fix(run-insights): reject empty --name "" instead of auto-generating#1600
fix(run-insights): reject empty --name "" instead of auto-generating#1600notgitika wants to merge 1 commit into
Conversation
Passing an explicit empty string for --name silently fell through to the
auto-generation path. Reject it with a ValidationError so the user gets a
clear "must not be empty" error instead of an opaque success with a
random name.
Also tightens the lookback-days error message to match the existing
service-side `^[a-zA-Z][a-zA-Z0-9_]{0,47}$` BatchEvaluationName contract.
github-actions
Bot
added
the
agentcore-harness-reviewing
agentcore-devx-automation
Bot
added
the
claude-security-reviewing
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-devx-automation
Bot
removed
the
claude-security-reviewing
Package TarballHow to installgh release download pr-1600-tarball --repo aws/agentcore-cli --pattern "*.tgz" --dir /tmp/pr-tarball
npm install -g /tmp/pr-tarball/aws-agentcore-0.20.2.tgz |
agentcore-cli-automation
left a comment
agentcore-cli-automation
left a comment
There was a problem hiding this comment.
Thanks for the fix — the empty-string bypass is a real bug worth catching. One change request before merge:
The empty---name check is placed outside runCliCommand, which breaks two behaviors the rest of this file relies on:
-
No telemetry on failure. Errors thrown inside
runCliCommandare classified and emitted ascli.command_runfailure events (seerunCliCommand→trackCommandRuninsrc/cli/telemetry/cli-command-run.ts). Throwing at line 402 bypasses that entirely, so therun.insightscommand never records this validation failure. Persrc/cli/telemetry/README.md, validation errors should flow through the telemetry-wrapped path. -
Breaks the
--jsoncontract.runCliCommandformats errors as{ success: false, error: ... }and exits 1 when--jsonis set. With the check outside the wrapper, the throw propagates to Commander's default handler, which prints a plain-text error / stack to stderr. Soagentcore run insights --name "" --jsonwill not produce parseable JSON on stdout, even though the PR description implies it does. (The manual test in the PR description only asserts the message text, not that stdout is valid JSON.)
The fix is to move the check inside the runCliCommand callback, right alongside the existing --lookback-days check (which this PR correctly leaves inside the wrapper):
await runCliCommand('run.job', !!cliOptions.json, async () => {
if (cliOptions.name !== undefined && cliOptions.name.trim() === '') {
throw new ValidationError('--name must not be empty. Omit the flag to auto-generate a name.');
}
const engine = createJobEngine(new ConfigIO());
// ...This matches the pattern used by run ingest further down in the same file (line 672-674), where --name validation is inside runCliCommand.
Two smaller observations (not blocking):
- No unit test was added for the new behavior. The existing test file only covers
validateLookbackDays. Sincecommand.tsxdoesn't have a test harness, that's understandable, but worth noting given this is a P1 bug-bash item. cliOptions.name?.trim() === ''also rejects whitespace-only names (e.g.--name " "), which is probably desirable but isn't called out in the PR description or message. Consider whether the user-facing message should mention whitespace, or whether to trim before validating againstNAME_PATTERN.
|
|
||
| if (cliOptions.name?.trim() === '') { | ||
| throw new ValidationError('--name must not be empty. Omit the flag to auto-generate a name.'); | ||
| } |
There was a problem hiding this comment.
This check is outside runCliCommand, which breaks two things:
-
Telemetry:
runCliCommandrecords failures viatrackCommandRun(src/cli/telemetry/cli-command-run.ts). Throwing here bypasses that, so this validation failure is never emitted as acli.command_runevent. Persrc/cli/telemetry/README.md, validation errors should be thrown inside the wrapper. -
--jsonoutput contract:runCliCommandformats errors as{ success: false, error: ... }on stdout when--jsonis set. Throwing outside means Commander's default handler prints plain text to stderr, soagentcore run insights --name "" --jsonwon't produce parseable JSON.
The fix is to move this block inside the runCliCommand callback (a few lines below), next to the existing --lookback-days validation. That's the same pattern used by run ingest at line 672-674.
await runCliCommand('run.job', !!cliOptions.json, async () => {
if (cliOptions.name !== undefined && cliOptions.name.trim() === '') {
throw new ValidationError('--name must not be empty. Omit the flag to auto-generate a name.');
}
const engine = createJobEngine(new ConfigIO());
// ...
github-actions
Bot
removed
the
agentcore-harness-reviewing
2 participants
Summary
agentcore run insights --name \"\"was silently accepted: the empty string slipped through the truthy check inresolveInsightsNameand the CLI auto-generated a name. Users who explicitly typed--name \"\"now get a clearValidationErrorinstead.--lookback-dayserror message wording to align with the service-sideBatchEvaluationNamecontract (^[a-zA-Z][a-zA-Z0-9_]{0,47}$) referenced inAgentCoreEvaluationCommonModel.Bug : "agentcore run insights --name "" is accepted — the CLI silently ignores the empty string and auto-generates a name."