[DB-29] added IPC methods for secretsManager

[nafees87n]

Summary by CodeRabbit

• New Features

  • Consolidated secrets manager API offering unified initialization, provider management, connection testing, secret retrieval, and refresh operations.
  • Added provider change notification subscriptions for real-time updates.

• Refactor

  • Updated IPC channel naming conventions for improved consistency in secrets manager communications.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[linear]

DB-29 IPC layer for secrets manager

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a0be05b5-35a2-40e8-8a1c-f64479fa9e1b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The PR introduces a functional API layer for secrets management by creating a new index.ts file that exports 10 public functions (initSecretsManager, subscribeToProvidersChange, setSecretProviderConfig, getSecretValue, etc.) wrapping an underlying SecretsManager singleton. The main/events.js file is refactored to import and use these functions instead of directly instantiating concrete classes. IPC channel handlers are updated to follow a "secretsManager:\*" naming convention and delegate to the corresponding exported functions. The public getSecretsManager() helper is removed from secretsManager.ts, and a type adjustment is made in SecretsManagerEncryptedStorage to treat stored data as a Record map structure.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: introducing IPC methods for the secretsManager module, which aligns with the primary file changes in src/main/events.js that wire up IPC handlers.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ipc-layer

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nafees87n]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@src/lib/secretsManager/index.ts`:
- Around line 7-12: The current getSecretsManager function returns null when
SecretsManager.isInitialized() is false, causing NPEs elsewhere; change
getSecretsManager to throw a clear, descriptive Error (e.g., "SecretsManager not
initialized - call init first") instead of returning null so callers like
getSecretsManager().onProvidersChange(...) fail fast; update any docs/comments
if needed and keep the checks around SecretsManager.isInitialized(),
SecretsManager.getInstance(), and calls to onProvidersChange/getSecret etc. to
reflect this contract.
- Line 23: Remove the temporary debug logging call console.log("!!!debug",
"secretsManager initialized") from src/lib/secretsManager/index.ts; either
delete that line or replace it with the project's proper logger (e.g.,
processLogger.debug or similar) consistent with surrounding logging conventions
so no stray debug output remains.

In `@src/main/events.js`:
- Around line 289-296: subscribeToProvidersChange's unsubscribe function is
being discarded, causing duplicate subscriptions; capture the unsubscribe
returned by subscribeToProvidersChange inside the ipcMain.handle for
"secretsManager:subscribeToProvidersChange" and return it to the renderer so it
can call it to remove the listener (i.e., const unsubscribe =
subscribeToProvidersChange(...); return () => unsubscribe()). Alternatively, if
you prefer a singleton subscription, store the unsubscribe in a module-scoped
variable (e.g., currentProvidersUnsub) and reuse/replace it when ipcMain.handle
is invoked to prevent multiple subscriptions; references:
ipcMain.handle("secretsManager:subscribeToProvidersChange"),
subscribeToProvidersChange, webAppWindow.webContents.send, and the
"secretsManager:providersChanged" channel.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Unsubscribe callback is discarded, risking duplicate subscriptions and memory leaks.

subscribeToProvidersChange() returns an unsubscribe function, but it's not being returned or stored. If the renderer calls this IPC handler multiple times, each call creates a new subscription without a way to clean up the previous ones.

Consider either:

1. Tracking subscription state to prevent duplicates, or
2. Returning the unsubscribe mechanism to the renderer

🔧 Proposed fix (option 1: singleton subscription)

+let providersChangeUnsubscribe = null;
+
 ipcMain.handle("secretsManager:subscribeToProvidersChange", () => {
+  // Prevent duplicate subscriptions
+  if (providersChangeUnsubscribe) {
+    return;
+  }
-  subscribeToProvidersChange((providers) => {
+  providersChangeUnsubscribe = subscribeToProvidersChange((providers) => {
     webAppWindow?.webContents.send(
       "secretsManager:providersChanged",
       providers
     );
   });
 });

🤖 Prompt for AI Agents

In `@src/main/events.js` around lines 289 - 296, subscribeToProvidersChange's
unsubscribe function is being discarded, causing duplicate subscriptions;
capture the unsubscribe returned by subscribeToProvidersChange inside the
ipcMain.handle for "secretsManager:subscribeToProvidersChange" and return it to
the renderer so it can call it to remove the listener (i.e., const unsubscribe =
subscribeToProvidersChange(...); return () => unsubscribe()). Alternatively, if
you prefer a singleton subscription, store the unsubscribe in a module-scoped
variable (e.g., currentProvidersUnsub) and reuse/replace it when ipcMain.handle
is invoked to prevent multiple subscriptions; references:
ipcMain.handle("secretsManager:subscribeToProvidersChange"),
subscribeToProvidersChange, webAppWindow.webContents.send, and the
"secretsManager:providersChanged" channel.