Not sure if this has been considered, but Codex session JSONL files can easily end up with sensitive stuff in them — API keys, tokens, passwords set via env vars or shell commands during the session.
The thing is, Euphony supports loading from public URLs (like Hugging Face), so if someone shares a session file without realizing there are credentials in it, anyone with the link can just read them in the viewer.
Would be great to have at least a warning when rendering Codex sessions, or some basic pattern detection that flags potential secrets before displaying them. Even just a note in the README telling people to check their session files before sharing would help.
Not sure if this has been considered, but Codex session JSONL files can easily end up with sensitive stuff in them — API keys, tokens, passwords set via env vars or shell commands during the session.
The thing is, Euphony supports loading from public URLs (like Hugging Face), so if someone shares a session file without realizing there are credentials in it, anyone with the link can just read them in the viewer.
Would be great to have at least a warning when rendering Codex sessions, or some basic pattern detection that flags potential secrets before displaying them. Even just a note in the README telling people to check their session files before sharing would help.