Implement persistence command enhancements#7
Conversation
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e08d36a547
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| match self.session_store.delete(id).await { | ||
| Ok(_) => { | ||
| let msg = Message::system(&format!("Session '{}' deleted successfully.", id)); | ||
| self.session.add_message(msg.clone()); |
There was a problem hiding this comment.
The /delete handler treats every Ok(()) from SessionStore::delete as a successful deletion, but SessionStore::delete returns Ok(()) even when the target file does not exist. In practice, a mistyped or stale session ID will still show deleted successfully, which hides operator mistakes and makes it hard to trust cleanup actions.
Useful? React with 👍 / 👎.
| if let Some(id) = args.first() { | ||
| match self.session_store.delete(id).await { |
There was a problem hiding this comment.
This passes raw command input directly to session_store.delete(id), and the store builds file paths by joining session_id into the base directory. Without input validation, IDs containing path segments like ../ can resolve outside the sessions folder and delete unintended .json files, so /delete should reject non-ID characters (or canonicalize/guard paths) before calling delete.
Useful? React with 👍 / 👎.
|
@codex suggest changes |
|
To use Codex here, create an environment for this repo. |
|
@codex suggest changes |
Summary
Testing
|
1 participant
No description provided.