fix: warn and cleanup secrets when resetting encryption key#77
Closed
eyelock wants to merge 1 commit into
Closed
Conversation
When resetting the encryption key, existing SECRETS in environment variables become unreadable but were not being cleared, leaving orphaned secret metadata in both Global and Terminal settings. This fix adds: - Detection of secrets before showing reset confirmation - Enhanced warning dialog that shows count of affected secrets (both global and terminal-specific) - Automatic cleanup of all secret environment variables from Global and all Terminal cards when user proceeds with reset - User can cancel to abort the operation with no changes The warning message dynamically shows: - Number of global secrets that will be removed - Number of terminal secrets that will be removed - Total count - Clear explanation that secrets are unrecoverable Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
eyelock
pushed a commit
that referenced
this pull request
Jan 26, 2026
Enhances the encryption key reset confirmation dialog to show exact counts of secrets that will be deleted (global and terminal). When secrets exist: - "This will permanently delete 2 global secrets and 3 terminal secrets (5 total)..." When no secrets exist: - Shows standard confirmation message Integrates with PR #86's cleanup architecture while adding improved UX from PR #77. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Owner
Author
eyelock
added a commit
that referenced
this pull request
Jan 26, 2026
* feat(cli): Add separate debug binaries for TermQDebug.app testing Creates termqclid and termqmcpd binaries that default to using the debug bundle ID (net.eyelock.termq.app.debug) and debug data directory (TermQ-Debug). This enables proper testing of TermQDebug.app via CLI without needing to manually specify --debug flags or having commands sent to the production app. Changes: - Add TERMQ_DEBUG_BUILD compile flag support to CLI and MCP server - Create termqBundleIdentifier() helper to return appropriate bundle ID - Build debug binaries with separate build directory to avoid contamination - Install debug binaries to TermQDebug.app/Contents/Resources/ - Update shouldUseDebugMode() to force debug mode when flag is set Resolves CLI delete command not working with TermQDebug.app during Phase 4 testing. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * docs: Document debug CLI/MCP binaries in CONTRIBUTING.md * feat: Show secret counts in encryption key reset warning Enhances the encryption key reset confirmation dialog to show exact counts of secrets that will be deleted (global and terminal). When secrets exist: - "This will permanently delete 2 global secrets and 3 terminal secrets (5 total)..." When no secrets exist: - Shows standard confirmation message Integrates with PR #86's cleanup architecture while adding improved UX from PR #77. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: David Collie <support@eyelock.net> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes a bug where resetting the encryption key would leave orphaned secret environment variables in both Global and Terminal settings.
Changes
Test Plan
Manual Testing Required
Setup:
Test Case 1: Reset with secrets present
Test Case 2: Reset with secrets and proceed
Test Case 3: Reset with no secrets
Screenshots
Please add screenshots of the warning dialog showing secret counts
🤖 Generated with Claude Code