docs(trust): clarify untrusted config behavior

[jdx]

Summary

• clarify current trust behavior for direct mise.toml loading versus tracked-config discovery
• document that detected CI assumes configs are trusted unless paranoid mode is enabled
• update mise trust help text to mention tasks/hooks and non-interactive outcomes

Validation

• git diff --check

This PR was generated by an AI coding assistant.

---

Note

Low Risk
Documentation and CLI help text only; no changes to trust enforcement logic.

Overview
This PR replaces outdated trust documentation that listed specific “dangerous” features (env vars, templates, path: plugins) with behavior-focused explanations aligned with how mise actually handles untrusted config.

mise trust help (Rust doc comment, mise.usage.kdl, generated docs/cli/trust.md, and man/man1/mise.1) now states that trust is required before parsing mise.toml, and describes outcomes when a file is untrusted: interactive prompt, skipping in some discovery paths, hard failure when prompting isn’t possible, and implicit trust in detected CI unless paranoid mode is on.

FAQ (docs/faq.md) adds a CI bullet (trusted by default outside paranoid) and rewrites non-interactive guidance: it no longer claims untrusted configs are always silently skipped; it distinguishes direct loads (can error) from tracked-config discovery (may skip), and points to mise trust or trusted_config_paths.

Paranoid docs (docs/paranoid.md) expand normal-mode trust rules (when mise.toml is checked, skip vs error paths, CI assumption) and clarify that paranoid requires trust for all config formats, not only those that normally need it.

^{Reviewed by Cursor Bugbot for commit 95afc69. Bugbot is set up for automated code reviews on this repo. Configure here.}

[gemini-code-assist]

Code Review

This pull request updates the documentation and CLI help text across several files (docs/cli/trust.md, docs/faq.md, docs/paranoid.md, and src/cli/trust.rs) to clarify how mise handles config file trust. Specifically, it details how trust affects the execution of tasks and hooks, explains behavior in non-interactive environments and detected CI, and describes the difference between normal and paranoid modes. There are no review comments to address, and I have no additional feedback to provide.

[greptile-apps]

Greptile Summary

Documentation-only PR that replaces the old "dangerous features" bullet list with a clearer behavioral model for trust: what mise checks, when it prompts vs. skips vs. fails, and how CI auto-trust interacts with paranoid mode. The same wording is consistently applied across the CLI help, man page, KDL usage file, and docs.

• docs/faq.md splits the old non-interactive bullet into a CI-specific entry (auto-trust unless paranoid) and a non-interactive entry (fail-vs-skip distinction), making both behaviors explicit.
• docs/paranoid.md introduces the mise.toml-scoped normal-mode check and the "all formats" paranoid requirement, but the leading code example still shows .tool-versions prompting for trust without a paranoid-mode label, which now contradicts the surrounding prose.

Confidence Score: 5/5

Safe to merge — no runtime logic is changed, only documentation and CLI help text.

All six changed files are documentation or auto-generated help text. The trust logic itself is untouched. The one inconsistency (the .tool-versions example in paranoid.md lacking a paranoid-mode label) is a minor readability issue with no functional impact.

docs/paranoid.md — the introductory code example should be labelled as a paranoid-mode example to match the surrounding prose.

Important Files Changed

Filename	Overview
docs/paranoid.md	Clarifies trust scope (mise.toml only in normal mode, all formats in paranoid) and CI auto-trust. The introductory example showing .tool-versions prompting for trust is now inconsistent with the new prose that limits normal-mode checks to mise.toml.
docs/faq.md	Splits "non-interactive mode" into separate CI and non-CI bullets, accurately describing CI auto-trust and the fail-vs-skip behavior distinction. Clean and consistent with other changed files.
src/cli/trust.rs	Replaces the old bullet-list doc comment with a behaviorally accurate description; mirrors the wording in docs/cli/trust.md exactly.
docs/cli/trust.md	Generated from src/cli/trust.rs; updated help text is accurate and consistent with the rest of the docs changes.
man/man1/mise.1	Man page updated to mirror the new trust description; roff escaping looks correct.
mise.usage.kdl	KDL usage file updated with the new long_help string; consistent with the Rust source.

_{Reviews (4): Last reviewed commit: "docs(trust): clarify untrusted config be..." | Re-trigger Greptile}

[github-actions]

Hyperfine Performance

mise x -- echo

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.5.15 x -- echo	23.6 ± 2.2	18.9	33.0	1.12 ± 0.14
mise x -- echo	21.0 ± 1.9	18.3	32.3	1.00
✅ Performance improvement for x -- echo is 12%

mise env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.5.15 env	21.8 ± 2.5	17.7	34.3	1.02 ± 0.15
mise env	21.3 ± 2.1	17.8	30.8	1.00

mise hook-env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.5.15 hook-env	23.0 ± 1.6	19.9	32.9	1.01 ± 0.09
mise hook-env	22.7 ± 1.4	19.3	30.3	1.00

mise ls

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.5.15 ls	18.3 ± 1.0	16.3	24.8	1.00
mise ls	18.7 ± 0.9	16.8	23.4	1.02 ± 0.08

xtasks/test/perf

Command	mise-2026.5.15	mise	Variance
install (cached)	146ms	147ms	+0%
ls (cached)	67ms	68ms	-1%
bin-paths (cached)	72ms	73ms	-1%
task-ls (cached)	140ms	138ms	+1%