feat(secrets): version-adaptive .env editor in the application editor#1409
feat(secrets): version-adaptive .env editor in the application editor#1409dawsontoth wants to merge 2 commits into
Conversation
Secret-bearing .env files (duck-typed by basename, at any depth; template files like .env.example keep the plain text editor) now open in a managed secrets panel instead of raw Monaco, so values aren't flashed on screen or clobbered by accident. The panel adapts to the connected Harper by the shape of the get_component_file response, not a version gate: - Plaintext (pre-5.2): keys/values parsed client-side with a per-row click-to-reveal; add/edit/delete rewrite the file through the existing set_component_file, merge-preserving via a browser-safe port of core's utility/envFile.ts (dotenv-16 semantics, Harper's test suite ported). An "Edit as text" escape hatch keeps the raw editor available. - Protected (>= 5.2, harper#1527): key names only, nothing revealable, no raw editing (saving the masked rendering would destroy the real values); writes go through the new set_env_value / delete_env_value operations. Includes the shared SecretsManager / SecretModals components (masked table, click-to-reveal, add/edit dialogs) that the stacked cluster-secrets PR also builds on, with a fix for a latent react-hook-form subscription bug (a pasted value left Save permanently disabled because isValid was never read while the form was pristine). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a dedicated secrets editor for .env files, providing a safer interface for managing environment variables by masking values and supporting key-level operations for protected files. The implementation includes a new EnvEditorView component, shared secret management modals, and robust utility functions for parsing and serializing .env files. The review feedback identified several improvements: using undefined instead of false for conditional hook arguments, improving the robustness of file path slicing, ensuring the EditSecretModal resets correctly via a unique key prop, and refining the regex used for quote stripping to avoid unintended multiline replacements.
…leak across secrets Review feedback on #1409: makes the modal's reset invariant explicit instead of relying on the dialog being modal (row clicks blocked while open). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Base of a stacked pair (the cluster-secrets slice sits on top in #1402). Everything this PR needs is already released in Harper:
.envmasking + key-level ops merged in HarperFast/harper#1527, and pre-5.2 versions work through the existing whole-file operations — so this can ship independently and quickly.What
Secret-bearing
.envfiles (duck-typed by basename at any depth, case-insensitive —.env,.env.local,.ENV.production; templates like.env.example/.sample/.templatekeep the plain text editor, matching core's exemptions) now open in a managed secrets panel instead of raw Monaco, so values aren't flashed on screen or clobbered by accident.The panel adapts to the connected Harper by the shape of the
get_component_fileresponse, not a version check:set_component_file— merge-preserving (comments, formatting, untouched keys stay byte-for-byte). An "Edit as text" escape hatch keeps raw Monaco available.protected: true+ masked message): key names only, nothing revealable, no raw editing (saving the masked rendering would destroy the real values — a footgun the plain editor would have had on 5.2); writes go through the key-levelset_env_value/delete_env_valueoperations, whose responses update the key list without a refetch.Pieces
lib/env/envFile.ts— browser-safe port of core'sutility/envFile.ts(dotenv-16 parse semantics, quote-aware merge-preserving upsert/remove), with core's test suite ported, so plaintext-mode edits produce exactly the file 5.2's server-side ops would.integrations/api/instance/applications/envValues.ts—set_env_value/delete_env_valuehooks;get_component_file's response type gains theprotected/keysfields.features/instance/applications/components/EnvEditorView/— the panel + dispatch fromContentViewer;.envfiles get a key icon in the sidebar.features/instance/secrets/— sharedSecretsManager/SecretModals(masked table, click-to-reveal, add/edit dialogs with injected copy/persistence). The stacked cluster-secrets PR reuses these. Includes a fix for a latent react-hook-form subscription bug: a pasted value left Save permanently disabled becauseisValidwas never read while the form was pristine.Verification
tsc,oxlint,dprintclean; full suite green (1079 tests, 43 new: core's portedenvFilesuite +EnvEditorViewcomponent tests asserting the exact operation payloads in both modes)..envin an application): masked table, reveal/hide toggle, edit dialog revealing the current value only on demand (Save stays disabled until an actual change), raw-editor round-trip.🤖 Generated with Claude Code