rename config keys: client_id/client_secret → inbox_app_id/inbox_app_secret

Clean break rename across config, auth store, CLI flags, env vars,
and all tests. Aligns with HelpScout's own "App ID"/"App Secret"
terminology and adds inbox_ prefix to all inbox-specific config keys.

Author: rmorse

internal/api/integration_test.go

@@ -12,10 +12,10 @@ import (
 
 func integrationClient(t *testing.T) *Client {
 	t.Helper()
-	clientID := os.Getenv("HS_CLIENT_ID")
-	clientSecret := os.Getenv("HS_CLIENT_SECRET")
+	clientID := os.Getenv("HS_INBOX_APP_ID")
+	clientSecret := os.Getenv("HS_INBOX_APP_SECRET")
 	if clientID == "" || clientSecret == "" {
-		t.Skip("HS_CLIENT_ID and HS_CLIENT_SECRET required")
+		t.Skip("HS_INBOX_APP_ID and HS_INBOX_APP_SECRET required")
 	}
 	return New(context.Background(), clientID, clientSecret, true)
 }

internal/auth/store.go

@@ -4,28 +4,28 @@ import "github.com/zalando/go-keyring"
 
 const service = "hs-cli"
 
-func StoreCredentials(clientID, clientSecret string) error {
-	if err := keyring.Set(service, "client_id", clientID); err != nil {
+func StoreInboxCredentials(appID, appSecret string) error {
+	if err := keyring.Set(service, "inbox_app_id", appID); err != nil {
 		return err
 	}
-	return keyring.Set(service, "client_secret", clientSecret)
+	return keyring.Set(service, "inbox_app_secret", appSecret)
 }
 
-func LoadCredentials() (clientID, clientSecret string, err error) {
-	clientID, err = keyring.Get(service, "client_id")
+func LoadInboxCredentials() (appID, appSecret string, err error) {
+	appID, err = keyring.Get(service, "inbox_app_id")
 	if err != nil {
 		return "", "", err
 	}
-	clientSecret, err = keyring.Get(service, "client_secret")
+	appSecret, err = keyring.Get(service, "inbox_app_secret")
 	if err != nil {
 		return "", "", err
 	}
-	return clientID, clientSecret, nil
+	return appID, appSecret, nil
 }
 
-func DeleteCredentials() error {
-	_ = keyring.Delete(service, "client_id")
-	_ = keyring.Delete(service, "client_secret")
+func DeleteInboxCredentials() error {
+	_ = keyring.Delete(service, "inbox_app_id")
+	_ = keyring.Delete(service, "inbox_app_secret")
 	return nil
 }
 

internal/cmd/cmd_test.go

@@ -51,12 +51,12 @@ func saveRestore(t *testing.T) {
 	origVersionStr := versionStr
 	origUpdateDir := selfupdate.DirOverride
 	origUpdateResult := updateResult
-	origSetClientID := setClientID
-	origSetClientSecret := setClientSecret
-	origSetDefaultMailbox := setDefaultMailbox
+	origSetClientID := setInboxAppID
+	origSetClientSecret := setInboxAppSecret
+	origSetDefaultMailbox := setInboxMailbox
 	origSetFormat := setFormat
-	origSetPIIMode := setPIIMode
-	origSetPIIAllowRaw := setPIIAllowRaw
+	origSetPIIMode := setInboxPIIMode
+	origSetPIIAllowRaw := setInboxPIIAllow
 
 	selfupdate.DirOverride = t.TempDir()
 
@@ -73,12 +73,12 @@ func saveRestore(t *testing.T) {
 		versionStr = origVersionStr
 		selfupdate.DirOverride = origUpdateDir
 		updateResult = origUpdateResult
-		setClientID = origSetClientID
-		setClientSecret = origSetClientSecret
-		setDefaultMailbox = origSetDefaultMailbox
+		setInboxAppID = origSetClientID
+		setInboxAppSecret = origSetClientSecret
+		setInboxMailbox = origSetDefaultMailbox
 		setFormat = origSetFormat
-		setPIIMode = origSetPIIMode
-		setPIIAllowRaw = origSetPIIAllowRaw
+		setInboxPIIMode = origSetPIIMode
+		setInboxPIIAllow = origSetPIIAllowRaw
 		configSetCmd.Flags().VisitAll(func(f *pflag.Flag) {
 			f.Changed = false
 		})
@@ -138,8 +138,8 @@ func TestAuthStatus_NotAuthenticated_E2E(t *testing.T) {
 	_, buf := setupE2E(t)
 
 	// No credentials anywhere
-	t.Setenv("HS_CLIENT_ID", "")
-	t.Setenv("HS_CLIENT_SECRET", "")
+	t.Setenv("HS_INBOX_APP_ID", "")
+	t.Setenv("HS_INBOX_APP_SECRET", "")
 
 	rootCmd.SetArgs([]string{"inbox", "auth", "status"})
 	require.NoError(t, rootCmd.Execute())
@@ -153,17 +153,17 @@ func TestAuthStatus_WithConfigCreds_E2E(t *testing.T) {
 	// Write config with credentials
 	cfgFile := filepath.Join(home, ".config", "hs", "config.yaml")
 	require.NoError(t, config.Save(cfgFile, &config.Config{
-		ClientID:     "test-id-1234abcd",
-		ClientSecret: "test-secret",
+		InboxAppID:     "test-id-1234abcd",
+		InboxAppSecret: "test-secret",
 	}))
 	cfgPath = cfgFile
 
 	// auth status reads from keyring first, then config.
 	// In isolated env, keyring will fail, so it falls through to config.
 	// However, the current auth status command only checks keyring via auth.LoadCredentials.
 	// Let's use env vars instead for a reliable test.
-	t.Setenv("HS_CLIENT_ID", "test-id-1234abcd")
-	t.Setenv("HS_CLIENT_SECRET", "test-secret")
+	t.Setenv("HS_INBOX_APP_ID", "test-id-1234abcd")
+	t.Setenv("HS_INBOX_APP_SECRET", "test-secret")
 
 	// Auth status checks keyring directly, not config.
 	// In CI/isolated env, keyring will fail. So auth status says "Not authenticated".
@@ -188,15 +188,15 @@ func TestConfigCredentialPath_E2E(t *testing.T) {
 	home, _ := setupE2E(t)
 
 	// Set credentials via env vars (highest priority)
-	t.Setenv("HS_CLIENT_ID", "env-id-test")
-	t.Setenv("HS_CLIENT_SECRET", "env-secret-test")
+	t.Setenv("HS_INBOX_APP_ID", "env-id-test")
+	t.Setenv("HS_INBOX_APP_SECRET", "env-secret-test")
 
 	// Config should pick up env vars
 	cfgFile := filepath.Join(home, ".config", "hs", "config.yaml")
 	loaded, err := config.Load(cfgFile)
 	require.NoError(t, err)
-	assert.Equal(t, "env-id-test", loaded.ClientID)
-	assert.Equal(t, "env-secret-test", loaded.ClientSecret)
+	assert.Equal(t, "env-id-test", loaded.InboxAppID)
+	assert.Equal(t, "env-secret-test", loaded.InboxAppSecret)
 }
 
 func TestConfigFile_E2E(t *testing.T) {
@@ -205,22 +205,22 @@ func TestConfigFile_E2E(t *testing.T) {
 	// Write config
 	cfgFile := filepath.Join(home, ".config", "hs", "config.yaml")
 	require.NoError(t, config.Save(cfgFile, &config.Config{
-		ClientID:       "file-id",
-		ClientSecret:   "file-secret",
-		DefaultMailbox: 12345,
+		InboxAppID:       "file-id",
+		InboxAppSecret:   "file-secret",
+		InboxDefaultMailbox: 12345,
 		Format:         "json",
 	}))
 
 	// Clear env vars so config file is used
-	t.Setenv("HS_CLIENT_ID", "")
-	t.Setenv("HS_CLIENT_SECRET", "")
+	t.Setenv("HS_INBOX_APP_ID", "")
+	t.Setenv("HS_INBOX_APP_SECRET", "")
 	t.Setenv("HS_FORMAT", "")
 
 	loaded, err := config.Load(cfgFile)
 	require.NoError(t, err)
-	assert.Equal(t, "file-id", loaded.ClientID)
-	assert.Equal(t, "file-secret", loaded.ClientSecret)
-	assert.Equal(t, 12345, loaded.DefaultMailbox)
+	assert.Equal(t, "file-id", loaded.InboxAppID)
+	assert.Equal(t, "file-secret", loaded.InboxAppSecret)
+	assert.Equal(t, 12345, loaded.InboxDefaultMailbox)
 	assert.Equal(t, "json", loaded.Format)
 }
 
@@ -230,20 +230,20 @@ func TestEnvOverridesConfig_E2E(t *testing.T) {
 	// Write config with one set of creds
 	cfgFile := filepath.Join(home, ".config", "hs", "config.yaml")
 	require.NoError(t, config.Save(cfgFile, &config.Config{
-		ClientID:     "file-id",
-		ClientSecret: "file-secret",
+		InboxAppID:     "file-id",
+		InboxAppSecret: "file-secret",
 		Format:       "table",
 	}))
 
 	// Env vars override
-	t.Setenv("HS_CLIENT_ID", "env-id")
-	t.Setenv("HS_CLIENT_SECRET", "env-secret")
+	t.Setenv("HS_INBOX_APP_ID", "env-id")
+	t.Setenv("HS_INBOX_APP_SECRET", "env-secret")
 	t.Setenv("HS_FORMAT", "json")
 
 	loaded, err := config.Load(cfgFile)
 	require.NoError(t, err)
-	assert.Equal(t, "env-id", loaded.ClientID)
-	assert.Equal(t, "env-secret", loaded.ClientSecret)
+	assert.Equal(t, "env-id", loaded.InboxAppID)
+	assert.Equal(t, "env-secret", loaded.InboxAppSecret)
 	assert.Equal(t, "json", loaded.Format)
 }
 

internal/cmd/config.go

@@ -10,12 +10,14 @@ import (
 )
 
 var (
-	setClientID       string
-	setClientSecret   string
-	setDefaultMailbox int
-	setFormat         string
-	setPIIMode        string
-	setPIIAllowRaw    bool
+	setInboxAppID      string
+	setInboxAppSecret  string
+	setInboxMailbox    int
+	setInboxPIIMode    string
+	setInboxPIIAllow   bool
+	setDocsAPIKey      string
+	setDocsPermissions string
+	setFormat          string
 
 	configCmd    *cobra.Command
 	configSetCmd *cobra.Command
@@ -41,12 +43,14 @@ func newConfigSetCmd() *cobra.Command {
 		Short: "Set config values",
 		RunE:  runConfigSet,
 	}
-	cmd.Flags().StringVar(&setClientID, "client-id", "", "HelpScout Client ID")
-	cmd.Flags().StringVar(&setClientSecret, "client-secret", "", "HelpScout Client Secret")
-	cmd.Flags().IntVar(&setDefaultMailbox, "default-mailbox", 0, "default mailbox ID")
+	cmd.Flags().StringVar(&setInboxAppID, "inbox-app-id", "", "HelpScout Inbox App ID")
+	cmd.Flags().StringVar(&setInboxAppSecret, "inbox-app-secret", "", "HelpScout Inbox App Secret")
+	cmd.Flags().IntVar(&setInboxMailbox, "inbox-default-mailbox", 0, "default mailbox ID")
 	cmd.Flags().StringVar(&setFormat, "format", "", "output format: table|json|csv")
-	cmd.Flags().StringVar(&setPIIMode, "pii-mode", "", "PII redaction mode: off|customers|all")
-	cmd.Flags().BoolVar(&setPIIAllowRaw, "pii-allow-unredacted", false, "allow per-request --unredacted override")
+	cmd.Flags().StringVar(&setInboxPIIMode, "inbox-pii-mode", "", "PII redaction mode: off|customers|all")
+	cmd.Flags().BoolVar(&setInboxPIIAllow, "inbox-pii-allow-unredacted", false, "allow per-request --unredacted override")
+	cmd.Flags().StringVar(&setDocsAPIKey, "docs-api-key", "", "HelpScout Docs API key")
+	cmd.Flags().StringVar(&setDocsPermissions, "docs-permissions", "", "Docs permission policy")
 	return cmd
 }
 
@@ -82,26 +86,32 @@ func runConfigSet(cmd *cobra.Command, args []string) error {
 		existing = &config.Config{}
 	}
 
