You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CLAUDE.md
+13Lines changed: 13 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,19 @@ When adding features, changing CLI flags, modifying commands, or altering behavi
7
7
- Update CONTRIBUTING.md if project structure, test count, build steps, or development guidelines changed
8
8
- Keep the test count in CONTRIBUTING.md accurate after adding/removing tests
9
9
10
+
## Testing Requirements
11
+
12
+
Every command, subcommand, and code path MUST have integration tests. This is non-negotiable for security-critical software.
13
+
14
+
-**Every CLI command** must have integration tests covering happy path AND error paths
15
+
-**Every flag/option** on every command must be tested
16
+
-**GPG-dependent commands** (add-gpg-user, rm-gpg-user, ls-gpg-users, unlock via GPG) must have tests that exercise real GPG operations using test keys in a temp GNUPGHOME
17
+
-**Tests must run on all 3 CI platforms** (Linux, macOS, Windows). Only use `#[cfg(unix)]` for genuinely Unix-only concepts (file mode bits, Unix symlinks)
18
+
-**When adding a new command or feature**: write tests BEFORE or WITH the implementation, never after. No PR should add a command without corresponding tests.
19
+
-**When modifying an existing command**: verify existing tests still cover the behavior, add new tests if the change adds flags or code paths
20
+
-**GPG tests** should auto-skip gracefully if GPG is not available (use a `skip_without_gpg!()` macro, same pattern as `skip_without_git_crypt!()` in cross_compat.rs)
21
+
- Keep the test count in CONTRIBUTING.md accurate after adding/removing tests
22
+
10
23
## Code Quality
11
24
12
25
- Run `cargo clippy` and fix warnings before committing
|`--trusted`| Skip GPG Web of Trust verification |
187
187
|`--from <source>`| Import GPG key(s) from a file, directory, or git URL |
188
188
189
+
When called with no arguments and no `--from`, gitveil checks for a globally configured keyring directory (see `gitveil config set-keyring`). If configured, it scans the directory and shows an interactive picker.
190
+
189
191
#### Import keys from a shared keyring
190
192
191
193
If your team stores GPG public keys in a shared repository, you can import them directly:
When pointing at a directory (or git URL), gitveil scans for `.asc`, `.gpg`, `.pub`, and `.key` files, shows a list of found keys (name, email, fingerprint), and lets you select one or more to add as collaborators.
205
207
208
+
### `gitveil config`
209
+
210
+
Manage global gitveil configuration.
211
+
212
+
```bash
213
+
# Set a global GPG keyring directory
214
+
gitveil config set-keyring /path/to/team-keys
215
+
216
+
# Show current configuration
217
+
gitveil config show
218
+
219
+
# Remove the keyring setting
220
+
gitveil config unset-keyring
221
+
```
222
+
223
+
When a keyring directory is configured, `gitveil add-gpg-user` (with no arguments and no `--from`) will automatically scan the keyring directory and present an interactive picker to select GPG keys. This is useful when your team stores GPG public keys in a shared folder or git repository.
224
+
225
+
The keyring directory has no special format -- it's just a folder containing GPG public key files (exported with `gpg --export` or `gpg --armor --export`). Files are matched by extension (`.asc`, `.gpg`, `.pub`, `.key`) and can be organized in subdirectories. Non-key files and symlinks are ignored.
226
+
227
+
```
228
+
team-keys/
229
+
├── engineering/
230
+
│ ├── alice.asc
231
+
│ └── bob.pub
232
+
├── design/
233
+
│ └── carol.gpg
234
+
└── README.md # ignored (not a key extension)
235
+
```
236
+
237
+
The keyring path is stored in `~/.config/gitveil/config` (respects `$XDG_CONFIG_HOME`). The config file is created with 0600 permissions and the config directory with 0700 permissions.
238
+
206
239
### `gitveil rm-gpg-user`
207
240
208
241
Remove a GPG user's access.
@@ -309,6 +342,7 @@ The clean filter must read the entire file into memory to compute the HMAC-SHA1
309
342
src/
310
343
main.rs # Entry point + CLI dispatch
311
344
cli.rs # clap CLI definitions
345
+
config.rs # Global configuration (XDG keyring path)
0 commit comments