Skip to content

fix: keep unsigned dev builds from corrupting shared keychain state#1

Merged
4LAU merged 1 commit into
mainfrom
fix/dev-vault-shared-state
Jun 16, 2026
Merged

fix: keep unsigned dev builds from corrupting shared keychain state#1
4LAU merged 1 commit into
mainfrom
fix/dev-vault-shared-state

Conversation

@4LAU

@4LAU 4LAU commented Jun 16, 2026

Copy link
Copy Markdown
Owner

Adversarial-review follow-up. Two HIGH findings, both confirmed genuine and fixed:

  • Shared bookkeeping corruption — the file dev vault (unsigned builds) shares config.json with signed builds and could advance the auth-storage version, migrate, or delete the legacy auth store, making a later signed release skip its real Keychain migration and find no saved auth. Keychain migration/repair/cleanup now run only when the Keychain backend is active.
  • App/helper backend split — the menu app now pins the codex-profile helper it launches to its own auth backend, so a signing-identity mismatch can no longer split a login across two stores.

Regression coverage added (unit + integration). Build green, all tests pass. Dev/mixed-install hardening only — signed-release users were never exposed.

The file-based dev vault (used by unsigned builds) shares config.json with
signed builds. It could advance the auth-storage version, migrate, or delete
the legacy auth store -- making a later signed release skip its real Keychain
migration and find no saved auth. Keychain migration, repair, and legacy
cleanup now run only when the Keychain backend is active.

The menu app also now pins the codex-profile helper it launches to its own
auth backend (CODEX_PROFILE_FILE_AUTH_STORE_DIR / CODEX_PROFILE_FORCE_KEYCHAIN),
so an app and its delegated helper can no longer split a login across two
stores when their signing identities differ.

Adds regression coverage: a unit test proving the file vault leaves the
shared version and legacy store untouched, and an integration test proving
the backend override pins the helper's store.
@4LAU 4LAU merged commit 9713142 into main Jun 16, 2026
1 check passed
@4LAU 4LAU deleted the fix/dev-vault-shared-state branch June 16, 2026 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant