[codex] remove unsafe debug tools and harden history handling#19
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This audit removes unsupported investigation binaries and hardens the production HTTP and history paths used by the SDK, CLI, and MCP server. The supported commands and exported SDK API remain intact.
The repository accumulated eleven one-off debug commands plus
synctest. Several ignored network and decoding errors, some duplicatedthingsync, and three embedded a task UUID and title from a specific investigation. Keeping them incmd/made them look supported, expanded the build surface, and preserved user-specific data in the current tree. This change removes those binaries and the duplicatecmd/README.md; the canonical command documentation remains in the root README.HTTP debug mode previously dumped complete requests and responses. That could include the Things Cloud authorization header, account passwords in request bodies, and task data in response bodies. Debug mode now logs only request method, redacted URL, response status, and transport errors.
The history client also accepted malformed JSON from successful HTTP responses, which could return empty histories or reset the local server-head index after a write. All history response decoders now fail closed.
History.Writechecks request construction before dereferencing the request and no longer logs response bodies on errors.Finally, daily summaries and the review view now calculate midnight in the local timezone instead of truncating to a UTC-aligned 24-hour boundary.
Net change: 101 insertions and 1,049 deletions.
Validation
go test ./...go test -race ./...go vet ./...go build ./...go mod tidy -diffgit diff --checkFocused regression tests cover sensitive debug-log redaction, malformed history IDs, and malformed JSON responses.