fix: audit findings in src/session

[avoidwork]

Code Audit: session

Summary

Total issues: 1 (critical: 0, high: 0, medium: 1, low: 0)

One medium-severity bug found in the session saver related to YAML frontmatter string escaping.

Findings

File	Issue Type	Severity	Summary
src/session/saver.js	bug	medium	String values in frontmatter are not escaped, which could cause YAML parsing errors if the string contains quotes or newlines

Remediation Priority

1. [Medium severity bugs]
   • Escape string values in frontmatter to prevent YAML parsing errors (lines 28-34 in saver.js)

[avoidwork]

Implementation Complete ✅

PR: #353 — fix: fix-yaml-frontmatter-escaping — escape special characters in YAML frontmatter strings

Summary

Fixed the medium-severity bug where string values in YAML frontmatter (generated by src/session/saver.js) were not properly escaped. Added an escapeYamlString() helper that escapes backslashes, double quotes, and newlines in the correct order to avoid double-escaping.

Changes

• Code: Added escapeYamlString() helper in src/session/saver.js, applied to all string frontmatter values
• Tests: Added 4 unit tests in tests/unit/saver.test.js covering quotes, backslashes, newlines, and normal strings
• Spec: Updated openspec/specs/memory-system/spec.md with the escaping requirement

Verification

• Tests: 1161 pass, 0 fail
• Lint: passing
• Coverage: maintained at 100%