feat: demo GIFs, GIT_CAS_PASSPHRASE env var, backlog

[flyingrobots]

Summary

• GIT_CAS_PASSPHRASE env var — CLI now reads vault passphrase from env var as fallback to --vault-passphrase flag. Avoids exposing passphrases in ps output and shell history.
• Demo GIFs — three focused terminal recordings (hero, CLI, vault) embedded in README and GUIDE. Built with VHS, tapes live in git-cas-sandbox.
• ROADMAP backlog — captured future ideas: named vaults, export/archive, publish/mount, repo intelligence (dedup advisor, duplicate detection).

Changes

File	What
bin/git-cas.js	resolvePassphrase() helper checks flag then GIT_CAS_PASSPHRASE env var
README.md	Hero GIF after "What you get", updated encrypted CLI example to use env var
GUIDE.md	CLI GIF in Section 7, vault GIF in Section 13
ROADMAP.md	Backlog section with unscheduled ideas
docs/*.gif	Three demo GIFs (347KB + 410KB + 171KB)

Test plan

• 477 unit tests pass
• Lint clean
• Verify GIFs render on GitHub after merge
• Verify GIT_CAS_PASSPHRASE works: GIT_CAS_PASSPHRASE=x git cas vault init

Summary by CodeRabbit

• New Features

  • Vault passphrase can now be provided via the GIT_CAS_PASSPHRASE environment variable in addition to the command-line flag

• Documentation

  • Added visual guides to CLI and Vault sections
  • Updated vault initialization, storage, and restoration instructions to support environment variable passphrase configuration
  • Expanded project roadmap detailing backlog items including Named Vaults, Export, Vault Management, and Publish/Mount

[coderabbitai]

Warning

Rate limit exceeded

@flyingrobots has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 17 minutes and 35 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

The pull request adds documentation enhancements including inline images and expanded backlog items across GUIDE.md, README.md, and ROADMAP.md. Additionally, it refactors passphrase resolution in bin/git-cas.js by introducing a new resolvePassphrase() helper function that supports obtaining passphrases from either a command-line flag or the GIT_CAS_PASSPHRASE environment variable, removing the need for explicit flag usage in vault operations.

Changes

Cohort / File(s)	Summary
Documentation – Images and Backlog GUIDE.md, README.md, ROADMAP.md	Added inline image tags for CLI and Vault sections in GUIDE.md; updated README.md with demonstration image and revised vault instructions to use GIT_CAS_PASSPHRASE environment variable; appended backlog subsections to ROADMAP.md (Named Vaults, Export, Vault Management, etc.).
Passphrase Resolution Logic bin/git-cas.js	Introduced resolvePassphrase(opts) helper function to centralize passphrase resolution from either --vault-passphrase flag or GIT_CAS_PASSPHRASE environment variable; updated resolveEncryptionKey() and vault init flow to use the new function instead of directly accessing flag values.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A rabbit hops through docs so bright,
With images added, vault setup just right!
Passphrases now flow from env or the CLI,
The code's been refined—oh my, oh my!
Git-CAS grows stronger, we hoppers apply! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and concisely summarizes all three main changes: demo GIFs, GIT_CAS_PASSPHRASE env var, and backlog additions.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch docs/demo-gifs-and-env-var

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@bin/git-cas.js`:
- Around line 47-52: The resolvePassphrase function uses the || operator so an
explicit empty string passed via --vault-passphrase will be treated as falsy and
the code will fall through to process.env.GIT_CAS_PASSPHRASE; change this to
preserve an explicit empty string or explicitly validate it: either use the
nullish coalescing operator (??) to prefer an empty string over env only when
opts.vaultPassphrase is defined, or add explicit validation in resolvePassphrase
to reject/handle an empty string (e.g., throw or return an error) so the
behavior is deterministic and not silently using the env var.

🧹 Nitpick comments (1)

bin/git-cas.js (1)

111-111: The --vault-passphrase flag still exposes passphrases in ps output and shell history.

The PR objective is to avoid passphrase leaks via ps/history by introducing GIT_CAS_PASSPHRASE. Consider adding a deprecation notice on the --vault-passphrase option description (e.g., "(deprecated: prefer GIT_CAS_PASSPHRASE env var)") to nudge users toward the safer path. Same applies to lines 168 and 205.

[flyingrobots]

@coderabbitai review pls

[coderabbitai]

@flyingrobots: I'll review the changes in this PR. Let me analyze the implementation of the GIT_CAS_PASSPHRASE environment variable, the documentation updates, and the new demo GIFs.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.