Skip to content

fix: validate non_interactive config and fail closed (L-1)#73

Merged
jkyberneees merged 1 commit into
mainfrom
fix/l1-noninteractive-validation
Jul 18, 2026
Merged

fix: validate non_interactive config and fail closed (L-1)#73
jkyberneees merged 1 commit into
mainfrom
fix/l1-noninteractive-validation

Conversation

@jkyberneees

Copy link
Copy Markdown
Contributor

Closes L-1.

Changes:

  • Add danger.ParseNonInteractiveAction which accepts only allow / deny; any other value (including the previously accepted prompt) returns Deny.
  • Update DangerousConfig.NonInteractiveAction() to use the strict parser so headless runs cannot accidentally auto-approve.
  • Update internal/config/loader.go::resolveDangerous to validate the top-level non_interactive value at load time, warn, and floor invalid values to deny.
  • Leave schedule dangerous config unvalidated at resolve time; it is already floored to deny at runtime by buildHeadlessDangerConfig.
  • Add regression tests in internal/danger/classifier_test.go and internal/config/loader_test.go.
  • Update AGENTS.md and docs/SECURITY.md.

Tested with go test ./... -count=1.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 18, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
odek 2df95aa Commit Preview URL

Branch Preview URL
Jul 18 2026, 02:11 PM

@jkyberneees
jkyberneees merged commit dd2f914 into main Jul 18, 2026
5 of 7 checks passed
@jkyberneees
jkyberneees deleted the fix/l1-noninteractive-validation branch July 18, 2026 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant