Skip to content

[codex] Sanitize OpenCode DB strings#147

Merged
graykode merged 2 commits into
mainfrom
codex/harden-opencode-db-strings
Jun 29, 2026
Merged

[codex] Sanitize OpenCode DB strings#147
graykode merged 2 commits into
mainfrom
codex/harden-opencode-db-strings

Conversation

@graykode

Copy link
Copy Markdown
Owner

This hardens the OpenCode collector's DB ingestion path.

What changed:

  • Strips terminal control and bidi characters from DB-sourced display fields before they reach the TUI or JSON snapshot.
  • Keeps title redaction for known secret prefixes through a dedicated helper.
  • Applies the same sanitization to model/provider strings loaded from the model lookup query.
  • Adds tests for control-character removal and title secret redaction.

Why:
OpenCode session metadata is local data, but it is still rendered in terminal UI and exposed through snapshots. Sanitizing these DB-sourced strings keeps the collector aligned with the defensive handling used elsewhere.

Validation:

  • cargo build
  • cargo clippy --all-targets -- -D warnings
  • cargo test

@graykode graykode marked this pull request as ready for review June 29, 2026 06:10
@graykode graykode merged commit 704f4de into main Jun 29, 2026
7 checks passed
@graykode graykode deleted the codex/harden-opencode-db-strings branch June 29, 2026 06:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant