fix: 12 verified audit bugs — GDPR, OOM, vector leak, race conditions#61
Merged
varun29ankuS merged 1 commit intomainfrom Feb 22, 2026
Merged
fix: 12 verified audit bugs — GDPR, OOM, vector leak, race conditions#61varun29ankuS merged 1 commit intomainfrom
varun29ankuS merged 1 commit intomainfrom
Conversation
…e conditions
Critical:
- C1: MIF edge import now resolves entity:{uuid} identifiers and calls add_relationship()
- C3: clear_all() drains pending prune/orphan queues to prevent stale references
- C4: rebuild_index() streams by ID instead of bulk-loading all memories (prevents OOM)
- C7: todo delete cleans up Vamana vector index via reverse mapping + mark_deleted()
High:
- H1: entity dedup in relevance scoring prevents double-counting
- H3: multi-word NER entities use substring match instead of word-level split
- H4: A/B test weights passed per-request via weights_override (eliminates global race)
- H8: GDPR delete_user purges all shared RocksDB CFs (todos, reminders, files, feedback, audit)
- H10: SSE memory_events_sse filters by user_id query param (secure by default)
Medium:
- M3: access count scoring uses log2(n+1) so first access is distinguishable from zero
- M11: INGEST_DEDUP hash scoped by user_id to prevent cross-user collision
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes 12 verified bugs from the deep codebase audit (4 critical, 5 high, 2 medium). All bugs were independently verified by specialized agents before fixing.
Critical (4)
entity:{uuid}identifiers and callsadd_relationship()clear_all()didn't drain pending prune/orphan queues, leaving stale references after GDPR erasurerebuild_index()loaded ALL memories into RAM at once — now streams by ID (O(1) peak memory)mark_deleted()cleanupHigh (5)
weights_overrideparameterdelete_user()left orphaned data in shared RocksDB — added prefix-scan purge across all CFs (todos, reminders, files, feedback, audit)memory_events_ssebroadcast ALL events to ALL clients — addeduser_idquery param filtering (secure by default: no user_id = no events)Medium (2)
log2(1)=0made first-access indistinguishable from never-accessed in relevance scoring — fixed withlog2(n+1)INGEST_DEDUPmap not scoped by user_id — cross-user collision in multi-tenant deploymentFiles changed (9)
src/graph_memory.rssrc/handlers/mif.rssrc/handlers/recall.rssrc/handlers/state.rssrc/handlers/webhooks.rssrc/memory/retrieval.rssrc/memory/storage.rssrc/memory/todos.rssrc/relevance.rsTest plan
cargo check+cargo clippy— clean (verified)cargo fmt -- --check— clean (verified)?user_id=returns no events