Skip to content

chore: compartmentalized sandbox config directory#288

Merged
avihut merged 2 commits intomasterfrom
chore/compartmentalized-sandbox-db
Mar 11, 2026
Merged

chore: compartmentalized sandbox config directory#288
avihut merged 2 commits intomasterfrom
chore/compartmentalized-sandbox-db

Conversation

@avihut
Copy link
Owner

@avihut avihut commented Mar 11, 2026

Summary

  • Add DAFT_CONFIG_DIR env var that redirects all daft state files (trust DB, hints, update cache) to a custom directory, isolating the dev sandbox from the user's real config
  • Centralize config directory resolution into a single daft_config_dir() function, replacing 6 independent dirs::config_dir() calls
  • Gate the env var behind dev builds only (local git checkouts) — release builds ignore it entirely to prevent trust DB hijacking via env injection
  • Add non-suppressible security warning to stderr when the override is active
  • Update sandbox .envrc generation to set DAFT_CONFIG_DIR, DAFT_NO_UPDATE_CHECK, and DAFT_NO_TRUST_PRUNE for full dev isolation

Test plan

  • mise run fmt — clean
  • mise run clippy — zero warnings
  • mise run test:unit — 461 tests pass (including 5 new tests for daft_config_dir())
  • mise run man:verify — man pages up-to-date
  • Pre-commit hooks pass (fmt, clippy, man, CLI docs, conventional commit)
  • Manual: DAFT_CONFIG_DIR=/tmp/test daft hooks list uses sandboxed config in dev build
  • Manual: mise run sandbox creates .envrc with DAFT_CONFIG_DIR set
  • Manual: verify release build ignores DAFT_CONFIG_DIR

🤖 Generated with Claude Code

avihut and others added 2 commits March 11, 2026 10:05
@avihut @claude
chore: add DAFT_CONFIG_DIR env var for sandbox config isolation
2f4476f 
Centralize config directory resolution into a single `daft_config_dir()`
function in `src/lib.rs`. When `DAFT_CONFIG_DIR` is set to a non-empty
absolute path, all state files (trust DB, hints, caches) use that
directory instead of `~/.config/daft/`.

- Add non-suppressible security warning to stderr when override is active
- Reject relative paths with a clear error
- Update sandbox `.envrc` to set `DAFT_CONFIG_DIR`, `DAFT_NO_UPDATE_CHECK`,
  and `DAFT_NO_TRUST_PRUNE` for full dev isolation
- Migrate all 6 call sites from independent `dirs::config_dir()` calls
- Update help text to avoid hardcoded `~/.config/daft/` path references

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@avihut @claude
chore: gate DAFT_CONFIG_DIR behind dev builds only
2b51781 
Release builds (tagged commits, DAFT_BUILD_RELEASE=1, crates.io installs)
now ignore DAFT_CONFIG_DIR entirely, preventing trust database hijacking
via environment variable injection in production.

Dev builds (local git checkout without a release tag) continue to honor
the env var for sandbox isolation.

- Add `daft_dev_build` cfg flag emitted by build.rs
- Gate env var check and startup warning behind `cfg!(daft_dev_build)`
- Register custom cfg in Cargo.toml to satisfy `unexpected_cfgs` lint

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@avihut avihut added this to the v1.1.0 milestone Mar 11, 2026
@avihut avihut added the chore Maintenance tasks label Mar 11, 2026
@avihut avihut self-assigned this Mar 11, 2026
@avihut avihut merged commit 398d9c1 into master Mar 11, 2026
6 checks passed
@avihut avihut deleted the chore/compartmentalized-sandbox-db branch March 11, 2026 09:57
@wheatley-the-moronic-ci-bot wheatley-the-moronic-ci-bot bot mentioned this pull request Mar 11, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@avihut avihut

Labels

chore Maintenance tasks

Projects

None yet

Milestone

Public Launch

Development

Successfully merging this pull request may close these issues.

1 participant

@avihut