Add secret.Warn() calls for all silent anomalous conditions

Audit of the codebase found 9 locations where errors or anomalous conditions were silently swallowed or only logged via Debug(). Users should be informed when something unexpected happens, even if the program can continue. Changes: - DetermineStateDir: warn on config dir fallback to ~/.config - info_helper: warn when vault/secret stats cannot be read - unlockers list: warn on metadata read/parse failures (fixes FIXMEs) - unlockers list: warn on fallback ID generation - checkUnlockerExists: warn on errors during duplicate checking - completions: warn on unlocker metadata read/parse failures - version list: upgrade metadata load failure from Debug to Warn - secrets: upgrade file close failure from Debug to Warn - version naming: warn on malformed version directory names Closes #19
2026-02-20 00:03:49 -08:00 · 2026-02-20 00:03:49 -08:00 · 78015afb35
commit 78015afb35
parent 1c330c697f
7 changed files with 40 additions and 5 deletions
--- a/internal/cli/completions.go
+++ b/internal/cli/completions.go
@ -71,6 +71,8 @@ func getUnlockerIDsCompletionFunc(fs afero.Fs, stateDir string) func(
 			unlockersDir := filepath.Join(vaultDir, "unlockers.d")
 			files, err := afero.ReadDir(fs, unlockersDir)
 			if err != nil {
+				secret.Warn("Could not read unlockers directory during completion", "error", err)
+
 				continue
 			}

@ -85,11 +87,15 @@ func getUnlockerIDsCompletionFunc(fs afero.Fs, stateDir string) func(
 				// Check if this is the right unlocker by comparing metadata
 				metadataBytes, err := afero.ReadFile(fs, metadataPath)
 				if err != nil {
+					secret.Warn("Could not read unlocker metadata during completion", "path", metadataPath, "error", err)
+
 					continue
 				}

 				var diskMetadata secret.UnlockerMetadata
 				if err := json.Unmarshal(metadataBytes, &diskMetadata); err != nil {
+					secret.Warn("Could not parse unlocker metadata during completion", "path", metadataPath, "error", err)
+
 					continue
 				}

--- a/internal/cli/info_helper.go
+++ b/internal/cli/info_helper.go
@ -4,6 +4,7 @@ import (
 	"path/filepath"
 	"time"

+	"git.eeqj.de/sneak/secret/internal/secret"
 	"github.com/spf13/afero"
 )

@ -28,6 +29,8 @@ func gatherVaultStats(
 		// Count secrets in this vault
 		secretEntries, err := afero.ReadDir(fs, secretsPath)
 		if err != nil {
+			secret.Warn("Could not read secrets directory for vault", "vault", vaultEntry.Name(), "error", err)
+
 			continue
 		}

@ -43,6 +46,8 @@ func gatherVaultStats(
 			versionsPath := filepath.Join(secretPath, "versions")
 			versionEntries, err := afero.ReadDir(fs, versionsPath)
 			if err != nil {
+				secret.Warn("Could not read versions directory for secret", "secret", secretEntry.Name(), "error", err)
+
 				continue
 			}

--- a/internal/cli/secrets.go
+++ b/internal/cli/secrets.go
@ -507,7 +507,7 @@ func (cli *Instance) ImportSecret(cmd *cobra.Command, secretName, sourceFile str
 	}
 	defer func() {
 		if err := file.Close(); err != nil {
-			secret.Debug("Failed to close file", "error", err)
+			secret.Warn("Failed to close file", "error", err)
 		}
 	}()

--- a/internal/cli/unlockers.go
+++ b/internal/cli/unlockers.go
@ -271,6 +271,8 @@ func (cli *Instance) UnlockersList(jsonOutput bool) error {
 		// Create unlocker instance to get the proper ID
 		vaultDir, err := vlt.GetDirectory()
 		if err != nil {
+			secret.Warn("Could not get vault directory while listing unlockers", "error", err)
+
 			continue
 		}

@ -278,6 +280,8 @@ func (cli *Instance) UnlockersList(jsonOutput bool) error {
 		unlockersDir := filepath.Join(vaultDir, "unlockers.d")
 		files, err := afero.ReadDir(cli.fs, unlockersDir)
 		if err != nil {
+			secret.Warn("Could not read unlockers directory", "error", err)
+
 			continue
 		}

