Skip to content

fix(envfactory): reject primary mobile key absent from mobileKeys[]#728

Merged
aaron-zeisler merged 1 commit into
feat/concurrent-keysfrom
aaronz/reject-primary-mobile-not-in-array
Jun 30, 2026
Merged

fix(envfactory): reject primary mobile key absent from mobileKeys[]#728
aaron-zeisler merged 1 commit into
feat/concurrent-keysfrom
aaronz/reject-primary-mobile-not-in-array

Conversation

@aaron-zeisler

@aaron-zeisler aaron-zeisler commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Note

Stacked PR — splitting #724 (review/merge bottom-up):

  1. fix(envfactory): reject primary mobile key absent from mobileKeys[] #728 (this PR) — reject primary mobile key absent from mobileKeys[]
  2. refactor(credential): carry wire key identifiers through the accepted set #729 — carry wire key identifiers through the accepted set
  3. feat(credential): expose the full accepted key set via AcceptedKeys #730 — expose the full accepted key set via AcceptedKeys
  4. feat(status): surface full sdkKeys[]/mobileKeys[] arrays on /status #731 — surface sdkKeys[] / mobileKeys[] on /status

Base of the stack (off feat/concurrent-keys); every PR above builds on it.

Summary

Reject a defined primary mobile key (the wire's mobKey) that is absent from mobileKeys[], mirroring the existing anchor-not-in-array invariant.

This is the base of the stack that splits #724. It is a small, self-contained correctness fix, but the feature PRs above depend on it: the per-entry primary-mobile designation introduced in #729 and this validation are two halves of one change, so they travel together in the stack.

Background

BuildAcceptedSet already rejects a defined anchor SDK key absent from sdkKeys[] (NewAnchorNotInSetError). The primary mobile key had no equivalent guard: a defined mobKey missing from mobileKeys[] would be silently left undesignated, clearing the primary on reconcile and breaking event forwarding.

Changes

  • Add NewPrimaryMobileKeyNotInSetError and document the new case on MalformedCredentialSetError.
  • Add a primaryMobileInArray check to BuildAcceptedSet.
  • Add TestBuildAcceptedSet_PrimaryMobileNotInArray.

A defined primary mobile key (the wire's mobKey) that is not present in
mobileKeys[] is structurally malformed — the mobile-key analogue of the
existing anchor-not-in-array invariant. Without this guard the primary
would be silently left undesignated, clearing it on reconcile and
breaking event forwarding.

Add NewPrimaryMobileKeyNotInSetError and a primaryMobileInArray check to
BuildAcceptedSet, and document the new case on MalformedCredentialSetError.
@aaron-zeisler aaron-zeisler merged commit 7f3c0c4 into feat/concurrent-keys Jun 30, 2026
19 checks passed
@aaron-zeisler aaron-zeisler deleted the aaronz/reject-primary-mobile-not-in-array branch June 30, 2026 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants