Skip to content

[AGE-2944] fix(frontend): add defensive checks for missing projectId in vault API calls#3634

Merged
bekossy merged 6 commits intorelease/v0.85.3from
fix/vault-api-missing-project-id
Feb 10, 2026
Merged

[AGE-2944] fix(frontend): add defensive checks for missing projectId in vault API calls#3634
bekossy merged 6 commits intorelease/v0.85.3from
fix/vault-api-missing-project-id

Conversation

@mmabrouk
Copy link
Member

@mmabrouk mmabrouk commented Feb 5, 2026
edited by devin-ai-integration bot
Loading

Summary

  • Adds defensive checks to all vault API functions to prevent requests when projectId is missing
  • Returns early with safe defaults ([] for fetch, null for mutations) instead of making invalid requests with project_id=undefined
  • Adds console warnings to help debug when this edge case occurs

Changes

  • fetchVaultSecret: returns [] if no projectId
  • createVaultSecret: returns null if no projectId
  • updateVaultSecret: returns null if no projectId
  • deleteVaultSecret: returns null if no projectId

Closes AGE-2944

Open with Devin

@linear
Copy link

linear bot commented Feb 5, 2026

AGE-2944 Investigate fetching secrets without a project ID

@vercel
Copy link

vercel bot commented Feb 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agenta-documentation Ready Ready Preview, Comment Feb 10, 2026 4:17pm

Request Review

@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Feb 5, 2026
devin-ai-integration[bot]
devin-ai-integration bot reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

View 3 additional findings in Devin Review.

Open in Devin Review

@dosubot dosubot bot added the bug Something isn't working label Feb 5, 2026
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Feb 5, 2026
@junaway
Copy link
Contributor

junaway commented Feb 5, 2026

@mmabrouk -- there are conflicts
@ardaerzin -- we're been talking about these guards for about a year :D

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Feb 5, 2026
@ardaerzin
Copy link
Contributor

ardaerzin commented Feb 5, 2026

@mmabrouk -- there are conflicts @ardaerzin -- we're been talking about these guards for about a year :D

@jp it because we had the check for fetches already?

/**
 * Query atom for fetching vault secrets
 * Only enabled when user is authenticated and migration is complete
 */
export const vaultSecretsQueryAtom = atomWithQuery((get) => {
    const user = get(userAtom)
    const _migrationStatus = get(vaultMigrationAtom)
    const projectId = get(projectIdAtom)

    return {
        queryKey: ["vault", "secrets", user?.id, projectId],
        queryFn: fetchVaultSecret,
        staleTime: 1000 * 60 * 5, // 5 minutes
        refetchOnWindowFocus: false,
        refetchOnReconnect: false,
        refetchOnMount: true,
        enabled: !!user && !!projectId,
        //  && migrationStatus.migrated, // Only fetch when user exists and migration is done
    }
})

ardaerzin
ardaerzin reviewed Feb 5, 2026
View reviewed changes
ardaerzin
ardaerzin requested changes Feb 5, 2026
View reviewed changes
Copy link
Contributor

@ardaerzin ardaerzin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we already have the check for fetch.

instead of doing this, I'd remove this project id read in the fetch function, and pass this value from the query atom and fix the projectId accessor there if it is not working as expected there

@junaway junaway changed the base branch from main to release/v0.83.0 February 5, 2026 16:42
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Feb 5, 2026
@mmabrouk
Copy link
Member Author

mmabrouk commented Feb 5, 2026

@jp-agenta @ardaerzin Sorry guys! Was going over linear today closing things and I stumbled upon this one (the 401) so I asked the Agent whether it was fixed and it came up with this simple fix, os I just went ahead

@dosubot dosubot bot added size:XXL This PR changes 1000+ lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Feb 10, 2026
@bekossy bekossy changed the base branch from release/v0.83.0 to release/v0.85.3 February 10, 2026 16:03
@dosubot dosubot bot removed the size:XXL This PR changes 1000+ lines, ignoring generated files. label Feb 10, 2026
@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Feb 10, 2026
@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Feb 10, 2026
@bekossy bekossy requested a review from ardaerzin February 10, 2026 16:15
@bekossy bekossy merged commit 3c175b6 into release/v0.85.3 Feb 10, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@ardaerzin ardaerzin ardaerzin approved these changes

@bekossy bekossy bekossy approved these changes

Assignees

No one assigned

Labels

bug Something isn't working lgtm This PR has been approved by a maintainer size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mmabrouk @junaway @ardaerzin @bekossy