feat(studio): registry credentials panel in Settings (v0.44.0)

The hub install path now reads `~/.fai/registry-token` as a
fallback when `FAI_REGISTRY_TOKEN` is unset (platform v0.10.92).
Studio now writes that file directly: a fresh operator pastes
the PAT into Settings → Registry credentials, hits Save, and
the next install attempt resolves the auth wall without any
shell or env-var setup.

The token never round-trips back into Studio after save —
status is shown only as "Configured (40 chars)" / "Not set"
with no display of the secret itself. The Clear action deletes
the file. On Unix the file is chmod-ed to 0600 (owner-only
read/write); Windows leaves the default user ACL in place.

Storage is strictly local: `~/.fai/registry-token`, never sent
to a remote service. The hint text under the field says so to
make the data flow explicit.

Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
This commit is contained in:
flemming-it 2026-05-09 13:38:47 +02:00
parent 01f3f773cf
commit 878f0a4e28
8 changed files with 464 additions and 6 deletions

View file

@ -434,6 +434,22 @@
"@flowsOpenInEditorFailed": {
"placeholders": { "error": { "type": "String" } }
},
"registryCredentialsHeader": "REGISTRY CREDENTIALS",
"registryCredentialsBlurb": "Token used to download .fai modules from a registry behind a signin wall (Forgejo, GitHub-private). Stored at ~/.fai/registry-token, mode 0600. The FAI_REGISTRY_TOKEN env var still wins when set.",
"registryTokenStatusConfigured": "Configured ({chars} chars)",
"@registryTokenStatusConfigured": { "placeholders": { "chars": { "type": "int" } } },
"registryTokenStatusNotSet": "Not set",
"registryTokenFieldLabel": "Token",
"registryTokenFieldHint": "Paste your Forgejo or GitHub personal access token",
"registryTokenSaveButton": "Save",
"registryTokenClearButton": "Clear",
"registryTokenStorageHint": "Saved locally to ~/.fai/registry-token. Never sent to a remote service.",
"registryTokenSavedToast": "Registry token saved.",
"registryTokenClearedToast": "Registry token cleared.",
"registryTokenSaveFailedToast": "Could not save: {error}",
"@registryTokenSaveFailedToast": {
"placeholders": { "error": { "type": "String" } }
},
"welcomeChecklistAllSetTitle": "You're set up.",
"welcomeChecklistAllSetBody": "Three threads to pull on next:",
"welcomeChecklistNextAuditTitle": "Read the audit log",