fix(deps): pin surrealdb==2.0.0 — close wire-format drift surface (#252 Layer 1)

[Knapp-Kevin]

Summary

#252 Layer 1 of the privacy-preserving ledger-remediation strategy (`docs/research-brief-252-privacy-preserving-ledger-remediation.md`). One-line patch-level pin closes the wire-format drift surface that produced `jaune24`'s `Invalid revision 116 for type Value` deserialization error.

Root cause class

"Invalid revision N for type Value" from SurrealDB's deserializer is a wire-format version mismatch between the surrealdb-py client and the on-disk SurrealKV record header. With `surrealdb>=2.0.0` (floor only), a routine `pip install --upgrade` can swap the lib under an existing ledger and silently introduce incompatibility — the failure mode that hit `jaune24`.

What ships

One file changed: `pyproject.toml` — `surrealdb>=2.0.0` → `surrealdb==2.0.0` with inline rationale comment.

Why `==2.0.0` is unambiguous

`pip index versions surrealdb` confirms `2.0.0` is the only published patch in the 2.x range:
```
Available versions: 2.0.0, 1.0.8, 1.0.7, ..., 0.0.1
```

The pin is a no-op for current installs (everyone is already on 2.0.0); the value is at install-time for future users — no upgrade can swap the wire format under an existing ledger.

Privacy posture

This fix is privacy-preserving by construction:

• No customer data needed to ship
• No telemetry added
• No new code surface — purely a dependency-resolver constraint

This satisfies the operator directive on #252 ("keep customer's private data private and fulfill security compliance concerns while still providing resolution").

Test plan

• `pip index versions surrealdb` confirms 2.0.0 is the only 2.x patch
• `tomllib.loads(pyproject.toml)` parses cleanly
• Ledger / ingest / canary / audit_log test suites pass with the pin (no runtime behavior change — same version installed)
• After merge: smoke-test a fresh install (`uv tool install bicameral-mcp` from a clean env) — should resolve to 2.0.0 deterministically

Future bump discipline

Bumping the pin requires (per the strategy brief):

1. Verify the new surrealdb-py version against the schema-revision sentinel (link_commit fails with SurrealDB 'Invalid revision 116' + recommended v0.13.9 not on PyPI #252 Layer 2)
2. Ship operator-driven export/import migration path (link_commit fails with SurrealDB 'Invalid revision 116' + recommended v0.13.9 not on PyPI #252 Layer 4)
3. Update this pin with explicit migration rationale in the commit message

Closes

• link_commit fails with SurrealDB 'Invalid revision 116' + recommended v0.13.9 not on PyPI #252 Issue 2 Layer 1 (Layer 2 / 3 / 4 / 5 are separate PRs per the strategy brief)

Related

• Strategy brief: docs/research-brief-252-privacy-preserving-ledger-remediation.md
• link_commit fails with SurrealDB 'Invalid revision 116' + recommended v0.13.9 not on PyPI #252 Issue 1 (RECOMMENDED_VERSION revert) → PR fix(release): revert RECOMMENDED_VERSION to 0.13.8 (#252 Issue 1 — stop-bleed) #254 (against `main`, awaiting review)

🤖 Generated with Claude Code

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 438106c3-f4e5-4cb3-b6a4-ed64cba4e7e3

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/252-layer-1-pin-surrealdb

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}