Production hardening + frontend UI freeze remediation with verified burst performance

[MatthewFrench]

Update (2026-02-27): Project Ordering Parity (Portable, No Codex Local-State Coupling)

This branch now also includes the project-order parity fix that matches Codex behavior using only Farfield thread data.

Root cause

• Initial active sidebar ordering was computed before archived-thread metadata was loaded.
• Projects whose older history existed in archived threads (for example Crunchy-Watchlist) could rank differently until the archived section was opened.

What changed

1. Active + archived metadata is now used for active project ordering

• Active project group order now derives from merged project metadata across active and archived thread sets.

2. Canonical project-created timestamp semantics are now earliest-created

• Project grouping and merge paths now use min(createdAt) as projectCreatedAt so ordering semantics are stable and deterministic.
• Incremental patch paths and full rebuild paths were aligned to the same rule.

3. Archived metadata is preloaded during tracked core refresh

• loadCoreDataTracked now preloads archived thread metadata, so first visible ordering is correct without requiring the archived section to be opened.

4. No Codex local-state coupling

• Ordering logic remains portable and does not depend on ~/.codex file reads or Codex-specific local-state contracts.

Validation

• bun run --cwd apps/WebApplication test -- Tests/UseCoreDataLoaders.test.tsx Tests/ThreadListPresentationStateResolver.test.ts Tests/ThreadGroupSelectors.test.ts
• bun run --cwd apps/WebApplication typecheck
• bunx @biomejs/biome check --error-on-warnings on touched files
• node scripts/tooling/with-env.mjs "bunx playwright test -c playwright.real.config.ts end-to-end/real/scenarios/project-ordering.spec.ts" (passes)

---

Update (2026-02-27): Frontend UI Freeze Remediation Completed

This branch now also includes full frontend freeze-remediation closure, with all planned phases implemented and verified.

What was added

1. Parse-once boundary cleanup on hot web paths

• removed remaining double-parse path in thread creation API flow
• added deterministic parse-budget coverage (single JSON parse + single structured-data validation pass)

2. Worker-backed stream decisioning (main-thread load reduction)

• added strict worker request/response contracts for event-stream refresh decisions
• added worker owner/runtime and wired execution mode through app configuration
• event messages are handled in deterministic ordered async sequence
• decision read failures now trigger deterministic hard-refresh scheduling

3. Thread-list work proportional to delta size

• added incremental thread project-grouping owner keyed by stable thread identifiers
• large-state/small-delta path now patches affected groups instead of broad regroup/rebuild work
• added row-level render containment on active/archived list rows while preserving interaction behavior

4. Stress harness contract alignment + observability evidence

• aligned strict stress schemas to current /api/threads and /api/threads/:threadId/stream-events response contracts
• captured successful burst evidence from bun run stress:stream-burst

Burst evidence (latest)

• streamRequests=51919
• streamFailures=0
• healthProbes=30
• healthFailures=0
• healthNotReady=0
• healthP95=16ms
• healthMax=20ms
• streamRouteP95=2.667ms
• streamRouteP95QueueDelay=6ms
• streamRouteMaxQueueDelay=6ms
• healthRouteP95QueueDelay=15ms
• healthRouteMaxQueueDelay=24ms

Freeze-remediation verification run

• bun run --cwd apps/WebApplication test -- Tests/FarfieldHttpTransport.test.ts Tests/ThreadApi.test.ts Tests/EventStreamRefreshDecisionEngine.test.ts Tests/EventStreamConnectionCoordinator.test.ts Tests/UseEventStreamEffects.test.tsx Tests/EventStreamRefreshDecisionWorkerOwner.test.ts Tests/ThreadListPresentationStateResolver.test.ts
• bun run test:ci:mocked:web:critical
• bun run lint
• bun run typecheck
• bun run stress:stream-burst
• bun run verify:end-to-end:real

Why This PR Exists

Farfield needed to become trustworthy for real-device push workflows (especially iOS Home Screen usage): secure by default, privacy-correct in mixed subscriber setups, operationally diagnosable, and protected by real quality gates so regressions are caught before merge.

Most Important Outcomes

1) Push reliability and correctness on real devices

• End-to-end push flows are now production-grade: strict subscription handling, receipt capture, send tracking, retry/backoff behavior, and deterministic state ownership.
• Push test dispatch correlation is fixed for mixed privacy cohorts by reusing a shared notificationId/createdAt per test run.

2) Security and privacy hardening where it matters

• /api/* and /events auth behavior is enforced more consistently.
• /api/push/local-ca no longer leaks host filesystem metadata (sourcePath removed).
• Mixed privacy-mode subscription behavior is corrected so private subscribers are treated safely.

3) Stronger engineering guardrails across the repo

• Real ESLint configuration is now active repo-wide.
• Coverage checks are integrated into premerge:check.
• Server coverage thresholds were ratcheted upward after adding boundary tests:
  • lines/statements: 46
  • branches: 72
  • functions: 84

4) Data/cache and request efficiency improvements

• Request boundaries were tightened with stricter route contract handling and explicit parsing/validation paths.
• Cache-aware read paths are emphasized so the UI can render known data immediately and merge fresher data as updates arrive.
• Incremental update behavior is preferred over broad refresh churn, including append/merge style synchronization in stream-driven paths where applicable.
• Refresh work is more scoped and deterministic, avoiding whole-surface reloads when targeted updates or mutation-owned invalidation are sufficient.
• Concurrency-sensitive push and mutation paths are better covered and more deterministic under mixed runtime conditions.

5) Separation of concerns to prevent architectural sprawl

• Layering is reinforced across protocol contracts, API/data-access owners, state/logic coordinators, and UI composition surfaces.
• Data model handling remains explicit and schema-driven at runtime boundaries.
• State ownership decomposition continues (including app shell slices) to reduce monolithic control flow and cross-layer coupling.

6) Architecture and maintainability improvements

• DesktopIpcClient was refactored to extract frame-buffer ownership into a dedicated module.
• Oversized protocol tests were split into owner-aligned suites for readability and safer iteration.
• Push/network route boundaries now have focused, high-value tests around contracts and error paths.

Key Changes (By Area)

Server / Network / Push

• Push route hardening and broader route-level test coverage.
• Create-thread adapter resolution now requires enabled + connected adapters, reducing avoidable create-thread failures.
• Push API contract tightening and protocol alignment.

Web Application

• State ownership cleanup and thread/push interaction polish.
• Deterministic UI behavior improvements (including icon loading behavior used in real runtime validation).
• Frontend freeze-remediation implementation across transport, stream decisioning, and thread-list update paths.

Protocol + Adapters

• Expanded strict schema tests for thread, IPC, and app-server payloads.
• Refactors to reduce high-churn risk and improve module responsibility boundaries.

Review Thread Follow-Through

All previously unresolved review threads on this PR were addressed by implementing fixes, replying with concrete resolution notes, and resolving each thread via gh.

Validation

• bun run premerge:check (lint + tests + coverage gate): ✅
• Focused boundary tests for push/network behavior: ✅
• Protocol suite after test-surface decomposition: ✅
• Adapter suite after IPC framing refactor: ✅
• Real Playwright scenarios against live runtime: ✅
• Freeze-remediation gates and burst/real-e2e reruns: ✅

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c8e87331d8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 13f25cbd36

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2730a2ad3e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8b89bfac13

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 59d9007cec

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b81abf6ebf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 04b8946884

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6156d0827e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 52aef2c1f4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0e3fac22db

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7ed015bf82

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1596326067

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

farfield/packages/codex-api/src/live-state.ts

Lines 115 to 116 in 1254005

	(parent as Record<string, unknown>)[last] = patch.value;
	return parseThreadConversationState(state);

Enforce key existence for object replace patches

In the object branch of applyStrictPatch, replace is handled the same as add, so a replace on a missing key creates that key instead of failing. When prior patches are missed, this masks stream divergence and produces a state that does not match the server’s patch semantics, preventing the reducer from raising an error and recovering cleanly.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f9f880ec32

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8e7ff7464c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7a8c760d68

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0f76b6c488

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2d1006c116

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c821405756

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d535d72ea3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

farfield/packages/codex-protocol/src/app-server.ts

Line 88 in a7261d5

sandbox: z.any().optional(),

Replace unbounded sandbox schema with strict validation

Using z.any() here disables schema validation for sandbox, so malformed adapter responses can silently pass protocol parsing and propagate invalid data to downstream callers that rely on typed contracts. This also conflicts with the strict typing rule in /workspace/farfield/AGENTS.md (“types must be absolutely precise”), so this field should use an explicit schema instead of accepting arbitrary values.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6456c9eb55

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4939a86776

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a1a723e9b3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c8f16159b0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fc549f26b5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cc44941897

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0675dbb2b2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1ab3514934

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a13d4ecd74

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0a5f6bef8e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a6135acd22

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[MatthewFrench]

Reviewed the previously unresolved PR concerns and addressed the affected code paths locally in this branch.

Covered fixes:

• single-pass strict patch reduction in LiveStateEventReductionOwner
• lightweight live-state suppression plus SSE backpressure handling in the thread delta/event stream owners
• guarded local image and local CA download streaming with request-scoped error handling
• tightened dev proxy trust and stable-dev proxy trust so Host-header spoofing does not grant token injection
• removed originless trusted-token injection from the Caddy templates
• excluded validate-script-path-governance.mjs from self-scanning and replaced ci-mode-stress full-env propagation with an allowlisted inherited environment

Focused verification completed:

• bun test packages/CodexInterfaceAdapter/Tests/LiveState.test.ts apps/ServerApplication/Tests/ThreadStreamDeltaEventPublisher.test.ts apps/ServerApplication/Tests/EventStreamClientRegistry.test.ts
• bun test apps/ServerApplication/Tests/LocalImageRoutes.test.ts apps/ServerApplication/Tests/PushRoutes.test.ts apps/WebApplication/Tests/DevelopmentProxyTrustPolicy.test.ts scripts/Tests/StableDevelopmentProxyTrustPolicy.test.ts scripts/Tests/ValidateScriptPathGovernance.test.ts
• node scripts/tooling/validate-script-path-governance.mjs

As of March 11, 2026, GitHub reports 0 unresolved review threads on this PR, so there was nothing left to reply to or resolve inline.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d04dba8cd6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3c4aad3de4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8b6d2a0f95

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 64481223aa

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d78082ba55

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Allow same-origin API GETs without Origin header

The local Caddy trust matcher only treats /api/* as trusted when Origin exactly matches {{SITE_ADDRESS}}, and sends all other API requests to @untrusted_api (403). Same-origin browser GET/HEAD requests commonly omit the Origin header, so normal read flows (for example thread list loads) can be blocked when running through Caddyfile.local.template with token injection enabled. The domain template already has an originless GET/HEAD allowance for this case; local mode needs the same behavior (or an equivalent non-spoofable trust signal) to avoid breaking authenticated reads.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 706b0f1630

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Bound queued SSE frames for backpressured clients

When a client hits backpressure (write returns false), flushQueuedFrames stops draining, but enqueueFrame keeps appending every broadcast and keepalive without any bound. A slow or stalled SSE connection can therefore accumulate an unbounded queuedFrames array and grow server memory until process instability; this path should cap buffered frames and evict or otherwise shed persistently backpressured clients.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Remove originless GET/HEAD trust from domain API matcher

Fresh evidence in this commit: the domain trusted matcher explicitly allows Origin to be empty for GET/HEAD, which means non-browser clients can omit Origin and still receive X-Farfield-Token injection on /api/*. In deployments reachable beyond localhost, that grants token-protected read API access without presenting the token and weakens the intended auth boundary.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 219efde986

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Allowlist env vars before spawning dev child processes

This spawn path forwards the entire parent environment (...process.env) into the server/web child processes, which can expose unrelated secrets to downstream logs, debug surfaces, or subprocess artifacts whenever developers run bun run dev with sensitive shell variables set. The repository contract in AGENTS.md (rule 47) requires schema-owned allowlisted child environments; this should be restricted to the explicit keys these children actually need.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Do not pass full parent env to end-to-end subprocesses

The safety runner executes bun/bunx playwright with env: process.env, so every CI/developer secret in the parent shell is inherited by the spawned test toolchain; those values can leak into traces, crash dumps, or child-command logging under failure conditions. This violates the same AGENTS.md rule 47 allowlist requirement and should be replaced with an explicit, minimal environment contract.

Useful? React with 👍 / 👎.