Skip to content

test(accounts): assert removed-account secrets are pruned from the state file#18

Open
iceteaSA wants to merge 1 commit into
cortexkit:mainfrom
iceteaSA:test/state-secret-prune
Open

test(accounts): assert removed-account secrets are pruned from the state file#18
iceteaSA wants to merge 1 commit into
cortexkit:mainfrom
iceteaSA:test/state-secret-prune

Conversation

@iceteaSA

@iceteaSA iceteaSA commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

What

Extends the existing mutateAccounts removal test (accounts-store.test.ts) to assert that a removed account's per-account secrets are scrubbed from the state file, not just that the config file's id list no longer contains it.

Test-only — zero production change (core/accounts.ts is byte-identical to main).

Why

mutateAccounts writes the config authoritatively and rebuilds the state file via stateFromStorage(next), so a removed account's access/refresh tokens are already pruned. But the removal test only verified the config file:

const cfg = JSON.parse(readFileSync(cfgPath, 'utf8'))
expect(cfg.accounts.map((a) => a.id)).toEqual(['a', 'c'])

A regression that rebuilt the config authoritatively while leaving the state entries merged in (e.g. unioning stale on-disk state into the rebuild) would leave a deleted account's credentials at rest — a credential leak — and still pass every existing assertion. The state file is where the tokens actually live, so it's the security-relevant surface to pin.

The added assertions

const stateRaw = readFileSync(statePath, 'utf8')
const state = JSON.parse(stateRaw)
expect(Object.keys(state.accounts ?? {}).sort()).toEqual(['a', 'c'])
expect(stateRaw).not.toContain('acc-b')
expect(stateRaw).not.toContain('ref-b')

Verification

  • Red-first proven load-bearing: temporarily simulating the leak (unioning stale on-disk state into the state rebuild) makes this test fail (state.accounts keys ['a','b','c']['a','c']); reverting restores green. So it guards the real regression, not just current behavior.
  • Full suite green: 461 pass / 0 fail, typecheck clean, build clean, biome clean.

Context: this is the one piece of #17 not already covered by 38df1ff (which independently landed the same mutateAccounts fix). Closed #17 as superseded and salvaged this test as a focused standalone.


View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.


Summary by cubic

Extend the mutateAccounts removal test to verify the state file drops the deleted account and its tokens, preventing stale credentials at rest. Test-only change; production code unchanged.

Written for commit a9f2379. Summary will update on new commits.

Review in cubic

…ate file

The removal test verified the config file no longer lists the deleted id, but
not that the per-account state file is scrubbed of the removed account's
access/refresh tokens. A regression that rebuilt config authoritatively while
leaving stale state entries would leave a deleted account's credentials at rest
and pass the existing assertions. Extend the test to assert state.accounts drops
the removed id and the raw state file contains neither of its tokens.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Re-trigger cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant