Current behavior
auths signers sync always defaults to writing to ~/.ssh/allowed_signers. To write to the repo-local file, you must explicitly pass --output .auths/allowed_signers.
# Writes to ~/.ssh/allowed_signers (global)
auths signers sync
# Writes to repo-local file (must specify manually)
auths signers sync --output .auths/allowed_signers
Proposed behavior
When run inside a git repository, auths signers sync should detect it and default to writing to .auths/allowed_signers in the repo root. When run outside a git repo, keep the current ~/.ssh/allowed_signers default.
This makes the common case — syncing signers for the repo you're working in — a zero-argument command:
cd my-project
auths signers sync # writes to my-project/.auths/allowed_signers
Why
The current default (~/.ssh/allowed_signers) is a global file. Most users running auths signers sync inside a repo want to update that repo's allowed signers, not the global file. Requiring --output for the common case is a papercut that's easy to forget.
Current behavior
auths signers syncalways defaults to writing to~/.ssh/allowed_signers. To write to the repo-local file, you must explicitly pass--output .auths/allowed_signers.Proposed behavior
When run inside a git repository,
auths signers syncshould detect it and default to writing to.auths/allowed_signersin the repo root. When run outside a git repo, keep the current~/.ssh/allowed_signersdefault.This makes the common case — syncing signers for the repo you're working in — a zero-argument command:
Why
The current default (
~/.ssh/allowed_signers) is a global file. Most users runningauths signers syncinside a repo want to update that repo's allowed signers, not the global file. Requiring--outputfor the common case is a papercut that's easy to forget.