A small feature release that adds a global --non-interactive mode for fnox exec and other resolve paths, so CI and scripted runs can rely on cached credentials and fail fast instead of hanging on auth prompts or device flows.
Added
Global --non-interactive / FNOX_NON_INTERACTIVE (#565) -- @jdx
A new top-level flag (and matching env var) disables prompts and browser-based auth flows for the entire invocation. It is propagated through the daemon protocol, so daemon-backed resolution behaves the same way as direct resolution -- including when fnox auto-starts daemon serve to handle the request.
fnox --non-interactive exec -- ./run-tests.sh
# or
FNOX_NON_INTERACTIVE=1 fnox exec -- ./run-tests.shIn non-interactive mode:
should_prompt_authno longer prompts, regardless of TTY orprompt_authconfig.- The
github-oauthlease backend still happily reuses cached and refreshable tokens, but fails immediately with a clearinteractive auth required for GitHub OAuth device authorizationerror instead of printing a user code and polling. The error hint points you at runningfnox lease create <lease-name>from an interactive terminal first.
This is intended for CI jobs, cron tasks, and other scripted runs where a hung prompt is worse than a fast failure.
Fixed
- CI now installs Vault as the qualified
hashicorp/tap/vaultformula on macOS so Homebrew treats it as an explicitly chosen tap formula under current tap-trust rules (#567) -- @jdx
Full Changelog: v1.27.1...v1.28.0
💚 Sponsor fnox
fnox is maintained by @jdx under en.dev — a small independent studio building developer tooling like mise, aube, hk, and more. Keeping fnox secure, maintained, and free is funded by sponsors.
If fnox is handling secrets or config for you or your team, please consider sponsoring at en.dev. Sponsorships are what let fnox stay independent and the project keep moving.