Skip to content

Harden Cursor CLI workflows#2

Draft
nehal-a2z wants to merge 1 commit into
mainfrom
nehal/harden-cli-workflows
Draft

Harden Cursor CLI workflows#2
nehal-a2z wants to merge 1 commit into
mainfrom
nehal/harden-cli-workflows

Conversation

@nehal-a2z

Copy link
Copy Markdown

What changed

  • remove the post-tool hook that inferred review completion from shell command text and cached stale clean state
  • require CodeRabbit CLI 0.6.5+, preserve native finding fields and severities, distinguish review_completed from review_skipped, and expose --light
  • ask before the installer writes user-global files, route native Windows users through WSL, and let review --agent own authentication
  • harden autofix around a clean worktree, immutable PR identity, exact head/review checks, approved commit and push destination, and post-push verification
  • add focused validator invariants for version consistency, review semantics, installation consent, and autofix write ordering
  • bump the plugin package to 0.1.2

Root cause

The plugin duplicated parts of the CLI contract in prose and in a post-tool hook. The hook classified command text and human-readable output rather than authoritative terminal NDJSON events, while the validator only checked that hook files existed. The autofix workflow also treated warnings as sufficient state checks and did not bind later writes to an immutable PR, commit, and destination.

User impact

  • skipped, failed, replayed, or help commands can no longer be presented as a clean review
  • review summaries only claim fields and scope the CLI actually emitted
  • installation is consented and authentication no longer runs a redundant identity preflight
  • autofix cannot silently include a dirty worktree, target a same-named PR, or claim success before the approved commit is verified on the PR

Validation

  • node --check scripts/validate-plugin.mjs
  • node scripts/validate-plugin.mjs
  • git diff --check

The focused plugin validator passes. No dependency install or broad build/lint/test loop was run.

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 8078fe85-2c25-4b72-a2a5-9bb56c579d53

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch nehal/harden-cli-workflows
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch nehal/harden-cli-workflows

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant