From 5bf826046c38b00f058dfc1ec97c9f27fbd3e99d Mon Sep 17 00:00:00 2001
From: JunghwanNA <70629228+shaun0927@users.noreply.github.com>
Date: Thu, 16 Apr 2026 12:12:17 +0900
Subject: [PATCH] fix: sanitize topic parameter in tool_diary_write

agent_name and entry are validated via sanitize_name/sanitize_content,
but topic is stored raw into ChromaDB metadata. Apply the same
sanitize_name guard to reject null bytes, path traversal, and
oversized payloads.
---
 mempalace/mcp_server.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mempalace/mcp_server.py b/mempalace/mcp_server.py
index 3918a19..7cac8f0 100644
--- a/mempalace/mcp_server.py
+++ b/mempalace/mcp_server.py
@@ -925,6 +925,7 @@ def tool_diary_write(agent_name: str, entry: str, topic: str = "general"):
     try:
         agent_name = sanitize_name(agent_name, "agent_name")
         entry = sanitize_content(entry)
+        topic = sanitize_name(topic, "topic")
     except ValueError as e:
         return {"success": False, "error": str(e)}