fix(config): fall back to "user" when os.userInfo() is unavailable

[Astro-Han]

Summary

os.userInfo() throws a SystemError on minimal hosts that have no matching passwd entry (some containers, locked-down service accounts). Two config-load call sites called it unguarded, so a process started without a resolvable system user crashed during config load. This guards both with try/catch, falls back to the generic "user", and also coerces an empty username to "user".

Why

• packages/opencode/src/config/config.ts:1082 — if (!result.username) result.username = os.userInfo().username (unguarded; runs on every platform).
• packages/opencode/src/config/managed.ts:58 — const user = os.userInfo().username (unguarded; macOS managed-preferences lookup).

Either throw aborts config load with an unhandled SystemError. The system username is a convenience default, not a hard requirement, so an unavailable user should degrade to a generic value rather than crash startup.

Related Issue

No PawWork issue. Reimplemented for PawWork from upstream anomalyco/opencode b5632ea700 (PR #29332, thanks Shoubhit Dash). The fork has no common ancestor with upstream, so this is an adapted port, not a cherry-pick.

Human Review Status

Pending

Review Focus

The two guards mirror upstream exactly. The config.ts guard is cross-platform; the managed.ts guard is darwin-only (readManagedPreferences returns early off macOS). Confirm the fallback value "user" is acceptable for both the config username default and the macOS managed-preferences path lookup.

Risk Notes

Low. Behavior changes only when os.userInfo() throws or returns an empty username (previously a crash). No platform/packaging/UI surface touched. Both log and os were already in scope at both sites.

How To Verify

Targeted test (with fix): bun test test/config/config.test.ts -t "system username fallback" -> 1 pass
Red proof (config.ts guard reverted): same test -> 1 fail (SystemError thrown at config.ts:1082; test exercises the crash path)
Full file regression: bun test test/config/config.test.ts -> 106 pass, 0 fail
Typecheck: packages/opencode bun run typecheck -> clean

Screenshots or Recordings

N/A — no visible UI change.

Checklist

• Type label — this PR carries exactly one of bug, enhancement, task, documentation. Type labels are author-added; the labeler bot does NOT assign them. Add the label in the GitHub UI, then tick this.
• Routing labels — this PR carries at least one of app, ui, platform, harness, ci. The labeler bot assigns these on PR open based on changed paths. Confirm the bot's choice (or override if wrong), then tick this.
• Priority label — this PR carries exactly one of P0, P1, P2, P3. The priority-triage bot suggests one on PR open. Confirm or override, then tick this.
• Human Review Status above is set to Pending, Approved by @<reviewer>, or Not required: <reason> (default is Pending; "not required" is restricted to bot-authored low-risk PRs).
• I linked the related issue, or stated in Summary why there is no issue.
• I described the review focus and any meaningful risks.
• I replaced the example block in How To Verify with the real verification steps and the key result for each.
• I did not introduce unrelated refactors, dependencies, generated files, or file changes beyond the stated scope.
• (conditional) I manually checked visible UI or copy changes when needed, with screenshots or recordings. Leave unticked only if no visible UI or copy changed.
• (conditional) I considered macOS and Windows impact for platform, packaging, updater, signing, paths, shell, or permissions changes. Leave unticked only if no platform/packaging surface was touched.
• (conditional) I called out docs, release notes, dependencies, permissions, credentials, deletion behavior, generated content, or local file changes when relevant. Leave unticked only if none of those surfaces was touched.
• I reviewed the final diff for unrelated changes and suspicious dependency changes.
• I am targeting dev, and my PR title and commit messages use Conventional Commits in English.

Summary by CodeRabbit

Bug Fixes

• Enhanced application startup stability through improved error handling for system username detection. When system username information is unavailable—common in containerized and minimal environments—the application now gracefully falls back to a default value instead of encountering initialization errors.

[coderabbitai]

Warning

Review limit reached

@Astro-Han, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 54 minutes and 38 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: ef8f7458-4989-4bdd-a644-1d44403fd111

📥 Commits

Reviewing files that changed from the base of the PR and between 666fa9f and 9206bca.

📒 Files selected for processing (3)

• packages/opencode/src/config/config.ts
• packages/opencode/src/config/managed.ts
• packages/opencode/test/config/config.test.ts

📝 Walkthrough

Walkthrough

The PR adds error handling for system username retrieval in two configuration modules. Both loadInstanceState and readManagedPreferences now wrap os.userInfo().username reads in try/catch blocks, logging warnings and falling back to "user" when retrieval fails. A regression test validates this fallback behavior when the system call throws.

Changes

Username Resilience

Layer / File(s)	Summary
Resilient username reading implementation packages/opencode/src/config/config.ts, packages/opencode/src/config/managed.ts	Both loadInstanceState and readManagedPreferences wrap os.userInfo().username reads in try/catch blocks, logging warnings and falling back to "user" when retrieval throws.
System username fallback test coverage packages/opencode/test/config/config.test.ts	New describe("system username fallback") test mocks os.userInfo() to throw ENOENT, asserting config load succeeds and config.username falls back to "user".

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested labels

bug, P2

Poem

A rabbit once stumbled through /etc/passwd,
but caught the error before it was lost.
With "user" as fallback, the config stays true—
resilient and graceful, whatever you do. 🐰✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding error handling to fallback to 'user' when os.userInfo() is unavailable.
Description check	✅ Passed	The PR description covers all key sections: clear summary, detailed rationale, specific file locations, risk assessment, verification steps, and proper checklist completion.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/upstream-userinfo-fallback

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request prevents configuration load crashes on minimal hosts (such as certain containers) where os.userInfo() throws an error due to a missing passwd entry. It wraps os.userInfo() calls in try-catch blocks in both the configuration loader and the macOS-specific managed preferences reader, falling back to a default username. A regression test has also been added. The reviewer suggests improving the fallback mechanism by checking environment variables like process.env.USER or process.env.USERNAME before defaulting to the hardcoded 'user', which is particularly critical on macOS to avoid breaking managed preferences path lookups.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[github-actions]

Suggested priority: P2 (includes non-doc, non-test paths outside the low-risk bucket).

P1/P0 are reserved for maintainer confirmation. Please relabel manually if this is a release blocker, security issue, data-loss risk, or updater/runtime failure.