fix: resolve all clippy warnings

Collapse nested if statements using let chains, replace manual Default
impls with derive, use std::slice::from_ref instead of clone, use
io::Error::other, remove redundant closures and identity maps, and
replace unnecessary lazy evaluation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: domenkozar

Cargo.lock

@@ -545,10 +545,10 @@ fn is_field_optional_across_profiles(secret_name: &str, config: &Config) -> bool
 /// `true` if any profile has this secret with `as_path = true`, `false` otherwise
 fn is_field_as_path(secret_name: &str, config: &Config) -> bool {
     for profile_config in config.profiles.values() {
-        if let Some(secret_config) = profile_config.secrets.get(secret_name) {
-            if secret_config.as_path == Some(true) {
-                return true;
-            }
+        if let Some(secret_config) = profile_config.secrets.get(secret_name)
+            && secret_config.as_path == Some(true)
+        {
+            return true;
         }
     }
     false

secretspec-derive/src/lib.rs

@@ -402,15 +402,15 @@ pub fn main() -> Result<()> {
                     ProviderAction::Add { name, uri } => {
                         // Load or create config
                         let mut config =
-                            GlobalConfig::load().into_diagnostic()?.unwrap_or_else(|| {
-                                GlobalConfig {
+                            GlobalConfig::load()
+                                .into_diagnostic()?
+                                .unwrap_or(GlobalConfig {
                                     defaults: GlobalDefaults {
                                         provider: None,
                                         profile: None,
                                         providers: None,
                                     },
-                                }
-                            });
+                                });
 
                         // Initialize providers map if needed
                         if config.defaults.providers.is_none() {

secretspec/src/cli/mod.rs

@@ -154,11 +154,11 @@ impl Config {
         }
 
         // Process extends if present
-        if let Some(extends_paths) = config.project.extends.clone() {
-            if let Some(base) = base_path {
-                let base_dir = base.parent().unwrap_or(Path::new("."));
-                config = Self::merge_extended_configs(config, &extends_paths, base_dir, visited)?;
-            }
+        if let Some(extends_paths) = config.project.extends.clone()
+            && let Some(base) = base_path
+        {
+            let base_dir = base.parent().unwrap_or(Path::new("."));
+            config = Self::merge_extended_configs(config, &extends_paths, base_dir, visited)?;
         }
 
         Ok(config)
@@ -447,55 +447,40 @@ impl Secret {
         }
 
         // Validate generate config
-        if let Some(ref gen_config) = self.generate {
-            if gen_config.is_enabled() {
-                // generate requires type
-                if self.secret_type.is_none() {
-                    return Err(
-                        "'generate' requires 'type' to be set (e.g., type = \"password\")".into(),
-                    );
-                }
+        if let Some(ref gen_config) = self.generate
+            && gen_config.is_enabled()
+        {
+            // generate requires type
+            if self.secret_type.is_none() {
+                return Err(
+                    "'generate' requires 'type' to be set (e.g., type = \"password\")".into(),
+                );
+            }
 
-                // generate + default is a conflict
-                if self.default.is_some() {
-                    return Err("'generate' and 'default' cannot both be set".into());
-                }
+            // generate + default is a conflict
+            if self.default.is_some() {
+                return Err("'generate' and 'default' cannot both be set".into());
+            }
 
-                // type = "command" requires generate = { command = "..." }
-                if self.secret_type.as_deref() == Some("command") {
-                    match gen_config {
-                        GenerateConfig::Bool(true) => {
-                            return Err(
-                                "type = \"command\" requires generate = { command = \"...\" }"
-                                    .into(),
-                            );
-                        }
-                        GenerateConfig::Options(opts) if opts.command.is_none() => {
-                            return Err(
-                                "type = \"command\" requires generate = { command = \"...\" }"
-                                    .into(),
-                            );
-                        }
-                        _ => {}
+            // type = "command" requires generate = { command = "..." }
+            if self.secret_type.as_deref() == Some("command") {
+                match gen_config {
+                    GenerateConfig::Bool(true) => {
+                        return Err(
+                            "type = \"command\" requires generate = { command = \"...\" }".into(),
+                        );
                     }
-                }
-
-                // Validate known types
-                if let Some(ref t) = self.secret_type {
-                    match t.as_str() {
-                        "password" | "hex" | "base64" | "uuid" | "command" => {}
-                        unknown => {
-                            return Err(format!("unknown secret type '{}'", unknown));
-                        }
+                    GenerateConfig::Options(opts) if opts.command.is_none() => {
+                        return Err(
+                            "type = \"command\" requires generate = { command = \"...\" }".into(),
+                        );
                     }
+                    _ => {}
                 }
             }
-        }
 
-        // Validate type even without generate
-        if let Some(ref t) = self.secret_type {
-            if self.generate.is_none() || self.generate.as_ref().is_some_and(|g| !g.is_enabled()) {
-                // Type is informational when not generating, but still validate known values
+            // Validate known types
+            if let Some(ref t) = self.secret_type {
                 match t.as_str() {
                     "password" | "hex" | "base64" | "uuid" | "command" => {}
                     unknown => {
@@ -505,6 +490,19 @@ impl Secret {
             }
         }
 
+        // Validate type even without generate
+        if let Some(ref t) = self.secret_type
+            && (self.generate.is_none() || self.generate.as_ref().is_some_and(|g| !g.is_enabled()))
+        {
+            // Type is informational when not generating, but still validate known values
+            match t.as_str() {
+                "password" | "hex" | "base64" | "uuid" | "command" => {}
+                unknown => {
+                    return Err(format!("unknown secret type '{}'", unknown));
+                }
+            }
+        }
+
         Ok(())
     }
 }
@@ -516,10 +514,11 @@ fn is_valid_identifier(s: &str) -> bool {
     }
 
     let mut chars = s.chars();
-    if let Some(first) = chars.next() {
-        if !first.is_alphabetic() && first != '_' {
-            return false;
-        }
+    if let Some(first) = chars.next()
+        && !first.is_alphabetic()
+        && first != '_'
+    {
+        return false;
     }
 
     chars.all(|c| c.is_alphanumeric() || c == '_')

secretspec/src/config.rs

@@ -9,7 +9,7 @@ use url::Url;
 ///
 /// This struct holds configuration options for the keyring provider,
 /// which stores secrets in the system's native keychain service.
-#[derive(Debug, Clone, Serialize, Deserialize)]
+#[derive(Debug, Default, Clone, Serialize, Deserialize)]
 pub struct KeyringConfig {
     /// Optional folder prefix format string for organizing secrets in the keyring.
     ///
@@ -18,14 +18,6 @@ pub struct KeyringConfig {
     pub folder_prefix: Option<String>,
 }
 
-impl Default for KeyringConfig {
-    fn default() -> Self {
-        Self {
-            folder_prefix: None,
-        }
-    }
-}
-
 impl TryFrom<&Url> for KeyringConfig {
     type Error = SecretSpecError;
 

secretspec/src/provider/keyring.rs

@@ -147,25 +147,25 @@ impl TryFrom<&Url> for OnePasswordConfig {
         let mut config = Self::default();
 
         // Parse URL components for account@vault format, ignoring dummy localhost
-        if let Some(host) = url.host_str() {
-            if host != "localhost" {
-                // Check if we have username (account) information
-                if !url.username().is_empty() {
-                    // Handle user:token format for service account tokens
-                    if scheme == "onepassword+token" {
-                        if let Some(password) = url.password() {
-                            config.service_account_token = Some(password.to_string());
-                        } else {
-                            config.service_account_token = Some(url.username().to_string());
-                        }
+        if let Some(host) = url.host_str()
+            && host != "localhost"
+        {
+            // Check if we have username (account) information
+            if !url.username().is_empty() {
+                // Handle user:token format for service account tokens
+                if scheme == "onepassword+token" {
+                    if let Some(password) = url.password() {
+                        config.service_account_token = Some(password.to_string());
                     } else {
-                        config.account = Some(url.username().to_string());
+                        config.service_account_token = Some(url.username().to_string());
                     }
-                    config.default_vault = Some(host.to_string());
                 } else {
-                    // No username, so the host is the vault
-                    config.default_vault = Some(host.to_string());
+                    config.account = Some(url.username().to_string());
                 }
+                config.default_vault = Some(host.to_string());
+            } else {
+                // No username, so the host is the vault
+                config.default_vault = Some(host.to_string());
             }
         }
 
@@ -820,24 +820,24 @@ impl Provider for OnePasswordProvider {
                             if let Ok(item) = serde_json::from_str::<OnePasswordItem>(&stdout) {
                                 // Look for "value" field first
                                 for field in &item.fields {
-                                    if field.label.as_deref() == Some("value") {
-                                        if let Some(ref v) = field.value {
-                                            return Some((
-                                                key_owned,
-                                                SecretString::new(v.clone().into()),
-                                            ));
-                                        }
+                                    if field.label.as_deref() == Some("value")
+                                        && let Some(ref v) = field.value
+                                    {
+                                        return Some((
+                                            key_owned,
+                                            SecretString::new(v.clone().into()),
+                                        ));
                                     }
                                 }
                                 // Fallback: look for password/concealed field
                                 for field in &item.fields {
-                                    if field.field_type == "CONCEALED" || field.id == "password" {
-                                        if let Some(ref v) = field.value {
-                                            return Some((
-                                                key_owned,
-                                                SecretString::new(v.clone().into()),
-                                            ));
-                                        }
+                                    if (field.field_type == "CONCEALED" || field.id == "password")
+                                        && let Some(ref v) = field.value
+                                    {
+                                        return Some((
+                                            key_owned,
+                                            SecretString::new(v.clone().into()),
+                                        ));
                                     }
                                 }
                             }

secretspec/src/provider/onepassword.rs

@@ -10,7 +10,7 @@ use url::Url;
 /// This struct holds configuration options for the pass provider.
 /// Pass stores secrets as GPG-encrypted files using the Unix password
 /// manager in a hierarchical structure.
-#[derive(Debug, Clone, Serialize, Deserialize)]
+#[derive(Debug, Default, Clone, Serialize, Deserialize)]
 pub struct PassConfig {
     /// Optional folder prefix format string for organizing secrets in pass.
     ///
@@ -19,14 +19,6 @@ pub struct PassConfig {
     pub folder_prefix: Option<String>,
 }
 
-impl Default for PassConfig {
-    fn default() -> Self {
-        Self {
-            folder_prefix: None,
-        }
-    }
-}
-
 impl TryFrom<&Url> for PassConfig {
     type Error = SecretSpecError;