fix(cli): delete hard-fails on 426 guard; honest closing when --keep-data pointer save fails#170
Closed
LukasWodka wants to merge 1 commit into
Closed
fix(cli): delete hard-fails on 426 guard; honest closing when --keep-data pointer save fails#170LukasWodka wants to merge 1 commit into
LukasWodka wants to merge 1 commit into
Conversation
…data pointer save fails Addresses the two Cursor Bugbot findings still live on develop (raised on the develop->main PR #164 at commit 6cfb99e). The other three findings on #164 were already fixed on develop: --kubeconfig/--context threading and the --keep-data pointer clear by #165, the stale pointer after a failed wipe by #168. 1. HTTP 426 in the pre-offboard online guard is now a HARD failure. lookupClientStatus returning *api.UpgradeRequiredError was swallowed as a soft "couldn't check - continuing", proceeding into a destructive offboard on a CLI too old to talk to the backend. It now returns the upgrade signal immediately (mirrors `client status --wait`). --force still skips the whole guard by design; there the revoke call surfaces the same 426 as a hard error. 2. Under --keep-data, a failed cfg.Save() of the cleared active-client pointer now marks the offboard `degraded`, so the closing line no longer claims a clean offboard while the on-disk config still names the revoked client (parity with the wipe path, which already flagged it). Tests: TestDelete_Guard426_HardFails (426 -> hard error, no revoke, no teardown) and TestDelete_KeepData_SaveFails_HonestClosing (save-fail -> degraded closing, no clean-success line); both verified to fail without the fix. Full internal suite + go vet green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
Author
|
Closing as a duplicate of #169 (Asad), which landed the identical fix — 426 guard hard-fail + |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses the two Cursor Bugbot findings still live on
develop— both raised on thedevelop → mainpromotion PR #164 (commit6cfb99e). The other three findings on #164 were already resolved on develop:--kubeconfig/--contextthreading + the--keep-datapointer clear by #165, and the stale pointer after a failed wipe by #168. This closes the remaining two so a re-run of Bugbot on #164 comes back clean.1.
deleteguard softened HTTP 426 (Medium) — now a hard failureThe pre-offboard online guard called
lookupClientStatus, and on any error — including*api.UpgradeRequiredError(HTTP 426, CLI too old for the backend) — printed a soft "couldn't check — continuing" and proceeded into a destructive offboard. A too-old CLI can't reliably talk to tracebloc, so it now returns the upgrade signal immediately, matching howclient status --waittreats 426 (client.go).--forcestill skips the whole guard by design; on that path the revoke call surfaces the same 426 as a hard error.2.
--keep-datasave failure read as a clean offboard (High) — now flagged degradedAfter a successful revoke,
--keep-dataclears the active-client pointer in memory, but a failingcfg.Save()only warned — the on-disk config still named the now-revoked client, and the closing line still claimed a clean offboard. It now marks the rundegraded(parity with the wipe path, which already did this), so the closing message tells the truth.Tests
TestDelete_Guard426_HardFails— 426 from the guard → hard*api.UpgradeRequiredError, no revoke, no teardown.TestDelete_KeepData_SaveFails_HonestClosing— save-fail under--keep-data(config dir chmod'd read-only soLoadworks butSavecan'tCreateTemp) → degraded closing, warning present, no clean-success line.internal/...suite +go vetgreen.Not in scope (flagged separately)
removeSelfstill deletes any sibling file namedtbwith only atb != exeguard — no check that it's tracebloc's own symlink, so it can delete an unrelated~/.local/bin/tb. Bugbot didn't flag this; I found it in the FR review. It needs a symlink/target guard mirroringinstall.shplus a test rewrite, so I've kept it out of this Bugbot-scoped PR — happy to send it as a follow-up.Targets
developper convention; #164 (develop → main) picks these up on its next re-sync.🤖 Generated with Claude Code