Merge pull request #52 from 100monkeys-ai/copilot/fix-tool-routing-errors

Fix semantic misuse of `SignatureVerificationFailed`, add `JudgeTimeout` variant, harden path traversal prevention

Author: Theaxiom

orchestrator/core/src/application/tool_invocation_service.rs

@@ -144,13 +144,11 @@ impl ToolInvocationService {
             .route_tool(session.execution_id, &tool_name)
             .await
             .map_err(|e| {
-                SmcpSessionError::SignatureVerificationFailed(format!("Routing error: {}", e))
+                SmcpSessionError::MalformedPayload(format!("Routing error: {}", e))
             })?;
 
         let server = self.tool_router.get_server(server_id).await.ok_or(
-            SmcpSessionError::SignatureVerificationFailed(
-                "Server vanished after routing".to_string(),
-            ),
+            SmcpSessionError::MalformedPayload("Server vanished after routing".to_string()),
         )?;
 
         // 4. Execute based on ExecutionMode (Gateway Retrofit)
@@ -337,7 +335,7 @@ impl ToolInvocationService {
 
                         loop {
                             if attempts >= max_attempts {
-                                return Err(SmcpSessionError::SignatureVerificationFailed(
+                                return Err(SmcpSessionError::JudgeTimeout(
                                     format!(
                                         "Inner-loop semantic judge '{}' timed out after {} seconds.",
                                         judge_agent,
@@ -993,7 +991,7 @@ fn sanitize_segment(input: &str) -> String {
         return "unversioned".to_string();
     }
 
-    trimmed
+    let sanitized: String = trimmed
         .chars()
         .map(|c| {
             if c.is_ascii_alphanumeric() || c == '.' || c == '-' || c == '_' {
@@ -1002,7 +1000,19 @@ fn sanitize_segment(input: &str) -> String {
                 '_'
             }
         })
-        .collect()
+        .collect();
+
+    // Prevent path traversal patterns after character substitution.
+    // Treat empty or traversal-like segments as a safe default.
+    if sanitized.is_empty()
+        || sanitized == "."
+        || sanitized == ".."
+        || sanitized.contains("..")
+    {
+        "unversioned".to_string()
+    } else {
+        sanitized
+    }
 }
 
 fn path_to_string(path: &Path) -> String {

orchestrator/core/src/domain/smcp_session.rs

@@ -88,6 +88,8 @@ pub enum SmcpSessionError {
     MalformedPayload(String),
     /// The Ed25519 signature on the envelope did not verify against the session's stored public key.
     SignatureVerificationFailed(String),
+    /// A semantic judge agent did not respond within the allotted timeout window.
+    JudgeTimeout(String),
 }
 
 impl std::fmt::Display for SmcpSessionError {
@@ -100,6 +102,7 @@ impl std::fmt::Display for SmcpSessionError {
             Self::SignatureVerificationFailed(e) => {
                 write!(f, "Signature verification failed: {}", e)
             }
+            Self::JudgeTimeout(msg) => write!(f, "Judge timed out: {}", msg),
         }
     }
 }