From ff68fab0aa2a6294daae9401f3610a7b4f80ddc2 Mon Sep 17 00:00:00 2001 From: Johannes Millan Date: Tue, 30 Jun 2026 13:39:59 +0200 Subject: [PATCH] docs(plugins): correct misleading secret-purge orphan comment The uninstall purge comment claimed orphaned credentials are cleared 'until a later purge', but no reconcile exists: once the plugin is gone from the registry, removeSecretsForPlugin/clearOAuthTokens are never re-triggered for it. On an IndexedDB failure the secret/token orphans on disk until the same plugin id is reinstalled and removed again. Reword the comment to state this honestly. Reported by @sbomsdorf in review of #8633. --- src/app/plugins/plugin.service.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/app/plugins/plugin.service.ts b/src/app/plugins/plugin.service.ts index fcf4e18144..4c2a08340b 100644 --- a/src/app/plugins/plugin.service.ts +++ b/src/app/plugins/plugin.service.ts @@ -1639,8 +1639,9 @@ export class PluginService implements OnDestroy { // Purge local-only credentials (secrets + OAuth tokens) FIRST so they // never outlive their plugin — even if a later cleanup step throws. - // Best-effort: a purge failure is logged but must not abort the uninstall - // (on IndexedDB failure the credentials orphan locally until a later purge). + // Best-effort: a purge failure is logged but must not abort the uninstall. + // There is no later reconcile, so on IndexedDB failure the credentials + // orphan on disk until the same plugin id is reinstalled and removed again. try { await this._pluginSecretService.removeSecretsForPlugin(pluginId); } catch (error) {