Audit: surface silent .ipa import copy failure#56
Merged
Conversation
Audit follow-up. The recently added security-scope copy of an imported .ipa logged copy failures but showed nothing to the user, so a failed import looked like a no-op. Mirror the adjacent pairing-file failure path: show a 'Failed to import app.' toast with the underlying error. Satisfies the never-swallow-errors rule (log domain+code AND set a visible error state). https://claude.ai/code/session_01PT8zpkUrgTRaGeKmbvVyNe
Contributor
|
Download the artifacts for this pull request (nightly.link): |
Contributor
|
Builds for this Pull Request are available at |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Broad bug audit of the app and this session's recently merged work. The codebase is already heavily audited; the sweep confirmed the risk areas are sound and found one real gap, now fixed.
Type of change
Changes
.ipaimport copy failure — the recently added security-scope copy of a shared.ipa(SceneDelegate) logged copy failures but showed nothing to the user, so a failed import looked like a no-op. It now shows a "Failed to import app." toast with the underlying error, mirroring the pairing-file failure path right beside it. Satisfies the never-swallow-errors rule (log domain+code and set a visible error state).Audit notes (verified clean, no change needed)
AltStore+AltStoreCore:try!/as!/.first!/removeFirst/removeLast/DispatchQueue.main.sync/fatalError— all guarded or unreachable.UpdatesView.updateQueue.removeFirst()is guarded by theupdateQueue.firstentry check and anisEmptyguard in the async completion;URL+NormalizedremoveLast/removeFirst(4)are prefix/suffix-guarded;ResignAppOperation'sDispatchQueue.main.syncis gated on!Thread.isMainThread.NotificationCenterobservers: none captureselfstrongly without[weak self]..sheet(item:)preview,AppIconImageViewshadow/luminosity override (does not collide with any external background set), cert-serial-mismatch refresh guard, and the Cache Management screen (Swift 6.2 concurrency is sound; the internal-cache delete is a faithful upstream port whose destructive warning is accurate —InstalledApp.fileURLdoes live underappsDirectoryURL/<bundleID>).BackgroundTaskManager.initusesfatalErroron the audio-file catch; left as-is (unreachable for the bundled, validSilence.m4a, and the audio engine is load-bearing for the keep-alive per regression-watch — restructuring it for a dead path adds more risk than value).Testing
Build and upload MiniStoreis the compile check. The change reuses the existingToastViewpattern already used for pairing-file failures in the same file.Checklist
develop(nevermain)CLAUDE.md🤖 Generated with Claude Code
Generated by Claude Code