🩹 [Patch]: Enable Context Sharing Across PowerShell Processes and Runspaces (#88)

Copilot · MariusStorhaug · web-flow · commit 70410442ac24 · 2025-06-03T22:15:11.000+02:00
This release refactors context management to be entirely **disk-based**,
enabling robust context sharing and synchronization across scripts,
modules, jobs, and processes.

### Key Changes

* **Shared context vault:** Contexts are now stored and managed on disk.
All scripts, runspaces, and processes interact with the same set of
context files, ensuring that context data is always current and
consistent.
* **Improved support for parallelism:** Multiple PowerShell jobs or
sessions can safely create, update, or remove contexts simultaneously,
without risking stale or conflicting data.
* **Accurate tab completion:** Argument completers now enumerate context
IDs directly from disk, providing up-to-date options for tab completion.
* **Optimized metadata access:** Commands like `Get-ContextInfo` perform
quick metadata lookups by reading only the necessary file information,
improving performance.
* **Lean initialization:** The module no longer loads contexts into
memory on import, reducing resource usage and simplifying module
behavior.

### Impact for Integrators

* Modules and scripts can now rely on a single, shared context vault
across all PowerShell processes.
* There is no risk of working with outdated or inconsistent context
data.
* No changes are needed to existing command usage; standard commands
(`Get-Context`, `Set-Context`, etc.) will now always reflect the true
state on disk.
* These improvements make the module suitable for use in advanced
automation, CI/CD workflows, and other scenarios involving parallel or
distributed execution.

**This update ensures reliable, up-to-date context management for all
usage patterns, including concurrent and multi-process environments.**

### Core Changes

- **`Get-Context`**: Now reads and decrypts context files directly from
the vault directory each time called
- **`Get-ContextInfo`**: Reads only file metadata from disk without
decryption for fast queries
- **`Set-Context`**: No longer updates `$script:Contexts` memory cache,
writes only to disk
- **`Remove-Context`**: Scans disk files directly instead of iterating
memory cache
- **`Set-ContextVault`**: No longer auto-imports contexts into memory on
initialization
- **Argument completers**: Updated to enumerate context IDs from disk
for accurate tab completion

---------

Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: MariusStorhaug &lt;17722253+MariusStorhaug@users.noreply.github.com&gt;
Co-authored-by: Marius Storhaug &lt;marstor@hotmail.com&gt;
diff --git a/src/completers.ps1 b/src/completers.ps1
@@ -1,9 +1,9 @@
-﻿Register-ArgumentCompleter -CommandName 'Get-Context', 'Set-Context', 'Remove-Context', 'Rename-Context' -ParameterName 'ID' -ScriptBlock {
+﻿Register-ArgumentCompleter -CommandName ($script:PSModuleInfo.FunctionsToExport) -ParameterName 'ID' -ScriptBlock {
     param($commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameter)
     $null = $commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameter
 
-    $script:Contexts.Values.ID | Where-Object { $_ -like "$wordToComplete*" } |
-        ForEach-Object {
-            [System.Management.Automation.CompletionResult]::new($_, $_, 'ParameterValue', $_)
-        }
+    $contextInfos = Get-ContextInfo -ErrorAction SilentlyContinue -Verbose:$false -Debug:$false
+    $contextInfos | Where-Object { $_.ID -like "$wordToComplete*" } | ForEach-Object {
+        [System.Management.Automation.CompletionResult]::new($_.ID, $_.ID, 'ParameterValue', $_.ID)
+    }
 }
diff --git a/src/functions/private/Import-Context.ps1 b/src/functions/private/Import-Context.ps1
diff --git a/src/functions/private/Set-ContextVault.ps1 b/src/functions/private/Set-ContextVault.ps1
@@ -1,4 +1,4 @@
-﻿#Requires -Modules @{ ModuleName = 'Sodium'; RequiredVersion = '2.1.2' }
+﻿#Requires -Modules @{ ModuleName = 'Sodium'; RequiredVersion = '2.2.0' }
 
 function Set-ContextVault {
     <#
@@ -7,7 +7,7 @@ function Set-ContextVault {
 
         .DESCRIPTION
         Sets the context vault. If the vault does not exist, it will be initialized.
-        Once the context vault is set, it will be imported into memory.
+        Once the context vault is set, the keys will be prepared for use.
         The vault consists of multiple security shards, including a machine-specific shard,
         a user-specific shard, and a seed shard stored within the vault directory.
 
@@ -20,7 +20,7 @@ function Set-ContextVault {
         None.
 
         .NOTES
-        This function modifies the script-scoped configuration and imports the vault.
+        This function modifies the script-scoped configuration and prepares the vault for use.
 
         .LINK
         https://psmodule.io/Context/Functions/Set-ContextVault
@@ -59,7 +59,7 @@ function Set-ContextVault {
             $machineShard = [System.Environment]::MachineName
             $userShard = [System.Environment]::UserName
             #$userInputShard = Read-Host -Prompt 'Enter a seed shard' # Eventually 4 shards. +1 for user input.
-            $seed = $machineShard + $userShard + $seedShard + $userInputShard
+            $seed = $machineShard + $userShard + $seedShard # + $userInputShard
             $keys = New-SodiumKeyPair -Seed $seed
             $script:Config.PrivateKey = $keys.PrivateKey
             $script:Config.PublicKey = $keys.PublicKey
@@ -73,6 +73,5 @@ function Set-ContextVault {
 
     end {
         Write-Debug "[$stackPath] - End"
-        Import-Context
     }
 }
diff --git a/src/functions/public/Get-Context.ps1 b/src/functions/public/Get-Context.ps1
@@ -1,10 +1,12 @@
-﻿function Get-Context {
+﻿#Requires -Modules @{ ModuleName = 'Sodium'; RequiredVersion = '2.2.0' }
+
+function Get-Context {
     <#
         .SYNOPSIS
-        Retrieves a context from the in-memory context vault.
+        Retrieves a context from the context vault.
 
         .DESCRIPTION
-        Retrieves a context from the loaded contexts stored in memory.
+        Retrieves a context by reading and decrypting context files directly from the vault directory.
         If no ID is specified, all available contexts will be returned.
         Wildcards are supported to match multiple contexts.
 
@@ -42,7 +44,7 @@
         LoginTime         : 2/9/2025 10:45:11 AM
         ```
 
-        Retrieves all contexts from the context vault (in memory).
+        Retrieves all contexts from the context vault (directly from disk).
 
         .EXAMPLE
         Get-Context -ID 'MySecret'
@@ -68,7 +70,7 @@
         YourData  : {DataKey=DataValue}
         ```
 
-        Retrieves all contexts that start with 'My' from the context vault (in memory).
+        Retrieves all contexts that start with 'My' from the context vault (directly from disk).
 
         .OUTPUTS
         [System.Object]
@@ -106,7 +108,25 @@
         Write-Verbose "Retrieving contexts - ID: [$($ID -join ', ')]"
         foreach ($item in $ID) {
             Write-Verbose "Retrieving contexts - ID: [$item]"
-            $script:Contexts.Values | Where-Object { $_.ID -like $item } | Select-Object -ExpandProperty Context
+            # Read context files directly from disk instead of using in-memory cache
+            $contextFiles = Get-ChildItem -Path $script:Config.VaultPath -Filter *.json -File -Recurse
+            foreach ($file in $contextFiles) {
+                try {
+                    $contextInfo = Get-Content -Path $file.FullName | ConvertFrom-Json
+                    if ($contextInfo.ID -like $item) {
+                        # Decrypt and return the context
+                        $params = @{
+                            SealedBox  = $contextInfo.Context
+                            PublicKey  = $script:Config.PublicKey
+                            PrivateKey = $script:Config.PrivateKey
+                        }
+                        $contextObj = ConvertFrom-SodiumSealedBox @params
+                        ConvertFrom-ContextJson -JsonString $contextObj
+                    }
+                } catch {
+                    Write-Warning "Failed to read or decrypt context file: $($file.FullName). Error: $_"
+                }
+            }
         }
     }
 
diff --git a/src/functions/public/Get-ContextInfo.ps1 b/src/functions/public/Get-ContextInfo.ps1
@@ -1,12 +1,13 @@
 ﻿function Get-ContextInfo {
     <#
         .SYNOPSIS
-        Retrieves info about a context from the in-memory context vault.
+        Retrieves info about a context from the context vault.
 
         .DESCRIPTION
-        Retrieves info about context from the loaded contexts stored in memory.
+        Retrieves info about context files directly from the vault directory on disk.
         If no ID is specified, all available info on contexts will be returned.
         Wildcards are supported to match multiple contexts.
+        Only metadata (ID and Path) is returned without decrypting the context contents.
 
         .EXAMPLE
         Get-ContextInfo
@@ -29,7 +30,7 @@
         Path : ...\feacc853-5bea-48d1-b751-41ce9768d48e.json
         ```
 
-        Retrieves all contexts from the context vault (in memory).
+        Retrieves all contexts from the context vault (directly from disk).
 
         .EXAMPLE
         Get-ContextInfo -ID 'MySecret'
@@ -40,7 +41,7 @@
         Path : ...\3e223259-f242-4e97-91c8-f0fd054cfea7.json
         ```
 
-        Retrieves the context called 'MySecret' from the context vault (in memory).
+        Retrieves the context called 'MySecret' from the context vault (directly from disk).
 
         .EXAMPLE
         'My*' | Get-ContextInfo
@@ -57,7 +58,7 @@
         Path : .../b7c01dbe-bccd-4c7e-b075-c5aac1c43b1a.json
         ```
 
-        Retrieves all contexts that start with 'My' from the context vault (in memory).
+        Retrieves all contexts that start with 'My' from the context vault (directly from disk).
 
         .OUTPUTS
         [System.Object]
@@ -94,7 +95,22 @@
     process {
         Write-Verbose "Retrieving context info - ID: [$ID]"
         foreach ($item in $ID) {
-            $script:Contexts.Values | Where-Object { $_.ID -like $item } | Select-Object -ExcludeProperty Context
+            # Read context files directly from disk instead of using in-memory cache
+            $contextFiles = Get-ChildItem -Path $script:Config.VaultPath -Filter *.json -File -Recurse
+            foreach ($file in $contextFiles) {
+                try {
+                    $contextInfo = Get-Content -Path $file.FullName | ConvertFrom-Json
+                    if ($contextInfo.ID -like $item) {
+                        # Return only metadata (ID and Path), don't decrypt the Context property
+                        [PSCustomObject]@{
+                            ID   = $contextInfo.ID
+                            Path = $contextInfo.Path
+                        }
+                    }
+                } catch {
+                    Write-Warning "Failed to read context file: $($file.FullName). Error: $_"
+                }
+            }
         }
     }
 
diff --git a/src/functions/public/Remove-Context.ps1 b/src/functions/public/Remove-Context.ps1
@@ -98,18 +98,20 @@
     process {
         foreach ($item in $ID) {
             Write-Verbose "Processing ID [$item]"
-            $script:Contexts.Keys | Where-Object { $_ -like $item } | ForEach-Object {
-                Write-Verbose "Removing context [$_]"
-                if ($PSCmdlet.ShouldProcess($_, 'Remove secret')) {
-                    $script:Contexts[$_].Path | Remove-Item -Force
-
-                    Write-Verbose "Attempting to remove context: $_"
-                    [PSCustomObject]$removedItem = $null
-                    if ($script:Contexts.TryRemove($_, [ref]$removedItem)) {
-                        Write-Verbose "Removed item: $removedItem"
-                    } else {
-                        Write-Verbose 'Key not found'
+            # Find contexts by scanning disk files instead of using in-memory cache
+            $contextFiles = Get-ChildItem -Path $script:Config.VaultPath -Filter *.json -File -Recurse
+            foreach ($file in $contextFiles) {
+                try {
+                    $contextInfo = Get-Content -Path $file.FullName | ConvertFrom-Json
+                    if ($contextInfo.ID -like $item) {
+                        Write-Verbose "Removing context [$($contextInfo.ID)]"
+                        if ($PSCmdlet.ShouldProcess($contextInfo.ID, 'Remove secret')) {
+                            $file.FullName | Remove-Item -Force
+                            Write-Verbose "Removed context file: $($file.FullName)"
+                        }
                     }
+                } catch {
+                    Write-Warning "Failed to read context file: $($file.FullName). Error: $_"
                 }
             }
         }
diff --git a/src/functions/public/Set-Context.ps1 b/src/functions/public/Set-Context.ps1
@@ -1,4 +1,4 @@
-﻿#Requires -Modules @{ ModuleName = 'Sodium'; RequiredVersion = '2.1.2' }
+﻿#Requires -Modules @{ ModuleName = 'Sodium'; RequiredVersion = '2.2.0' }
 
 function Set-Context {
     <#
@@ -7,8 +7,8 @@ function Set-Context {
 
         .DESCRIPTION
         If the context does not exist, it will be created. If it already exists, it will be updated.
-        The context is cached in memory for faster access. This function ensures that the context
-        is securely stored using encryption mechanisms.
+        The context is securely stored on disk using encryption mechanisms.
+        Each context operation reads the current state from disk to ensure consistency across processes.
 
         .EXAMPLE
         Set-Context -ID 'PSModule.GitHub' -Context @{ Name = 'MySecret' }
@@ -84,16 +84,30 @@ function Set-Context {
             $ID = $Context.ID
         }
         if (-not $ID) {
-            throw "An ID is required, either as a parameter or as a property of the context object."
+            throw 'An ID is required, either as a parameter or as a property of the context object.'
         }
-        $existingContextInfo = $script:Contexts[$ID]
-        if (-not $existingContextInfo) {
+        $existingContextFile = $null
+        # Check if context already exists by scanning disk files
+        $contextFiles = Get-ChildItem -Path $script:Config.VaultPath -Filter *.json -File -Recurse
+        foreach ($file in $contextFiles) {
+            try {
+                $contextInfo = Get-Content -Path $file.FullName | ConvertFrom-Json
+                if ($contextInfo.ID -eq $ID) {
+                    $existingContextFile = $file
+                    $Path = $contextInfo.Path
+                    break
+                }
+            } catch {
+                Write-Warning "Failed to read context file: $($file.FullName). Error: $_"
+            }
+        }
+
+        if (-not $existingContextFile) {
             Write-Verbose "Context [$ID] not found in vault"
             $Guid = [Guid]::NewGuid().ToString()
             $Path = Join-Path -Path $script:Config.VaultPath -ChildPath "$Guid.json"
         } else {
             Write-Verbose "Context [$ID] found in vault"
-            $Path = $existingContextInfo.Path
         }
 
         $contextJson = ConvertTo-ContextJson -Context $Context -ID $ID
@@ -108,20 +122,6 @@ function Set-Context {
         if ($PSCmdlet.ShouldProcess($ID, 'Set context')) {
             Write-Verbose "Setting context [$ID] in vault"
             Set-Content -Path $Path -Value $param
-            $content = Get-Content -Path $Path
-            $contextInfoObj = $content | ConvertFrom-Json
-            $params = @{
-                SealedBox  = $contextInfoObj.Context
-                PublicKey  = $script:Config.PublicKey
-                PrivateKey = $script:Config.PrivateKey
-            }
-            $contextObj = ConvertFrom-SodiumSealedBox @params
-            Write-Verbose ($contextObj | Format-List | Out-String)
-            $script:Contexts[$ID] = [PSCustomObject]@{
-                ID      = $ID
-                Path    = $Path
-                Context = ConvertFrom-ContextJson -JsonString $contextObj
-            }
         }
 
         if ($PassThru) {
diff --git a/src/variables/private/Config.ps1 b/src/variables/private/Config.ps1
@@ -1,7 +1,7 @@
 ﻿$script:Config = [pscustomobject]@{
     Initialized   = $false                                           # Has the vault been initialized?
     VaultPath     = Join-Path -Path $HOME -ChildPath '.contextvault' # Vault directory path
-    SeedShardPath = 'vault.shard'                                  # Seed shard path (relative to VaultPath)
+    SeedShardPath = 'vault.shard'                                    # Seed shard path (relative to VaultPath)
     PrivateKey    = $null                                            # Private key (populated on init)
     PublicKey     = $null                                            # Public key (populated on init)
 }
diff --git a/src/variables/private/Contexts.ps1 b/src/variables/private/Contexts.ps1

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`$script:Config = [pscustomobject]@{`
`2`	`2`	`Initialized = $false # Has the vault been initialized?`
`3`	`3`	`VaultPath = Join-Path -Path $HOME -ChildPath '.contextvault' # Vault directory path`
`4`		`- SeedShardPath = 'vault.shard' # Seed shard path (relative to VaultPath)`
	`4`	`+ SeedShardPath = 'vault.shard' # Seed shard path (relative to VaultPath)`
`5`	`5`	`PrivateKey = $null # Private key (populated on init)`
`6`	`6`	`PublicKey = $null # Public key (populated on init)`
`7`	`7`	`}`