fix: harden subagent auth against keychain contention (#862)

2026-02-07 19:55:09 -08:00
parent 5e654f3daa
commit 6727cd923d
3 changed files with 23 additions and 16 deletions
--- a/src/utils/secrets.ts
+++ b/src/utils/secrets.ts
@@ -218,21 +218,11 @@ export async function isKeychainAvailable(): Promise<boolean> {
  }

  try {
-    // Try to set and delete a test value
-    const testName = "test-availability";
-    const testValue = "test";
-
-    await secrets.set({
+    // Non-mutating probe: if this call succeeds (even with null), keychain is usable.
+    await secrets.get({
      service: SERVICE_NAME,
-      name: testName,
-      value: testValue,
+      name: API_KEY_NAME,
    });
-
-    await secrets.delete({
-      service: SERVICE_NAME,
-      name: testName,
-    });
-
    return true;
  } catch {
    return false;