fix: close 7 audit findings from v0.2.0 council review

HIGH fixes:
- #5: clearSession now cleans FTS/index data (prevents unbounded DB growth)
- #13: Memory TTL expires_at enforced in getMemoriesByProject and searchMemoriesFTS
- #14: Embedding API key hash included in model identity (fixes stale provider on key rotation)

MEDIUM fixes:
- #16: updateSessionMeta moved inside compaction transaction
- #11: Added idx_dream_queue_pending index for started_at/enqueued_at
- #18: Dream timer returns cleanup function for proper lifecycle management

LOW fix:
- #12: Removed redundant if(args.drop) guard after early return

Author: ualtinok

src/features/magic-context/compaction.ts

@@ -13,8 +13,8 @@ export function createCompactionHandler(): CompactionHandler {
                     "UPDATE tags SET status = 'compacted' WHERE session_id = ? AND status IN ('active', 'dropped')",
                 ).run(sessionId);
                 db.prepare("DELETE FROM pending_ops WHERE session_id = ?").run(sessionId);
+                updateSessionMeta(db, sessionId, { lastNudgeBand: null });
             })();
-            updateSessionMeta(db, sessionId, { lastNudgeBand: null });
         },
     };
 }

src/features/magic-context/dreamer/queue.ts

@@ -21,6 +21,9 @@ export function ensureDreamQueueTable(db: Database): void {
         )
     `);
     db.run("CREATE INDEX IF NOT EXISTS idx_dream_queue_project ON dream_queue(project_path)");
+    db.run(
+        "CREATE INDEX IF NOT EXISTS idx_dream_queue_pending ON dream_queue(started_at, enqueued_at)",
+    );
 }
 
 /** Enqueue a project for dreaming. Skips if the same project already has any queue entry (queued or running). */

src/features/magic-context/memory/embedding.ts

@@ -5,6 +5,7 @@ import { cosineSimilarity } from "./cosine-similarity";
 import { LocalEmbeddingProvider } from "./embedding-local";
 import { OpenAICompatibleEmbeddingProvider } from "./embedding-openai";
 import type { EmbeddingProvider } from "./embedding-provider";
+import { computeNormalizedHash } from "./normalize-hash";
 
 const DEFAULT_EMBEDDING_CONFIG: EmbeddingConfig = {
     provider: "local",
@@ -43,7 +44,8 @@ function resolveModelId(config: EmbeddingConfig): string {
     if (config.provider === "openai-compatible") {
         const endpoint = config.endpoint.trim();
         const model = config.model.trim();
-        return `openai-compat:${endpoint}:${model}`;
+        const keyHash = config.api_key ? computeNormalizedHash(config.api_key) : "nokey";
+        return `openai-compat:${endpoint}:${model}:${keyHash}`;
     }
 
     return config.model.trim() || DEFAULT_LOCAL_EMBEDDING_MODEL;

src/features/magic-context/memory/storage-memory-fts.ts

@@ -15,7 +15,7 @@ function getSearchStatement(db: Database): PreparedStatement {
             .join(", ");
 
         stmt = db.prepare(
-            `SELECT ${selectColumns} FROM memories_fts INNER JOIN memories ON memories.id = memories_fts.rowid WHERE memories.project_path = ? AND memories.status IN ('active', 'permanent') AND memories_fts MATCH ? ORDER BY bm25(memories_fts), memories.updated_at DESC, memories.id ASC LIMIT ?`,
+            `SELECT ${selectColumns} FROM memories_fts INNER JOIN memories ON memories.id = memories_fts.rowid WHERE memories.project_path = ? AND memories.status IN ('active', 'permanent') AND (memories.expires_at IS NULL OR memories.expires_at > ?) AND memories_fts MATCH ? ORDER BY bm25(memories_fts), memories.updated_at DESC, memories.id ASC LIMIT ?`,
         );
         searchStatements.set(db, stmt);
     }
@@ -52,7 +52,9 @@ export function searchMemoriesFTS(
         return [];
     }
 
-    const rows = getSearchStatement(db).all(projectPath, sanitized, limit).filter(isMemoryRow);
+    const rows = getSearchStatement(db)
+        .all(projectPath, Date.now(), sanitized, limit)
+        .filter(isMemoryRow);
 
     return rows.map((row) => ({ ...row }));
 }

src/features/magic-context/memory/storage-memory.ts

@@ -212,7 +212,7 @@ function getMemoriesByProjectStatement(db: Database, statuses: MemoryStatus[]):
     if (!stmt) {
         const placeholders = statuses.map(() => "?").join(", ");
         stmt = db.prepare(
-            `SELECT ${getMemorySelectColumns()} FROM memories WHERE project_path = ? AND status IN (${placeholders}) ORDER BY category ASC, updated_at DESC, id ASC`,
+            `SELECT ${getMemorySelectColumns()} FROM memories WHERE project_path = ? AND status IN (${placeholders}) AND (expires_at IS NULL OR expires_at > ?) ORDER BY category ASC, updated_at DESC, id ASC`,
         );
         statements.set(db, stmt);
     }
@@ -399,7 +399,7 @@ export function getMemoriesByProject(
     }
 
     const rows = getMemoriesByProjectStatement(db, statuses)
-        .all(projectPath, ...statuses)
+        .all(projectPath, ...statuses, Date.now())
         .filter(isMemoryRow);
 
     return rows.map(toMemory);

src/features/magic-context/message-index.ts

@@ -79,7 +79,7 @@ function getLastIndexedOrdinal(db: Database, sessionId: string): number {
     return typeof row?.last_indexed_ordinal === "number" ? row.last_indexed_ordinal : 0;
 }
 
