From PR #114 external review agent — adopted the real, low-cost findings;
remaining items (false positives / design trade-offs) explained in PR replies:
- coerceEpoch: !Number.isNaN → Number.isFinite — reject ±Infinity, which
previously slipped through and produced Invalid Date via new Date(Infinity)
- enforceRetentionCap pass2/pass3: decrement overflow only when idbDelete
actually succeeds — a failed best-effort delete no longer under-evicts
- cloudListStories: explicit column list instead of select() — avoid pulling
the bulky session_jsonb when only metadata is needed
- Supabase stories: composite primary key (user_id, id) + onConflict user_id,id
— avoid a cross-user Session.id collision rejecting the second user's save
(skeleton not yet deployed, so the migration is edited in place)
typecheck + build:cf green.