feat(workspace): stale-credential sweep at workspace create#37
Closed
escherize wants to merge 7 commits into
Closed
feat(workspace): stale-credential sweep at workspace create#37escherize wants to merge 7 commits into
escherize wants to merge 7 commits into
Conversation
…oped grant The scoped token is the containment primitive for Option B: a parent credential on an agent's machine that can only do workspace CRUD, enforced server-side by default-deny scope middleware. - scope threads through discovery gating, dynamic client registration, the authorize URL, the stored credential, and refresh (which sends no scope parameter, so a refresh can never widen the grant) - pre-scope profile records resolve to mb:full, which is what every legacy login was minted with - workspace login is browser-OAuth only: --api-key, MB_API_KEY, and non-TTY contexts are refused so a key can't masquerade as scoped - a 403 on a scope-narrowed profile is enriched to name the scope and the fix instead of a bare "Forbidden." Refs GHY-4053
Tier 2 of the containment ladder: a stale full-power credential for the same parent (any api-key profile, any OAuth grant wider than mb:workspace-manager) would let a confused agent bypass the scoped token, so create refuses while one exists. Interactive runs offer revocation (local clear + best-effort server-side token revocation); non-interactive runs hard-refuse — --keep-existing-auth is the human-only override and is itself refused without a TTY. The profile the command runs as is exempt: it is in deliberate use, not lying around. connect gets the same sweep when it lands (GHY-4052). Refs GHY-4054
Newer oxlint flags helpers that capture nothing from their describe. Refs GHY-4053
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
Author
|
Consolidated into #39. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs GHY-4054 (Linear). Stacked on #33 + #34 (base shows #34's commits until it merges).
Tier 2 of the containment ladder: a stale full-power credential for the same parent (any api-key profile, any OAuth grant wider than
mb:workspace-manager) would let a confused agent bypass the workspace-scoped token, soworkspace createrefuses while one exists in the profile store.--keep-existing-authis the human-only override, itself refused without a TTY — an agent can never talk itself past the sweep.Known residual: the sweep sees the profile store only — env keys and
.envfiles are tier 1's (GHY-4059) and the attestation idea's territory.