fix(cdn): reject manifests missing artifacts before cache wipe#2288
Draft
cursor[bot] wants to merge 1 commit into
Draft
fix(cdn): reject manifests missing artifacts before cache wipe#2288cursor[bot] wants to merge 1 commit into
cursor[bot] wants to merge 1 commit into
Conversation
Background CDN refresh called _rebuildFromRoot() which cleared all
in-memory definitions before checking for an artifacts section. A
transient or bad deploy returning parseable JSON without artifacts
(e.g. {}) wiped the working session and could persist the unusable
manifest via _saveCachedState.
Validate the artifacts section exists before mutating cache state so
failed refreshes keep the last good definitions.
Co-authored-by: Sharjeel Yunus <sharjeelyunus@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug and impact
Trigger: A CDN-backed app with a working cached manifest runs a background refresh (
_refreshIfStale). The manifest download returns HTTP 200 with JSON that parses successfully but has noartifactssection (bad deploy, CDN misconfiguration, or a truncated body like{}).Impact:
_rebuildFromRoot()cleared all in-memory screens, translations, theme, and secrets before discoveringartifactswas missing, then returned early._doRefreshIfStale()still persisted the unusable manifest toSharedPreferences. The app could lose all definitions for the rest of the session and on subsequent cold starts until a valid manifest was published.Root cause
_rebuildFromRoot()mutated cache state (clearing_artifactCache, mappings, config, and runtime secrets) before validating that the manifest contained anartifactsmap. When validation failed, it returned without restoring the previous cache.Fix
artifactsexists before any cache mutation in_rebuildFromRoot().ConfigErroron invalid manifests so refresh callers skip_saveCachedState()and retain the last good in-memory definitions.Validation
modules/ensemble/test/cdn_provider_test.dartcoverage for manifests missingartifacts.modules/ensemble:flutter test test/cdn_provider_test.dartDuplicate check
cursor/critical-bug-remediation-7f90): CDN_lastUpdatedAtcommitted before manifest fetch — different root cause and code path.cursor/critical-bug-remediation-aa33): WiFi callback routing +executeActionawait — unrelated.cursor/critical-bug-remediation-5d4b): FirestorelistenForChangesdedup — unrelated.cursor/critical-bug-inspection-974b): clears persisted cache when stored JSON fails to decode — does not prevent refresh from wiping good in-memory state on parseable-but-invalid manifests.cursor/critical-bug-remediation-2ba3): CDN refresh serialization / persisted tuple snapshot — different root cause.