[codex] fix: restrict graph commands to graphify-out#363

Open

aa-matsunari wants to merge 1 commit intosafishamsi:v4from

aa-matsunari:codex/apply-graph-path-guards

aa-matsunari commented Apr 15, 2026

Summary

apply validate_graph_path to CLI graph commands and MCP graph loading
add regressions for blocked paths outside graphify-out

Changed files

graphify/main.py
graphify/serve.py
tests/test_serve.py
tests/test_pipeline.py

Impact

prevents graph query tooling from reading arbitrary JSON files outside the project graph directory

Tests

/private/tmp/graphify-review/.venv/bin/python -m pytest /private/tmp/graphify-review-pr6/tests/test_serve.py /private/tmp/graphify-review-pr6/tests/test_pipeline.py


          [codex] fix: restrict graph commands to graphify-out

a5e113f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet