Move the rate limit budget consumption (record_action) to immediately
after the path allowlist check but before canonicalization. Previously,
an attacker could probe whether arbitrary paths exist via canonicalize
errors without consuming any rate limit budget, since record_action
was only called after the file size check.
Now every request that passes the basic path validation consumes rate
limit budget, regardless of whether the file exists.
Closes#354
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Expand communication style presets (professional, expressive, custom)
- Enrich SOUL.md with human-like tone and emoji-awareness guidance
- Add crash recovery and sub-task scoping guidance to AGENTS.md scaffold
- Add 'Use when / Don't use when' guidance to TOOLS.md and runtime prompts
- Implement memory hygiene system with configurable archiving and retention
- Add MemoryConfig options: hygiene_enabled, archive_after_days, purge_after_days, conversation_retention_days
- Archive old daily memory and session files to archive subdirectories
- Purge old archives and prune stale SQLite conversation rows
- Add comprehensive tests for new features
