fix(vault): tolerate ErrVaultExists in concurrent first-run flow#526
Merged
ALRubinger merged 1 commit intomainfrom May 7, 2026
Merged
fix(vault): tolerate ErrVaultExists in concurrent first-run flow#526ALRubinger merged 1 commit intomainfrom
ALRubinger merged 1 commit intomainfrom
Conversation
Surfaced by #454 Test 6 readiness review: ten parallel CLI processes sharing AILERON_VAULT_PASSPHRASE all enter promptCreateAndUnlock, and only one wins the vault.Init race. The losers were aborting with "creating vault: vault: already exists" — confusing UX that doesn't match the contract the test expects (one daemon spawned, calls succeed). Treat vault.ErrVaultExists as success-ish in promptCreateAndUnlock: fall through to the spawn + unlock steps with the passphrase the caller already has. The post-spawn /v1/vault/unlock validates the passphrase end-to-end — if the racing CLIs disagree, the losers naturally surface a 401, which is the right shape for "you and another process picked different passphrases." Concurrent racers with the same passphrase (the Test 6 case) now all succeed, which is the desired behavior. Single-CLI invocations are unchanged. Adds TestEnsureVaultUnlocked_StoppedMissing_TolerateErrVaultExists as the regression guard. Verified the test fails before this fix ("creating vault: vault: already exists") and passes after. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
🚅 Deployed to the aileron-pr-526 environment in aileron 1 service not affected by this PR
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #526 +/- ##
==========================================
- Coverage 81.98% 81.97% -0.01%
==========================================
Files 235 235
Lines 23989 23989
==========================================
- Hits 19667 19665 -2
- Misses 3147 3148 +1
- Partials 1175 1176 +1
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Surfaced by readiness review for #454 Test 6 (concurrent first-run singleton). Ten parallel CLI processes sharing `AILERON_VAULT_PASSPHRASE` all enter `promptCreateAndUnlock`, but only one wins the `vault.Init` race. Pre-fix the losers aborted with "creating vault: vault: already exists" — confusing UX that doesn't match the test's expected contract (one daemon spawned, calls succeed).
Fix
Treat `vault.ErrVaultExists` as success-ish in `promptCreateAndUnlock`: fall through to spawn + unlock with the passphrase the caller already has. The post-spawn `/v1/vault/unlock` validates the passphrase end-to-end — if the racing CLIs disagree, losers naturally surface a 401 ("wrong passphrase — try again"), which is the correct shape for "you and another process picked different passphrases."
Test plan
🤖 Generated with Claude Code