Skip to content

fix(privacy): clear recents at the session boundary and bound thread TTL (PT-16)#597

Merged
BigSimmo merged 2 commits into
mainfrom
claude/pt-audit-pr3-storage-unification
Jul 13, 2026
Merged

fix(privacy): clear recents at the session boundary and bound thread TTL (PT-16)#597
BigSimmo merged 2 commits into
mainfrom
claude/pt-audit-pr3-storage-unification

Conversation

@BigSimmo

Copy link
Copy Markdown
Owner

Summary

Audit PT-16 follow-up to #582's owner-scoped recents:

  • Session boundary: sign-out and session expiry now clear every owner-scoped recents key (plus the legacy residue fix: remediate 2026-07-13 external audit findings (lexical retrieval, privacy, upload, CSP, a11y) #582 already purged) via a new clearRecentQueries() in the shared helper, so the next person on a shared workstation cannot inherit recent clinical question text.
  • Thread TTL: persisted answer threads carry a savedAt stamp and expire after 12h, bounding how long raw query/answer text stays restorable in long-lived clinical-workstation tabs. savedAt stays internal to the storage module (loads strip it after the TTL check), and legacy payloads without the stamp stay loadable once and are stamped on next save.

Verification

Extended tests/answer-thread-storage.test.ts (TTL expiry, fresh-stamp round-trip, legacy acceptance) and tests/recent-query-storage.test.ts (boundary clear removes legacy + all scoped keys, leaves unrelated keys). 11/11 focused tests, full typecheck, lint, prettier green.

🤖 Generated with Claude Code

…TTL (PT-16)

Follow-up to #582's owner-scoped recents: sign-out and session expiry
now clear every owner-scoped recents key (plus legacy residue) so the
next person on a shared workstation cannot inherit recent clinical
question text, and persisted answer threads carry a savedAt stamp that
expires after 12h so raw query/answer text cannot idle indefinitely in
long-lived tabs. Legacy payloads without the stamp stay loadable once
and are stamped on next save.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@supabase

supabase Bot commented Jul 13, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@BigSimmo, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 3 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 7171976a-42f3-49e2-bdfe-6ca26a9fda8d

📥 Commits

Reviewing files that changed from the base of the PR and between 6758a6c and 10b8980.

📒 Files selected for processing (1)
  • src/lib/supabase/client.tsx
📝 Walkthrough

Walkthrough

Persisted answer threads now expire after a TTL while remaining compatible with legacy payloads. Recent-query storage is cleared during sign-out and session expiration, including both legacy and owner-scoped entries.

Changes

Session storage lifecycle

Layer / File(s) Summary
Answer-thread TTL persistence
src/lib/answer-thread-storage.ts, tests/answer-thread-storage.test.ts
Stored answer threads receive timestamps, expired records are rejected, and legacy records without timestamps remain loadable.
Authentication storage cleanup
src/components/clinical-dashboard/recent-query-storage.ts, src/lib/supabase/client.tsx, tests/recent-query-storage.test.ts
Recent queries are cleared during sign-out and session expiration, with coverage for scoped, legacy, and unrelated storage keys.

Estimated code review effort: 3 (Moderate) | ~20 minutes

🚥 Pre-merge checks | ✅ 5 | ❌ 6

❌ Failed checks (6 inconclusive)

Check name Status Explanation Resolution
Generated And Sensitive Files ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Verification Claims ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Risky Git Or Deployment Actions ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Supabase Project And Schema Safety ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Runtime And Package Manager Integrity ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Api Route Failure Handling ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main privacy changes: clearing recents at session boundaries and adding a bounded thread TTL.
Description check ✅ Passed The description is directly related to the PR and accurately summarizes the recents cleanup, thread TTL, and tests.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/pt-audit-pr3-storage-unification
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch claude/pt-audit-pr3-storage-unification

Comment @coderabbitai help to get the list of available commands.

@BigSimmo
BigSimmo enabled auto-merge (squash) July 13, 2026 14:47

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6758a6c2a3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/lib/supabase/client.tsx
@github-actions

Copy link
Copy Markdown

@codex resolve actionable Codex review findings for this pull request and current head using the repository instructions. This is the pull request's single automatic repair pass: do not perform a fresh review, create new standalone findings, or request another review. Work only the existing unresolved Codex threads on the current head. Always fix P0 and P1 findings. For P2 and lower findings, fix only clear, scoped, low-risk issues; otherwise disposition them with a concise reason. After fixing or dispositioning a thread, reply in that thread with as the first line, followed by a concise summary; that marker authorizes the workflow to close that exact thread. If human input or new authorization is required, do not use the marker and leave the thread open with the blocker. Finish only after every actionable thread is fixed or dispositioned and closed, or explicitly left open for a human decision. Do not update the branch from main, address unrelated reviews, broaden scope, or create more than one scoped fix commit. Do not use external APIs, paid services, credentials, dependency changes, or broad refactors unless explicitly authorized. Add targeted tests where behavior changes and run the narrowest relevant validation.

coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 13, 2026
@BigSimmo

Copy link
Copy Markdown
Owner Author

@codex resolve actionable Codex review findings for this pull request and current head using the repository instructions. This is the pull request's single automatic repair pass: do not perform a fresh review, create new standalone findings, or request another review. Work only the existing unresolved Codex threads on the current head. Always fix P0 and P1 findings. For P2 and lower findings, fix only clear, scoped, low-risk issues; otherwise disposition them with a concise reason. After fixing or dispositioning a thread, reply in that thread with as the first line, followed by a concise summary; that marker authorizes the workflow to close that exact thread. If human input or new authorization is required, do not use the marker and leave the thread open with the blocker. Finish only after every actionable thread is fixed or dispositioned and closed, or explicitly left open for a human decision. Do not update the branch from main, address unrelated reviews, broaden scope, or create more than one scoped fix commit. Do not use external APIs, paid services, credentials, dependency changes, or broad refactors unless explicitly authorized. Add targeted tests where behavior changes and run the narrowest relevant validation.

@codex please implement

@chatgpt-codex-connector

Copy link
Copy Markdown

Summary

Commit / PR

  • Committed changes on the current branch: c335ef4 fix(privacy): purge passive signed-out storage
  • Created PR metadata via make_pr with title: fix(privacy): purge passive signed-out storage transitions

Testing

  • PATH="$HOME/.nvm/versions/node/v24.15.0/bin:$PATH" npm test -- tests/private-client-auth.test.ts tests/recent-query-storage.test.ts
  • PATH="$HOME/.nvm/versions/node/v24.15.0/bin:$PATH" npm run typecheck
  • git diff --check

View task →

@BigSimmo
BigSimmo merged commit d3c8b30 into main Jul 13, 2026
17 checks passed
@BigSimmo
BigSimmo deleted the claude/pt-audit-pr3-storage-unification branch July 14, 2026 11:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant