Skip to content

feat(cli): improve user-attended attestation mode warning#2628

Merged
Piskoo merged 3 commits into
chainloop-dev:mainfrom
Piskoo:improve-user-authenticated-attestation-message
Dec 18, 2025
Merged

feat(cli): improve user-attended attestation mode warning#2628
Piskoo merged 3 commits into
chainloop-dev:mainfrom
Piskoo:improve-user-authenticated-attestation-message

Conversation

@Piskoo

@Piskoo Piskoo commented Dec 18, 2025

Copy link
Copy Markdown
Contributor

This PR adds a warning to attestation init when running with user authentication instead of API tokens.

User token:

$ chainloop att init --project myproject --workflow multipolicy
WRN API contacted in insecure mode
WRN You are running in user-attended mode. For automated workflows, use an API token instead.
This command will run against the organization "myorg"
Please confirm to continue y/N
y
INF Attestation initialized! now you can check its status or add materials to it
┌───────────────────────────┬──────────────────────────────────────┐
│ Initialized At            │ 18 Dec 25 13:22 UTC                  │
├───────────────────────────┼──────────────────────────────────────┤
│ Attestation ID            │ 7597e05f-157a-48ac-98fe-3876cc39133f │
│ Organization              │ myorg                                │
│ Name                      │ multipolicy                          │
│ Project                   │ myproject                            │
│ Version                   │ v1.64.0+next (prerelease)            │
│ Contract                  │ myproject-multipolicy (revision 4)   │
│ Annotations               │ ------                               │
│                           │ environment: [NOT SET]               │
│ Policy violation strategy │ ADVISORY                             │
└───────────────────────────┴──────────────────────────────────────┘

Api token:

$ chainloop att init --project myproject --workflow multipolicy --token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
WRN API contacted in insecure mode
INF Attestation initialized! now you can check its status or add materials to it
┌───────────────────────────┬──────────────────────────────────────┐
│ Initialized At            │ 18 Dec 25 13:27 UTC                  │
├───────────────────────────┼──────────────────────────────────────┤
│ Attestation ID            │ a2e648e4-056e-4e02-889a-63099dc66a4b │
│ Organization              │ myorg                                │
│ Name                      │ multipolicy                          │
│ Project                   │ myproject                            │
│ Version                   │ v1.64.0+next (prerelease)            │
│ Contract                  │ myproject-multipolicy (revision 4)   │
│ Annotations               │ ------                               │
│                           │ environment: [NOT SET]               │
│ Policy violation strategy │ ADVISORY                             │
└───────────────────────────┴──────────────────────────────────────┘

Closes #2627

Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo marked this pull request as ready for review December 18, 2025 13:33
Comment thread app/cli/cmd/root.go Outdated
Piskoo and others added 2 commits December 18, 2025 19:21
Co-authored-by: Miguel Martinez Trivino <migmartri@gmail.com>
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo merged commit b6bfb35 into chainloop-dev:main Dec 18, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

improve user-authenticated attestation message

2 participants