sneak/secret
1
0
Fork 1
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: sneak:c0f221b1ca2e4cfab0726e100e6f303557d954b1
Branches Tags
sneak:main
sneak:ci/make-check
sneak:chore/remove-stale-files
sneak:fix-memory-security
..
compare: sneak:412514bc9047613d99ba7972591f74700a270375
Branches Tags
sneak:ci/make-check
sneak:chore/remove-stale-files
sneak:main
sneak:fix-memory-security

2 Commits
c0f221b1ca ... 412514bc90

Author SHA1 Message Date
clawbot
412514bc90 fix: suppress gosec G204 for validated GPG key ID inputs 2026-02-19 23:43:48 -08:00
clawbot
0c2f5d7bc9 Skip unlocker directories with missing metadata instead of failing 
When an unlocker directory exists but is missing unlocker-metadata.json,
log a debug warning and skip it instead of returning a hard error that
crashes the entire 'unlocker ls' command.

Closes #1
 2026-02-15 14:04:37 -08:00
17 changed files with 52 additions and 256 deletions
Show Stats Expand all files Collapse all files

14
AGENTS.md
View File

@ -141,17 +141,3 @@ Version: 2025-06-08
- Local application imports
Each group should be separated by a blank line.
## Go-Specific Guidelines
1. **No `panic`, `log.Fatal`, or `os.Exit` in library code.** Always propagate errors via return values.
2. **Constructors return `(*T, error)`, not just `*T`.** Callers must handle errors, not crash.
3. **Wrap errors** with `fmt.Errorf("context: %w", err)` for debuggability.
4. **Never modify linter config** (`.golangci.yml`) to suppress findings. Fix the code.
5. **All PRs must pass `make check` with zero failures.** No exceptions, no "pre-existing issue" excuses.
6. **Pin external dependencies by commit hash**, not mutable tags.

18
internal/cli/cli.go
View File

@ -17,30 +17,24 @@ type Instance struct {
}
// NewCLIInstance creates a new CLI instance with the real filesystem
func NewCLIInstance() (*Instance, error) {
func NewCLIInstance() *Instance {
fs := afero.NewOsFs()
stateDir, err := secret.DetermineStateDir("")
if err != nil {
return nil, fmt.Errorf("cannot determine state directory: %w", err)
}
stateDir := secret.DetermineStateDir("")
return &Instance{
fs: fs,
stateDir: stateDir,
}, nil
}
}
// NewCLIInstanceWithFs creates a new CLI instance with the given filesystem (for testing)
func NewCLIInstanceWithFs(fs afero.Fs) (*Instance, error) {
stateDir, err := secret.DetermineStateDir("")
if err != nil {
return nil, fmt.Errorf("cannot determine state directory: %w", err)
}
func NewCLIInstanceWithFs(fs afero.Fs) *Instance {
stateDir := secret.DetermineStateDir("")
return &Instance{
fs: fs,
stateDir: stateDir,
}, nil
}
}
// NewCLIInstanceWithStateDir creates a new CLI instance with custom state directory (for testing)

15
internal/cli/cli_test.go
View File

@ -25,10 +25,7 @@ func TestCLIInstanceStateDir(t *testing.T) {
func TestCLIInstanceWithFs(t *testing.T) {
// Test creating CLI instance with custom filesystem
fs := afero.NewMemMapFs()
cli, err := NewCLIInstanceWithFs(fs)
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstanceWithFs(fs)
// The state directory should be determined automatically
stateDir := cli.GetStateDir()
@ -44,10 +41,7 @@ func TestDetermineStateDir(t *testing.T) {
testEnvDir := "/test-env-dir"
t.Setenv(secret.EnvStateDir, testEnvDir)
stateDir, err := secret.DetermineStateDir("")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
stateDir := secret.DetermineStateDir("")
if stateDir != testEnvDir {
t.Errorf("Expected state directory %q from environment, got %q", testEnvDir, stateDir)
}
@ -55,10 +49,7 @@ func TestDetermineStateDir(t *testing.T) {
// Test with custom config dir
_ = os.Unsetenv(secret.EnvStateDir)
customConfigDir := "/custom-config"
stateDir, err = secret.DetermineStateDir(customConfigDir)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
stateDir = secret.DetermineStateDir(customConfigDir)
expectedDir := filepath.Join(customConfigDir, secret.AppID)
if stateDir != expectedDir {
t.Errorf("Expected state directory %q with custom config, got %q", expectedDir, stateDir)

10
internal/cli/crypto.go
View File

@ -22,10 +22,7 @@ func newEncryptCmd() *cobra.Command {
inputFile, _ := cmd.Flags().GetString("input")
outputFile, _ := cmd.Flags().GetString("output")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
cli.cmd = cmd
return cli.Encrypt(args[0], inputFile, outputFile)
@ -48,10 +45,7 @@ func newDecryptCmd() *cobra.Command {
inputFile, _ := cmd.Flags().GetString("input")
outputFile, _ := cmd.Flags().GetString("output")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
cli.cmd = cmd
return cli.Decrypt(args[0], inputFile, outputFile)

10
internal/cli/generate.go
View File

@ -38,10 +38,7 @@ func newGenerateMnemonicCmd() *cobra.Command {
`mnemonic phrase that can be used with 'secret init' ` +
`or 'secret import'.`,
RunE: func(cmd *cobra.Command, _ []string) error {
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.GenerateMnemonic(cmd)
},
@ -59,10 +56,7 @@ func newGenerateSecretCmd() *cobra.Command {
secretType, _ := cmd.Flags().GetString("type")
force, _ := cmd.Flags().GetBool("force")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.GenerateSecret(cmd, args[0], length, secretType, force)
},

6
internal/cli/info.go
View File

@ -1,7 +1,6 @@
package cli
import (
"log"
"encoding/json"
"fmt"
"io"
@ -41,10 +40,7 @@ type InfoOutput struct {
// newInfoCmd returns the info command
func newInfoCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
var jsonOutput bool

6
internal/cli/init.go
View File

@ -1,7 +1,6 @@
package cli
import (
"log"
"fmt"
"log/slog"
"os"
@ -28,10 +27,7 @@ func NewInitCmd() *cobra.Command {
// RunInit is the exported function that handles the init command
func RunInit(cmd *cobra.Command, _ []string) error {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
return cli.Init(cmd)
}

46
internal/cli/secrets.go
View File

@ -1,7 +1,6 @@
package cli
import (
"log"
"encoding/json"
"fmt"
"io"
@ -45,10 +44,7 @@ func newAddCmd() *cobra.Command {
force, _ := cmd.Flags().GetBool("force")
secret.Debug("Got force flag", "force", force)
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
cli.cmd = cmd // Set the command for stdin access
secret.Debug("Created CLI instance, calling AddSecret")
@ -62,10 +58,7 @@ func newAddCmd() *cobra.Command {
}
func newGetCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cmd := &cobra.Command{
Use: "get <secret-name>",
Short: "Retrieve a secret from the vault",
@ -73,10 +66,7 @@ func newGetCmd() *cobra.Command {
ValidArgsFunction: getSecretNamesCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error {
version, _ := cmd.Flags().GetString("version")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.GetSecretWithVersion(cmd, args[0], version)
},
@ -103,10 +93,7 @@ func newListCmd() *cobra.Command {
filter = args[0]
}
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.ListSecrets(cmd, jsonOutput, quietOutput, filter)
},
@ -128,10 +115,7 @@ func newImportCmd() *cobra.Command {
sourceFile, _ := cmd.Flags().GetString("source")
force, _ := cmd.Flags().GetBool("force")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.ImportSecret(cmd, args[0], sourceFile, force)
},
@ -145,10 +129,7 @@ func newImportCmd() *cobra.Command {
}
func newRemoveCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cmd := &cobra.Command{
Use: "remove <secret-name>",
Aliases: []string{"rm"},
@ -158,10 +139,7 @@ func newRemoveCmd() *cobra.Command {
Args: cobra.ExactArgs(1),
ValidArgsFunction: getSecretNamesCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error {
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.RemoveSecret(cmd, args[0], false)
},
@ -171,10 +149,7 @@ func newRemoveCmd() *cobra.Command {
}
func newMoveCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cmd := &cobra.Command{
Use: "move <source> <destination>",
Aliases: []string{"mv", "rename"},
@ -197,10 +172,7 @@ The source secret is deleted after successful copy.`,
},
RunE: func(cmd *cobra.Command, args []string) error {
force, _ := cmd.Flags().GetBool("force")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.MoveSecret(cmd, args[0], args[1], force)
},

20
internal/cli/secrets_size_test.go
View File

@ -113,10 +113,7 @@ func TestAddSecretVariousSizes(t *testing.T) {
cmd.SetIn(stdin)
// Create CLI instance
cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cli.fs = fs
cli.stateDir = stateDir
cli.cmd = cmd
@ -233,10 +230,7 @@ func TestImportSecretVariousSizes(t *testing.T) {
cmd := &cobra.Command{}
// Create CLI instance
cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cli.fs = fs
cli.stateDir = stateDir
@ -324,10 +318,7 @@ func TestAddSecretBufferGrowth(t *testing.T) {
cmd.SetIn(stdin)
// Create CLI instance
cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cli.fs = fs
cli.stateDir = stateDir
cli.cmd = cmd
@ -386,10 +377,7 @@ func TestAddSecretStreamingBehavior(t *testing.T) {
cmd.SetIn(slowReader)
// Create CLI instance
cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cli.fs = fs
cli.stateDir = stateDir
cli.cmd = cmd

31
internal/cli/unlockers.go
View File

@ -1,7 +1,6 @@
package cli
import (
"log"
"encoding/json"
"fmt"
"os"
@ -97,10 +96,7 @@ func newUnlockerListCmd() *cobra.Command {
RunE: func(cmd *cobra.Command, _ []string) error {
jsonOutput, _ := cmd.Flags().GetBool("json")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
cli.cmd = cmd
return cli.UnlockersList(jsonOutput)
@ -157,10 +153,7 @@ to access the same vault. This provides flexibility and backup access options.`,
Args: cobra.ExactArgs(1),
ValidArgs: strings.Split(supportedTypes, ", "),
RunE: func(cmd *cobra.Command, args []string) error {
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
unlockerType := args[0]
// Validate unlocker type
@ -193,10 +186,7 @@ to access the same vault. This provides flexibility and backup access options.`,
}
func newUnlockerRemoveCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cmd := &cobra.Command{
Use: "remove <unlocker-id>",
Aliases: []string{"rm"},
@ -208,10 +198,7 @@ func newUnlockerRemoveCmd() *cobra.Command {
ValidArgsFunction: getUnlockerIDsCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error {
force, _ := cmd.Flags().GetBool("force")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.UnlockersRemove(args[0], force, cmd)
},
@ -223,10 +210,7 @@ func newUnlockerRemoveCmd() *cobra.Command {
}
func newUnlockerSelectCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
return &cobra.Command{
Use: "select <unlocker-id>",
@ -234,10 +218,7 @@ func newUnlockerSelectCmd() *cobra.Command {
Args: cobra.ExactArgs(1),
ValidArgsFunction: getUnlockerIDsCompletionFunc(cli.fs, cli.stateDir),
RunE: func(_ *cobra.Command, args []string) error {
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.UnlockerSelect(args[0])
},

41
internal/cli/vault.go
View File

@ -1,7 +1,6 @@
package cli
import (
"log"
"encoding/json"
"fmt"
"os"
@ -42,10 +41,7 @@ func newVaultListCmd() *cobra.Command {
RunE: func(cmd *cobra.Command, _ []string) error {
jsonOutput, _ := cmd.Flags().GetBool("json")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.ListVaults(cmd, jsonOutput)
},
@ -62,10 +58,7 @@ func newVaultCreateCmd() *cobra.Command {
Short: "Create a new vault",
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.CreateVault(cmd, args[0])
},
@ -73,10 +66,7 @@ func newVaultCreateCmd() *cobra.Command {
}
func newVaultSelectCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
return &cobra.Command{
Use: "select <name>",
@ -84,10 +74,7 @@ func newVaultSelectCmd() *cobra.Command {
Args: cobra.ExactArgs(1),
ValidArgsFunction: getVaultNamesCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error {
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.SelectVault(cmd, args[0])
},
@ -95,10 +82,7 @@ func newVaultSelectCmd() *cobra.Command {
}
func newVaultImportCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
return &cobra.Command{
Use: "import <vault-name>",
@ -112,10 +96,7 @@ func newVaultImportCmd() *cobra.Command {
vaultName = args[0]
}
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.VaultImport(cmd, vaultName)
},
@ -123,10 +104,7 @@ func newVaultImportCmd() *cobra.Command {
}
func newVaultRemoveCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cmd := &cobra.Command{
Use: "remove <name>",
Aliases: []string{"rm"},
@ -137,10 +115,7 @@ func newVaultRemoveCmd() *cobra.Command {
ValidArgsFunction: getVaultNamesCompletionFunc(cli.fs, cli.stateDir),
RunE: func(cmd *cobra.Command, args []string) error {
force, _ := cmd.Flags().GetBool("force")
cli, err := NewCLIInstance()
if err != nil {
return fmt.Errorf("failed to initialize CLI: %w", err)
}
cli := NewCLIInstance()
return cli.RemoveVault(cmd, args[0], force)
},

6
internal/cli/version.go
View File

@ -1,7 +1,6 @@
package cli
import (
"log"
"fmt"
"path/filepath"
"strings"
@ -19,10 +18,7 @@ const (
// newVersionCmd returns the version management command
func newVersionCmd() *cobra.Command {
cli, err := NewCLIInstance()
if err != nil {
log.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
return VersionCommands(cli)
}

5
internal/cli/version_test.go
View File

@ -266,10 +266,7 @@ func TestGetSecretWithVersion(t *testing.T) {
func TestVersionCommandStructure(t *testing.T) {
// Test that version commands are properly structured
cli, err := NewCLIInstance()
if err != nil {
t.Fatalf("failed to initialize CLI: %v", err)
}
cli := NewCLIInstance()
cmd := VersionCommands(cli)
assert.Equal(t, "version", cmd.Use)

10
internal/secret/debug.go
View File

@ -58,16 +58,6 @@ func IsDebugEnabled() bool {
return debugEnabled
}
// Warn logs a warning message to stderr unconditionally (visible without --verbose or debug flags)
func Warn(msg string, args ...any) {
output := fmt.Sprintf("WARNING: %s", msg)
for i := 0; i+1 < len(args); i += 2 {
output += fmt.Sprintf(" %s=%v", args[i], args[i+1])
}
output += "\n"
fmt.Fprint(os.Stderr, output)
}
// Debug logs a debug message with optional attributes
func Debug(msg string, args ...any) {
if !debugEnabled {

20
internal/secret/helpers.go
View File

@ -28,17 +28,16 @@ func generateRandomString(length int, charset string) (string, error) {
return string(result), nil
}
// DetermineStateDir determines the state directory based on environment variables and OS.
// It returns an error if no usable directory can be determined.
func DetermineStateDir(customConfigDir string) (string, error) {
// DetermineStateDir determines the state directory based on environment variables and OS
func DetermineStateDir(customConfigDir string) string {
// Check for environment variable first
if envStateDir := os.Getenv(EnvStateDir); envStateDir != "" {
return envStateDir, nil
return envStateDir
}
// Use custom config dir if provided
if customConfigDir != "" {
return filepath.Join(customConfigDir, AppID), nil
return filepath.Join(customConfigDir, AppID)
}
// Use os.UserConfigDir() which handles platform-specific directories:
@ -48,13 +47,10 @@ func DetermineStateDir(customConfigDir string) (string, error) {
configDir, err := os.UserConfigDir()
if err != nil {
// Fallback to a reasonable default if we can't determine user config dir
homeDir, homeErr := os.UserHomeDir()
if homeErr != nil {
return "", fmt.Errorf("unable to determine state directory: config dir: %w, home dir: %w", err, homeErr)
homeDir, _ := os.UserHomeDir()
return filepath.Join(homeDir, ".config", AppID)
}
return filepath.Join(homeDir, ".config", AppID), nil
}
return filepath.Join(configDir, AppID), nil
return filepath.Join(configDir, AppID)
}

50
internal/secret/helpers_test.go
View File

@ -1,50 +0,0 @@
package secret
import (
"testing"
)
func TestDetermineStateDir_ErrorsWhenHomeDirUnavailable(t *testing.T) {
// Clear all env vars that could provide a home/config directory.
// On Darwin, os.UserHomeDir may still succeed via the password
// database, so we also test via an explicit empty-customConfigDir
// path to exercise the fallback branch.
t.Setenv(EnvStateDir, "")
t.Setenv("HOME", "")
t.Setenv("XDG_CONFIG_HOME", "")
result, err := DetermineStateDir("")
// On systems where both lookups fail, we must get an error.
// On systems where the OS provides a fallback (e.g. macOS pw db),
// result should still be valid (non-empty, not root-relative).
if err != nil {
// Good — the error case is handled.
return
}
if result == "/.config/"+AppID || result == "" {
t.Errorf("DetermineStateDir returned dangerous/empty path %q without error", result)
}
}
func TestDetermineStateDir_UsesEnvVar(t *testing.T) {
t.Setenv(EnvStateDir, "/custom/state")
result, err := DetermineStateDir("")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if result != "/custom/state" {
t.Errorf("expected /custom/state, got %q", result)
}
}
func TestDetermineStateDir_UsesCustomConfigDir(t *testing.T) {
t.Setenv(EnvStateDir, "")
result, err := DetermineStateDir("/my/config")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
expected := "/my/config/" + AppID
if result != expected {
t.Errorf("expected %q, got %q", expected, result)
}
}

2
internal/vault/unlockers.go
View File

@ -213,7 +213,7 @@ func (v *Vault) ListUnlockers() ([]UnlockerMetadata, error) {
return nil, fmt.Errorf("failed to check if metadata exists for unlocker %s: %w", file.Name(), err)
}
if !exists {
secret.Warn("Skipping unlocker directory with missing metadata file", "directory", file.Name())
secret.Debug("Skipping unlocker directory with missing metadata file", "directory", file.Name())
continue
}