Skip to content

feat(add): add deny-build flag#730

Merged
jdx merged 2 commits into
mainfrom
codex/add-deny-build
May 17, 2026
Merged

feat(add): add deny-build flag#730
jdx merged 2 commits into
mainfrom
codex/add-deny-build

Conversation

@jdx

@jdx jdx commented May 15, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Owner

Summary

  • add repeatable aube add --deny-build=<pkg> to write reviewed denied lifecycle-build entries
  • forward the flag through global installs so strictDepBuilds=true can skip selected global package builds without failing
  • document the new flag and cover local/global add behavior with BATS tests

Closes discussion #726.

Tests

  • cargo check -p aube -p aube-manifest
  • cargo fmt --check
  • cargo build -p aube
  • cargo test -p aube test_cli_ordering
  • ./test/bats/bin/bats test/global_install.bats --filter 'aube add -g --deny-build=<pkg> marks a global dep'
  • ./test/bats/bin/bats test/lifecycle_scripts.bats --filter 'aube add --deny-build=<pkg> reviews and skips'
  • ./test/bats/bin/bats test/global_install.bats --filter 'aube add -g --allow-build=<pkg> pre-approves'
  • ./test/bats/bin/bats test/lifecycle_scripts.bats --filter 'aube add --allow-build=<pkg> selectively pre-approves'

Note

Medium Risk
Touches install-script review policy and aube add/global add flows; mistakes could unintentionally allow or block lifecycle scripts in strict build environments.

Overview
Adds a new repeatable aube add --deny-build=<pkg> flag that explicitly marks a dependency’s lifecycle scripts as reviewed and denied by writing allowBuilds.<pkg>=false before install (including -g global installs), enabling strictDepBuilds=true workflows that still skip selected builds.

Refactors manifest writing to support setting allowBuilds entries to either true or false, and introduces a new error code (ERR_AUBE_CONFLICTING_BUILD_FLAGS) plus validation to reject package names specified in both --allow-build and --deny-build.

Updates CLI usage/spec docs (aube.usage.kdl, docs/cli/add.md, commands.json, error-codes.data.json) and adds BATS coverage for local/global deny behavior and conflict handling.

Reviewed by Cursor Bugbot for commit 11bb53f. Bugbot is set up for automated code reviews on this repo. Configure here.

@greptile-apps

greptile-apps Bot commented May 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Greptile Summary

Adds a repeatable --deny-build=<pkg> flag to aube add that writes allowBuilds: { <pkg>: false } before install, letting strictDepBuilds=true accept explicitly-reviewed skip decisions without erroring. The flag is forwarded through the workspace-filtered and add -g code paths and is enforced against --allow-build via a new runtime overlap check with a dedicated error code.

  • set_allow_builds(path, names, allow: bool) replaces the old add_to_allow_builds with a thin backward-compat wrapper; both YAML and package.json branches updated.
  • reject_conflicting_build_flags is called in both run() and run_filtered() before any manifest mutation, so a conflict can't leave files half-written.
  • BATS coverage added for local deny-build, global deny-build, and the allow/deny conflict rejection path.

Confidence Score: 5/5

Safe to merge — the change is localized to CLI flag handling and config writes with no mutation before the conflict guard fires.

All three code paths (local, filtered, global) correctly thread the new flag and validate it before touching any files. The manifest helper refactor is backward-compatible and mechanically simple. Tests cover the new behavior end-to-end.

No files require special attention.

Important Files Changed

Filename Overview
crates/aube/src/commands/add.rs Adds deny_build Vec field to AddArgs, forwards it through global/filtered paths, and adds reject_conflicting_build_flags guard; logic is correct and symmetric with allow_build handling
crates/aube-manifest/src/workspace.rs Refactors add_to_allow_builds into a set_allow_builds(allow: bool) helper; backward-compat wrapper preserved; both YAML and package.json paths updated correctly
crates/aube-codes/src/errors.rs Adds ERR_AUBE_CONFLICTING_BUILD_FLAGS constant and CodeMeta entry; consistent with existing error code patterns
test/lifecycle_scripts.bats Adds three new BATS tests covering deny-build local add, conflict rejection, and allow-build companion; assertions align with runtime behavior
test/global_install.bats Adds global deny-build BATS test; uses per-test AUBE_HOME isolation; install_dir discovery via find is fine given teardown clears the temp dir

Reviews (2): Last reviewed commit: "fix(add): reject conflicting build revie..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 15, 2026
View reviewed changes
Comment thread docs/cli/add.md Outdated
@jdx jdx merged commit f3dbe71 into main May 17, 2026
18 checks passed
@jdx jdx deleted the codex/add-deny-build branch May 17, 2026 15:10
@chenrui333 chenrui333 mentioned this pull request May 17, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jdx