Skip to main content

updateStrategyCodeWithPassphrase

Strict / airgapped strictness only. Re-encrypts the supplied code under a freshly-derived KEK and persists it. The dashboard's Save flow (T1.4 PR-5) calls this after re-prompting the user with StrictModeUnlockModal(intent='save').

Same strictness gating as decryptStrategyOnce: convenience and standard mode orgs use the existing updateStrategy mutation.

Audit event: secrets.passphrase.encrypt_with_action.

Scope: code-only for now (matching DecryptedStrategy). Updating encrypted Config / UIBuilderConfig / Analysis follows once the typed-struct decrypt path lands.

updateStrategyCodeWithPassphrase(
strategyID: ID!
code: String!
passphrase: String!
): Strategy!

Arguments

updateStrategyCodeWithPassphrase.strategyID ● ID! non-null scalar

Strategy ID to update.

updateStrategyCodeWithPassphrase.code ● String! non-null scalar

New plaintext code. Encrypted in-process via peraction.EncryptOnce.

updateStrategyCodeWithPassphrase.passphrase ● String! non-null scalar

Plaintext passphrase. Never logged. Zeroed after the operation.

Type

Strategy object