fix: warn on late-set blockSessionSave privacy boundary, consistent error narrowing

- Add log.warn when blockSessionSave is late-set: file is retracted but transcript may have already been sent to LLM for slug generation. Surfaces the privacy boundary so plugin authors know to pre-set for full confidentiality. - Align fs.unlink catch to use same defensive err instanceof Error && 'code' in err pattern as the fs.readFile catch above. Addresses greptile review: privacy boundary documentation + error narrowing consistency.
2026-03-09 22:22:21 -07:00 · 2026-03-09 22:22:21 -07:00 · cca4fde3d2
commit cca4fde3d2
parent 9de1adbce2
1 changed files with 15 additions and 1 deletions
--- a/src/hooks/bundled/session-memory/handler.ts
+++ b/src/hooks/bundled/session-memory/handler.ts
@ -442,6 +442,16 @@ const saveSessionToMemory: HookHandler = async (event) => {
      // If the file existed before our write (slug collision), restore the
      // original content instead of deleting — avoids erasing prior history.
      if (event.context.blockSessionSave === true && inlineWriteHappened) {
+        // Privacy note: late-set blockSessionSave retracts the file but does NOT
+        // prevent transcript content from having already been sent to the LLM
+        // provider for slug generation. To prevent transcript processing entirely,
+        // set blockSessionSave before the session-memory handler runs (pre-set path).
+        log.warn(
+          "blockSessionSave was set by a late hook — memory file will be retracted, but " +
+            "transcript content may have already been sent to the LLM provider for slug generation. " +
+            "To prevent transcript processing entirely, set blockSessionSave before the " +
+            "session-memory handler runs.",
+        );
        if (preExistingContent !== null) {
          // Slug collision: another entry already existed at this filename
          // before our inline write. Restore the original content rather
@ -467,7 +477,11 @@ const saveSessionToMemory: HookHandler = async (event) => {
            // triggerInternalHook logs them. Note: errors are caught
            // per-action and do NOT propagate to the session caller;
            // the file may remain on disk under adversarial FS conditions.
-            if ((err as NodeJS.ErrnoException).code !== "ENOENT") {
+            if (
+              !(err instanceof Error) ||
+              !("code" in err) ||
+              (err as NodeJS.ErrnoException).code !== "ENOENT"
+            ) {
              throw err;
            }
          }