barrettruth/cp.nvim
1
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

feat: git credential backend for credential storage #371

Merged
barrettruth merged 13 commits from feat/security into main 2026-03-08 01:15:07 +00:00
Conversation 0 Commits 13 Files changed 12 +283 -150
barrettruth commented 2026-03-08 00:06:05 +00:00
Copy link

Problem

Credentials were stored as plaintext JSON in stdpath('data')/cp-nvim.json, with no integration with system credential managers.

Solution

Replace file-based credential storage with git credential fill/approve/reject, delegating to whatever credential helper the user has configured (cache, store, libsecret, macOS Keychain, etc.).

  • New lua/cp/git_credential.lua module wrapping the git credential protocol
  • All credential consumers (credentials.lua, submit.lua, scraper.lua) use git_credential directly — cache.lua no longer handles credentials
  • CSES API token packed into the password field (password<TAB>token) so it works with helpers that ignore the path field
  • has_helper() guard on :CP login, :CP logout, and :CP submit with an error message if no helper is configured
  • Healthcheck split into [required]/[optional] sections; git version and credential helper status shown
  • git checked at startup in check_required_runtime()
  • Cache version system (CACHE_VERSION, v1→v2 migration) removed — the cache file is now a plain JSON blob
  • :CP command gets bar = true
## Problem Credentials were stored as plaintext JSON in `stdpath('data')/cp-nvim.json`, with no integration with system credential managers. ## Solution Replace file-based credential storage with `git credential fill/approve/reject`, delegating to whatever credential helper the user has configured (`cache`, `store`, `libsecret`, macOS Keychain, etc.). - New `lua/cp/git_credential.lua` module wrapping the git credential protocol - All credential consumers (`credentials.lua`, `submit.lua`, `scraper.lua`) use `git_credential` directly — `cache.lua` no longer handles credentials - CSES API token packed into the password field (`password<TAB>token`) so it works with helpers that ignore the `path` field - `has_helper()` guard on `:CP login`, `:CP logout`, and `:CP submit` with an error message if no helper is configured - Healthcheck split into `[required]`/`[optional]` sections; git version and credential helper status shown - `git` checked at startup in `check_required_runtime()` - Cache version system (`CACHE_VERSION`, v1→v2 migration) removed — the cache file is now a plain JSON blob - `:CP` command gets `bar = true`
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
wontfix
This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
barrettruth/cp.nvim!371
No description provided.