fix(soul): ratio guard against genesis seeding over a populated engram #21

Merged

will.anderson merged 3 commits from feat/connectors-soul into main

2026-06-17 18:20:00 +00:00

Author	SHA1	Message	Date
will.anderson	8b692e4666	fix/test: PR #21 review — guard, safety Bell, api write-back, temp paths Neuron Soul CI / build (pull_request) Failing after 13m22s Details fix(soul): add HTTP-engram guard to safe_to_seed — when ENGRAM_URL is set the HTTP Engram owns persistence; genesis must never save to local snapshot regardless of node counts (was: guard_disk forced to empty string, making the ratio check vacuously true and allowing init_soul_edges+engram_save). fix(soul): use multiplication form for ratio guard — node_count * 16000 < disk_len avoids floor-division truncation that underestimated boundary files (250KB / 16000 = 15.6, floors to 15; a 15-node graph wrongly passed old guard). fix(chat): add safety_augment_system to handle_chat_as_soul, handle_dharma_room_turn, and handle_dharma_room_turn_agentic — all three called the LLM without Hard Bell evaluation, leaving users in dharma rooms without crisis resource routing. fix(neuron-api): add api_persisted read-back to handle_api_define_process — was the only write handler that returned ok:true without verifying the node was actually written to engram. fix(routes): unique temp file path in connectd_post — replaces fixed /tmp/neuron-connectors-req.json with a timestamped path to prevent collision if concurrency is added or two soul instances share a machine. test: add tests/test_bell_safety.el — covers safety_detect_bell_level (none/soft/hard), safety_classify_hard_bell (abuse/self_harm routing), safety_normalize (smart-quote), safety_augment_system, and handle_safety_contact_post (validation + read-back). test: add tests/test_soul_guard.el — pure-function logic tests for the safe_to_seed predicate: 200KB boundary, 47MB/63-node clobber scenario, HTTP-engram mode, multiplication vs division truncation at 250KB. test: add tests/test_api_define_process.el — verifies the define_process write is read-back verified after the fix.	2026-06-17 13:19:15 -05:00
Tim Lingo	5ddb860201	fix(soul): ratio guard against genesis seeding over a populated engram Genesis boot previously seeded a fresh identity and saved it over snapshot.json whenever the in-memory graph looked empty. Replace the fixed node-count threshold with a ratio guard: refuse to seed when the on-disk snapshot is large (>200KB) but the loaded graph is sparse (< disk/16000 nodes). KNOWN LIMITATION: this gates only the seed/pre-serve-save path. The deeper cause is a non-atomic engram_save (fopen wb truncates to 0 before writing 47MB), which creates a window where a concurrent load reads an empty file -> genesis -> and if guard_disk is read in that same window the guard passes. The real fix is an atomic engram_save (temp + fsync + rename) in el_runtime.c, tracked separately. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-17 13:18:35 -05:00
Tim Lingo	6d8a992716	feat(soul): add safety module, expand connectors API, memory-recall bug notes - safety.el/.elh: new safety module - neuron-api.el, routes.el, soul.el, chat.el: connectors API expansion - regenerated dist/ C artifacts - MEMORY_RECALL_BUG.md: investigation notes Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-17 13:18:35 -05:00

Author

SHA1

Message

Date

will.anderson

8b692e4666

fix/test: PR #21 review — guard, safety Bell, api write-back, temp paths

Neuron Soul CI / build (pull_request) Failing after 13m22s

Details

fix(soul): add HTTP-engram guard to safe_to_seed — when ENGRAM_URL is set
the HTTP Engram owns persistence; genesis must never save to local snapshot
regardless of node counts (was: guard_disk forced to empty string, making
the ratio check vacuously true and allowing init_soul_edges+engram_save).

fix(soul): use multiplication form for ratio guard — node_count * 16000 <
disk_len avoids floor-division truncation that underestimated boundary files
(250KB / 16000 = 15.6, floors to 15; a 15-node graph wrongly passed old guard).

fix(chat): add safety_augment_system to handle_chat_as_soul,
handle_dharma_room_turn, and handle_dharma_room_turn_agentic — all three
called the LLM without Hard Bell evaluation, leaving users in dharma rooms
without crisis resource routing.

fix(neuron-api): add api_persisted read-back to handle_api_define_process —
was the only write handler that returned ok:true without verifying the node
was actually written to engram.

fix(routes): unique temp file path in connectd_post — replaces fixed
/tmp/neuron-connectors-req.json with a timestamped path to prevent
collision if concurrency is added or two soul instances share a machine.

test: add tests/test_bell_safety.el — covers safety_detect_bell_level
(none/soft/hard), safety_classify_hard_bell (abuse/self_harm routing),
safety_normalize (smart-quote), safety_augment_system, and
handle_safety_contact_post (validation + read-back).

test: add tests/test_soul_guard.el — pure-function logic tests for the
safe_to_seed predicate: 200KB boundary, 47MB/63-node clobber scenario,
HTTP-engram mode, multiplication vs division truncation at 250KB.

test: add tests/test_api_define_process.el — verifies the define_process
write is read-back verified after the fix.

2026-06-17 13:19:15 -05:00

Tim Lingo

5ddb860201

fix(soul): ratio guard against genesis seeding over a populated engram

Genesis boot previously seeded a fresh identity and saved it over snapshot.json
whenever the in-memory graph looked empty. Replace the fixed node-count threshold
with a ratio guard: refuse to seed when the on-disk snapshot is large
(>200KB) but the loaded graph is sparse (< disk/16000 nodes).

KNOWN LIMITATION: this gates only the seed/pre-serve-save path. The deeper cause
is a non-atomic engram_save (fopen wb truncates to 0 before writing 47MB), which
creates a window where a concurrent load reads an empty file -> genesis -> and if
guard_disk is read in that same window the guard passes. The real fix is an
atomic engram_save (temp + fsync + rename) in el_runtime.c, tracked separately.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-17 13:18:35 -05:00

Tim Lingo

6d8a992716

feat(soul): add safety module, expand connectors API, memory-recall bug notes

- safety.el/.elh: new safety module
- neuron-api.el, routes.el, soul.el, chat.el: connectors API expansion
- regenerated dist/ C artifacts
- MEMORY_RECALL_BUG.md: investigation notes

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-17 13:18:35 -05:00

fix(soul): ratio guard against genesis seeding over a populated engram #21

3 Commits