Skip to content

fix(config): prevent config set from persisting env-only API key to disk#76

Merged
danmrichards merged 1 commit into
mainfrom
fix/config-set-persist-env-key
Jun 23, 2026
Merged

fix(config): prevent config set from persisting env-only API key to disk#76
danmrichards merged 1 commit into
mainfrom
fix/config-set-persist-env-key

Conversation

@danmrichards

@danmrichards danmrichards commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

config.Get() merges RUNWARE_API_KEY from the environment before saving, silently writing an ephemeral key to ~/.runware/config.yaml. Switch to config.FileConfig() (file-only read) to mirror the pattern already used by config reset. Adds TestSetDoesNotPersistEnvAPIKey regression test.

Fixes RUN-10950

@danmrichards @claude
fix(config): prevent config set from persisting env-only API key to disk
f44e587 
config.Get() merges RUNWARE_API_KEY from the environment before saving,
silently writing an ephemeral key to ~/.runware/config.yaml. Switch to
config.FileConfig() (file-only read) to mirror the pattern already used
by config reset. Adds TestSetDoesNotPersistEnvAPIKey regression test.

Fixes RUN-10950

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@danmrichards danmrichards requested review from Copilot and sebd0 June 23, 2026 12:21
@coderabbitai

coderabbitai Bot commented Jun 23, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. To trigger a review, include coderabbit-review in the PR description. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 9aea505f-7e1f-4d0d-8067-a1a742e60625

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch fix/config-set-persist-env-key

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Copilot AI reviewed Jun 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR prevents runware config set from accidentally persisting an API key that was provided only via RUNWARE_API_KEY by switching the command’s read-modify-write flow to use config.FileConfig() (file-only) instead of config.Get() (merged with env).

Changes:

  • Update config set to load file-only config via config.FileConfig() and return a wrapped error on read failure.
  • Add a regression test ensuring config set does not write an env-only API key into ~/.runware/config.yaml.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
internal/cmd/config/set.go Uses file-only config for read-modify-write to avoid persisting env-only API keys.
internal/cmd/config/config_test.go Adds regression test to ensure config set doesn’t persist RUNWARE_API_KEY to disk.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@danmrichards danmrichards merged commit c5e63a1 into main Jun 23, 2026
5 checks passed
@danmrichards danmrichards deleted the fix/config-set-persist-env-key branch June 23, 2026 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@sebd0 sebd0 sebd0 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@danmrichards @sebd0