-function clearIndexedMessages(db: Database, sessionId: string): void {
+export function clearIndexedMessages(db: Database, sessionId: string): void {
     getDeleteFtsStatement(db).run(sessionId);
     getDeleteIndexStatement(db).run(sessionId);
 }

src/features/magic-context/storage-db.ts

@@ -122,6 +122,7 @@ export function initializeDatabase(db: Database): void {
       retry_count INTEGER DEFAULT 0
     );
     CREATE INDEX IF NOT EXISTS idx_dream_queue_project ON dream_queue(project_path);
+CREATE INDEX IF NOT EXISTS idx_dream_queue_pending ON dream_queue(started_at, enqueued_at);
 
     CREATE VIRTUAL TABLE IF NOT EXISTS memories_fts USING fts5(
       content,

src/features/magic-context/storage-meta-session.ts

@@ -1,4 +1,5 @@
 import type { Database } from "bun:sqlite";
+import { clearIndexedMessages } from "./message-index";
 import {
     BOOLEAN_META_KEYS,
     ensureSessionMetaRow,
@@ -73,5 +74,6 @@ export function clearSession(db: Database, sessionId: string): void {
         db.prepare("DELETE FROM session_notes WHERE session_id = ?").run(sessionId);
         db.prepare("DELETE FROM recomp_compartments WHERE session_id = ?").run(sessionId);
         db.prepare("DELETE FROM recomp_facts WHERE session_id = ?").run(sessionId);
+        clearIndexedMessages(db, sessionId);
     })();
 }

src/features/magic-context/storage-meta.test.ts

@@ -82,7 +82,7 @@ describe("storage-meta", () => {
 
             //#then
             expect(db.transaction).toHaveBeenCalledTimes(1);
-            expect(db.prepare).toHaveBeenCalledTimes(9);
+            expect(db.prepare).toHaveBeenCalledTimes(11);
         });
     });
 });

src/features/magic-context/storage.test.ts

@@ -29,6 +29,7 @@ import {
     updateSessionMeta,
     updateTagStatus,
 } from "./storage";
+import { initializeDatabase } from "./storage-db";
 
 const tempDirs: string[] = [];
 const originalXdgDataHome = process.env.XDG_DATA_HOME;
@@ -61,98 +62,7 @@ function resolveDbPath(dataHome: string): string {
 
 function makeMemoryDatabase(): Database {
     const db = new Database(":memory:");
-    db.run(`
-    CREATE TABLE IF NOT EXISTS tags (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT,
-      message_id TEXT,
-      type TEXT,
-      status TEXT DEFAULT 'active',
-      byte_size INTEGER,
-      tag_number INTEGER,
-      UNIQUE(session_id, tag_number)
-    );
-    CREATE TABLE IF NOT EXISTS pending_ops (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT,
-      tag_id INTEGER,
-      operation TEXT,
-      queued_at INTEGER
-    );
-    CREATE TABLE IF NOT EXISTS source_contents (
-      tag_id INTEGER,
-      session_id TEXT,
-      content TEXT,
-      created_at INTEGER,
-      PRIMARY KEY(session_id, tag_id)
-    );
-    CREATE TABLE IF NOT EXISTS compartments (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT NOT NULL,
-      sequence INTEGER NOT NULL,
-      start_message INTEGER NOT NULL,
-      end_message INTEGER NOT NULL,
-      title TEXT NOT NULL,
-      content TEXT NOT NULL,
-      created_at INTEGER NOT NULL,
-      UNIQUE(session_id, sequence)
-    );
-    CREATE TABLE IF NOT EXISTS session_facts (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT NOT NULL,
-      category TEXT NOT NULL,
-      content TEXT NOT NULL,
-      created_at INTEGER NOT NULL,
-      updated_at INTEGER NOT NULL
-    );
-    CREATE TABLE IF NOT EXISTS session_notes (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT NOT NULL,
-      content TEXT NOT NULL,
-      created_at INTEGER NOT NULL
-    );
-    CREATE TABLE IF NOT EXISTS session_meta (
-      session_id TEXT PRIMARY KEY,
-      last_response_time INTEGER,
-      cache_ttl TEXT,
-      counter INTEGER DEFAULT 0,
-      last_nudge_tokens INTEGER DEFAULT 0,
-      last_nudge_band TEXT DEFAULT '',
-      last_transform_error TEXT DEFAULT '',
-      nudge_anchor_message_id TEXT DEFAULT '',
-      nudge_anchor_text TEXT DEFAULT '',
-      sticky_turn_reminder_text TEXT DEFAULT '',
-      sticky_turn_reminder_message_id TEXT DEFAULT '',
-      is_subagent INTEGER DEFAULT 0,
-      last_context_percentage REAL DEFAULT 0,
-      last_input_tokens INTEGER DEFAULT 0,
-      times_execute_threshold_reached INTEGER DEFAULT 0,
-      compartment_in_progress INTEGER DEFAULT 0,
-      system_prompt_hash INTEGER DEFAULT 0
-    );
-    CREATE TABLE IF NOT EXISTS recomp_compartments (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT NOT NULL,
-      sequence INTEGER NOT NULL,
-      start_message INTEGER NOT NULL,
-      end_message INTEGER NOT NULL,
-      start_message_id TEXT DEFAULT '',
-      end_message_id TEXT DEFAULT '',
-      title TEXT NOT NULL,
-      content TEXT NOT NULL,
-      pass_number INTEGER NOT NULL,
-      created_at INTEGER NOT NULL,
-      UNIQUE(session_id, sequence)
-    );
-    CREATE TABLE IF NOT EXISTS recomp_facts (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT NOT NULL,
-      category TEXT NOT NULL,
-      content TEXT NOT NULL,
-      pass_number INTEGER NOT NULL,
-      created_at INTEGER NOT NULL
-    );
-  `);
+    initializeDatabase(db);
     return db;
 }