fix: handle corrupted VSCode auth cache with automatic cleanup and recovery

[tingwai]

Description

[ What changed? Feel free to be brief. ]

AI Code Review

• Team members only: AI review runs automatically when PR is opened or marked ready for review
• Team members can also trigger a review by commenting @continue-review

Checklist

• [] I've read the contributing guide
• [] The relevant docs, if any, have been updated or created
• [] The relevant tests, if any, have been updated or created

Screen recording or screenshot

[ When applicable, please include a short screen recording or screenshot - this makes it much easier for us as contributors to review and understand your changes. See this PR as a good example. ]

Tests

[ What tests were added or updated to ensure the changes work as expected? ]

---

Summary by cubic

Detects and cleans up corrupted VSCode auth cache files so authentication can recover without manual intervention. Addresses Linear CON-4270 by improving error handling for session retrieval and login.

• Bug Fixes
  • SecretStorage: validate minimum data size, catch decryption errors, delete corrupted files, and return undefined to restart auth flow.
  • WorkOsAuthProvider: handle retrieval/parse failures, log with context, and return empty sessions instead of throwing.
  • Auth: switch login to async/await, log failures, and surface request errors to the caller.

[github-actions]

✅ Review Complete

Code Review Summary

⚠️ Continue configuration error. Please verify that the assistant exists in Continue Hub.

---

[cubic-dev-ai]

1 issue found across 3 files

Prompt for AI agents (all 1 issues)

Understand the root cause of the following 1 issues and fix them.


<file name="extensions/vscode/src/stubs/SecretStorage.ts">

<violation number="1" location="extensions/vscode/src/stubs/SecretStorage.ts:69">
Wrapping decrypt() in a broad try/catch and rethrowing a new Error discards the original stack trace, making future failures much harder to diagnose. Please rethrow the original error (or use ErrorOptions.cause) so callers retain full context.</violation>
</file>

_{React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.}

[cubic-dev-ai]

Wrapping decrypt() in a broad try/catch and rethrowing a new Error discards the original stack trace, making future failures much harder to diagnose. Please rethrow the original error (or use ErrorOptions.cause) so callers retain full context.

Prompt for AI agents

Address the following comment on extensions/vscode/src/stubs/SecretStorage.ts at line 69:

<comment>Wrapping decrypt() in a broad try/catch and rethrowing a new Error discards the original stack trace, making future failures much harder to diagnose. Please rethrow the original error (or use ErrorOptions.cause) so callers retain full context.</comment>

<file context>
@@ -59,31 +59,50 @@ export class SecretStorage {
+      // Validate minimum data size to detect corruption early
+      const minSize = this.saltLength + this.ivLength + this.tagLength;
+      if (data.length &lt; minSize) {
+        throw new Error(
+          `Corrupted cache file: insufficient data (${data.length} bytes, expected at least ${minSize})`,
+        );
</file context>

✅ Addressed in 21b987b

[sestinj]

🎉 This PR is included in version 1.24.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[sestinj]

🎉 This PR is included in version 1.28.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[sestinj]

🎉 This PR is included in version 1.2.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