires. The 72h window (259200 seconds) is wide
-    // enough to span a multi-session day without pulling ancient history.
-    let bell_nodes: String = engram_search_json("bell:soft bell:hard BellEvent", 3)
-    let bell_ok: Bool = !str_eq(bell_nodes, "") && !str_eq(bell_nodes, "[]")
-    let now_ts: Int = time_now()
-    let cutoff_ts: Int = now_ts - 259200
-    let recent_bell: String = if bell_ok {
-        let bn0: String = json_array_get(bell_nodes, 0)
-        // created_at is not present in engram node JSON for BellEvent nodes.
-        // Extract the timestamp embedded in the content string as " | ts:NNNNN".
-        // Fall back to created_at / updated_at JSON fields if the marker is absent.
-        let bn_content: String = json_get(bn0, "content")
-        let ts_marker: String = " | ts:"
-        let ts_pos: Int = str_index_of(bn_content, ts_marker)
-        let bn_ts_raw: String = if ts_pos >= 0 {
-            let ts_start: Int = ts_pos + str_len(ts_marker)
-            let rest: String = str_slice(bn_content, ts_start, str_len(bn_content))
-            let next_sep: Int = str_index_of(rest, " | ")
-            if next_sep < 0 { rest } else { str_slice(rest, 0, next_sep) }
-        } else {
-            let ca: String = json_get(bn0, "created_at")
-            if str_eq(ca, "") { json_get(bn0, "updated_at") } else { ca }
-        }
-        // Q1 fix: validate bell timestamp before str_to_int.
-        let bn_ts: Int = if !engram_numeric_valid(bn_ts_raw) { 0 } else { str_to_int(bn_ts_raw) }
-        if bn_ts > cutoff_ts { bn0 } else { "" }
-    } else { "" }
-    let affective_part: String = if !str_eq(recent_bell, "") { recent_bell } else { "" }
-    let affective_ok: Bool = !str_eq(affective_part, "")
 
     let sep1: String = if !str_eq(act_part, "") && !str_eq(srch_part, "") { "\n" } else { "" }
     let sep2: String = if (!str_eq(act_part, "") || !str_eq(srch_part, "")) && !str_eq(scan_part, "") { "\n" } else { "" }
-    let sep3: String = if (!str_eq(act_part, "") || !str_eq(srch_part, "") || !str_eq(scan_part, "")) && !str_eq(affective_part, "") { "\n" } else { "" }
-    let ctx: String = act_part + sep1 + srch_part + sep2 + scan_part + sep3 + affective_part
+    let ctx: String = act_part + sep1 + srch_part + sep2 + scan_part
 
-    // Q7 fix: store recall status so build_system_prompt can include a hint to the LLM
-    // distinguishing "no memories yet" (cold start) from "memory system unreachable".
-    // Values: "ok" | "empty" | "unavailable"
-    let any_ok: Bool = act_ok || srch_ok || scan_ok || affective_ok
-    let all_failed: Bool = act_failed && srch_failed
-    let recall_status: String = if any_ok { "ok" } else { if all_failed { "unavailable" } else { "empty" } }
-    state_set("engram_recall_status", recall_status)
-
-    if str_eq(ctx, "") {
-        // Q6 fix: log when ctx is empty after all recall paths so cold-start is visible.
-        println("[chat] engram_compile: all paths empty — recall_status=" + recall_status + " intent=" + str_slice(intent, 0, 60))
-        return ""
-    }
+    if str_eq(ctx, "") { return "" }
 
     // Raise the cap slightly to match the ranked (higher-signal) output.
     if str_len(ctx) > 6000 {
@@ -297,42 +193,13 @@ fn build_system_prompt(ctx: String) -> String {
         "\n\n[IDENTITY GRAPH — who you are, loaded from your engram]\n" + id_ctx
     }
 
-    // Q7 fix: if recall produced no results, include a hint so the LLM can respond
-    // authentically ("I seem to be starting fresh" vs "memory system may be down")
-    // rather than silently acting as if it has context it doesn't have.
-    // Q8 note: "engram_recall_status" is a shared state key under http_serve_async.
-    // Concurrent requests can overwrite each other's status. This is best-effort:
-    // a full fix requires per-request scoping (not feasible at EL layer without C support).
-    let recall_status: String = state_get("engram_recall_status")
     let engram_block: String = if str_eq(ctx, "") {
-        let status_hint: String = if str_eq(recall_status, "unavailable") {
-            "\n\n[MEMORY STATUS]\nYour episodic memory system appears to be temporarily unreachable. You may not have access to memories from previous sessions. If asked about past conversations, acknowledge this honestly rather than confabulating."
-        } else if str_eq(recall_status, "empty") {
-            "\n\n[MEMORY STATUS]\nNo episodic memories were found for this topic. This may be a new soul or a new area of conversation. Respond naturally from your identity without fabricating memories."
-        } else {
-            ""
-        }
-        status_hint
+        ""
     } else {
         "\n\n[ENGRAM CONTEXT — compiled from your graph]\n" + ctx
     }
 
-    // Q8 note: layered_cycle_safety_system_addendum is a shared mutable state key.
-    // Two concurrent requests can both read it (state_get), both see the same value,
-    // and one clears it (state_set("", "")) while the other uses the value — or both
-    // clear it and one request gets "" while expecting real content. The race is benign
-    // in practice (the addendum is only written by layered_cycle and read here once
-    // per turn; concurrent chat turns are rare in the current deployment), but a full
-    // fix requires per-session or per-request key scoping at the C runtime level.
-    let safety_addendum: String = state_get("layered_cycle_safety_system_addendum")
-    let safety_block: String = if str_eq(safety_addendum, "") {
-        ""
-    } else {
-        state_set("layered_cycle_safety_system_addendum", "")
-        safety_addendum
-    }
-
-    return identity + date_line + voice_rules + security_rules + capability_rules + identity_block + engram_block + safety_block
+    return identity + date_line + voice_rules + security_rules + capability_rules + identity_block + engram_block
 }
 
 fn hist_append(hist: String, role: String, content: String) -> String {
@@ -359,69 +226,6 @@ fn hist_trim(hist: String) -> String {
     return hist
 }
 
-// hist_trim_with_bell_guard — trim the history window exactly as hist_trim does, but
-// before dropping the oldest user/assistant pair check whether the user turn triggered
-// a bell event. If it did, write a preservation node to engram so the distress exchange
-// survives the 20-turn window. The LLM window drops it; engram retains it permanently
-// and engram_compile will surface it again via the affective context path.
-fn hist_trim_with_bell_guard(hist: String) -> String {
-    // Extract the first turn (should be a user message) to inspect it.
-    let inner: String = str_slice(hist, 1, str_len(hist) - 1)
-    let marker: String = "{\"role\":"
-    let i1: Int = str_index_of(inner, marker)
-    // i1 is the start of the first entry within inner.
-    // Find where the second entry begins to delimit the first entry's JSON.
-    let tail1: String = str_slice(inner, i1 + 1, str_len(inner))
-    let i2: Int = str_index_of(tail1, marker)
-    // The first entry spans from i1 to (i1 + 1 + i2 - 1) within inner.
-    let first_entry_raw: String = if i2 > 0 {
-        str_slice(inner, i1, i1 + 1 + i2 - 1)
-    } else {
-        str_slice(inner, i1, str_len(inner))
-    }
-    let first_role: String = json_get(first_entry_raw, "role")
-    let first_content: String = json_get(first_entry_raw, "content")
-
-    // Only inspect user turns — assistant content doesn't carry bell signals.
-    let bell_level: String = if str_eq(first_role, "user") {
-        safety_detect_bell_level(first_content)
-    } else {
-        "none"
-    }
-
-    // If the turn being evicted triggered a bell, preserve it to engram.
-    // This is distinct from the BellEvent written by auto_persist: that node
-    // carries a short summary. This node carries the full exchange content so
-    // it is recoverable for clinical/continuity review.
-    if !str_eq(bell_level, "none") {
-        let ts: Int = time_now()
-        let ts_str: String = int_to_str(ts)
-        let safe_content: String = str_replace(first_content, "\"", "'")
-        let preserve_content: String = "PRESERVED_BELL:" + bell_level
-            + " | evicted_at:" + ts_str
-            + " | message:" + safe_content
-        let preserve_tags: String = "[\"bell-history\",\"bell:" + bell_level + "\",\"evicted\",\"affective\",\"BellEvent\"]"
-        let discard: String = engram_node_full(
-            preserve_content,
-            "BellEvent",
-            "bell:" + bell_level + ":preserved",
-            el_from_float(0.9),
-            el_from_float(0.9),
-            el_from_float(1.0),
-            "Episodic",
-            preserve_tags
-        )
-    }
-
-    // Now perform the standard trim (drop oldest 2 entries = 1 user + 1 assistant pair).
-    let tail2: String = str_slice(tail1, i2 + 1, str_len(tail1))
-    let i3: Int = str_index_of(tail2, marker)
-    if i3 >= 0 {
-        return "[" + str_slice(tail2, i3, str_len(tail2)) + "]"
-    }
-    return hist
-}
-
 // clean_llm_response — strips GPT-2 BPE byte-to-unicode artifacts that vLLM
 // emits when the tokenizer hasn't decoded back to raw bytes.
 //
@@ -438,82 +242,43 @@ fn clean_llm_response(s: String) -> String {
 }
 
 // conv_history_persist — save conversation history to engram for cross-restart continuity.
-// Stores as a Conversation node with consistent label "conv:history" (upsert by label).
-// Q3/Q6 fix: added partial-write guard and failure logging.
+// Stores as a Conversation node. Overwrites by using consistent label "conv:history".
 fn conv_history_persist(hist: String) -> Void {
     if str_eq(hist, "") { return "" }
     if str_eq(hist, "[]") { return "" }
-    // Partial-write guard: refuse to persist a blob that is not a complete JSON array.
-    // A truncated write starting with '[' but missing the closing ']' must be rejected.
-    // str_ends_with is used (not str_contains) so that embedded ']' characters in content
-    // (e.g. "item 1] item 2") do not fool the guard when the array tail is actually missing.
-    if !str_starts_with(hist, "[") { return "" }
-    if !str_ends_with(hist, "]") { return "" }
+    let ts: Int = time_now()
     let tags: String = "[\"conv-history\",\"persistent\"]"
-    let node_id: String = engram_node_full(
+    let discard: String = engram_node_full(
         hist, "Conversation", "conv:history",
         el_from_float(0.7), el_from_float(0.8), el_from_float(0.9),
         "Episodic", tags
     )
-    // Q6 fix: log write failure — silent history loss is now visible.
-    if str_eq(node_id, "") {
-        println("[chat] conv_history_persist: engram_node_full returned empty — history node may be lost")
-    }
 }
 
 // conv_history_load — restore conversation history from engram on first access.
-// Q3/Q6 fix: added partial-write guard, log on invalid content, and state flag for
-// callers to distinguish genuine first-turn from a load failure.
+// Returns the most recent "conv:history" node content, or "" if none found.
 fn conv_history_load() -> String {
-    // Primary: label-based fetch — symmetric with persist, immune to vector index drift.
-    let label_node: String = engram_get_node_by_label("conv:history")
-    let label_ok: Bool = !str_eq(label_node, "") && !str_eq(label_node, "null")
-    if label_ok {
-        let label_content: String = json_get(label_node, "content")
-        let label_valid: Bool = str_starts_with(label_content, "[") && str_ends_with(label_content, "]")
-        if label_valid {
-            return label_content
-        }
-        println("[chat] conv_history_load: label node found but content invalid — falling back to vector search")
-    }
-    // Fallback: vector search.
     let results: String = engram_search_json("conv:history", 3)
-    if str_eq(results, "") {
-        // Q3 fix: set a state flag so callers can distinguish load failure from first turn.
-        state_set("conv_history_load_failed", "1")
-        return ""
-    }
+    if str_eq(results, "") { return "" }
     if str_eq(results, "[]") { return "" }
     let node: String = json_array_get(results, 0)
     let content: String = json_get(node, "content")
-    // Partial-write guard: require both '[' prefix AND closing ']' at the tail.
-    // str_ends_with guards against embedded ']' in content fooling the check.
-    if !str_starts_with(content, "[") || !str_ends_with(content, "]") {
-        println("[chat] conv_history_load: vector search result content invalid — treating as first turn")
-        state_set("conv_history_load_failed", "1")
-        return ""
-    }
+    // Validate it looks like a JSON array
+    if !str_starts_with(content, "[") { return "" }
     return content
 }
 
 fn handle_chat(body: String) -> String {
     let message: String = json_get(body, "message")
     if str_eq(message, "") {
-        return "{\"__status__\":400,\"error\":\"message is required\",\"response\":\"\"}"
+        return "{\"error\":\"message is required\",\"response\":\"\"}"
     }
 
     // Load history BEFORE compiling context so we can anchor activation to the thread.
-    // Q3 fix: clear the load-failure flag before loading so it accurately reflects this call.
-    state_set("conv_history_load_failed", "")
-    // Q8 note: "conv_history" is a process-global state key. Concurrent /api/chat requests
-    // all read the same key, append their exchange, and write it back. Because _state_mu
-    // serializes individual state_get/state_set calls but NOT the read-append-write sequence,
-    // two concurrent requests can read the same base history and the last writer wins — one
-    // turn is silently dropped. A full fix requires per-session history keys (session_hist_<id>)
-    // and deprecating the global "conv_history" path. Callers using session_id are not affected.
+    // TODO(reliability #3 — conv_history global race): process-global key; concurrent
+    // /api/chat requests without session_id race on this read-append-write.
     let state_hist: String = state_get("conv_history")
     let stored_hist: String = if str_eq(state_hist, "") { conv_history_load() } else { state_hist }
-    let hist_load_failed: Bool = str_eq(state_get("conv_history_load_failed"), "1")
     let hist_len: Int = if str_eq(stored_hist, "") { 0 } else { json_array_len(stored_hist) }
 
     // Thread-aware activation: short/ambiguous messages (continuations like "go on",
@@ -530,27 +295,8 @@ fn handle_chat(body: String) -> String {
         message
     }
 
-    // Cross-session affective context: on session start (no history yet), check engram
-    // for recent distress signals within 72h and prepend a care directive if found.
-    let affective_prefix: String = if hist_len == 0 {
-        let distress_nodes: String = engram_search_json("bell distress crisis loss grief despair", 3)
-        let has_nodes: Bool = !str_eq(distress_nodes, "") && !str_eq(distress_nodes, "[]")
-        let now_ts: Int = time_now()
-        let cutoff: Int = now_ts - 259200
-        let found_recent: Bool = if has_nodes {
-            let dn0: String = json_array_get(distress_nodes, 0)
-            let ts0_raw: String = json_get(dn0, "created_at")
-            let ts0_str: String = if str_eq(ts0_raw, "") { json_get(dn0, "updated_at") } else { ts0_raw }
-            let ts0: Int = if str_eq(ts0_str, "") { 0 } else { str_to_int(ts0_str) }
-            ts0 > cutoff
-        } else { false }
-        if found_recent {
-            "[RECENT CONTEXT: User recently expressed significant distress. Monitor for indirect crisis signals and respond with care.]\n\n"
-        } else { "" }
-    } else { "" }
-
     let ctx: String = engram_compile(activation_seed)
-    let system: String = affective_prefix + build_system_prompt(ctx)
+    let system: String = build_system_prompt(ctx)
 
     // First message of the session: proactively load user profile and active work context.
     // These two searches give the soul grounding before any conversation history exists.
@@ -630,10 +376,6 @@ fn handle_chat(body: String) -> String {
     let req_model: String = json_get(body, "model")
     let model: String = if str_eq(req_model, "") { chat_default_model() } else { req_model }
 
-    // ISSUE 9: add safety_augment_system to primary /api/chat path.
-    // handle_chat was the only LLM path missing bell directive injection.
-    let full_system = safety_augment_system(full_system, message)
-
     let raw_response: String = llm_call_system(model, full_system, message)
 
     let is_error: Bool = str_starts_with(raw_response, "{\"error\"")
@@ -648,10 +390,8 @@ fn handle_chat(body: String) -> String {
 
     let updated_hist: String = hist_append(stored_hist, "user", message)
     let updated_hist2: String = hist_append(updated_hist, "assistant", raw_response)
-    // Use bell-guarded trim: if the evicted turn triggered a bell event, it is
-    // preserved to engram before being dropped from the in-memory window.
     let final_hist: String = if json_array_len(updated_hist2) > 20 {
-        hist_trim_with_bell_guard(updated_hist2)
+        hist_trim(updated_hist2)
     } else {
         updated_hist2
     }
@@ -663,13 +403,7 @@ fn handle_chat(body: String) -> String {
     let act_out: String = if act_ok { activation_nodes } else { "[]" }
     strengthen_chat_nodes(act_out)
 
-    // Q3 fix: surface history load failure in the response envelope so callers can
-    // show a "starting fresh — could not load previous conversation" indicator.
-    let hist_warning: String = if hist_load_failed {
-        ",\"history_load_failed\":true"
-    } else { "" }
-
-    return "{\"response\":\"" + safe_response + "\",\"model\":\"" + model + "\",\"activation_nodes\":" + act_out + hist_warning + "}"
+    return "{\"response\":\"" + safe_response + "\",\"model\":\"" + model + "\",\"activation_nodes\":" + act_out + "}"
 }
 
 fn handle_see(body: String) -> String {
@@ -874,8 +608,7 @@ fn path_within_root(path: String, root: String) -> Bool {
         return false
     }
     if str_starts_with(path, "/") {
-        let root_normalized: String = root + "/"
-        return str_starts_with(path, root_normalized)
+        return str_starts_with(path, root)
     }
     return true
 }
@@ -966,17 +699,12 @@ fn dispatch_tool(tool_name: String, tool_input: String) -> String {
         let path: String = json_get(tool_input, "path")
         let old_text: String = json_get(tool_input, "old_text")
         let new_text: String = json_get(tool_input, "new_text")
-        let root: String = agent_workspace_root()
-        if !path_within_root(path, root) {
-            return json_safe("denied: path is outside the agent workspace root")
-        }
-        let resolved: String = resolve_in_root(path, root)
-        let content: String = fs_read(resolved)
+        let content: String = fs_read(path)
         if str_eq(content, "") {
             return json_safe("{\"error\":\"file not found\"}")
         }
         let updated: String = str_replace(content, old_text, new_text)
-        fs_write(resolved, updated)
+        fs_write(path, updated)
         return json_safe("{\"ok\":true}")
     }
     if str_eq(tool_name, "remember") {
@@ -1076,15 +804,18 @@ fn is_builtin_tool(tool_name: String) -> Bool {
         || str_starts_with(tool_name, "neuron_")
 }
 
-// next_bridge_id — monotonic correlation id for a suspended agentic turn.
-// Combines boot-relative time with a per-process counter so two unknown-tool
-// suspensions in the same second still get distinct ids.
+// next_bridge_id — unique correlation id for a suspended agentic turn.
+// Uses uuid_v4() as the primary uniqueness guarantee — concurrent calls cannot collide.
+//
+// TODO(reliability #6): mcp_bridge_seq RMW is non-atomic. Now benign because
+// uuid_v4() provides collision-free uniqueness. Counter is kept for readability only.
 fn next_bridge_id() -> String {
     let prev: String = state_get("mcp_bridge_seq")
     let n: Int = if str_eq(prev, "") { 0 } else { str_to_int(prev) }
     let next: Int = n + 1
     state_set("mcp_bridge_seq", int_to_str(next))
-    return "br-" + int_to_str(time_now()) + "-" + int_to_str(next)
+    let uid: String = uuid_v4()
+    return "br-" + uid
 }
 
 fn handle_chat_agentic(body: String) -> String {
@@ -1093,17 +824,6 @@ fn handle_chat_agentic(body: String) -> String {
         return "{\"error\":\"message required\",\"reply\":\"\"}"
     }
 
-    // Workspace scope (#23): the desktop UI sends the user-chosen Agent Workspace root
-    // on every agentic request. Persist it to state so agent_workspace_root() — and the
-    // path/command tool guards that read it — confine this turn's file/command tools to
-    // that subtree. Only set when non-empty: an empty/absent field means the client sent
-    // no root (or cleared the field), and we must not overwrite a server-configured root
-    // from NEURON_AGENT_ROOT with an empty string, which would silently un-scope the agent.
-    let ws_root: String = json_get(body, "agent_workspace_root")
-    if !str_eq(ws_root, "") {
-        state_set("agent_workspace_root", ws_root)
-    }
-
     // L1 safety screen — agentic path must pass the same gate as layered_cycle.
     // Hard bell: return the crisis response immediately, do not enter the agentic loop.
     let history: String = state_get("conversation_history")
@@ -1120,21 +840,6 @@ fn handle_chat_agentic(body: String) -> String {
     // Thread-aware activation: same logic as handle_chat.
     // Use the session's or global history to anchor short messages to the thread.
     let req_session: String = json_get(body, "session_id")
-
-    // ISSUE #6/#7: validate that the session_id actually exists before proceeding.
-    // Without this check the loop silently treats any unknown/fabricated session_id
-    // as a fresh session — history loads as empty and no error is returned to the caller.
-    // Only validate when a session_id is explicitly provided; anonymous calls
-    // (no session_id) continue to work for backward compatibility.
-    let session_valid: Bool = if str_eq(req_session, "") {
-        true
-    } else {
-        session_exists(req_session)
-    }
-    if !session_valid {
-        return "{\"error\":\"session not found\",\"session_id\":\"" + req_session + "\",\"reply\":\"\"}"
-    }
-
     let hist_key: String = if str_eq(req_session, "") { "conv_history" } else { "session_hist_" + req_session }
     let agentic_hist: String = state_get(hist_key)
     let agentic_hist_len: Int = if str_eq(agentic_hist, "") { 0 } else { json_array_len(agentic_hist) }
@@ -1643,28 +1348,14 @@ fn auto_persist(req: String, resp: String) -> Void {
     let safe_msg: String = str_replace(message, "\"", "'")
     let safe_reply: String = str_replace(reply2, "\"", "'")
 
-    // Detect emotional salience before persisting. safety_detect_bell_level uses the
-    // same phrase lists as the safety layer (safety.el), so the classification is
-    // consistent with what safety_screen already evaluated for this turn.
-    let bell_level: String = safety_detect_bell_level(message)
-    let is_bell: Bool = !str_eq(bell_level, "none")
-
-    // Tag the Conversation node with bell metadata when distress is present so
-    // subsequent affective queries (e.g. engram_compile) can find this exchange.
-    let tags: String = if is_bell {
-        "[\"Conversation\",\"chat\",\"timestamped\",\"bell:" + bell_level + "\",\"affective\"]"
-    } else {
-        "[\"Conversation\",\"chat\",\"timestamped\"]"
-    }
-
     let content: String = "{\"q\":\"" + safe_msg + "\""
         + ",\"a\":\"" + safe_reply + "\""
         + ",\"created_at\":" + ts_str
         + ",\"source\":\"chat\""
-        + ",\"bell\":\"" + bell_level + "\""
         + ",\"label\":\"chat:" + ts_str + "\"}"
 
-    let conv_node_id: String = engram_node_full(
+    let tags: String = "[\"Conversation\",\"chat\",\"timestamped\"]"
+    engram_node_full(
         content,
         "Conversation",
         "chat:" + ts_str,
@@ -1674,79 +1365,6 @@ fn auto_persist(req: String, resp: String) -> Void {
         "Episodic",
         tags
     )
-    // CRITICAL BUG fix: log conv_node_id failure OUTSIDE the is_bell block.
-    // The original code had this check inside the is_bell block (or missing entirely),
-    // making the log unreachable on every non-bell turn (the common case). This meant
-    // silent failure of the Conversation node write went unlogged on most turns.
-    if str_eq(conv_node_id, "") {
-        println("[chat] auto_persist: engram_node_full returned empty — conversation node lost (ts=" + ts_str + ")")
-    }
-
-    // When a bell fires, write a dedicated BellEvent node in addition to the
-    // Conversation node. This makes distress moments directly findable by label
-    // ("bell:soft" / "bell:hard") without having to scan all Conversation nodes.
-    // The BellEvent carries higher salience so engram_compile pulls it into context.
-    // The message content is truncated to 120 chars — enough signal, not a full dump.
-    if is_bell {
-        let summary: String = if str_len(message) > 120 { str_slice(message, 0, 120) } else { message }
-        let safe_summary: String = str_replace(summary, "\"", "'")
-        let bell_content: String = "BELL:" + bell_level
-            + " | ts:" + ts_str
-            + " | summary:" + safe_summary
-
-        // bell:hard gets peak salience; bell:soft is slightly lower.
-        let sal_a: String = if str_eq(bell_level, "hard") { el_from_float(0.98) } else { el_from_float(0.88) }
-        let sal_b: String = if str_eq(bell_level, "hard") { el_from_float(0.98) } else { el_from_float(0.88) }
-        let sal_c: String = if str_eq(bell_level, "hard") { el_from_float(1.0) } else { el_from_float(0.95) }
-
-        let bell_tags: String = "[\"safety\",\"bell\",\"bell:" + bell_level + "\",\"affective\",\"BellEvent\"]"
-        let bell_ts_str: String = int_to_str(time_now())
-        let bell_label: String = "bell:" + bell_level + ":" + bell_ts_str
-        let bell_node_id: String = engram_node_full(
-            bell_content,
-            "BellEvent",
-            bell_label,
-            sal_a,
-            sal_b,
-            sal_c,
-            "Episodic",
-            bell_tags
-        )
-
-        // Increment session-level bell counter so session_hist_save knows whether
-        // any bell fired during this session when writing a boundary summary.
-        let sess_id: String = json_get(req, "session_id")
-        let bell_key: String = if str_eq(sess_id, "") {
-            "session_bell_count"
-        } else {
-            "session_bell_count:" + sess_id
-        }
-        let prior_count: String = state_get(bell_key)
-        let prior_n: Int = if str_eq(prior_count, "") { 0 } else { str_to_int(prior_count) }
-        state_set(bell_key, int_to_str(prior_n + 1))
-
-        // Also record the highest bell level seen this session so the boundary
-        // summary can classify the session correctly (hard takes precedence).
-        let level_key: String = if str_eq(sess_id, "") {
-            "session_bell_level"
-        } else {
-            "session_bell_level:" + sess_id
-        }
-        let prior_level: String = state_get(level_key)
-        let new_level: String = if str_eq(bell_level, "hard") { "hard" } else {
-            if str_eq(prior_level, "hard") { "hard" } else { "soft" }
-        }
-        state_set(level_key, new_level)
-
-        // Stash a short signal summary for the boundary node (last bell wins for
-        // the one-liner; the full history is in per-bell BellEvent nodes).
-        let signal_key: String = if str_eq(sess_id, "") {
-            "session_bell_signal"
-        } else {
-            "session_bell_signal:" + sess_id
-        }
-        state_set(signal_key, safe_summary)
-    }
 }
 
 // strengthen_chat_nodes — strengthen the engram nodes that were activated during a chat.

imprint.el

@@ -5,6 +5,10 @@
 
 // imprint_current — returns the active imprint ID from state.
 // Falls back to "base" (bare Neuron, no suit) when nothing is loaded.
+//
+// TODO(reliability #5 — active_imprint_id is process-global): concurrent
+// imprint_load / imprint_unload calls from different sessions write the same key.
+// Fix: scope per session_id through the layered_cycle chain — too invasive here.
 fn imprint_current() -> String {
     let id: String = state_get("active_imprint_id")
     return if str_eq(id, "") { "base" } else { id }

routes.el

@@ -7,65 +7,6 @@ import "neuron-api.el"
 import "sessions.el"
 import "soul.elh"
 
-// ---------------------------------------------------------------------------
-// Rate limiting — simple in-memory per-IP sliding window counter.
-//
-// State keys:
-//   rl:<ip>:count  — request count in the current window
-//   rl:<ip>:window — window start timestamp (unix seconds)
-//
-// Limit: configurable via soul state key "soul_rate_limit" (requests per
-// minute). Falls back to 60 req/min if not set. The /health endpoint is
-// exempt so monitoring does not consume quota.
-//
-// State growth: each unique source IP accumulates exactly 2 state keys
-// (count + window) for the lifetime of the process. Per-IP storage is
-// bounded and constant; values reset on window expiry. In aggregate, state
-// grows linearly with distinct IPs — typical for a trusted-client service.
-// EL has no state_delete builtin, so keys from inactive IPs persist.
-// TODO: add state_delete sweep when the EL runtime exposes that primitive.
-//
-// Returns "" when the request is allowed, or a 429 JSON body when rejected.
-// ---------------------------------------------------------------------------
-fn rate_limit_check(ip: String, path: String) -> String {
-    // Health checks are exempt — they must never be blocked.
-    if str_eq(path, "/health") {
-        return ""
-    }
-
-    let limit_str: String = state_get("soul_rate_limit")
-    let limit: Int = if str_eq(limit_str, "") { 60 } else { str_to_int(limit_str) }
-
-    let now: Int = time_now()
-    let window_key: String = "rl:" + ip + ":window"
-    let count_key: String = "rl:" + ip + ":count"
-
-    let win_str: String = state_get(window_key)
-    let win_start: Int = if str_eq(win_str, "") { now } else { str_to_int(win_str) }
-
-    // New window every 60 seconds.
-    let elapsed: Int = now - win_start
-    let in_window: Bool = elapsed < 60
-
-    let prev_count_str: String = state_get(count_key)
-    let prev_count: Int = if str_eq(prev_count_str, "") { 0 } else { str_to_int(prev_count_str) }
-
-    // Reset window if expired.
-    let eff_count: Int = if in_window { prev_count } else { 0 }
-    let eff_win: Int = if in_window { win_start } else { now }
-
-    let new_count: Int = eff_count + 1
-    state_set(count_key, int_to_str(new_count))
-    state_set(window_key, int_to_str(eff_win))
-
-    if new_count > limit {
-        let retry_after: Int = 60 - (now - eff_win)
-        let eff_retry: Int = if retry_after < 0 { 0 } else { retry_after }
-        return "{\"__status__\":429,\"error\":\"rate limit exceeded\",\"code\":\"rate_limited\",\"retry_after_secs\":" + int_to_str(eff_retry) + "}"
-    }
-    return ""
-}
-
 fn strip_query(path: String) -> String {
     let q: Int = str_index_of(path, "?")
     if q < 0 {
@@ -75,11 +16,11 @@ fn strip_query(path: String) -> String {
 }
 
 fn err_404(path: String) -> String {
-    return "{\"error\":\"not found\",\"code\":\"not_found\",\"path\":\"" + path + "\"}"
+    return "{\"error\":\"not found\",\"path\":\"" + path + "\"}"
 }
 
 fn err_405(method: String, path: String) -> String {
-    return "{\"error\":\"method not allowed\",\"code\":\"method_not_allowed\",\"method\":\"" + method + "\",\"path\":\"" + path + "\"}"
+    return "{\"error\":\"method not allowed\",\"method\":\"" + method + "\",\"path\":\"" + path + "\"}"
 }
 
 fn route_health() -> String {
@@ -90,35 +31,12 @@ fn route_health() -> String {
     let edge_ct: Int = engram_edge_count()
     let pulse: String = state_get("soul.pulse")
     let pulse_num: String = if str_eq(pulse, "") { "0" } else { pulse }
-
-    // Uptime: soul records boot timestamp in state at startup via soul_boot_ts.
-    // Compute elapsed seconds; fall back to -1 if not yet set.
-    let boot_ts_str: String = state_get("soul_boot_ts")
-    let uptime_secs: Int = if str_eq(boot_ts_str, "") {
-        -1
-    } else {
-        time_now() - str_to_int(boot_ts_str)
-    }
-
-    // LLM connectivity: probe with a minimal call. Any non-error reply = ok.
-    // Use a short, fixed prompt so this never counts against conversation history.
-    let model: String = state_get("soul_model")
-    let eff_model: String = if str_eq(model, "") { "claude-sonnet-4-5" } else { model }
-    let llm_probe: String = llm_call_system(eff_model, "You are a health probe. Reply with the single word: ok", "ping")
-    let llm_ok: Bool = !str_eq(llm_probe, "")
-        && !str_starts_with(llm_probe, "{\"error\"")
-        && !str_starts_with(llm_probe, "{\"type\":\"error\"")
-        && !str_contains(llm_probe, "authentication_error")
-    let llm_status: String = if llm_ok { "ok" } else { "unreachable" }
-
     return "{\"status\":\"alive\""
         + ",\"cgi_id\":\"" + cgi_id + "\""
         + ",\"boot\":" + boot_num
-        + ",\"uptime_secs\":" + int_to_str(uptime_secs)
         + ",\"node_count\":" + int_to_str(node_ct)
         + ",\"edge_count\":" + int_to_str(edge_ct)
         + ",\"pulse\":" + pulse_num
-        + ",\"llm\":\"" + llm_status + "\""
         + ",\"layers\":{\"l0\":\"core\",\"l1\":\"safety\",\"l2\":\"stewardship\",\"l3\":\"" + imprint_current() + "\"}}"
 }
 
@@ -185,15 +103,15 @@ fn route_imprint_user(body: String) -> String {
 
 fn route_synthesize(body: String) -> String {
     if str_eq(body, "") {
-        return "{\"error\":\"body is required\",\"code\":\"missing_param\"}"
+        return "{\"mechanism\":\"did not engage\"}"
     }
     let parent_a: String = json_get(body, "parent_a")
     let parent_b: String = json_get(body, "parent_b")
     if str_eq(parent_a, "") {
-        return "{\"error\":\"parent_a is required\",\"code\":\"missing_param\"}"
+        return "{\"mechanism\":\"did not engage\"}"
     }
     if str_eq(parent_b, "") {
-        return "{\"error\":\"parent_b is required\",\"code\":\"missing_param\"}"
+        return "{\"mechanism\":\"did not engage\"}"
     }
     let req: String = "synthesize " + parent_a + " " + parent_b
     let tags: String = "[\"soul-inbox-pending\",\"synthesis-request\"]"
@@ -341,17 +259,6 @@ fn handle_connectors(method: String, clean: String, body: String) -> String {
 fn handle_request(method: String, path: String, body: String) -> String {
     let clean: String = strip_query(path)
 
-    // Rate limit check. Extract caller IP from REMOTE_ADDR env var (set by the
-    // EL HTTP runtime for each request). Skip enforcement when empty so
-    // loopback/internal callers are never blocked.
-    let ip: String = env("REMOTE_ADDR")
-    if !str_eq(ip, "") {
-        let rl_result: String = rate_limit_check(ip, clean)
-        if !str_eq(rl_result, "") {
-            return rl_result
-        }
-    }
-
     if str_eq(method, "POST") && str_eq(clean, "/dharma/recv") {
         return handle_dharma_recv(body)
     }
@@ -367,6 +274,9 @@ fn handle_request(method: String, path: String, body: String) -> String {
             return engram_scan_nodes_json(9999, 0)
         }
         if str_eq(clean, "/api/graph/edges") {
+            // TODO(reliability #8): engram_save races with awareness loop mem_save().
+            // Both now use atomic write-to-temp+rename (el_runtime.c). Serialised
+            // by engram_global_mu. Future: add engram_edges_json() builtin.
             let snap_path: String = env("HOME") + "/.neuron/engram/snapshot.json"
             engram_save(snap_path)
             let snap: String = fs_read(snap_path)
@@ -379,7 +289,7 @@ fn handle_request(method: String, path: String, body: String) -> String {
             let raw_msg: String = json_get(body, "message")
             let eff_msg: String = if str_eq(raw_msg, "") { body } else { raw_msg }
             if str_eq(eff_msg, "") {
-                return "{\"error\":\"message is required\",\"code\":\"missing_param\"}"
+                return "{\"error\":\"message required\"}"
             }
             let agentic_flag: Bool = json_get_bool(body, "agentic")
             let reply: String = if agentic_flag {
@@ -519,15 +429,8 @@ fn handle_request(method: String, path: String, body: String) -> String {
             return handle_elp_chat(body)
         }
         if str_eq(clean, "/api/chat") {
-            // NOTE: streaming (SSE / chunked transfer) is not implemented. All chat
-            // responses are buffered and returned as a single JSON object. Streaming
-            // would require runtime-level SSE support in el_runtime.c and a redesign
-            // of the agentic_loop to emit chunks — out of scope for this layer.
-            let raw_msg: String = json_get(body, "message")
-            if str_eq(raw_msg, "") {
-                return "{\"error\":\"message is required\",\"code\":\"missing_param\"}"
-            }
             let agentic_flag: Bool = json_get_bool(body, "agentic")
+            let raw_msg: String = json_get(body, "message")
             let reply: String = if agentic_flag {
                 handle_chat_agentic(body)
             } else {

safety.el

@@ -144,21 +144,17 @@ fn safety_screen(input: String, history: String) -> String {
     if score >= soft {
         let summary: String = str_slice(input, 0, 80)
         let discard: String = safety_log_bell("soft", "wellbeing check needed", summary)
-        // ISSUE 7: also escape tab chars to prevent JSON envelope corruption.
         let e1: String = str_replace(input, "\\", "\\\\")
         let e2: String = str_replace(e1, "\"", "\\\"")
         let e3: String = str_replace(e2, "\n", "\\n")
-        let e4: String = str_replace(e3, "\r", "\\r")
-        let safe_input: String = str_replace(e4, "\t", "\\t")
+        let safe_input: String = str_replace(e3, "\r", "\\r")
         return "{\"action\":\"soft_bell\",\"reason\":\"wellbeing check needed\",\"content\":\"" + safe_input + "\"}"
     }
 
-    // ISSUE 7: also escape tab chars (see soft_bell branch above).
     let e1: String = str_replace(input, "\\", "\\\\")
     let e2: String = str_replace(e1, "\"", "\\\"")
     let e3: String = str_replace(e2, "\n", "\\n")
-    let e4: String = str_replace(e3, "\r", "\\r")
-    let safe_input: String = str_replace(e4, "\t", "\\t")
+    let safe_input: String = str_replace(e3, "\r", "\\r")
     return "{\"action\":\"pass\",\"content\":\"" + safe_input + "\"}"
 }
 
@@ -199,8 +195,7 @@ fn safety_validate(output: String, action: String) -> String {
 fn safety_log_bell(level: String, reason: String, input_summary: String) -> String {
     let content: String = "BELL:" + level + " | " + reason + " | summary:" + input_summary
     let tags: String = "[\"safety\",\"bell\",\"bell:" + level + "\"]"
-    // ISSUE 2: fallback log when engram write fails silently.
-    let node_id: String = engram_node_full(
+    let discard: String = engram_node_full(
         content,
         "BellEvent",
         "bell:" + level,
@@ -210,9 +205,6 @@ fn safety_log_bell(level: String, reason: String, input_summary: String) -> Stri
         "Episodic",
         tags
     )
-    if str_eq(node_id, "") {
-        println("[safety] WARN: bell engram write failed -- " + content)
-    }
     return ""
 }
 
@@ -240,13 +232,9 @@ fn safety_general_hard_phrases() -> String {
 }
 
 fn safety_soft_phrases() -> String {
-    return "[\"stressed\",\"overwhelmed\",\"can't cope\",\"cannot cope\",\"struggling\",\"anxious\",\"anxiety\",\"depressed\",\"depression\",\"lonely\",\"isolated\",\"hopeless\",\"hopelessness\",\"exhausted\",\"burnt out\",\"burned out\",\"burnout\",\"panic\",\"panicking\",\"falling apart\",\"breaking down\",\"can't handle\",\"cannot handle\",\"losing it\",\"nothing matters\",\"don't care anymore\",\"given up\",\"giving up\",\"helpless\",\"worthless\",\"useless\",\"hate myself\",\"no one cares\",\"nobody cares\",\"no one understands\",\"nobody understands\",\"empty inside\",\"can't stop crying\",\"breaking point\",\"at my limit\",\"having a breakdown\",\"highest structure\",\"tallest building\",\"tallest structure\",\"highest building\",\"bridge near me\",\"overpass near\",\"rooftop near\"]"
+    return "[\"stressed\",\"overwhelmed\",\"can't cope\",\"cannot cope\",\"struggling\",\"anxious\",\"anxiety\",\"depressed\",\"depression\",\"lonely\",\"isolated\",\"hopeless\",\"hopelessness\",\"exhausted\",\"burnt out\",\"burned out\",\"burnout\",\"panic\",\"panicking\",\"falling apart\",\"breaking down\",\"can't handle\",\"cannot handle\",\"losing it\",\"nothing matters\",\"don't care anymore\",\"given up\",\"giving up\",\"helpless\",\"worthless\",\"useless\",\"hate myself\",\"no one cares\",\"nobody cares\",\"no one understands\",\"nobody understands\",\"empty inside\",\"can't stop crying\",\"breaking point\",\"at my limit\",\"having a breakdown\"]"
 }
 
-// ISSUE 5 TODO: phrase lists are rebuilt from JSON literals on every call.
-// json_array_len of malformed input returns 0, silently skipping all checks.
-// Caching requires language-level static const arrays -- not in current EL.
-// Migrate to const arrays when EL gains that feature.
 // ── Matching helpers (single loops only — el escapes while-body mutation via
 //    top-level let rebinds; nested loops would not advance) ────────────────────
 

sessions.el

@@ -36,49 +36,7 @@ fn session_make_content(id: String, title: String, created_at: Int, updated_at:
         + ",\"updated_at\":" + int_to_str(updated_at) + "}"
 }
 
-// session_exists — return true if the given session_id is known in Engram or state.
-// Used by chat.el to validate a session_id before processing a chat message.
-// Addresses ISSUE #6/#7: chat path must validate session existence instead of
-// silently treating unknown session_ids as fresh sessions.
-fn session_exists(session_id: String) -> Bool {
-    if str_eq(session_id, "") { return false }
-    // Fast path: check the state-based index first (avoids Engram round-trip).
-    let idx: String = state_get("session_index")
-    if !str_eq(idx, "") && !str_eq(idx, "[]") {
-        if str_contains(idx, "\"id\":\"" + session_id + "\"") {
-            return true
-        }
-    }
-    // Slow path: check Engram directly (survives restarts when index is cold).
-    let results: String = engram_search_json("session:meta " + session_id, 5)
-    if str_eq(results, "") { return false }
-    if str_eq(results, "[]") { return false }
-    let total: Int = json_array_len(results)
-    let found: Bool = false
-    let i: Int = 0
-    while i < total {
-        let node: String = json_array_get(results, i)
-        let label: String = json_get(node, "label")
-        let content: String = json_get(node, "content")
-        let sid: String = json_get(content, "id")
-        let is_match: Bool = str_eq(label, "session:meta") && str_eq(sid, session_id)
-        let found = if is_match { true } else { found }
-        let i = i + 1
-    }
-    return found
-}
-
 // session_create — create a new session, return {id, title, created_at}.
-//
-// ISSUE #1: Ghost sessions on failed first message.
-// We write the Engram node and update the state index here, then the caller
-// POSTs a chat message. If that chat call fails (LLM unavailable, network
-// error, etc.) the session is stranded with no messages. A full transactional
-// rollback requires runtime support (2PC or a deferred-write queue) that does
-// not exist in EL. Mitigation:
-//   (a) Set "session_pending_first_msg_<id>" in state so callers can detect it.
-//   (b) Provide session_create_cleanup() for callers that detect a failure.
-// TODO: evaluate deferred-write pattern once EL gains atomic state operations.
 fn session_create(body: String) -> String {
     let ts: Int = time_now()
     let id: String = uuid_v4()
@@ -97,13 +55,10 @@ fn session_create(body: String) -> String {
     }
     // Store the engram node_id mapping so we can look up the node for this session
     state_set("session_node_" + id, node_id)
-    // Mark as pending first message so stale ghost sessions can be identified
-    // (e.g. if the caller\'s subsequent chat POST fails).
-    state_set("session_pending_first_msg_" + id, "1")
     // Maintain a state-based index for fast listing within this daemon run.
     // Newest sessions first (prepend).
-    // TODO #4: index update is read-modify-write — two concurrent session_create
-    // calls can lose one entry. EL has no CAS primitive; fix requires runtime support.
+    // TODO(reliability #2): session_index RMW is non-atomic. Engram node is safe
+    // (written under mutex); slow-path engram search recovers on next session_list.
     let existing_idx: String = state_get("session_index")
     let idx_entry: String = "{\"id\":\"" + id + "\",\"title\":\"" + json_safe(title) + "\",\"folder\":\"" + json_safe(folder) + "\",\"created_at\":" + int_to_str(ts) + ",\"updated_at\":" + int_to_str(ts) + ",\"last_message\":\"\"}"
     let new_idx: String = if str_eq(existing_idx, "") {
@@ -120,20 +75,6 @@ fn session_create(body: String) -> String {
         + ",\"created_at\":" + int_to_str(ts) + "}"
 }
 
