sneak/secret
1
0
Fork 1
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: sneak:412514bc9047613d99ba7972591f74700a270375
Branches Tags
sneak:main
sneak:ci/make-check
sneak:chore/remove-stale-files
sneak:fix-memory-security
...
compare: sneak:c0f221b1ca2e4cfab0726e100e6f303557d954b1
Branches Tags
sneak:ci/make-check
sneak:chore/remove-stale-files
sneak:main
sneak:fix-memory-security

7 Commits
412514bc90 ... c0f221b1ca

Author SHA1 Message Date
user
c0f221b1ca Change missing metadata log from Debug to Warn for visibility without --verbose 
Per review feedback: missing unlocker metadata should produce a warning
visible in normal output, not hidden behind debug flags.
 2026-02-19 23:57:39 -08:00
clawbot
1a96360f6a Skip unlocker directories with missing metadata instead of failing 
When an unlocker directory exists but is missing unlocker-metadata.json,
log a debug warning and skip it instead of returning a hard error that
crashes the entire 'unlocker ls' command.

Closes #1
 2026-02-19 23:56:08 -08:00
Jeffrey Paul
4f5d2126d6 Merge pull request 'Return error from GetDefaultStateDir when home directory unavailable (closes #14)' (#18) from clawbot/secret:fix/issue-14 into main 
Reviewed-on: #18
 2026-02-20 08:54:22 +01:00
clawbot
6be4601763 refactor: return errors from NewCLIInstance instead of panicking 
Change NewCLIInstance() and NewCLIInstanceWithFs() to return
(*Instance, error) instead of panicking on DetermineStateDir failure.

Callers in RunE contexts propagate the error. Callers in command
construction (for shell completion) use log.Fatalf. Test callers
use t.Fatalf.

Addresses review feedback on PR #18.
 2026-02-19 23:53:35 -08:00
user
36ece2fca7 docs: add Go coding policies to AGENTS.md per review request 2026-02-19 23:53:23 -08:00
clawbot
d1caf0a208 fix: suppress gosec G204 for validated GPG key ID inputs 2026-02-19 23:40:21 -08:00
clawbot
6211b8e768 Return error from GetDefaultStateDir when home directory unavailable 
When os.UserConfigDir() fails, DetermineStateDir falls back to
os.UserHomeDir(). Previously the error from UserHomeDir was discarded,
which could result in a dangerous root-relative path (/.config/...) if
both calls fail.

Now DetermineStateDir returns (string, error) and propagates failures
from both UserConfigDir and UserHomeDir.

Closes #14
 2026-02-15 14:05:15 -08:00
19 changed files with 318 additions and 54 deletions
Show Stats Expand all files Collapse all files

14
AGENTS.md
View File

@ -141,3 +141,17 @@ Version: 2025-06-08
- Local application imports - Local application imports
Each group should be separated by a blank line. Each group should be separated by a blank line.
## Go-Specific Guidelines
1. **No `panic`, `log.Fatal`, or `os.Exit` in library code.** Always propagate errors via return values.
2. **Constructors return `(*T, error)`, not just `*T`.** Callers must handle errors, not crash.
3. **Wrap errors** with `fmt.Errorf("context: %w", err)` for debuggability.
4. **Never modify linter config** (`.golangci.yml`) to suppress findings. Fix the code.
5. **All PRs must pass `make check` with zero failures.** No exceptions, no "pre-existing issue" excuses.
6. **Pin external dependencies by commit hash**, not mutable tags.

18
internal/cli/cli.go
View File

@ -17,24 +17,30 @@ type Instance struct {
} }
// NewCLIInstance creates a new CLI instance with the real filesystem // NewCLIInstance creates a new CLI instance with the real filesystem
func NewCLIInstance() *Instance { func NewCLIInstance() (*Instance, error) {
fs := afero.NewOsFs() fs := afero.NewOsFs()
stateDir := secret.DetermineStateDir("") stateDir, err := secret.DetermineStateDir("")
if err != nil {
return nil, fmt.Errorf("cannot determine state directory: %w", err)
}
return &Instance{ return &Instance{
fs: fs, fs: fs,
stateDir: stateDir, stateDir: stateDir,
} }, nil
} }
// NewCLIInstanceWithFs creates a new CLI instance with the given filesystem (for testing) // NewCLIInstanceWithFs creates a new CLI instance with the given filesystem (for testing)
func NewCLIInstanceWithFs(fs afero.Fs) *Instance { func NewCLIInstanceWithFs(fs afero.Fs) (*Instance, error) {
stateDir := secret.DetermineStateDir("") stateDir, err := secret.DetermineStateDir("")
if err != nil {
return nil, fmt.Errorf("cannot determine state directory: %w", err)
}
return &Instance{ return &Instance{
fs: fs, fs: fs,
stateDir: stateDir, stateDir: stateDir,
} }, nil
} }
// NewCLIInstanceWithStateDir creates a new CLI instance with custom state directory (for testing) // NewCLIInstanceWithStateDir creates a new CLI instance with custom state directory (for testing)

15
internal/cli/cli_test.go
View File

@ -25,7 +25,10 @@ func TestCLIInstanceStateDir(t *testing.T) {
func TestCLIInstanceWithFs(t *testing.T) { func TestCLIInstanceWithFs(t *testing.T) {
// Test creating CLI instance with custom filesystem // Test creating CLI instance with custom filesystem
fs := afero.NewMemMapFs() fs := afero.NewMemMapFs()
cli := NewCLIInstanceWithFs(fs) cli, err := NewCLIInstanceWithFs(fs)
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
// The state directory should be determined automatically // The state directory should be determined automatically
stateDir := cli.GetStateDir() stateDir := cli.GetStateDir()
@ -41,7 +44,10 @@ func TestDetermineStateDir(t *testing.T) {
testEnvDir := "/test-env-dir" testEnvDir := "/test-env-dir"
t.Setenv(secret.EnvStateDir, testEnvDir) t.Setenv(secret.EnvStateDir, testEnvDir)
stateDir := secret.DetermineStateDir("") stateDir, err := secret.DetermineStateDir("")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if stateDir != testEnvDir { if stateDir != testEnvDir {
t.Errorf("Expected state directory %q from environment, got %q", testEnvDir, stateDir) t.Errorf("Expected state directory %q from environment, got %q", testEnvDir, stateDir)
} }
@ -49,7 +55,10 @@ func TestDetermineStateDir(t *testing.T) {
// Test with custom config dir // Test with custom config dir
_ = os.Unsetenv(secret.EnvStateDir) _ = os.Unsetenv(secret.EnvStateDir)
customConfigDir := "/custom-config" customConfigDir := "/custom-config"
stateDir = secret.DetermineStateDir(customConfigDir) stateDir, err = secret.DetermineStateDir(customConfigDir)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
expectedDir := filepath.Join(customConfigDir, secret.AppID) expectedDir := filepath.Join(customConfigDir, secret.AppID)
if stateDir != expectedDir { if stateDir != expectedDir {
t.Errorf("Expected state directory %q with custom config, got %q", expectedDir, stateDir) t.Errorf("Expected state directory %q with custom config, got %q", expectedDir, stateDir)

10
internal/cli/crypto.go
View File

@ -22,7 +22,10 @@ func newEncryptCmd() *cobra.Command {
inputFile, _ := cmd.Flags().GetString("input") inputFile, _ := cmd.Flags().GetString("input")
outputFile, _ := cmd.Flags().GetString("output") outputFile, _ := cmd.Flags().GetString("output")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli.cmd = cmd cli.cmd = cmd
return cli.Encrypt(args[0], inputFile, outputFile) return cli.Encrypt(args[0], inputFile, outputFile)
@ -45,7 +48,10 @@ func newDecryptCmd() *cobra.Command {
inputFile, _ := cmd.Flags().GetString("input") inputFile, _ := cmd.Flags().GetString("input")
outputFile, _ := cmd.Flags().GetString("output") outputFile, _ := cmd.Flags().GetString("output")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli.cmd = cmd cli.cmd = cmd
return cli.Decrypt(args[0], inputFile, outputFile) return cli.Decrypt(args[0], inputFile, outputFile)

10
internal/cli/generate.go
View File

@ -38,7 +38,10 @@ func newGenerateMnemonicCmd() *cobra.Command {
`mnemonic phrase that can be used with 'secret init' ` + `mnemonic phrase that can be used with 'secret init' ` +
`or 'secret import'.`, `or 'secret import'.`,
RunE: func(cmd *cobra.Command, _ []string) error { RunE: func(cmd *cobra.Command, _ []string) error {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.GenerateMnemonic(cmd) return cli.GenerateMnemonic(cmd)
}, },
@ -56,7 +59,10 @@ func newGenerateSecretCmd() *cobra.Command {
secretType, _ := cmd.Flags().GetString("type") secretType, _ := cmd.Flags().GetString("type")
force, _ := cmd.Flags().GetBool("force") force, _ := cmd.Flags().GetBool("force")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.GenerateSecret(cmd, args[0], length, secretType, force) return cli.GenerateSecret(cmd, args[0], length, secretType, force)
}, },

6
internal/cli/info.go
View File

@ -1,6 +1,7 @@
package cli package cli
import ( import (
"log"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
@ -40,7 +41,10 @@ type InfoOutput struct {
// newInfoCmd returns the info command // newInfoCmd returns the info command
func newInfoCmd() *cobra.Command { func newInfoCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
var jsonOutput bool var jsonOutput bool

6
internal/cli/init.go
View File

@ -1,6 +1,7 @@
package cli package cli
import ( import (
"log"
"fmt" "fmt"
"log/slog" "log/slog"
"os" "os"
@ -27,7 +28,10 @@ func NewInitCmd() *cobra.Command {
// RunInit is the exported function that handles the init command // RunInit is the exported function that handles the init command
func RunInit(cmd *cobra.Command, _ []string) error { func RunInit(cmd *cobra.Command, _ []string) error {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
return cli.Init(cmd) return cli.Init(cmd)
} }

46
internal/cli/secrets.go
View File

@ -1,6 +1,7 @@
package cli package cli
import ( import (
"log"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
@ -44,7 +45,10 @@ func newAddCmd() *cobra.Command {
force, _ := cmd.Flags().GetBool("force") force, _ := cmd.Flags().GetBool("force")
secret.Debug("Got force flag", "force", force) secret.Debug("Got force flag", "force", force)
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli.cmd = cmd // Set the command for stdin access cli.cmd = cmd // Set the command for stdin access
secret.Debug("Created CLI instance, calling AddSecret") secret.Debug("Created CLI instance, calling AddSecret")
@ -58,7 +62,10 @@ func newAddCmd() *cobra.Command {
} }
func newGetCmd() *cobra.Command { func newGetCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "get <secret-name>", Use: "get <secret-name>",
Short: "Retrieve a secret from the vault", Short: "Retrieve a secret from the vault",
@ -66,7 +73,10 @@ func newGetCmd() *cobra.Command {
ValidArgsFunction: getSecretNamesCompletionFunc(cli.fs, cli.stateDir), ValidArgsFunction: getSecretNamesCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
version, _ := cmd.Flags().GetString("version") version, _ := cmd.Flags().GetString("version")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.GetSecretWithVersion(cmd, args[0], version) return cli.GetSecretWithVersion(cmd, args[0], version)
}, },
@ -93,7 +103,10 @@ func newListCmd() *cobra.Command {
filter = args[0] filter = args[0]
} }
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.ListSecrets(cmd, jsonOutput, quietOutput, filter) return cli.ListSecrets(cmd, jsonOutput, quietOutput, filter)
}, },
@ -115,7 +128,10 @@ func newImportCmd() *cobra.Command {
sourceFile, _ := cmd.Flags().GetString("source") sourceFile, _ := cmd.Flags().GetString("source")
force, _ := cmd.Flags().GetBool("force") force, _ := cmd.Flags().GetBool("force")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.ImportSecret(cmd, args[0], sourceFile, force) return cli.ImportSecret(cmd, args[0], sourceFile, force)
}, },
@ -129,7 +145,10 @@ func newImportCmd() *cobra.Command {
} }
func newRemoveCmd() *cobra.Command { func newRemoveCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "remove <secret-name>", Use: "remove <secret-name>",
Aliases: []string{"rm"}, Aliases: []string{"rm"},
@ -139,7 +158,10 @@ func newRemoveCmd() *cobra.Command {
Args: cobra.ExactArgs(1), Args: cobra.ExactArgs(1),
ValidArgsFunction: getSecretNamesCompletionFunc(cli.fs, cli.stateDir), ValidArgsFunction: getSecretNamesCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.RemoveSecret(cmd, args[0], false) return cli.RemoveSecret(cmd, args[0], false)
}, },
@ -149,7 +171,10 @@ func newRemoveCmd() *cobra.Command {
} }
func newMoveCmd() *cobra.Command { func newMoveCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "move <source> <destination>", Use: "move <source> <destination>",
Aliases: []string{"mv", "rename"}, Aliases: []string{"mv", "rename"},
@ -172,7 +197,10 @@ The source secret is deleted after successful copy.`,
}, },
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
force, _ := cmd.Flags().GetBool("force") force, _ := cmd.Flags().GetBool("force")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.MoveSecret(cmd, args[0], args[1], force) return cli.MoveSecret(cmd, args[0], args[1], force)
}, },

