[codex] Review CMAP candidate fixes

.context/MAP.md

@@ -161,9 +161,9 @@ Obsidian integration is file-based only: `cmap obsidian export` writes Markdown
 - Import graph, route v2, and pack v2 are paused historical ideas; the current roadmap is HTML review first, then AI relation candidates.
 
 ## Verification Summary
-Run `pnpm test`, `pnpm typecheck`, and `pnpm build` before claiming implementation status. For CLI behavior, prefer integration tests that spawn `tsx src/cli.ts` in temporary project directories. Brief/Obsidian behavior is covered by `tests/integration/m6-brief-obsidian.test.ts`; MapPatch/update-agent behavior is covered by `tests/integration/m7-update-agent.test.ts`; generated evidence, inbox status, and stale checks are covered by `tests/integration/m8-evidence-stale-inbox.test.ts`; route context pack behavior is covered by `tests/integration/m10-route-context-pack.test.ts`; context size controls are covered by `tests/integration/m11-context-size-controls.test.ts`; route benchmark context metrics are covered by `tests/integration/m12-route-benchmark-context.test.ts`; context pack budget/redaction behavior is covered by `tests/integration/m16-context-pack.test.ts`.
+Run `pnpm test`, `pnpm typecheck`, and `pnpm build` before claiming implementation status. For CLI behavior, prefer integration tests that spawn `tsx src/cli.ts` in temporary project directories. Brief/Obsidian behavior is covered by `tests/integration/m6-brief-obsidian.test.ts`; MapPatch/update-agent behavior is covered by `tests/integration/m7-update-agent.test.ts`; generated evidence, inbox status, and stale checks are covered by `tests/integration/m8-evidence-stale-inbox.test.ts`; route context pack behavior is covered by `tests/integration/m10-route-context-pack.test.ts`; context size controls are covered by `tests/integration/m11-context-size-controls.test.ts`; route benchmark context metrics are covered by `tests/integration/m12-route-benchmark-context.test.ts`; context pack budget/redaction behavior is covered by `tests/integration/m16-context-pack.test.ts`; inbox evidence path safety is covered by `tests/integration/m24-inbox-path-escape.test.ts`; structured candidate visibility in HTML view is covered by `tests/integration/m25-view-structured-candidates.test.ts`; HTML view secret redaction is covered by `tests/unit/redact.test.ts`.
 
 ## Handoff Notes
-Current implementation covers v0.1 CLI commands plus explicit `CHECKPOINT.md` handoff, AI brief, budgeted/redacted `pack`, Obsidian view-layer export/check/pull dry-run, changed-file coverage checks, relation checks, route benchmarking with context-pack metrics and CI thresholds, conservative GSD v1/v2 dry-run reconciliation, MapPatch v1/v2 policy gate, generated/canonical evidence separation, generated stats store, freshness v2, controlled low-risk inbox promotion, observe/assist hook evidence collection, assist hook session brief generation, Codex-first lifecycle render/ingest, Claude hook lifecycle render/test compatibility, deterministic graph projections, graph explanation, route context packing from reviewed module relations plus module-owned verification commands, `--max-context` size controls, CI Markdown verify reports, GitHub Actions quality gate, and refreshed product showcase.
+Current implementation covers v0.1 CLI commands plus explicit `CHECKPOINT.md` handoff, AI brief, budgeted/redacted `pack`, Obsidian view-layer export/check/pull dry-run, changed-file coverage checks, relation checks, route benchmarking with context-pack metrics and CI thresholds, conservative GSD v1/v2 dry-run reconciliation, MapPatch v1/v2 policy gate, generated/canonical evidence separation, generated stats store, freshness v2, controlled low-risk inbox promotion with project-root evidence path validation, structured candidate visibility in the HTML review view, strengthened HTML secret redaction, observe/assist hook evidence collection, assist hook session brief generation, Codex-first lifecycle render/ingest, Claude hook lifecycle render/test compatibility, deterministic graph projections, graph explanation, route context packing from reviewed module relations plus module-owned verification commands, `--max-context` size controls, CI Markdown verify reports, GitHub Actions quality gate, and refreshed product showcase.
 
