[codex] Review CMAP candidate fixes#1
Merged
Conversation
Source code has no import of fast-glob; the project uses a custom globToRegExp() in src/core/module-index.ts instead. Removing the dependency keeps package.json honest and trims node_modules. Bundle size unchanged (tsup already tree-shook it out). Tests: 134/134 pass Smoke: pass Build: pass
The original 'Path escapes project root: <path>' didn't tell users what to do instead. New message suggests _cmap-view/ or absolute path inside the project root, and the symlink variant now shows the resolved target. Preserves the 'Path escapes project root' prefix so existing m3.test.ts toContain() assertion still passes. Tests: 134/134 pass Typecheck: pass
The inbox promote --apply path was the only place in the codebase
that checked evidence with bare path.join(cwd, item) instead of
resolveInsideRoot. Combined with the cmap update --agent --write-inbox
flow that ingests external AI-authored MapPatches, this allowed
candidate evidence to reference '../outside' or '/etc/passwd' and
be accepted as canonical evidence, violating the v0.2 trust boundary.
Aligns inbox.ts with relate.ts / map-patch.ts / pack.ts /
freshness.ts which already use resolveInsideRoot.
Adds tests/integration/m24-inbox-path-escape.test.ts covering:
- relative escape ('../outside-file.txt') -> rejected
- absolute escape ('/etc/passwd') -> rejected
- inside path -> does not trigger path-escape
Tests: 137/137 pass (134 existing + 3 new)
Typecheck: pass
Smoke: pass
Credit: GPT round 1 review (codex:codex-rescue) and external gptpro
review (P0.5-1) both flagged this; Claude three-view review missed
it independently.
Before: api_key/token/secret/password fields + Bearer header
After: + authorization / x-api-key headers
+ cloud SDK idioms (client_secret/access_key/access_token/
refresh_token/private_key)
+ PEM private key blocks (RSA/OPENSSH/EC/DSA/ENCRYPTED)
Adds tests/unit/redact.test.ts with 7 cases including a negative
case ('tokenization', 'tokens.ts' must not be redacted) to prevent
over-aggressive redaction regressions.
Tests: 141/141 pass (134 existing + 7 new)
Typecheck: pass
Smoke: pass
Credit: external gptpro review (P0.5-5)
The view dashboard's collectInboxCandidates() only read legacy .context/inbox/*.md and .context/inbox/relations/*.json. Anything written to .context/inbox/candidates/*.json by candidate-store (the v0.2 main line) was invisible in the human review layer, defeating the dashboard's purpose. Adds collectStructuredCandidates() helper using parseCmapCandidate for schema validation, with MAX_CANDIDATES quota shared across legacy and structured sources, and an 'omitted' warning when over budget. Adds tests/integration/m25-view-structured-candidates.test.ts: - module.alias.add candidate appears in HTML - evidence.merge candidate shows dry-run command reviewers can copy Tests: 136/136 pass (134 existing + 2 new) Typecheck: pass Smoke: pass Credit: GPT round 1 (codex:codex-rescue) independently surfaced this gap during adversarial review of Claude's diagnosis.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CMAP_review: unused dependency cleanup, safer inbox evidence paths, friendlier safe-path errors, stronger HTML redaction, and structured candidate visibility in the HTML review dashboard..contextmodule docs so the project map reflects the new review-layer checks.Why
CMAP_review/REPORT.mdidentified these as small, high-ROI review candidates. The PR is a reviewable code suggestion only; it does not merge or changemain.Validation
pnpm test tests/integration/m24-inbox-path-escape.test.ts tests/integration/m25-view-structured-candidates.test.ts tests/unit/redact.test.tspnpm typecheckgit diff --checkpnpm testNotes
CMAP_review/and unrelated untrackedresearch/files are intentionally not included.