MemPalace Security Audit Exposes High-Risk Data Deletion Flaw

A security audit of the MemPalace codebase has uncovered critical vulnerabilities, with a high-risk path traversal flaw posing a direct threat of irreversible data loss. The audit report details how the `mempalace migrate` and `mempalace repair` commands can be exploited to delete entire directories, including a user's home folder, without sufficient validation. This vulnerability stems from the direct use of `shutil.rmtree()` on user-supplied paths, creating a scenario where a simple configuration error or malicious argument could trigger catastrophic deletion.

The core issue resides in `mempalace/migrate.py` and `mempalace/cli.py`, where the `migrate` and `cmd_repair` functions perform directory deletion based on the `--palace` argument or the `MEMPALACE_PALACE_PATH` environment variable. The code lacks checks to confirm the target path is a legitimate MemPalace data directory, opening the door for path traversal attacks. An attacker could potentially manipulate these inputs to point to critical system locations, leading to unauthorized and permanent data destruction.

This finding signals a severe oversight in the application's security posture, placing user data at immediate risk. The audit recommends implementing safety checks, such as verifying directory contents or requiring explicit user confirmation before deletion. Until patched, users running these commands are exposed to a significant operational hazard, where a single mistyped path could result in the loss of personal files and system integrity. The vulnerability underscores the critical need for robust input validation in command-line tools handling destructive operations.