Skip to content

fix(install-dir): make config field authoritative#109

Merged
ashishkurmi merged 3 commits into
step-security:mainfrom
shubham-stepsecurity:sm/update
May 26, 2026
Merged

fix(install-dir): make config field authoritative#109
ashishkurmi merged 3 commits into
step-security:mainfrom
shubham-stepsecurity:sm/update

Conversation

@shubham-stepsecurity
Copy link
Copy Markdown
Member

@shubham-stepsecurity shubham-stepsecurity commented May 25, 2026

What does this PR do?

Type of change

  • Bug fix
  • Enhancement
  • Documentation

Testing

  • Tested on macOS (version: ___)
  • Binary runs without errors: ./stepsecurity-dev-machine-guard --verbose
  • JSON output is valid: ./stepsecurity-dev-machine-guard --json | python3 -m json.tool
  • No secrets or credentials included
  • Lint passes: make lint
  • Tests pass: make test

Related Issues

@ashishkurmi ashishkurmi requested a review from Copilot May 25, 2026 05:46
Copilot AI reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates install directory resolution so config.json’s install_dir becomes the authoritative source (ahead of STEPSECURITY_HOME), while also hardening scheduler installers (systemd/launchd) against malformed unit/plist output.

Changes:

  • Flip install-dir precedence to: CLI --install-dir > config.install_dir > STEPSECURITY_HOME > legacy default, and canonicalize via filepath.Clean.
  • Add paths.SetDisabled() for explicit --install-dir= behavior and update tests accordingly.
  • Improve scheduler installers: reject root systemd installs, escape systemd Environment= values, and XML-escape launchd plist string fields.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
internal/systemd/systemd.go Reject root installs; escape STEPSECURITY_HOME for systemd unit Environment=.
internal/paths/paths.go Make config.InstallDir authoritative over env; add SetDisabled; clean resolved paths.
internal/paths/paths_test.go Update precedence tests; add coverage for SetDisabled and canonicalization.
internal/launchd/launchd.go XML-escape templated plist <string> values to avoid malformed plists.
cmd/stepsecurity-dev-machine-guard/main.go Route --install-dir= through SetDisabled; update precedence commentary and logging setup.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread cmd/stepsecurity-dev-machine-guard/main.go
Comment thread internal/systemd/systemd.go
Comment thread internal/paths/paths.go Outdated
@ashishkurmi ashishkurmi requested a review from Copilot May 25, 2026 06:04
Copilot AI reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Comment thread cmd/stepsecurity-dev-machine-guard/main.go
Comment thread internal/systemd/systemd.go
Comment thread internal/paths/paths.go
@ashishkurmi ashishkurmi merged commit dcd8cc2 into step-security:main May 26, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ashishkurmi ashishkurmi ashishkurmi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@shubham-stepsecurity @ashishkurmi