fix: route admin_edit through KnowledgeRepository.update instead of raw SQL

app/api/memory.py

@@ -224,18 +224,14 @@ async def admin_edit(
     conn: duckdb.DuckDBPyConnection = Depends(_get_db),
 ):
     repo = KnowledgeRepository(conn)
-    item = _get_item_or_404(repo, item_id)
-    # Direct update
+    _get_item_or_404(repo, item_id)
     updates = {}
     if request.title is not None:
         updates["title"] = request.title
     if request.content is not None:
         updates["content"] = request.content
     if updates:
-        from datetime import datetime, timezone
-        set_clause = ", ".join(f"{k} = ?" for k in updates)
-        values = list(updates.values()) + [datetime.now(timezone.utc), item_id]
-        conn.execute(f"UPDATE knowledge_items SET {set_clause}, updated_at = ? WHERE id = ?", values)
+        repo.update(item_id, **updates)
     _audit_action(conn, user["email"], "edit", item_id, updates)
     return {"id": item_id, "updated": list(updates.keys())}
 

src/repositories/knowledge.py

@@ -46,6 +46,17 @@ class KnowledgeRepository:
              json.dumps(tags) if tags else None, status, now, now],
         )
 
+    def update(self, item_id: str, **fields) -> None:
+        if not fields:
+            return
+        now = datetime.now(timezone.utc)
+        set_clause = ", ".join(f"{k} = ?" for k in fields)
+        values = list(fields.values()) + [now, item_id]
+        self.conn.execute(
+            f"UPDATE knowledge_items SET {set_clause}, updated_at = ? WHERE id = ?",
+            values,
+        )
+
     def update_status(self, item_id: str, status: str) -> None:
         now = datetime.now(timezone.utc)
         self.conn.execute(