fix: warn on invalid auto-approve-risk header; make config required in write tools#207
fix: warn on invalid auto-approve-risk header; make config required in write tools#207sunilgattupalle wants to merge 1 commit into
Conversation
…d in write tool registrars Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> AI-Session-Id: e99a0003-1e04-4235-896a-f22400d45734 AI-Tool: claude-code AI-Model: unknown
|
|
|
Both fixes here are still valid and needed on Since this branch is conflicting + CI-failing + CLA-unblocked, I re-implemented the same two changes cleanly on a fresh branch off Suggest closing this as superseded by #566 — leaving that to you since it's your PR. |
Summary
Follow-up to #204 — two review nits that were in a commit on the PR branch but didn't make it into the merge.
session-headers.ts: log awarnwhenX-Harness-Auto-Approve-Riskcontains an unrecognized value (e.g."read", typos) instead of silently falling back to the deployment default. Prevents confusing silent behavior where a misconfigured client gets a different security posture than intended.harness_create,harness_update,harness_delete,harness_execute): changeconfig?: Config→config: Config. The parameter is always passed byregisterAllTools— making it optional was a type lie that would let future callers omit it and silently use the process-global auto-approve default instead of the session value.Test plan
pnpm typecheckpassespnpm testpassesX-Harness-Auto-Approve-Risk: readheader in an HTTP session logs a warning and uses the deployment default🤖 Generated with Claude Code