airkjw/claude-mem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restore correct privacy tag stripping order in session init

Browse Source 
The bugfix/session-continuity branch introduced a regression that broke
the privacy fix from PR #463 (commit 63fd158). Privacy tags must be
stripped BEFORE creating the session, not after.

CORRECT order:
1. Strip privacy tags
2. Create session with cleaned prompt
3. Get prompt number

BROKEN order (what was on main):
1. Create session with RAW prompt (stores private content!)
2. Get prompt number
3. Strip privacy tags (too late)

This commit restores the correct order from commit 63fd158.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Alex Newman
2025-12-27 21:19:19 -05:00
parent 12fdb43ce4
commit 23358e2c6d
2 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/services/worker/http/routes/SessionRoutes.ts
+8 -11
View File
@@ -501,27 +501,24 @@ export class SessionRoutes extends BaseRouteHandler {
const store = this.dbManager.getSessionStore();
// Step 1: Create/get SDK session (idempotent INSERT OR IGNORE)
const sessionDbId = store.createSDKSession(claudeSessionId, project, prompt);
// Step 1: Strip privacy tags from prompt BEFORE storing
// This prevents <private> content from being persisted to sdk_sessions.user_prompt
const cleanedPrompt = stripMemoryTagsFromPrompt(prompt);
logger.info('HTTP', 'SessionRoutes: createSDKSession returned', {
sessionDbId,
claudeSessionId
});
// Step 2: Create/get SDK session with CLEANED prompt (idempotent INSERT OR IGNORE)
const sessionDbId = store.createSDKSession(claudeSessionId, project, cleanedPrompt);
// Step 2: Get next prompt number from user_prompts count
// Step 3: Get next prompt number from user_prompts count
const currentCount = store.getPromptNumberFromUserPrompts(claudeSessionId);
const promptNumber = currentCount + 1;
logger.info('HTTP', 'SessionRoutes: Calculated promptNumber', {
logger.info('HTTP', 'SessionRoutes: Session initialization', {
sessionDbId,
claudeSessionId,
promptNumber,
currentCount
});
// Step 3: Strip privacy tags from prompt
const cleanedPrompt = stripMemoryTagsFromPrompt(prompt);
// Step 4: Check if prompt is entirely private
if (!cleanedPrompt || cleanedPrompt.trim() === '') {
logger.debug('HOOK', 'Session init - prompt entirely private', {