fix: adopt cli-engine 0.2.0 fail-closed auth; mark local commands no_auth#56
Merged
Conversation
…auth Upgrade the engine dependency to 0.2.0, whose authentication is now fail-closed by default (`AuthRequirement::Required`): the engine resolves a credential before a command runs unless the command opts out. Annotate every local-only command `no_auth(true)` so they keep working without authentication: - env: list, get, set, info (read/write ~/.gdenv) - actions: list, describe (local action-contract catalog) - api: list, describe, search (local API catalog; `api call` stays Required) - application: validate and the `add` subcommands (edit local godaddy.toml) Backend commands (application list/info/init/update/enable/disable/archive/ release/deploy, api call, webhook events) keep the default Required policy, so a forgotten annotation now over-prompts rather than running unauthenticated. Credential reads use the lazy `ctx.credential().await?` accessor. Regression tests: `env list` runs with no provider registered (local path), and `application list` fails closed with no provider (backend path). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Updates the Rust gddy CLI to cli-engine 0.2.0, adopting its fail-closed authentication model and explicitly opting local-only commands out of auth so they continue to work without an auth provider.
Changes:
- Upgraded
cli-enginedependency to0.2.xand updated credential access toctx.credential().await?. - Marked local-only commands as
no_auth(true)(env/actions/api-catalog/application validate + add subcommands). - Added regression tests to ensure local commands run without auth and backend commands remain fail-closed.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| rust/src/webhook/mod.rs | Switches from optional token to fail-closed ctx.credential().await? for authenticated webhook API call. |
| rust/src/env/mod.rs | Adds no_auth(true) to env commands and introduces a test ensuring env list runs with no auth provider. |
| rust/src/application/commands/mod.rs | Uses lazy credential accessor, adds no_auth(true) to local-only subcommands, and adds a fail-closed auth test. |
| rust/src/api_explorer/mod.rs | Marks API catalog commands no_auth(true); keeps api call authenticated and updates token retrieval. |
| rust/src/actions_catalog/mod.rs | Marks action catalog commands no_auth(true). |
| rust/Cargo.toml | Bumps cli-engine from 0.1.3 to 0.2.x. |
| rust/Cargo.lock | Locks cli-engine to 0.2.0 and updates transitive dependencies. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Address Copilot review on PR #56: the fail-closed test asserted only a non-zero exit, which could mask a later handler/network failure. Assert the auth-failure exit code (2) and that the rendered error names the missing provider, proving rejection happens at credential resolution before the handler runs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Address Copilot re-review on PR #56: relabel the misleading "stderr" panic message on the env test (the value is the rendered output), and name the hard-coded auth-failure exit code as AUTH_FAILURE_EXIT for clarity. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
runruh-godaddy
approved these changes
Jun 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
cli-engine 0.2.0 changes authentication to be fail-closed by default: every command is
AuthRequirement::Requiredunless it opts out, and the engine resolves a credential before the handler runs. This PR upgrades gddy to 0.2.0 and annotates the commands that must not authenticate.Stacked on
rust-port(#49); targets that branch sincemainis still the TypeScript CLI.Changes
cli-engine0.1.3 → 0.2.0 (removed the local[patch.crates-io]dev override).no_auth(true)on local-only commands so they keep running without auth:env: list, get, set, info (read/write~/.gdenv)actions: list, describe (local action-contract catalog)api: list, describe, search (local API catalog —api callstays Required)application: validate and theaddsubcommands (edit localgodaddy.toml)Required(default):application list/info/init/update/enable/disable/archive/release/deploy,api call,webhook events. A forgotten annotation now over-prompts rather than running unauthenticated.ctx.credential().await?accessor.Why these annotations matter
The fail-closed default is intentionally safe: forgetting
no_authonly causes an unnecessary auth prompt. The riskier mistake is marking a backend commandno_auth(true)— so the new tests guard the boundary in both directions.Tests
env::tests::env_list_runs_without_auth— local command succeeds with no provider registered.application::commands::tests::application_list_requires_auth— backend command fails closed with no provider (no network call).cargo fmt --checkandcargo clippy --all-targets -D warningsclean.🤖 Generated with Claude Code