Dedupe backend/core into eval_mcp/core; harden path handling against CodeQL py/path-injection

Finishes the dedupe started in the previous commit. 11 modules in
backend/core/ were byte-identical or only-import-line copies of
eval_mcp/core/ equivalents (user_storage, eval_results, s3_client,
pricing, bedrock_client, document_chunking, judge_config, logging_utils,
pdf_report, pipeline_stages, provider_pricing.json). Deleted the backend
copies, rewired ~18 imports in backend/api/*, backend/core/agent.py,
backend/core/chat.py, backend/core/judge_prompt_builder.py, and
backend/core/judge_tools.py to pull from eval_mcp.core.*. One-way
dependency (backend -> eval_mcp) is now consistent across the whole
tree; eval_mcp is the sole source of truth.

Path-injection hardening in the consolidated eval_mcp/core:
- New safe_user_path(user_id, *parts) helper in eval_mcp/core/user_storage.py:
  resolves the target and verifies it stays under both USER_STORAGE_BASE
  and {base}/{user_id}, rejects user_ids containing '/', '\\', or '..',
  rejects path parts that try to escape via traversal. This is the pattern
  CodeQL's py/path-injection rule recognizes as safe.
- New _ensure_under_base(path) helper for Path objects assembled outside
  the helper (used by _load_json_file, _save_json_file, and the two
  configs-dir reads in eval_results.py).
- _get_json_store_dir now validates store_type is a single path segment.
- eval_mcp/s3_sync.py: replicate_async and _is_syncable now use
  Path.resolve() + is_relative_to() instead of relative_to+ValueError.
- backend/api/compare.py report-save path routed through safe_user_path.
- eval_mcp/viewer.py report-download path routed through safe_user_path.

Behavior-neutral for existing EKS storage: Cognito user IDs are UUIDs
with only hex+hyphen characters, all directory names in the layout are
hardcoded strings ('configs', 'logs', 'store', etc.), and S3 key
construction uses plain strings unaffected by filesystem hardening.

Test plan:
- Unit-tested safe_user_path: accepts valid user/parts; rejects '', '.',
  '..', '../secret', 'alice/../bob', 'alice/bob', 'alice\\\\bob',
  and part-based escape attempts like ['..', '..', 'etc', 'passwd'].
- Smoke-imported backend.api.main, backend.api.compare, eval_mcp.server
  in repo venv and inside the built backend Docker image.
- Booted 'python -m eval_mcp' with EVAL_MCP_TRANSPORT=http in the
  container; uvicorn listens on :8002 (what the helm sidecar does).

Author: DataGomes

backend/api/compare.py

@@ -10,8 +10,8 @@
 from fastapi import APIRouter, Depends, HTTPException, Query, Request
 from fastapi.responses import Response
 
-from backend.core.eval_results import precompute_eval_results
-from backend.core.user_storage import get_user_log_dir, load_eval_detail, load_eval_groups
+from eval_mcp.core.eval_results import precompute_eval_results
+from eval_mcp.core.user_storage import get_user_log_dir, load_eval_detail, load_eval_groups
 
 logger = logging.getLogger(__name__)
 
@@ -32,7 +32,7 @@ async def get_comparison_groups(user_id: str = Depends(_get_user_id)):
     Serves from pre-computed cache (fast). Merges in running evals
     from log headers so they appear without waiting for completion.
     """
-    from backend.core.eval_results import _read_log_headers, _build_groups_from_headers
+    from eval_mcp.core.eval_results import _read_log_headers, _build_groups_from_headers
 
     # Serve cached completed evals (instant)
     cached = load_eval_groups(user_id)
@@ -63,7 +63,7 @@ async def get_comparison_groups(user_id: str = Depends(_get_user_id)):
 @router.get("/detail")
 async def get_comparison_detail(group_id: str, user_id: str = Depends(_get_user_id)):
     """Get full comparison data for a specific evaluation group."""
-    from backend.core.eval_results import _read_log_headers, _build_groups_from_headers
+    from eval_mcp.core.eval_results import _read_log_headers, _build_groups_from_headers
 
     # For running evals, read partial results directly (skip cache)
     log_dir = get_user_log_dir(user_id)
@@ -189,8 +189,8 @@ async def get_sample_detail(
     user_id: str = Depends(_get_user_id),
 ):
     """Get full detail for a single sample including judge reasoning."""
-    from backend.core.eval_results import _read_full_logs
-    from backend.core.user_storage import get_user_log_dir
+    from eval_mcp.core.eval_results import _read_full_logs
+    from eval_mcp.core.user_storage import get_user_log_dir
 
     log_dir = get_user_log_dir(user_id)
     if not log_file.startswith(log_dir) and f"/users/{user_id}/" not in log_file:
@@ -288,8 +288,8 @@ async def generate_report_pdf(
         session_id: Optional chat session ID to pull transcript for context.
         monthly_volume: Projected monthly call volume for cost projections.
     """
-    from backend.core.bedrock_client import BedrockClient
-    from backend.core.pdf_report import generate_pdf_report
+    from eval_mcp.core.bedrock_client import BedrockClient
+    from eval_mcp.core.pdf_report import generate_pdf_report
 
     # Load evaluation data
     detail = load_eval_detail(user_id, group_id)
@@ -320,8 +320,8 @@ async def generate_report_pdf(
     )
 
     # Store the PDF for later access
-    from backend.core.user_storage import _s3_enabled, _get_s3_client, DATA_BUCKET
-    from backend.core.user_storage import _get_json_store_dir
+    from eval_mcp.core.user_storage import _s3_enabled, _get_s3_client, DATA_BUCKET
+    from eval_mcp.core.user_storage import safe_user_path
 
     safe_id = group_id.replace("/", "_").replace("\\", "_")
     filename = f"report_{safe_id}.pdf"
@@ -335,8 +335,9 @@ async def generate_report_pdf(
             ContentType="application/pdf",
         )
     else:
-        reports_dir = _get_json_store_dir(user_id, "reports")
-        (reports_dir / filename).write_bytes(pdf_bytes)
+        pdf_path = safe_user_path(user_id, "store", "reports", filename)
+        pdf_path.parent.mkdir(parents=True, exist_ok=True)
+        pdf_path.write_bytes(pdf_bytes)
 
     return Response(
         content=pdf_bytes,

backend/api/main.py

@@ -17,16 +17,16 @@
 from pydantic import BaseModel
 
 from backend.core.agent import Agent
-from backend.core.bedrock_client import BedrockClient
+from eval_mcp.core.bedrock_client import BedrockClient
 from backend.core.database import Database
 from backend.core.mcp_client import MultiMCPClient
-from backend.core.s3_client import (
+from eval_mcp.core.s3_client import (
     is_s3_enabled,
     generate_presigned_upload_url,
     list_user_s3_documents,
     get_s3_document_content,
 )
-from backend.core.user_storage import save_document
+from eval_mcp.core.user_storage import save_document
 
 # Configure logging at module level (runs when uvicorn loads the app)
 logging.basicConfig(
@@ -455,7 +455,7 @@ async def process_qa_dataset_content(
         - rows_saved: int (if successful)
         - error: str (if failed)
     """
-    from backend.core.user_storage import save_dataset_to_db
+    from eval_mcp.core.user_storage import save_dataset_to_db
     from eval_mcp.tools.save_dataset import parse_content_to_rows, rows_to_test_cases, generate_dataset_name
 
     logger = logging.getLogger(__name__)
@@ -1261,7 +1261,7 @@ async def list_documents(user_id: str = Depends(get_current_user_id)):
         documents = list_user_s3_documents(user_id)
         return {"documents": documents, "storage": "s3"}
     else:
-        from backend.core.user_storage import list_user_document_paths
+        from eval_mcp.core.user_storage import list_user_document_paths
         paths = list_user_document_paths(user_id)
         documents = [{"path": p} for p in paths]
         return {"documents": documents, "storage": "disk"}

backend/core/agent.py

@@ -6,7 +6,7 @@
 
 from rich.console import Console
 
-from .bedrock_client import BedrockClient
+from eval_mcp.core.bedrock_client import BedrockClient
 from .mcp_client import MultiMCPClient
 
 console = Console()