ship: tighten review follow-up

Author: arul28

apps/desktop/src/main/services/ai/apiKeyStore.test.ts

@@ -44,7 +44,10 @@ function securityArg(args: string[], flag: string): string {
   return index >= 0 ? args[index + 1] ?? "" : "";
 }
 
-function installSecurityMock(keychain: Map<string, string>): void {
+function installSecurityMock(
+  keychain: Map<string, string>,
+  options: { failProviderIndexWrites?: boolean } = {},
+): void {
   spawnSyncMock.mockImplementation((_command: string, rawArgs: string[]) => {
     const args = rawArgs.map(String);
     const command = args[0];
@@ -64,6 +67,9 @@ function installSecurityMock(keychain: Map<string, string>): void {
       };
     }
     if (command === "add-generic-password") {
+      if (options.failProviderIndexWrites && account === "__ade_provider_index__") {
+        return { status: 1, stdout: "", stderr: "provider index write failed" };
+      }
       keychain.set(account, securityArg(args, "-w"));
       return { status: 0, stdout: "", stderr: "" };
     }
@@ -131,6 +137,38 @@ describe("apiKeyStore", () => {
     expect(fs.existsSync(path.join(tempRoot, ".ade", "secrets", "api-keys.v1.bin"))).toBe(false);
   });
 
+  it("keeps a stored Keychain key usable when the provider index write fails", async () => {
+    installSecurityMock(keychain, { failProviderIndexWrites: true });
+    const store = await loadStoreModule();
+    store.initApiKeyStore(tempRoot);
+
+    store.storeApiKey("cursor", "crsr_test_key");
+
+    expect(store.getApiKey("cursor")).toBe("crsr_test_key");
+    expect(store.listStoredProviders()).toContain("cursor");
+    expect(keychain.get("cursor")).toBe("crsr_test_key");
+    expect(keychain.has("__ade_provider_index__")).toBe(false);
+    expect(store.getApiKeyStoreStatus().macosKeychainError).toContain("provider index write failed");
+  });
+
+  it("removes a deleted Keychain key from memory when the provider index write fails", async () => {
+    keychain.set("__ade_provider_index__", JSON.stringify(["cursor"]));
+    keychain.set("cursor", "crsr_test_key");
+    installSecurityMock(keychain, { failProviderIndexWrites: true });
+    const store = await loadStoreModule();
+    store.initApiKeyStore(tempRoot);
+
+    expect(store.getApiKey("cursor")).toBe("crsr_test_key");
+
+    store.deleteApiKey("cursor");
+
+    expect(store.getApiKey("cursor")).toBeNull();
+    expect(store.listStoredProviders()).not.toContain("cursor");
+    expect(keychain.has("cursor")).toBe(false);
+    expect(keychain.get("__ade_provider_index__")).toContain("cursor");
+    expect(store.getApiKeyStoreStatus().macosKeychainError).toContain("provider index write failed");
+  });
+
   it("migrates a decryptable legacy safeStorage blob into macOS Keychain", async () => {
     const secretsDir = path.join(tempRoot, ".ade", "secrets");
     fs.mkdirSync(secretsDir, { recursive: true });

apps/desktop/src/main/services/ai/apiKeyStore.ts

@@ -229,6 +229,15 @@ function writeMacosKeychainProviderIndex(providers: Iterable<string>): void {
   );
 }
 
+function tryWriteMacosKeychainProviderIndex(providers: Iterable<string>): void {
+  try {
+    writeMacosKeychainProviderIndex(providers);
+  } catch {
+    // The provider index only powers discovery/listing. Keep the just-written
+    // secret usable in this process even if the secondary index write fails.
+  }
+}
+
 function knownProviderCandidates(extraProviders?: Iterable<string>): string[] {
   const providers = new Set<string>(Object.keys(ENV_KEY_PROVIDERS));
   for (const provider of extraProviders ?? []) {
@@ -390,9 +399,9 @@ export function storeApiKey(provider: string, key: string): void {
   const store = ensureStore();
   if (isMacosKeychainAvailable()) {
     writeMacosKeychainSecret(normalizedProvider, normalizedKey);
-    const index = readMacosKeychainProviderIndex();
-    writeMacosKeychainProviderIndex(new Set([...index.providers, normalizedProvider]));
     store[normalizedProvider] = normalizedKey;
+    const index = readMacosKeychainProviderIndex();
+    tryWriteMacosKeychainProviderIndex(new Set([...index.providers, normalizedProvider]));
     return;
   }
   const nextStore = { ...store, [normalizedProvider]: normalizedKey };
@@ -420,9 +429,9 @@ export function deleteApiKey(provider: string): void {
   const store = ensureStore();
   if (isMacosKeychainAvailable()) {
     deleteMacosKeychainSecret(normalizedProvider);
-    const index = readMacosKeychainProviderIndex();
-    writeMacosKeychainProviderIndex(index.providers.filter((entry) => entry !== normalizedProvider));
     delete store[normalizedProvider];
+    const index = readMacosKeychainProviderIndex();
+    tryWriteMacosKeychainProviderIndex(index.providers.filter((entry) => entry !== normalizedProvider));
     return;
   }
   const nextStore = { ...store };

apps/desktop/src/main/services/chat/agentChatService.ts

@@ -1292,6 +1292,14 @@ function normalizeReasoningEffort(value: unknown): string | null {
   return normalized.length > 0 ? normalized : null;
 }
 
+function catalogDescriptorInfoKey(
+  group: ModelProviderGroup,
+  providerKey: string,
+  descriptorId: string,
+): string {
+  return `${group}:${providerKey}:${descriptorId}`;
+}
+
 function resolveSessionModelDescriptor(session: AgentChatSession): ModelDescriptor | null {
   if (session.modelId) {
     return getModelById(session.modelId) ?? resolveModelAlias(session.modelId) ?? null;
@@ -16898,11 +16906,6 @@ export function createAgentChatService(args: {
 
   const getModelCatalog = async (): Promise<AgentChatModelCatalog> => {
     const catalogProviders: ModelProviderGroup[] = ["claude", "codex", "cursor", "droid", "opencode"];
-    const descriptorInfoKey = (
-      group: ModelProviderGroup,
-      providerKey: string,
-      descriptorId: string,
-    ): string => `${group}:${providerKey}:${descriptorId}`;
     const modelsByProvider = await Promise.all(
       catalogProviders.map(async (provider) => {
         try {
@@ -16939,7 +16942,7 @@ export function createAgentChatService(args: {
           ...(runtimeTiers?.length ? { reasoningTiers: runtimeTiers } : {}),
         };
         descriptors.push(patched);
-        descriptorInfo.set(descriptorInfoKey(provider, patched.family, patched.id), { provider, info });
+        descriptorInfo.set(catalogDescriptorInfoKey(provider, patched.family, patched.id), { provider, info });
       }
     }
 
@@ -16963,7 +16966,7 @@ export function createAgentChatService(args: {
             key: subsection.key,
             label: subsection.label,
             models: subsection.models.map((descriptor) => {
-              const entry = descriptorInfo.get(descriptorInfoKey(group.key, provider.key, descriptor.id));
+              const entry = descriptorInfo.get(catalogDescriptorInfoKey(group.key, provider.key, descriptor.id));
               const runtimeProvider = entry?.provider ?? resolveProviderGroupForModel(descriptor);
               const runtimeModelId = entry?.info.id ?? getRuntimeModelRefForDescriptor(descriptor, runtimeProvider);
               const reasoningEfforts = entry?.info.reasoningEfforts

apps/desktop/src/main/services/chat/cursorSdkHooks.test.ts

@@ -5,6 +5,7 @@ import os from "node:os";
 import path from "node:path";
 import { describe, expect, it } from "vitest";
 import {
+  __buildCursorSdkHookCommandForTests,
   cursorSdkHookScriptPath,
   cursorSdkHooksJsonPath,
   ensureCursorSdkUserHook,
@@ -162,4 +163,28 @@ describe("Cursor SDK hook installation", () => {
       fs.rmSync(home, { recursive: true, force: true });
     }
   });
+
+  it("uses a direct cmd set prefix for packaged Electron hooks on Windows", () => {
+    const originalPlatform = process.platform;
+    const originalElectron = process.versions.electron;
+    Object.defineProperty(process, "platform", { value: "win32", configurable: true });
+    Object.defineProperty(process.versions, "electron", { value: "37.0.0", configurable: true });
+    try {
+      const command = __buildCursorSdkHookCommandForTests(
+        undefined,
+        String.raw`C:\Users\Ada Lovelace\.cursor\hooks\ade-tool-gate.cjs`,
+      );
+      expect(command).toBe(
+        `set ELECTRON_RUN_AS_NODE=1&& "${process.execPath}" "C:\\Users\\Ada Lovelace\\.cursor\\hooks\\ade-tool-gate.cjs"`,
+      );
+      expect(command).not.toContain("cmd /d /s /c");
+    } finally {
+      Object.defineProperty(process, "platform", { value: originalPlatform, configurable: true });
+      if (originalElectron === undefined) {
+        Reflect.deleteProperty(process.versions, "electron");
+      } else {
+        Object.defineProperty(process.versions, "electron", { value: originalElectron, configurable: true });
+      }
+    }
+  });
 });

apps/desktop/src/main/services/chat/cursorSdkHooks.ts

@@ -26,22 +26,26 @@ function shellQuote(value: string): string {
 }
 
 function windowsCmdQuote(value: string): string {
-  if (/[\0\r\n]/.test(value)) {
-    throw new Error("Cursor hook command paths cannot contain control characters.");
+  if (/[\0\r\n"%]/.test(value)) {
+    throw new Error("Cursor hook command paths cannot contain control characters or Windows cmd expansion characters.");
   }
-  return `"${value.replace(/(["^&|<>%])/g, "^$1")}"`;
+  return `"${value}"`;
+}
+
+function commandPathQuote(value: string): string {
+  return process.platform === "win32" ? windowsCmdQuote(value) : shellQuote(value);
 }
 
 function buildHookCommand(nodePath: string | undefined, scriptPath: string): string {
   const explicitNode = nodePath?.trim();
-  if (explicitNode) return `${shellQuote(explicitNode)} ${shellQuote(scriptPath)}`;
+  if (explicitNode) return `${commandPathQuote(explicitNode)} ${commandPathQuote(scriptPath)}`;
   if (process.versions.electron) {
     if (process.platform === "win32") {
-      return `cmd /d /s /c "set ELECTRON_RUN_AS_NODE=1&& ${windowsCmdQuote(process.execPath)} ${windowsCmdQuote(scriptPath)}"`;
+      return `set ELECTRON_RUN_AS_NODE=1&& ${windowsCmdQuote(process.execPath)} ${windowsCmdQuote(scriptPath)}`;
     }
     return `ELECTRON_RUN_AS_NODE=1 ${shellQuote(process.execPath)} ${shellQuote(scriptPath)}`;
   }
-  return `${shellQuote(process.execPath)} ${shellQuote(scriptPath)}`;
+  return `${commandPathQuote(process.execPath)} ${commandPathQuote(scriptPath)}`;
 }
 
 function readObject(value: unknown): Record<string, unknown> | null {
@@ -217,6 +221,8 @@ main().catch((error) => {
   fs.writeFileSync(scriptPath, source, { mode: 0o755 });
 }
 
+export const __buildCursorSdkHookCommandForTests = buildHookCommand;
+
 export function ensureCursorSdkUserHook(args: {
   userHomeDir: string;
   nodePath?: string;

apps/desktop/src/main/services/chat/cursorSdkPool.ts

@@ -104,6 +104,8 @@ function ensurePrivateDirectory(dir: string): void {
   fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
   let fd: number | null = null;
   try {
+    // Older Node/platform pairs can omit these open flags; fstat below still
+    // verifies the directory shape when the constants are unavailable.
     fd = fs.openSync(
       dir,
       fs.constants.O_RDONLY

apps/desktop/src/main/services/ipc/registerIpc.ts

@@ -3229,6 +3229,8 @@ export function registerIpc({
     const { storeApiKey } = await import("../ai/apiKeyStore");
     storeApiKey(arg.provider, arg.key);
     try {
+      // The key store mutation already succeeded; invalidation is a freshness
+      // step so settings save/delete should not fail if a runtime cache is gone.
       ctx.aiIntegrationService.invalidateProviderReadinessCaches();
     } catch (error) {
       ctx.logger.warn("ai.api_key_cache_invalidation_failed", {
@@ -3243,6 +3245,8 @@ export function registerIpc({
     const { deleteApiKey } = await import("../ai/apiKeyStore");
     deleteApiKey(arg.provider);
     try {
+      // The key store mutation already succeeded; invalidation is a freshness
+      // step so settings save/delete should not fail if a runtime cache is gone.
       ctx.aiIntegrationService.invalidateProviderReadinessCaches();
     } catch (error) {
       ctx.logger.warn("ai.api_key_cache_invalidation_failed", {

apps/ios/ADE/Views/Work/WorkModelCatalog.swift

@@ -472,6 +472,7 @@ private func workModelLookupKeys(_ raw: String?) -> [String] {
     }
   }
 
+  append(trimmed)
   if let registryId = workCanonicalClaudeRegistryId(for: trimmed) {
     append(registryId)
   }
@@ -484,7 +485,6 @@ private func workModelLookupKeys(_ raw: String?) -> [String] {
   if let runtimeId = workCodexRuntimeModelId(for: trimmed) {
     append(runtimeId)
   }
-  append(trimmed)
   if trimmed.lowercased().hasPrefix("openai/") {
     append(String(trimmed.dropFirst("openai/".count)))
   }