soulsync/core/credentials
BoulderBadgeDad d2a167ff5f Profiles: review fixes — close two gating gaps + reject whitespace secrets
Adversarial line-by-line review of the feature diff turned up:
- /api/database/update/stop was NOT @admin_only while its sibling start_update
  was — a non-admin could abort a library scan. Gated.
- /api/metadata-cache/evict was NOT gated while its clear siblings were. Gated.
- validate_credential_payload now treats whitespace-only values as missing, so
  a blank-but-spacey secret can't be saved to fail confusingly later.

Tests updated: both endpoints added to the admin-gating matrix; a whitespace-only
validation case added. 42 credential/gating tests pass.

Review also confirmed (no change needed): migration is idempotent + additive +
O(1); encryption round-trips with a non-dict guard; no SQL injection; stale
selections fall back to None safely; no secret ever returned to the browser;
the hybrid-drag index math is correct in both directions; the new resolver is
fully DORMANT (zero runtime callers) so existing client behaviour is untouched;
and @admin_only is a no-op for single-profile installs (default profile = admin).
2026-06-10 00:48:03 -07:00
..
__init__.py Profiles Phase 0: service-credential-sets foundation (data + resolver, dormant) 2026-06-10 00:27:48 -07:00
store.py Profiles: review fixes — close two gating gaps + reject whitespace secrets 2026-06-10 00:48:03 -07:00