 Next roadmap is v0.2 Trust Boundary + Human Review Layer: PR-B `cmap view export` read-only HTML dashboard, PR-C trust-boundary hygiene/lifecycle ingest/Codex workflow/generated evidence migration, PR-C2 Freshness v2, and PR-D AI Relation Candidate Workflow. Old import graph/test ownership, route v2, and pack v2 are paused historical ideas, not current work.

.context/modules/evidence.md

@@ -14,6 +14,7 @@ paths:
   - src/core/generated-store.ts
   - src/core/generated-stats.ts
   - src/core/freshness.ts
+  - src/fs/safe-path.ts
 aliases:
   - evidence
   - generated evidence
@@ -44,6 +45,7 @@ Maintain deterministic support evidence, generated module/route usage stats, and
 - `src/commands/evidence.ts`
 - `src/commands/inbox.ts`
 - `src/core/candidate-store.ts`
+- `src/fs/safe-path.ts`
 
 ## Responsibilities
 - Append bounded generated evidence to `.context/generated/evidence/modules/<module>.jsonl`.
@@ -61,7 +63,7 @@ Maintain deterministic support evidence, generated module/route usage stats, and
 - Print unified candidate counts plus legacy Markdown warnings through `cmap inbox status`.
 - Group unified inbox candidates by risk and type through `cmap inbox triage`.
 - Preview candidate promotion guidance through `cmap inbox promote <id> --dry-run` without editing canonical context.
-- Apply only low-risk alias/path/evidence candidates from legacy or structured candidate stores through `cmap inbox promote <id> --apply` with backup, audit, verify, and archive.
+- Apply only low-risk alias/path/evidence candidates from legacy or structured candidate stores through `cmap inbox promote <id> --apply` with project-root evidence path validation, backup, audit, verify, and archive.
 - Reject false candidates through `cmap inbox reject <id> --reason "..."` while retaining the original candidate in archive.
 - Move reviewed candidates into `.context/inbox/archive/` through `cmap inbox archive <id>` without deleting data.
 - Count simple high-risk inbox markers so semantic backlog remains visible.
@@ -135,6 +137,7 @@ User, assist hook, or MapPatch v2 provides explicit evidence -> generated-store
 - `pnpm test tests/integration/m13-policy-stats.test.ts`
 - `pnpm test tests/integration/m9-hooks-assist.test.ts`
 - `pnpm test tests/integration/m18-freshness-inbox-promote.test.ts`
+- `pnpm test tests/integration/m24-inbox-path-escape.test.ts`
 - `pnpm test tests/integration/m21-candidate-store.test.ts`
 - `pnpm dev evidence append --module route --file src/commands/route.ts --summary "Route inspected"`
 - `pnpm dev evidence list --module route`

.context/modules/tests.md

@@ -41,8 +41,11 @@ Prove public CLI behavior with reproducible integration tests and built-CLI smok
 - `tests/integration/m16-context-pack.test.ts`
 - `tests/integration/m17-hooks-ingest-codex.test.ts`
 - `tests/integration/m18-freshness-inbox-promote.test.ts`
+- `tests/integration/m24-inbox-path-escape.test.ts`
+- `tests/integration/m25-view-structured-candidates.test.ts`
 - `tests/integration/cli-errors.test.ts`
 - `tests/integration/verify-l0.test.ts`
+- `tests/unit/redact.test.ts`
 - `scripts/smoke-test.mjs`
 
 ## Responsibilities
@@ -63,9 +66,12 @@ Prove public CLI behavior with reproducible integration tests and built-CLI smok
 - Assert policy defaults, generated module activity stats, and policy-backed inbox thresholds.
 - Assert route usage stats are written when policy allows stats updates.
 - Assert freshness snapshot/review warnings, low-risk inbox promote apply backup/audit/archive behavior, and explicit inbox reject archive behavior.
+- Assert inbox promotion rejects evidence paths that escape the project root.
 - Assert graph projections, graph explanation, and graph-mode route output.
 - Assert CI Markdown verify output and benchmark threshold failure behavior.
 - Assert context pack budget enforcement, route-neighborhood selection, and secret-looking value redaction.
+- Assert HTML view redaction covers auth headers, cloud SDK credential fields, and PEM private key blocks without over-redacting innocent identifiers.
+- Assert `view export --include-inbox` surfaces structured `cmap.candidate.v1` files from `.context/inbox/candidates/*.json`.
 - Run built `dist/cli.js` against a real temp project through `pnpm smoke`.
 
 ## Depends On
@@ -104,6 +110,9 @@ Temporary directories under the system temp path.
 - `pnpm test tests/integration/m16-context-pack.test.ts`
 - `pnpm test tests/integration/m17-hooks-ingest-codex.test.ts`
 - `pnpm test tests/integration/m18-freshness-inbox-promote.test.ts`
+- `pnpm test tests/integration/m24-inbox-path-escape.test.ts`
+- `pnpm test tests/integration/m25-view-structured-candidates.test.ts`
+- `pnpm test tests/unit/redact.test.ts`
 - `pnpm smoke`
 
 ## When to Update This Doc

.context/modules/view.md

@@ -5,6 +5,8 @@ paths:
   - src/view
   - src/commands/view.ts
   - tests/integration/m19-view-export.test.ts
+  - tests/integration/m25-view-structured-candidates.test.ts
+  - tests/unit/redact.test.ts
 aliases:
   - view
   - dashboard
@@ -27,7 +29,8 @@ Render a read-only, single-file HTML review dashboard from trusted `.context` pr
 - Emits `cmap.view_data.v1` as embedded JSON for deterministic checks and future UI iteration.
 - Default export shows canonical Overview, Modules, Canonical Relations, Verification, and Warnings.
 - `--include-generated`, `--include-inbox`, and `--include-freshness` gate generated/support-layer detail sections.
-- Treats generated evidence, inbox candidates, freshness metadata, and relation candidates as support signals only.
+- Treats generated evidence, legacy inbox Markdown, structured inbox candidates, freshness metadata, and relation candidates as support signals only.
+- Reads structured `cmap.candidate.v1` JSON files from `.context/inbox/candidates/*.json` so candidate-store output is visible in the human review dashboard.
 - Marks relation candidates as Candidate / Non-canonical and never offers browser-side apply/promote.
 - Missing support layers must degrade to warnings and "Not available", not hard failures.
 - `--check` compares normalized full HTML, not only embedded JSON, so renderer/template drift is caught while volatile `generatedAt` is ignored.
@@ -36,13 +39,15 @@ Render a read-only, single-file HTML review dashboard from trusted `.context` pr
 
 ## Safety
 - Escape all rendered text.
-- Redact obvious token/secret/password/API key strings before HTML output.
+- Redact obvious token/secret/password/API key strings, common auth headers, cloud SDK key fields, and PEM private key blocks before HTML output.
 - Do not load CDN assets, execute eval, or read owned source-code bodies for display.
 - Keep the initial dashboard static and local-only.
 - Use DOM text APIs and data attributes for interactivity; do not inject unsanitized HTML.
 
 ## Verification
 - `pnpm test tests/integration/m19-view-export.test.ts`
+- `pnpm test tests/integration/m25-view-structured-candidates.test.ts`
+- `pnpm test tests/unit/redact.test.ts`
 - `pnpm dev view export --out _cmap-view`
 - `pnpm dev view export --check --out _cmap-view`
 - `pnpm typecheck`

package.json

@@ -29,7 +29,6 @@
   },
   "dependencies": {
     "commander": "14.0.3",
-    "fast-glob": "3.3.3",
     "gray-matter": "4.0.3",
     "zod": "4.4.3"
   },