SoulSync

History

BoulderBadgeDad d2a167ff5f Profiles: review fixes — close two gating gaps + reject whitespace secrets Adversarial line-by-line review of the feature diff turned up: - /api/database/update/stop was NOT @admin_only while its sibling start_update was — a non-admin could abort a library scan. Gated. - /api/metadata-cache/evict was NOT gated while its clear siblings were. Gated. - validate_credential_payload now treats whitespace-only values as missing, so a blank-but-spacey secret can't be saved to fail confusingly later. Tests updated: both endpoints added to the admin-gating matrix; a whitespace-only validation case added. 42 credential/gating tests pass. Review also confirmed (no change needed): migration is idempotent + additive + O(1); encryption round-trips with a non-dict guard; no SQL injection; stale selections fall back to None safely; no secret ever returned to the browser; the hybrid-drag index math is correct in both directions; the new resolver is fully DORMANT (zero runtime callers) so existing client behaviour is untouched; and @admin_only is a no-op for single-profile installs (default profile = admin).	1 week ago
..
__init__.py	Profiles Phase 0: service-credential-sets foundation (data + resolver, dormant)	1 week ago
store.py	Profiles: review fixes — close two gating gaps + reject whitespace secrets	1 week ago

BoulderBadgeDad d2a167ff5f Profiles: review fixes — close two gating gaps + reject whitespace secrets

Adversarial line-by-line review of the feature diff turned up:
- /api/database/update/stop was NOT @admin_only while its sibling start_update
  was — a non-admin could abort a library scan. Gated.
- /api/metadata-cache/evict was NOT gated while its clear siblings were. Gated.
- validate_credential_payload now treats whitespace-only values as missing, so
  a blank-but-spacey secret can't be saved to fail confusingly later.

Tests updated: both endpoints added to the admin-gating matrix; a whitespace-only
validation case added. 42 credential/gating tests pass.

Review also confirmed (no change needed): migration is idempotent + additive +
O(1); encryption round-trips with a non-dict guard; no SQL injection; stale
selections fall back to None safely; no secret ever returned to the browser;
the hybrid-drag index math is correct in both directions; the new resolver is
fully DORMANT (zero runtime callers) so existing client behaviour is untouched;
and @admin_only is a no-op for single-profile installs (default profile = admin).

__init__.py

Profiles Phase 0: service-credential-sets foundation (data + resolver, dormant)

store.py

Profiles: review fixes — close two gating gaps + reject whitespace secrets