hugo/bDS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: rollback in-memory key on store failure, add corrupted-data and rollback tests

Browse Source
This commit is contained in:
hugo
2026-03-01 13:20:16 +01:00
parent 226c9193d6
commit 4bd7e6cd99
4 changed files with 70 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
tests/engine/ChatEngine.test.ts
View File

@@ -778,19 +778,34 @@ describe('ChatEngine', () => {
describe('deleteSetting', () => {
it('should delete a setting by key', async () => {
let capturedTable: any;
let capturedPredicate: any;
vi.mocked(mockLocalDb.delete).mockImplementation(() => ({
where: vi.fn((predicate) => {
capturedPredicate = predicate;
return Promise.resolve();
}),
} as any));
vi.mocked(mockLocalDb.delete).mockImplementation((table: any) => {
capturedTable = table;
return {
where: vi.fn((predicate) => {
capturedPredicate = predicate;
return Promise.resolve();
}),
} as any;
});
await chatEngine.deleteSetting('opencode_api_key');
expect(mockLocalDb.delete).toHaveBeenCalled();
expect(mockLocalDb.delete).toHaveBeenCalledTimes(1);
// Verify the correct table was targeted
expect(capturedTable).toBeDefined();
// Verify a where predicate was passed
expect(capturedPredicate).toBeDefined();
});
it('should not throw for nonexistent keys', async () => {
vi.mocked(mockLocalDb.delete).mockImplementation(() => ({
where: vi.fn(() => Promise.resolve()),
} as any));
await expect(chatEngine.deleteSetting('nonexistent_key')).resolves.not.toThrow();
});
});
describe('setSelectedModel', () => {

22
tests/engine/SecureKeyStore.test.ts
View File

@@ -5,7 +5,7 @@
* and ChatEngine dependencies.
*/
import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
import { describe, it, expect, beforeEach, vi } from 'vitest';
// Track mock state
let safeStorageAvailable = true;
@@ -205,4 +205,24 @@ describe('SecureKeyStore', () => {
expect(mockChatEngine.deleteSetting).toHaveBeenCalledWith('opencode_api_key');
});
});
describe('retrieve with corrupted data', () => {
it('throws when stored base64 decodes to invalid ciphertext', async () => {
const store = new SecureKeyStore(mockChatEngine as any);
// Simulate corrupted data: valid base64 but not a valid encrypted buffer
mockSettings.set('__encrypted_api_key', Buffer.from('CORRUPT:garbage').toString('base64'));
await expect(store.retrieve('api_key')).rejects.toThrow('Failed to decrypt');
});
it('throws when stored value is not valid base64', async () => {
const store = new SecureKeyStore(mockChatEngine as any);
// Not valid base64 — Buffer.from tolerates this but decryptString will reject it
mockSettings.set('__encrypted_api_key', '!!!not-base64!!!');
await expect(store.retrieve('api_key')).rejects.toThrow('Failed to decrypt');
});
});
});