fix(memory): records INSERT omits audience and boundary columns

[Aaronontheweb]

Summary

Memory records are never written with audience or boundary values. The INSERT INTO memory_records statement in SQLiteMemoryStore.ApplyCurationBatchAsync() omits both columns despite them existing on the table. Documents correctly populate both fields.

This means all 261 existing memory records have NULL audience/boundary, and the COALESCE(r.audience, $planFallbackAudience) in search queries treats them as matching the requesting session's audience — effectively making every record visible to every audience level.

Impact

Personal memories stored as records (e.g., from DM conversations) leak into Team channels. This was previously masked by per-channel domain segregation (#203), but with the domain collapse fix in #557, the audience gap is now exposed.

Root Cause

src/Netclaw.Actors/Memory/SQLiteMemoryStore.cs lines 1329-1335 — the record INSERT column list does not include audience or boundary. The document INSERT does.

Fix Required

1. Add audience and boundary to the record INSERT statement (and the operation DTO if needed)
2. Change the COALESCE fallback for NULL audience from the requesting audience to personal (most restrictive) — so untagged records fail closed
3. Backfill existing records with correct audience/boundary based on their domain or source session

Related

• Add access-aware memory scoping beyond channel/session boundaries #203 — memory domain collapse (exposed this issue)
• fix(memory): collapse per-channel memory domains to project:default #557 — PR that removes domain as a search filter