Land release blocker fixes and workspace cleanup
Some checks failed
check / cargo check (macos-latest) (push) Has been cancelled
check / cargo check (ubuntu-22.04) (push) Has been cancelled
check / cargo check (windows-latest) (push) Has been cancelled
check / svelte build + lint (push) Has been cancelled

This commit is contained in:
2026-04-23 00:16:09 +01:00
parent d7363cc913
commit 9b0067b4c0
36 changed files with 1529 additions and 418 deletions

View File

@@ -4,6 +4,28 @@
**Path:** `crates/cloud-providers/src/keystore.rs:6-18`
**Source:** [2026-04-22 code review](../code-review-2026-04-22.md)
**Labels:** release-blocker, major, unsafe-api, cloud
**Status:** RESOLVED (2026-04-22)
## Resolution
Chose acceptance option 2. The environment-mutation stub is gone;
`store_api_key` now writes into a process-global
`OnceLock<Mutex<HashMap<String, String>>>`, so the safe signature matches
the actual safety properties.
Additional details:
- Stored keys now live in-memory only for the life of the process.
- `retrieve_api_key` checks the in-memory keystore first, then falls
back to read-only `KON_API_KEY_<PROVIDER>` environment variables so
externally injected secrets still work.
- Module docs now describe the real tradeoff clearly: safe from any
thread, but non-persistent until a proper OS keychain backend lands.
Regression tests:
- `stored_key_is_retrievable_without_env_mutation`
- `providers_do_not_overlap`
## Problem