Fix ZDR issue for openai

[elie222]

Add OPENAI_ZERO_DATA_RETENTION env flag and set selectModel OpenAI providerOptions.openai.store=false when enabled; refresh Outlook tokens when expiry is within 10 minutes

Introduce a boolean OPENAI_ZERO_DATA_RETENTION env var and apply it in utils/llms/model.ts to set providerOptions.openai.store=false for OpenAI models; adjust Outlook client token refresh to trigger when expiry is within 10 minutes; bump version.

📍Where to Start

Start with the OpenAI options logic in selectModel in apps/web/utils/llms/model.ts.

---

📊 Macroscope summarized 648e8c3. 3 files reviewed, 9 issues evaluated, 6 issues filtered, 2 comments posted

🗂️ Filtered Issues

apps/web/env.ts — 0 comments posted, 1 evaluated, 1 filtered

• line 149: NEXT_PUBLIC_FREE_UNSUBSCRIBE_CREDITS is defined as z.number().default(5) on the client (line 149) but the corresponding value in experimental__runtimeEnv is sourced from process.env.NEXT_PUBLIC_FREE_UNSUBSCRIBE_CREDITS, which is always a string when set. Without z.coerce.number(), providing an env var like "5" will fail validation at runtime instead of being parsed to a number. All other client numeric envs use z.coerce.number(); this one is inconsistent and will cause a runtime parse error when set. [ Out of scope ]

apps/web/utils/llms/model.ts — 1 comment posted, 4 evaluated, 2 filtered

• line 92: providerOptions is accepted by selectModel but is only forwarded in the Provider.OPEN_AI and Provider.OPENROUTER branches. For GOOGLE, GROQ, AI_GATEWAY, BEDROCK, and ANTHROPIC, any provided providerOptions are silently ignored, which breaks interface parity and may lead callers to believe options are applied when they are not. Either document the asymmetry or forward/validate options consistently. [ Low confidence ]
• line 355: getBackupModel constructs an OpenRouter client using env.OPENROUTER_API_KEY without checking if it exists. If OPENROUTER_BACKUP_MODEL is set but OPENROUTER_API_KEY is missing, the backup model is created with an undefined API key, likely causing runtime failures when used. Add a check to require the API key or return null. [ Low confidence ]

apps/web/utils/outlook/client.ts — 1 comment posted, 4 evaluated, 3 filtered

• line 126: Refresh token request may be rejected by Microsoft because it omits the scope parameter for the grant_type=refresh_token request to the v2.0 token endpoint. This can lead to invalid_request/invalid_grant responses depending on tenant/app configuration. [ Low confidence ]
• line 192: saveTokens is called before validating the token response. If tokens.access_token is missing or empty, createOutlookClient(tokens.access_token) will throw a SafeError, but the function will have already persisted an invalid access_token/expires_at, leaving state in a bad/partially updated condition. [ Low confidence ]
• line 195: Potential NaN for expires_at: Math.floor(Date.now() / 1000 + tokens.expires_in) assumes tokens.expires_in is a finite number. If it is missing or not numeric, the result will be NaN and be stored, breaking future expiry checks. [ Low confidence ]

Summary by CodeRabbit

• New Features

  • Added support for configuring OpenAI to not store user data.

• Bug Fixes

  • Improved Outlook token refresh mechanism to prevent expiry during extended operations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
inbox-zero	Ready	Preview	Dec 4, 2025 3:46am

[coderabbitai]

Walkthrough

This PR introduces OpenAI data retention control via an environment variable and improves Outlook token expiry handling with a refresh buffer. Version is bumped to v2.21.36. Changes are configuration-driven and do not alter core control flow.

Changes

Cohort / File(s)	Summary
OpenAI data retention configuration apps/web/env.ts, apps/web/utils/llms/model.ts	Added OPENAI_ZERO_DATA_RETENTION boolean environment variable (default: false) and conditional logic to set openai.store = false in provider options when enabled.
Outlook token refresh logic apps/web/utils/outlook/client.ts	Introduced TOKEN_REFRESH_BUFFER_MS (10 minutes) constant and updated token expiry validation to account for buffer duration, preventing token reuse if insufficient time remains before expiry.
Version bump version.txt	Updated version from v2.21.34 to v2.21.36.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Focus areas:
  • Verify that OPENAI_ZERO_DATA_RETENTION env var is correctly passed from env.ts to selectModel() in model.ts
  • Confirm token refresh buffer logic correctly prevents premature token reuse in Outlook client
  • Check that the 10-minute buffer duration is reasonable for expected operation durations

Possibly related PRs

• Adjust openai example models #1016: Modifies the same selectModel() function in apps/web/utils/llms/model.ts to change OpenAI default model; may require coordination if both PRs are in flight.
• Add seperate chat model #577: Refactors model selection logic and LLM configuration in the same files; predecessor or related refactoring work on the model selection code paths.

Poem

🐰 A flag to guard the data tight,
OpenAI stores with all its might—
But now we choose to let it go,
And token buffers steal the show!
Version up to 2-2-6! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fix ZDR issue for openai' directly relates to the main change in the changeset. The PR adds OPENAI_ZERO_DATA_RETENTION (ZDR) environment variable handling to control OpenAI's data retention policy, which is clearly reflected in the title.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/zdr-openai

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[elie222]

See: vercel/ai#10060

[cubic-dev-ai]

No issues found across 4 files

[macroscopeapp]

The expiry check mixes seconds (expires_at) with milliseconds (Date.now() + TOKEN_REFRESH_BUFFER_MS). Consider converting expires_at to ms before comparing to avoid unnecessary refreshes.

-  const expiryDate = expiresAt ? expiresAt : null;
+  const expiryDateMs = expiresAt ? expiresAt * 1000 : null;
   if (
-    accessToken &&
-    expiryDate &&
-    expiryDate > Date.now() + TOKEN_REFRESH_BUFFER_MS
+    accessToken &&
+    expiryDateMs &&
+    expiryDateMs > Date.now() + TOKEN_REFRESH_BUFFER_MS
   ) {
     return createOutlookClient(accessToken);
   }

🚀 Reply to ask Macroscope to explain or update this suggestion.

👍 Helpful? React to give us feedback.

[macroscopeapp]

Issue on line in apps/web/utils/llms/model.ts:153:

Suggestion: Add defensive checks/defaults in apps/web/utils/llms/model.ts before provider construction—validate env.BEDROCK_ACCESS_KEY/env.BEDROCK_SECRET_KEY and default providerOptions/providerOptions.openai to empty objects—to prevent runtime errors.

+       if (!env.BEDROCK_ACCESS_KEY || !env.BEDROCK_SECRET_KEY) {
+         throw new Error("Bedrock selected but BEDROCK_ACCESS_KEY and/or BEDROCK_SECRET_KEY are not set");
+       }

🚀 Reply to ask Macroscope to explain or update this suggestion.

👍 Helpful? React to give us feedback.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 28df057 and 648e8c3.

📒 Files selected for processing (4)

• apps/web/env.ts (1 hunks)
• apps/web/utils/llms/model.ts (1 hunks)
• apps/web/utils/outlook/client.ts (2 hunks)
• version.txt (1 hunks)

🧰 Additional context used

📓 Path-based instructions (15)

apps/web/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Use @/ path aliases for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Follow consistent naming conventions using PascalCase for components
Centralize shared types in dedicated type files

Import specific lodash functions rather than entire lodash library to minimize bundle size (e.g., import groupBy from 'lodash/groupBy')

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• apps/web/utils/llms/model.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/data-fetching.mdc)

**/*.{ts,tsx}: For API GET requests to server, use the swr package
Use result?.serverError with toastError from @/components/Toast for error handling in async operations

**/*.{ts,tsx}: Use wrapper functions for Gmail message operations (get, list, batch, etc.) from @/utils/gmail/message.ts instead of direct API calls
Use wrapper functions for Gmail thread operations from @/utils/gmail/thread.ts instead of direct API calls
Use wrapper functions for Gmail label operations from @/utils/gmail/label.ts instead of direct API calls

**/*.{ts,tsx}: For early access feature flags, create hooks using the naming convention use[FeatureName]Enabled that return a boolean from useFeatureFlagEnabled("flag-key")
For A/B test variant flags, create hooks using the naming convention use[FeatureName]Variant that define variant types, use useFeatureFlagVariantKey() with type casting, and provide a default "control" fallback
Use kebab-case for PostHog feature flag keys (e.g., inbox-cleaner, pricing-options-2)
Always define types for A/B test variant flags (e.g., type PricingVariant = "control" | "variant-a" | "variant-b") and provide type safety through type casting

**/*.{ts,tsx}: Don't use primitive type aliases or misleading types
Don't use empty type parameters in type aliases and interfaces
Don't use this and super in static contexts
Don't use any or unknown as type constraints
Don't use the TypeScript directive @ts-ignore
Don't use TypeScript enums
Don't export imported variables
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions
Don't use TypeScript namespaces
Don't use non-null assertions with the ! postfix operator
Don't use parameter properties in class constructors
Don't use user-defined types
Use as const instead of literal types and type annotations
Use either T[] or Array<T> consistently
Initialize each enum member value explicitly
Use export type for types
Use `impo...

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• apps/web/utils/llms/model.ts

**/{server,api,actions,utils}/**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)

**/{server,api,actions,utils}/**/*.ts: Use createScopedLogger from "@/utils/logger" for logging in backend code
Add the createScopedLogger instantiation at the top of the file with an appropriate scope name
Use .with() method to attach context variables only within specific functions, not on global loggers
For large functions with reused variables, use createScopedLogger().with() to attach context once and reuse the logger without passing variables repeatedly

Files:

• apps/web/utils/outlook/client.ts
• apps/web/utils/llms/model.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/prisma-enum-imports.mdc)

Always import Prisma enums from @/generated/prisma/enums instead of @/generated/prisma/client to avoid Next.js bundling errors in client components

Import Prisma using the project's centralized utility: import prisma from '@/utils/prisma'

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• apps/web/utils/llms/model.ts

**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/security.mdc)

**/*.ts: ALL database queries MUST be scoped to the authenticated user/account by including user/account filtering in WHERE clauses to prevent unauthorized data access
Always validate that resources belong to the authenticated user before performing operations, using ownership checks in WHERE clauses or relationships
Always validate all input parameters for type, format, and length before using them in database queries
Use SafeError for error responses to prevent information disclosure. Generic error messages should not reveal internal IDs, logic, or resource ownership details
Only return necessary fields in API responses using Prisma's select option. Never expose sensitive data such as password hashes, private keys, or system flags
Prevent Insecure Direct Object References (IDOR) by validating resource ownership before operations. All findUnique/findFirst calls MUST include ownership filters
Prevent mass assignment vulnerabilities by explicitly whitelisting allowed fields in update operations instead of accepting all user-provided data
Prevent privilege escalation by never allowing users to modify system fields, ownership fields, or admin-only attributes through user input
All findMany queries MUST be scoped to the user's data by including appropriate WHERE filters to prevent returning data from other users
Use Prisma relationships for access control by leveraging nested where clauses (e.g., emailAccount: { id: emailAccountId }) to validate ownership

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• apps/web/utils/llms/model.ts

**/*.{tsx,ts}

📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)

**/*.{tsx,ts}: Use Shadcn UI and Tailwind for components and styling
Use next/image package for images
For API GET requests to server, use the swr package with hooks like useSWR to fetch data
For text inputs, use the Input component with registerProps for form integration and error handling

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• apps/web/utils/llms/model.ts

**/*.{tsx,ts,css}

📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)

Implement responsive design with Tailwind CSS using a mobile-first approach

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• apps/web/utils/llms/model.ts

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{js,jsx,ts,tsx}: Don't use accessKey attribute on any HTML element
Don't set aria-hidden="true" on focusable elements
Don't add ARIA roles, states, and properties to elements that don't support them
Don't use distracting elements like <marquee> or <blink>
Only use the scope prop on <th> elements
Don't assign non-interactive ARIA roles to interactive HTML elements
Make sure label elements have text content and are associated with an input
Don't assign interactive ARIA roles to non-interactive HTML elements
Don't assign tabIndex to non-interactive HTML elements
Don't use positive integers for tabIndex property
Don't include "image", "picture", or "photo" in img alt prop
Don't use explicit role property that's the same as the implicit/default role
Make static elements with click handlers use a valid role attribute
Always include a title element for SVG elements
Give all elements requiring alt text meaningful information for screen readers
Make sure anchors have content that's accessible to screen readers
Assign tabIndex to non-interactive HTML elements with aria-activedescendant
Include all required ARIA attributes for elements with ARIA roles
Make sure ARIA properties are valid for the element's supported roles
Always include a type attribute for button elements
Make elements with interactive roles and handlers focusable
Give heading elements content that's accessible to screen readers (not hidden with aria-hidden)
Always include a lang attribute on the html element
Always include a title attribute for iframe elements
Accompany onClick with at least one of: onKeyUp, onKeyDown, or onKeyPress
Accompany onMouseOver/onMouseOut with onFocus/onBlur
Include caption tracks for audio and video elements
Use semantic elements instead of role attributes in JSX
Make sure all anchors are valid and navigable
Ensure all ARIA properties (aria-*) are valid
Use valid, non-abstract ARIA roles for elements with ARIA roles
Use valid AR...

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• apps/web/utils/llms/model.ts

!(pages/_document).{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

Don't use the next/head module in pages/_document.js on Next.js projects

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• version.txt
• apps/web/utils/llms/model.ts

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/utilities.mdc)

**/*.{js,ts,jsx,tsx}: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size (e.g., import groupBy from 'lodash/groupBy')

Files:

• apps/web/utils/outlook/client.ts
• apps/web/env.ts
• apps/web/utils/llms/model.ts

apps/web/**/{.env.example,env.ts,turbo.json}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

Add environment variables to .env.example, env.ts, and turbo.json

Files:

• apps/web/env.ts

apps/web/env.ts

📄 CodeRabbit inference engine (.cursor/rules/environment-variables.mdc)

apps/web/env.ts: Add server-only environment variables to apps/web/env.ts under the server object with Zod schema validation
Add client-side environment variables to apps/web/env.ts under the client object with NEXT_PUBLIC_ prefix and Zod schema validation
Add client-side environment variables to apps/web/env.ts under the experimental__runtimeEnv object to enable runtime access

Files:

• apps/web/env.ts

{.env.example,apps/web/env.ts}

📄 CodeRabbit inference engine (.cursor/rules/environment-variables.mdc)

Client-side environment variables must be prefixed with NEXT_PUBLIC_

Files:

• apps/web/env.ts

apps/web/{utils/ai,utils/llms,__tests__}/**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/llm.mdc)

LLM-related code must be organized in specific directories: apps/web/utils/ai/ for main implementations, apps/web/utils/llms/ for core utilities and configurations, and apps/web/__tests__/ for LLM-specific tests

Files:

• apps/web/utils/llms/model.ts

apps/web/utils/llms/{index,model}.ts

📄 CodeRabbit inference engine (.cursor/rules/llm.mdc)

Core LLM functionality must be defined in utils/llms/index.ts, model definitions and configurations in utils/llms/model.ts, and usage tracking in utils/usage.ts

Files:

• apps/web/utils/llms/model.ts

🧠 Learnings (10)

📚 Learning: 2025-11-25T14:36:45.807Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add server-only environment variables to `apps/web/env.ts` under the `server` object with Zod schema validation

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-11-25T14:36:43.454Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to apps/web/env.ts : Define environment variables in `apps/web/env.ts` using Zod schema validation, organizing them into `server` and `client` sections

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-11-25T14:36:45.807Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `client` object with `NEXT_PUBLIC_` prefix and Zod schema validation

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-11-25T14:36:45.807Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `experimental__runtimeEnv` object to enable runtime access

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-11-25T14:36:43.454Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to apps/web/env.ts : For client-side environment variables in `apps/web/env.ts`, prefix them with `NEXT_PUBLIC_` and add them to both the `client` and `experimental__runtimeEnv` sections

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-11-25T14:36:18.416Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/**/{.env.example,env.ts,turbo.json} : Add environment variables to `.env.example`, `env.ts`, and `turbo.json`

