From 9193feb6dc83041f3c365204648a88468bdc001b Mon Sep 17 00:00:00 2001 From: Haileyesus <118998054+blackmammoth@users.noreply.github.com> Date: Thu, 5 Mar 2026 13:01:43 +0300 Subject: [PATCH 1/2] chore: remove logging of received WebSocket messages in production (#487) --- src/contexts/WebSocketContext.tsx | 1 - 1 file changed, 1 deletion(-) diff --git a/src/contexts/WebSocketContext.tsx b/src/contexts/WebSocketContext.tsx index ff680963..2f2677ff 100644 --- a/src/contexts/WebSocketContext.tsx +++ b/src/contexts/WebSocketContext.tsx @@ -67,7 +67,6 @@ const useWebSocketProviderState = (): WebSocketContextType => { try { const data = JSON.parse(event.data); setLatestMessage(data); - console.log('--->Received WebSocket message:', data); } catch (error) { console.error('Error parsing WebSocket message:', error); } From 64a96b24f853acb802f700810b302f0f5cf00898 Mon Sep 17 00:00:00 2001 From: Haileyesus <118998054+blackmammoth@users.noreply.github.com> Date: Thu, 5 Mar 2026 13:10:51 +0300 Subject: [PATCH 2/2] fix(codex-history): prevent AGENTS.md/internal prompt leakage when reloading Codex sessions (#488) --- server/projects.js | 52 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 12 deletions(-) diff --git a/server/projects.js b/server/projects.js index d48bcb2b..586b58d3 100755 --- a/server/projects.js +++ b/server/projects.js @@ -1490,6 +1490,23 @@ async function getCodexSessions(projectPath, options = {}) { } } +function isVisibleCodexUserMessage(payload) { + if (!payload || payload.type !== 'user_message') { + return false; + } + + // Codex logs internal context (environment, instructions) as non-plain user_message kinds. + if (payload.kind && payload.kind !== 'plain') { + return false; + } + + if (typeof payload.message !== 'string' || payload.message.trim().length === 0) { + return false; + } + + return true; +} + // Parse a Codex session JSONL file to extract metadata async function parseCodexSessionFile(filePath) { try { @@ -1525,8 +1542,8 @@ async function parseCodexSessionFile(filePath) { }; } - // Count messages and extract user messages for summary - if (entry.type === 'event_msg' && entry.payload?.type === 'user_message') { + // Count visible user messages and extract summary from the latest plain user input. + if (entry.type === 'event_msg' && isVisibleCodexUserMessage(entry.payload)) { messageCount++; if (entry.payload.message) { lastUserMessage = entry.payload.message; @@ -1633,25 +1650,36 @@ async function getCodexSessionMessages(sessionId, limit = null, offset = 0) { }; } } + + // Use event_msg.user_message for user-visible inputs. + if (entry.type === 'event_msg' && isVisibleCodexUserMessage(entry.payload)) { + messages.push({ + type: 'user', + timestamp: entry.timestamp, + message: { + role: 'user', + content: entry.payload.message + } + }); + } - // Extract messages from response_item - if (entry.type === 'response_item' && entry.payload?.type === 'message') { + // response_item.message may include internal prompts for non-assistant roles. + // Keep only assistant output from response_item. + if ( + entry.type === 'response_item' && + entry.payload?.type === 'message' && + entry.payload.role === 'assistant' + ) { const content = entry.payload.content; - const role = entry.payload.role || 'assistant'; const textContent = extractText(content); - // Skip system context messages (environment_context) - if (textContent?.includes('')) { - continue; - } - // Only add if there's actual content if (textContent?.trim()) { messages.push({ - type: role === 'user' ? 'user' : 'assistant', + type: 'assistant', timestamp: entry.timestamp, message: { - role: role, + role: 'assistant', content: textContent } });