Skip to content

fix: warn on invalid auto-approve-risk header; require config in write tools#566

Open
thisrohangupta wants to merge 1 commit into
mainfrom
fix/auto-approve-risk-warn-and-required-config
Open

fix: warn on invalid auto-approve-risk header; require config in write tools#566
thisrohangupta wants to merge 1 commit into
mainfrom
fix/auto-approve-risk-warn-and-required-config

Conversation

@thisrohangupta

Copy link
Copy Markdown
Collaborator

Summary

Two hardening fixes for the write-tool security path (harvested from the still-valid #207, re-done cleanly on current main):

  • session-headers.ts — log a warn when X-Harness-Auto-Approve-Risk holds an unrecognized value (e.g. read, a typo) instead of silently falling back to the deployment default. A misconfigured client otherwise ends up with a different security posture than it intended, with zero signal. The offending value is surfaced in the log to aid debugging.
  • Write-tool registrars (harness_create, harness_update, harness_delete, harness_execute) — change config?: Configconfig: Config. registerAllTools always passes it (src/tools/index.ts), so optional was a type lie: a future caller could omit it and silently bypass HARNESS_READ_ONLY enforcement and the session auto-approve setting. The now-needless ?. guards at the read-only / auto-approve sites are simplified.

Context

The changes were originally proposed in #207 (a follow-up to #204 whose two review nits never merged). That PR is conflicting, CI-failing, and CLA-unblocked, so this re-implements the same intent on a fresh branch off main and fixes the stale test it flagged. #207 can be closed as superseded.

Test plan

  • pnpm build, pnpm typecheck
  • pnpm docs:generate && pnpm docs:check (README up to date)
  • Added session-headers.test.ts coverage: warns on an unrecognized value (surfacing it), does NOT warn on a valid value or when the header is absent
  • Updated all write-tool registrar call sites across the test suite to pass config (the previously-optional param)
  • Full suite green: 118 files, 2513 tests, 0 failures

🤖 Generated with Claude Code

…e tools

Two hardening fixes for the write-tool security path:

- session-headers.ts: log a warning when X-Harness-Auto-Approve-Risk holds an
  unrecognized value (e.g. "read", a typo) instead of silently falling back to
  the deployment default. A misconfigured client otherwise gets a different
  security posture than intended with no signal.
- harness_create/update/delete/execute: change `config?: Config` to
  `config: Config`. registerAllTools always passes it, so optional was a type
  lie — a future caller could omit it and silently bypass HARNESS_READ_ONLY
  enforcement and the session auto-approve setting. Drop the now-needless `?.`
  guards at the read-only / auto-approve sites.

Update test registrar call sites to pass config, and add coverage for the new
invalid-header warning.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

AI-Session-Id: 873eb9d0-994e-4bcb-bfd7-df508b18a0e3
AI-Tool: claude-code
AI-Model: unknown
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant