security: exclude secrets from indexing, add license, fix telemetry docs#97
security: exclude secrets from indexing, add license, fix telemetry docs#97
Conversation
|
Benchmark FAIL is CI noise — Re-running CI. |
justrach
force-pushed
the
fix/security-trust-93
branch
from
bbf110f to
1c0b433
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1c0b4339f0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| // Skip sensitive files (.env, credentials, keys) — same rules as snapshot filtering | ||
| if (isSensitivePath(path)) return true; |
There was a problem hiding this comment.
This new shouldSkipFile check only runs inside content/hashing paths, so sensitive files are still inserted into Store by recordSnapshot during initialScan/incrementalDiff and then exposed through codedb_changes (handleChanges prints c.path from Store). In practice, .env/credential filenames remain discoverable to MCP clients even after this security change; to fully satisfy the “exclude sensitive files” goal, the skip must happen before snapshot/version recording as well.
Useful? React with 👍 / 👎.
justrach
force-pushed
the
fix/security-trust-93
branch
from
1c0b433 to
691f142
Compare
Addresses #93 (items 1, 3, 4, 6): 1. Telemetry docs now accurately describe auto-sync behavior (#95) - README and docs/telemetry.md updated to disclose that telemetry syncs to analytics endpoint on session close - Still only aggregate stats — no file contents/paths/queries 2. Sensitive files excluded from live indexing (#96) - Added isSensitivePath() to watcher.zig shouldSkipFile() - .env*, credentials.json, secrets.*, .pem, .key, .p12, SSH keys, AWS configs now excluded from BOTH indexing AND snapshots - Previously only snapshots filtered these; now consistent 3. Added BSD 3-Clause LICENSE file - Copyright (c) 2024-2026, Rach Pradhan (justrach) 4. Added AGENTS.md with Codex review guidelines - Security-sensitive areas documented - Review focus: secret exposure, path traversal, telemetry Remaining from #93: item 2 (installer checksums) and item 5 (codesign via GitHub Actions) tracked in #94. Generated with AI Co-Authored-By: AI <ai@example.com>
justrach
force-pushed
the
fix/security-trust-93
branch
from
691f142 to
4bba0a0
Compare
Benchmark Regression ReportThreshold: 10.00%
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4bba0a0b24
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (std.mem.endsWith(u8, basename, ".pem") or | ||
| std.mem.endsWith(u8, basename, ".key") or | ||
| std.mem.endsWith(u8, basename, ".p12")) return true; |
There was a problem hiding this comment.
The new isSensitivePath fast-path split misses .pfx and .jks when filenames start with ., c, s, or i (for example cert.pfx), because that branch only checks .pem/.key/.p12. In those cases the file is treated as non-sensitive and can be indexed/searched, which is a security regression relative to the stated secret-filtering goal and to snapshot.zig's broader extension list.
Useful? React with 👍 / 👎.
New: - `codedb update` — self-update by re-running the install script - `codedb --version` / `-v` — prints version without needing a root - `codedb --help` — early exit without root resolution Build: - Codesign with "Developer ID Application: Rachit Pradhan (WWP9DLJ27P)" instead of ad-hoc signing. Binaries now pass spctl/Gatekeeper. - Version bumped to 0.2.3 in build.zig.zon, mcp.zig, telemetry.zig, worker.js Changes since 0.2.2: - security: exclude .env/secrets from live indexing (#97) - docs: accurate telemetry disclosure (#97) - BSD 3-Clause license + AGENTS.md (#97) - docs: updated benchmark numbers (openclaw 75s→2.9s, vitess 50s→~2s) - codedb2→codedb rename across all files Generated with AI Co-Authored-By: AI <ai@example.com>
1 participant
Addresses #93 (items 1, 3, 4, 6). Closes #95, closes #96.
Changes
1. Sensitive files excluded from live indexing (#96)
.env*,credentials.json,secrets.*,.pem,.key, SSH keys, AWS configs are now excluded from both live indexing and snapshots. Previously only snapshots filtered these.2. Telemetry docs match code (#95)
README and docs/telemetry.md now accurately disclose that telemetry syncs to the analytics endpoint on session close. No behavior change — just honest docs.
3. BSD 3-Clause LICENSE added
Copyright (c) 2024-2026, Rach Pradhan (justrach).
4. AGENTS.md added
Codex review guidelines for security-sensitive areas.
Not addressed here