fix: guard non-positive session limit in AdvancedSQLiteSession.get_items

AdvancedSQLiteSession.get_items() passed the resolved session_limit
directly to SQL LIMIT without checking whether the value is non-positive.
MongoDBSession, RedisSession, DaprSession, AsyncSQLiteSession, and
SQLAlchemySession all guard this with:

  if session_limit is not None and session_limit <= 0:
      return []

AdvancedSQLiteSession was the only SQLite-backed implementation missing
the guard.  SQLite treats LIMIT -1 as 'no limit', so passing limit=-1
would return the full conversation history instead of an empty list,
diverging from every other backend.

Adds limit=0 and limit=-1 assertions to the existing explicit-limit
override test so the behaviour is pinned.

Author: Rishab Motgi

src/agents/extensions/memory/advanced_sqlite_session.py

@@ -172,6 +172,9 @@ async def get_items(
         """
         session_limit = resolve_session_limit(limit, self.session_settings)
 
+        if session_limit is not None and session_limit <= 0:
+            return []
+
         if branch_id is None:
             branch_id = self._current_branch_id
 

tests/extensions/memory/test_advanced_sqlite_session.py

@@ -1288,6 +1288,12 @@ async def test_get_items_explicit_limit_overrides_session_settings():
     assert retrieved[0].get("content") == "Message 8"
     assert retrieved[1].get("content") == "Message 9"
 
+    # Non-positive limits must return [] for parity with MongoDB/Redis/AsyncSQLite.
+    # SQLite treats LIMIT -1 as "no limit", so without an explicit guard a negative
+    # limit would incorrectly return all rows instead of an empty list.
+    assert await session.get_items(limit=0) == []
+    assert await session.get_items(limit=-1) == []
+
     session.close()