Skip to content

fix(cli): secrets set tolerates a malformed config.toml (Go parity)#5796

Draft
Coly010 wants to merge 4 commits into
developfrom
columferry/cli-1867-secrets-set-tolerate-malformed-configtoml-instead-of
Draft

fix(cli): secrets set tolerates a malformed config.toml (Go parity)#5796
Coly010 wants to merge 4 commits into
developfrom
columferry/cli-1867-secrets-set-tolerate-malformed-configtoml-instead-of

Conversation

@Coly010

@Coly010 Coly010 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Current Behavior

Go's secrets set (internal/secrets/set/set.go:20-24) swallows a malformed supabase/config.toml parse error to the debug logger and proceeds with empty EdgeRuntime.Secrets — env-file and positional-arg secrets still apply. secrets set has no --linked/--local/--db-url flag, so the root PreRun never loads the config first either; this is the only load. The TS port instead let the parse error propagate as a fatal LegacySecretsConfigParseError, aborting the whole command even when the user only wanted to set a secret via CLI arg or env-file.

Expected Behavior

  • Catches ProjectConfigParseError, logs it to the debug logger, and continues with no config-declared secrets, matching Go.
  • The logged message is truncated before any blank-line-separated source snippet: smol-toml's TomlError (and some schema-decode errors) embed a codeblock of the surrounding file lines in their message, which for this file's [edge_runtime.secrets] section can include literal secret values. Go's equivalent log line (DecodeError.Error()) is a short, content-free message — its verbose .String() with the snippet is never called by set.go. Truncating avoids echoing a user's own secret value into --debug output next to an unrelated syntax error.
  • Deletes the now-unused LegacySecretsConfigParseError (no remaining references).
  • Threads LegacyDebugLogger into the shared legacyManagementApiRuntimeLayer (used by many legacy commands) since the layer was already building the same instance internally for cliConfig/httpClient/credentials but never exposed it at the top level — the file's own doc comment describes this as the sanctioned way to add a new commonly-needed top-level service.

Fixes CLI-1867

## Current Behavior

Go's `secrets set` (`internal/secrets/set/set.go:20-24`) swallows a
malformed `supabase/config.toml` parse error to the debug logger and
proceeds with empty `EdgeRuntime.Secrets` — env-file and positional-arg
secrets still apply. `secrets set` has no `--linked`/`--local`/`--db-url`
flag, so the root PreRun never loads the config first either; this is
the only load. The TS port instead let the parse error propagate as a
fatal `LegacySecretsConfigParseError`, aborting the whole command even
when the user only wanted to set a secret via CLI arg or env-file.

## Expected Behavior

- Catches `ProjectConfigParseError`, logs it to the debug logger, and
  continues with no config-declared secrets, matching Go.
- The logged message is truncated before any blank-line-separated
  source snippet: `smol-toml`'s `TomlError` (and some schema-decode
  errors) embed a codeblock of the surrounding file lines in their
  message, which for this file's `[edge_runtime.secrets]` section can
  include literal secret values. Go's equivalent log line
  (`DecodeError.Error()`) is a short, content-free message — its
  verbose `.String()` with the snippet is never called by `set.go`.
  Truncating avoids echoing a user's own secret value into `--debug`
  output next to an unrelated syntax error.
- Deletes the now-unused `LegacySecretsConfigParseError` (no remaining
  references).
- Threads `LegacyDebugLogger` into the shared
  `legacyManagementApiRuntimeLayer` (used by many legacy commands)
  since the layer was already building the same instance internally
  for `cliConfig`/`httpClient`/`credentials` but never exposed it at
  the top level — the file's own doc comment describes this as the
  sanctioned way to add a new commonly-needed top-level service.

Fixes CLI-1867
@Coly010

Coly010 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 923815ff72

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/cli/src/legacy/commands/secrets/set/set.handler.ts Outdated
…ors (review: #5796)

Go's viper+mapstructure decode (pkg/config/config.go:749) mutates the
target struct field-by-field, so a type error on an unrelated key (e.g.
analytics.port) doesn't stop EdgeRuntime.Secrets from landing on
utils.Config — confirmed empirically against pkg/config. Effect
Schema.decodeUnknownSync is all-or-nothing, so `secrets set` was
silently discarding a valid [edge_runtime.secrets] section whenever
any other field in config.toml failed schema decode.

ProjectConfigParseError now carries the pre-decode document when the
failure is a schema-decode error (not a raw parse error) so secrets
set can re-decode just the edge_runtime subtree against the full
schema and recover its secrets, without loosening decode semantics
for other @supabase/config callers. A genuine parse failure still has
no recoverable structure in either implementation.
@Coly010

Coly010 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@codex review

1 similar comment
@Coly010

Coly010 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 19dc72c044

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/cli/src/legacy/commands/secrets/set/set.handler.ts Outdated
Coly010 added 2 commits July 6, 2026 19:00
… (review: #5796)

Re-decoding the whole edge_runtime subtree still failed recovery when the
schema error came from a sibling field in the same table (e.g.
edge_runtime.inspector_port), discarding a valid [edge_runtime.secrets]
block. Verified against pkg/config directly that Go's mapstructure decode
tolerates this case and still populates EdgeRuntime.Secrets, so
recoverEdgeRuntimeConfig now re-slices just edge_runtime.secrets instead of
the whole edge_runtime table.
The previous commit's cast (`edgeRuntime as Record<string, unknown>`)
violates this repo's no-`as`-casts policy; a local `isRecord` type
predicate narrows `unknown` without it. Also fixes an oxfmt formatting
drift in SIDE_EFFECTS.md left over from an earlier commit in this PR.
@Coly010

Coly010 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Hooray!

Reviewed commit: a2b843d298

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant