feat(config): split API keys into a sidecar secrets.toml

[tharropoulos]

• write API keys to a sidecar secrets.toml next to config.toml on every save, so the main config can be committed to dotfiles
• merge secrets.toml API keys back into the loaded Config on load
• migrate inline api_key values from an existing config.toml into a freshly written secrets.toml on first load
• mark ClusterConfig.APIKey as omitempty so the rewritten config.toml does not leave behind empty api_key = "" lines
• document the sidecar layout, the migration behavior, and the .gitignore recommendation in the README

depends on: #5

[Copilot]

Pull request overview

This PR updates clisense’s configuration model so API keys are no longer stored in the main config.toml, but instead are split into a sidecar secrets.toml (with load-time merge + one-time migration of inline keys). It also updates the TUI to better support multi-cluster workflows (setup form cluster selection + global cluster picker overlay) and makes tab ordering configurable via tabs.order.

Changes:

• Split API keys into secrets.toml on save; merge them back into Config on load; migrate inline api_key values into secrets.toml on first load.
• Add a global cluster picker (c) rendered as an overlay, and update setup to allow choosing/creating a cluster.
• Add configurable tab ordering via tabs.order, with validation and updated tab activation/routing.

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
README.md	Documents TOML config layout, cluster picker keys, and the new secrets.toml sidecar + migration behavior.
main.go	Enters setup when the loaded config is present but incomplete (NeedsSetup).
internal/tui/screens/setup.go	Extends setup flow to include cluster selection/creation and cycling through existing clusters.
internal/tui/overlay.go	Introduces helpers to render a centered overlay on top of existing screen content.
internal/tui/app.go	Adds cluster picker state/handlers, routes by tab IDs, supports configurable tab order, and overlays picker UI.
internal/tui/app_test.go	Adds coverage for tab order, settings save, cluster switching, overlay behavior, and Ctrl+C quit in setup.
internal/config/config.go	Switches config persistence to TOML, adds tabs validation, implements secrets sidecar split/merge + migration and legacy YAML fallback.
internal/config/config_test.go	Updates/expands tests for TOML paths, legacy YAML fallback, tabs validation, secrets sidecar split/merge, and migration.
go.mod	Adds TOML dependency requirement.
go.sum	Adds TOML dependency checksums.

Comments suppressed due to low confidence (1)

internal/tui/app.go:253

• Esc in Settings is documented to "return to Collections", but this handler always activates tab index 0. With a configurable tabs.order, index 0 may not be Collections (and if Settings is first, Esc becomes a no-op). Consider activating the "collections" tab by ID when present, and fall back to index 0 otherwise.

		// Settings is a form, so keep Tab/digits/q available for the inputs.
		// Esc returns to Collections.
		if a.activeTabID() == "settings" {
			switch m.String() {
			case "esc":
				return a, a.activateTab(0)
			}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.