fix: filter terminal chat events by session key — prevent cross-session bleed

BunsDev · BunsDev · commit 804a2df46143 · 2026-03-05T08:42:14.000-06:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -6,7 +6,9 @@ If you discover a security vulnerability in KnotCode, please report it responsib
 
 **Do not open a public issue.**
 
-Instead, email **security@openknot.ai** or use [GitHub's private vulnerability reporting](https://github.com/OpenKnots/code-editor/security/advisories/new).
+Instead, DM [**@BunsDev**](https://x.com/BunsDev) or use [GitHub's private vulnerability reporting](https://github.com/OpenKnots/code-editor/security/advisories/new).
+
+<!-- Instead, email **security@openknot.ai** or use [GitHub's private vulnerability reporting](https://github.com/OpenKnots/code-editor/security/advisories/new). -->
 
 We will acknowledge your report within 48 hours and aim to release a fix within 7 days for critical issues.
 
diff --git a/components/gateway-terminal.tsx b/components/gateway-terminal.tsx
@@ -409,6 +409,14 @@ export function GatewayTerminal() {
       const p = payload as Record<string, unknown>
       const state = p.state as string | undefined
 
+      // Only process events for the terminal's session (main)
+      const eventSessionKey = (p.sessionKey ??
+        p.session_key ??
+        (typeof p.session === 'object' && p.session !== null
+          ? (p.session as Record<string, unknown>).key
+          : undefined)) as string | undefined
+      if (eventSessionKey && eventSessionKey !== 'main') return
+
       if (state === 'delta') {
         const text = extractEventText(p)
         if (text) {
