warnPolicyError writes a one-line stderr warning when the user policy fails to load. V1 yaml errors are fail-OPEN -- the CLI keeps running without policy enforcement so the user can fix the typo. Plugin-supplied rules are fail-CLOSED instead because integrators take a code-level responsibility for t
(errOut io.Writer, err error)
| 284 | // the home prefix to "~" before emitting so stderr piped into agents / |
| 285 | // CI logs does not leak the user's home directory. |
| 286 | func warnPolicyError(errOut io.Writer, err error) { |
| 287 | if err == nil { |
| 288 | return |
| 289 | } |
| 290 | fmt.Fprintf(errOut, "warning: user policy not applied: %s\n", redactHome(err.Error())) |
| 291 | } |
| 292 | |
| 293 | func redactHome(s string) string { |
| 294 | if home, err := vfs.UserHomeDir(); err == nil && home != "" { |