security: fix path traversal vulnerability in blackboard.py change_id handling

- Added _sanitize_change_id() with regex validation (alphanumeric, hyphens, underscores, dots only)
- Added _safe_pending_path() with resolved path boundary check
- Applied to propose_change, validate_change, commit_change, abort_change
- Sanitized archive file paths in commit and abort operations
- Blocks both Unix (../../) and Windows (..\\) path traversal attacks
- Found by VirusTotal during ClawHub security scan

Author: jovanSAPFIONEER

scripts/blackboard.py

@@ -307,7 +307,38 @@ def delete(self, key: str) -> bool:
     # ========================================================================
     # ATOMIC COMMIT WORKFLOW: propose → validate → commit
     # ========================================================================
-    
+
+    @staticmethod
+    def _sanitize_change_id(change_id: str) -> str:
+        """
+        Sanitize change_id to prevent path traversal attacks.
+        Only allows alphanumeric characters, hyphens, underscores, and dots.
+        Rejects any path separators or parent directory references.
+        """
+        if not change_id or not isinstance(change_id, str):
+            raise ValueError("change_id must be a non-empty string")
+        # Strip whitespace
+        sanitized = change_id.strip()
+        # Reject path separators and parent directory traversal
+        if any(c in sanitized for c in ('/', '\\', '..')):
+            raise ValueError(
+                f"Invalid change_id '{change_id}': must not contain path separators or '..'"
+            )
+        # Only allow safe characters: alphanumeric, hyphen, underscore, dot
+        if not re.match(r'^[a-zA-Z0-9_\-\.]+$', sanitized):
+            raise ValueError(
+                f"Invalid change_id '{change_id}': only alphanumeric, hyphen, underscore, and dot allowed"
+            )
+        return sanitized
+
+    def _safe_pending_path(self, change_id: str, suffix: str = ".pending.json") -> Path:
+        """Build a pending-file path and verify it stays inside pending_dir."""
+        safe_id = self._sanitize_change_id(change_id)
+        target = (self.pending_dir / f"{safe_id}{suffix}").resolve()
+        if not str(target).startswith(str(self.pending_dir.resolve())):
+            raise ValueError(f"Path traversal blocked for change_id '{change_id}'")
+        return target
+
     def propose_change(self, change_id: str, key: str, value: Any, 
                        source_agent: str = "unknown", ttl: Optional[int] = None,
                        operation: str = "write") -> dict[str, Any]:
@@ -317,7 +348,7 @@ def propose_change(self, change_id: str, key: str, value: Any,
         The change is written to a .pending file and must be validated
         and committed by the orchestrator before it takes effect.
         """
-        pending_file = self.pending_dir / f"{change_id}.pending.json"
+        pending_file = self._safe_pending_path(change_id)
 
         # Check for duplicate change_id
         if pending_file.exists():
@@ -365,7 +396,7 @@ def validate_change(self, change_id: str) -> dict[str, Any]:
         - No conflicting changes to the same key
         - Base hash matches (data hasn't changed since proposal)
         """
-        pending_file = self.pending_dir / f"{change_id}.pending.json"
+        pending_file = self._safe_pending_path(change_id)
 
         if not pending_file.exists():
             return {
@@ -439,7 +470,7 @@ def commit_change(self, change_id: str) -> dict[str, Any]:
         """
         Apply a validated change atomically (Step 3 of atomic commit).
         """
-        pending_file = self.pending_dir / f"{change_id}.pending.json"
+        pending_file = self._safe_pending_path(change_id)
 
         if not pending_file.exists():
             return {
@@ -479,9 +510,10 @@ def commit_change(self, change_id: str) -> dict[str, Any]:
         change_set["status"] = "committed"
         change_set["committed_at"] = datetime.now(timezone.utc).isoformat()
 
+        safe_id = self._sanitize_change_id(change_id)
         archive_dir = self.pending_dir / "archive"
         archive_dir.mkdir(exist_ok=True)
-        archive_file = archive_dir / f"{change_id}.committed.json"
+        archive_file = archive_dir / f"{safe_id}.committed.json"
         archive_file.write_text(json.dumps(change_set, indent=2))
 
         # Remove pending file
@@ -497,7 +529,7 @@ def commit_change(self, change_id: str) -> dict[str, Any]:
 
     def abort_change(self, change_id: str) -> dict[str, Any]:
         """Abort a pending change without applying it."""
-        pending_file = self.pending_dir / f"{change_id}.pending.json"
+        pending_file = self._safe_pending_path(change_id)
 
         if not pending_file.exists():
             return {
@@ -510,9 +542,10 @@ def abort_change(self, change_id: str) -> dict[str, Any]:
         change_set["aborted_at"] = datetime.now(timezone.utc).isoformat()
 
         # Archive the aborted change
+        safe_id = self._sanitize_change_id(change_id)
         archive_dir = self.pending_dir / "archive"
         archive_dir.mkdir(exist_ok=True)
-        archive_file = archive_dir / f"{change_id}.aborted.json"
+        archive_file = archive_dir / f"{safe_id}.aborted.json"
         archive_file.write_text(json.dumps(change_set, indent=2))
 
         pending_file.unlink()