auditor: 2 fixes from kimi_architect on ebd9ab7 audit

The auditor's own audit on commit ebd9ab7 produced 10 kimi_architect
findings; 2 are real correctness issues that this commit lands. The
other 8 are documented in the commit body as triaged-skip with
rationale (false flags, defensible by current intent, or edge cases).

LANDED:

1. auditor/index.ts — atomic state mutation on audit count.
   `state.audit_count_per_pr[prKey] += 1` was held in memory until
   the cycle's saveState at the end. If the daemon was killed mid-
   cycle (SIGTERM, OOM, panic), the count was lost on restart while
   the on-disk last_audited still showed the SHA as audited — the cap
   silently leaked one audit per crash. Fix: persist state immediately
   after each successful audit so the increment survives a crash.
   saveState is idempotent + cheap (single JSON write); per-audit
   cost negligible.

2. auditor/checks/inference.ts — Number-coerce mode runner telemetry.
   `body?.latency_ms ?? 0` collapses null/undefined but passes through
   non-numeric values (string, NaN, etc.) which would poison downstream
   arithmetic in maxLatencyMs computation. Added a `num(v)` helper
   that does `Number(v)` with `isFinite` fallback to 0. Applied to
   latency_ms, enriched_prompt_chars, bug_fingerprints_count,
   matrix_chunks_kept.

SKIPPED with rationale:

- WARN kimi_architect.ts:211 "metrics appended even on empty verdict":
  this is intentional — observability shouldn't depend on whether
  parseFindings succeeded. Comment in the file explicitly notes this.
- WARN static.ts:270 "escaped-backslash-before-backtick edge case":
  real but extremely narrow (Rust raw strings with `\\\\\``). No
  observed false positives in production audits; defer.
- INFO kimi_architect.ts:333 "sync existsSync in async fn": existsSync
  is non-blocking syscall on Linux; not a real perf hit at audit
  scale (10s of findings per call).
- INFO kimi_architect.ts:105 "audit_index modulo wraparound at 50+
  audits": cap=3 means we never reach high counts on any PR.
- INFO inference.ts:366 "prompt injection delimiter risk": OUTPUT
  FORMAT delimiter is in our prompt template, not user input; user
  data goes inside content sections that don't contain the delimiter.
- WARN Cargo.lock:8739 "truth+validator no Cargo.toml in diff":
  false flag — Cargo.toml IS in workspace members (lines 17-18 of
  the workspace manifest).
- WARN config/modes.toml:1 "no schema validation": defensible — the
  load path validates structure (deserialize_string_or_vec at
  mode.rs:175) and falls back to safe default on parse error.
- INFO evidence_record.ts:124 "metadata accepts any keys": values are
  constrained to `string | number | boolean`; key-name validation
  not warranted for a domain-metadata field.

The 13 BLOCK-severity inference findings on this audit are all
"claim not backed" against historical commit messages from earlier
in the branch (8aa7ee9, bc698eb, 5bdd159, etc.). Those are
aspirational prose ("Verified end-to-end") that the deepseek
consensus can't verify from a static diff — known limitation, not
actionable as code fixes.

Verification:
  bun build auditor/index.ts                     compiles
  bun build auditor/checks/inference.ts          compiles
  systemctl restart lakehouse-auditor            active

Cap remains active on PR #11 (3/3) — daemon will not audit this
fix-commit. Reset state.audit_count_per_pr.11 to verify the fixes
land clean on a fresh audit when ready.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

auditor/checks/inference.ts

@@ -426,14 +426,22 @@ async function runModeRunnerInference(
       error: "unparseable", diagnostic: (e as Error).message, model,
     };
   }
-  const content: string = body?.response ?? "";
+  const content: string = typeof body?.response === "string" ? body.response : "";
   const parsed = extractJson(content);
+  // Number-coerced extractors so a non-numeric upstream value (string,
+  // null, NaN) collapses to 0 instead of poisoning downstream
+  // arithmetic. Caught 2026-04-27 by kimi_architect self-audit —
+  // optional-chaining + ?? only catches null/undefined, not type drift.
+  const num = (v: unknown): number => {
+    const n = typeof v === "number" ? v : Number(v);
+    return Number.isFinite(n) ? n : 0;
+  };
   return {
     parsed,
-    latency_ms: body?.latency_ms ?? 0,
+    latency_ms: num(body?.latency_ms),
-    enriched_chars: body?.enriched_prompt_chars ?? 0,
+    enriched_chars: num(body?.enriched_prompt_chars),
-    bug_fingerprints: body?.sources?.bug_fingerprints_count ?? 0,
+    bug_fingerprints: num(body?.sources?.bug_fingerprints_count),
-    matrix_kept: body?.sources?.matrix_chunks_kept ?? 0,
+    matrix_kept: num(body?.sources?.matrix_chunks_kept),
     error: parsed ? undefined : "unparseable",
     diagnostic: parsed ? undefined : content.slice(0, 200),
     model,

auditor/index.ts

@@ -143,6 +143,16 @@ async function runCycle(state: State): Promise<State> {
       if (state.audit_count_per_pr[prKey] >= MAX_AUDITS_PER_PR) {
         console.log(`[auditor]     PR #${pr.number} reached cap (${MAX_AUDITS_PER_PR} audits) — daemon will skip further audits until reset`);
       }
+      // Persist state immediately after each successful audit so the
+      // increment survives a crash. Pre-2026-04-27 the cycle saved
+      // once at the end (main.ts:140), which lost the count if the
+      // daemon was killed mid-cycle. Fix lifted from kimi_architect's
+      // own audit on this very file. saveState is idempotent + cheap
+      // (one JSON write), so per-audit cost is negligible.
+      try { await saveState(state); }
+      catch (e) {
+        console.error(`[auditor]     saveState mid-cycle failed: ${(e as Error).message} — count held in memory`);
+      }
     } catch (e) {
       console.error(`[auditor]     audit failed: ${(e as Error).message}`);
     }