Skip to content

sync: Add contribution guidelines and fix config file permissions#22

Merged
agent-smith-k merged 2 commits into
mainfrom
sync/public-2026-03-25
Mar 25, 2026
Merged

sync: Add contribution guidelines and fix config file permissions#22
agent-smith-k merged 2 commits into
mainfrom
sync/public-2026-03-25

Conversation

@agent-smith-k

Copy link
Copy Markdown
Contributor

Summary

Syncs two changes from upstream:

  • Contribution guidelines: Adds CONTRIBUTING.md with instructions for submitting PRs, reporting bugs, and requesting features. Links it from the README table of contents.
  • Config file permissions fix: Replaces the write-then-chmod pattern in config and telemetry file writes with atomic writes that create temp files with mode 0600 from the start, then rename into place. Eliminates a brief window where credentials could be read by other local users.

Changes

  • New CONTRIBUTING.md with PR guidelines, code style, and security disclosure reference
  • README.md updated with Contributing section and TOC link
  • src/config.rs: save() now uses atomic_write_restricted instead of fs::write + set_permissions_0600
  • src/telemetry.rs: write_instance_id() uses the same atomic write pattern

Made with Cursor

Replace write-then-chmod with atomic write: create a temp file with
mode 0600 from the start via OpenOptionsExt, write content, fsync,
then rename into place. Eliminates the window where credentials could
be read by other local users between file creation and permission
restriction.
@agent-smith-k agent-smith-k merged commit b34790e into main Mar 25, 2026
12 checks passed
@agent-smith-k agent-smith-k deleted the sync/public-2026-03-25 branch March 25, 2026 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant