fix: add rollback semantics to secure-storage credential operations#241
Draft
bukinoshita wants to merge 2 commits intomainfrom
Draft
fix: add rollback semantics to secure-storage credential operations#241bukinoshita wants to merge 2 commits intomainfrom
bukinoshita wants to merge 2 commits intomainfrom
Conversation
Resolve data integrity issue (BU-632) where secure-storage login/logout paths could leave local auth state inconsistent when a backend or filesystem failure occurs mid-operation. Changes to src/lib/config.ts: - storeApiKeyAsync: roll back backend.set() if credentials file write fails - removeApiKeyAsync: verify backend.delete() returns true before proceeding; restore the key in the backend if file removal fails afterward - removeAllApiKeysAsync: aggregate all delete results and abort with error if any backend deletion fails, preserving the credentials file - renameProfileAsync: verify backend.delete() returns true; roll back backend state if either the old-name delete fails or the file rename fails Tests added for each failure mode: - storeApiKeyAsync: backend rollback on file write failure - removeApiKeyAsync: throws on false delete return; restores key on file failure - removeAllApiKeysAsync: preserves file when any backend delete fails - renameProfileAsync: cleans up new-name on old-name delete failure; restores old-name on file write failure Co-authored-by: Bu Kinoshita <bukinoshita@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by cubic
Adds transactional rollback to secure-storage credential operations so the OS keychain and
credentials.jsonstay in sync.storeApiKeyAsync: roll backbackend.set()if writingcredentials.jsonfails.removeApiKeyAsync: requirebackend.delete()to returntrue; restore the key if file removal fails.removeAllApiKeysAsync: remove the file only if all backend deletes succeed; throw with failed profile names otherwise.renameProfileAsync: verify old-name delete; clean up new-name or restore old-name if file rename fails.Written for commit 10df862. Summary will update on new commits.