fix(platform-integrations): address CodeRabbit review on PR #266

- entity_io.write_entity_file: sanitize the explicit `filename` arg through
  slugify() to harden against path traversal (.., /, \ collapse to a safe
  single segment); slugify is idempotent on already-slugged input so all
  existing callers/tests stay green.
- provenance.read_recall_rows: fix docstring — it returns a list, not a
  generator, so "Yield ..." becomes "Return a list of ... tuples ...".
- EVOLVE.md.j2: add `bash` language to the bare fenced audit_recall command
  blocks so all rendered platform EVOLVE.md files get a fenced language.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: illeatmyhat

platform-integrations/bob/evolve-lite/EVOLVE.md

@@ -23,7 +23,7 @@ function, command, or flag, verify it still exists before relying on it.
 After recall, log which entries you actually opened, so the value of this memory
 can be measured over time. Run:
 
-```
+```bash
 python3 ~/.bob/evolve-lite/audit_recall.py <file> [<file> ...]
 ```
 

platform-integrations/bob/evolve-lite/lib/evolve-lite/entity_io.py

@@ -382,7 +382,7 @@ def write_entity_file(directory, entity, filename=None, overwrite=False):
     type_dir = Path(directory) / entity_type
     type_dir.mkdir(parents=True, exist_ok=True)
 
-    slug = filename if filename else slugify(entity.get("content", "entity"))
+    slug = slugify(filename) if filename else slugify(entity.get("content", "entity"))
     content = entity_to_markdown(entity)
 
     # Write to a unique temp file first (avoids predictable .tmp collisions)

platform-integrations/bob/evolve-lite/skills/evolve-lite-provenance/scripts/provenance.py

@@ -148,7 +148,7 @@ def locate_trajectory(session_id, evolve_dir, *, project_root=None, home=None):
 
 
 def read_recall_rows(evolve_dir):
-    """Yield ``(session_id, [entity_id, ...])`` for every ``recall`` audit row.
+    """Return a list of ``(session_id, [entity_id, ...])`` tuples for every ``recall`` audit row.
 
     Rows with no ``session_id`` or an empty ``entities`` list are skipped.
     """

platform-integrations/claude/plugins/evolve-lite/EVOLVE.md

@@ -18,7 +18,7 @@ once per memory you saved.
 After you read or consult native memories this turn, log which ones you actually
 opened, so the value of this memory can be measured over time. Run:
 
-```
+```bash
 python3 ~/.claude/evolve-lite/audit_recall.py <id> [<id> ...]
 ```
 

platform-integrations/claude/plugins/evolve-lite/lib/evolve-lite/entity_io.py

@@ -382,7 +382,7 @@ def write_entity_file(directory, entity, filename=None, overwrite=False):
     type_dir = Path(directory) / entity_type
     type_dir.mkdir(parents=True, exist_ok=True)
 
-    slug = filename if filename else slugify(entity.get("content", "entity"))
+    slug = slugify(filename) if filename else slugify(entity.get("content", "entity"))
     content = entity_to_markdown(entity)
 
     # Write to a unique temp file first (avoids predictable .tmp collisions)

platform-integrations/claude/plugins/evolve-lite/skills/evolve-lite/provenance/scripts/provenance.py

@@ -148,7 +148,7 @@ def locate_trajectory(session_id, evolve_dir, *, project_root=None, home=None):
 
 
 def read_recall_rows(evolve_dir):
-    """Yield ``(session_id, [entity_id, ...])`` for every ``recall`` audit row.
+    """Return a list of ``(session_id, [entity_id, ...])`` tuples for every ``recall`` audit row.
 
     Rows with no ``session_id`` or an empty ``entities`` list are skipped.
     """

platform-integrations/claw-code/plugins/evolve-lite/EVOLVE.md

@@ -23,7 +23,7 @@ function, command, or flag, verify it still exists before relying on it.
 After recall, log which entries you actually opened, so the value of this memory
 can be measured over time. Run:
 
-```
+```bash
 python3 ~/.claw/evolve-lite/audit_recall.py <file> [<file> ...]
 ```
 

platform-integrations/claw-code/plugins/evolve-lite/lib/evolve-lite/entity_io.py

@@ -382,7 +382,7 @@ def write_entity_file(directory, entity, filename=None, overwrite=False):
     type_dir = Path(directory) / entity_type
     type_dir.mkdir(parents=True, exist_ok=True)
 
-    slug = filename if filename else slugify(entity.get("content", "entity"))
+    slug = slugify(filename) if filename else slugify(entity.get("content", "entity"))
     content = entity_to_markdown(entity)
 
     # Write to a unique temp file first (avoids predictable .tmp collisions)

platform-integrations/claw-code/plugins/evolve-lite/skills/evolve-lite/provenance/scripts/provenance.py

@@ -148,7 +148,7 @@ def locate_trajectory(session_id, evolve_dir, *, project_root=None, home=None):
 
 
 def read_recall_rows(evolve_dir):
-    """Yield ``(session_id, [entity_id, ...])`` for every ``recall`` audit row.
+    """Return a list of ``(session_id, [entity_id, ...])`` tuples for every ``recall`` audit row.
 
     Rows with no ``session_id`` or an empty ``entities`` list are skipped.
     """

platform-integrations/codex/plugins/evolve-lite/EVOLVE.md

@@ -23,7 +23,7 @@ function, command, or flag, verify it still exists before relying on it.
 After recall, log which entries you actually opened, so the value of this memory
 can be measured over time. Run:
 
-```
+```bash
 python3 ~/.codex/evolve-lite/audit_recall.py <file> [<file> ...]
 ```