From af462bf97ac628606be6d860fba5e98a5842cd16 Mon Sep 17 00:00:00 2001 From: Garry Tan Date: Fri, 27 Mar 2026 22:13:55 -0700 Subject: [PATCH] fix: add state file TTL and plaintext cookie warning (HIGH-02) - Add savedAt timestamp to state save output - Warn on load if state file older than 7 days - Auto-delete stale state files (>7 days) on server startup - Warning about plaintext cookie storage in save message --- browse/src/meta-commands.ts | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/browse/src/meta-commands.ts b/browse/src/meta-commands.ts index 99a18843..b8325738 100644 --- a/browse/src/meta-commands.ts +++ b/browse/src/meta-commands.ts @@ -474,11 +474,12 @@ export async function handleMetaCommand( // V1: cookies + URLs only (not localStorage — breaks on load-before-navigate) const saveData = { version: 1, + savedAt: new Date().toISOString(), cookies: state.cookies, pages: state.pages.map(p => ({ url: p.url, isActive: p.isActive })), }; fs.writeFileSync(statePath, JSON.stringify(saveData, null, 2), { mode: 0o600 }); - return `State saved: ${statePath} (${state.cookies.length} cookies, ${state.pages.length} pages — treat as sensitive)`; + return `State saved: ${statePath} (${state.cookies.length} cookies, ${state.pages.length} pages)\n⚠️ Cookies stored in plaintext. Delete when no longer needed.`; } if (action === 'load') { @@ -487,6 +488,14 @@ export async function handleMetaCommand( if (!Array.isArray(data.cookies) || !Array.isArray(data.pages)) { throw new Error('Invalid state file: expected cookies and pages arrays'); } + // Warn on state files older than 7 days + if (data.savedAt) { + const ageMs = Date.now() - new Date(data.savedAt).getTime(); + const SEVEN_DAYS = 7 * 24 * 60 * 60 * 1000; + if (ageMs > SEVEN_DAYS) { + console.warn(`[browse] Warning: State file is ${Math.round(ageMs / 86400000)} days old. Consider re-saving.`); + } + } // Close existing pages, then restore (replace, not merge) bm.setFrame(null); await bm.closeAllPages();