CLI: Update SDK and add auth connections commands #102
Conversation
- Updated kernel-go-sdk from v0.28.0 to v0.29.0 - Added 1280x800@60 to available viewport configurations to match SDK update - Updated viewport test to reflect the new viewport option SDK release notes: - Add support for 1280x800@60 viewport - Add convenient param.SetJSON helper
- Update kernel-go-sdk from v0.29.0 to v0.30.0 - Add --status flag for browser list (active, deleted, all) - Add --async-timeout flag for invoke command SDK bump triggered by: kernel/kernel-go-sdk@6ca29d2
rgarcia
changed the title
|
🔧 CI Fix Available I've pushed a fix for the CI failure. The test |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| } | ||
| if asyncTimeout > 0 { | ||
| params.AsyncTimeoutSeconds = kernel.Opt(asyncTimeout) | ||
| } |
There was a problem hiding this comment.
Missing validation for async-timeout documented bounds
Low Severity
The --async-timeout flag help text states "(min 10, max 3600)" but the code only checks if asyncTimeout > 0 before passing the value to AsyncTimeoutSeconds. This allows values like 5 (below minimum) or 10000 (above maximum) to be sent to the API. Users relying on the documented constraints would expect invalid values to be rejected by the CLI with a helpful error.
Additional Locations (1)
The viewport '1280x800@60' was added twice: - Once in commit 899caee (SDK v0.29.0 update) - Again in commit 4d9565b (feat: add 1280x800 viewport support #97) This resulted in 8 items in getAvailableViewports() while the test expected 7 items, causing test failures. Also removes the duplicate assertion in the test file. Co-authored-by: mason <mason@onkernel.com>
Adds CLI support for the SDK's InvocationService.ListBrowsers() method which returns all active browser sessions created within a specific invocation. Usage: kernel invoke browsers <invocation_id> [--output json] Co-authored-by: mason <mason@onkernel.com>
…mand - Update github.com/kernel/kernel-go-sdk from v0.30.0 to v0.32.0 - Add `kernel credential-providers list-items <id>` command to list all credential items from an external provider - Fix breaking change: use Credential.Name instead of removed CredentialName field in AuthAgent display output Co-authored-by: Cursor <cursoragent@cursor.com>
rgarcia
changed the title
Add CLI commands for the new Auth.Connections SDK service: - kernel auth connections create: Create managed auth for profile/domain - kernel auth connections get: Get managed auth by ID - kernel auth connections list: List managed auths - kernel auth connections delete: Delete managed auth - kernel auth connections login: Start login flow - kernel auth connections submit: Submit field values to login flow - kernel auth connections follow: Follow login flow events via SSE Also bump SDK to latest version (c90e1da19efb). Co-authored-by: Cursor <cursoragent@cursor.com>
kernel-internal
bot
changed the title
This comment has been minimized.
This comment has been minimized.
- Update kernel-go-sdk to v0.33.0 (commit 4719594652b863858cb7492ca78adbb850a10552) - Remove agents.go as the AgentAuth API has been removed from SDK - Fix auth_connections.go to use correct SDK field names: - Use ManagedAuthCreateRequestProxyParam.ID instead of ProxyID - Update AuthConnectionLoginInput to use Proxy params instead of SaveCredentialAs - Add proxy-id and proxy-name flags to auth connections login command Co-authored-by: Cursor <cursoragent@cursor.com>
- Return error instead of nil in runInvocationBrowsers on API failure - Add nil check on resp before accessing resp.Browsers - Add nil check on SSE stream before defer Close in Follow - Fix indentation in invoke SSE event handling Co-authored-by: Cursor <cursoragent@cursor.com>
| SubmitFieldsRequest: kernel.SubmitFieldsRequestParam{ | ||
| Fields: in.FieldValues, | ||
| }, | ||
| } |
There was a problem hiding this comment.
Submit sends empty fields map for MFA-only requests
Low Severity
Fields is always set to in.FieldValues, which is a non-nil empty map[string]string (from make(map[string]string) in the cobra handler) when no --field flags are provided. This causes "fields": {} to be serialized in the request body even when only --mfa-option-id or --sso-button-selector is intended. Depending on API validation, this empty object may cause request rejection. Fields could be set conditionally only when hasFields is true.
This comment has been minimized.
This comment has been minimized.
- Fix auth exempt check so `auth connections` subcommands get an authenticated client (only `kernel auth` itself is exempt) - Add --proxy-name to create (parity with login command) - Add --no-save-credentials to create (defaults to saving) Co-authored-by: Cursor <cursoragent@cursor.com>
| CredentialAuto bool | ||
| ProxyID string | ||
| ProxyName string | ||
| SaveCredentials bool |
There was a problem hiding this comment.
Unused SaveCredentials field in create input struct
Low Severity
The SaveCredentials field in AuthConnectionCreateInput is defined but never set or read anywhere. Only NoSaveCredentials is populated from the --no-save-credentials flag and checked in Create. The SaveCredentials field is dead code that adds confusion about the intended API surface.
|
Bugbot Autofix prepared fixes for 1 of the 1 bugs found in the latest run.
Or push these changes by commenting: Preview (5094132f7e)diff --git a/cmd/auth_connections.go b/cmd/auth_connections.go
--- a/cmd/auth_connections.go
+++ b/cmd/auth_connections.go
@@ -42,8 +42,7 @@
CredentialAuto bool
ProxyID string
ProxyName string
- SaveCredentials bool
- NoSaveCredentials bool
+ NoSaveCredentials bool
HealthCheckInterval int
Output string
} |
3 participants
Summary
kernel agents authcommand group since theAgentAuthAPI was removed from the SDKkernel auth connectionsto use correct SDK field names after API refactoring--proxy-idand--proxy-nameflags tokernel auth connections loginkernel auth connectionscommand group for the managed auth API:create: Create managed auth for profile/domain combinationget: Get managed auth by IDlist: List managed authsdelete: Delete managed authlogin: Start login flowsubmit: Submit field values to login flowfollow: Follow login flow events via SSEcredential-providers list-itemscommandTest plan
go build ./...)go test ./...)kernel auth connections --helpshows all subcommandskernel auth connections create --helpshows all flagsSDK Version
github.com/kernel/kernel-go-sdk@4719594652b863858cb7492ca78adbb850a10552(v0.33.0)Note
Medium Risk
Medium risk due to the SDK upgrade plus removal/rewiring of CLI command groups and flags, which can break existing scripts and alter API request parameters (auth connections, browsers listing, invocation behavior). No direct credential-handling logic changes beyond new plumbing to the updated SDK APIs.
Overview
SDK bump to
kernel-go-sdk@v0.33.0and CLI surface changes. Removes the entirekernel agentscommand group (including the automatedagents auth runflow) and stops registering it inroot.goto match the SDK’s removedAgentAuthAPI.Adds/updates managed auth workflows via
kernel auth connections. Introducesconnections create/get/list/delete/login/submit/followusing the new managed-auth (AuthConnection*) SDK types, including new--proxy-id/--proxy-nameonlogin, support for credential references by name/provider/path/auto, and SSE-basedfollow.Other CLI enhancements.
kernel browsers listgains a new--statusfilter (active|deleted|all) with--include-deleteddeprecated;kernel invokeadds--async-timeoutand a newinvoke browsers <invocation_id>to list browsers created by an invocation; andcredential-providersaddslist-items <id>backed by a newListItemsSDK call.Written by Cursor Bugbot for commit f014527. This will update automatically on new commits. Configure here.