Merge pull request #954 from NousResearch/hermes/hermes-20ea56c0

fix(config): atomic write for .env to prevent API key loss on crash
2026-03-11 08:58:52 -07:00
parent 66c0b719de 3667138d05
commit 09b1de5f71
1 changed files with 14 additions and 2 deletions
--- a/hermes_cli/config.py
+++ b/hermes_cli/config.py
@@ -17,6 +17,7 @@ import platform
 import stat
 import subprocess
 import sys
+import tempfile
 from pathlib import Path
 from typing import Dict, Any, Optional, List, Tuple

@@ -958,8 +959,19 @@ def save_env_value(key: str, value: str):
            lines[-1] += "\n"
        lines.append(f"{key}={value}\n")
    
-    with open(env_path, 'w', **write_kw) as f:
-        f.writelines(lines)
+    fd, tmp_path = tempfile.mkstemp(dir=str(env_path.parent), suffix='.tmp', prefix='.env_')
+    try:
+        with os.fdopen(fd, 'w', **write_kw) as f:
+            f.writelines(lines)
+            f.flush()
+            os.fsync(f.fileno())
+        os.replace(tmp_path, env_path)
+    except BaseException:
+        try:
+            os.unlink(tmp_path)
+        except OSError:
+            pass
+        raise
    _secure_file(env_path)

    # Restrict .env permissions to owner-only (contains API keys)