@ -293,12 +297,16 @@ func (cli *Instance) UnlockersList(jsonOutput bool) error {
 			// Check if this is the right unlocker by comparing metadata
 			metadataBytes, err := afero.ReadFile(cli.fs, metadataPath)
 			if err != nil {
-				continue // FIXME this error needs to be handled
+				secret.Warn("Could not read unlocker metadata file", "path", metadataPath, "error", err)
+
+				continue
 			}

 			var diskMetadata secret.UnlockerMetadata
 			if err := json.Unmarshal(metadataBytes, &diskMetadata); err != nil {
-				continue // FIXME this error needs to be handled
+				secret.Warn("Could not parse unlocker metadata file", "path", metadataPath, "error", err)
+
+				continue
 			}

 			// Match by type and creation time
@ -324,6 +332,7 @@ func (cli *Instance) UnlockersList(jsonOutput bool) error {
 		} else {
 			// Generate ID as fallback
 			properID = fmt.Sprintf("%s-%s", metadata.CreatedAt.Format("2006-01-02.15.04"), metadata.Type)
+			secret.Warn("Could not create unlocker instance, using fallback ID", "fallback_id", properID, "type", metadata.Type)
 		}

 		unlockerInfo := UnlockerInfo{
@ -590,12 +599,16 @@ func (cli *Instance) checkUnlockerExists(vlt *vault.Vault, unlockerID string) er
 	// Get the list of unlockers and check if any match the ID
 	unlockers, err := vlt.ListUnlockers()
 	if err != nil {
+		secret.Warn("Could not list unlockers during duplicate check", "error", err)
+
 		return nil // If we can't list unlockers, assume it doesn't exist
 	}

 	// Get vault directory to construct unlocker instances
 	vaultDir, err := vlt.GetDirectory()
 	if err != nil {
+		secret.Warn("Could not get vault directory during duplicate check", "error", err)
+
 		return nil
 	}

@ -605,6 +618,8 @@ func (cli *Instance) checkUnlockerExists(vlt *vault.Vault, unlockerID string) er
 		unlockersDir := filepath.Join(vaultDir, "unlockers.d")
 		files, err := afero.ReadDir(cli.fs, unlockersDir)
 		if err != nil {
+			secret.Warn("Could not read unlockers directory during duplicate check", "error", err)
+
 			continue
 		}

@ -619,11 +634,15 @@ func (cli *Instance) checkUnlockerExists(vlt *vault.Vault, unlockerID string) er
 			// Check if this matches our metadata
 			metadataBytes, err := afero.ReadFile(cli.fs, metadataPath)
 			if err != nil {
+				secret.Warn("Could not read unlocker metadata during duplicate check", "path", metadataPath, "error", err)
+
 				continue
 			}

 			var diskMetadata secret.UnlockerMetadata
 			if err := json.Unmarshal(metadataBytes, &diskMetadata); err != nil {
+				secret.Warn("Could not parse unlocker metadata during duplicate check", "path", metadataPath, "error", err)
+
 				continue
 			}

--- a/internal/cli/version.go
+++ b/internal/cli/version.go
@ -164,7 +164,7 @@ func (cli *Instance) ListVersions(cmd *cobra.Command, secretName string) error {

 		// Load metadata
 		if err := sv.LoadMetadata(ltIdentity); err != nil {
-			secret.Debug("Failed to load version metadata", "version", version, "error", err)
+			secret.Warn("Failed to load version metadata", "version", version, "error", err)
 			// Display version with error
 			status := "error"
 			if version == currentVersion {
--- a/internal/secret/helpers.go
+++ b/internal/secret/helpers.go
@ -53,7 +53,10 @@ func DetermineStateDir(customConfigDir string) (string, error) {
 			return "", fmt.Errorf("unable to determine state directory: config dir: %w, home dir: %w", err, homeErr)
 		}

-		return filepath.Join(homeDir, ".config", AppID), nil
+		fallbackDir := filepath.Join(homeDir, ".config", AppID)
+		Warn("Could not determine user config directory, falling back to default", "fallback", fallbackDir, "error", err)
+
+		return fallbackDir, nil
 	}

 	return filepath.Join(configDir, AppID), nil
--- a/internal/secret/version.go
+++ b/internal/secret/version.go
@ -102,6 +102,8 @@ func GenerateVersionName(fs afero.Fs, secretDir string) (string, error) {

 		var serial int
 		if _, err := fmt.Sscanf(parts[1], "%03d", &serial); err != nil {
+			Warn("Skipping malformed version directory name", "name", entry.Name(), "error", err)
+
 			continue
 		}