feat(config): add trusted project config discovery#349
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a “trusted project config” workflow so repositories can provide a .restish.json that is discovered from the current directory (or parents) and layered over the user’s global config only after explicit trust is established, while also namespacing sidecar caches/tokens for project APIs.
Changes:
- Implement
.restish.jsondiscovery + trust persistence (restish config trust) and layered merging of projectapis+themeover global config. - Enforce read-only behavior for project-provided APIs in normal mutation commands and prevent project config from being written back into global config.
- Namespace spec/HTTP/OAuth token cache keys for project APIs, and update user + design docs to document the trust model.
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| site/content/en/docs/reference/config.md | Documents auto-discovery of .restish.json, trust requirement, and layering behavior. |
| site/content/en/docs/reference/config-command.md | Adds restish config trust to the config command reference. |
| site/content/en/docs/guides/troubleshooting.md | Updates troubleshooting guidance to prefer .restish.json + trust or explicit config selection. |
| site/content/en/docs/guides/api-setup-and-discovery.md | Updates project-config guidance to the new trust + layering model. |
| site/content/en/docs/getting-started/connect-to-an-api.md | Updates getting-started docs to use project discovery + trust flow. |
| internal/cli/request_exec.go | Uses API state namespace helper for HTTP cache namespace selection. |
| internal/cli/project_config.go | Implements discovery, trust storage/verification, project config parsing/validation, overlay merge, and per-project API state namespacing. |
| internal/cli/project_config_test.go | Adds tests covering trust gating, re-trust on change, read-only project APIs, no persistence into global config, auth profile references, and cache/spec namespacing. |
| internal/cli/operation_auth.go | Namespaces credential auth cache keys using the API state namespace helper. |
| internal/cli/http.go | Namespaces request cache namespaces using the API state namespace helper. |
| internal/cli/help_text.go | Adds help text describing config trust. |
| internal/cli/doctor.go | Updates spec cache presence checks to use namespaced API state names. |
| internal/cli/config_mutation.go | Prevents mutations of trusted project APIs; avoids persisting overlaid project config back into global config; invalidates namespaced spec caches. |
| internal/cli/config_cmd.go | Adds config trust subcommand and shows layered config provenance in config show. |
| internal/cli/completion.go | Loads/stores operation set caches using namespaced API state names. |
| internal/cli/command_plugin_handlers.go | Loads cached API specs using namespaced API state names. |
| internal/cli/cli.go | Integrates project-config preparation and layered config loading/validation; namespaces spec discovery cache keys. |
| internal/cli/cache_cmd.go | Clears HTTP cache namespaces correctly for project APIs. |
| internal/cli/auth.go | Namespaces OAuth token cache keys for project APIs/profiles. |
| internal/cli/api.go | Namespaces auth cache deletion + spec caching; prevents syncing from writing back project APIs; blocks removing project APIs. |
| internal/cli/api_auth.go | Namespaces operation-set/spec cache lookups and blocks writing auth credential config for project APIs. |
| docs/design/030-security-model-and-trust-boundaries.md | Updates security/trust-boundary design doc for discovered project config with explicit trust. |
| docs/design/002-config-and-profiles.md | Updates config/design doc to describe discovered project config trust + overlay semantics and cache namespacing. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Collaborator
Author
|
Follow-up from the project-config decision:
Validation rerun after this change:
|
This was referenced May 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.restish.jsondiscovery from the current directory or parents.restish config trustwith path+content-hash trust stored outside the repo.apisandthemeover global config while keeping project APIs read-only for normal mutation commands.Fixes #239.
Related to #263 by @tarunKoyalwar and #303 by @richard-hajek. Thanks to both original authors for exploring the project-config workflow and edge cases.
Validation
env GOCACHE=/tmp/restish-gocache go test ./internal/cli -run TestProjectConfigenv GOCACHE=/tmp/restish-gocache go test ./internal/clienv GOCACHE=/tmp/restish-gocache go test ./...env GOCACHE=/tmp/restish-gocache go run ./cmd/restish-docgen --checkhugo --source site --quiet --gc --minify --cacheDir /tmp/restish-hugo-cachegit diff --checkenv GOCACHE=/tmp/restish-gocache go test -tags=integration ./...Review
Ran a no-context sub-agent review. It found three issues: project config could leak into global config on
api remove, trusted project APIs were skipped for help/completion bootstrap commands, and project APIs could not reference global auth profiles. All three were fixed with targeted tests.