From 976289aa5cb27c02cab292ed51faeb7120e837f0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 12 Apr 2026 22:25:41 +0000
Subject: [PATCH] fix: refine security validation messaging

Agent-Logs-Url: https://github.com/MemPalace/mempalace/sessions/775f2fc4-3051-462e-8586-6d694b55da0d

Co-authored-by: igorls <4753812+igorls@users.noreply.github.com>
---
 mempalace/cli.py             | 3 +--
 mempalace/migrate.py         | 6 ++++--
 mempalace/query_sanitizer.py | 4 ++--
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/mempalace/cli.py b/mempalace/cli.py
index 4483b4f..c278492 100644
--- a/mempalace/cli.py
+++ b/mempalace/cli.py
@@ -228,8 +228,7 @@ def cmd_repair(args):
     if os.path.exists(backup_path):
         if not contains_palace_database(backup_path):
             print(
-                "  Cannot proceed: backup path exists but does not contain a valid palace backup "
-                "(expected chroma.sqlite3). "
+                "  Cannot proceed: backup path exists but does not contain chroma.sqlite3. "
                 f"Please remove or rename: {backup_path}"
             )
             return
diff --git a/mempalace/migrate.py b/mempalace/migrate.py
index 6410801..40a9701 100644
--- a/mempalace/migrate.py
+++ b/mempalace/migrate.py
@@ -109,12 +109,14 @@ def contains_palace_database(path: str) -> bool:
     return os.path.isfile(os.path.join(path, "chroma.sqlite3"))
 
 
-def confirm_destructive_action(action: str, palace_path: str, assume_yes: bool = False) -> bool:
+def confirm_destructive_action(
+    operation_name: str, palace_path: str, assume_yes: bool = False
+) -> bool:
     """Require confirmation before destructive palace operations."""
     if assume_yes:
         return True
 
-    print(f"\n  {action} will replace data in: {palace_path}")
+    print(f"\n  {operation_name} will replace data in: {palace_path}")
     print("  A backup will be created first, but the original directory will be deleted.")
     try:
         answer = input("  Continue? [y/N]: ").strip().lower()
diff --git a/mempalace/query_sanitizer.py b/mempalace/query_sanitizer.py
index 9741312..f86a621 100644
--- a/mempalace/query_sanitizer.py
+++ b/mempalace/query_sanitizer.py
@@ -69,11 +69,11 @@ def sanitize_query(raw_query: str) -> dict:
 
     def _strip_wrapping_quotes(candidate: str) -> str:
         candidate = candidate.strip()
-        while candidate[:1] in {"'", '"'} or candidate[-1:] in {"'", '"'}:
+        while candidate[:1] in {"'", '"'} and candidate[-1:] in {"'", '"'}:
             candidate = candidate.strip("\"'")
             if not candidate:
                 return ""
-        return candidate
+        return candidate.strip("\"'")
 
     def _trim_candidate(candidate: str) -> str:
         candidate = _strip_wrapping_quotes(candidate)