Skip to content

Fix scoped IDP updates and remote pipeline input overrides#613

Draft
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/critical-bug-investigation-c07b
Draft

Fix scoped IDP updates and remote pipeline input overrides#613
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/critical-bug-investigation-c07b

Conversation

@cursor

@cursor cursor Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Description

Fixes two critical correctness bugs found during recent-commit investigation:

  • idp_entity get/update path construction now honors explicit resource_scope and otherwise defaults to configured HARNESS_ORG / HARNESS_PROJECT when available. This prevents a common harness_list -> harness_update(resource_id, params.kind) flow from accidentally PUTing /v1/entities/account/... and overwriting an account-scoped entity with the same kind/id instead of the project entity the agent just listed.
  • Pipeline runtime input auto-resolution now uses pipeline_branch ?? branch when fetching the runtime input template, matching the input-set GET and final execute request. This prevents remote pipeline runs that combine input_set_ids, flat inline overrides, and pipeline_branch from resolving overrides against the default-branch template while executing a feature branch.

Added regressions for the public IDP update path, explicit account-scope suppression, and full remote pipeline helper branch parity.

Type of Change

  • Bug fix
  • New feature
  • Refactor
  • Documentation
  • Other

Checklist

  • pnpm test passes
  • pnpm typecheck passes
  • pnpm build passes
  • pnpm standards:check passes (architecture guardrails — see docs/coding-standards.md)
  • pnpm docs:check passes (if registry/tool counts changed)

Coding Standards (registry-driven MCP model)

If this PR adds or changes Harness API coverage:

  • No new server.registerTool() calls — only toolset definitions in src/registry/toolsets/
  • Toolset registered in ALL_TOOLSETS and ToolsetName union
  • operationPolicy on every new/changed endpoint
  • Shared response extractors from src/registry/extractors.ts (no raw passthrough on real endpoints)
  • identifierFields and scope declared on new resources
  • No console.log() in src/ (stdio JSON-RPC safety)

Not applicable: no new toolset/resource registration was added.

Open in Web View Automation 

cursoragent and others added 2 commits July 13, 2026 11:10
Co-authored-by: Rohan Gupta <thisrohangupta@users.noreply.github.com>
Co-authored-by: Rohan Gupta <thisrohangupta@users.noreply.github.com>
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants