Skip to content

fix(add): clarify --allow-build help and let it flip an existing deny#660

Merged
jdx merged 2 commits into
mainfrom
claude/great-yonath-e301f5
May 13, 2026
Merged

fix(add): clarify --allow-build help and let it flip an existing deny#660
jdx merged 2 commits into
mainfrom
claude/great-yonath-e301f5

Conversation

@jdx

@jdx jdx commented May 13, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Owner

Summary

Addresses Discussion #655: aube add --help rendered --allow-build as --allow-build[=<PKG>], where the bracketed [=<PKG>] reads as "value optional" but the bare form was rejected.

  • Help rendering fixed. Dropped the num_args = 0..=1 + default_missing_value wiring so --help now shows --allow-build=<PKG> (no brackets). Bare --allow-build now gets clap's standard equal sign is needed when assigning values to '--allow-build=<PKG>' diagnostic — clearer than the prior pnpm-verbatim "missing a package name" wording. The explicit empty form --allow-build= still goes through the validator and keeps pnpm's verbatim message.
  • --allow-build=<pkg> no longer errors on existing allowBuilds: <pkg>: false. It now flips the value silently. The flag is a deliberate user action; treating it as a conflict just forced users to hand-edit yaml for the same effect.
  • Doc comments trimmed. Stripped clap-internals commentary from the --allow-build field doc.
  • --ignore-scripts hidden where it's a no-op. Marked hide = true on add, import, and update. Still visible on version, pack, ci, and remove, where it actually does something.

Test plan

  • cargo clippy -p aube --all-targets -- -D warnings — clean
  • cargo fmt --check — clean
  • cargo test -p aube — 482 unit tests pass
  • Bats sweep over lifecycle_scripts.bats, allow_builds.bats, global_install.bats — no failures
  • aube add --help shows --allow-build=<PKG> (no brackets) and omits --ignore-scripts
  • aube version --help etc. still list --ignore-scripts

🤖 Generated with Claude Code

Note

Medium Risk
Changes how --allow-build is parsed and how it mutates allowBuilds, which affects whether dependency lifecycle scripts are allowed to run. Risk is mitigated by updated bats coverage, but it still touches script-approval behavior.

Overview
Tightens aube add --allow-build parsing so help/rendering matches the required --allow-build=<PKG> form and bare/space forms now fail with clap’s clearer “equal sign is needed” diagnostic (while --allow-build= still produces pnpm-verbatim wording).

Updates --allow-build=<pkg> application to overwrite existing allowBuilds entries (including flipping an existing false to true) instead of erroring on prior denies.

Hides no-op --ignore-scripts flags in add, import, and update, and regenerates CLI docs/spec JSON accordingly; tests are updated to reflect the new diagnostics and flip behavior.

Reviewed by Cursor Bugbot for commit 8149ffb. Bugbot is set up for automated code reviews on this repo. Configure here.

@jdx @claude
fix(add): clarify --allow-build help and let it flip an existing deny
98b8425 
Previously `aube add --help` rendered the flag as `--allow-build[=<PKG>]`
— the bracketed `[=<PKG>]` reads as "value optional" but the bare form
was rejected (Discussion #655). Dropped the `num_args = 0..=1` +
`default_missing_value` wiring so the help line now reads
`--allow-build=<PKG>` and bare gets clap's "equal sign is needed"
diagnostic. The explicit empty form `--allow-build=` still emits
pnpm's verbatim "missing a package name" message.

Also:

- `--allow-build=<pkg>` no longer errors when `allowBuilds: <pkg>: false`
  already exists. The user is passing the flag deliberately, so
  flipping the value is what they want; the prior "explicit deny
  conflict" check just forced them to hand-edit yaml to get the
  same effect.
- Trimmed the over-detailed doc comments on `--allow-build`.
- Hid `--ignore-scripts` on `add`, `import`, and `update` where it
  is a documented no-op (still visible on `version`, `pack`, `ci`,
  `remove`, where it actually does something).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@greptile-apps

greptile-apps Bot commented May 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR fixes the misleading --allow-build[=<PKG>] help rendering (dropping num_args = 0..=1 + default_missing_value so clap shows the required = form), changes the flag's conflict behavior so an existing allowBuilds: false entry is silently promoted to true rather than causing an error, and hides the no-op --ignore-scripts flag on add, import, and update.

  • add.rs / aube.usage.kdl: --allow-build argument wiring simplified; apply_allow_build_flags now delegates directly to add_to_allow_builds with AllowBuildsWriteMode::Approve, removing the pre-read conflict check. Bare --allow-build now gets clap's standard "equal sign is needed" diagnostic; explicit --allow-build= still reaches parse_allow_build_value and keeps the pnpm-verbatim message.
  • import.rs / update.rs: --ignore-scripts hidden with hide = true; still accepted for backwards-compatibility with wrapper scripts.
  • Tests / docs: Bats tests updated to expect the new clap error wording and the flip-not-error behaviour; generated CLI docs regenerated accordingly.

Confidence Score: 5/5

Safe to merge — changes are narrow, well-tested, and deliberate.

The core logic change (flipping a pre-existing allowBuilds: false to true instead of erroring) is intentional and handled entirely by the existing AllowBuildsWriteMode::Approve path in add_to_allow_builds, which already had unit tests covering the flip. The clap wiring change (dropping num_args = 0..=1 + default_missing_value) is straightforward and verified by updated bats tests. Hidden flags remain accepted at the parser level, so no wrapper-script breakage. No untested code paths, no security boundary changes.

No files require special attention.

Important Files Changed

Filename Overview
crates/aube/src/commands/add.rs Drops num_args = 0..=1 + default_missing_value, hides --ignore-scripts, and removes the conflict-check in apply_allow_build_flags in favour of a direct AllowBuildsWriteMode::Approve write that silently flips false → true.
test/lifecycle_scripts.bats Updates three tests to match the new clap error wording, removes the conflict-path sub-test from the --filter fixture, and replaces the "should error" test with a "should flip false → true" test including yaml and manifest assertions.
aube.usage.kdl Trims the --allow-build long_help, marks --ignore-scripts as hidden on add/import/update; all edits are consistent with the Rust-side changes.
docs/cli/commands.json Generated artifact: updates hide flags, trims help_long text, and corrects the import usage string to enumerate visible flags explicitly.

Reviews (2): Last reviewed commit: "test(add): make --allow-build flip-test ..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 13, 2026
View reviewed changes
Comment thread test/lifecycle_scripts.bats Outdated
@jdx @claude
test(add): make --allow-build flip-test grep tolerant of yaml quoting
8149ffb 
Established pattern in this file (lines 680, 890) uses `['"]?:` to
accept both quoted and bare yaml keys. The flip test I added in the
prior commit used the stricter `":` form, so if `add_to_allow_builds`
ever reserializes with a different quoting style the assertion would
silently pass `run` but fail `assert_success`. Caught in PR review.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@jdx jdx merged commit 2756a7a into main May 13, 2026
18 checks passed
@jdx jdx deleted the claude/great-yonath-e301f5 branch May 13, 2026 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jdx