[BUG] Instructions got overwritten when authentication against Entra failed

[OskarKlintrot]

Describe the bug

I tried apm install to see if it was possible to login via Entra (should be, but I can't get it to work). I then got this error:

Content hash mismatch for myorg/tools/github-copilot-agent-skills/.apm/instructions/code-style.instructions.md: expected sha256:56910c2b44953d355ae1f48d99e8ae383936cca446f52f1010c27ba275684a27, got
sha256:63505c9f2904cfc8c3005df1a23025e176ec9481f171b868575d91a4f3eaba6a. The downloaded content differs from the lockfile record. This may indicate a supply-chain attack. Use 'apm install --update' to accept new content and update the
lockfile.

So I run apm install --update instead and it didn't exactly go as expected:

To Reproduce
Steps to reproduce the behavior:

1. Have a private repo from Azure DevOps as dependency in apm.yaml.
2. Don't have a PAT available in $ENV
3. apm install --update

Expected behavior
Tell me you can't login. Or better, login.

Environment (please complete the following information):

• OS: Windows
• Python Version: idk
• APM Version: 0.10.0
• VSCode Version (if relevant):

Logs

Additional context

[github-actions]

Triage decision

accept

Proposed labels

theme/security
area/lockfile
area/enterprise
area/content-security
type/bug
status/accepted
priority/high

Milestone

0.10.1

Suggested next action

In the --update install pipeline, add an explicit auth-failure guard: if authentication against any configured host fails, abort all file write operations and exit with an error before any local file is overwritten or any lockfile entry is updated.

Suggested issue comment

Thanks for the detailed report, OskarKlintrot -- including the screenshot makes the failure mode very clear. This is a real bug and a serious one.

**What should happen:** `apm install --update` against a private ADO repo (Entra auth) should detect the auth failure and abort with a clear error message before touching any local files or updating the lockfile. No instruction file should be overwritten if the source cannot be authenticated and verified.

**What is happening:** When auth against Entra fails, the install pipeline appears to continue into the update path and overwrites local instruction files -- potentially with empty content or content fetched without proper credentials. The lockfile is then updated to match, recording a hash that does not correspond to the original trusted content.

**Why this matters:** The error message you saw ("Content hash mismatch... may indicate a supply-chain attack. Use `apm install --update`") is directing users into a state where `--update` can destroy locally-curated content when auth is broken. This is exactly backwards from the safety contract.

**Immediate workaround:** Do NOT run `apm install --update` while ADO/Entra auth is unavailable. If you have already overwritten files, restore them from git (`git checkout -- <path>`). To verify what was changed: `git diff`.

**Fix scope:** The install pipeline needs an explicit pre-flight auth check for all remote hosts before any file operations begin. If auth fails for any host, the command must abort with a descriptive error and zero file writes.

This is targeted for 0.10.1. If you can share the log output (redacted) from the failed `--update` run, it will help pin down exactly where the pipeline proceeds past the auth failure -- that detail is the fastest path to a fix.

Per-lens notes (collapsed)

DevX UX Expert -- User-Need Reviewer

This is the worst class of UX failure: the recovery action recommended by the error message (apm install --update) causes data loss. The mental model contract for --update is "safely accept new verified content from the upstream." The actual behavior (overwriting on auth failure) breaks that contract silently -- the user does not know their files have been replaced until they notice the content is wrong. The fix must also improve the error message: when auth fails, the error should say "auth failed, no files were changed" rather than leaving the user to discover data loss after the fact.

Supply Chain Security Expert -- Risk-Surface Reviewer

theme/security is required. The bug creates a supply-chain-adjacent failure mode: if Entra auth fails and APM falls back to fetching from an unauthenticated or wrong source, or fetches nothing (empty content), and then records the hash of that wrong content in the lockfile, the lockfile no longer reflects the trusted content baseline. Subsequent apm install runs will see the new hash as "correct" and not flag the overwrite. This breaks the lockfile integrity guarantee. The root cause may be related to the known broad except Exception catch in pipeline.py (which wraps auth errors as RuntimeError) allowing the pipeline to proceed past auth failure. All three affected areas -- area/lockfile, area/enterprise, area/content-security -- are correctly scoped.

OSS Growth Hacker -- Contributor-Tone Reviewer

NONE-association first-time contributor on Windows with ADO/Entra integration. The screenshot and clear reproduction steps show this is an engaged user. The reply must immediately validate the severity (do not downplay), provide a safe workaround (restore from git), and give a concrete timeline signal (0.10.1). The warning to NOT run --update again while auth is broken is critical -- it prevents further data loss while the fix lands.

Python Architect -- Architecture Reviewer

The root cause is likely in src/apm_cli/install/pipeline.py: the broad except Exception catch that wraps errors as RuntimeError may be swallowing auth exceptions and allowing the update phase to proceed. Per repo memory, PolicyViolationError and DirectDependencyError are explicitly re-raised before the catch-all, but auth failures may not be. The fix pattern is clear: add AuthenticationError (or equivalent) to the re-raise list before the broad catch, and add an explicit pre-flight host-reachability and auth check at the start of the --update path. This is feasible without architectural redesign -- it is a targeted addition to the existing exception routing, not a needs-design situation.

Doc Writer -- Documentation Reviewer

The implementing PR should add a brief note to the apm install --update docs clarifying the safety contract: "If authentication fails for any dependency host, the command aborts and no local files are modified." This prevents future users from being misled by the current behavior. area/docs-site is a secondary label; the primary fix is behavioral.

APM CEO -- Triage Arbiter

Data loss caused by the recovery action described in our own error message is a critical trust failure. Users who follow APM's instructions should not lose locally-curated content. Priority/high, milestone 0.10.1. The fix is bounded (pre-flight auth check + exception routing in pipeline.py) and does not require a design decision. The security story around lockfile integrity is sound in the design but broken in the auth-failure edge case -- this fix closes that gap. Ship fast.

{
  "decision": "accept",
  "decision_detail": "",
  "theme": "theme/security",
  "areas": ["area/lockfile", "area/enterprise", "area/content-security"],
  "type": "type/bug",
  "status": "status/accepted",
  "priority": "priority/high",
  "preserved_labels": [],
  "milestone": "0.10.1",
  "next_action": "Add an explicit auth-failure guard in the --update install pipeline: abort all file write operations and exit with an error before any local file is overwritten if authentication against any configured host fails.",
  "comment_markdown": "Thanks for the detailed report, OskarKlintrot -- including the screenshot makes the failure mode very clear. This is a real bug and a serious one.\n\n**What should happen:** `apm install --update` against a private ADO repo (Entra auth) should detect the auth failure and abort with a clear error message before touching any local files or updating the lockfile.\n\n**What is happening:** When auth against Entra fails, the install pipeline continues into the update path and overwrites local instruction files. The lockfile is then updated to match, recording a hash that does not correspond to the original trusted content.\n\n**Immediate workaround:** Do NOT run `apm install --update` while ADO/Entra auth is unavailable. If you have already overwritten files, restore them from git (`git checkout -- <path>`).\n\n**Fix scope:** The install pipeline needs an explicit pre-flight auth check for all remote hosts before any file operations begin. If auth fails for any host, the command aborts with zero file writes.\n\nThis is targeted for 0.10.1."
}

---

Triage status: agentic proposal pending human ratification.
Silence is approval. Maintainers can:

• Override any label or milestone above by editing it directly --
  human edits are authoritative and will not be reverted on
  subsequent runs.
• Re-trigger triage by applying the status/needs-triage label, or
  by removing status/triaged to enroll the issue in the next
  daily sweep.

Posted by the Triage Panel workflow. See .apm/skills/apm-triage-panel for the panel skill.

Generated by Triage Panel · ● 1.7M · ◷