Skip to content

Disable automatic loading of context.txt into Streamlit sessions#76

Closed
DavidJBianco wants to merge 1 commit into
mainfrom
codex/fix-local-context-information-disclosure
Closed

Disable automatic loading of context.txt into Streamlit sessions#76
DavidJBianco wants to merge 1 commit into
mainfrom
codex/fix-local-context-information-disclosure

Conversation

@DavidJBianco

@DavidJBianco DavidJBianco commented Apr 23, 2026

Copy link
Copy Markdown
Collaborator

Motivation

  • Prevent accidental disclosure of server-side context.txt into LLM prompts and external providers by avoiding auto-injection into every st.session_state session.

Description

  • Replace automatic file read of context.txt in peak_assistant/streamlit/app.py with initializing st.session_state["local_context"] to an empty string and add an inline security note explaining why server-side context is not auto-injected.

Testing

  • Compiled peak_assistant/streamlit/app.py and peak_assistant/streamlit/util/runners.py with python -m compileall (success) and ran PYTHONPATH=. pytest -q tests/unit_tests/test_streamlit_helpers_mcp_bugs.py which failed during collection due to a missing python-dotenv dependency in the environment.

Codex Task

@DavidJBianco DavidJBianco mentioned this pull request Apr 23, 2026
Closed
3 tasks
DavidJBianco added a commit that referenced this pull request Apr 23, 2026
@DavidJBianco @claude
Merge batch-b-context-file: stop auto-loading context.txt into sessions
39cb907 
Initializes local_context to empty string instead of reading from disk
to prevent sensitive server-side data reaching external LLM providers.

Supersedes PR #76, closes PR #75.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DavidJBianco

DavidJBianco commented Apr 23, 2026

Copy link
Copy Markdown
Collaborator Author

Superseded by #86, which cherry-picked this fix. Merged into dev via merge commit 39cb907.

@DavidJBianco DavidJBianco mentioned this pull request Apr 23, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

aardvark codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DavidJBianco