[DB-29] added IPC methods for secretsManager

[nafees87n]

Summary by CodeRabbit

• New Features

  • Consolidated secrets manager API offering unified initialization, provider management, connection testing, secret retrieval, and refresh operations.
  • Added provider change notification subscriptions for real-time updates.

• Refactor

  • Updated IPC channel naming conventions for improved consistency in secrets manager communications.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[linear]

DB-29 IPC layer for secrets manager

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

Walkthrough

The PR introduces a functional API layer for secrets management by creating a new index.ts file that exports 10 public functions (initSecretsManager, subscribeToProvidersChange, setSecretProviderConfig, getSecretValue, etc.) wrapping an underlying SecretsManager singleton. The main/events.js file is refactored to import and use these functions instead of directly instantiating concrete classes. IPC channel handlers are updated to follow a "secretsManager:\*" naming convention and delegate to the corresponding exported functions. The public getSecretsManager() helper is removed from secretsManager.ts, and a type adjustment is made in SecretsManagerEncryptedStorage to treat stored data as a Record map structure.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: introducing IPC methods for the secretsManager module, which aligns with the primary file changes in src/main/events.js that wire up IPC handlers.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ipc-layer

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nafees87n]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@src/lib/secretsManager/index.ts`:
- Around line 7-12: The current getSecretsManager function returns null when
SecretsManager.isInitialized() is false, causing NPEs elsewhere; change
getSecretsManager to throw a clear, descriptive Error (e.g., "SecretsManager not
initialized - call init first") instead of returning null so callers like
getSecretsManager().onProvidersChange(...) fail fast; update any docs/comments
if needed and keep the checks around SecretsManager.isInitialized(),
SecretsManager.getInstance(), and calls to onProvidersChange/getSecret etc. to
reflect this contract.
- Line 23: Remove the temporary debug logging call console.log("!!!debug",
"secretsManager initialized") from src/lib/secretsManager/index.ts; either
delete that line or replace it with the project's proper logger (e.g.,
processLogger.debug or similar) consistent with surrounding logging conventions
so no stray debug output remains.

In `@src/main/events.js`:
- Around line 289-296: subscribeToProvidersChange's unsubscribe function is
being discarded, causing duplicate subscriptions; capture the unsubscribe
returned by subscribeToProvidersChange inside the ipcMain.handle for
"secretsManager:subscribeToProvidersChange" and return it to the renderer so it
can call it to remove the listener (i.e., const unsubscribe =
subscribeToProvidersChange(...); return () => unsubscribe()). Alternatively, if
you prefer a singleton subscription, store the unsubscribe in a module-scoped
variable (e.g., currentProvidersUnsub) and reuse/replace it when ipcMain.handle
is invoked to prevent multiple subscriptions; references:
ipcMain.handle("secretsManager:subscribeToProvidersChange"),
subscribeToProvidersChange, webAppWindow.webContents.send, and the
"secretsManager:providersChanged" channel.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Returning null as any causes silent runtime crashes.

When SecretsManager.isInitialized() returns false, this function returns null cast to SecretsManager. All exported functions then call methods on this null value (e.g., getSecretsManager().onProvidersChange(callback)), causing NPEs at runtime with confusing error messages.

Consider throwing an explicit error to fail fast with a clear message:

🐛 Proposed fix

 const getSecretsManager = (): SecretsManager => {
   if (!SecretsManager.isInitialized()) {
-    return null as any;
+    throw new Error("SecretsManager is not initialized. Call initSecretsManager() first.");
   }
   return SecretsManager.getInstance();
 };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const getSecretsManager = (): SecretsManager => {
	if (!SecretsManager.isInitialized()) {
	return null as any;
	}
	return SecretsManager.getInstance();
	};
	const getSecretsManager = (): SecretsManager => {
	if (!SecretsManager.isInitialized()) {
	throw new Error("SecretsManager is not initialized. Call initSecretsManager() first.");
	}
	return SecretsManager.getInstance();
	};

🤖 Prompt for AI Agents

In `@src/lib/secretsManager/index.ts` around lines 7 - 12, The current
getSecretsManager function returns null when SecretsManager.isInitialized() is
false, causing NPEs elsewhere; change getSecretsManager to throw a clear,
descriptive Error (e.g., "SecretsManager not initialized - call init first")
instead of returning null so callers like
getSecretsManager().onProvidersChange(...) fail fast; update any docs/comments
if needed and keep the checks around SecretsManager.isInitialized(),
SecretsManager.getInstance(), and calls to onProvidersChange/getSecret etc. to
reflect this contract.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove debug logging artifact.

The "!!!debug" prefix indicates this was temporary debugging output and should be removed before merging.

🧹 Proposed fix

   await SecretsManager.initialize(registry);
-  console.log("!!!debug", "secretsManager initialized");

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	console.log("!!!debug", "secretsManager initialized");
	await SecretsManager.initialize(registry);

🤖 Prompt for AI Agents

In `@src/lib/secretsManager/index.ts` at line 23, Remove the temporary debug
logging call console.log("!!!debug", "secretsManager initialized") from
src/lib/secretsManager/index.ts; either delete that line or replace it with the
project's proper logger (e.g., processLogger.debug or similar) consistent with
surrounding logging conventions so no stray debug output remains.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Unsubscribe callback is discarded, risking duplicate subscriptions and memory leaks.

subscribeToProvidersChange() returns an unsubscribe function, but it's not being returned or stored. If the renderer calls this IPC handler multiple times, each call creates a new subscription without a way to clean up the previous ones.

Consider either:

1. Tracking subscription state to prevent duplicates, or
2. Returning the unsubscribe mechanism to the renderer

🔧 Proposed fix (option 1: singleton subscription)

+let providersChangeUnsubscribe = null;
+
 ipcMain.handle("secretsManager:subscribeToProvidersChange", () => {
+  // Prevent duplicate subscriptions
+  if (providersChangeUnsubscribe) {
+    return;
+  }
-  subscribeToProvidersChange((providers) => {
+  providersChangeUnsubscribe = subscribeToProvidersChange((providers) => {
     webAppWindow?.webContents.send(
       "secretsManager:providersChanged",
       providers
     );
   });
 });

🤖 Prompt for AI Agents

In `@src/main/events.js` around lines 289 - 296, subscribeToProvidersChange's
unsubscribe function is being discarded, causing duplicate subscriptions;
capture the unsubscribe returned by subscribeToProvidersChange inside the
ipcMain.handle for "secretsManager:subscribeToProvidersChange" and return it to
the renderer so it can call it to remove the listener (i.e., const unsubscribe =
subscribeToProvidersChange(...); return () => unsubscribe()). Alternatively, if
you prefer a singleton subscription, store the unsubscribe in a module-scoped
variable (e.g., currentProvidersUnsub) and reuse/replace it when ipcMain.handle
is invoked to prevent multiple subscriptions; references:
ipcMain.handle("secretsManager:subscribeToProvidersChange"),
subscribeToProvidersChange, webAppWindow.webContents.send, and the
"secretsManager:providersChanged" channel.