Merge pull request 'chore: remove stale .cursorrules and coverage.out' (#22) from chore/remove-stale-files into main

Reviewed-on: sneak/secret#22

.cursorrules

@@ -1,3 +0,0 @@
-EXTREMELY IMPORTANT: Read and follow the policies, procedures, and
-instructions in the `AGENTS.md` file in the root of the repository.  Make
-sure you follow *all* of the instructions meticulously.

.gitignore

@@ -6,3 +6,7 @@ cli.test
 vault.test
 *.test
 settings.local.json
+
+# Stale files
+.cursorrules
+coverage.out

coverage.out

@@ -1,102 +0,0 @@
-mode: set
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:57.41,60.38 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:60.38,61.41 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:65.2,70.3 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:74.50,76.2 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:79.85,81.28 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:81.28,83.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:86.2,87.16 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:87.16,89.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:92.2,93.16 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:93.16,95.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:98.2,98.35 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:102.89,105.16 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:105.16,107.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:110.2,114.21 4 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:118.99,119.46 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:119.46,121.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:124.2,134.39 5 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:134.39,137.15 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:137.15,140.4 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:143.3,145.17 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:145.17,147.4 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:150.3,150.15 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:150.15,152.4 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:155.3,156.17 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:156.17,158.4 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:160.3,160.14 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:163.2,163.17 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:167.107,171.16 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:171.16,173.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:177.2,186.15 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:187.15,188.13 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:189.15,190.13 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:191.15,192.13 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:193.15,194.13 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:195.15,196.13 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:197.10,198.64 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:202.2,204.21 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:208.84,212.16 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:212.16,214.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:217.2,222.16 4 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:222.16,224.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:226.2,226.26 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:230.99,234.16 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:234.16,236.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:239.2,251.45 6 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:251.45,253.3 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:256.2,275.45 12 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:279.39,284.2 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:287.91,288.36 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:288.36,290.3 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:292.2,295.16 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:295.16,297.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:300.2,302.41 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:306.100,307.32 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:307.32,309.3 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:311.2,314.16 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:314.16,316.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:319.2,325.35 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:325.35,327.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:329.2,329.33 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:333.100,334.32 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:334.32,336.3 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:338.2,341.16 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:341.16,343.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:346.2,349.32 2 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:349.32,351.3 1 0
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:353.2,353.30 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:357.57,375.52 7 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:375.52,381.46 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:381.46,385.4 3 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:387.3,387.20 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:390.2,390.21 1 1
-git.eeqj.de/sneak/secret/pkg/bip85/bip85.go:394.67,396.2 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:32.22,36.2 3 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:40.67,41.31 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:41.31,43.3 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:46.2,55.16 6 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:55.16,57.3 1 0
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:58.2,59.16 2 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:59.16,61.3 1 0
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:63.2,63.52 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:68.63,74.16 3 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:74.16,76.3 1 0
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:79.2,83.16 3 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:83.16,85.3 1 0
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:88.2,91.16 4 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:91.16,93.3 1 0
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:95.2,95.17 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:100.67,103.16 2 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:103.16,105.3 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:108.2,112.16 3 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:112.16,114.3 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:117.2,120.16 4 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:120.16,122.3 1 0
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:124.2,124.17 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:129.77,131.16 2 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:131.16,133.3 1 0
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:135.2,135.33 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:140.81,142.16 2 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:142.16,144.3 1 1
-git.eeqj.de/sneak/secret/pkg/agehd/agehd.go:146.2,146.33 1 1

internal/cli/completions.go

@@ -71,6 +71,8 @@ func getUnlockerIDsCompletionFunc(fs afero.Fs, stateDir string) func(
 			unlockersDir := filepath.Join(vaultDir, "unlockers.d")
 			files, err := afero.ReadDir(fs, unlockersDir)
 			if err != nil {
+				secret.Warn("Could not read unlockers directory during completion", "error", err)
+
 				continue
 			}
 
@@ -85,11 +87,15 @@ func getUnlockerIDsCompletionFunc(fs afero.Fs, stateDir string) func(
 				// Check if this is the right unlocker by comparing metadata
 				metadataBytes, err := afero.ReadFile(fs, metadataPath)
 				if err != nil {
+					secret.Warn("Could not read unlocker metadata during completion", "path", metadataPath, "error", err)
+
 					continue
 				}
 
 				var diskMetadata secret.UnlockerMetadata
 				if err := json.Unmarshal(metadataBytes, &diskMetadata); err != nil {
+					secret.Warn("Could not parse unlocker metadata during completion", "path", metadataPath, "error", err)
+
 					continue
 				}
 

internal/cli/info_helper.go

@@ -4,6 +4,7 @@ import (
 	"path/filepath"
 	"time"
 
+	"git.eeqj.de/sneak/secret/internal/secret"
 	"github.com/spf13/afero"
 )
 
@@ -28,6 +29,8 @@ func gatherVaultStats(
 		// Count secrets in this vault
 		secretEntries, err := afero.ReadDir(fs, secretsPath)
 		if err != nil {
+			secret.Warn("Could not read secrets directory for vault", "vault", vaultEntry.Name(), "error", err)
+
 			continue
 		}
 
@@ -43,6 +46,8 @@ func gatherVaultStats(
 			versionsPath := filepath.Join(secretPath, "versions")
 			versionEntries, err := afero.ReadDir(fs, versionsPath)
 			if err != nil {
+				secret.Warn("Could not read versions directory for secret", "secret", secretEntry.Name(), "error", err)
+
 				continue
 			}
 

internal/cli/secrets.go

@@ -507,7 +507,7 @@ func (cli *Instance) ImportSecret(cmd *cobra.Command, secretName, sourceFile str
 	}
 	defer func() {
 		if err := file.Close(); err != nil {
-			secret.Debug("Failed to close file", "error", err)
+			secret.Warn("Failed to close file", "error", err)
 		}
 	}()
 

internal/cli/unlockers.go

@@ -271,6 +271,8 @@ func (cli *Instance) UnlockersList(jsonOutput bool) error {
 		// Create unlocker instance to get the proper ID
 		vaultDir, err := vlt.GetDirectory()
 		if err != nil {
+			secret.Warn("Could not get vault directory while listing unlockers", "error", err)
+
 			continue
 		}
 
@@ -278,6 +280,8 @@ func (cli *Instance) UnlockersList(jsonOutput bool) error {
 		unlockersDir := filepath.Join(vaultDir, "unlockers.d")
 		files, err := afero.ReadDir(cli.fs, unlockersDir)
 		if err != nil {
+			secret.Warn("Could not read unlockers directory", "error", err)
+
 			continue
 		}
 
@@ -293,12 +297,16 @@ func (cli *Instance) UnlockersList(jsonOutput bool) error {
 			// Check if this is the right unlocker by comparing metadata
 			metadataBytes, err := afero.ReadFile(cli.fs, metadataPath)
 			if err != nil {
-				continue // FIXME this error needs to be handled
+				secret.Warn("Could not read unlocker metadata file", "path", metadataPath, "error", err)
+
+				continue
 			}
 
 			var diskMetadata secret.UnlockerMetadata
 			if err := json.Unmarshal(metadataBytes, &diskMetadata); err != nil {
-				continue // FIXME this error needs to be handled
+				secret.Warn("Could not parse unlocker metadata file", "path", metadataPath, "error", err)
+
+				continue
 			}
 
 			// Match by type and creation time
@@ -324,6 +332,7 @@ func (cli *Instance) UnlockersList(jsonOutput bool) error {
 		} else {
 			// Generate ID as fallback
 			properID = fmt.Sprintf("%s-%s", metadata.CreatedAt.Format("2006-01-02.15.04"), metadata.Type)
+			secret.Warn("Could not create unlocker instance, using fallback ID", "fallback_id", properID, "type", metadata.Type)
 		}
 
 		unlockerInfo := UnlockerInfo{
@@ -590,12 +599,16 @@ func (cli *Instance) checkUnlockerExists(vlt *vault.Vault, unlockerID string) er
 	// Get the list of unlockers and check if any match the ID
 	unlockers, err := vlt.ListUnlockers()
 	if err != nil {
+		secret.Warn("Could not list unlockers during duplicate check", "error", err)
+
 		return nil // If we can't list unlockers, assume it doesn't exist
 	}
 
 	// Get vault directory to construct unlocker instances
 	vaultDir, err := vlt.GetDirectory()
 	if err != nil {
+		secret.Warn("Could not get vault directory during duplicate check", "error", err)
+
 		return nil
 	}
 
@@ -605,6 +618,8 @@ func (cli *Instance) checkUnlockerExists(vlt *vault.Vault, unlockerID string) er
 		unlockersDir := filepath.Join(vaultDir, "unlockers.d")
 		files, err := afero.ReadDir(cli.fs, unlockersDir)
 		if err != nil {
+			secret.Warn("Could not read unlockers directory during duplicate check", "error", err)
+
 			continue
 		}
 
@@ -619,11 +634,15 @@ func (cli *Instance) checkUnlockerExists(vlt *vault.Vault, unlockerID string) er
 			// Check if this matches our metadata
 			metadataBytes, err := afero.ReadFile(cli.fs, metadataPath)
 			if err != nil {
+				secret.Warn("Could not read unlocker metadata during duplicate check", "path", metadataPath, "error", err)
+
 				continue
 			}
 
 			var diskMetadata secret.UnlockerMetadata
 			if err := json.Unmarshal(metadataBytes, &diskMetadata); err != nil {
+				secret.Warn("Could not parse unlocker metadata during duplicate check", "path", metadataPath, "error", err)
+
 				continue
 			}
 

internal/cli/version.go

@@ -164,7 +164,7 @@ func (cli *Instance) ListVersions(cmd *cobra.Command, secretName string) error {
 
 		// Load metadata
 		if err := sv.LoadMetadata(ltIdentity); err != nil {
-			secret.Debug("Failed to load version metadata", "version", version, "error", err)
+			secret.Warn("Failed to load version metadata", "version", version, "error", err)
 			// Display version with error
 			status := "error"
 			if version == currentVersion {

internal/secret/debug.go

@@ -58,6 +58,16 @@ func IsDebugEnabled() bool {
 	return debugEnabled
 }
 
+// Warn logs a warning message to stderr unconditionally (visible without --verbose or debug flags)
+func Warn(msg string, args ...any) {
+	output := fmt.Sprintf("WARNING: %s", msg)
+	for i := 0; i+1 < len(args); i += 2 {
+		output += fmt.Sprintf(" %s=%v", args[i], args[i+1])
+	}
+	output += "\n"
+	fmt.Fprint(os.Stderr, output)
+}
+
 // Debug logs a debug message with optional attributes
 func Debug(msg string, args ...any) {
 	if !debugEnabled {

internal/secret/helpers.go

@@ -53,7 +53,10 @@ func DetermineStateDir(customConfigDir string) (string, error) {
 			return "", fmt.Errorf("unable to determine state directory: config dir: %w, home dir: %w", err, homeErr)
 		}
 
-		return filepath.Join(homeDir, ".config", AppID), nil
+		fallbackDir := filepath.Join(homeDir, ".config", AppID)
+		Warn("Could not determine user config directory, falling back to default", "fallback", fallbackDir, "error", err)
+
+		return fallbackDir, nil
 	}
 
 	return filepath.Join(configDir, AppID), nil

internal/secret/version.go

@@ -102,6 +102,8 @@ func GenerateVersionName(fs afero.Fs, secretDir string) (string, error) {
 
 		var serial int
 		if _, err := fmt.Sscanf(parts[1], "%03d", &serial); err != nil {
+			Warn("Skipping malformed version directory name", "name", entry.Name(), "error", err)
+
 			continue
 		}
 

internal/vault/unlockers.go

@@ -213,7 +213,9 @@ func (v *Vault) ListUnlockers() ([]UnlockerMetadata, error) {
 				return nil, fmt.Errorf("failed to check if metadata exists for unlocker %s: %w", file.Name(), err)
 			}
 			if !exists {
-				return nil, fmt.Errorf("unlocker directory %s is missing metadata file", file.Name())
+				secret.Warn("Skipping unlocker directory with missing metadata file", "directory", file.Name())
+
+				continue
 			}
 
 			metadataBytes, err := afero.ReadFile(v.fs, metadataPath)

internal/vault/vault_test.go

@@ -243,3 +243,57 @@ func TestVaultOperations(t *testing.T) {
 		}
 	})
 }
+
+func TestListUnlockers_SkipsMissingMetadata(t *testing.T) {
+	// Set test environment variables
+	testMnemonic := "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
+	t.Setenv(secret.EnvMnemonic, testMnemonic)
+	t.Setenv(secret.EnvUnlockPassphrase, "test-passphrase")
+
+	// Use in-memory filesystem
+	fs := afero.NewMemMapFs()
+	stateDir := "/test/state"
+
+	// Create vault
+	vlt, err := CreateVault(fs, stateDir, "test-vault")
+	if err != nil {
+		t.Fatalf("Failed to create vault: %v", err)
+	}
+
+	// Create a passphrase unlocker so we have at least one valid unlocker
+	passphraseBuffer := memguard.NewBufferFromBytes([]byte("test-passphrase"))
+	defer passphraseBuffer.Destroy()
+	_, err = vlt.CreatePassphraseUnlocker(passphraseBuffer)
+	if err != nil {
+		t.Fatalf("Failed to create passphrase unlocker: %v", err)
+	}
+
+	// Create a bogus unlocker directory with no metadata file
+	vaultDir, err := vlt.GetDirectory()
+	if err != nil {
+		t.Fatalf("Failed to get vault directory: %v", err)
+	}
+	bogusDir := filepath.Join(vaultDir, "unlockers.d", "bogus-no-metadata")
+	err = fs.MkdirAll(bogusDir, 0o700)
+	if err != nil {
+		t.Fatalf("Failed to create bogus directory: %v", err)
+	}
+
+	// ListUnlockers should succeed, skipping the bogus directory
+	unlockers, err := vlt.ListUnlockers()
+	if err != nil {
+		t.Fatalf("ListUnlockers returned error when it should have skipped bad directory: %v", err)
+	}
+
+	// Should still have the valid passphrase unlocker
+	if len(unlockers) == 0 {
+		t.Errorf("Expected at least one unlocker, got none")
+	}
+
+	// Verify we only got the valid unlocker(s), not the bogus one
+	for _, u := range unlockers {
+		if u.Type == "" {
+			t.Errorf("Got unlocker with empty type, likely from bogus directory")
+		}
+	}
+}