fix: warn on invalid auto-approve-risk header; require config in write tools#566
Open
thisrohangupta wants to merge 1 commit into
Open
fix: warn on invalid auto-approve-risk header; require config in write tools#566thisrohangupta wants to merge 1 commit into
thisrohangupta wants to merge 1 commit into
Conversation
…e tools Two hardening fixes for the write-tool security path: - session-headers.ts: log a warning when X-Harness-Auto-Approve-Risk holds an unrecognized value (e.g. "read", a typo) instead of silently falling back to the deployment default. A misconfigured client otherwise gets a different security posture than intended with no signal. - harness_create/update/delete/execute: change `config?: Config` to `config: Config`. registerAllTools always passes it, so optional was a type lie — a future caller could omit it and silently bypass HARNESS_READ_ONLY enforcement and the session auto-approve setting. Drop the now-needless `?.` guards at the read-only / auto-approve sites. Update test registrar call sites to pass config, and add coverage for the new invalid-header warning. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> AI-Session-Id: 873eb9d0-994e-4bcb-bfd7-df508b18a0e3 AI-Tool: claude-code AI-Model: unknown
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two hardening fixes for the write-tool security path (harvested from the still-valid #207, re-done cleanly on current
main):session-headers.ts— log awarnwhenX-Harness-Auto-Approve-Riskholds an unrecognized value (e.g.read, a typo) instead of silently falling back to the deployment default. A misconfigured client otherwise ends up with a different security posture than it intended, with zero signal. The offending value is surfaced in the log to aid debugging.harness_create,harness_update,harness_delete,harness_execute) — changeconfig?: Config→config: Config.registerAllToolsalways passes it (src/tools/index.ts), so optional was a type lie: a future caller could omit it and silently bypassHARNESS_READ_ONLYenforcement and the session auto-approve setting. The now-needless?.guards at the read-only / auto-approve sites are simplified.Context
The changes were originally proposed in #207 (a follow-up to #204 whose two review nits never merged). That PR is conflicting, CI-failing, and CLA-unblocked, so this re-implements the same intent on a fresh branch off
mainand fixes the stale test it flagged. #207 can be closed as superseded.Test plan
pnpm build,pnpm typecheckpnpm docs:generate&&pnpm docs:check(README up to date)session-headers.test.tscoverage: warns on an unrecognized value (surfacing it), does NOT warn on a valid value or when the header is absentconfig(the previously-optional param)🤖 Generated with Claude Code