fix: add 'keyMismatch' to the AppInfos interface for better error handling

riderx · riderx · commit ba972f549040 · 2025-12-15T23:31:39.000Z
diff --git a/src/content/docs/docs/plugins/updater/debugging.mdx b/src/content/docs/docs/plugins/updater/debugging.mdx
@@ -32,6 +32,7 @@ import { LinkCard, CardGrid } from '@astrojs/starlight/components';
 | **missingBundle**                              | The bundle assigned to this channel has no downloadable content. This means the bundle has no `external_url`, no `r2_path`, it's not a built-in version, and there are no manifest entries available for download.                                                                                                                   |
 | **NoChannelOrOverride**                        | No default channel is configured for this app and the device has no specific channel override assigned. At least one must be present for updates to work.                                                                                                     |
 | **rateLimited**                                | The device has been rate limited due to excessive requests.                                                                                                        |
+| **keyMismatch**                                | The device's encryption public key does not match the public key used to encrypt the bundle. This happens when: (1) The public key in your app's `capacitor.config.json` is different from the one used when uploading the bundle, or (2) You rotated your encryption keys but haven't updated all devices yet. The response includes both `deviceKeyId` and `bundleKeyId` (first 4 characters of each public key) to help identify the mismatch. To fix this, ensure the same key pair is used both for uploading bundles (CLI uses private key) and in the app (capacitor.config.json contains public key). |
 
 
 ### Sent from the device
@@ -55,7 +56,7 @@ import { LinkCard, CardGrid } from '@astrojs/starlight/components';
 | **download_manifest_brotli_fail** | The manifest file failed to decompress using Brotli.                       |
 | **download_fail**     | The new bundle failed to download.                                                |
 | **update_fail**       | The new bundle has been installed but failed to call `notifyAppReady`.            |
-| **checksum_fail**     | The new bundle failed to validate the checksum. If you're using Capgo Cloud and encounter this error, it typically means your app version is expecting a different checksum type. The latest version of the CLI and plugins (version 5.10.0+, 6.25.0+ or 7+) use SHA256 checksums, while older plugins used CRC32. If you see a checksum fail, check if the checksum is CRC32 (a shorter hash) rather than SHA256. This usually indicates the bundle was uploaded with an old version of the CLI. Verify your bundle version in the Capgo dashboard - bundles created since version 5.10.0/6.25.0/7 should use SHA256. If you're seeing CRC32 checksums, ensure you have the latest plugin version installed locally (the CLI checks your local plugin version to determine which checksum type to upload), then upgrade your CLI and re-upload the bundle.                                   |
+| **checksum_fail**     | The new bundle failed to validate the checksum. This can happen for several reasons: **1) Checksum type mismatch:** The latest version of the CLI and plugins (version 5.10.0+, 6.25.0+ or 7+) use SHA256 checksums, while older plugins used CRC32. If you see a checksum fail, check if the checksum is CRC32 (a shorter hash) rather than SHA256. This usually indicates the bundle was uploaded with an old version of the CLI. Verify your bundle version in the Capgo dashboard - bundles created since version 5.10.0/6.25.0/7 should use SHA256. If you're seeing CRC32 checksums, ensure you have the latest plugin version installed locally (the CLI checks your local plugin version to determine which checksum type to upload), then upgrade your CLI and re-upload the bundle. **2) Encryption key mismatch (on plugin versions below 8.3.0 or 5/6/7.38.0):** On older plugin versions, if the device's public key doesn't match the key used to encrypt the bundle, the decryption will fail silently and cause a checksum failure. If you're using encryption and see `checksum_fail`, verify that the public key in your app's `capacitor.config.json` matches the private key used to upload the bundle. Upgrading to plugin version 8.3.0+ (or 5/6/7.38.0+) will give you a proper `keyMismatch` error from the server instead, making this issue easier to diagnose. |
 | **windows_path_fail** | The zip has files who contain windows path who are illegal                        |
 | **canonical_path_fail** | The path of files is not canonical                                              |
 | **directory_path_fail** | There is an error in the path of zip files                                         |
diff --git a/src/content/docs/docs/plugins/updater/self-hosted/handling-stats.mdx b/src/content/docs/docs/plugins/updater/self-hosted/handling-stats.mdx
@@ -119,6 +119,7 @@ interface AppInfos {
           'rateLimited' |
           'disableAutoUpdate' |
           'InvalidIp' |
+          'keyMismatch' |
           'blocked_by_server_url'
   version_build: string
   version_code: string
