Audit finding from #300 (commit 679f9fe)
Severity: low
Category: tech debt / portability
File: crates/replay/src/main.rs:12 (/etc/willow/replay.key), crates/storage/src/main.rs:14,22 (/etc/willow/storage.key, /var/lib/willow/storage.db)
Obvious fix: yes
Description
Linux-specific absolute paths are baked into 3 clap defaults across replay and storage binaries. (Note: the /tmp/test-worker.key site originally lumped here is a struct-field default, not a clap default_value, and is tracked separately in TD-13.) No typed env-loader exists; the codebase uses std::env::var only in crates/agent/src/auth.rs:88 (a test temp dir).
Impact / Threat
Maintenance — unportable, surprising on macOS / non-FHS layouts.
Suggested fix
Derive defaults from directories::ProjectDirs or dirs::data_dir() and hold the resolved paths in a small typed-config helper (see also TD-11).
Verify
rg "default_value\s*=\s*\"/" crates --type rust
Audit finding from #300 (commit 679f9fe)
Severity: low
Category: tech debt / portability
File: crates/replay/src/main.rs:12 (
/etc/willow/replay.key), crates/storage/src/main.rs:14,22 (/etc/willow/storage.key,/var/lib/willow/storage.db)Obvious fix: yes
Description
Linux-specific absolute paths are baked into 3 clap defaults across
replayandstoragebinaries. (Note: the/tmp/test-worker.keysite originally lumped here is a struct-field default, not a clapdefault_value, and is tracked separately in TD-13.) No typed env-loader exists; the codebase usesstd::env::varonly incrates/agent/src/auth.rs:88(a test temp dir).Impact / Threat
Maintenance — unportable, surprising on macOS / non-FHS layouts.
Suggested fix
Derive defaults from
directories::ProjectDirsordirs::data_dir()and hold the resolved paths in a small typed-config helper (see also TD-11).Verify
rg "default_value\s*=\s*\"/" crates --type rust