stacklok / toolhive / 23852027252
65%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 595
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 65.503% (-0.009%) from 65.512%
23852027252

push

github

web-flow 
Add crash-safe migration for legacy system secret keys (#4346)

* Add crash-safe migration for legacy system secret keys

Existing users may have registry tokens and workload auth secrets stored
under bare keys (BEARER_TOKEN_, OAUTH_CLIENT_SECRET_, REGISTRY_OAUTH_,
etc.) that pre-date the scoped provider wrappers. This migration renames
them into the __thv_<scope>_ namespace on first startup so they are
accessible via the new scoped providers and hidden from user-facing secret
commands.

Key design properties:
- Write-before-delete ordering: the new key is written before the old is
  deleted, so a crash mid-migration leaves the secret reachable.
- Idempotent: a missing old key is silently skipped, making retries safe.
- One-shot: guarded by the SecretScopeMigration config flag; once set,
  the migration is a cheap config read and returns immediately.
- Discovery-based: DiscoverMigrations lists all secrets and matches known
  system prefixes, so no static registry of workload names is required.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Update migration.go to use SecretScope type and method-based scoping

Follow-up from the SecretScope type change: update SystemKeyPrefixMappings
Scope field from string to SecretScope, and replace the removed package-level
scopedKey() function with inline key construction.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Address review feedback on migration.go

- Rename local variable migrations → keyMigrations in DiscoverMigrations
  for clarity (distinguishes the slice from the function parameter name
  used in MigrateSystemKeys)
- Replace inline strings.HasPrefix(key, SystemKeyPrefix) with isSystemKey(key)
  to reuse the existing helper and keep the intent explicit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Make MigrateSystemKeys idempotent with existence check

Before writing the scoped key, check if it already exists. If it does
(e.g. from a partial prior run), ski... (continued)

45 of 90 new or added lines in 3 files covered. (50.0%)

2 existing lines in 1 file now uncovered.

53201 of 81219 relevant lines covered (65.5%)

65.06 hits per line

Uncovered Changes

Lines Coverage File
39
0.0
 pkg/migration/secret_scope.go
4
0.0
 0.0% cmd/thv/main.go
2
95.74
 pkg/secrets/migration.go

Coverage Regressions

Lines Coverage File
2
82.81
 -0.21% pkg/vmcp/composer/workflow_engine.go
Jobs
ID Job ID Ran Files Coverage
1 23852027252.1 595
65.5
 GitHub Action Run
Source Files on build 23852027252