fix: decrypt raises 'Ciphertext too short' on plaintext files shorter than 4 bytes

[yc111233]

Problem

When encryption is enabled, FileEncryptor.decrypt() raises InvalidMagicError("Ciphertext too short") for plaintext files shorter than 4 bytes (including empty files).

This happens because the length check (len(ciphertext) < MAGIC_LENGTH) runs before the magic header check (ciphertext.startswith(MAGIC)). Empty or short plaintext files fail the length check before they can be recognized as unencrypted.

Root Cause

In append_file() (viking_fs.py), when a session's messages.jsonl is empty (0 bytes) — which happens after VK archives messages — the read-then-decrypt flow hits this bug:

1. Reads 0-byte file → passes to _decrypt_content()
2. decrypt() checks len(b'') < 4 → raises "Ciphertext too short"
3. Never reaches the startswith(MAGIC) check that would return plaintext as-is

Fix

Swap the order of checks in decrypt():

# Before (bug):
if len(ciphertext) < MAGIC_LENGTH:
    raise InvalidMagicError("Ciphertext too short")
if not ciphertext.startswith(MAGIC):
    return ciphertext

# After (fix):
if not ciphertext.startswith(MAGIC):
    return ciphertext
if len(ciphertext) < MAGIC_LENGTH:
    raise InvalidMagicError("Ciphertext too short")

Testing

Verified that:

• Empty bytes decrypt → returns empty bytes (no error)
• Short plaintext (e.g. b'ab') → returns as-is
• JSON plaintext → returns as-is
• Encrypted round trip → works correctly
• memory_store / memory_recall → work with encryption enabled

[github-actions]

Failed to generate code suggestions for PR

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

yc111233 seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[baojun-zhang]

Thank you for your submission! We really appreciate it.
If possible, please supplement the unit tests for this scenario in https://github.com/volcengine/OpenViking/blob/main/tests/unit/crypto/test_encryptor.py .