fix(colibri-vault): harden bw interaction — server-match fail-closed + serialize + note-key validation #100

Merged

clawdie merged 1 commit from fix/colibri-vault-bw-hardening into main

2026-06-20 09:00:53 +02:00

Author	SHA1	Message	Date
Sam & Claude	37b00525ca	fix(colibri-vault): harden bw interaction — server-match fail-closed + serialize + validate note keys Some checks failed CI / rust (pull_request) Has been cancelled Details CI / markdown (pull_request) Has been cancelled Details Bring the daemon's provisioning path to parity with (and ahead of) the clawdie-vault-fetch shell helper (#69): - BW_SERVER: tolerate 'logout required/already configured' ONLY when the already-configured server matches the expected endpoint; else fail closed (new VaultError::ServerMismatch). Fixes repeat-provision failure AND prevents a stale login fetching from the wrong Bitwarden host. - Serialize the whole login→unlock→fetch→lock via a process-wide async Mutex — bw keeps process-global state, so concurrent provisions could race (closes #95). - Validate secure-note KEYs with validate_key too (login items were already validated; notes wrote raw KEY=VALUE). Tests: cargo build/test -p colibri-vault (7 pass), cargo fmt --check clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-20 08:30:07 +02:00

Author

SHA1

Message

Date

Sam & Claude

37b00525ca

fix(colibri-vault): harden bw interaction — server-match fail-closed + serialize + validate note keys

CI / rust (pull_request) Has been cancelled

Details

CI / markdown (pull_request) Has been cancelled

Details

Bring the daemon's provisioning path to parity with (and ahead of) the
clawdie-vault-fetch shell helper (#69):

- BW_SERVER: tolerate 'logout required/already configured' ONLY when the
  already-configured server matches the expected endpoint; else fail closed
  (new VaultError::ServerMismatch). Fixes repeat-provision failure AND prevents
  a stale login fetching from the wrong Bitwarden host.
- Serialize the whole login→unlock→fetch→lock via a process-wide async Mutex —
  bw keeps process-global state, so concurrent provisions could race (closes #95).
- Validate secure-note KEYs with validate_key too (login items were already
  validated; notes wrote raw KEY=VALUE).

Tests: cargo build/test -p colibri-vault (7 pass), cargo fmt --check clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-20 08:30:07 +02:00