Skip to content

Legacy updateDataSource can release old credentials before the DB write is durable #201

Description

@youhaowei

Problem

Clawpatch flagged a likely data-loss bug in the legacy updateDataSource RPC path.

updateDataSource calls applyCredentialField without the safer superseded-ref collection and post-write release ordering used by the newer command path. When a data-source credential is rotated or cleared, the old secret can be released before the DB update and snapshot are safely durable.

Evidence

Clawpatch run: 20260629T235052-baec0e

Finding: fnd_sig-feat-library-65745d6fa8-280a_57b14d6fcc

Relevant paths:

  • apps/server/src/functions/app-artifacts.ts around updateDataSource
  • apps/server/src/functions/utils.ts around applyCredentialField
  • apps/server/src/functions/commands.ts around setDataSourceConfig
  • apps/server/src/functions/app-artifacts.ts app artifact RPC exports

Expected fix

Either retire/delegate the legacy RPC to the safer command path, or mirror the command-path ordering: write the DB state and flush/snapshot successfully before releasing superseded credential refs.

Scope

Follow-up from PR #197 review. This is not introduced by the assistant read-layer changes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions