docs: ADR 0006 + changelog + architecture for OAuth keychain (#82) #87

Merged

maximus merged 1 commit from issue-82-wrap-up into main

2026-04-14 12:28:08 +00:00

Author	SHA1	Message	Date
le king fu	65bc7f5130	docs: ADR 0006 + changelog + architecture for OAuth keychain (#82 ) All checks were successful PR Check / rust (push) Successful in 22m44s Details PR Check / frontend (push) Successful in 2m19s Details PR Check / rust (pull_request) Successful in 22m25s Details PR Check / frontend (pull_request) Successful in 2m19s Details - New ADR-0006 documenting the OS keychain migration: context, options considered (keyring vs stronghold vs AES-from-PIN), the backend choice rationale (sync-secret-service vs async-secret- service), anti-downgrade design, migration semantics, and the subscription-tampering fix via account_cache. - architecture.md updated: new token_store / account_cache module entries, auth_commands descriptions now point at the keychain- backed API, OAuth2 + deep-link flow diagram mentions the HMAC step, command count bumped to 35. - CHANGELOG.md + CHANGELOG.fr.md under Unreleased: - Changed: tokens moved to keychain with transparent migration and Settings banner on fallback. - Changed: account cache is now HMAC-signed. - Security: CWE-312 and CWE-345 explicitly closed. Manual test matrix (pop-os + Windows) is tracked in issue #82 and will be run by the release gatekeeper before the next tag. Refs #66, #78, #79, #80, #81 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 08:26:21 -04:00

Author

SHA1

Message

Date

le king fu

65bc7f5130

docs: ADR 0006 + changelog + architecture for OAuth keychain (#82 )

PR Check / rust (push) Successful in 22m44s

Details

PR Check / frontend (push) Successful in 2m19s

Details

PR Check / rust (pull_request) Successful in 22m25s

Details

PR Check / frontend (pull_request) Successful in 2m19s

Details

- New ADR-0006 documenting the OS keychain migration: context,
  options considered (keyring vs stronghold vs AES-from-PIN), the
  backend choice rationale (sync-secret-service vs async-secret-
  service), anti-downgrade design, migration semantics, and the
  subscription-tampering fix via account_cache.
- architecture.md updated: new token_store / account_cache module
  entries, auth_commands descriptions now point at the keychain-
  backed API, OAuth2 + deep-link flow diagram mentions the HMAC
  step, command count bumped to 35.
- CHANGELOG.md + CHANGELOG.fr.md under Unreleased:
  - Changed: tokens moved to keychain with transparent migration
    and Settings banner on fallback.
  - Changed: account cache is now HMAC-signed.
  - Security: CWE-312 and CWE-345 explicitly closed.

Manual test matrix (pop-os + Windows) is tracked in issue #82 and
will be run by the release gatekeeper before the next tag.

Refs #66, #78, #79, #80, #81

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-14 08:26:21 -04:00