- 1.1 Race condition in add_document (TOCTOU) — FOR UPDATE + UniqueViolationError
- 1.2 DB error details leaked in auth middleware — generic message + logging
- 1.3 TrustedHostMiddleware wildcard removal
- 1.4 Exception strings sanitized in handlers (~20 endpoints)
- 2.1 Delete vectorstore.py (14KB) + test_vectorstore.py
- 2.2 Remove empty AnalyticsMixin from core.py hierarchy
- 2.3 Remove orphaned FilterBuilder methods (add_not_archived, add_scope_filter)
- 2.4 Remove deprecated _infer_category_from_query + all call sites
- 2.5 Remove duplicate _ensure_document_store_search from SearchMixin
- 2.6 Fix fragile "body" in dir() pattern in maintenance handler
- 3.1 Batch embeddings in consolidation — pre-embed in batches of 100
- 3.2 Batch chunk inserts — conn.executemany() replacing loop
- 4.1 Extract _run_async to src/cems/lib/async_utils.py (8 files updated)
- 4.2 Extract get_project_id to hooks/utils/project.py (4 hooks updated)
- 4.3 Fix broken init.py re-export of removed _run_async
- 5.1 Rewrite to reflect current Docker Compose architecture (no Qdrant/Redis/worker)
- 6.1 Moved 9 completed/stale docs to docs/archive/
- Phase 1: Clean. Found 2 additional issues (UniqueViolationError, admin str(e) leaks) — fixed.
- Phase 2-3: Clean. Confirmed TOCTOU fix is correct, executemany is correct, batch embeddings correct.
- Phase 4: Clean. All imports verified, no stale definitions, bundled copies match source.