Posted by bpierre 10/27/2025
I'd probably say hk is the most challenging pre-commit manager to setup compared to its peers. That said, it's also the only one that can run hooks in parallel safely and deal with partially staged files where the others don't bother with these problems.
At least right now hk is good for folks that want the fastest and don't mind a bit of effort. Hopefully I can improve that and make it the best all-around.
I’m looking forward to trying fnox!
That’s just off the top of my head.
They both accept a list of files to work on, but the filter on hk gives you a full list of files that changed, so if a cs file and a tf file changes, both steps will fire with both the cs and the tf file
I think a small improvement might be adding a matched_files template sub that would only show the files that matched the glob rule. I also think an LSP integration for VSCode would go a long way. I could manage the first but the second might be pushing my limits
# New person joins the team:
# 7. Team lead updates fnox.toml with new recipient
# Then re-encrypts all secrets:
fnox set DATABASE_URL "$(fnox get DATABASE_URL)" --provider age # ... repeat for all secrets
It's a bit surprising you have to manually do this, I'd imagine fnox already has knowledge of all the secrets and could do this automatically.
In this case, the user “jdx” has published an issue (a bug or feature development tracker) about a complimentary project, but you can still access the source code and documentation about “mise” by clicking on the hyperlink labelled “mise” at the top of the page.
I've use mise happily for many months without using direnv or tasks, and everything I use it for works and is solid. Installs python, ruby, node, does the switching, does the shims, stays out of the way.
direnv and tasks and everything else mise can do is all opt-in.
Different people have different experiences and work on things in a very diverse scale. The existence of one thing does not obviate all other things.
It's a generic version manager (replacing nvm/pyenv/etc). It also does direnv and tasks.
Also, devenv and mise also feel like different animals to me. I can't imagine many scenarios where I'd use them interchangeably.
Syntax of toml is almost identical, the CLI as well.
It even has the same vocabulary.
I didn't dig deeper though, but I'd be surprised not to find more :)
[project]
name = "web-api"
revision = "2.1.0"
extends = ["../shared/base", "../shared/auth"]
[profiles.default]
# Inherits DATABASE_URL, LOG_LEVEL from base
# Inherits JWT_SECRET, SESSION_SECRET from auth
# Service-specific additions:
STRIPE_API_KEY = { description = "Stripe payment API", required = true }
REDIS_URL = { description = "Redis cache connection", required = true }
PORT = { description = "Server port", required = false, default = "3000" }
[secrets.DATABASE_URL]
provider = "onepass"
value = "Database" # ← Item name in 1Password (fetches 'password' field)
[secrets.DB_USERNAME]
provider = "onepass"
value = "Database/username" # ← Specific field
[secrets.API_KEY]
provider = "onepass"
value = "op://Development/API Keys/credential" # ←
Honestly, I'm not invested in either of these. They both look nifty, but I couldn't personally care less if either (or both or neither) of these catch on and become standards. I'm only commenting here because your statement here and on the linked discussion[2] ("it's almost a verbatim copy") seems incredibly aggressive, and to me, quite offputting. They don't look alike at all to me, other than that they both aim to do similar things and thus will have some natural overlap in terminology.
[0]https://secretspec.dev/concepts/declarative/
[1]https://github.com/jdx/fnox
[2]https://github.com/jdx/mise/discussions/6779#discussioncomme...
Because it implies that the tool is copied. To me, they look similar, in a way that all tools like this are going to look somewhat similar.
> - fnix imports, - secretspec extends
So, they both have ways to slurp in other files so that you can kind of emulate inheritance. They call them different things, but the idea's similar: they both look similar to mise's configuration hierarchy, which predates both tools.[0]
> - secretspec profiles, - fnix profiles
They both support named profiles like "dev", "production", etc... like so many other devops tools that I'm having a hard time narrowing it down to one pre-existing example among thousands.
No, I'm still not seeing it. Fnox seems to be a copy of secretspec in the same way that Nginx is a copy of Apache, because they both do similar things and have config files that talk about domain names and ports and paths and certificates.
[0]https://mise.jdx.dev/configuration.html#configuration-hierar...
Your original comment is snarky and unprofessional. That's a bad look for projects that actually seem solid and impressive.
It's fine if you think your projects are better, and want to mention that. Just do it in a professional, objective way.
Its a very strong & weight claim to say that fnox is a copy of secretspec though. There can be a lot of overlap. But there have been lots of others similar efforts too, such as sops, and many before.
It's much too complicated in my book to be making big claims like copying. That really pisses me against the software
Regardless, if you think you're being copied, just copy right back. I suggest imitating the DX.
As someone who tried devenv (and nix-darwin for a while), before eventually returning to homebrew and mise, I really wanted to like it, but the nix complexity kept leaking out.
Mise does maybe 80% of what I did with devenv, but at only 1% of the hassle.
maybe you feel upset that someone has created a project similar to yours, but your accusation seems meritless.
what am i missing, if anything?