Hi Ben! You should definitely not use Dagger Shell as your default shell. It's meant to complement it rather than replace it.
From the post:
> Dagger Shell isn’t meant to replace your system shell, but to complement it. When a workflow is too complex to fit in a regular shell, the next available option is often a brittle monolith: not as simple as a shell script, not as robust as full-blown software. The Dagger Shell aspires to help you replace that monolith with a collection of simple modules, composed with standard interfaces.
So part of the idea would be to keep my secrets out of my default shell? I’ve been looking for ways to do that but I would want specific commands to have access to them. For instance I would just want git and gh to have access to my GitHub credentials and for another program not to be able to spawn git or gh with these credentials. It would also be important not to be able to accidentally run one of these by copy and pasting something. It seems that it would need to at least be partly taken care of by my default shell for it to be usable though.
Hmm. Sounds as an interesting problem.
But how can you really differentiate b/w a user opening git and some other program running git.
I think we would need friction there , some sort of manual intervention.
The best I could think of was something like bitwarden/keepassxc like cli where it requires a password and it would just straight up copy that token into github.
If we are really talking / you have the source code and you want end to end security , you could theoeretically also compile git with the specific idea / implementation of whatever encrypted password manager you might use directly within the code of git / github but I know that can be an overkill for this problem.
What I’d want is to be able to run top level commands differently from other commands and being able to have git and gh be a wrapper that injects the permissions. They could also filter the arguments and environment variables, which I know is hard to get right. Subshells and other programs would be able to run git and gh, but not with the permissions.
I could even run git and gh in a container that has a volume to be able to access the directory.
I think I have an idea of what this could look like and I might try and prototype it with fish and see what code parts it goes down to gauge how secure it’s likely to be.
Okay, but _can_ you use it as your default shell?
It's not much of a shell otherwise, is it?