fix(persistence): address new Copilot review comments

- feedback.py: validate thread_id/run_id before deleting feedback
- jsonl.py: add path traversal protection with ID validation
- run_repo.py: parse `before` to datetime for PostgreSQL compat
- thread_meta_repo.py: fix pagination when metadata filter is active
- database_config.py: use resolve_path for sqlite_dir consistency

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend/packages/harness/deerflow/persistence/repositories/run_repo.py

@@ -126,8 +126,13 @@ class RunRepository(RunStore):
                 await session.commit()
 
     async def list_pending(self, *, before=None):
-        now = before or datetime.now(UTC).isoformat()
-        stmt = select(RunRow).where(RunRow.status == "pending", RunRow.created_at <= now).order_by(RunRow.created_at.asc())
+        if before is None:
+            before_dt = datetime.now(UTC)
+        elif isinstance(before, datetime):
+            before_dt = before
+        else:
+            before_dt = datetime.fromisoformat(before)
+        stmt = select(RunRow).where(RunRow.status == "pending", RunRow.created_at <= before_dt).order_by(RunRow.created_at.asc())
         async with self._sf() as session:
             result = await session.execute(stmt)
             return [self._row_to_dict(r) for r in result.scalars()]

backend/packages/harness/deerflow/persistence/repositories/thread_meta_repo.py

@@ -88,14 +88,22 @@ class ThreadMetaRepository(ThreadMetaStore):
         stmt = select(ThreadMetaRow).order_by(ThreadMetaRow.updated_at.desc())
         if status:
             stmt = stmt.where(ThreadMetaRow.status == status)
-        stmt = stmt.limit(limit).offset(offset)
-        async with self._sf() as session:
-            result = await session.execute(stmt)
-            rows = [self._row_to_dict(r) for r in result.scalars()]
 
         if metadata:
+            # When metadata filter is active, fetch a larger window and filter
+            # in Python. TODO(Phase 2): use JSON DB operators (Postgres @>,
+            # SQLite json_extract) for server-side filtering.
+            stmt = stmt.limit(limit * 5 + offset)
+            async with self._sf() as session:
+                result = await session.execute(stmt)
+                rows = [self._row_to_dict(r) for r in result.scalars()]
             rows = [r for r in rows if all(r.get("metadata", {}).get(k) == v for k, v in metadata.items())]
-        return rows
+            return rows[offset : offset + limit]
+        else:
+            stmt = stmt.limit(limit).offset(offset)
+            async with self._sf() as session:
+                result = await session.execute(stmt)
+                return [self._row_to_dict(r) for r in result.scalars()]
 
     async def update_display_name(self, thread_id: str, display_name: str) -> None:
         """Update the display_name (title) for a thread."""