fix(set): write to lowest-priority existing config file#331
Conversation
Previously `fnox set` always wrote to `fnox.toml` regardless of which config files existed. Now it finds the lowest-priority existing config file in the current directory (e.g. writes to `fnox.local.toml` if that's the only config present, or to `fnox.toml` if both exist). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request modifies the fnox set command to write to the lowest-priority existing configuration file. While the implementation introduces a clean find_local_config helper in config.rs and is well-tested, a path traversal vulnerability has been identified. The profile name from the CLI flag is not validated, which could allow an attacker to manipulate file paths used for loading and saving configurations. It is recommended to apply the same validation logic used for the FNOX_PROFILE environment variable to the CLI flag to address this security concern.
Greptile SummaryThis PR fixes Key behavioral changes:
All issues raised in prior review rounds have been addressed: the hardcoded sentinel string is replaced with a shared constant, redundant re-checks of profile-specific files in the fallback are eliminated, and profile secrets are no longer silently routed to Confidence Score: 4/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["fnox set KEY val"] --> B{is --global?}
B -- yes --> C[Write to global config path]
B -- no --> D{cli.config == DEFAULT_CONFIG_FILENAME?}
D -- no --> E["Write to current_dir.join(cli.config)"]
D -- yes --> F["find_local_config(current_dir, profile)"]
F --> G{Non-default profile?}
G -- yes --> H{fnox.PROFILE.toml or .fnox.PROFILE.toml exists?}
H -- yes --> I[Return profile-specific file]
H -- no --> J
G -- no --> J{fnox.toml or .fnox.toml exists?}
J -- yes --> K[Return base file - lowest priority]
J -- no --> L{is_profiled?}
L -- yes --> M[Return fnox.toml - new file]
L -- no --> N{fnox.local.toml or .fnox.local.toml exists?}
N -- yes --> O[Return local file]
N -- no --> M
Last reviewed commit: bc2d3ec |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
- When --config is explicitly set to a non-default path, use it directly instead of find_local_config (fixes set_no_provider tests) - Fix misleading doc comment on all_config_filenames: dotfiles come second in the list (higher priority), not first - Add test for profile + base file coexistence Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Only use auto-detection when --config equals the clap default "fnox.toml". Any other value (including other standard filenames like fnox.local.toml) is treated as an explicit user choice and respected. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When --profile staging is used and fnox.staging.toml exists, write to it instead of fnox.toml. This keeps secrets scoped to the correct profile rather than leaking them into the base config. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…test - Extract shared DEFAULT_CONFIG_FILENAME constant used by Cli default, set.rs detection, and find_local_config fallback - Avoid redundant stat calls for profile files in find_local_config fallback by passing None to all_config_filenames - Add bats integration test for --profile staging writing to fnox.staging.toml Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a non-default profile is active and no profile-specific config file exists, the fallback now excludes fnox.local.toml to avoid silently routing profile-scoped secrets into a gitignored file. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
### 🚀 Features - **(cloudflare)** add Cloudflare API token lease backend by [@jdx](https://github.com/jdx) in [#335](#335) - **(fido2)** bump demand to v2, mask PIN during typing by [@jdx](https://github.com/jdx) in [#334](#334) - **(init)** add -f as short alias for --force by [@jdx](https://github.com/jdx) in [#329](#329) - **(lease)** add --all flag, default to creating all leases by [@jdx](https://github.com/jdx) in [#337](#337) - **(lease)** add GitHub App installation token lease backend by [@jdx](https://github.com/jdx) in [#342](#342) ### 🐛 Bug Fixes - **(config)** fix directory locations to follow XDG spec by [@jdx](https://github.com/jdx) in [#336](#336) - **(exec)** use unix exec and exit silently on subprocess failure by [@jdx](https://github.com/jdx) in [#339](#339) - **(fido2)** remove duplicate touch prompt by [@jdx](https://github.com/jdx) in [#332](#332) - **(set)** write to lowest-priority existing config file by [@jdx](https://github.com/jdx) in [#331](#331) - **(tui)** skip providers requiring interactive auth by [@jdx](https://github.com/jdx) in [#333](#333) ### 🛡️ Security - **(ci)** retry lint step to handle transient pkl fetch failures by [@jdx](https://github.com/jdx) in [#341](#341) - **(mcp)** add MCP server for secret-gated AI agent access by [@jdx](https://github.com/jdx) in [#343](#343) - add guide for fnox sync by [@jdx](https://github.com/jdx) in [#328](#328) ### 🔍 Other Changes - share Rust cache across CI jobs by [@jdx](https://github.com/jdx) in [#340](#340)
Summary
fnox setnow writes to the lowest-priority existing config file in the current directory instead of always targetingfnox.tomlfnox.local.tomlexists, secrets are written there instead of creating a newfnox.tomlfnox.tomlandfnox.local.tomlexist, writes tofnox.toml(lowest priority)fnox.tomlif no config files exist yetfind_local_config()helper inconfig.rsfor reuse by other commandsTest plan
find_local_configcovering: no files, only fnox.toml, only fnox.local.toml, both exist, dotfile, profile-specificfnox setwrite target behaviorconfig_hierarchy_setbats tests still pass🤖 Generated with Claude Code
Note
Medium Risk
Changes where secrets are persisted on disk, which can surprise users and affect repo state (creating/modifying different config files), but the logic is localized and covered by new unit/integration tests.
Overview
Updates
fnox setto write into the most appropriate existing config file in the current directory: it now prefers an existing profile-specific file (e.g.fnox.staging.toml) when a non-default profile is active, otherwise chooses the lowest-priority existing base file (e.g.fnox.tomloverfnox.local.toml), falling back to creatingfnox.tomlwhen nothing exists.Introduces
config::DEFAULT_CONFIG_FILENAMEand a reusableconfig::find_local_config()helper, and adds unit + Bats integration tests to lock in the new write-target behavior.Written by Cursor Bugbot for commit bc2d3ec. This will update automatically on new commits. Configure here.