Add redacted session handoff exports

[slashdevcorpse]

Summary\n- adds a server-side redacted markdown session bundle with prompt, assistant result, tool summaries, changed-file list, and validation commands\n- exposes a download-only handoff API for bundle, issue draft, and PR draft markdown\n- adds export-menu entries for redacted bundle, issue draft, and PR draft generation without posting to GitHub\n- covers redaction of environment values, tokens, private paths, and long secret-like values\n\n## Verification\n- pnpm -C apps/codex-claw lint\n- pnpm -C apps/codex-claw test\n- pnpm -C apps/codex-claw build\n- pnpm pack:codex-claw\n- pnpm smoke:codex-claw:pack\n\nCloses #95

---

Summary by cubic

Adds server-side redacted session handoff exports and export-menu options to download a bundle, issue draft, or PR draft without publishing to GitHub. Implements Linear #95 with safe, shareable markdown exports.

• New Features
  • API: GET /api/session-bundle?kind=bundle|issue|pr&sessionKey=...&friendlyId=...&download=1 returns a markdown file with a sanitized filename.
  • Content: Includes prompt, assistant result, tool summaries, changed files, and validation commands.
  • Redaction: Scrubs env values, tokens (e.g., OpenAI/GitHub/npm), private paths, and long secret-like values; truncates large output with a note.
  • UI: Export menu adds “Redacted Bundle”, “Issue Draft”, and “PR Draft”; useExport routes server downloads without any GitHub writes.
  • Tests: Validate redaction, bundle structure, and issue/PR draft generation.

^{Written for commit 365f2eb. Summary will update on new commits.}

[cubic-dev-ai]

2 issues found across 7 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/codex-claw/src/server/session-bundle.ts">

<violation number="1" location="apps/codex-claw/src/server/session-bundle.ts:52">
P2: Home-directory replacement runs before path redaction, which can leak private subpaths in exported handoff text.</violation>
</file>

<file name="apps/codex-claw/src/routes/api/session-bundle.ts">

<violation number="1" location="apps/codex-claw/src/routes/api/session-bundle.ts:42">
P2: The catch block maps all errors to 404, which hides real server errors and returns incorrect HTTP semantics.</violation>
</file>

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[cubic-dev-ai]

P2: Home-directory replacement runs before path redaction, which can leak private subpaths in exported handoff text.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/codex-claw/src/server/session-bundle.ts, line 52:

<comment>Home-directory replacement runs before path redaction, which can leak private subpaths in exported handoff text.</comment>

<file context>
@@ -0,0 +1,378 @@
+  const replacements = [
+    [path.resolve(paths.stateDir), '$CODEX_CLAW_STATE'],
+    [path.resolve(paths.workspace.codexWorkdir), '$WORKSPACE'],
+    [os.homedir(), '~'],
+  ] as const
+  let next = value
</file context>

[cubic-dev-ai]

P2: The catch block maps all errors to 404, which hides real server errors and returns incorrect HTTP semantics.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/codex-claw/src/routes/api/session-bundle.ts, line 42:

<comment>The catch block maps all errors to 404, which hides real server errors and returns incorrect HTTP semantics.</comment>

<file context>
@@ -0,0 +1,48 @@
+            {
+              error: err instanceof Error ? err.message : String(err),
+            },
+            { status: 404 },
+          )
+        }
</file context>

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.