fix(store,mcp): prevent ghost .db file creation for unknown projects

- Add cbm_store_open_path_query() that opens with SQLITE_OPEN_READWRITE
  only (no SQLITE_OPEN_CREATE); returns NULL when file is absent
- Declare cbm_store_open_path_query() in store.h
- Change resolve_store() in mcp.c to call cbm_store_open_path_query
  so querying a nonexistent project never creates a ghost .db file
- Indexing path (cbm_store_open_path) retains SQLITE_OPEN_CREATE

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: shanemccarron-maker

src/mcp/mcp.c

@@ -637,10 +637,11 @@ static cbm_store_t *resolve_store(cbm_mcp_server_t *srv, const char *project) {
         srv->store = NULL;
     }
 
-    /* Open project's .db file */
+    /* Open project's .db file — query-only open (no SQLITE_OPEN_CREATE) to
+     * prevent ghost .db file creation for unknown/unindexed projects. */
     char path[1024];
     project_db_path(project, path, sizeof(path));
-    srv->store = cbm_store_open_path(path);
+    srv->store = cbm_store_open_path_query(path);
     srv->owns_store = true;
     free(srv->current_project);
     srv->current_project = heap_strdup(project);

src/store/store.c

@@ -365,6 +365,45 @@ cbm_store_t *cbm_store_open_path(const char *db_path) {
     return store_open_internal(db_path, false);
 }
 
+cbm_store_t *cbm_store_open_path_query(const char *db_path) {
+    if (!db_path) {
+        return NULL;
+    }
+
+    cbm_store_t *s = calloc(1, sizeof(cbm_store_t));
+    if (!s) {
+        return NULL;
+    }
+
+    /* Open read-write but do NOT create — returns SQLITE_CANTOPEN if absent. */
+    int rc = sqlite3_open_v2(db_path, &s->db, SQLITE_OPEN_READWRITE, NULL);
+    if (rc != SQLITE_OK) {
+        /* File does not exist or cannot be opened — return NULL without creating. */
+        free(s);
+        return NULL;
+    }
+
+    s->db_path = heap_strdup(db_path);
+
+    /* Security: block ATTACH/DETACH to prevent file creation via SQL injection. */
+    sqlite3_set_authorizer(s->db, store_authorizer, NULL);
+
+    /* Register REGEXP functions. */
+    sqlite3_create_function(s->db, "regexp", 2, SQLITE_UTF8 | SQLITE_DETERMINISTIC, NULL,
+                            sqlite_regexp, NULL, NULL);
+    sqlite3_create_function(s->db, "iregexp", 2, SQLITE_UTF8 | SQLITE_DETERMINISTIC, NULL,
+                            sqlite_iregexp, NULL, NULL);
+
+    if (configure_pragmas(s, false) != CBM_STORE_OK) {
+        sqlite3_close(s->db);
+        free((void *)s->db_path);
+        free(s);
+        return NULL;
+    }
+
+    return s;
+}
+
 cbm_store_t *cbm_store_open(const char *project) {
     if (!project) {
         return NULL;

src/store/store.h

@@ -190,6 +190,10 @@ cbm_store_t *cbm_store_open_memory(void);
 /* Open a file-backed database at the given path. Creates if needed. */
 cbm_store_t *cbm_store_open_path(const char *db_path);
 
+/* Open an existing file-backed database for querying only (no SQLITE_OPEN_CREATE).
+ * Returns NULL if the file does not exist — never creates a new .db file. */
+cbm_store_t *cbm_store_open_path_query(const char *db_path);
+
 /* Open database for a named project in the default cache dir. */
 cbm_store_t *cbm_store_open(const char *project);