feat(azdext): add output and logging helpers#2
Closed
jongio wants to merge 7 commits intofeature/ext-pr2-6945from
Closed
feat(azdext): add output and logging helpers#2jongio wants to merge 7 commits intofeature/ext-pr2-6945from
jongio wants to merge 7 commits intofeature/ext-pr2-6945from
Conversation
Implements Azure#6945 (P1-5/P1-6). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Implements Azure#6946 (P2-1/P2-2). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Propagate core fixes: mcp_security, pagination, resilient_http_client - Propagate helper fixes: config_helper, keyvault_resolver
…verflow - SSRFSafeRedirect: add DNS resolution for hostname redirects (fail-closed) to prevent bypass via attacker-controlled DNS pointing to private IPs - MCPSecurityPolicy.CheckURL: normalize IPv4-mapped IPv6 addresses before metadata host matching (blocks ::ffff:169.254.169.254 bypass) - retryAfterFromResponse: cap parsed value before multiplication to prevent integer overflow that could bypass maxRetryAfterDuration - keyvault_resolver: fix misleading error message about consecutive hyphens - Add regression tests for all hardened paths
This was referenced Mar 2, 2026
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
added a commit
that referenced
this pull request
Mar 5, 2026
- Prepend custom scope rules before defaults so overrides work (#1) - Redact URL query params in ScopeDetectorError to prevent leaking secrets (#2) - Add versioned User-Agent string, make configurable via ResilientClientOptions (#3) - Set done=true on Collect truncation to prevent surprise continuation (#4) - Add azdext SDK version constant (version.go) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
added a commit
that referenced
this pull request
Mar 6, 2026
) * feat(azdext): add P1 core extension primitives Implements Azure#6944 core primitives for token provider, scope detection, resilient HTTP client, and pagination with tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): harden P1 primitives after quality review Addresses MQ findings for Azure#6944: bounded response reads, nextLink SSRF protections, retry/body semantics, token-over-http guard, deterministic scope rules, and added regression tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: fix preflight blockers for PR1 Apply required gofmt and cspell updates so mage preflight passes for draft PR Azure#6954. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * security: harden core primitives against hack scan findings - mcp_security: tighten input validation and error handling - pagination: add bounds checking on page parameters - resilient_http_client: strengthen TLS config and timeout enforcement - resilient_http_client_test: add security-path test coverage * fix: address profile review findings for stacked PR Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): satisfy lint and cspell checks Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): remediate hack findings Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address copilot review feedback on PR 6954 - block hostname redirects that resolve to private/loopback IPs\n- return explicit nil-client error in stdHTTPDoer path\n- honor MaxRetries=0 as no retries; use negative as default sentinel\n- update TokenProvider usage snippet to current API\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address follow-up Copilot feedback on PR 6954 - tighten backoff jitter upper bound\n- require absolute HTTPS nextLink\n- return explicit oversized page response error\n- align OnBlocked docs with implemented actions\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: retrigger CI for PR Azure#6954 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: retrigger CI for transient external failures Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): address actionable main PR review items - remove mutable redirect lookup test hook via injected helper - document scope detector servicebus ambiguity and ACR scope semantics - use slices.Sort for deterministic custom rule ordering - clarify TokenProvider usage guidance Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): address remaining maintainer review items Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(agents): remove unrelated whitespace-only changes Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): redact blocked URL details in policy callback path Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): add x-ms-client-request-id and align resilient headers Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address PR review feedback from wbreza - Prepend custom scope rules before defaults so overrides work (#1) - Redact URL query params in ScopeDetectorError to prevent leaking secrets (#2) - Add versioned User-Agent string, make configurable via ResilientClientOptions (#3) - Set done=true on Collect truncation to prevent surprise continuation (#4) - Add azdext SDK version constant (version.go) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Owner
Author
|
Consolidated into single PR: Azure#7025 |
jongio
added a commit
that referenced
this pull request
Mar 13, 2026
- Use merged_at instead of merged for reliable merge detection (thread #1) - Expand isDocOnlyPr to handle doc-adjacent assets (thread #2) - Replace N+1 API calls with git.getTree for doc inventory (thread #3) - Fix README trigger types to match actual workflow config (thread #5) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
added a commit
that referenced
this pull request
Mar 13, 2026
- Pin actions to commit SHAs (actions/checkout, azure/login) - Cap all_open/list mode to MAX_PRS_PER_RUN=20 - Cap AI output: MAX_REASON_LENGTH=200, MAX_SUMMARY_LENGTH=500 - Add MAX_IMPACTS=15 to limit AI-generated impact count - Add MAX_CONTENT_SIZE_BYTES=50KB per doc file - Sanitize doc manifest content (titles, topics, headings) - Reject unknown repos from AI output (not just warn) - Validate repo format with regex (owner/repo) - Block path traversal in AI-returned paths - Sanitize PR title in log output (strip control chars) - Strip HTML from existing PR body in closeCompanionPrs - Remove error messages from tracking comment (prevent data leak) - Upper-bound PR number input to 999999 - Rename TRUSTED_DOC_INVENTORY to DOC_INVENTORY tag Red team findings addressed: #2, #5, Azure#6, Azure#8, Azure#9, Azure#10, Azure#11 Admin items remaining: #1 (env gating), #3 (token scope), #4 (OIDC vars) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
pushed a commit
that referenced
this pull request
Mar 25, 2026
* Add auth pre-flight validation for agents (Azure#7234) Add --check flag to 'azd auth token' for lightweight auth validation. Agents can call 'azd auth token --check' to validate authentication state with exit code 0 (valid) or non-zero (invalid) without producing standard output. This prevents costly retry loops where agents speculatively call auth token and parse errors. Enhance 'azd auth status --output json' to include expiresOn field, giving agents machine-readable token expiry information for proactive re-authentication. Improve LoginGuardMiddleware to wrap ErrNoCurrentUser with actionable ErrorWithSuggestion guidance, while preserving original error types for cancellations and transient failures. Changes: - cmd/auth_token.go: Add --check flag with early-exit validation - cmd/auth_token_test.go: Add 3 test cases (check success/failure/not-logged-in) - cmd/auth_status.go: Populate ExpiresOn from token validation - pkg/contracts/auth.go: Add ExpiresOn field to StatusResult - cmd/middleware/login_guard.go: Wrap ErrNoCurrentUser with suggestion Fixes Azure#7234 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: remove redundant branches, add expiresOn tests - Remove redundant 'if a.flags.check' branches in auth_token.go that duplicated the same return (Copilot review comment #2) - Add StatusResult JSON serialization tests verifying expiresOn is present when authenticated and omitted when unauthenticated (Copilot review comment #3) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor: replace auth token --check with auth status exit code (Azure#7234) Instead of adding a --check flag to the hidden 'auth token' command, make the existing 'auth status --output json' command agent-friendly: - Exit non-zero when unauthenticated in machine-readable mode, so agents can rely on exit code without parsing output - expiresOn field already added to StatusResult in this PR - Remove --check flag and its tests (net -90 lines) Agents can now validate auth with: azd auth status --output json # exit 0 + JSON with expiresOn = valid # exit 1 + JSON with status:unauthenticated = invalid This is more discoverable than a hidden flag on a hidden command. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove tmp/ from tracking, add to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert "Remove tmp/ from tracking, add to .gitignore" This reverts commit 7253f21. * Remove tmp/ files from PR (not part of Azure#7234) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: exit non-zero in both modes, fix double output Per @JeffreyCA feedback: - Return auth.ErrNoCurrentUser when unauthenticated in both JSON and interactive modes (exit non-zero in all cases) - In JSON mode, format output before returning error to avoid double-print - In interactive mode, show status UX then exit non-zero Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert non-zero exit for unauthenticated status Per @vhvb1989 feedback: unauthenticated is a valid result, not a command failure. Non-zero exit should only be for unexpected errors. The expiresOn and LoginGuardMiddleware improvements remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
pushed a commit
that referenced
this pull request
Mar 27, 2026
* Add auth pre-flight validation for agents (Azure#7234) Add --check flag to 'azd auth token' for lightweight auth validation. Agents can call 'azd auth token --check' to validate authentication state with exit code 0 (valid) or non-zero (invalid) without producing standard output. This prevents costly retry loops where agents speculatively call auth token and parse errors. Enhance 'azd auth status --output json' to include expiresOn field, giving agents machine-readable token expiry information for proactive re-authentication. Improve LoginGuardMiddleware to wrap ErrNoCurrentUser with actionable ErrorWithSuggestion guidance, while preserving original error types for cancellations and transient failures. Changes: - cmd/auth_token.go: Add --check flag with early-exit validation - cmd/auth_token_test.go: Add 3 test cases (check success/failure/not-logged-in) - cmd/auth_status.go: Populate ExpiresOn from token validation - pkg/contracts/auth.go: Add ExpiresOn field to StatusResult - cmd/middleware/login_guard.go: Wrap ErrNoCurrentUser with suggestion Fixes Azure#7234 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: remove redundant branches, add expiresOn tests - Remove redundant 'if a.flags.check' branches in auth_token.go that duplicated the same return (Copilot review comment #2) - Add StatusResult JSON serialization tests verifying expiresOn is present when authenticated and omitted when unauthenticated (Copilot review comment #3) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor: replace auth token --check with auth status exit code (Azure#7234) Instead of adding a --check flag to the hidden 'auth token' command, make the existing 'auth status --output json' command agent-friendly: - Exit non-zero when unauthenticated in machine-readable mode, so agents can rely on exit code without parsing output - expiresOn field already added to StatusResult in this PR - Remove --check flag and its tests (net -90 lines) Agents can now validate auth with: azd auth status --output json # exit 0 + JSON with expiresOn = valid # exit 1 + JSON with status:unauthenticated = invalid This is more discoverable than a hidden flag on a hidden command. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove tmp/ from tracking, add to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert "Remove tmp/ from tracking, add to .gitignore" This reverts commit 7253f21. * Remove tmp/ files from PR (not part of Azure#7234) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: exit non-zero in both modes, fix double output Per @JeffreyCA feedback: - Return auth.ErrNoCurrentUser when unauthenticated in both JSON and interactive modes (exit non-zero in all cases) - In JSON mode, format output before returning error to avoid double-print - In interactive mode, show status UX then exit non-zero Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert non-zero exit for unauthenticated status Per @vhvb1989 feedback: unauthenticated is a valid result, not a command failure. Non-zero exit should only be for unexpected errors. The expiresOn and LoginGuardMiddleware improvements remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
pushed a commit
that referenced
this pull request
Mar 27, 2026
* Add auth pre-flight validation for agents (Azure#7234) Add --check flag to 'azd auth token' for lightweight auth validation. Agents can call 'azd auth token --check' to validate authentication state with exit code 0 (valid) or non-zero (invalid) without producing standard output. This prevents costly retry loops where agents speculatively call auth token and parse errors. Enhance 'azd auth status --output json' to include expiresOn field, giving agents machine-readable token expiry information for proactive re-authentication. Improve LoginGuardMiddleware to wrap ErrNoCurrentUser with actionable ErrorWithSuggestion guidance, while preserving original error types for cancellations and transient failures. Changes: - cmd/auth_token.go: Add --check flag with early-exit validation - cmd/auth_token_test.go: Add 3 test cases (check success/failure/not-logged-in) - cmd/auth_status.go: Populate ExpiresOn from token validation - pkg/contracts/auth.go: Add ExpiresOn field to StatusResult - cmd/middleware/login_guard.go: Wrap ErrNoCurrentUser with suggestion Fixes Azure#7234 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: remove redundant branches, add expiresOn tests - Remove redundant 'if a.flags.check' branches in auth_token.go that duplicated the same return (Copilot review comment #2) - Add StatusResult JSON serialization tests verifying expiresOn is present when authenticated and omitted when unauthenticated (Copilot review comment #3) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor: replace auth token --check with auth status exit code (Azure#7234) Instead of adding a --check flag to the hidden 'auth token' command, make the existing 'auth status --output json' command agent-friendly: - Exit non-zero when unauthenticated in machine-readable mode, so agents can rely on exit code without parsing output - expiresOn field already added to StatusResult in this PR - Remove --check flag and its tests (net -90 lines) Agents can now validate auth with: azd auth status --output json # exit 0 + JSON with expiresOn = valid # exit 1 + JSON with status:unauthenticated = invalid This is more discoverable than a hidden flag on a hidden command. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove tmp/ from tracking, add to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert "Remove tmp/ from tracking, add to .gitignore" This reverts commit 7253f21. * Remove tmp/ files from PR (not part of Azure#7234) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: exit non-zero in both modes, fix double output Per @JeffreyCA feedback: - Return auth.ErrNoCurrentUser when unauthenticated in both JSON and interactive modes (exit non-zero in all cases) - In JSON mode, format output before returning error to avoid double-print - In interactive mode, show status UX then exit non-zero Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert non-zero exit for unauthenticated status Per @vhvb1989 feedback: unauthenticated is a valid result, not a command failure. Non-zero exit should only be for unexpected errors. The expiresOn and LoginGuardMiddleware improvements remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
pushed a commit
that referenced
this pull request
Mar 27, 2026
* Add auth pre-flight validation for agents (Azure#7234) Add --check flag to 'azd auth token' for lightweight auth validation. Agents can call 'azd auth token --check' to validate authentication state with exit code 0 (valid) or non-zero (invalid) without producing standard output. This prevents costly retry loops where agents speculatively call auth token and parse errors. Enhance 'azd auth status --output json' to include expiresOn field, giving agents machine-readable token expiry information for proactive re-authentication. Improve LoginGuardMiddleware to wrap ErrNoCurrentUser with actionable ErrorWithSuggestion guidance, while preserving original error types for cancellations and transient failures. Changes: - cmd/auth_token.go: Add --check flag with early-exit validation - cmd/auth_token_test.go: Add 3 test cases (check success/failure/not-logged-in) - cmd/auth_status.go: Populate ExpiresOn from token validation - pkg/contracts/auth.go: Add ExpiresOn field to StatusResult - cmd/middleware/login_guard.go: Wrap ErrNoCurrentUser with suggestion Fixes Azure#7234 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: remove redundant branches, add expiresOn tests - Remove redundant 'if a.flags.check' branches in auth_token.go that duplicated the same return (Copilot review comment #2) - Add StatusResult JSON serialization tests verifying expiresOn is present when authenticated and omitted when unauthenticated (Copilot review comment #3) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor: replace auth token --check with auth status exit code (Azure#7234) Instead of adding a --check flag to the hidden 'auth token' command, make the existing 'auth status --output json' command agent-friendly: - Exit non-zero when unauthenticated in machine-readable mode, so agents can rely on exit code without parsing output - expiresOn field already added to StatusResult in this PR - Remove --check flag and its tests (net -90 lines) Agents can now validate auth with: azd auth status --output json # exit 0 + JSON with expiresOn = valid # exit 1 + JSON with status:unauthenticated = invalid This is more discoverable than a hidden flag on a hidden command. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove tmp/ from tracking, add to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert "Remove tmp/ from tracking, add to .gitignore" This reverts commit 7253f21. * Remove tmp/ files from PR (not part of Azure#7234) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: exit non-zero in both modes, fix double output Per @JeffreyCA feedback: - Return auth.ErrNoCurrentUser when unauthenticated in both JSON and interactive modes (exit non-zero in all cases) - In JSON mode, format output before returning error to avoid double-print - In interactive mode, show status UX then exit non-zero Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert non-zero exit for unauthenticated status Per @vhvb1989 feedback: unauthenticated is a valid result, not a command failure. Non-zero exit should only be for unexpected errors. The expiresOn and LoginGuardMiddleware improvements remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
pushed a commit
that referenced
this pull request
Mar 27, 2026
* Add auth pre-flight validation for agents (Azure#7234) Add --check flag to 'azd auth token' for lightweight auth validation. Agents can call 'azd auth token --check' to validate authentication state with exit code 0 (valid) or non-zero (invalid) without producing standard output. This prevents costly retry loops where agents speculatively call auth token and parse errors. Enhance 'azd auth status --output json' to include expiresOn field, giving agents machine-readable token expiry information for proactive re-authentication. Improve LoginGuardMiddleware to wrap ErrNoCurrentUser with actionable ErrorWithSuggestion guidance, while preserving original error types for cancellations and transient failures. Changes: - cmd/auth_token.go: Add --check flag with early-exit validation - cmd/auth_token_test.go: Add 3 test cases (check success/failure/not-logged-in) - cmd/auth_status.go: Populate ExpiresOn from token validation - pkg/contracts/auth.go: Add ExpiresOn field to StatusResult - cmd/middleware/login_guard.go: Wrap ErrNoCurrentUser with suggestion Fixes Azure#7234 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: remove redundant branches, add expiresOn tests - Remove redundant 'if a.flags.check' branches in auth_token.go that duplicated the same return (Copilot review comment #2) - Add StatusResult JSON serialization tests verifying expiresOn is present when authenticated and omitted when unauthenticated (Copilot review comment #3) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor: replace auth token --check with auth status exit code (Azure#7234) Instead of adding a --check flag to the hidden 'auth token' command, make the existing 'auth status --output json' command agent-friendly: - Exit non-zero when unauthenticated in machine-readable mode, so agents can rely on exit code without parsing output - expiresOn field already added to StatusResult in this PR - Remove --check flag and its tests (net -90 lines) Agents can now validate auth with: azd auth status --output json # exit 0 + JSON with expiresOn = valid # exit 1 + JSON with status:unauthenticated = invalid This is more discoverable than a hidden flag on a hidden command. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove tmp/ from tracking, add to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert "Remove tmp/ from tracking, add to .gitignore" This reverts commit 7253f21. * Remove tmp/ files from PR (not part of Azure#7234) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: exit non-zero in both modes, fix double output Per @JeffreyCA feedback: - Return auth.ErrNoCurrentUser when unauthenticated in both JSON and interactive modes (exit non-zero in all cases) - In JSON mode, format output before returning error to avoid double-print - In interactive mode, show status UX then exit non-zero Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert non-zero exit for unauthenticated status Per @vhvb1989 feedback: unauthenticated is a valid result, not a command failure. Non-zero exit should only be for unexpected errors. The expiresOn and LoginGuardMiddleware improvements remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
pushed a commit
that referenced
this pull request
Mar 27, 2026
* Add auth pre-flight validation for agents (Azure#7234) Add --check flag to 'azd auth token' for lightweight auth validation. Agents can call 'azd auth token --check' to validate authentication state with exit code 0 (valid) or non-zero (invalid) without producing standard output. This prevents costly retry loops where agents speculatively call auth token and parse errors. Enhance 'azd auth status --output json' to include expiresOn field, giving agents machine-readable token expiry information for proactive re-authentication. Improve LoginGuardMiddleware to wrap ErrNoCurrentUser with actionable ErrorWithSuggestion guidance, while preserving original error types for cancellations and transient failures. Changes: - cmd/auth_token.go: Add --check flag with early-exit validation - cmd/auth_token_test.go: Add 3 test cases (check success/failure/not-logged-in) - cmd/auth_status.go: Populate ExpiresOn from token validation - pkg/contracts/auth.go: Add ExpiresOn field to StatusResult - cmd/middleware/login_guard.go: Wrap ErrNoCurrentUser with suggestion Fixes Azure#7234 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: remove redundant branches, add expiresOn tests - Remove redundant 'if a.flags.check' branches in auth_token.go that duplicated the same return (Copilot review comment #2) - Add StatusResult JSON serialization tests verifying expiresOn is present when authenticated and omitted when unauthenticated (Copilot review comment #3) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor: replace auth token --check with auth status exit code (Azure#7234) Instead of adding a --check flag to the hidden 'auth token' command, make the existing 'auth status --output json' command agent-friendly: - Exit non-zero when unauthenticated in machine-readable mode, so agents can rely on exit code without parsing output - expiresOn field already added to StatusResult in this PR - Remove --check flag and its tests (net -90 lines) Agents can now validate auth with: azd auth status --output json # exit 0 + JSON with expiresOn = valid # exit 1 + JSON with status:unauthenticated = invalid This is more discoverable than a hidden flag on a hidden command. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove tmp/ from tracking, add to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert "Remove tmp/ from tracking, add to .gitignore" This reverts commit 7253f21. * Remove tmp/ files from PR (not part of Azure#7234) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: exit non-zero in both modes, fix double output Per @JeffreyCA feedback: - Return auth.ErrNoCurrentUser when unauthenticated in both JSON and interactive modes (exit non-zero in all cases) - In JSON mode, format output before returning error to avoid double-print - In interactive mode, show status UX then exit non-zero Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert non-zero exit for unauthenticated status Per @vhvb1989 feedback: unauthenticated is a valid result, not a command failure. Non-zero exit should only be for unexpected errors. The expiresOn and LoginGuardMiddleware improvements remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
Links
Stack position
Stack / Merge Plan (Uber Plan)
This PR is Step 3 of 6 in the full rollout.
Required merge order
How to land this safely