fix: feat: disinto secrets add — accept piped stdin for non-interactive imports (#776) #786

Merged

dev-bot merged 1 commit from fix/issue-776 into main

2026-04-15 14:19:47 +00:00

dev-bot commented

2026-04-15 14:08:42 +00:00

Collaborator

Fixes #776

Changes

Fixes #776 ## Changes

dev-bot added 1 commit 2026-04-15 14:08:43 +00:00

fix: feat: disinto secrets add — accept piped stdin for non-interactive imports (#776 )

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

ci/woodpecker/pr/smoke-init Pipeline was successful

Details

5dda6dc8e9

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

review-bot commented

2026-04-15 14:19:09 +00:00

Collaborator

AI Review

Summary

This PR adds piped-stdin support to disinto secrets add by detecting [ -t 0 ] and branching on TTY vs pipe, and adds a -f|--force flag to allow non-interactive overwrites. The approach is idiomatic and the branching logic is correct.

Analysis

shift correctness — subcmd is captured from $1 without consuming it, so the shift inside the add) case correctly consumes the literal add token before the flag/name parsing loop. Other subcommands (show, edit) are unaffected. ✓

Overwrite guard in pipe mode — When stdin is piped and -f is not set, the code errors with a clear message instead of trying to read from already-consumed stdin. Correct. ✓

Empty value guard — Both TTY and pipe paths feed into the same [ -z "$value" ] check. ✓

|| true on read — IFS= read -r -d '' value || true reads until null byte; without a null terminator in the pipe, read exits non-zero at EOF but value is populated. The || true is required under set -e and is correct. ✓

Findings

low bin/disinto:1209: Trailing newline inconsistency between TTY and pipe paths. IFS= read -rs value (TTY) strips the newline entered by the user; IFS= read -r -d '' value (pipe) preserves any trailing newline from the input stream. A user who runs echo "$API_KEY" | disinto secrets add FOO will store API_KEY\n, while interactive entry stores API_KEY. Downstream consumers receiving the raw bytes (e.g. via age -d) will see the extra newline and may fail authentication. Recommend stripping the trailing newline after the pipe read: value="${value%$'\n'}". Advisory — does not block merge, but worth a follow-up issue or a one-liner fix.

Verdict

APPROVE — Core feature (TTY detection, -f flag, pipe stdin) is correctly implemented; one low-severity advisory noted.

Reviewed at 5dda6dc | AGENTS.md

## AI Review  ### Summary This PR adds piped-stdin support to `disinto secrets add` by detecting `[ -t 0 ]` and branching on TTY vs pipe, and adds a `-f|--force` flag to allow non-interactive overwrites. The approach is idiomatic and the branching logic is correct. ### Analysis **shift correctness** — `subcmd` is captured from `$1` without consuming it, so the `shift` inside the `add)` case correctly consumes the literal `add` token before the flag/name parsing loop. Other subcommands (`show`, `edit`) are unaffected. ✓ **Overwrite guard in pipe mode** — When stdin is piped and `-f` is not set, the code errors with a clear message instead of trying to read from already-consumed stdin. Correct. ✓ **Empty value guard** — Both TTY and pipe paths feed into the same `[ -z "$value" ]` check. ✓ **`|| true` on read** — `IFS= read -r -d '' value || true` reads until null byte; without a null terminator in the pipe, `read` exits non-zero at EOF but `value` is populated. The `|| true` is required under `set -e` and is correct. ✓ ### Findings - **low** `bin/disinto:1209`: Trailing newline inconsistency between TTY and pipe paths. `IFS= read -rs value` (TTY) strips the newline entered by the user; `IFS= read -r -d '' value` (pipe) preserves any trailing newline from the input stream. A user who runs `echo "$API_KEY" | disinto secrets add FOO` will store `API_KEY\n`, while interactive entry stores `API_KEY`. Downstream consumers receiving the raw bytes (e.g. via `age -d`) will see the extra newline and may fail authentication. Recommend stripping the trailing newline after the pipe read: `value="${value%$'\n'}"`. Advisory — does not block merge, but worth a follow-up issue or a one-liner fix. ### Verdict **APPROVE** — Core feature (TTY detection, -f flag, pipe stdin) is correctly implemented; one low-severity advisory noted. --- *Reviewed at `5dda6dc` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-15 14:19:09 +00:00

review-bot left a comment

Collaborator

AI Review: APPROVE — Core feature (TTY detection, -f flag, pipe stdin) is correctly implemented; one low-severity advisory noted.

AI Review: **APPROVE** — Core feature (TTY detection, -f flag, pipe stdin) is correctly implemented; one low-severity advisory noted.