feat(params): add secret parameter support

[bradhe]

Summary

• add secret to Towerfile parameter parsing with a default of false
• add secret fields to CLI API models for app/run parameters
• mask secret schedule parameter values in MCP schedule-list output

Testing

• cargo test -p config -p tower-api -p tower-cmd

[github-actions]

⚠️ WARNING: This PR targets main instead of develop

This PR is targeting main which will trigger a production deployment when merged.

If this is a regular feature/fix PR, please change the base branch to develop.
If this is intentional (e.g., hotfix), you can ignore this warning.

Current base: main
Recommended base: develop

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The changes add a secret: bool field to parameter structures across the codebase, defaulting to false. When schedules are listed, secret parameter values are masked with "[hidden]" instead of displaying actual values.

Changes

Cohort / File(s)	Summary
Config parameter model crates/config/src/towerfile.rs	Added secret: bool field to Parameter struct, initialized to false in add_parameter method and during deserialization.
API parameter models crates/tower-api/src/models/parameter.rs, crates/tower-api/src/models/run_parameter.rs	Added secret: bool field with serde attributes to both Parameter and RunParameter structs, updated constructors to initialize secret to false.
Command API usage crates/tower-cmd/src/api.rs	Updated create_schedule and update_schedule methods to initialize secret: false when constructing RunParameter instances.
MCP integration crates/tower-cmd/src/mcp.rs	Added logic to mask secret parameter values with "[hidden]" when listing schedules in tower_schedules_list.
Library formatting crates/tower/src/lib.rs	Reformatted error handling chains for tokio::runtime::Runtime::new() and std::fs::copy without logic changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A secret arrives in the parameter's pocket,
Marked hush-hush with a boolean locket,
When schedules parade, we whisper "it's hidden,"
Keeping values concealed, as the config has bidden,
Security whiskers now twitch with delight! 🔐

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(params): add secret parameter support' accurately describes the main change—adding secret parameter support across multiple files and modules.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/secret-parameters

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/tower-api/src/models/run_parameter.rs`:
- Around line 23-25: The Python RunParameter model is missing the new boolean
field secret (default False) causing serialization/deserialization drift; update
the RunParameter class to declare a secret: bool = False attribute in the
constructor (and type hints), ensure to_dict() includes the secret key when
serializing, and ensure from_dict()/from_json factory reads secret (using False
if absent) when building the object; regenerate the model from the OpenAPI
schema or manually add these changes in the RunParameter class, its to_dict, and
from_dict/from_json methods to match the Rust model.

In `@crates/tower-cmd/src/api.rs`:
- Around line 843-847: The mapping currently constructs RunParameter with
secret: false, which drops secret metadata; update the map closures that produce
RunParameter (the ones building RunParameter { name: key, value, secret: false
}) to read the secret flag from the incoming request parameter (e.g., use the
source tuple/struct's secret field such as param.1.secret or param.secret) and
set RunParameter.secret accordingly; make the same change at both mapping sites
that create RunParameter so secret parameters are preserved when
creating/updating schedules.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 27235ce and 1115ab3.

📒 Files selected for processing (6)

• crates/config/src/towerfile.rs
• crates/tower-api/src/models/parameter.rs
• crates/tower-api/src/models/run_parameter.rs
• crates/tower-cmd/src/api.rs
• crates/tower-cmd/src/mcp.rs
• crates/tower/src/lib.rs

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# First, check if the Rust file exists and show the RunParameter struct
echo "=== Checking Rust RunParameter model ==="
if [ -f crates/tower-api/src/models/run_parameter.rs ]; then
  echo "File found. Full content:"
  cat -n crates/tower-api/src/models/run_parameter.rs
else
  echo "Rust file not found at crates/tower-api/src/models/run_parameter.rs"
fi

echo
echo "=== Checking Python RunParameter model ==="
# Search for Python model in common locations
if [ -f src/tower/tower_api_client/models/run_parameter.py ]; then
  echo "File found. Full content:"
  cat -n src/tower/tower_api_client/models/run_parameter.py
elif [ -f tower_api_client/models/run_parameter.py ]; then
  echo "File found at alternate location. Full content:"
  cat -n tower_api_client/models/run_parameter.py
else
  echo "Searching for Python RunParameter model:"
  find . -name "run_parameter.py" -type f 2>/dev/null || echo "No Python model found"
fi

Repository: tower/tower-cli

Length of output: 2569

---

Regenerate the Python RunParameter model to include the secret field.

The Rust model now includes secret (bool, default false) at lines 23-25, but the Python model at src/tower/tower_api_client/models/run_parameter.py completely omits this field from the class definition, to_dict(), and from_dict() methods. This creates schema drift where the secret metadata is silently lost during serialization and deserialization across client boundaries. Both files are auto-generated by OpenAPI Generator; regenerating the Python model from the same schema will resolve the mismatch.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/tower-api/src/models/run_parameter.rs` around lines 23 - 25, The
Python RunParameter model is missing the new boolean field secret (default
False) causing serialization/deserialization drift; update the RunParameter
class to declare a secret: bool = False attribute in the constructor (and type
hints), ensure to_dict() includes the secret key when serializing, and ensure
from_dict()/from_json factory reads secret (using False if absent) when building
the object; regenerate the model from the OpenAPI schema or manually add these
changes in the RunParameter class, its to_dict, and from_dict/from_json methods
to match the Rust model.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

secret is hard-coded to false for all schedule parameters.

At Line 843 and Line 881 mappings, this prevents creating/updating secret schedule parameters through this path and can downgrade secrecy semantics when parameters are re-sent. The request shape should carry secret metadata instead of forcing false.

Also applies to: 881-885

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/tower-cmd/src/api.rs` around lines 843 - 847, The mapping currently
constructs RunParameter with secret: false, which drops secret metadata; update
the map closures that produce RunParameter (the ones building RunParameter {
name: key, value, secret: false }) to read the secret flag from the incoming
request parameter (e.g., use the source tuple/struct's secret field such as
param.1.secret or param.secret) and set RunParameter.secret accordingly; make
the same change at both mapping sites that create RunParameter so secret
parameters are preserved when creating/updating schedules.