Fix Windows startup recovery and SurrealDB boot path

[jbcupps]

Summary

• reuse one embedded Surreal engine per store path and switch the file-backed local store path away from the failing Windows SurrealKv flow
• remove active legacy DB path compatibility from startup, add startup-cycle logging, and log the real store path used during reopen/stats
• recover disposable bootstrap profiles automatically and persist a Windows DPAPI fallback KEK so relaunches work even when keyring lookup fails

Verification

• cargo test -p abigail-persistence file_backed_handles_can_share_one_embedded_store_across_scopes -- --nocapture
• cargo test -p abigail-memory test_open_with_config_uses_configured_db_path -- --nocapture
• cargo test -p abigail-app disposable_bootstrap_profile_detects_unborn_hive_only_state -- --nocapture
• cargo test -p abigail-app disposable_bootstrap_profile_rejects_existing_vault_payloads -- --nocapture
• cargo test -p abigail-core windows_kek_fallback_roundtrips -- --nocapture
• cargo check -p abigail-app
• rebuilt arget/debug/abigail-app.exe and verified two clean Windows launches: first launch auto-archived the disposable broken bootstrap profile and second launch recovered from �ault.kek.dpapi without reopening the clean-start dialog

Notes

• the working tree still has an unrelated unstaged change in auri-app/Cargo.toml, which is intentionally excluded from this PR
• startup still logs missing instruction files for �uiltin.queue_management and forge skill instructions; those warnings are non-blocking and are not part of this fix

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0ffb51e8a6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore a durable backend for file-backed persistence

PersistenceHandle::open() now routes every on-disk store through Surreal::new::<Mem>(endpoint_path). SurrealDB's Rust embedding docs describe Mem as the in-memory backend and use a file engine such as RocksDB/SurrealKV for persistence (https://surrealdb.com/docs/sdk/rust/embedding), so this cache only preserves state for the lifetime of the current process. After a full Abigail restart, the same memory.db path can come back empty, which would wipe persisted memories and the job queue even though the same path is reused.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Preserve legacy SQLite import on first open_with_config

This change removes the migration step before opening the new Surreal store. IdentityManager::migrate_legacy_identity() still copies legacy abigail_memory.db / jobs.db files into the agent directory (crates/abigail-identity/src/lib.rs:738-755), and a repo-wide search now shows no remaining caller of migrate_legacy_layout(). For users upgrading from that layout, open_with_config() will skip the import entirely, so existing conversations, jobs, calendar, and KB rows stay stranded in the copied SQLite files and appear to disappear on first launch.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Validate the DPAPI fallback before repairing the keyring

In the fallback-recovery path, the KEK loaded from vault.kek.dpapi is written back into the OS keyring before verify_or_create_sentinel() proves that it can actually decrypt the existing vault. If that fallback file is corrupted or stale, startup not only fails, it also overwrites the previously-good keyring entry with the bad key, leaving later launches stuck on the same recovery error until the user manually repairs the keyring. The keyring repair needs to happen only after sentinel validation succeeds.

Useful? React with 👍 / 👎.