refactor: dedupe config cli command trimmed readers

2026-04-14 10:41:23 +00:00 · 2026-04-08 00:47:02 +01:00
parent 3ff56020b1
commit 63e00b811e
43 changed files with 216 additions and 151 deletions
--- a/src/cli/security-cli.ts
+++ b/src/cli/security-cli.ts
@@ -3,6 +3,7 @@ import { loadConfig } from "../config/config.js";
 import { defaultRuntime } from "../runtime.js";
 import { runSecurityAudit } from "../security/audit.js";
 import { fixSecurityFootguns } from "../security/fix.js";
+import { normalizeOptionalString } from "../shared/string-coerce.js";
 import { formatDocsLink } from "../terminal/links.js";
 import { isRich, theme } from "../terminal/theme.js";
 import { shortenHomeInString, shortenHomePath } from "../utils.js";
@@ -60,6 +61,8 @@ export function registerSecurityCli(program: Command) {
    .option("--fix", "Apply safe fixes (tighten defaults + chmod state/config)", false)
    .option("--json", "Print JSON", false)
    .action(async (opts: SecurityAuditOptions) => {
+      const token = normalizeOptionalString(opts.token);
+      const password = normalizeOptionalString(opts.password);
      const fixResult = opts.fix ? await fixSecurityFootguns().catch((_err) => null) : null;

      const sourceConfig = loadConfig();
@@ -77,11 +80,8 @@ export function registerSecurityCli(program: Command) {
        includeFilesystem: true,
        includeChannelSecurity: true,
        deepProbeAuth:
-          opts.token?.trim() || opts.password?.trim()
-            ? {
-                ...(opts.token?.trim() ? { token: opts.token } : {}),
-                ...(opts.password?.trim() ? { password: opts.password } : {}),
-              }
+          token || password
+            ? { ...(token ? { token } : {}), ...(password ? { password } : {}) }
            : undefined,
      });