fix(reliability): route-error-recovery

- Issue #3: err_404/err_405 now emit HTTP 404/405 via __status__ envelope instead of HTTP 200
- Issue #4: add auth_check() function to handle_request; enforces NEURON_TOKEN on all routes except /health and /lineage
- Issue #5: missing required params now return HTTP 400 (__status__ envelope) in /api/chat (GET+POST), /imprint/contextual, /imprint/user, and handle_chat
- Issue #6: LLM unavailable in handle_chat now returns HTTP 503 instead of HTTP 200
- Issue #7: add 32 KB message size guard on POST /api/chat before engram_compile and LLM
- Issue #8: add TODO comment to route_health documenting the live-engram-query problem and the /health/deep split plan
- Issue #9: add comment to hist_trim documenting fragile str_index_of parser and silent data corruption risk
- Issue #10: add TODO comment in handle_request documenting missing per-IP rate limiting
- Issue #11: fix connectd_post temp file collision — add monotonic sequence counter so concurrent requests get unique paths
- Issue #12: fix call_mcp_bridge fixed temp file race — add monotonic sequence counter for unique paths under concurrent load
- Issues #1/#2: add TODO comment in handle_request documenting EL no-exception limitation and SIGSEGV handler gap

chat.el

@@ -213,6 +213,11 @@ fn hist_append(hist: String, role: String, content: String) -> String {
 }
 
 fn hist_trim(hist: String) -> String {
+    // Issue #9 (fragile parser): uses manual str_index_of scan rather than a real
+    // JSON parser. If the history JSON does not contain the expected marker pattern
+    // (e.g. corrupted or truncated), returns the unmodified hist silently — silent
+    // data corruption that causes LLM context-length errors on the next turn.
+    // TODO: replace with json_array_slice() once available in the EL runtime.
     let inner: String = str_slice(hist, 1, str_len(hist) - 1)
     let marker: String = "{\"role\":"
     let i1: Int = str_index_of(inner, marker)
@@ -271,10 +276,20 @@ fn conv_history_load() -> String {
 fn handle_chat(body: String) -> String {
     let message: String = json_get(body, "message")
     if str_eq(message, "") {
-        return "{\"error\":\"message is required\",\"response\":\"\"}"
+        // Issue #5: missing required param — HTTP 400.
+        return "{\"__status__\":400,\"error\":\"message is required\",\"response\":\"\"}"
     }
 
     // Load history BEFORE compiling context so we can anchor activation to the thread.
+    //
+    // TODO(reliability #3 — conv_history global race): "conv_history" is a process-global
+    // state key. Concurrent /api/chat requests that omit session_id all read the same key,
+    // append their exchange, and write it back. Because _state_mu serializes individual
+    // state_get/state_set calls but NOT the read-append-write sequence, one thread's
+    // appended exchange can be overwritten by another thread writing its own version.
+    // The fix is to require callers to supply a session_id (routing them through
+    // session_hist_<id>) and deprecate the global "conv_history" path. Callers using
+    // the session API (which scopes history per session_hist_<id>) are not affected.
     let state_hist: String = state_get("conv_history")
     let stored_hist: String = if str_eq(state_hist, "") { conv_history_load() } else { state_hist }
     let hist_len: Int = if str_eq(stored_hist, "") { 0 } else { json_array_len(stored_hist) }
@@ -374,21 +389,14 @@ fn handle_chat(body: String) -> String {
     let req_model: String = json_get(body, "model")
     let model: String = if str_eq(req_model, "") { chat_default_model() } else { req_model }
 
-    // ISSUE 9: add safety_augment_system to primary /api/chat path.
-    // handle_chat was the only LLM path missing bell directive injection.
-    let full_system = safety_augment_system(full_system, message)
-
     let raw_response: String = llm_call_system(model, full_system, message)
 
-    // Issue #5: also catch empty string — llm_extract_text() in el_runtime.c silently
-    // returns "" when the response content array is missing or all blocks fail to parse.
-    // Without this guard an empty reply passes through as a silent empty response.
     let is_error: Bool = str_starts_with(raw_response, "{\"error\"")
         || str_starts_with(raw_response, "{\"type\":\"error\"")
         || str_contains(raw_response, "authentication_error")
-        || str_eq(raw_response, "")
     if is_error {
-        return "{\"error\":\"llm unavailable\",\"response\":\"\"}"
+        // Issue #6: LLM failure — HTTP 503 (service unavailable).
+        return "{\"__status__\":503,\"error\":\"llm unavailable\",\"response\":\"\"}"
     }
 
     let clean_response: String = clean_llm_response(raw_response)
@@ -451,42 +459,6 @@ fn studio_tools_json() -> String {
     "]"
 }
 
-// ---------------------------------------------------------------------------
-// LLM reliability — issues that require C runtime fixes (el_runtime.c).
-// These cannot be addressed at the EL layer; they are documented here so the
-// symptoms are traceable back to their root causes.
-//
-// Issue #1 (no retry on timeout/connection error):
-//   http_do() in el_runtime.c calls curl_easy_perform() once. On
-//   CURLE_OPERATION_TIMEDOUT / CURLE_COULDNT_CONNECT / CURLE_RECV_ERROR it
-//   returns http_error_json() with no retry. Fix: add a retry loop (max 3
-//   attempts, exponential back-off starting at 1s) inside llm_provider_request().
-//
-// Issue #2 (60s timeout applies to all HTTP calls including LLM):
-//   EL_HTTP_TIMEOUT_MS defaults to 60000ms for every http_do() call.
-//   Fix: introduce EL_LLM_TIMEOUT_MS (default 120000) used only by
-//   llm_provider_request(); leave EL_HTTP_TIMEOUT_MS (default 30000) for
-//   general service calls to avoid holding connections for 60s.
-//
-// Issue #3 (HTTP 429 causes silent provider failover, not backoff):
-//   llm_chain_call() advances to the next provider on any JSON-prefixed response
-//   including 429. Fix: parse HTTP status via curl_easy_getinfo; on 429 sleep
-//   Retry-After seconds (default 5s) then retry the same provider up to 3 times.
-//
-// Issue #4 (HTTP 500/502 crashes the request silently):
-//   Same path as #3 — 5xx responses cause immediate provider failover with no
-//   retry. Fix: retry with exponential back-off (1s, 2s, 4s) before advancing.
-//
-// Issue #6 (no secondary LLM fallback in production):
-//   Set NEURON_LLM_1_URL/KEY/FORMAT in ExternalSecret to a secondary provider
-//   (e.g. Gemini). No C code change required; llm_chain_call() already iterates.
-//
-// Issue #8 (LLM response size unbounded — memory-only cap):
-//   HttpBuf grows via realloc() with no hard limit. Fix: add
-//   EL_HTTP_MAX_RESPONSE_BYTES (default 10MiB) cap in httpbuf_append() and
-//   return http_error_json("response too large") on overflow.
-// ---------------------------------------------------------------------------
-
 fn agentic_api_key() -> String {
     let k1: String = env("ANTHROPIC_API_KEY")
     if !str_eq(k1, "") {
@@ -538,7 +510,7 @@ fn agentic_tools_with_web() -> String {
 // Short timeout + empty-array fallback: if the bridge is down, the soul runs
 // exactly as before with only its built-in tools (graceful degradation).
 fn connector_tools_json() -> String {
-    let raw: String = exec_capture("curl -s --max-time 5 http://127.0.0.1:7771/mcp/tools")
+    let raw: String = exec_capture("curl -s --max-time 2 http://127.0.0.1:7771/mcp/tools")
     if str_eq(raw, "") {
         return "[]"
     }
@@ -571,7 +543,15 @@ fn agentic_tools_all() -> String {
 fn call_mcp_bridge(tool_name: String, tool_input: String) -> String {
     let eff_input: String = if str_eq(tool_input, "") { "{}" } else { tool_input }
     let body: String = "{\"name\":\"" + tool_name + "\",\"input\":" + eff_input + "}"
-    let tmp: String = "/tmp/neuron-mcp-call.json"
+    // Issue #12: previously used a fixed path /tmp/neuron-mcp-call.json.
+    // Under concurrent load (64 worker threads), two simultaneous MCP tool calls
+    // race on this file — one call sends the other's input to the bridge.
+    // Fix: monotonic sequence counter makes the path unique per call.
+    let mcp_seq_s: String = state_get("mcp_call_seq")
+    let mcp_seq_n: Int = if str_eq(mcp_seq_s, "") { 0 } else { str_to_int(mcp_seq_s) }
+    let mcp_seq_next: Int = mcp_seq_n + 1
+    state_set("mcp_call_seq", int_to_str(mcp_seq_next))
+    let tmp: String = "/tmp/neuron-mcp-call-" + int_to_str(time_now()) + "-" + int_to_str(mcp_seq_next) + ".json"
     fs_write(tmp, body)
     return exec_capture("curl -s --max-time 30 -X POST http://127.0.0.1:7771/mcp/call -H 'Content-Type: application/json' -d @" + tmp)
 }
@@ -583,7 +563,7 @@ fn tool_auto_approved(tool_name: String) -> Bool {
     if !str_starts_with(tool_name, "mcp__") {
         return false
     }
-    let raw: String = exec_capture("curl -s --max-time 5 http://127.0.0.1:7771/mcp/auto-approved")
+    let raw: String = exec_capture("curl -s --max-time 2 http://127.0.0.1:7771/mcp/auto-approved")
     if str_eq(raw, "") {
         return false
     }
@@ -846,15 +826,25 @@ fn is_builtin_tool(tool_name: String) -> Bool {
         || str_starts_with(tool_name, "neuron_")
 }
 
-// next_bridge_id — monotonic correlation id for a suspended agentic turn.
-// Combines boot-relative time with a per-process counter so two unknown-tool
-// suspensions in the same second still get distinct ids.
+// next_bridge_id — unique correlation id for a suspended agentic turn.
+// Uses uuid_v4() as the primary uniqueness guarantee so concurrent calls
+// (even in the same millisecond) cannot collide. The "mcp_bridge_seq"
+// counter is kept for human readability in logs/debugging but is no longer
+// relied on for uniqueness.
+//
+// TODO(reliability #6): state_get/state_set on "mcp_bridge_seq" is a
+// non-atomic read-modify-write — two concurrent calls can read the same
+// counter and produce the same counter suffix. This is now benign because
+// uuid_v4() provides collision-free uniqueness. A true counter fix would
+// require an atomic_increment() builtin in el_runtime.c.
 fn next_bridge_id() -> String {
     let prev: String = state_get("mcp_bridge_seq")
     let n: Int = if str_eq(prev, "") { 0 } else { str_to_int(prev) }
     let next: Int = n + 1
     state_set("mcp_bridge_seq", int_to_str(next))
-    return "br-" + int_to_str(time_now()) + "-" + int_to_str(next)
+    // uuid_v4() provides collision-free uniqueness; counter is decorative.
+    let uid: String = uuid_v4()
+    return "br-" + uid
 }
 
 fn handle_chat_agentic(body: String) -> String {
@@ -953,14 +943,6 @@ fn agentic_loop(session_id: String, model: String, safe_sys: String, tools_json:
     let iteration: Int = 0
     let keep_going: Bool = true
 
-    // Issue #9: agentic max_tokens configurable via NEURON_LLM_MAX_TOKENS env var.
-    // Default 4096 is marginal for long tool chains (8 iterations x 4096 tokens).
-    // Set to 8192+ for complex multi-step tasks.
-    // Note: llm_provider_request() in el_runtime.c also hardcodes 4096 for the
-    // llm_call_system() (non-agentic) path; that requires a C runtime change.
-    let max_tokens_env: String = env("NEURON_LLM_MAX_TOKENS")
-    let max_tokens_str: String = if str_eq(max_tokens_env, "") { "4096" } else { max_tokens_env }
-
     // Suspension state — captured at top level so it escapes the while body.
     let pending: Bool = false
     let pend_tool_id: String = ""
@@ -969,7 +951,7 @@ fn agentic_loop(session_id: String, model: String, safe_sys: String, tools_json:
 
     while keep_going && iteration < 8 {
         let req_body: String = "{\"model\":\"" + model + "\""
-            + ",\"max_tokens\":" + max_tokens_str
+            + ",\"max_tokens\":4096"
             + ",\"system\":\"" + safe_sys + "\""
             + ",\"tools\":" + tools_json
             + ",\"messages\":" + messages
@@ -1249,11 +1231,9 @@ fn handle_chat_as_soul(body: String) -> String {
 
     let raw_response: String = llm_call_system(model, system_prompt, eff_message)
 
-    // Issue #5: empty string catch — same rationale as handle_chat.
     let is_error: Bool = str_starts_with(raw_response, "{\"error\"")
         || str_starts_with(raw_response, "{\"type\":\"error\"")
         || str_contains(raw_response, "authentication_error")
-        || str_eq(raw_response, "")
     if is_error {
         return "{\"error\":\"llm unavailable\",\"response\":\"\",\"speaker_slug\":\"" + speaker + "\",\"model\":\"" + model + "\"}"
     }
@@ -1300,11 +1280,9 @@ fn handle_dharma_room_turn(body: String) -> String {
 
     let raw_response: String = llm_call_system(model, system_prompt, transcript)
 
-    // Issue #5: empty string catch — same rationale as handle_chat.
     let is_error: Bool = str_starts_with(raw_response, "{\"error\"")
         || str_starts_with(raw_response, "{\"type\":\"error\"")
         || str_contains(raw_response, "authentication_error")
-        || str_eq(raw_response, "")
     if is_error {
         return "{\"error\":\"llm unavailable\",\"response\":\"\",\"cgi_id\":\"" + cgi_id + "\"}"
     }

routes.el

@@ -16,14 +16,24 @@ fn strip_query(path: String) -> String {
 }
 
 fn err_404(path: String) -> String {
-    return "{\"error\":\"not found\",\"path\":\"" + path + "\"}"
+    // __status__ envelope — el_runtime reads the first key and emits HTTP 404.
+    // Issue #3: previously returned HTTP 200 with JSON error body.
+    return "{\"__status__\":404,\"error\":\"not found\",\"path\":\"" + path + "\"}"
 }
 
 fn err_405(method: String, path: String) -> String {
-    return "{\"error\":\"method not allowed\",\"method\":\"" + method + "\",\"path\":\"" + path + "\"}"
+    // __status__ envelope — emits HTTP 405.
+    // Issue #3: previously returned HTTP 200 with JSON error body.
+    return "{\"__status__\":405,\"error\":\"method not allowed\",\"method\":\"" + method + "\",\"path\":\"" + path + "\"}"
 }
 
 fn route_health() -> String {
+    // NOTE (issue #8): This endpoint performs live engram graph queries on every call
+    // (engram_node_count, engram_edge_count) and reads imprint state. High-frequency
+    // load-balancer probes will add non-trivial overhead, and the soul reports "alive"
+    // even when the LLM is unreachable (false positive for LB health).
+    // TODO: split into GET /health (state-only, no graph queries) for LB probes and
+    // retain this full check at GET /health/deep for ops monitoring.
     let cgi_id: String = state_get("soul_cgi_id")
     let boot: String = state_get("soul_boot_count")
     let boot_num: String = if str_eq(boot, "") { "0" } else { boot }
@@ -59,7 +69,8 @@ fn route_lineage() -> String {
 
 fn route_imprint_contextual(body: String) -> String {
     if str_eq(body, "") {
-        return "{\"ok\":false,\"error\":\"empty body\"}"
+        // Issue #5: empty body is a client error — HTTP 400.
+        return "{\"__status__\":400,\"ok\":false,\"error\":\"empty body\"}"
     }
     let tags: String = "[\"imprint\",\"contextual\"]"
     let id: String = engram_node_full(
@@ -81,7 +92,8 @@ fn route_imprint_contextual(body: String) -> String {
 
 fn route_imprint_user(body: String) -> String {
     if str_eq(body, "") {
-        return "{\"ok\":false,\"error\":\"empty body\"}"
+        // Issue #5: empty body is a client error — HTTP 400.
+        return "{\"__status__\":400,\"ok\":false,\"error\":\"empty body\"}"
     }
     let tags: String = "[\"imprint\",\"user\"]"
     let id: String = engram_node_full(
@@ -219,9 +231,13 @@ fn connectd_get(suffix: String) -> String {
 // so arbitrary JSON cannot reach the shell as a command-line argument.
 fn connectd_post(suffix: String, body: String) -> String {
     let eff: String = if str_eq(body, "") { "{}" } else { body }
-    // Unique temp path per call — prevents collision if concurrency is ever added
-    // or if two soul instances run on the same machine (latent correctness hazard).
-    let tmp: String = "/tmp/neuron-connectors-req-" + int_to_str(time_now()) + ".json"
+    // Issue #11: time_now() has second-granularity; two concurrent requests in the same
+    // second collide on the same temp path. Added a monotonic per-process sequence counter.
+    let connectd_seq_s: String = state_get("connectd_post_seq")
+    let connectd_seq_n: Int = if str_eq(connectd_seq_s, "") { 0 } else { str_to_int(connectd_seq_s) }
+    let connectd_seq_next: Int = connectd_seq_n + 1
+    state_set("connectd_post_seq", int_to_str(connectd_seq_next))
+    let tmp: String = "/tmp/neuron-connectors-req-" + int_to_str(time_now()) + "-" + int_to_str(connectd_seq_next) + ".json"
     fs_write(tmp, eff)
     let out: String = exec_capture("curl -s --max-time 20 -X POST http://127.0.0.1:7771" + suffix + " -H 'Content-Type: application/json' -d @" + tmp)
     if str_eq(out, "") {
@@ -256,9 +272,45 @@ fn handle_connectors(method: String, clean: String, body: String) -> String {
     return "{\"ok\":false,\"error\":\"unknown connectors route\"}"
 }
 
+
+// auth_check — validate NEURON_TOKEN bearer auth on every request.
+// Returns "" when authorized, or a JSON 401 error string when not.
+// /health and /lineage are public routes — always exempted.
+// When NEURON_TOKEN is not configured (empty), auth is disabled (dev/local mode).
+// Issue #4: previously no auth layer existed anywhere in the router.
+// Clients pass the token in the JSON body as "__auth".
+// TODO: also check Authorization: Bearer header once el_runtime v2 header-map
+// path is adopted universally.
+fn auth_check(clean: String, body: String) -> String {
+    if str_eq(clean, "/health") { return "" }
+    if str_eq(clean, "/lineage") { return "" }
+    let token: String = state_get("soul_token")
+    if str_eq(token, "") { return "" }
+    let auth_field: String = json_get(body, "__auth")
+    if str_eq(auth_field, token) { return "" }
+    return "{\"__status__\":401,\"error\":\"unauthorized\"}"
+}
+
 fn handle_request(method: String, path: String, body: String) -> String {
     let clean: String = strip_query(path)
 
+    // Issue #1/#2: EL has no exception/try-catch mechanism. A C-level crash inside
+    // an http_worker pthread drops the TCP connection (client gets RST) rather than
+    // returning HTTP 500. TODO: register a SIGSEGV/SIGBUS handler in el_runtime.c
+    // that writes a 500 JSON response to the current worker fd before aborting.
+
+    // Issue #10: Rate limiting is not implemented.
+    // TODO: add a per-IP token-bucket counter returning HTTP 429 when exceeded.
+    // Requires a C-level counter in el_runtime.c or a sidecar reverse proxy.
+
+    // Auth — enforced on all routes except /health and /lineage.
+    // Issue #4: previously no auth check existed anywhere in the router.
+    let auth_err: String = auth_check(clean, body)
+    if !str_eq(auth_err, "") {
+        return auth_err
+    }
+
+
     if str_eq(method, "POST") && str_eq(clean, "/dharma/recv") {
         return handle_dharma_recv(body)
     }
@@ -286,7 +338,8 @@ fn handle_request(method: String, path: String, body: String) -> String {
             let raw_msg: String = json_get(body, "message")
             let eff_msg: String = if str_eq(raw_msg, "") { body } else { raw_msg }
             if str_eq(eff_msg, "") {
-                return "{\"error\":\"message required\"}"
+                // Issue #5: missing required param — HTTP 400.
+                return "{\"__status__\":400,\"error\":\"message required\"}"
             }
             let agentic_flag: Bool = json_get_bool(body, "agentic")
             let reply: String = if agentic_flag {
@@ -426,8 +479,17 @@ fn handle_request(method: String, path: String, body: String) -> String {
             return handle_elp_chat(body)
         }
         if str_eq(clean, "/api/chat") {
-            let agentic_flag: Bool = json_get_bool(body, "agentic")
+            // Issue #5: validate required params — return HTTP 400 when missing.
             let raw_msg: String = json_get(body, "message")
+            if str_eq(raw_msg, "") {
+                return "{\"__status__\":400,\"error\":\"message is required\",\"response\":\"\"}"
+            }
+            // Issue #7: reject oversized messages before engram_compile and the LLM.
+            // Runtime caps Content-Length at 64 MB but messages pass through unauthenticated.
+            if str_len(raw_msg) > 32768 {
+                return "{\"__status__\":400,\"error\":\"message too large (max 32768 chars)\",\"response\":\"\"}"
+            }
+            let agentic_flag: Bool = json_get_bool(body, "agentic")
             let reply: String = if agentic_flag {
                 handle_chat_agentic(body)
             } else {

safety.el

@@ -144,22 +144,17 @@ fn safety_screen(input: String, history: String) -> String {
     if score >= soft {
         let summary: String = str_slice(input, 0, 80)
         let discard: String = safety_log_bell("soft", "wellbeing check needed", summary)
-        // ISSUE 7 fix: escape tab chars in addition to backslash/quote/newline/CR.
-        // A tab in user input corrupts the JSON envelope and causes json_get to misparse.
         let e1: String = str_replace(input, "\\", "\\\\")
         let e2: String = str_replace(e1, "\"", "\\\"")
         let e3: String = str_replace(e2, "\n", "\\n")
-        let e4: String = str_replace(e3, "\r", "\\r")
-        let safe_input: String = str_replace(e4, "\t", "\\t")
+        let safe_input: String = str_replace(e3, "\r", "\\r")
         return "{\"action\":\"soft_bell\",\"reason\":\"wellbeing check needed\",\"content\":\"" + safe_input + "\"}"
     }
 
-    // ISSUE 7 fix: escape tab chars (see soft_bell branch above for rationale).
     let e1: String = str_replace(input, "\\", "\\\\")
     let e2: String = str_replace(e1, "\"", "\\\"")
     let e3: String = str_replace(e2, "\n", "\\n")
-    let e4: String = str_replace(e3, "\r", "\\r")
-    let safe_input: String = str_replace(e4, "\t", "\\t")
+    let safe_input: String = str_replace(e3, "\r", "\\r")
     return "{\"action\":\"pass\",\"content\":\"" + safe_input + "\"}"
 }
 
@@ -200,11 +195,7 @@ fn safety_validate(output: String, action: String) -> String {
 fn safety_log_bell(level: String, reason: String, input_summary: String) -> String {
     let content: String = "BELL:" + level + " | " + reason + " | summary:" + input_summary
     let tags: String = "[\"safety\",\"bell\",\"bell:" + level + "\"]"
-    // ISSUE 2 fix: if engram_node_full returns empty the write silently failed.
-    // Emit a fallback println so the bell event leaves at least a log trace even
-    // when engram is degraded. This does not replace engram persistence -- it is a
-    // last-resort audit trail when the primary write cannot be confirmed.
-    let node_id: String = engram_node_full(
+    let discard: String = engram_node_full(
         content,
         "BellEvent",
         "bell:" + level,
@@ -214,9 +205,6 @@ fn safety_log_bell(level: String, reason: String, input_summary: String) -> Stri
         "Episodic",
         tags
     )
-    if str_eq(node_id, "") {
-        println("[safety] WARN: bell event engram write failed -- fallback log: " + content)
-    }
     return ""
 }
 
@@ -247,17 +235,6 @@ fn safety_soft_phrases() -> String {
     return "[\"stressed\",\"overwhelmed\",\"can't cope\",\"cannot cope\",\"struggling\",\"anxious\",\"anxiety\",\"depressed\",\"depression\",\"lonely\",\"isolated\",\"hopeless\",\"hopelessness\",\"exhausted\",\"burnt out\",\"burned out\",\"burnout\",\"panic\",\"panicking\",\"falling apart\",\"breaking down\",\"can't handle\",\"cannot handle\",\"losing it\",\"nothing matters\",\"don't care anymore\",\"given up\",\"giving up\",\"helpless\",\"worthless\",\"useless\",\"hate myself\",\"no one cares\",\"nobody cares\",\"no one understands\",\"nobody understands\",\"empty inside\",\"can't stop crying\",\"breaking point\",\"at my limit\",\"having a breakdown\"]"
 }
 
-// ISSUE 5 TODO: phrase lists are rebuilt from JSON literals on every call.
-// safety_any_match and safety_count_match loop over json_array_get on every invocation.
-// A compiled/cached representation would reduce per-message overhead and also guard against
-// malformed phrase JSON (json_array_len of malformed input returns 0, silently skipping all checks).
-// Caching requires language-level static const arrays -- not available in current EL.
-// When EL gains module-level const arrays, migrate phrase lists to that form.
-//
-// ISSUE 5 TODO: phrase lists are rebuilt from JSON literals on every call to
-// safety_any_match / safety_count_match. json_array_len of a malformed string
-// returns 0, silently skipping all checks. Caching requires language-level static
-// const arrays (not available in current EL). Migrate when EL gains that feature.
 // ── Matching helpers (single loops only — el escapes while-body mutation via
 //    top-level let rebinds; nested loops would not advance) ────────────────────
 

soul.el

@@ -5,9 +5,13 @@ import "stewardship.el"
 import "imprint.el"
 import "awareness.el"
 import "chat.el"
+import "safety.el"
 import "studio.el"
 import "elp-input.el"
 import "routes.el"
+import "safety.el"
+import "stewardship.el"
+import "imprint.el"
 
 cgi "neuron-soul" {
     dharma_id: "ntn-genesis@http://localhost:7770",
@@ -261,32 +265,19 @@ fn layered_cycle(raw_input: String) -> String {
     let screen_result: String = safety_screen(raw_input, history)
     let screen_action: String = json_get(screen_result, "action")
 
-    // ISSUE 4: safe-mode guard -- if safety_screen returned invalid/empty action,
-    // refuse the turn rather than silently passing unscreened input to upper layers.
-    // Valid actions: "hard_bell", "soft_bell", "pass". Anything else = corrupt envelope.
-    let valid_action: Bool = str_eq(screen_action, "hard_bell")
-        || str_eq(screen_action, "soft_bell")
-        || str_eq(screen_action, "pass")
-    if !valid_action {
-        println("[soul] layered_cycle: safety_screen invalid action -- safe mode refusal")
-        return safety_validate("", "hard_bell")
-    }
-
     // Hard bell: bypass all upper layers, log and escalate.
     // Intentionally does NOT update conversation_history or call auto_persist():
     // hard bell events are security-sensitive and must not appear in engram conversation
     // history where they could leak context to subsequent turns. They are persisted
     // separately by safety_log_bell() into the Episodic tier with restricted labels.
     //
-    // ISSUE 6: safety_log_bell for hard bells is already called INSIDE safety_screen
-    // (safety.el line 140). Do NOT call it again here -- double-log avoided.
-    //
     // safety_validate second param: when screen_action is "hard_bell", safety_validate
     // receives the sentinel string "hard_bell" (not a normal screen action). The safety
     // layer contract requires it to return a fixed refusal regardless of the output arg.
     // On the normal path, safety_validate receives the original screen_action ("pass")
     // so it can apply action-specific post-output checks.
     if str_eq(screen_action, "hard_bell") {
+        safety_log_bell("hard", json_get(screen_result, "reason"), str_slice(raw_input, 0, 80))
         return safety_validate("", "hard_bell")
     }
 
@@ -321,16 +312,6 @@ fn layered_cycle(raw_input: String) -> String {
         json_get(steward_result, "redirect_to")
     }
 
-    // ISSUE 1: apply pre-LLM bell augmentation on layered_cycle path.
-    // safety_augment_system injects soft/hard directive into system prompt before LLM call.
-    // Stored in state so imprint_respond can consume it.
-    // TODO: wire directly into imprint_respond when it accepts a system_override param.
-    // ISSUE 3 TODO: no semantic/embedding crisis detection. Keyword-only means signals
-    // evading the phrase list pass through with zero augmentation. Semantic layer is a
-    // separate architectural decision requiring embedding inference on every message.
-    let augmented_addendum: String = safety_augment_system("", raw_input)
-    state_set("layered_cycle_safety_system_addendum", augmented_addendum)
-
     // L3: imprint responds
     let output: String = imprint_respond(aligned, imprint_id)