ticket: plan env var cleanup

2026-05-31 18:02:59 +09:00 · 2026-05-31 18:02:59 +09:00 · d06bb14e64
commit d06bb14e64
parent f186994c83
7 changed files with 107 additions and 7 deletions
--- a/work-items/open/20260529-145355-manifest-profile-encrypted-secrets/item.md
+++ b/work-items/open/20260529-145355-manifest-profile-encrypted-secrets/item.md
@ -23,8 +23,8 @@ Related work item: `work-items/open/20260527-000022-manifest-profiles/item.md`.
 ## Requirements

 - Design a typed secret reference format for manifest/profile fields that need credentials.
-  - Existing env references such as `api_key_env = "BRAVE_SEARCH_API_KEY"` should keep working.
  - Add a new encrypted-store reference form, e.g. `api_key_secret = "brave.search.default"` or a more general `SecretRef` enum.
+  - Existing env references such as `api_key_env = "BRAVE_SEARCH_API_KEY"` may be supported only as a migration/compatibility input during the transition; the target state is to remove credential environment-variable configuration rather than keep it as a normal fallback.
  - Secret references must be explicit in resolved config; do not silently read arbitrary `.env` files.
 - Add an encrypted local secret store suitable for API keys/tokens.
  - Store secrets outside tracked project files by default, under the user data/config directory.
@ -41,9 +41,9 @@ Related work item: `work-items/open/20260527-000022-manifest-profiles/item.md`.
  - Show references and metadata, not secret values.
  - Consider migration helpers from existing env-var based configuration, but keep migration optional.
 - Update credential consumers.
-  - WebSearch should support encrypted secret refs in addition to env vars.
-  - Provider API keys/tokens and future hosted/search credentials should be able to use the same mechanism.
-  - Existing env-var behavior remains as a fallback/compatibility path.
+  - WebSearch should use encrypted secret refs instead of requiring env vars.
+  - Provider API keys/tokens and future hosted/search credentials should use the same mechanism.
+  - Remove env-var credential configuration from the normal supported path once encrypted secret refs and migration diagnostics exist.
 - Security and UX constraints.
  - Fail closed when a referenced secret is missing or cannot be decrypted.
  - Diagnostics should name the missing reference, not the secret value.
@ -52,13 +52,13 @@ Related work item: `work-items/open/20260527-000022-manifest-profiles/item.md`.

 ## Acceptance criteria

- Manifest/profile schema has a typed credential reference that can point either to an env var or encrypted secret-store entry.
+- Manifest/profile schema has a typed credential reference for encrypted secret-store entries; env-var credential inputs are at most transitional migration inputs, not the final supported configuration path.
 - Encrypted secret-store files are created outside the repository by default and use authenticated encryption with atomic update behavior.
 - A user can add/list/delete a Brave Search API key in the secret store and configure `WebSearch` to use it without exporting an environment variable.
 - Resolved configuration and diagnostics never display plaintext secrets.
 - Missing/decryption-failed secrets produce clear fail-closed errors.
- Existing env-var based configuration continues to work.
- Documentation explains how profiles reference secrets and how to manage them.
+- Existing env-var based credential configuration is either removed or produces an explicit migration diagnostic after encrypted secret references are available.
+- Documentation explains how profiles reference secrets, how to manage them, and why credential env vars are no longer the normal path.
 - Focused tests cover config parsing/resolution, missing secret diagnostics, no-plaintext serialization/logging paths, and WebSearch secret resolution.
 - `cargo fmt --check`
 - Relevant manifest/provider/tools/pod tests pass.
--- a/work-items/open/20260531-085959-eliminate-test-only-env-vars/artifacts/.gitkeep
+++ b/work-items/open/20260531-085959-eliminate-test-only-env-vars/artifacts/.gitkeep
--- a/work-items/open/20260531-085959-eliminate-test-only-env-vars/item.md
+++ b/work-items/open/20260531-085959-eliminate-test-only-env-vars/item.md
@ -0,0 +1,43 @@
+---
+id: 20260531-085959-eliminate-test-only-env-vars
+slug: eliminate-test-only-env-vars
+title: Tests: eliminate test-only environment variables
+status: open
+kind: task
+priority: P2
+labels: [test, env, cleanup]
+created_at: 2026-05-31T08:59:59Z
+updated_at: 2026-05-31T08:59:59Z
+assignee: null
+legacy_ticket: null
+---
+
+## Background
+
+The environment-variable policy now treats process environment as an undesirable ambient input. Tests currently still use several test-only or test-generated env names, such as `INSOMNIA_TEST_*`, and many tests mutate process environment directly with local guards.
+
+The user decision is to eliminate test-only environment-variable surfaces rather than documenting them as supported configuration. A shared test utility crate may be added if it helps remove duplicated unsafe env mutation and replace test-only env channels with typed fixtures.
+
+## Requirements
+
+- Remove test-only environment variables from active code/tests, including `INSOMNIA_TEST_*` patterns.
+- Do not add new test-only user-facing env vars.
+- Where tests need to exercise real supported env behavior, keep those mutations isolated behind a shared guard rather than ad-hoc per-test `set_var`/`remove_var` code.
+- Prefer typed fixtures, temporary files, explicit config structs, or dependency injection over process-global env channels.
+- It is acceptable to introduce a small `test-support` crate if it reduces duplication and keeps env mutation serialized/restored.
+- Update docs so test-only env vars are not listed as a supported surface.
+
+## Non-goals
+
+- Removing tests that intentionally verify public path/env fallback behavior such as `INSOMNIA_HOME`, `XDG_CONFIG_HOME`, or `INSOMNIA_RUNTIME_DIR`.
+- Removing credential env vars in this ticket; those belong with `manifest-profile-encrypted-secrets`.
+- Removing `INSOMNIA_POD_COMMAND`; that is tracked by `remove-insomnia-pod-command-env`.
+
+## Acceptance criteria
+
+- No active code/tests generate or depend on `INSOMNIA_TEST_*` env names.
+- Test-only env vars are absent from `docs/environment.md`.
+- Any remaining test env mutation is for documented public env behavior or unavoidable external compatibility and is guarded/serialized/restored.
+- If a `test-support` crate is added, it is test-only/dev-only and does not become runtime dependency surface.
+- Relevant test suites pass, including tools/provider/manifest/pod tests that previously mutated env.
+- `cargo fmt --check`, relevant `cargo test`/`cargo check`, `./tickets.sh doctor`, and `git diff --check` pass.
--- a/work-items/open/20260531-085959-eliminate-test-only-env-vars/thread.md
+++ b/work-items/open/20260531-085959-eliminate-test-only-env-vars/thread.md
@ -0,0 +1,7 @@
+<!-- event: create author: tickets.sh at: 2026-05-31T08:59:59Z -->
+
+## Created
+
+Created by tickets.sh create.
+
+---
--- a/work-items/open/20260531-085959-remove-insomnia-pod-command-env/artifacts/.gitkeep
+++ b/work-items/open/20260531-085959-remove-insomnia-pod-command-env/artifacts/.gitkeep
--- a/work-items/open/20260531-085959-remove-insomnia-pod-command-env/item.md
+++ b/work-items/open/20260531-085959-remove-insomnia-pod-command-env/item.md
@ -0,0 +1,43 @@
+---
+id: 20260531-085959-remove-insomnia-pod-command-env
+slug: remove-insomnia-pod-command-env
+title: CLI: remove INSOMNIA_POD_COMMAND override
+status: open
+kind: task
+priority: P2
+labels: [cli, pod, env]
+created_at: 2026-05-31T08:59:59Z
+updated_at: 2026-05-31T08:59:59Z
+assignee: null
+legacy_ticket: null
+---
+
+## Background
+
+The single-binary migration changed the normal Pod runtime command to the current `insomnia` executable plus the `pod` prefix argument. During the transition, `INSOMNIA_POD_COMMAND` remained as an executable-only development/test override.
+
+The user decision is to remove this override now that runtime launch is aligned with the single binary. Keeping a process-wide environment override is no longer worth the configuration surface area.
+
+## Requirements
+
+- Remove `INSOMNIA_POD_COMMAND` support from the `insomnia` helper crate and any callers/tests.
+- Keep default Pod runtime command behavior unchanged: current executable plus `pod` prefix argument.
+- Update spawn/restore tests so they no longer depend on a process-wide command override.
+  - Prefer a typed test injection path or direct unit tests of `PodRuntimeCommand` construction.
+  - Do not introduce a replacement environment variable.
+- Update docs to remove `INSOMNIA_POD_COMMAND` from supported environment variables.
+- Preserve detached process behavior and `INSOMNIA-READY` handshake behavior.
+
+## Non-goals
+
+- Reintroducing an `insomnia-pod` binary or alias.
+- Changing Pod runtime flags/profile/manifest semantics.
+- Changing the Pod protocol.
+- Renaming the `tui` package/crate.
+
+## Acceptance criteria
+
+- `git grep INSOMNIA_POD_COMMAND` finds no active code/docs references outside historical work-item records.
+- Pod spawn/restore still defaults to `insomnia pod ...`.
+- Focused tests cover runtime command construction without environment-variable mutation.
+- `cargo fmt --check`, relevant `cargo test`/`cargo check`, `./tickets.sh doctor`, and `git diff --check` pass.
--- a/work-items/open/20260531-085959-remove-insomnia-pod-command-env/thread.md
+++ b/work-items/open/20260531-085959-remove-insomnia-pod-command-env/thread.md
@ -0,0 +1,7 @@
+<!-- event: create author: tickets.sh at: 2026-05-31T08:59:59Z -->
+
+## Created
+
+Created by tickets.sh create.
+
+---