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-11-25T14:37:56.430Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm-test.mdc:0-0
Timestamp: 2025-11-25T14:37:56.430Z
Learning: Applies to apps/web/__tests__/**/*.test.ts : Use `describe.runIf(isAiTest)` with environment variable `RUN_AI_TESTS === "true"` to conditionally run LLM tests

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-11-25T14:36:45.807Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to {.env.example,apps/web/env.ts} : Client-side environment variables must be prefixed with `NEXT_PUBLIC_`

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-07-19T15:06:43.730Z

Learnt from: garnertb
Repo: elie222/inbox-zero PR: 580
File: apps/web/.env.example:4-7
Timestamp: 2025-07-19T15:06:43.730Z
Learning: In apps/web/.env.example, boolean environment variables follow an unquoted convention (e.g., LOG_ZOD_ERRORS=true, AUTH_TRUST_HOST=true). Logical grouping of related variables (like auth variables together) is preferred over strict alphabetical ordering for better developer experience.

Applied to files:

• apps/web/env.ts

📚 Learning: 2025-11-25T14:38:07.606Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : LLM feature functions must import from `zod` for schema validation, use `createScopedLogger` from `@/utils/logger`, `chatCompletionObject` and `createGenerateObject` from `@/utils/llms`, and import `EmailAccountWithAI` type from `@/utils/llms/types`

Applied to files:

• apps/web/utils/llms/model.ts

🧬 Code graph analysis (1)

apps/web/utils/llms/model.ts (2)

apps/web/env.ts (1)

• env (17-246)

apps/web/utils/llms/config.ts (2)

• providerOptions (18-29)
• Provider (7-16)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: cubic · AI code reviewer
• GitHub Check: Review for correctness
• GitHub Check: test

🔇 Additional comments (4)

version.txt (1)

1-1: LGTM!

Version bump is appropriate for the feature additions in this PR.

apps/web/utils/outlook/client.ts (2)

11-12: LGTM!

The 10-minute buffer is a sensible safeguard to prevent token expiry during long-running Outlook operations.

---

103-107: LGTM!

The enhanced token refresh logic correctly prevents using tokens that will expire within 10 minutes, ensuring stability during long-running operations.

apps/web/utils/llms/model.ts (1)

71-86: LGTM! The OpenAI store parameter implementation is correct.

OpenAI's API supports the store parameter to control data persistence, and the Vercel AI SDK properly maps providerOptions.openai.store to this parameter. When Zero Data Retention is enabled at the organization level, OpenAI treats the store parameter as false regardless of the request value. Setting store: false when the OPENAI_ZERO_DATA_RETENTION environment variable is enabled is the correct defensive approach and aligns with the referenced issue.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if OPENAI_ZERO_DATA_RETENTION is in .env.example and turbo.json

echo "=== Checking .env.example ==="
find . -name ".env.example" -type f | head -1 | xargs grep -n "OPENAI_ZERO_DATA_RETENTION" || echo "NOT FOUND"

echo ""
echo "=== Checking turbo.json ==="
find . -name "turbo.json" -type f | head -1 | xargs grep -n "OPENAI_ZERO_DATA_RETENTION" || echo "NOT FOUND"

echo ""
echo "=== Current .env.example (last 20 lines) ==="
find . -name ".env.example" -type f | head -1 | xargs tail -20

echo ""
echo "=== Current turbo.json build.env section ==="
find . -name "turbo.json" -type f | head -1 | xargs jq '.tasks.build.env // empty' 2>/dev/null || echo "Could not parse turbo.json"

Repository: elie222/inbox-zero

Length of output: 3299

---

Add OPENAI_ZERO_DATA_RETENTION to .env.example and turbo.json.

The environment variable is defined in env.ts but missing from .env.example and turbo.json. Add it to .env.example with an example value and to turbo.json under tasks.build.env array.

🤖 Prompt for AI Agents

In apps/web/env.ts around line 63, OPENAI_ZERO_DATA_RETENTION is defined but
missing from configuration examples; add a line to .env.example like
OPENAI_ZERO_DATA_RETENTION=false (or true as appropriate) so users see an
example, and update turbo.json by adding "OPENAI_ZERO_DATA_RETENTION" to the
tasks.build.env array (ensure JSON formatting/commas remain valid).