fix(memory): log OpenViking chmod failures

plugins/memory/openviking/__init__.py

@@ -535,8 +535,8 @@ def _env_writes_from_connection_values(values: dict) -> dict:
 def _restrict_secret_file_permissions(path: Path) -> None:
     try:
         path.chmod(stat.S_IRUSR | stat.S_IWUSR)
-    except OSError:
-        pass
+    except OSError as e:
+        logger.debug("Could not restrict permissions on %s: %s", path, e)
 
 
 def _write_env_vars(env_path: Path, env_writes: dict, remove_keys: tuple[str, ...] = ()) -> None:

tests/plugins/memory/test_openviking_provider.py

@@ -76,6 +76,22 @@ def test_ovcli_config_writer_restricts_file_permissions(tmp_path):
     assert stat.S_IMODE(config_path.stat().st_mode) == 0o600
 
 
+def test_secret_permission_restriction_logs_chmod_failure(tmp_path, monkeypatch, caplog):
+    env_path = tmp_path / ".env"
+    env_path.write_text("OPENVIKING_API_KEY=secret\n", encoding="utf-8")
+
+    def fail_chmod(self, mode):
+        raise OSError("read-only filesystem")
+
+    monkeypatch.setattr(type(env_path), "chmod", fail_chmod)
+
+    with caplog.at_level("DEBUG", logger=openviking_module.__name__):
+        openviking_module._restrict_secret_file_permissions(env_path)
+
+    assert "Could not restrict permissions" in caplog.text
+    assert "read-only filesystem" in caplog.text
+
+
 def test_linked_ovcli_config_is_read_at_runtime(tmp_path, monkeypatch):
     _clear_openviking_env(monkeypatch)
     ovcli_path = tmp_path / "ovcli.conf"