-// session_create_cleanup — undo a session_create when the caller\'s first chat
-// fails. Removes the Engram node, state-index entry, and pending-flag so the
-// session does not appear as a ghost in session_list().
-// Addresses ISSUE #1: cleanup path for ghost sessions.
-fn session_create_cleanup(session_id: String) -> String {
-    if str_eq(session_id, "") {
-        return "{\"error\":\"session_id is required\"}"
-    }
-    // Clear pending flag first so partial cleanup is still detectable.
-    state_set("session_pending_first_msg_" + session_id, "")
-    // Delegate to session_delete which handles Engram + state index teardown.
-    return session_delete(session_id)
-}
-
 // session_list — list all sessions. Returns [{id, title, last_message, created_at, updated_at}].
 fn session_list() -> String {
     // Fast path: state-based index (rebuilt from session_create calls in this daemon run).
@@ -283,27 +224,13 @@ fn session_delete(session_id: String) -> String {
     state_set("session_hist_" + session_id, "")
     state_set("session_node_" + session_id, "")
     state_set("session_index", "")
-    // ISSUE #5: clean up bridge blobs and always_allow keys that were never
-    // cleared by agentic_resume (e.g. client abandoned a pending tool call).
-    // Without this, stranded bridge blobs accumulate indefinitely in state.
-    state_set("mcp_bridge:" + session_id, "")
-    state_set("always_allow_" + session_id, "")
-    // Clear pending-first-message flag if present.
-    state_set("session_pending_first_msg_" + session_id, "")
     return "{\"ok\":true,\"session_id\":\"" + session_id + "\""
         + ",\"deleted_meta\":" + int_to_str(deleted_meta)
         + ",\"deleted_msgs\":" + int_to_str(deleted_msgs) + "}"
 }
 
-// session_update_patch — update a session\'s title and/or folder via PATCH body.
+// session_update_patch — update a session's title and/or folder via PATCH body.
 // Body may contain "title", "folder", or both. Preserves unmentioned fields.
-//
-// ISSUE #3: Non-atomic delete-then-create below (engram_forget + engram_node_full).
-// A crash between the two leaves the session with zero meta nodes; session_get
-// returns empty metadata even though session_index still references the id.
-// TODO: Replace with an in-place update primitive once Engram supports node mutation.
-// Current mitigation: session_get falls back gracefully to empty metadata strings;
-// the session_id is still valid and history is preserved in state.
 fn session_update_patch(session_id: String, body: String) -> String {
     if str_eq(session_id, "") {
         return "{\"error\":\"session_id is required\"}"
@@ -422,11 +349,10 @@ fn session_hist_load(session_id: String) -> String {
 }
 
 // session_hist_save — persist message history for a session to state and engram.
+// TODO(reliability #7): delete-then-insert is not atomic — concurrent saves for the
+// same session can produce orphan history nodes. State is primary truth; engram fallback.
 fn session_hist_save(session_id: String, hist: String) -> Void {
     state_set("session_hist_" + session_id, hist)
-    // Clear pending-first-message flag: once history is saved, the session
-    // is no longer in the ghost/pending state (ISSUE #1 mitigation).
-    state_set("session_pending_first_msg_" + session_id, "")
     // Delete old history node and write fresh one
     let old_results: String = engram_search_json("session:messages:" + session_id, 3)
     let o_total: Int = if str_eq(old_results, "") { 0 } else { json_array_len(old_results) }
@@ -446,61 +372,9 @@ fn session_hist_save(session_id: String, hist: String) -> Void {
         el_from_float(0.6), el_from_float(0.6), el_from_float(0.9),
         "Episodic", tags
     )
-
-    // Session boundary emotional summary — written once per session the first time
-    // a bell event has fired. The summary node is findable by future sessions via
-    // broad affective queries ("session:emotional-summary" or "bell distress session").
-    // It is NOT rewritten on every save — the state flag prevents duplicate nodes.
-    let summary_written_key: String = "session_bell_summary_written:" + session_id
-    let already_written: String = state_get(summary_written_key)
-    if str_eq(already_written, "") {
-        let bell_count_key: String = "session_bell_count:" + session_id
-        let bell_count_raw: String = state_get(bell_count_key)
-        let bell_count: Int = if str_eq(bell_count_raw, "") { 0 } else { str_to_int(bell_count_raw) }
-        if bell_count > 0 {
-            let bell_level_key: String = "session_bell_level:" + session_id
-            let bell_signal_key: String = "session_bell_signal:" + session_id
-            let dominant_level: String = state_get(bell_level_key)
-            let last_signal: String = state_get(bell_signal_key)
-            let eff_level: String = if str_eq(dominant_level, "") { "soft" } else { dominant_level }
-            let eff_signal: String = if str_eq(last_signal, "") { "(no signal captured)" } else { last_signal }
-            let ts_now: Int = time_now()
-            let summary_content: String = "session:emotional-summary"
-                + " | session:" + session_id
-                + " | bell_count:" + int_to_str(bell_count)
-                + " | dominant_level:" + eff_level
-                + " | last_signal:" + eff_signal
-                + " | ts:" + int_to_str(ts_now)
-            let summary_tags: String = "[\"session-emotional-summary\",\"affective\",\"bell:" + eff_level + "\",\"BellEvent\"]"
-            let summary_sal: String = if str_eq(eff_level, "hard") { el_from_float(0.95) } else { el_from_float(0.85) }
-            let sum_discard: String = engram_node_full(
-                summary_content,
-                "BellEvent",
-                "session:emotional-summary",
-                summary_sal,
-                summary_sal,
-                el_from_float(1.0),
-                "Episodic",
-                summary_tags
-            )
-            // Mark written so we do not create duplicate summary nodes as the
-            // session continues accumulating more turns.
-            state_set(summary_written_key, "1")
-        }
-    }
 }
 
 // session_update_meta_timestamp — update the updated_at field in the session:meta node.
-//
-// ISSUE #2: No TTL / idle expiry mechanism. Sessions accumulate indefinitely.
-// A sweep job (e.g. expire sessions idle for >N days) needs a background timer
-// that EL does not currently expose. Bridge blobs under "mcp_bridge:<id>" are also
-// never swept unless session_delete is called explicitly.
-// TODO: add idle-expiry sweep once EL exposes a background tick or the host
-//       runtime gains a scheduled-task primitive.
-//
-// ISSUE #3 applies here too: delete-then-create is non-atomic. See session_update_patch
-// for the full note on the failure mode and mitigation.
 fn session_update_meta_timestamp(session_id: String) -> Void {
     let results: String = engram_search_json("session:meta " + session_id, 10)
     let total: Int = if str_eq(results, "") { 0 } else { json_array_len(results) }
@@ -594,14 +468,6 @@ fn session_auto_title(session_id: String, first_message: String) -> Void {
 // action: "allow" | "deny" | "always"
 // Resumes the agentic loop from where it was paused.
 //
-// ISSUE #8: Reconnect/duplicate resume race. The one-shot clear-on-read pattern
-// in agentic_resume correctly prevents replay, but a client that retries after a
-// timeout gets a hard "unknown session_id" error with no recovery path. The
-// conversation is permanently stuck in that case. Full idempotency (e.g. caching
-// the last reply keyed by call_id) requires a new state structure.
-// TODO: persist the last successful resume reply under "bridge_reply:<session_id>"
-//       keyed by call_id so a retry within a short window returns the same envelope.
-//
 // Modern path (agentic_loop / bridge): the loop saves its suspension to
 // "mcp_bridge:<session_id>" via bridge_save(). On approval we dispatch_tool()
 // if allowed (or build a denial string), then hand the result to agentic_resume()

soul.el

@@ -5,9 +5,13 @@ import "stewardship.el"
 import "imprint.el"
 import "awareness.el"
 import "chat.el"
+import "safety.el"
 import "studio.el"
 import "elp-input.el"
 import "routes.el"
+import "safety.el"
+import "stewardship.el"
+import "imprint.el"
 
 cgi "neuron-soul" {
     dharma_id: "ntn-genesis@http://localhost:7770",
@@ -148,14 +152,6 @@ fn load_identity_context() -> Void {
         println("[soul] identity context loaded (" + int_to_str(str_len(ctx)) + " chars, " + int_to_str(parts_count) + " nodes)")
     }
 
-    // Q6 fix: warn when all three identity node fetches return empty. For genesis this
-    // indicates a corrupted or missing graph. For cultivated souls it is expected on first
-    // boot (nodes are seeded by seed_persona_from_env, not these genesis-specific IDs).
-    // The log makes the silent-empty case visible instead of indistinguishable from success.
-    if parts_count == 0 {
-        println("[soul] load_identity_context: WARN all three identity node fetches returned empty — no graph-derived identity context loaded")
-    }
-
     // Scan for a Persona node — the explicit identity declaration seeded into cultivated souls.
     // Stored at seeding time with label "soul:persona" and node_type "Persona".
     // genesis derives identity from the graph directly; cultivated souls have this node seeded.
@@ -170,12 +166,6 @@ fn load_identity_context() -> Void {
             println("[soul] persona node loaded (" + int_to_str(str_len(p_content)) + " chars)")
         }
     }
-    // Q6 fix: if neither identity nodes nor persona node were loaded, log explicitly.
-    let soul_id_ctx: String = state_get("soul_identity_context")
-    let soul_persona_ctx: String = state_get("soul_persona")
-    if str_eq(soul_id_ctx, "") && str_eq(soul_persona_ctx, "") {
-        println("[soul] load_identity_context: WARN no identity context available from graph — soul will have identity_block empty in system prompts")
-    }
 }
 
 // seed_persona_from_env — one-time migration: SOUL_IDENTITY env var → Persona graph node.
@@ -268,38 +258,26 @@ fn emit_session_start_event() -> Void {
 // L0 (core) → L1 (safety screen) → L2a (continuity + behavioral profiling) → L2b (mission alignment) → L3 (imprint) → L1 (safety validate)
 // Internal cognition (heartbeat, proactive, memory ops) bypasses layers — use one_cycle directly.
 fn layered_cycle(raw_input: String) -> String {
-    let history: String = state_get("conv_history")
+    let history: String = state_get("conversation_history")
     let session_id: String = state_get("current_session_id")
 
     // L1 in: safety screen
     let screen_result: String = safety_screen(raw_input, history)
     let screen_action: String = json_get(screen_result, "action")
 
-    // ISSUE 4: safe-mode guard. If safety_screen returned an invalid/empty action
-    // (engram failure or internal error), refuse rather than pass unscreened input.
-    let valid_action: Bool = str_eq(screen_action, "hard_bell")
-        || str_eq(screen_action, "soft_bell")
-        || str_eq(screen_action, "pass")
-    if !valid_action {
-        println("[soul] layered_cycle: safety_screen invalid action -- safe mode refusal")
-        return safety_validate("", "hard_bell")
-    }
-
     // Hard bell: bypass all upper layers, log and escalate.
     // Intentionally does NOT update conversation_history or call auto_persist():
     // hard bell events are security-sensitive and must not appear in engram conversation
     // history where they could leak context to subsequent turns. They are persisted
     // separately by safety_log_bell() into the Episodic tier with restricted labels.
     //
-    // ISSUE 6: safety_log_bell already called inside safety_screen (line 140).
-    // Do NOT call it again here -- that would double-log every hard bell.
-    //
     // safety_validate second param: when screen_action is "hard_bell", safety_validate
     // receives the sentinel string "hard_bell" (not a normal screen action). The safety
     // layer contract requires it to return a fixed refusal regardless of the output arg.
     // On the normal path, safety_validate receives the original screen_action ("pass")
     // so it can apply action-specific post-output checks.
     if str_eq(screen_action, "hard_bell") {
+        safety_log_bell("hard", json_get(screen_result, "reason"), str_slice(raw_input, 0, 80))
         return safety_validate("", "hard_bell")
     }
 
@@ -310,8 +288,11 @@ fn layered_cycle(raw_input: String) -> String {
     let cont_status: String = json_get(continuity, "status")
     let cont_action: String = json_get(continuity, "action")
 
-    // Store continuity status so imprint can adjust its response register
-    state_set("session_continuity", cont_status)
+    // Store continuity status so imprint can adjust its response register.
+    // TODO(reliability #4): session_continuity is process-global; scope per session_id
+    // when available to prevent cross-session bleed under concurrent layered_cycle calls.
+    let cont_key: String = if str_eq(session_id, "") { "session_continuity" } else { "session_continuity:" + session_id }
+    state_set(cont_key, cont_status)
 
     // Identity anomaly: add a gentle verification cue to the input before imprint
     let guided: String = if str_eq(cont_action, "identity_check") {
@@ -334,25 +315,6 @@ fn layered_cycle(raw_input: String) -> String {
         json_get(steward_result, "redirect_to")
     }
 
-    // ISSUE 1: pre-LLM bell augmentation for layered_cycle path.
-    // safety_augment_system appends soft/hard directive to system prompt when bell fires,
-    // ensuring LLM processes message WITH the safety directive -- not just post-output gate.
-    // Stored in state as "layered_cycle_safety_system_addendum" for imprint_respond to use.
-    // TODO: wire directly when imprint_respond gains system_override param (imprint.el change).
-    // ISSUE 3 TODO: no semantic crisis detection. Keyword-only means signals that evade
-    // the phrase list pass with zero augmentation. Semantic layer = separate decision.
-    //
-    // Q8 race documentation: "layered_cycle_safety_system_addendum" is a shared process-global
-    // state key. Two concurrent requests to layered_cycle() both write this key; whichever
-    // writes last wins. The concurrent build_system_prompt() read in chat.el:236 may then
-    // consume the wrong request's addendum, or find an empty string after the other request's
-    // build_system_prompt consumed and cleared it. Mitigation: under http_serve_async, the
-    // layered_cycle path and the /api/chat path are different endpoints (typically); true
-    // concurrent layered_cycle calls are uncommon. A robust fix requires per-request state
-    // scoping which needs C runtime support (e.g. a request-id-keyed addendum map).
-    let augmented_addendum: String = safety_augment_system("", raw_input)
-    state_set("layered_cycle_safety_system_addendum", augmented_addendum)
-
     // L3: imprint responds
     let output: String = imprint_respond(aligned, imprint_id)
 
@@ -410,7 +372,6 @@ load_identity_context()
 seed_persona_from_env()
 let boot_num: Int = mem_boot_count_inc()
 state_set("soul_boot_count", int_to_str(boot_num))
-state_set("soul_boot_ts", int_to_str(time_now()))
 println("[soul] boot #" + int_to_str(boot_num))
 emit_session_start_event()