From 3c76dac4fdbf3d20417dde39890443c638f5d2c9 Mon Sep 17 00:00:00 2001 From: Hao Zhe Date: Tue, 26 May 2026 16:26:28 +0800 Subject: [PATCH] fix(memory): log OpenViking chmod failures --- plugins/memory/openviking/__init__.py | 4 ++-- tests/plugins/memory/test_openviking_provider.py | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/plugins/memory/openviking/__init__.py b/plugins/memory/openviking/__init__.py index c3180305fb0..1bd1dc1262d 100644 --- a/plugins/memory/openviking/__init__.py +++ b/plugins/memory/openviking/__init__.py @@ -535,8 +535,8 @@ def _env_writes_from_connection_values(values: dict) -> dict: def _restrict_secret_file_permissions(path: Path) -> None: try: path.chmod(stat.S_IRUSR | stat.S_IWUSR) - except OSError: - pass + except OSError as e: + logger.debug("Could not restrict permissions on %s: %s", path, e) def _write_env_vars(env_path: Path, env_writes: dict, remove_keys: tuple[str, ...] = ()) -> None: diff --git a/tests/plugins/memory/test_openviking_provider.py b/tests/plugins/memory/test_openviking_provider.py index af03fba0552..190f8ba1b78 100644 --- a/tests/plugins/memory/test_openviking_provider.py +++ b/tests/plugins/memory/test_openviking_provider.py @@ -76,6 +76,22 @@ def test_ovcli_config_writer_restricts_file_permissions(tmp_path): assert stat.S_IMODE(config_path.stat().st_mode) == 0o600 +def test_secret_permission_restriction_logs_chmod_failure(tmp_path, monkeypatch, caplog): + env_path = tmp_path / ".env" + env_path.write_text("OPENVIKING_API_KEY=secret\n", encoding="utf-8") + + def fail_chmod(self, mode): + raise OSError("read-only filesystem") + + monkeypatch.setattr(type(env_path), "chmod", fail_chmod) + + with caplog.at_level("DEBUG", logger=openviking_module.__name__): + openviking_module._restrict_secret_file_permissions(env_path) + + assert "Could not restrict permissions" in caplog.text + assert "read-only filesystem" in caplog.text + + def test_linked_ovcli_config_is_read_at_runtime(tmp_path, monkeypatch): _clear_openviking_env(monkeypatch) ovcli_path = tmp_path / "ovcli.conf"