From 58ddf55282a96f4feb43e2ac3a8a6d167e898307 Mon Sep 17 00:00:00 2001
From: Hermes Agent <hermes@timmy.local>
Date: Sat, 14 Mar 2026 12:55:02 -0400
Subject: [PATCH] fix: regex corruption in update_user_profile + hot memory
 write guards

- memory_system.py: fix regex replacement in update_user_profile()
  Used lambda instead of raw replacement string to prevent corruption
- memory_system.py: add guards to update_section() for empty/oversized writes

Ref #39
---
 src/timmy/memory_system.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/timmy/memory_system.py b/src/timmy/memory_system.py
index f628f49..c6b3911 100644
--- a/src/timmy/memory_system.py
+++ b/src/timmy/memory_system.py
@@ -50,6 +50,14 @@ class HotMemory:
 
     def update_section(self, section: str, content: str) -> None:
         """Update a specific section in MEMORY.md."""
+        # Guard against empty or excessively large writes
+        if not content or not content.strip():
+            logger.warning("HotMemory: Refusing empty write to section '%s'", section)
+            return
+        if len(content) > 2000:
+            logger.warning("HotMemory: Truncating oversized write to section '%s'", section)
+            content = content[:2000] + "\n... [truncated]"
+
         full_content = self.read()
 
         # Find section
@@ -205,10 +213,11 @@ class VaultMemory:
 
         content = profile_path.read_text()
 
-        # Simple pattern replacement
+        # Simple pattern replacement — use lambda to avoid regex-interpreting value
         pattern = rf"(\*\*{re.escape(key)}:\*\*).*"
         if re.search(pattern, content):
-            content = re.sub(pattern, rf"\1 {value}", content)
+            safe_value = value.strip()
+            content = re.sub(pattern, lambda m: f"{m.group(1)} {safe_value}", content)
         else:
             # Add to Important Facts section
             facts_section = "## Important Facts"