diff --git a/.jules/sentinel.md b/.jules/sentinel.md
new file mode 100644
index 0000000..58fdee4
--- /dev/null
+++ b/.jules/sentinel.md
@@ -0,0 +1,4 @@
+## 2024-05-24 - Fix SQL injection in SQLite PRAGMA configuration
+**Vulnerability:** SQLite `PRAGMA` statements configured via unvalidated string concatenation (e.g., `conn.execute(f"PRAGMA journal_mode={mode}")`) allow SQL injection because `PRAGMA` queries do not support parameterized placeholders (`?`).
+**Learning:** Environment variables or other input sources used directly in PRAGMA queries bypass the normal SQL parameterization protections.
+**Prevention:** Strictly allowlist or validate all values dynamically passed into `PRAGMA` commands.
diff --git a/intelligence/company/meridian_platform/observability_store.py b/intelligence/company/meridian_platform/observability_store.py
index a75d2f1..6384588 100644
--- a/intelligence/company/meridian_platform/observability_store.py
+++ b/intelligence/company/meridian_platform/observability_store.py
@@ -26,6 +26,8 @@ def _connect(db_path: str) -> sqlite3.Connection:
     configured_journal_mode = (
         os.environ.get('MERIDIAN_OBSERVABILITY_SQLITE_JOURNAL_MODE', 'WAL') or 'WAL'
     ).strip().upper()
+    if configured_journal_mode not in {'DELETE', 'TRUNCATE', 'PERSIST', 'MEMORY', 'WAL', 'OFF'}:
+        configured_journal_mode = 'WAL'
     if configured_journal_mode not in {'', 'DEFAULT', 'OFF'}:
         needs_init = configured_journal_mode != 'WAL' or db_path not in _JOURNAL_MODE_INITIALIZED
         if needs_init: