chore: adopt byteness/keyring v1.11.0 opt-out tags as standard build configuration#59
Merged
Merged
Conversation
Picks up the per-backend opt-out build tags (upstream PR #94 / issue #93): keyring_no1password and keyring_nopassage are safe for all credstore consumers; keyring_nofile and keyring_nopass are not, because credstore exposes the file and pass backends in cgo builds. Refs #57
CI builds and tests credstore with keyring_no1password,keyring_nopassage (the standard consumer tag set per working-with-secrets.md §1.10). §1.10 flips from documented-trade-off to normative build configuration now that the tags shipped in byteness/keyring v1.11.0; keyring_nofile and keyring_nopass stay excluded because credstore exposes those backends in cgo builds. Refs #57
monit-reviewer
approved these changes
Jun 11, 2026
monit-reviewer
left a comment
monit-reviewer
left a comment
There was a problem hiding this comment.
Automated PR Review
Reviewed commit: ea99133
Summary
No issues found.
Completed in 40s | $0.88 | sonnet | daemon 0.2.127 | Glorfindel
| Field | Value |
|---|---|
| Model | sonnet |
| Reviewers | hybrid-synthesis, documentation:docs-reviewer, harness-engineering:harness-architecture-reviewer, harness-engineering:harness-enforcement-reviewer, harness-engineering:harness-knowledge-reviewer |
| Engine | claude · sonnet |
| Reviewed by | pr-review-daemon · monit-pr-reviewer |
| Duration | 40s wall · 37s compute (Reviewers: 29s · Synthesis: 8s) |
| Cost | $0.88 (estimated) |
| Tokens | 187.3k in / 2.8k out |
| Turns | 10 |
Per-workstream usage
| Workstream | Model | In | Out | Cache read | Cache create | Cost |
|---|---|---|---|---|---|---|
| hybrid-synthesis | sonnet | 33.4k | 170 | 13.8k | 19.6k (1h) | $0.12 |
| documentation:docs-reviewer | sonnet | 34.1k | 943 | 11.2k | 22.9k (1h) | $0.15 |
| harness-engineering:harness-architecture-reviewer | sonnet | 39.6k | 410 | 13.8k | 25.8k (1h) | $0.17 |
| harness-engineering:harness-enforcement-reviewer | sonnet | 40.6k | 1.0k | 11.2k | 29.4k (1h) | $0.20 |
| harness-engineering:harness-knowledge-reviewer | sonnet | 39.7k | 237 | 0 | 39.7k (1h) | $0.24 |
Re-reviews only run when @monit-reviewer is re-requested as a reviewer — push as many commits as you need, then re-request when ready. PRs targeting branches other than main, master are skipped, even when @monit-reviewer is re-requested.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs #57
byteness/keyringv1.9.3 → v1.11.0, which ships the per-backend opt-out build tags (Proposal: per-backend opt-out build tags for the cross-platform backends ByteNess/keyring#93/#94).-tags keyring_no1password,keyring_nopassage— the standard consumer tag set. Verified locally: the 1Password tree (59 packages incl. wazero and jaeger) disappears from credstore's import graph under the tag.working-with-secrets.md§1.10 flips from documented-trade-off to normative build configuration: consumer CLIs MUST build with the two tags;keyring_nofile/keyring_nopassMUST NOT be used because credstore exposes thefileandpassbackends in cgo builds.docs/development.mdpointer updated to match.Consumer rollout (Makefile/ci/goreleaser
-tagsin each CLI) follows separately per the #57 checklist.