From 4c3ce265e48f22d2f1821b92aa209fa28f70cfdd Mon Sep 17 00:00:00 2001
From: m3taversal <m3taversal@gmail.com>
Date: Thu, 16 Apr 2026 13:40:37 +0100
Subject: [PATCH] fix: sanitize enrichment target_file path traversal

Path(target).name strips directory components from LLM-generated
target filenames, preventing path traversal via ../. Same pattern
already applied to claim filenames (line 404) and entity filenames
(line 416). Ganymede-approved.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 lib/extract.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/extract.py b/lib/extract.py
index d82de83..17d3e7a 100644
--- a/lib/extract.py
+++ b/lib/extract.py
@@ -483,7 +483,7 @@ async def _extract_one_source(
         if not target or not evidence:
             continue
         # Find the target claim file in the worktree (search domains/)
-        target_stem = target.replace(".md", "")
+        target_stem = Path(target.replace(".md", "")).name
         found = None
         for domain_dir in (worktree / "domains").iterdir():
             candidate = domain_dir / f"{target_stem}.md"