Recent commits to derivepassphrase.git (13f516c49b2cfabcaff8384f91d14e9d6c148646)

Support aliases in `--version` output (item feature lists)

2026-01-24T23:47:54+01:00

Whenever a list of feature items is given during `--version`, such as
"Supported subcommands", support adding a list of aliases to that item
(provided there is no line break in between, the aliases are marked as
such, and neither contain nested aliases nor parentheses).

Document this format somewhat more explicitly in
`tests.test_derivepassphrase_cli.test_all_cli.parse_version_output`, and
provide a more explicit reference parser/tokenizer as well.  That said,
the format is restricted enough to allow other parsers to somewhat
easily be written manually, or via a parser generator.

Though this could principally be used for the subcommands case (as also
used in the test cases for this functionality), the real beneficiary is
a piece of code I intend to commit next.
</pre>

Turn the built in SSH agent socket provider names into an enum

2026-01-24T22:59:24+01:00

This eliminates typos once and for all.  It also makes it really easy to
distinguish third-party socket providers from first-party ones, as the
enum cannot be amended later.  Finally, it centralizes the knowledge for
testing whether the socket provider is functional directly to the enum,
similar to the other version info "feature items".

(In fact, the "master SSH key" vault feature (`Features.SSH_KEY`) can
now delegate the feature support check to the socket provider name
enum.)
</pre>

Fix coverage slipups in SSH agent socket provider implementations

2026-01-24T22:18:05+01:00

</pre>

Rename the socket providers on Windows/The Annoying OS

2026-01-24T21:55:29+01:00

We expect the names to be user-facing soon, as part of the
configuration, choosing which SSH agent socket provider to use.  To that
end, the "The Annoying OS" moniker is a hindrance: nobody is likely to
understand it at a first glance (particularly non-programmers), and
conversely, users looking for configuration options pertaining to
Microsoft Windows will likely miss that socket providers containing the
`the_annoying_os` label are relevant to their query.

Insisting on the moniker thus does our users a huge (and completely
avoidable) disservice.  So, in the interest of clarity, rename the
`the_annoying_os` label parts to `windows`.

Since this makes some labels completely redundant, and since the test
suite is strongly fixated on the default label names, use this
opportunity to clean up the registry and the test suite machinery that
needs mock registries.
</pre>

Rework the documentation concerning SSH agent use

2026-01-21T22:55:28+01:00

</pre>

For interfaced SSH agents in the tests, set SSH_AUTH_SOCK manually

2026-01-18T17:35:34+01:00

Generally, if we have an abstract socket connected to an SSH agent, then
this is sufficient for us to construct a client based on the socket,
and interact with the agent as needed.

However, in the CLI tests, there are situations where we are
orchestrating the whole `derivepassphrase` application, and the
application must connect to the agent itself.  For these situations, we
need to set up the necessary configuration to pass the agent's socket
address to `derivepassphrase`.  For agents merely interfaced in the test
suite, we were not doing such a setup, causing orchestrated
`derivepassphrase` application instances to believe there was no agent
to connect to.

Fix this by (a) exposing the socket address on the socket object,
internal to the spawning/interfacing function, and (b) let interfacing
functions return a pair of socket and socket address, not just the
socket.  (We intend to keep the interface for actually obtaining the
address private to each interfacing function, because not all socket
objects can easily be retrofitted with extra methods to query the socket
address.)

(As a side effect, give the socket providers on The Annoying OS more
specific typing, so that the type checker can verify that the
interfacing functions are accessing the correct attributes and methods
for obtaining the socket address.)
</pre>

Use the "correct" wrong SSH_AUTH_SOCK value

2026-01-18T16:37:36+01:00

Some tests require a wrong SSH_AUTH_SOCK value where no SSH agent can be
listening, but which is nonetheless syntactically valid.  Since Windows
named pipes have a specific address format, syntactically valid but
wrong values look different on The Annoying OS than they look on POSIX.
So fill in wrong values OS-specifically, not generally: on POSIX, we use
what is clearly a directory, and on The Annoying OS, we use the common
pipe name prefix (which is also a directory).
</pre>

Prioritize WindowsNamedPipesNotAvailableError over other errors

2026-01-18T15:42:53+01:00

The SSH agent socket provider, by contract, must raise
`NotImplementedError` (or a subclass) if and only if the socket can
never be successfully constructed, on principle.  Conversely, if the
socket provider raises any other kind of error, then the socket *could*
be constructed on this system, principally.

In the specific case of Windows named pipes whose address is named by
the `SSH_AUTH_SOCK` environment variable, it is a programming error to
first check the environment variable value, allowing `KeyError` or
`ValueError` to bubble through to the caller, and only afterwards during
construction of the named pipe realize that there is no support.
</pre>

Fix coverage slipups and error messages in the Windows named pipe handles

2026-01-18T14:38:27+01:00

</pre>

Fix coverage slipup of socket provider alias registration

2026-01-18T14:25:44+01:00

When registering auto-detected new socket providers, registration should
fail if two different providers try to register the same alias.

The test suite originally contained a test case for this, but it used
the "posix" and "the_annoying_os" names as base names, which were
changed to aliases in 41029a5e6ef04a9870dcaf044b54a26af94260ab.  Thus,
the test *actually* attempted to register something that was previously
an alias as a new base name.  This was also an error (still is), and it
used the same error message, so the test continued to pass.  But it was
then exercising a different code branch, and thus the original code
branch was effectively lacking a dedicated test.

We fix this by resolving the now-aliased entry to its actual base name.
</pre>