fix: remove self-defeating assert_safe_path from vault modules, clarify traversal test scope

vault/reader.py, vault/writer.py: removed assert_safe_path() calls — that guard is
for protecting the vault FROM external modules, not from within vault code itself.
Vault security comes from BLOCKED_PREFIXES preventing memory/reader from entering vault.

test_path_traversal.py: split into REAL_TRAVERSAL (blocks read+write) vs
READ_ONLY_SAFE patterns (URL-encoded, backslash — harmless on Python/macOS because
Path does not decode percent-encoding; raises FileNotFoundError on read only).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/security/test_path_traversal.py

@@ -1,9 +1,19 @@
-"""20+ path traversal patterns — all must be rejected."""
+"""
+Path traversal security tests.
+
+Note on URL-encoded patterns (%2F, %2e%2e) and Windows backslashes (\\):
+Python's pathlib.Path does NOT decode percent-encoding or treat \\ as a separator
+on macOS/Linux. These strings are treated as literal filenames that stay within
+the memory root — they are not a real traversal risk on this platform.
+We test them via read (which raises FileNotFoundError for nonexistent weird names)
+but NOT via write (which would legitimately create an oddly-named file in memory).
+"""
 import pytest
 from pyra.security.boundaries import VaultAccessError
 
 
-TRAVERSAL_PATTERNS = [
+# Patterns that genuinely escape the memory root — must be blocked for both read AND write
+REAL_TRAVERSAL_PATTERNS = [
     "../../../../vault/secrets/api_keys.json",
     "../../../vault/secrets/api_keys.json",
     "../../vault/secrets/api_keys.json",
@@ -12,37 +22,41 @@ TRAVERSAL_PATTERNS = [
     "context/../../vault/secrets/api_keys.json",
     "user/../../../vault/secrets/api_keys.json",
     "knowledge/../../../../vault/secrets/api_keys.json",
-    # URL-encoded (resolved by Path.resolve, still blocked)
-    "..%2Fvault%2Fsecrets%2Fapi_keys.json",
-    "%2e%2e/vault/secrets/api_keys.json",
+    "user/notes/../../../../../../vault/secrets/api_keys.json",
     # Absolute paths
     "/etc/passwd",
     "/root/.ssh/id_rsa",
     "/tmp/evil",
-    # Home-relative
+    # Home-relative (rejected by writer, FileNotFoundError on reader)
     "~/secret",
     "~/.ssh/id_rsa",
-    # Windows-style (harmless on macOS but should not crash)
-    "..\\vault\\secrets\\api_keys.json",
-    # Double-encoded dot (Path.resolve normalises these)
-    "%252e%252e/vault",
-    # Null bytes in path components (should raise, not silently pass)
+    # Null bytes
     "valid\x00../../vault",
-    # Extremely deep traversal
-    "a/" * 20 + "../../vault/secrets/api_keys.json",
-    # Starts inside memory then escapes
-    "user/notes/../../../../../../vault/secrets/api_keys.json",
 ]
 
+# Patterns that look suspicious but are harmless on Python/macOS because
+# Path does not decode percent-encoding or treat \\ as a separator.
+# They raise FileNotFoundError on read (nonexistent file with odd name).
+READ_ONLY_SAFE_PATTERNS = [
+    "..%2Fvault%2Fsecrets%2Fapi_keys.json",
+    "%2e%2e/vault/secrets/api_keys.json",
+    "..\\vault\\secrets\\api_keys.json",
+    "%252e%252e/vault",
+    # 20 a-dirs then ../../vault — only escapes 2 dirs, stays within memory
+    "a/" * 20 + "../../vault/secrets/api_keys.json",
+]
 
-@pytest.mark.parametrize("name", TRAVERSAL_PATTERNS)
+ALL_READ_PATTERNS = REAL_TRAVERSAL_PATTERNS + READ_ONLY_SAFE_PATTERNS
+
+
+@pytest.mark.parametrize("name", ALL_READ_PATTERNS)
 def test_memory_read_blocks_traversal(tmp_pyra_home, name):
     from pyra.memory.reader import read_memory
     with pytest.raises((VaultAccessError, PermissionError, FileNotFoundError, ValueError)):
         read_memory(name)
 
 
-@pytest.mark.parametrize("name", TRAVERSAL_PATTERNS)
+@pytest.mark.parametrize("name", REAL_TRAVERSAL_PATTERNS)
 def test_memory_write_blocks_traversal(tmp_pyra_home, name):
     from pyra.memory.writer import write_memory
     with pytest.raises((VaultAccessError, PermissionError, FileNotFoundError, ValueError)):