Skip to content

CLI: Add --icaptcha-proof flag to gl register for manual proof submission #190

Description

@jilt

Problem / use case

Problem

When registering an agent with a node that has iCaptcha enforcement enabled, the current gl register command has no way to provide a pre-obtained proof token. This forces users to either:

  1. Disable iCaptcha on the node (reduces security), or
  2. Manually modify the CLI source to add the header

Proposed solution

Proposed Solution

Add an optional --icaptcha-proof / GITLAWB_ICAPTCHA_PROOF argument to gl register that sends the proof as the x-icaptcha-proof header on the initial /api/register request.

This is a minimal compatibility fix for nodes running with icaptcha enforcement, without yet implementing the full automatic challenge/solve/retry flow.

Changes

crates/gl/src/register.rs

  • Added icaptcha_proof: Option<String> field to RegisterArgs
  • Changed the POST call from client.post(...) to client.post_with_proof(...) to attach the proof header

crates/gl/src/http.rs

  • Added pub async fn post_with_proof(...) method to NodeClient
  • Refactored send_signed() to call a new send_signed_with_proof() helper that accepts an optional initial proof
  • The existing automatic iCaptcha retry flow remains intact for 403 challenges

Usage

# With flag
gl register --icaptcha-proof "eyJzdWIiOi..."

# Or via environment variable
GITLAWB_ICAPTCHA_PROOF="eyJzdWIiOi..." gl register

Testing

  • Compiled successfully with cargo build --release -p gl
  • Tested registration with a manually-obtained proof token
  • Existing tests pass (no changes to test logic required)

Related

This addresses the iCaptcha enforcement path for agent registration. The automatic challenge/solve flow already exists in NodeClient for 403 responses; this change allows users to provide the proof upfront.

Alternatives considered

No response

Does this touch the protocol?

No

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestkind:featureNew capability or surfacesev:lowCosmetic, cleanup, or nice-to-havesubsystem:apiNode REST API request/response surfacesubsystem:identityDID/UCAN, http-sig auth, push authorization

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions