From 17bd40321764050f9c210447ff4614cbb6e17047 Mon Sep 17 00:00:00 2001
From: adlee-was-taken <aaron.daniel.lee@gmail.com>
Date: Sun, 5 Apr 2026 10:41:10 -0400
Subject: [PATCH] fix: correct set-password docstring (scrypt, not bcrypt)

The set_password_cmd docstring and inline comment claimed bcrypt /
SHA-256, but the implementation actually uses scrypt via
cryptography.hazmat.primitives.kdf.scrypt. Correct the docstring,
drop the misleading comment, and remove the now-unused hashlib import.

No behavior change.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 vigilar/cli/cmd_config.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/vigilar/cli/cmd_config.py b/vigilar/cli/cmd_config.py
index b4a0a9f..9a764e6 100644
--- a/vigilar/cli/cmd_config.py
+++ b/vigilar/cli/cmd_config.py
@@ -60,12 +60,9 @@ def show_cmd(config_path: str | None) -> None:
 @config_cmd.command("set-password")
 @click.option("--config", "-c", "config_path", default=None, help="Path to vigilar.toml.")
 def set_password_cmd(config_path: str | None) -> None:
-    """Generate a bcrypt hash for the web UI password."""
+    """Generate a scrypt hash for the web UI password."""
     try:
-        import hashlib
-
         password = click.prompt("Enter web UI password", hide_input=True, confirmation_prompt=True)
-        # Use SHA-256 hash (bcrypt requires external dep, but cryptography is available)
         from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
         import os