Index
axm_config
axm-config.
Non-sensitive runtime config under ~/.axm (env>file>default)
ConfigError
NamespaceStore
Read/write namespace sections of a single ~/.axm/config.toml.
Each namespace maps to a top-level (or nested, for a dotted namespace)
TOML table within one config.toml. Reads of an absent or malformed
file/section return {} rather than raising, so a consumer can rely on
the store at import time without a pre-existing ~/.axm directory.
Writes are atomic, preserve every other section, and leave the file
0600. A namespace node may be both a leaf (its own scalar/array
keys) and a prefix (nested child namespaces such as [git.default]
under [git]): those child sub-tables are re-attached on every write, so
setting a key under the parent never erases them. Legacy
~/.axm/<ns>.toml files are folded in on first write.
Source code in packages/axm-config/src/axm_config/store.py
| Python | |
|---|---|
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 | |
delete(ns, key)
Remove key from ns, rewriting atomically (no-op if absent).
Read-modify-write mirroring :meth:write over the whole
config.toml: the key is popped from the (legacy-folded) section. If
the section becomes empty it is dropped; if the file then holds no
section it is unlinked. A missing key (after folding) is a silent
no-op, but a pending legacy fold is still applied.
Source code in packages/axm-config/src/axm_config/store.py
namespaces()
Return every namespace path present in config.toml or legacy.
A leaf table (a mapping whose values are all scalars/arrays, i.e. an
actual namespace section) yields its dotted path. Legacy
~/.axm/<ns>.toml files contribute their stem. Used by the doctor to
enumerate "all known" namespaces when none is requested.
Source code in packages/axm-config/src/axm_config/store.py
read(ns)
Return the section for ns, or {} if absent/corrupt.
The [ns] section of config.toml is returned as a flat mapping
of that namespace's own keys: a dotted namespace maps to a nested
table, and any nested sub-table is a child namespace, not a key, so
it is excluded from the result. If the section is absent but a legacy
~/.axm/<ns>.toml exists, the legacy contents are returned so the
value stays visible before the fold. A missing file or a malformed
TOML payload both degrade to {}. Raises
:class:~axm_config.resolver.UnsafeHomeError (a :class:ConfigError)
only when ~/.axm cannot be used safely (HOME inside a git repo).
Source code in packages/axm-config/src/axm_config/store.py
write(ns, key, value)
Set key to value in ns, preserving every other section.
Read-modify-write of the whole config.toml: the full mapping is
loaded, the ns section folded with any legacy file and updated, and
the result serialised to a same-directory temp file atomically moved
into place via :func:os.replace; the file is chmod 0600. The
legacy ~/.axm/<ns>.toml (if any) is removed after the fold.
Source code in packages/axm-config/src/axm_config/store.py
UnsafeHomeError
Bases: ConfigError
Raised when ~/.axm cannot be used safely (e.g. a HOME in a git repo).
A :class:ConfigError subclass so every consumer surface that already
catches :class:ConfigError (the CLI, :func:load) degrades cleanly
instead of leaking the raw ValueError from
:func:axm_config.home.resolve_safe. The security refusal itself is
intentional; only its type is narrowed here so callers can handle it.
Source code in packages/axm-config/src/axm_config/resolver.py
axm_home()
Return the resolved ~/.axm directory, creating it 0700 if absent.
Idempotent: a pre-existing directory with looser permissions is tightened
back to 0700. Permission calls degrade gracefully on non-POSIX systems.
Source code in packages/axm-config/src/axm_config/home.py
delete(namespace, key)
Remove key from the [namespace] section of config.toml (no-op if absent).
namespace and key are validated first. Deleting an absent key (or a
namespace with no file) is a silent no-op — it never raises. After removal
the key resolves through the lower layers again (env, then default).
Source code in packages/axm-config/src/axm_config/resolver.py
get(namespace, key, *, default=None)
Return the resolved value for key in namespace.
Precedence is env > file > default. An env value is returned as the
raw str from the environment; file values keep their TOML-parsed type.
Source code in packages/axm-config/src/axm_config/resolver.py
load(namespace, model)
Build model from namespace, resolving each field by name.
Every field of model is resolved via :func:get (the field name is
the config key). Unresolved fields are omitted so pydantic applies the
field default; a required field that stays unresolved raises
:class:ConfigError instead of a raw ValidationError.
Source code in packages/axm-config/src/axm_config/resolver.py
resolve_safe(target)
Resolve target and refuse any path sitting inside a git repo.
Walks the resolved path and its ancestors looking for a .git marker
(a source checkout). Raises :class:ValueError rather than returning an
in-repo path; returns the resolved path otherwise.
Source code in packages/axm-config/src/axm_config/home.py
set_(namespace, key, value)
Persist key = value in the [namespace] section of config.toml.
namespace and key are validated against the safe-segment pattern
first (path-traversal guard). A value of None is routed to
:func:delete — TOML cannot encode None, so deleting the key is the
well-defined contract rather than a raw TypeError. Otherwise delegates
to :meth:NamespaceStore.write (atomic, 0600, other keys preserved).
Source code in packages/axm-config/src/axm_config/resolver.py
validate_segment(value, *, kind='segment')
Return value if it is a safe config segment, else raise ConfigError.
A segment is a namespace or a key: the single entry-point guard
against path traversal and env-name ambiguity. It must be a non-empty
str matching its kind's pattern — no path separators, no ..
traversal, no NUL byte — so it can never widen the on-disk
~/.axm/<ns>.toml path. Both patterns are lowercase-only (no
upper-case): the env-name surface upper-cases the segments, so accepting
both "Demo" and "demo" would let two distinct namespaces fold to
the same AXM_DEMO_* prefix — forbidding upper-case makes that
collision unrepresentable. The patterns differ by kind: a
"namespace" (:data:_NAMESPACE_RE) is lowercase-alphanumeric segments
joined by dots — no _ and no - — whereas a "key"
(:data:_KEY_RE) is lowercase-alphanumeric segments joined by single
_ (no ./-, no leading/trailing _, no doubled __) so the
derived env name stays POSIX-valid and the ns/key boundary is
unambiguous: only the namespace's dot-fold yields __, the key can
never forge one, and the lone single _ separates the folded namespace
from the key. Any other kind falls back to the namespace pattern.
Shared with every public boundary (and reused by the env-name surface) so
validation is declared exactly once.