Add --reset-config / --reset-secrets#3240
Merged
Merged
Conversation
Stamp generated config files with a hash of the option set; warn when a config predates or no longer matches it. `bbot --reset-config` regenerates from current defaults (confirmation required, backs up to .bak). Also isolate the config dir under a temp dir during tests so the suite never touches the user's real ~/.config/bbot.
Per-file hash stamps and staleness detection; --reset-secrets regenerates secrets.yml on its own so --reset-config never disturbs API keys. Secrets are written owner-only atomically, preserving any hardened perms, and refused if owner-only can't be guaranteed.
Contributor
📊 Performance Benchmark Report
📈 Detailed Results (All Benchmarks)
🎯 Performance Summary! 1 regression ⚠️
30 unchanged ✅🔍 Significant Changes (>10%)
🐍 Python Version 3.11.15 |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## dev #3240 +/- ##
======================================
+ Coverage 90% 90% +1%
======================================
Files 453 451 -2
Lines 46304 46488 +184
======================================
+ Hits 41411 41618 +207
+ Misses 4893 4870 -23 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
The per-run hash nag false-flagged hand-written/minimal configs as stale on every run, since an unstamped file is indistinguishable from an old one. Drop the hash machinery; keep --reset-config/--reset-secrets. On a real validation failure, hint at the reset flag only when the bad option actually lives in a generated config file (not a -c CLI typo).
ausmaster
approved these changes
Jun 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
BBOT writes a fully-commented snapshot of the defaults into
~/.config/bbot/bbot.ymland~/.config/bbot/secrets.ymlon first install (ensure_config_files), guarded byif not exists. Across upgrades these freeze at install time, so old installs carry commented options that no longer exist, and a config can reference options that have since been renamed or removed.This adds an opt-in way to regenerate those files, plus a targeted hint when an actually-invalid option is found.
--reset-configregeneratesbbot.ymlonly;--reset-secretsregeneratessecrets.ymlonly (combine the two to do both). Refreshing thebbot.ymltemplate never disturbs the API keys insecrets.yml. Each requires confirmation (y/N, or--yes; refuses in a non-tty without--yes) and backs up existing files non-clobbering (.bak,.bak.1, ...)._write_secret_text):secrets.ymlis created owner-only (0600) atomically via a private temp file + rename, so it never exists world/group-readable even briefly; an existing file's hardened perms (e.g.0400) are preserved; if owner-only perms can't be guaranteed, the secret is not written. Backups preserve the source file's permissions.bbot/cli.py): when config validation rejects an option, and that option actually lives in one of the generated config files, BBOT points the user at the matching reset flag. This rides on the existing pydantic validation (which only flags options the user is actually using), so it never fires on a config that is fine, and it does not fire for a-cCLI typo.bbot/core/config/files.py): underBBOT_TESTING,config_dirresolves to a fresh per-runmkdtemp(shared across child processes viaBBOT_TEST_CONFIG_DIR, cleaned at exit) instead of the real~/.config/bbot. Fixes a pre-existing leak where the suite read/wrote the user's actual config, and is safe against previous/concurrent runs.Notes
An earlier revision stamped each file with a structural option-set hash and warned on every run when the hash no longer matched. That nag false-flagged hand-written and minimal configs as stale on every run (an unstamped file is indistinguishable from one generated by an old version) and duplicated what preset validation already does precisely. It was dropped in favor of the validation-driven hint above.
Tests
test_presets.py: config-dir isolation; independent reset (resettingconfigleavessecretsuntouched, and vice versa); reset both; secret-file permissions (create0600, preserve hardened0400, tighten loose0644); refusal to write secrets when perms can't be secured.test_cli.py:--reset-config/--reset-secretsend-to-end (non-tty refusal without--yes, regeneration + backup, secrets untouched on a config reset); the reset hint fires when a bad option lives inbbot.yml, and does not fire for a-cCLI typo.