Skip to content

fix: mask ConversationMeta.last_preview on deserialization to prevent plaintext exposure#3

Merged
WilleLX1 merged 4 commits intomainfrom
copilot/fix-conversation-meta-test
Mar 7, 2026
Merged

fix: mask ConversationMeta.last_preview on deserialization to prevent plaintext exposure#3
WilleLX1 merged 4 commits intomainfrom
copilot/fix-conversation-meta-test

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 6, 2026
edited
Loading

from_json for ConversationMeta was unconditionally replacing any non-empty last_preview with the literal "(encrypted message)", causing StateDedupTest.ConversationMetaRoundTrip to fail. Based on review feedback, the correct fix is to preserve the masking behavior for privacy — preventing any sensitive plaintext previews from being resurfaced out of persisted state — but using a consistent masked value.

Change

Updated from_json for ConversationMeta to always set last_preview to "[encrypted message]" regardless of the stored value, and updated StateDedupTest.ConversationMetaRoundTrip to expect this masked value after a round-trip:

// Before
if (j.contains("last_preview")) {
    const auto preview = j.value("last_preview", "");
    v.last_preview = preview.empty() ? "" : "(encrypted message)";
} else {
    v.last_preview = "";
}

// After
// Never deserialize historical last_preview plaintext from disk into runtime state.
// This prevents resurfacing any sensitive previews that may have been persisted.
v.last_preview = "[encrypted message]";

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@WilleLX1
fix: preserve last_preview in ConversationMeta deserialization
bd703f2 
Co-authored-by: WilleLX1 <68472201+WilleLX1@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix test failure in StateDedupTest for last_preview fix: preserve ConversationMeta.last_preview through serialization round-trip Mar 6, 2026
@WilleLX1 WilleLX1 marked this pull request as ready for review March 6, 2026 11:25
Copilot AI review requested due to automatic review settings March 6, 2026 11:25
Copilot AI reviewed Mar 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes ConversationMeta JSON deserialization so last_preview survives a serialization round-trip (unblocking StateDedupTest.ConversationMetaRoundTrip and keeping state I/O symmetric with to_json).

Changes:

  • Remove from_json(ConversationMeta&) logic that replaced any non-empty last_preview with "(encrypted message)".
  • Deserialize last_preview directly via j.value("last_preview", "").

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@WilleLX1
Update client-cpp-gui/include/blackwire/storage/client_state.hpp
577d94b 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@WilleLX1
Copy link
Copy Markdown
Owner

WilleLX1 commented Mar 6, 2026

@copilot apply changes based on the comments in this thread

@WilleLX1
fix: update test to expect masked last_preview after deserialization
24f7467 
Co-authored-by: WilleLX1 <68472201+WilleLX1@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Mar 6, 2026

@copilot apply changes based on the comments in this thread

Applied in commit 24f7467. from_json now always sets last_preview = "[encrypted message]" (with the comments from the reviewer's suggestion), and StateDedupTest.ConversationMetaRoundTrip now expects "[encrypted message]" after the round-trip.

Copilot AI changed the title fix: preserve ConversationMeta.last_preview through serialization round-trip fix: mask ConversationMeta.last_preview on deserialization to prevent plaintext exposure Mar 6, 2026
@WilleLX1 WilleLX1 merged commit adec05b into main Mar 7, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@WilleLX1 WilleLX1

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@WilleLX1