Skip to content

[codex] remove unsafe debug tools and harden history handling#19

Merged
pdurlej merged 1 commit into
mainfrom
codex/audit-cleanup
Jul 14, 2026
Merged

[codex] remove unsafe debug tools and harden history handling#19
pdurlej merged 1 commit into
mainfrom
codex/audit-cleanup

Conversation

@pdurlej

@pdurlej pdurlej commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

This audit removes unsupported investigation binaries and hardens the production HTTP and history paths used by the SDK, CLI, and MCP server. The supported commands and exported SDK API remain intact.

The repository accumulated eleven one-off debug commands plus synctest. Several ignored network and decoding errors, some duplicated thingsync, and three embedded a task UUID and title from a specific investigation. Keeping them in cmd/ made them look supported, expanded the build surface, and preserved user-specific data in the current tree. This change removes those binaries and the duplicate cmd/README.md; the canonical command documentation remains in the root README.

HTTP debug mode previously dumped complete requests and responses. That could include the Things Cloud authorization header, account passwords in request bodies, and task data in response bodies. Debug mode now logs only request method, redacted URL, response status, and transport errors.

The history client also accepted malformed JSON from successful HTTP responses, which could return empty histories or reset the local server-head index after a write. All history response decoders now fail closed. History.Write checks request construction before dereferencing the request and no longer logs response bodies on errors.

Finally, daily summaries and the review view now calculate midnight in the local timezone instead of truncating to a UTC-aligned 24-hour boundary.

Net change: 101 insertions and 1,049 deletions.

Validation

  • go test ./...
  • go test -race ./...
  • go vet ./...
  • go build ./...
  • go mod tidy -diff
  • git diff --check

Focused regression tests cover sensitive debug-log redaction, malformed history IDs, and malformed JSON responses.

@pdurlej pdurlej merged commit 3054c02 into main Jul 14, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant