Context
The security best-practices report identified that connect_sqlite(...) opens file-backed SQLite databases using default process permissions. Future real MailPlus metadata or selected-text-cache work should not rely on ambient umask behavior.
Evidence
src/mailplus_intelligence/sqlite.py:12-18 opens file-backed databases with sqlite3.connect(...) and enables WAL.docs/privacy-redaction-boundaries.md:24-44 treats metadata as the structured recall layer.docs/privacy-redaction-boundaries.md:111-116 forbids generated stores that may contain sensitive material in the repo.
Acceptance criteria
- File-backed SQLite databases created by
connect_sqlite(...) are owner-readable/writable only by default, e.g. 0600, for newly-created files.
- Parent directory behavior is documented or made explicit if directories are created by the helper.
- A focused regression test proves the permission behavior for a newly-created database file.
- Existing in-memory behavior remains unchanged.
Context
The security best-practices report identified that
connect_sqlite(...)opens file-backed SQLite databases using default process permissions. Future real MailPlus metadata or selected-text-cache work should not rely on ambient umask behavior.Evidence
src/mailplus_intelligence/sqlite.py:12-18opens file-backed databases withsqlite3.connect(...)and enables WAL.docs/privacy-redaction-boundaries.md:24-44treats metadata as the structured recall layer.docs/privacy-redaction-boundaries.md:111-116forbids generated stores that may contain sensitive material in the repo.Acceptance criteria
connect_sqlite(...)are owner-readable/writable only by default, e.g.0600, for newly-created files.