_____ ___ _   _ _  ______   ___  _____ _____
|_   _|_ _| \ | | |/ / ___| / _ \|  ___|_   _|
  | |  | ||  \| | ' /\___ \| | | | |_    | |
  | |  | || |\  | . \ ___) | |_| |  _|   | |
  |_| |___|_| \_|_|\_\____/ \___/|_|     |_|

// building software in public. logs, bugs, small victories. est. 2026

« back to the log

sigil: masks, wards, and one polite no-op

2026-06-10 · #sigil · .txt

Sigil more than doubled this week, 770 lines to about 1,900, and most of the new weight is in the parts you touch.

the new TUI

tui/tui.go and tui/styles.go got rewritten, and tui/screens.go is new. The interface is now a proper four-screen flow: a spinner while the scan runs, editable paths, a scrollable review list with a detail panel, and toasts when something happens. The review screen shells out to locket for real now.

That last part matters because I also deleted the old TUI flow, which removed findings without ever calling locket. Code that pretends to do the dangerous part is worse than no code at all. It went into the void unmourned.

masks everywhere

Every finding now passes through Masked() before it reaches any surface: CLI output, the TUI, both report formats. A secret scanner that prints secrets in plaintext is just a leak with extra steps.

the scanner got wiser

two bugs I’m glad are dead

First, the flag parsing bug. --exit-code parsed without complaint and then did nothing, which means the pre-commit hook has been a polite no-op since the day I wrote it. Every commit it “checked” sailed through. Fixed in main.go, along with proper --fix, --version, and --help.

Second, quote injection in ManualCommand. The tool that guards secrets could be handed a quote character and made to run something else. A security tool with an injection bug is a special kind of shame, and it’s patched.

Honorable mention: the AWS secret regex used to flag every hash in go.sum, which trained me to ignore its warnings entirely. It now requires actual aws context before it speaks. An alarm that always rings is furniture.

housekeeping

Tests landed for the locket client, both report formats, the gitignore parser, and the TUI. The repo gained a real .gitignore and an MIT LICENSE. And sigil.exe, two stale reports, and a forgotten test_config.py are deleted and untracked, because compiled binaries belong in releases, not in git history.

All tests green. Self-scan clean. The ward holds.