Detail Bug Report
https://app.detail.dev/org_5f375fe3-a706-4e9a-a6f7-800f2439b3f6/bugs/bug_7607b5a9-2281-4256-9368-1e7d5528154c
Introduced in #222 by @tjdammann on Apr 3, 2026
Summary
- Context: The auth login command loads user configuration to determine API and app URLs.
- Bug:
storage::load_config().unwrap_or_default() silently falls back to production URLs when config parse errors occur, but the auto-update warning message only mentions "check for updates" — it does NOT inform the user that their custom api_url or app_url settings are being ignored.
- Actual vs. expected: Users should be clearly warned when their configured URLs are being ignored, not just that "check for updates" failed.
- Impact: Users authenticate against production when they configured staging/internal URLs, and the existing warning message is misleading about what's actually affected.
Code with Bug
AuthCommands::Login { token } => {
let config = storage::load_config().unwrap_or_default(); // <-- BUG 🔴 silently ignores config parse errors (falls back to defaults)
let api_url = config.api_url.as_deref().unwrap_or("https://api.detail.dev");
let app_url = config.app_url.as_deref().unwrap_or("https://app.detail.dev");Explanation
auth login always converts any config load/parse error into a default config via unwrap_or_default(). This causes api_url/app_url to fall back to production defaults even when the user has explicitly configured custom URLs, with no warning from the auth login path.
The warning users see during auth login originates from the auto-update flow, not from auth login’s own config load. As a result, the warning (“Failed to check for updates: Failed to parse config”) is misleading: the real behavioral change is that URL configuration is ignored and production endpoints are used.
Codebase Inconsistency
Two independent config-parse failures occur:
auto_update() → ... → update_config() fails to parse config and prints a warning.auth login → storage::load_config().unwrap_or_default() fails separately and silently uses defaults.
So the presence of an auto-update warning does not prevent auth login from discarding custom URLs.
Recommended Fix
Warn in the auth login code path when config parsing fails (while still defaulting to allow bootstrap/recovery):
let config = storage::load_config()
.inspect_err(|e| {
let _ = Term::stderr().write_line(&format!(
"Warning: Config file has errors, using default settings: {e}"
));
})
.unwrap_or_default();History
This bug was introduced in commit 89e9040. The "feat(auth): add browser auth flow" commit changed auth login from using load_config().ok().and_then(|c| c.api_url) to load_config().unwrap_or_default(), which silently discards user-configured URLs when the config file has parse errors.
Detail Bug Report
https://app.detail.dev/org_5f375fe3-a706-4e9a-a6f7-800f2439b3f6/bugs/bug_7607b5a9-2281-4256-9368-1e7d5528154c
Introduced in #222 by @tjdammann on Apr 3, 2026
Summary
storage::load_config().unwrap_or_default()silently falls back to production URLs when config parse errors occur, but the auto-update warning message only mentions "check for updates" — it does NOT inform the user that their customapi_urlorapp_urlsettings are being ignored.Code with Bug
Explanation
auth loginalways converts any config load/parse error into a default config viaunwrap_or_default(). This causesapi_url/app_urlto fall back to production defaults even when the user has explicitly configured custom URLs, with no warning from theauth loginpath.The warning users see during
auth loginoriginates from the auto-update flow, not fromauth login’s own config load. As a result, the warning (“Failed to check for updates: Failed to parse config”) is misleading: the real behavioral change is that URL configuration is ignored and production endpoints are used.Codebase Inconsistency
Two independent config-parse failures occur:
auto_update() → ... → update_config()fails to parse config and prints a warning.auth login → storage::load_config().unwrap_or_default()fails separately and silently uses defaults.So the presence of an auto-update warning does not prevent
auth loginfrom discarding custom URLs.Recommended Fix
Warn in the
auth logincode path when config parsing fails (while still defaulting to allow bootstrap/recovery):History
This bug was introduced in commit 89e9040. The "feat(auth): add browser auth flow" commit changed auth login from using
load_config().ok().and_then(|c| c.api_url)toload_config().unwrap_or_default(), which silently discards user-configured URLs when the config file has parse errors.