fix: CLI gotcha audit + consolidate duplicated access/TTL logic#143
Open
fix: CLI gotcha audit + consolidate duplicated access/TTL logic#143
Conversation
Gotcha fixes:
- whoami and doctor-bundle now respect per-capability `access` field
- Error on contradictory option pairs (--allowed-agents + --clear-agents, etc.)
- cap add --mode exec without --allow-commands now errors
- janee add --timeout validates NaN/negative values
- --access help text fixed (no more "inherit" that doesn't exist)
- cap edit with no options now errors instead of silent success
- TTL format validated at save time
- Warn when exec-mode options used on proxy capabilities (and vice versa)
- --access warning only fires for pre-existing allowedAgents, not same-command
- revoke prefix match errors on ambiguous matches
- logs JSON error format normalized to { ok: false, error }
- Overview: cyan for agent-specific access, green for globally open
Consolidation:
- canAccessCapability() and resolveAccess() extracted to agent-scope.ts
as single source of truth — removed 5 duplicated implementations from
mcp-server.ts, whoami.ts, doctor-bundle.ts, overview.ts, authority.ts
- validateTTL() and parseTTL() extracted to types.ts — removed duplicates
from capability.ts and tool-handlers.ts
Made-with: Cursor
Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
canAccessCapability/resolveAccessinagent-scope.ts) and TTL logic (2 → 1 sharedvalidateTTL/parseTTLintypes.ts)janee overview(cyan = agent-specific, green = globally open)Gotcha fixes
whoamianddoctor-bundlenow respect per-capabilityaccessfield--allowed-agents+--clear-agents,--access+--clear-access,--clear-rules+--allow/--deny)cap add --mode execwithout--allow-commandsnow errorsjanee add --timeout abcvalidates NaN/negative values--accesshelp text fixed (removed nonexistent "inherit" option)cap editwith no options now errors instead of silent success--accesswarning only fires for pre-existingallowedAgentsrevokeprefix match errors on ambiguous matcheslogsJSON error format normalized to{ ok: false, error }Consolidation
canAccessCapability()+resolveAccess()→src/core/agent-scope.ts(single source of truth, removed frommcp-server.ts,whoami.ts,doctor-bundle.ts,overview.ts,tool-handlers.ts,authority.ts)validateTTL()+parseTTL()→src/core/types.ts(removed fromcapability.ts,tool-handlers.ts)Test plan
janee overviewrenders correctly with color distinctioncap add --mode execwithout--allow-commandserrorscap editwith no flags errorsMade with Cursor