Skip to content

refactor(windows): trim dead fields from New-DreamEnv return hash#1012

Open
yasinBursali wants to merge 2 commits intoLight-Heart-Labs:mainfrom
yasinBursali:refactor/windows-env-result-trim
Open

refactor(windows): trim dead fields from New-DreamEnv return hash#1012
yasinBursali wants to merge 2 commits intoLight-Heart-Labs:mainfrom
yasinBursali:refactor/windows-env-result-trim

Conversation

@yasinBursali
Copy link
Copy Markdown
Contributor

@yasinBursali yasinBursali commented Apr 23, 2026
edited
Loading

✅ Rebased on current main 2026-04-28 (post-#996)

Original PR trimmed the dead EnvPath + DashboardKey fields from New-DreamEnv's return hash. After #996 merged (which renamed DashboardKeyDreamAgentKey while adding a DREAM_AGENT_KEY=... line to the .env heredoc), $envResult.DreamAgentKey is also dead surface (zero readers anywhere in the tree — host agent reads DREAM_AGENT_KEY from .env directly via Docker env-file injection, not from the PowerShell return value).

Per the audit ask and this PR's own merge-order coordination clause, I dropped DreamAgentKey along with EnvPath on rebase. The return hash now contains exactly the 2 fields with live readers: SearxngSecret + OpenclawToken.

What

Reduces the $envResult hashtable returned by New-DreamEnv from four fields (EnvPath, SearxngSecret, OpenclawToken, DreamAgentKey — was DashboardKey pre-#996) to the two that are actually consumed (SearxngSecret, OpenclawToken). Updates header comments and the dry-run stub to match.

Files touched:

  • dream-server/installers/windows/lib/env-generator.ps1 — return block
  • dream-server/installers/windows/install-windows.ps1 — header comment
  • dream-server/installers/windows/phases/06-directories.ps1 — header comment + dry-run stub
  • dream-server/installers/windows/phases/07-devtools.ps1 — header comment (additional commit 414c41ec drops the misleading $envResult reference entirely; phase 07 doesn't actually read from the hash)

Why

Pure code hygiene. A full grep of installers/windows/ confirms $envResult.EnvPath, $envResult.DashboardKey (pre-#996), and $envResult.DreamAgentKey (post-#996) are never accessed. These fields were stale API surface that drifted past what any caller needs; the headers pointed consumers at properties that would silently return $null if accessed.

DASHBOARD_API_KEY and DREAM_AGENT_KEY themselves are unaffected — $dashboardApiKey and $dreamAgentKey are still generated via Get-EnvOrNew "<KEY>" and written to .env through the heredoc (lines 287 + 289 of env-generator.ps1). Only their unused return-hash surface was dropped.

How

  • Return block: remove EnvPath and DreamAgentKey lines (the latter introduced by fix(windows): generate DREAM_AGENT_KEY in installer env-generator.ps1 #996); keep SearxngSecret and OpenclawToken with existing alignment.
  • Dry-run stub in phase 06: trim to the same 2 fields so real/dry-run shapes remain symmetric.
  • Header comments in install-windows.ps1, phases/06-directories.ps1, and phases/07-devtools.ps1: updated to advertise only the fields the function actually emits. Phase 07's Reads: block additionally drops the entire $envResult line — phase 07 reads only $dryRun, $cloudMode, $installDir, $tierConfig, $script:OPENCODE_*.

Testing

  • Grep coverage: git grep '$envResult\.' dream-server/installers/windows/ → exactly .SearxngSecret and .OpenclawToken. Zero references to .EnvPath, .DashboardKey, or .DreamAgentKey anywhere.
  • Pre-commit (gitleaks / private-key / large-file) — clean.
  • PSScriptAnalyzer could not be run on the macOS dev host — maintainer should run Invoke-ScriptAnalyzer -Path dream-server/installers/windows/ -Recurse on Windows before merge. CI gate lint-powershell.yml covers this on push.

Manual Windows test checklist (WSL2 + Docker Desktop + PowerShell 7+)

  1. pwsh -NoProfile -ExecutionPolicy Bypass -File install-windows.ps1 -DryRun — phase 06 prints dry-run messages; no MissingProperty errors; $envResult populated with 2 fields.
  2. Fresh install pwsh -NoProfile -ExecutionPolicy Bypass -File install-windows.ps1.env contains non-empty values for DASHBOARD_API_KEY, DREAM_AGENT_KEY, SEARXNG_SECRET, OPENCLAW_TOKEN; config/searxng/settings.yml and config/openclaw/openclaw.json have the generated secrets.
  3. Re-install over existing .envDASHBOARD_API_KEY and DREAM_AGENT_KEY preserved byte-for-byte (Get-EnvOrNew path).
  4. Invoke-ScriptAnalyzer -Path dream-server/installers/windows/ -Recurse — no new warnings against the four modified files.

Platform Impact

  • Windows (only platform touched): no runtime behavior change. Callers that read $envResult.SearxngSecret / .OpenclawToken still work. Zero references to the removed .EnvPath / .DashboardKey / .DreamAgentKey exist anywhere in the tree.
  • Linux: N/A — no files in installers/linux/ or Linux-reachable paths touched.
  • macOS: N/A — no files in installers/macos/ or macOS-reachable paths touched.

@yasinBursali yasinBursali mentioned this pull request Apr 23, 2026
Closed
@Lightheartdevs
Copy link
Copy Markdown
Collaborator

Lightheartdevs commented Apr 28, 2026

Audit follow-up: needs rebase after #996.

#996 has now landed the Windows DREAM_AGENT_KEY lifecycle work. This PR conflicts in the Windows env-generator return hash, so please rebase on current main and make an explicit decision about preserving/removing DreamAgentKey in the returned structure.

yasinBursali and others added 2 commits April 28, 2026 23:00
@yasinBursali @claude
refactor(windows): trim dead fields from New-DreamEnv return hash
1a6a6ce 
$envResult returned a 4-field hashtable (EnvPath, SearxngSecret,
OpenclawToken, DashboardKey) but phase 06 only reads SearxngSecret and
OpenclawToken. EnvPath and DashboardKey have zero runtime readers; the
dry-run stub and three header comments advertised fields that were
never consumed.

Drops EnvPath and DashboardKey from the return and from the dry-run
stub. DASHBOARD_API_KEY continues to be generated and written to .env
by the function body - only the return-hash surface was trimmed.

Pure code hygiene; no runtime behavior change on Windows.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@yasinBursali @claude
docs(windows): drop misleading envResult Reads claim from 07-devtools
414c41e 
Phase 07's header comment listed $envResult under Reads, but a body-wide
search shows 07-devtools.ps1 never actually reads $envResult.OpenclawToken
(or any field). This stale claim was inherited from upstream/main and
predates the return-hash trim — the trim brought it from "(OpenclawToken,
DreamAgentKey)" down to "(OpenclawToken)", but the field has zero readers
in this phase regardless.

The Reads section now lists only the variables 07-devtools actually
consumes ($dryRun, $cloudMode, $installDir, $tierConfig, $script:OPENCODE_*).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@yasinBursali yasinBursali force-pushed the refactor/windows-env-result-trim branch from 2c5e451 to 414c41e Compare April 28, 2026 20:24
@yasinBursali
Copy link
Copy Markdown
Contributor Author

yasinBursali commented Apr 28, 2026

Pushed the rebased state. Per the audit ask and this PR's own merge-order coordination clause, dropped DreamAgentKey (the 4th field #996 added) along with the original EnvPath — empirically zero readers anywhere in the tree. $dreamAgentKey variable still emitted to .env heredoc at line 289, so #996's actual write-path is untouched.

Follow-up commit 414c41ec per CG review: phase 07's Reads: section listed $envResult but the body never actually reads from it (pre-existing stale claim inherited from upstream). Removed.

PSScriptAnalyzer can't run locally on macOS — lint-powershell.yml CI gate covers this on push. Description updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yasinBursali @Lightheartdevs