20
internal/cli/secrets_size_test.go
View File

@ -113,7 +113,10 @@ func TestAddSecretVariousSizes(t *testing.T) {
cmd.SetIn(stdin) cmd.SetIn(stdin)
// Create CLI instance // Create CLI instance
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli.fs = fs cli.fs = fs
cli.stateDir = stateDir cli.stateDir = stateDir
cli.cmd = cmd cli.cmd = cmd
@ -230,7 +233,10 @@ func TestImportSecretVariousSizes(t *testing.T) {
cmd := &cobra.Command{} cmd := &cobra.Command{}
// Create CLI instance // Create CLI instance
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli.fs = fs cli.fs = fs
cli.stateDir = stateDir cli.stateDir = stateDir
@ -318,7 +324,10 @@ func TestAddSecretBufferGrowth(t *testing.T) {
cmd.SetIn(stdin) cmd.SetIn(stdin)
// Create CLI instance // Create CLI instance
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli.fs = fs cli.fs = fs
cli.stateDir = stateDir cli.stateDir = stateDir
cli.cmd = cmd cli.cmd = cmd
@ -377,7 +386,10 @@ func TestAddSecretStreamingBehavior(t *testing.T) {
cmd.SetIn(slowReader) cmd.SetIn(slowReader)
// Create CLI instance // Create CLI instance
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli.fs = fs cli.fs = fs
cli.stateDir = stateDir cli.stateDir = stateDir
cli.cmd = cmd cli.cmd = cmd

31
internal/cli/unlockers.go
View File

@ -1,6 +1,7 @@
package cli package cli
import ( import (
"log"
"encoding/json" "encoding/json"
"fmt" "fmt"
"os" "os"
@ -96,7 +97,10 @@ func newUnlockerListCmd() *cobra.Command {
RunE: func(cmd *cobra.Command, _ []string) error { RunE: func(cmd *cobra.Command, _ []string) error {
jsonOutput, _ := cmd.Flags().GetBool("json") jsonOutput, _ := cmd.Flags().GetBool("json")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli.cmd = cmd cli.cmd = cmd
return cli.UnlockersList(jsonOutput) return cli.UnlockersList(jsonOutput)
@ -153,7 +157,10 @@ to access the same vault. This provides flexibility and backup access options.`,
Args: cobra.ExactArgs(1), Args: cobra.ExactArgs(1),
ValidArgs: strings.Split(supportedTypes, ", "), ValidArgs: strings.Split(supportedTypes, ", "),
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
unlockerType := args[0] unlockerType := args[0]
// Validate unlocker type // Validate unlocker type
@ -186,7 +193,10 @@ to access the same vault. This provides flexibility and backup access options.`,
} }
func newUnlockerRemoveCmd() *cobra.Command { func newUnlockerRemoveCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "remove <unlocker-id>", Use: "remove <unlocker-id>",
Aliases: []string{"rm"}, Aliases: []string{"rm"},
@ -198,7 +208,10 @@ func newUnlockerRemoveCmd() *cobra.Command {
ValidArgsFunction: getUnlockerIDsCompletionFunc(cli.fs, cli.stateDir), ValidArgsFunction: getUnlockerIDsCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
force, _ := cmd.Flags().GetBool("force") force, _ := cmd.Flags().GetBool("force")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.UnlockersRemove(args[0], force, cmd) return cli.UnlockersRemove(args[0], force, cmd)
}, },
@ -210,7 +223,10 @@ func newUnlockerRemoveCmd() *cobra.Command {
} }
func newUnlockerSelectCmd() *cobra.Command { func newUnlockerSelectCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
return &cobra.Command{ return &cobra.Command{
Use: "select <unlocker-id>", Use: "select <unlocker-id>",
@ -218,7 +234,10 @@ func newUnlockerSelectCmd() *cobra.Command {
Args: cobra.ExactArgs(1), Args: cobra.ExactArgs(1),
ValidArgsFunction: getUnlockerIDsCompletionFunc(cli.fs, cli.stateDir), ValidArgsFunction: getUnlockerIDsCompletionFunc(cli.fs, cli.stateDir),
RunE: func(_ *cobra.Command, args []string) error { RunE: func(_ *cobra.Command, args []string) error {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.UnlockerSelect(args[0]) return cli.UnlockerSelect(args[0])
}, },

41
internal/cli/vault.go
View File

@ -1,6 +1,7 @@
package cli package cli
import ( import (
"log"
"encoding/json" "encoding/json"
"fmt" "fmt"
"os" "os"
@ -41,7 +42,10 @@ func newVaultListCmd() *cobra.Command {
RunE: func(cmd *cobra.Command, _ []string) error { RunE: func(cmd *cobra.Command, _ []string) error {
jsonOutput, _ := cmd.Flags().GetBool("json") jsonOutput, _ := cmd.Flags().GetBool("json")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.ListVaults(cmd, jsonOutput) return cli.ListVaults(cmd, jsonOutput)
}, },
@ -58,7 +62,10 @@ func newVaultCreateCmd() *cobra.Command {
Short: "Create a new vault", Short: "Create a new vault",
Args: cobra.ExactArgs(1), Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.CreateVault(cmd, args[0]) return cli.CreateVault(cmd, args[0])
}, },
@ -66,7 +73,10 @@ func newVaultCreateCmd() *cobra.Command {
} }
func newVaultSelectCmd() *cobra.Command { func newVaultSelectCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
return &cobra.Command{ return &cobra.Command{
Use: "select <name>", Use: "select <name>",
@ -74,7 +84,10 @@ func newVaultSelectCmd() *cobra.Command {
Args: cobra.ExactArgs(1), Args: cobra.ExactArgs(1),
ValidArgsFunction: getVaultNamesCompletionFunc(cli.fs, cli.stateDir), ValidArgsFunction: getVaultNamesCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.SelectVault(cmd, args[0]) return cli.SelectVault(cmd, args[0])
}, },
@ -82,7 +95,10 @@ func newVaultSelectCmd() *cobra.Command {
} }
func newVaultImportCmd() *cobra.Command { func newVaultImportCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
return &cobra.Command{ return &cobra.Command{
Use: "import <vault-name>", Use: "import <vault-name>",
@ -96,7 +112,10 @@ func newVaultImportCmd() *cobra.Command {
vaultName = args[0] vaultName = args[0]
} }
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.VaultImport(cmd, vaultName) return cli.VaultImport(cmd, vaultName)
}, },
@ -104,7 +123,10 @@ func newVaultImportCmd() *cobra.Command {
} }
func newVaultRemoveCmd() *cobra.Command { func newVaultRemoveCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "remove <name>", Use: "remove <name>",
Aliases: []string{"rm"}, Aliases: []string{"rm"},
@ -115,7 +137,10 @@ func newVaultRemoveCmd() *cobra.Command {
ValidArgsFunction: getVaultNamesCompletionFunc(cli.fs, cli.stateDir), ValidArgsFunction: getVaultNamesCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
force, _ := cmd.Flags().GetBool("force") force, _ := cmd.Flags().GetBool("force")
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
return cli.RemoveVault(cmd, args[0], force) return cli.RemoveVault(cmd, args[0], force)
}, },

6
internal/cli/version.go
View File

@ -1,6 +1,7 @@
package cli package cli
import ( import (
"log"
"fmt" "fmt"
"path/filepath" "path/filepath"
"strings" "strings"
@ -18,7 +19,10 @@ const (
// newVersionCmd returns the version management command // newVersionCmd returns the version management command
func newVersionCmd() *cobra.Command { func newVersionCmd() *cobra.Command {
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
return VersionCommands(cli) return VersionCommands(cli)
} }

5
internal/cli/version_test.go
View File

@ -266,7 +266,10 @@ func TestGetSecretWithVersion(t *testing.T) {
func TestVersionCommandStructure(t *testing.T) { func TestVersionCommandStructure(t *testing.T) {
// Test that version commands are properly structured // Test that version commands are properly structured
cli := NewCLIInstance() cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cmd := VersionCommands(cli) cmd := VersionCommands(cli)
assert.Equal(t, "version", cmd.Use) assert.Equal(t, "version", cmd.Use)

10
internal/secret/debug.go
View File

@ -58,6 +58,16 @@ func IsDebugEnabled() bool {
return debugEnabled return debugEnabled
} }
// Warn logs a warning message to stderr unconditionally (visible without --verbose or debug flags)
func Warn(msg string, args ...any) {
output := fmt.Sprintf("WARNING: %s", msg)
for i := 0; i+1 < len(args); i += 2 {
output += fmt.Sprintf(" %s=%v", args[i], args[i+1])
}
output += "\n"
fmt.Fprint(os.Stderr, output)
}
// Debug logs a debug message with optional attributes // Debug logs a debug message with optional attributes
func Debug(msg string, args ...any) { func Debug(msg string, args ...any) {
if !debugEnabled { if !debugEnabled {

20
internal/secret/helpers.go
View File

@ -28,16 +28,17 @@ func generateRandomString(length int, charset string) (string, error) {
return string(result), nil return string(result), nil
} }
// DetermineStateDir determines the state directory based on environment variables and OS // DetermineStateDir determines the state directory based on environment variables and OS.
func DetermineStateDir(customConfigDir string) string { // It returns an error if no usable directory can be determined.
func DetermineStateDir(customConfigDir string) (string, error) {
// Check for environment variable first // Check for environment variable first
if envStateDir := os.Getenv(EnvStateDir); envStateDir != "" { if envStateDir := os.Getenv(EnvStateDir); envStateDir != "" {
return envStateDir return envStateDir, nil
} }
// Use custom config dir if provided // Use custom config dir if provided
if customConfigDir != "" { if customConfigDir != "" {
return filepath.Join(customConfigDir, AppID) return filepath.Join(customConfigDir, AppID), nil
} }
// Use os.UserConfigDir() which handles platform-specific directories: // Use os.UserConfigDir() which handles platform-specific directories:
@ -47,10 +48,13 @@ func DetermineStateDir(customConfigDir string) string {
configDir, err := os.UserConfigDir() configDir, err := os.UserConfigDir()
if err != nil { if err != nil {
// Fallback to a reasonable default if we can't determine user config dir // Fallback to a reasonable default if we can't determine user config dir
homeDir, _ := os.UserHomeDir() homeDir, homeErr := os.UserHomeDir()
if homeErr != nil {
return filepath.Join(homeDir, ".config", AppID) return "", fmt.Errorf("unable to determine state directory: config dir: %w, home dir: %w", err, homeErr)
} }
return filepath.Join(configDir, AppID) return filepath.Join(homeDir, ".config", AppID), nil
}
return filepath.Join(configDir, AppID), nil
} }

50
internal/secret/helpers_test.go Normal file
View File

@ -0,0 +1,50 @@
package secret
import (
"testing"
)
func TestDetermineStateDir_ErrorsWhenHomeDirUnavailable(t *testing.T) {
// Clear all env vars that could provide a home/config directory.
// On Darwin, os.UserHomeDir may still succeed via the password
// database, so we also test via an explicit empty-customConfigDir
// path to exercise the fallback branch.
t.Setenv(EnvStateDir, "")
t.Setenv("HOME", "")
t.Setenv("XDG_CONFIG_HOME", "")
result, err := DetermineStateDir("")
// On systems where both lookups fail, we must get an error.
// On systems where the OS provides a fallback (e.g. macOS pw db),
// result should still be valid (non-empty, not root-relative).
if err != nil {
// Good — the error case is handled.
return
}
if result == "/.config/"+AppID || result == "" {
t.Errorf("DetermineStateDir returned dangerous/empty path %q without error", result)
}
}
func TestDetermineStateDir_UsesEnvVar(t *testing.T) {
t.Setenv(EnvStateDir, "/custom/state")
result, err := DetermineStateDir("")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if result != "/custom/state" {
t.Errorf("expected /custom/state, got %q", result)
}
}
func TestDetermineStateDir_UsesCustomConfigDir(t *testing.T) {
t.Setenv(EnvStateDir, "")
result, err := DetermineStateDir("/my/config")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
expected := "/my/config/" + AppID
if result != expected {
t.Errorf("expected %q, got %q", expected, result)
}
}

8
internal/secret/pgpunlocker.go
View File

@ -320,7 +320,9 @@ func ResolveGPGKeyFingerprint(keyID string) (string, error) {
} }
// Use GPG to get the full fingerprint for the key // Use GPG to get the full fingerprint for the key
cmd := exec.Command("gpg", "--list-keys", "--with-colons", "--fingerprint", keyID) cmd := exec.Command( // #nosec G204 -- keyID validated
"gpg", "--list-keys", "--with-colons", "--fingerprint", keyID,
)
output, err := cmd.Output() output, err := cmd.Output()
if err != nil { if err != nil {
return "", fmt.Errorf("failed to resolve GPG key fingerprint: %w", err) return "", fmt.Errorf("failed to resolve GPG key fingerprint: %w", err)
@ -359,7 +361,9 @@ func gpgEncryptDefault(data *memguard.LockedBuffer, keyID string) ([]byte, error
return nil, fmt.Errorf("invalid GPG key ID: %w", err) return nil, fmt.Errorf("invalid GPG key ID: %w", err)
} }
cmd := exec.Command("gpg", "--trust-model", "always", "--armor", "--encrypt", "-r", keyID) cmd := exec.Command( // #nosec G204 -- keyID validated
"gpg", "--trust-model", "always", "--armor", "--encrypt", "-r", keyID,
)
cmd.Stdin = strings.NewReader(data.String()) cmd.Stdin = strings.NewReader(data.String())
output, err := cmd.Output() output, err := cmd.Output()

4
internal/vault/unlockers.go
View File

@ -213,7 +213,9 @@ func (v *Vault) ListUnlockers() ([]UnlockerMetadata, error) {
return nil, fmt.Errorf("failed to check if metadata exists for unlocker %s: %w", file.Name(), err) return nil, fmt.Errorf("failed to check if metadata exists for unlocker %s: %w", file.Name(), err)
} }
if !exists { if !exists {
return nil, fmt.Errorf("unlocker directory %s is missing metadata file", file.Name()) secret.Warn("Skipping unlocker directory with missing metadata file", "directory", file.Name())
continue
} }
metadataBytes, err := afero.ReadFile(v.fs, metadataPath) metadataBytes, err := afero.ReadFile(v.fs, metadataPath)

54
internal/vault/vault_test.go
View File

@ -243,3 +243,57 @@ func TestVaultOperations(t *testing.T) {
} }
}) })
} }
func TestListUnlockers_SkipsMissingMetadata(t *testing.T) {
// Set test environment variables
testMnemonic := "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
t.Setenv(secret.EnvMnemonic, testMnemonic)
t.Setenv(secret.EnvUnlockPassphrase, "test-passphrase")
// Use in-memory filesystem
fs := afero.NewMemMapFs()
stateDir := "/test/state"
// Create vault
vlt, err := CreateVault(fs, stateDir, "test-vault")
if err != nil {
t.Fatalf("Failed to create vault: %v", err)
}
// Create a passphrase unlocker so we have at least one valid unlocker
passphraseBuffer := memguard.NewBufferFromBytes([]byte("test-passphrase"))
defer passphraseBuffer.Destroy()
_, err = vlt.CreatePassphraseUnlocker(passphraseBuffer)
if err != nil {
t.Fatalf("Failed to create passphrase unlocker: %v", err)
}
// Create a bogus unlocker directory with no metadata file
vaultDir, err := vlt.GetDirectory()
if err != nil {
t.Fatalf("Failed to get vault directory: %v", err)
}
bogusDir := filepath.Join(vaultDir, "unlockers.d", "bogus-no-metadata")
err = fs.MkdirAll(bogusDir, 0o700)
if err != nil {
t.Fatalf("Failed to create bogus directory: %v", err)
}
// ListUnlockers should succeed, skipping the bogus directory
unlockers, err := vlt.ListUnlockers()
if err != nil {
t.Fatalf("ListUnlockers returned error when it should have skipped bad directory: %v", err)
}
// Should still have the valid passphrase unlocker
if len(unlockers) == 0 {
t.Errorf("Expected at least one unlocker, got none")
}
// Verify we only got the valid unlocker(s), not the bogus one
for _, u := range unlockers {
if u.Type == "" {
t.Errorf("Got unlocker with empty type, likely from bogus directory")
}
}
}