# Phase 5 - Desktop Profile Management Contract

Status: completed  
Date: 2026-04-18  
Target: `WepAppOpusApiDesktop`

## 1) Objective

Lock and implement profile-management contract at IPC boundary, aligned with Phase 5 API-style behavior:
1. list
2. get by id
3. create
4. update
5. delete
6. set default

## 2) Core implementation

## 2.1 Repository/Service

Repository expanded:
1. profile lookup with name conflict checks (`getProfileByNameExcludingId`)
2. explicit `createProfile` and `updateProfileById`
3. default control helpers (`setDefaultProfile`, `unsetDefaultProfile`)

Service expanded:
1. `getTokenProfileById`
2. `createTokenProfile`
3. `updateTokenProfile`
4. backward-compatible `saveTokenProfile` now routes to create/update logic

Validation and errors:
1. profile/source/account payload validations preserved
2. service errors now carry stable `code` values (`PROFILE_NOT_FOUND`, `PROFILE_NAME_CONFLICT`, etc.)

## 2.2 IPC contract channels (API-style response)

Added contract channels returning fixed shape:
1. `auth:list-token-profiles-contract`
2. `auth:get-token-profile`
3. `auth:create-token-profile`
4. `auth:update-token-profile`
5. `auth:delete-token-profile-contract`
6. `auth:set-default-token-profile-contract`

Response format:
1. success: `{ ok: true, ...payload }`
2. failure: `{ ok: false, error, errorCode }`

Legacy channels kept for compatibility:
1. `auth:list-token-profiles`
2. `auth:save-token-profile`
3. `auth:delete-token-profile`
4. `auth:set-default-token-profile`

## 2.3 Runtime migration safety

Existing profile data remains usable:
1. legacy encrypted token column still readable
2. source/account tables are used as primary source
3. no breaking change for current Settings UI flow

## 3) Verification

Commands executed:
1. `npm run lint`
2. `npm run test`
3. `npm run build:renderer`
4. `npm run build:win`

Result:
1. all checks passed
2. Windows artifacts generated (`nsis`, `portable`)
