fix(0129): logical not is truthiness-aware, not a bit flip

The unary .not arm emitted bool_not (LLVM bitwise Not) for every
operand. Correct on i1; on an error binding — an error-set value, u32
tag at the LLVM level — a bitwise not of a nonzero tag stays nonzero,
so 'if !e' held even on a SET error and its branch read the
uninitialized success value (real segfault in the distribution repo's
sqlite tests). Plain integers had the same hole ('!7' was '~7').

Now: bool keeps bool_not; integers and error-set operands lower as the
truthiness complement (cmp_eq against a typed zero); anything else is
diagnosed instead of silently bit-flipped.

Regression: examples/1057 (set error: !e must not hold; success: !e
holds with a real value; integer truthiness) + examples/1171 (!"text"
diagnosed); both FAIL pre-fix. zig build test 426/426;
tests/run_examples.sh 600/600.

examples/1057-errors-negated-error-binding.sx

@@ -0,0 +1,36 @@
+// `!` on an error binding is the truthiness complement of `if e` (issue
+// 0129). Pre-fix, `!` lowered as a bitwise not, so a nonzero error tag
+// stayed nonzero and `if !e` held even on a SET error — with the success
+// value read as garbage. Integer operands get the same `!x ≡ x == 0`
+// semantics.
+#import "modules/std.sx";
+
+E :: error { Boom }
+
+f :: (fail: bool) -> (i64, !E) {
+    if fail { raise error.Boom; }
+    return 42;
+}
+
+main :: () -> i32 {
+    // set error: `if e` holds, `if !e` must NOT
+    v, e := f(true);
+    took_e := false;
+    if e { took_e = true; }
+    if !e { print("BUG: !e held on a set error (v={})\n", v); return 1; }
+    if !took_e { print("BUG: if e did not hold on a set error\n"); return 2; }
+
+    // success: `if !e` holds and the value is real
+    v2, e2 := f(false);
+    if e2 { print("BUG: e2 set on success\n"); return 3; }
+    if !e2 { print("ok: !e2 on success, v2={}\n", v2); }
+
+    // integers: `!n` is `n == 0`, not a bit flip
+    n := 7;
+    if !n { print("BUG: !7 held\n"); return 4; }
+    z := 0;
+    if !z { print("ok: !0 holds\n"); }
+
+    print("done\n");
+    return 0;
+}

examples/1171-diagnostics-logical-not-bad-operand.sx

@@ -0,0 +1,10 @@
+// `!` on an operand that has no truthiness (neither bool, integer, nor
+// an error binding) is diagnosed instead of silently bit-flipped
+// (issue 0129's diagnostic half).
+#import "modules/std.sx";
+
+main :: () -> i32 {
+    s := "text";
+    if !s { print("unreachable\n"); }
+    return 0;
+}

examples/expected/1057-errors-negated-error-binding.exit

@@ -0,0 +1 @@
+0

examples/expected/1057-errors-negated-error-binding.stderr

@@ -0,0 +1 @@
+

examples/expected/1057-errors-negated-error-binding.stdout

@@ -0,0 +1,3 @@
+ok: !e2 on success, v2=42
+ok: !0 holds
+done

examples/expected/1171-diagnostics-logical-not-bad-operand.exit

@@ -0,0 +1 @@
+1

examples/expected/1171-diagnostics-logical-not-bad-operand.stderr

@@ -0,0 +1,5 @@
+error: '!' needs a bool, integer, or error operand; got 'string'
+  --> examples/1171-diagnostics-logical-not-bad-operand.sx:8:8
+   |
+ 8 |     if !s { print("unreachable\n"); }
+   |        ^^

examples/expected/1171-diagnostics-logical-not-bad-operand.stdout

@@ -0,0 +1 @@
+

issues/0129-negated-error-binding-bitwise-not.md

@@ -0,0 +1,68 @@
+# RESOLVED — 0129: `if !e` held on a SET error binding (logical not lowered bitwise)
+
+> **RESOLVED** (2026-06-12). Root cause: the `.not` arm of unary
+> lowering (src/ir/lower/expr.zig) emitted `bool_not` — LLVM's bitwise
+> `Not` — for EVERY operand type. On a real `i1` bool that is logical
+> not; on an error binding (an error-set value, a u32 tag at the LLVM
+> level) a bitwise not of a nonzero tag is still nonzero, so the branch
+> condition stayed truthy: `if e` and `if !e` BOTH held on a set error,
+> and the `!e` branch read the uninitialized success value. Plain
+> integers had the same hole (`!7` was `~7` — truthy). Fix: `!` is now
+> truthiness-aware — bool keeps `bool_not`; integers and error-set
+> values lower as the complement `operand == 0` (`cmp_eq` against a
+> typed zero); any other operand type is DIAGNOSED ("'!' needs a bool,
+> integer, or error operand") instead of silently bit-flipped.
+> Regression tests: `examples/1057-errors-negated-error-binding.sx`
+> (set error: `!e` must not hold; success: `!e` holds with a real
+> value; `!7`/`!0` integer truthiness) and
+> `examples/1171-diagnostics-logical-not-bad-operand.sx` (`!"text"`
+> diagnosed); both FAIL on pre-fix master. Gates: zig build test
+> 426/426, tests/run_examples.sh 600/600.
+
+## Symptom
+
+`if e { ... }` on an error binding from a value-carrying failable
+correctly tests "error is set", but `if !e { ... }` evaluates TRUE even
+when the error IS set — both branches run, and the success value read
+in the `!e` branch is uninitialized garbage.
+
+Hit in production: /Users/agra/projects/distribution
+`tests/sqlite_api.sx` (2026-06-12) — a `close()` behind `if !ne`
+segfaulted on a garbage handle. The interim workaround routed negated
+error logic through a plain bool.
+
+## Reproduction
+
+```sx
+#import "modules/std.sx";
+
+E :: error { Boom }
+
+f :: (fail: bool) -> (i64, !E) {
+    if fail { raise error.Boom; }
+    return 42;
+}
+
+main :: () -> i32 {
+    v, e := f(true);
+    if e { print("error set\n"); }
+    if !e { print("BUG: !e true on a set error (v={})\n", v); return 1; }
+    return 0;
+}
+```
+
+Observed at master ba37d0b: prints both lines, v is garbage, exits 1.
+Expected: prints only "error set", exits 0.
+
+## Investigation prompt
+
+Suspected area: the unary `.not` lowering in src/ir/lower/expr.zig —
+it emits `bool_not` (src/backend/llvm/ops.zig `emitBoolNot` →
+`LLVMBuildNot`, a bitwise xor-with-all-ones) regardless of operand
+type. Error bindings are error-set values backed by a u32 tag
+(src/backend/llvm/types.zig lowers `.error_set` to i32), so `~tag` of
+a set error is nonzero and the condition holds. Fix: make `!`
+truthiness-aware (complement-of-zero for integer-backed operands), or
+diagnose non-bool operands; silent wrong evaluation is the worst of
+both. Verify with the repro plus an integer-truthiness case, and run
+zig build test + tests/run_examples.sh.

src/ir/lower/expr.zig

@@ -2030,7 +2030,28 @@ pub fn lowerExpr(self: *Lowering, node: *const Node) Ref {
             self.suppress_int_fit_check = saved_fit;
             break :blk switch (uop.op) {
                 .negate => self.builder.emit(.{ .neg = .{ .operand = operand } }, self.inferExprType(uop.operand)),
-                .not => self.builder.emit(.{ .bool_not = .{ .operand = operand } }, .bool),
+                // `!` is LOGICAL not. Only a real bool may go through the
+                // bitwise `bool_not` (i1); an integer-backed operand — an
+                // error binding (u32 tag), a plain integer — lowers as the
+                // truthiness complement `operand == 0`: a bitwise not of a
+                // nonzero tag stays nonzero, so `if !e` held even on a set
+                // error (issue 0129). Anything else is diagnosed.
+                .not => blk2: {
+                    const oty = self.inferExprType(uop.operand);
+                    if (oty == .bool) {
+                        break :blk2 self.builder.emit(.{ .bool_not = .{ .operand = operand } }, .bool);
+                    }
+                    const int_like = self.isIntEx(oty) or
+                        (!oty.isBuiltin() and self.module.types.get(oty) == .error_set);
+                    if (int_like) {
+                        const zero = self.builder.constInt(0, oty);
+                        break :blk2 self.builder.emit(.{ .cmp_eq = .{ .lhs = operand, .rhs = zero } }, .bool);
+                    }
+                    if (self.diagnostics) |d| {
+                        d.addFmt(.err, node.span, "'!' needs a bool, integer, or error operand; got '{s}'", .{self.formatTypeName(oty)});
+                    }
+                    break :blk2 self.builder.constBool(false);
+                },
                 .bit_not => self.builder.emit(.{ .bit_not = .{ .operand = operand } }, self.inferExprType(uop.operand)),
                 .xx => self.lowerXX(operand, uop.operand),
                 .address_of => blk2: {