fix: address all remaining low-severity audit issues

Author: Patel230

internal/evolution/engine.go

@@ -108,7 +108,10 @@ func New(repoPath string, logger *slog.Logger) *Engine {
 	}
 	tid := generateTraceID()
 	tools := iteragent.DefaultTools(repoPath)
-	skills, _ := iteragent.LoadSkills([]string{filepath.Join(repoPath, "skills")})
+	skills, err := iteragent.LoadSkills([]string{filepath.Join(repoPath, "skills")})
+	if err != nil {
+		slog.Warn("failed to load skills, agent will run without them", "err", err)
+	}
 	e := &Engine{
 		repoPath: repoPath,
 		repo:     repo,
@@ -154,6 +157,8 @@ func (e *Engine) loadPRState() {
 	}
 	var state PRState
 	if err := json.Unmarshal(data, &state); err != nil {
+		e.logger.Warn("pr_state.json is corrupted, clearing it", "err", err)
+		os.Remove(path)
 		return
 	}
 	e.prNumber = state.PRNumber
@@ -368,8 +373,11 @@ func (e *Engine) handlePRReviewAndMerge(ctx context.Context, p iteragent.Provide
 	result.PRURL = e.prURL
 	_ = e.appendLearningJSONL(firstLine(extractCommitMessage(output)), "evolution", "", "")
 	e.appendJournal(result, output, p.Name(), true)
+	e.clearPRState()
 
-	_ = e.switchToMain(ctx)
+	if err := e.switchToMain(ctx); err != nil {
+		e.logger.Warn("failed to switch to main after merge", "err", err)
+	}
 }
 
 // auditLog appends a tool call or error to .iterate/audit.jsonl for debugging.

internal/evolution/journal.go

@@ -74,7 +74,7 @@ func (e *Engine) appendJournal(result *RunResult, output, provider string, succe
 	newContent := header + entry + rest
 
 	if err := os.WriteFile(path, []byte(newContent), 0o644); err != nil {
-		e.logger.Warn("failed to write journal", "err", err)
+		e.logger.Error("failed to write journal", "err", err, "path", path)
 	}
 }
 

internal/evolution/phases.go

@@ -247,7 +247,10 @@ func (e *Engine) runTaskAttempt(ctx context.Context, p iteragent.Provider, task
 
 // loadImplementContext prepares the system prompt for implementation using cached tools and skills.
 func (e *Engine) loadImplementContext() (string, []iteragent.Tool, *iteragent.SkillSet) {
-	identity, _ := os.ReadFile(filepath.Join(e.repoPath, "docs/IDENTITY.md"))
+	identity, err := os.ReadFile(filepath.Join(e.repoPath, "docs/IDENTITY.md"))
+	if err != nil {
+		e.logger.Warn("failed to load IDENTITY.md, agent will run without identity context", "err", err)
+	}
 	systemPrompt := buildSystemPrompt(e.repoPath, string(identity))
 	return systemPrompt, e.tools, e.skills
 }

scripts/evolution/evolve.sh

@@ -22,8 +22,11 @@ acquire_lock() {
     if [[ -n "$OLD_PID" ]] && kill -0 "$OLD_PID" 2>/dev/null; then
       LOCK_AGE=$(( $(date +%s) - $(stat -c %Y "$PID_FILE" 2>/dev/null || echo 0) ))
       if [[ $LOCK_AGE -lt $LOCK_TIMEOUT ]]; then
-        log "ERROR: Another evolution running (PID $OLD_PID, age ${LOCK_AGE}s)"
+        log "ERROR: Another evolution running (PID $OLD_PID, age ${LOCK_AGE}s) — aborting"
         exit 1
+      else
+        log "WARNING: Stale lock found (PID $OLD_PID, age ${LOCK_AGE}s) — killing and continuing"
+        kill "$OLD_PID" 2>/dev/null || true
       fi
     fi
     rm -f "$PID_FILE"
@@ -37,9 +40,9 @@ release_lock() {
 
 trap release_lock EXIT
 
-mkdir -p "${REPOPATH}/.iterate"
-mkdir -p "${REPOPATH}/memory"
-mkdir -p "${REPOPATH}/docs"
+mkdir -p "${REPOPATH}/.iterate" || { echo "ERROR: failed to create .iterate dir"; exit 1; }
+mkdir -p "${REPOPATH}/memory" || { echo "ERROR: failed to create memory dir"; exit 1; }
+mkdir -p "${REPOPATH}/docs" || { echo "ERROR: failed to create docs dir"; exit 1; }
 acquire_lock
 
 log "=== iterate evolution cycle started ==="