From a513a02328dc2ab853724e76793532121045e81a Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <m@mitchellh.com>
Date: Thu, 19 Sep 2024 17:20:42 -0700
Subject: [PATCH] config: config to disable auto secure input and secure input
 overlay

---
 macos/Sources/Ghostty/Ghostty.App.swift    |  2 ++
 macos/Sources/Ghostty/Ghostty.Config.swift | 16 +++++++++++++
 macos/Sources/Ghostty/SurfaceView.swift    |  3 ++-
 src/build/fish_completions.zig             |  2 +-
 src/config/Config.zig                      | 28 ++++++++++++++++++++++
 5 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/macos/Sources/Ghostty/Ghostty.App.swift b/macos/Sources/Ghostty/Ghostty.App.swift
index 366f83711..7b8c5688f 100644
--- a/macos/Sources/Ghostty/Ghostty.App.swift
+++ b/macos/Sources/Ghostty/Ghostty.App.swift
@@ -550,6 +550,8 @@ extension Ghostty {
 
         static func setPasswordInput(_ userdata: UnsafeMutableRawPointer?, value: Bool) {
             let surfaceView = self.surfaceUserdata(from: userdata)
+            guard let appState = self.appState(fromView: surfaceView) else { return }
+            guard appState.config.autoSecureInput else { return }
             surfaceView.passwordInput = value
         }
 
diff --git a/macos/Sources/Ghostty/Ghostty.Config.swift b/macos/Sources/Ghostty/Ghostty.Config.swift
index 8ea9371fe..6288e54f7 100644
--- a/macos/Sources/Ghostty/Ghostty.Config.swift
+++ b/macos/Sources/Ghostty/Ghostty.Config.swift
@@ -371,6 +371,22 @@ extension Ghostty {
             let str = String(cString: ptr)
             return AutoUpdate(rawValue: str) ?? defaultValue
         }
+
+        var autoSecureInput: Bool {
+            guard let config = self.config else { return true }
+            var v = false;
+            let key = "macos-auto-secure-input"
+            _ = ghostty_config_get(config, &v, key, UInt(key.count))
+            return v
+        }
+
+        var secureInputOverlay: Bool {
+            guard let config = self.config else { return true }
+            var v = false;
+            let key = "macos-secure-input-overlay"
+            _ = ghostty_config_get(config, &v, key, UInt(key.count))
+            return v
+        }
     }
 }
 
diff --git a/macos/Sources/Ghostty/SurfaceView.swift b/macos/Sources/Ghostty/SurfaceView.swift
index a00ff7ce9..75d821cee 100644
--- a/macos/Sources/Ghostty/SurfaceView.swift
+++ b/macos/Sources/Ghostty/SurfaceView.swift
@@ -205,7 +205,8 @@ extension Ghostty {
                 #if canImport(AppKit)
                 // If we have secure input enabled and we're the focused surface and window
                 // then we want to show the secure input overlay.
-                if (secureInput.enabled &&
+                if (ghostty.config.secureInputOverlay &&
+                    secureInput.enabled &&
                     surfaceFocus &&
                     windowFocus) {
                     SecureInputOverlay()
diff --git a/src/build/fish_completions.zig b/src/build/fish_completions.zig
index b6fe9b0dc..0ff0a2163 100644
--- a/src/build/fish_completions.zig
+++ b/src/build/fish_completions.zig
@@ -12,7 +12,7 @@ pub const fish_completions = comptimeGenerateFishCompletions();
 
 fn comptimeGenerateFishCompletions() []const u8 {
     comptime {
-        @setEvalBranchQuota(16000);
+        @setEvalBranchQuota(17000);
         var counter = std.io.countingWriter(std.io.null_writer);
         try writeFishCompletions(&counter.writer());
 
diff --git a/src/config/Config.zig b/src/config/Config.zig
index 9739b36b8..d2ab120a8 100644
--- a/src/config/Config.zig
+++ b/src/config/Config.zig
@@ -1348,6 +1348,34 @@ keybind: Keybinds = .{},
 /// find false more visually appealing.
 @"macos-window-shadow": bool = true,
 
+/// If true, Ghostty on macOS will automatically enable the "Secure Input"
+/// feature when it detects that a password prompt is being displayed.
+///
+/// "Secure Input" is a macOS security feature that prevents applications from
+/// reading keyboard events. This can always be enabled manually using the
+/// `Ghostty > Secure Keyboard Entry` menu item.
+///
+/// Note that automatic password prompt detection is based on heuristics
+/// and may not always work as expected. Specifically, it does not work
+/// over SSH connections, but there may be other cases where it also
+/// doesn't work.
+///
+/// A reason to disable this feature is if you find that it is interfering
+/// with legitimate accessibility software (or software that uses the
+/// accessibility APIs), since secure input prevents any application from
+/// reading keyboard events.
+@"macos-auto-secure-input": bool = true,
+
+/// If true, Ghostty will show a graphical overlay when secure input is
+/// enabled. This overlay is generally recommended to know when secure input
+/// is enabled.
+///
+/// Normally, secure input is only active when a password prompt is displayed
+/// or it is manually (and typically temporarily) enabled. However, if you
+/// always have secure input enabled, this overlay can be distracting and
+/// you may want to disable it.
+@"macos-secure-input-overlay": bool = true,
+
 /// Put every surface (tab, split, window) into a dedicated Linux cgroup.
 ///
 /// This makes it so that resource management can be done on a per-surface