From cca4fde3d21b906ac1658de22ce64608a4e16ea6 Mon Sep 17 00:00:00 2001
From: zeroaltitude <zeroaltitude@gmail.com>
Date: Mon, 9 Mar 2026 22:22:21 -0700
Subject: [PATCH] fix: warn on late-set blockSessionSave privacy boundary,
 consistent error narrowing

- Add log.warn when blockSessionSave is late-set: file is retracted but
  transcript may have already been sent to LLM for slug generation.
  Surfaces the privacy boundary so plugin authors know to pre-set for
  full confidentiality.
- Align fs.unlink catch to use same defensive err instanceof Error &&
  'code' in err pattern as the fs.readFile catch above.

Addresses greptile review: privacy boundary documentation + error
narrowing consistency.
---
 src/hooks/bundled/session-memory/handler.ts | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/hooks/bundled/session-memory/handler.ts b/src/hooks/bundled/session-memory/handler.ts
index d9dd26fd4d6..4c67f31d5bf 100644
--- a/src/hooks/bundled/session-memory/handler.ts
+++ b/src/hooks/bundled/session-memory/handler.ts
@@ -442,6 +442,16 @@ const saveSessionToMemory: HookHandler = async (event) => {
       // If the file existed before our write (slug collision), restore the
       // original content instead of deleting — avoids erasing prior history.
       if (event.context.blockSessionSave === true && inlineWriteHappened) {
+        // Privacy note: late-set blockSessionSave retracts the file but does NOT
+        // prevent transcript content from having already been sent to the LLM
+        // provider for slug generation. To prevent transcript processing entirely,
+        // set blockSessionSave before the session-memory handler runs (pre-set path).
+        log.warn(
+          "blockSessionSave was set by a late hook — memory file will be retracted, but " +
+            "transcript content may have already been sent to the LLM provider for slug generation. " +
+            "To prevent transcript processing entirely, set blockSessionSave before the " +
+            "session-memory handler runs.",
+        );
         if (preExistingContent !== null) {
           // Slug collision: another entry already existed at this filename
           // before our inline write. Restore the original content rather
@@ -467,7 +477,11 @@ const saveSessionToMemory: HookHandler = async (event) => {
             // triggerInternalHook logs them. Note: errors are caught
             // per-action and do NOT propagate to the session caller;
             // the file may remain on disk under adversarial FS conditions.
-            if ((err as NodeJS.ErrnoException).code !== "ENOENT") {
+            if (
+              !(err instanceof Error) ||
+              !("code" in err) ||
+              (err as NodeJS.ErrnoException).code !== "ENOENT"
+            ) {
               throw err;
             }
           }