perf: avoid bitwarden probe in runtime description

2026-05-02 15:47:07 +02:00 · 2026-05-02 15:47:07 +02:00 · 1e11181c02
commit 1e11181c02
parent 893600ffd5
3 changed files with 13 additions and 19 deletions
--- a/docs/secrets.md
+++ b/docs/secrets.md
@ -187,7 +187,8 @@ effective := secretstore.EffectiveBackendPolicy(store)
 fmt.Println("backend effectif:", effective) // bitwarden-cli, env-only, keyring-any...
 ```

-Pour obtenir en un seul appel une description runtime (source manifeste, policy déclarée/effective, disponibilité) :
+Pour obtenir en un seul appel une description runtime légère (source manifeste,
+policy déclarée/effective, backend affiché) :

 ```go
 desc, err := secretstore.DescribeRuntime(secretstore.DescribeRuntimeOptions{
@ -202,7 +203,8 @@ fmt.Println(secretstore.FormatBackendStatus(desc))
 // declared=... effective=... display=... ready=... source=...
 ```

-Pour un préflight réutilisable dans `setup`, `config show` et `config test` :
+`DescribeRuntime` ne contacte pas Bitwarden par défaut. Pour vérifier réellement
+la disponibilité du backend, utiliser le préflight :

 ```go
 report, err := secretstore.PreflightFromManifest(secretstore.PreflightOptions{
--- a/secretstore/runtime.go
+++ b/secretstore/runtime.go
@ -16,6 +16,7 @@ type DescribeRuntimeOptions struct {
 	BitwardenCommand      string
 	BitwardenDebug        bool
 	DisableBitwardenCache bool
+	CheckReady            bool
 	Shell                 string
 	ManifestLoader        ManifestLoader
 	ExecutableResolver    ExecutableResolver
@ -91,7 +92,7 @@ func DescribeRuntime(options DescribeRuntimeOptions) (RuntimeDescription, error)
 		desc.EffectivePolicy = effective
 		desc.DisplayName = BackendDisplayName(effective)
 	}
-	if desc.EffectivePolicy == BackendBitwardenCLI {
+	if options.CheckReady && desc.EffectivePolicy == BackendBitwardenCLI {
 		if err := verifyBitwardenCLIReady(Options{
 			BitwardenCommand: options.BitwardenCommand,
 			BitwardenDebug:   options.BitwardenDebug,
@ -107,6 +108,7 @@ func DescribeRuntime(options DescribeRuntimeOptions) (RuntimeDescription, error)
 }

 func PreflightFromManifest(options PreflightOptions) (PreflightReport, error) {
+	options.CheckReady = true
 	desc, err := DescribeRuntime(options)
 	if err != nil {
 		return PreflightReport{}, err
--- a/secretstore/runtime_test.go
+++ b/secretstore/runtime_test.go
@ -46,16 +46,9 @@ func TestDescribeRuntimeReturnsDeclaredAndEffectivePolicies(t *testing.T) {
 	}
 }

-func TestDescribeRuntimeReportsUnavailableBitwardenAsNotReady(t *testing.T) {
+func TestDescribeRuntimeDoesNotProbeBitwardenByDefault(t *testing.T) {
 	withBitwardenRunner(t, func(command string, stdin []byte, args ...string) ([]byte, error) {
-		switch {
-		case len(args) == 1 && args[0] == "--version":
-			return []byte("2026.1.0\n"), nil
-		case len(args) == 1 && args[0] == "status":
-			return []byte(`{"status":"locked"}`), nil
-		default:
 		return nil, errors.New("unexpected bitwarden invocation")
-		}
 	})

 	desc, err := DescribeRuntime(DescribeRuntimeOptions{
@ -80,14 +73,11 @@ func TestDescribeRuntimeReportsUnavailableBitwardenAsNotReady(t *testing.T) {
 	if desc.EffectivePolicy != BackendBitwardenCLI {
 		t.Fatalf("EffectivePolicy = %q, want %q", desc.EffectivePolicy, BackendBitwardenCLI)
 	}
-	if desc.Ready {
-		t.Fatalf("Ready = %v, want false", desc.Ready)
+	if !desc.Ready {
+		t.Fatalf("Ready = %v, want true without readiness probe", desc.Ready)
 	}
-	if !errors.Is(desc.ReadyError, ErrBWLocked) {
-		t.Fatalf("ReadyError = %v, want ErrBWLocked", desc.ReadyError)
-	}
-	if !strings.Contains(desc.ReadyError.Error(), "set -x BW_SESSION (bw unlock --raw)") {
-		t.Fatalf("ReadyError = %v, want fish remediation", desc.ReadyError)
+	if desc.ReadyError != nil {
+		t.Fatalf("ReadyError = %v, want nil without readiness probe", desc.ReadyError)
 	}
 }