-	if cmd.Flags().Changed("client-id") {
-		existing.ClientID = setClientID
+	if cmd.Flags().Changed("inbox-app-id") {
+		existing.InboxAppID = setInboxAppID
 	}
-	if cmd.Flags().Changed("client-secret") {
-		existing.ClientSecret = setClientSecret
+	if cmd.Flags().Changed("inbox-app-secret") {
+		existing.InboxAppSecret = setInboxAppSecret
 	}
-	if cmd.Flags().Changed("default-mailbox") {
-		existing.DefaultMailbox = setDefaultMailbox
+	if cmd.Flags().Changed("inbox-default-mailbox") {
+		existing.InboxDefaultMailbox = setInboxMailbox
 	}
 	if cmd.Flags().Changed("format") {
 		existing.Format = setFormat
 	}
-	if cmd.Flags().Changed("pii-mode") {
-		if !pii.IsValidMode(setPIIMode) {
-			return fmt.Errorf("invalid --pii-mode: %q (expected off|customers|all)", setPIIMode)
+	if cmd.Flags().Changed("inbox-pii-mode") {
+		if !pii.IsValidMode(setInboxPIIMode) {
+			return fmt.Errorf("invalid --inbox-pii-mode: %q (expected off|customers|all)", setInboxPIIMode)
 		}
-		existing.PIIMode = setPIIMode
+		existing.InboxPIIMode = setInboxPIIMode
 	}
-	if cmd.Flags().Changed("pii-allow-unredacted") {
-		existing.PIIAllowUnredacted = setPIIAllowRaw
+	if cmd.Flags().Changed("inbox-pii-allow-unredacted") {
+		existing.InboxPIIAllowUnredacted = setInboxPIIAllow
+	}
+	if cmd.Flags().Changed("docs-api-key") {
+		existing.DocsAPIKey = setDocsAPIKey
+	}
+	if cmd.Flags().Changed("docs-permissions") {
+		existing.DocsPermissions = setDocsPermissions
 	}
 
 	if err := config.Save(path, existing); err != nil {
@@ -122,28 +132,34 @@ func runConfigGet(cmd *cobra.Command, args []string) error {
 	out := cmd.OutOrStdout()
 
 	if len(args) == 0 {
-		fmt.Fprintf(out, "client-id: %s\n", c.ClientID)
-		fmt.Fprintf(out, "client-secret: %s\n", c.ClientSecret)
-		fmt.Fprintf(out, "default-mailbox: %d\n", c.DefaultMailbox)
+		fmt.Fprintf(out, "inbox-app-id: %s\n", c.InboxAppID)
+		fmt.Fprintf(out, "inbox-app-secret: %s\n", c.InboxAppSecret)
+		fmt.Fprintf(out, "inbox-default-mailbox: %d\n", c.InboxDefaultMailbox)
 		fmt.Fprintf(out, "format: %s\n", c.Format)
-		fmt.Fprintf(out, "pii-mode: %s\n", c.PIIMode)
-		fmt.Fprintf(out, "pii-allow-unredacted: %t\n", c.PIIAllowUnredacted)
+		fmt.Fprintf(out, "inbox-pii-mode: %s\n", c.InboxPIIMode)
+		fmt.Fprintf(out, "inbox-pii-allow-unredacted: %t\n", c.InboxPIIAllowUnredacted)
+		fmt.Fprintf(out, "docs-api-key: %s\n", c.DocsAPIKey)
+		fmt.Fprintf(out, "docs-permissions: %s\n", c.DocsPermissions)
 		return nil
 	}
 
 	switch args[0] {
-	case "client-id":
-		fmt.Fprintf(out, "%s\n", c.ClientID)
-	case "client-secret":
-		fmt.Fprintf(out, "%s\n", c.ClientSecret)
-	case "default-mailbox":
-		fmt.Fprintf(out, "%d\n", c.DefaultMailbox)
+	case "inbox-app-id":
+		fmt.Fprintf(out, "%s\n", c.InboxAppID)
+	case "inbox-app-secret":
+		fmt.Fprintf(out, "%s\n", c.InboxAppSecret)
+	case "inbox-default-mailbox":
+		fmt.Fprintf(out, "%d\n", c.InboxDefaultMailbox)
 	case "format":
 		fmt.Fprintf(out, "%s\n", c.Format)
-	case "pii-mode":
-		fmt.Fprintf(out, "%s\n", c.PIIMode)
-	case "pii-allow-unredacted":
-		fmt.Fprintf(out, "%t\n", c.PIIAllowUnredacted)
+	case "inbox-pii-mode":
+		fmt.Fprintf(out, "%s\n", c.InboxPIIMode)
+	case "inbox-pii-allow-unredacted":
+		fmt.Fprintf(out, "%t\n", c.InboxPIIAllowUnredacted)
+	case "docs-api-key":
+		fmt.Fprintf(out, "%s\n", c.DocsAPIKey)
+	case "docs-permissions":
+		fmt.Fprintf(out, "%s\n", c.DocsPermissions)
 	default:
 		return fmt.Errorf("unknown config key: %s", args[0])
 	}