Problem / use case
Problem
When registering an agent with a node that has iCaptcha enforcement enabled, the current gl register command has no way to provide a pre-obtained proof token. This forces users to either:
- Disable iCaptcha on the node (reduces security), or
- Manually modify the CLI source to add the header
Proposed solution
Proposed Solution
Add an optional --icaptcha-proof / GITLAWB_ICAPTCHA_PROOF argument to gl register that sends the proof as the x-icaptcha-proof header on the initial /api/register request.
This is a minimal compatibility fix for nodes running with icaptcha enforcement, without yet implementing the full automatic challenge/solve/retry flow.
Changes
crates/gl/src/register.rs
- Added
icaptcha_proof: Option<String> field to RegisterArgs
- Changed the POST call from
client.post(...) to client.post_with_proof(...) to attach the proof header
crates/gl/src/http.rs
- Added
pub async fn post_with_proof(...) method to NodeClient
- Refactored
send_signed() to call a new send_signed_with_proof() helper that accepts an optional initial proof
- The existing automatic iCaptcha retry flow remains intact for 403 challenges
Usage
# With flag
gl register --icaptcha-proof "eyJzdWIiOi..."
# Or via environment variable
GITLAWB_ICAPTCHA_PROOF="eyJzdWIiOi..." gl register
Testing
- Compiled successfully with
cargo build --release -p gl
- Tested registration with a manually-obtained proof token
- Existing tests pass (no changes to test logic required)
Related
This addresses the iCaptcha enforcement path for agent registration. The automatic challenge/solve flow already exists in NodeClient for 403 responses; this change allows users to provide the proof upfront.
Alternatives considered
No response
Does this touch the protocol?
No
Problem / use case
Problem
When registering an agent with a node that has iCaptcha enforcement enabled, the current
gl registercommand has no way to provide a pre-obtained proof token. This forces users to either:Proposed solution
Proposed Solution
Add an optional
--icaptcha-proof/GITLAWB_ICAPTCHA_PROOFargument togl registerthat sends the proof as thex-icaptcha-proofheader on the initial/api/registerrequest.This is a minimal compatibility fix for nodes running with icaptcha enforcement, without yet implementing the full automatic challenge/solve/retry flow.
Changes
crates/gl/src/register.rsicaptcha_proof: Option<String>field toRegisterArgsclient.post(...)toclient.post_with_proof(...)to attach the proof headercrates/gl/src/http.rspub async fn post_with_proof(...)method toNodeClientsend_signed()to call a newsend_signed_with_proof()helper that accepts an optional initial proofUsage
Testing
cargo build --release -p glRelated
This addresses the iCaptcha enforcement path for agent registration. The automatic challenge/solve flow already exists in
NodeClientfor 403 responses; this change allows users to provide the proof upfront.Alternatives considered
No response
Does this touch the protocol?
No