Harden teardown guards and keychain no-UI query handling#381
Harden teardown guards and keychain no-UI query handling#381artuskg wants to merge 10 commits intosteipete:mainfrom
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 71451a3e94
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| self.blinkTask?.cancel() | ||
| self.loginTask?.cancel() |
There was a problem hiding this comment.
Block login task callbacks after test teardown
releaseStatusItemsForTesting() only cancels loginTask, but an in-flight switch-account task still runs its defer (activeLoginProvider = nil, loginTask = nil), and those property observers call refreshMenusForLoginStateChange() which still reaches attachMenus() without an isReleasedForTesting guard. In tests that tear down while login is in progress, this can recreate/mutate status items after teardown and reintroduce the post-release AppKit mutation race this change is trying to prevent.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Addressed in 428fd68.
What changed:
- Added a DEBUG release guard in
refreshMenusForLoginStateChange()so login-task/property-observer callbacks no-op afterreleaseStatusItemsForTesting().
Added regression test:
loginStateCallbacksDoNotAttachMenusAfterRelease()inTests/CodexBarTests/StatusMenuTests.swiftto verify login-state callbacks after release do not reattach menus or recreate status items.
Validation rerun:
pnpm check./Scripts/compile_and_run.sh
Both passed.
|
Open questions to align on before/while merging:
|
Summary
This PR hardens teardown and refresh behavior around
StatusItemControllerand fixes keychain no-UI query handling that could regress into interactive prompt behavior.Errors Found and How to Reproduce / Confirm Independently
1) Keychain UI-fail policy value mismatch
Issue:
"kSecUseAuthenticationUIFail") was used instead of Security’s actual constant value.kSecUseAuthenticationUIto be set incorrectly and invalidate the non-interactive policy.Independent confirmation:
swift -e 'import Security; print(kSecUseAuthenticationUIFail)'and compare output to the literal string.swift test --filter KeychainNoUIQueryTests.2) Linux build break from unconditional Darwin import
Issue:
import Darwinwas unconditional inCodexBarCorekeychain helper code.Independent confirmation:
3) Post-teardown UI mutation race in tests
Issue:
releaseStatusItemsForTesting(), observer/task paths could still execute UI-mutating code paths (handleSettingsChange, animation/blink/menu refresh paths).Independent confirmation:
.systemstatus bar (StatusMenuTests,StatusItemAnimationTests,BatteryDrainDiagnosticTests) and observe teardown-sensitive behavior.What Changed and Why
Keychain / no-UI safety
makeGenericPasswordPreflightQuery(service:account:)to centralize and test query construction.KeychainNoUIQueryTestsfor structural and behavior-level verification.Why:
Status menu/animation teardown hardening
releaseStatusItemsForTesting()) and cancellation/cleanup of tasks/state.isReleasedForTesting) and applied it to observer/animation/menu mutation entry points..systemstatus bar usage in those tests.menuRefreshEnabled.Why:
Validation Run
pnpm check./Scripts/compile_and_run.shswift testAll passed on this branch.
Review / Tooling Provenance