Skip to content

fix: validate before mutating secure backend in renameProfileAsync#217

Draft
bukinoshita wants to merge 1 commit intomainfrom
fix/rename-profile-secure-storage-corruption-bcb0
Draft

fix: validate before mutating secure backend in renameProfileAsync#217
bukinoshita wants to merge 1 commit intomainfrom
fix/rename-profile-secure-storage-corruption-bcb0

Conversation

@bukinoshita
Copy link
Copy Markdown
Member

@bukinoshita bukinoshita commented Apr 9, 2026
edited
Loading

Summary by cubic

Validate profile renames before touching the secure backend in renameProfileAsync to prevent corruption and keep credentials.json in sync. Resolves Linear BU-629.

  • Bug Fixes

    • Early return for same-name renames.
    • Validate newName and ensure credentials.json and source profile exist; reject if destination exists.
    • Only mutate secure backend (get/set/delete) when storage is secure_storage and after all checks pass.
    • Inline the credentials.json update, including active_profile when renamed.

  • Tests

    • Added cases to confirm backend isn’t touched for no-op, existing destination, invalid name, and missing source.
    • All existing tests continue to pass.

Written for commit 6a99fb2. Summary will update on new commits.

@cursoragent @bukinoshita
fix: validate before mutating secure backend in renameProfileAsync
6a99fb2 
Move all validation (no-op check, name validation, profile existence,
destination collision) before any secure credential backend mutations.
Previously, backend.set/delete ran before renameProfile() validation,
causing two corruption modes:

1. Destination already exists: backend mutated, then renameProfile()
   throws, leaving credentials.json and secure storage out of sync.
2. Same-name rename: backend.set then backend.delete on same key
   deletes the stored secret, while renameProfile() returns early.

The fix inlines the validation and file update from renameProfile()
directly into renameProfileAsync(), so the backend is only touched
after all preconditions pass.

Resolves BU-629

Co-authored-by: Bu Kinoshita <bukinoshita@users.noreply.github.com>
@bukinoshita
Copy link
Copy Markdown
Member Author

bukinoshita commented Apr 13, 2026

@cubic-dev-ai can you review?

@cubic-dev-ai
Copy link
Copy Markdown
Contributor

cubic-dev-ai Bot commented Apr 13, 2026

@cubic-dev-ai can you review?

@bukinoshita I have started the AI code review. It will take a few minutes to complete.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bukinoshita @cursoragent