Skip to content

feat(tsm): allow agents to sweep naked creds via tsm add#10

Closed
tashian wants to merge 2 commits into
mainfrom
feat/agent-tsm-add
Closed

feat(tsm): allow agents to sweep naked creds via tsm add#10
tashian wants to merge 2 commits into
mainfrom
feat/agent-tsm-add

Conversation

@tashian

@tashian tashian commented May 5, 2026

Copy link
Copy Markdown
Owner

Summary

  • Inverts the credential-usage skill's blanket ban on tsm add: agents may now move discovered cleartext credentials into the vault following a documented safe workflow.
  • Keeps the bans on edit, remove, reset, init, and config set (still user-driven).
  • Replaces bufio.Scanner in runAdd with io.ReadAll + TrimRight so stdin values >64KB and multi-line values work.
  • Adds cmd/add_test.go (was missing) to lock the agent-facing contract: stdin pipe, --from-file, large value, multi-line value, --json output, no --value flag, missing-name error.

Closes #6

Test plan

  • go test ./cmd/... passes
  • tsm add still rejects a --value flag (regression test confirms)
  • Skill section reads cleanly end-to-end with the worked example

tashian added 2 commits May 4, 2026 19:11
…alues)

Refactors `runAdd` into `runAddWith(addOptions)` so tests can inject stdin and
stdout, mirroring the seam used by `runGetWith` in cmd/get.go.

Replaces the `bufio.Scanner` stdin reader with `io.ReadAll` + `TrimRight("\n")`
so values larger than the 64 KB scanner buffer (PEM bundles, GCP service-account
JSON) and multi-line values (which scanner would silently truncate at the first
newline) work correctly. Trailing-newline stripping matches `--from-file`
semantics.

Adds `cmd/add_test.go` (was missing) to lock the agent-facing contract:

- StdinPipe: piped value is sent as `value`, name/display_name/description
  travel through unchanged.
- FromFile: trailing newline trimmed.
- LargeStdinValue: 256 KB value round-trips intact (regression guard for
  bufio.Scanner).
- MultiLineStdinValue: PEM-style multi-line value preserves internal newlines.
- RejectsValueFlag: regression guard for the CLAUDE.md rule that `--value` must
  never be added to `tsm add` (would leak via `ps`/shell history).
- MissingNameNonInteractive / MissingValueNonInteractive: existing validation
  errors fire as expected.
- JSONOutput: `--json` emits machine-parseable `{"ok":true}` with no human
  prose.
- SendsTagsAndConfirm: `--tags` arrives as a slice; `--confirm true` arrives as
  a bool (omitted when false).

Refs #6
Inverts the credential-usage skill's blanket ban on `tsm add`: agents may now
move discovered cleartext credentials into the vault following a documented
safe workflow. Bans on `edit`, `remove`, `reset`, `init`, and `config set`
remain — those are still user-driven.

Adds §5 "Sweeping naked credentials into the vault" with:

- the 7-step workflow (discover, choose id, announce, move via stdin/file,
  verify, replace call site, warn about git history);
- safe transports (`printf '%s' | tsm add`, `--from-file`) and an explanation
  of why `printf` is safe in `bash -c` (shell builtin → not in `ps`);
- a "Never" subsection covering add-time hazards: no `--value`, no positional
  value, no `echo` (not always builtin in fish), no heredocs (shell history),
  no chat-paste, no scratch files, no premature source deletion, no autonomous
  `git filter-repo`;
- a worked end-to-end example sweeping `OPENAI_API_KEY` from `.env` to a vault
  entry tagged `swept`, including the agent's announce/closing messages.

Updates the frontmatter `description` so the dispatcher loads the skill on
"audit my repo for hardcoded secrets" / "sweep naked credentials" tasks. Adds
a forward link from §4 to §5 so the remaining mutation bans aren't read as
also banning sweeps.

Closes #6
@tashian tashian closed this May 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

TSM's skill should be able to add credentials

1 participant