Make sure warnings asking for approval are understood by agents#5239
Open
lennartkats-db wants to merge 13 commits into
Open
Make sure warnings asking for approval are understood by agents#5239lennartkats-db wants to merge 13 commits into
lennartkats-db wants to merge 13 commits into
Conversation
Adds a consent-token-based gating system for AI agents using destructive CLI flags (--force-lock, --auto-approve, --force). Includes agent detection via environment variables, improved error messages, and a `databricks agent consent` command. This commit preserves the original approach before simplification. Co-authored-by: Isaac
This reverts commit e70997b.
Error messages for --auto-approve, --force-lock, and --force previously instructed callers to add the flag (e.g., "please specify --auto-approve"). AI agents follow this literally and retry with the flag, destroying resources without human review. This change: - Rewrites error messages to explain consequences instead of instructing callers to add the flag - Detects AI agents via environment variables (Claude Code, Cursor, Codex, Cline, Gemini CLI, OpenCode, Antigravity) - Blocks agents from using --auto-approve, --force-lock, or --force with a clear error telling them to get human approval first Co-authored-by: Isaac
Instead of blocking agents from using --auto-approve/--force-lock/--force with a separate early gate, append an agent notice to the existing error messages. This way agents see the warning in context and are told not to retry with those flags without human approval. Also improves error messages to describe data loss consequences: - destroy: mentions schemas, pipelines, streaming tables, volume files - deploy: mentions schemas, pipelines, volumes may be permanently deleted - lock: explains risk of corrupting in-progress deployment Co-authored-by: Isaac
Replace custom agent detection with useragent.AgentProvider() from the Go SDK, which already detects AI agents via environment variables. Rephrase all error messages to lead with the situation, then explain what the flag does and its consequences, rather than assuming the reader already knows what the flag is for. Co-authored-by: Isaac
Tighten the wording of destructive-action error messages and rewrite AgentNotice to refer to "the flag suggested above" rather than listing all gated flags. The notice now says the operation may be irreversible rather than claiming data loss, which fits all sites (destroy, deploy, lock, git branch, dashboard, bind). Co-authored-by: Isaac
…Warning Move the "use --auto-approve" line to the end of the destroy/deploy error messages so the call to action follows the consequences. Extract the data-loss line into a shared DataLossWarning constant in bundle/phases, reused by both cmd/bundle/destroy and bundle/phases/deploy. Drop AgentNotice from the locker error: a lock conflict is an ops concern, not a destructive one. Reword "corrupt the other deployment" to "conflict with the other deployment". Reword bind no-tty error from "without confirmation, ... changes above" to "use --auto-approve after reviewing the plan above". Co-authored-by: Isaac
Contributor
Approval status: pending
|
lennartkats-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
lennartkats-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
The "^Error:" grep was filtering out the actionable second line
("To proceed, use --auto-approve after reviewing the plan above.").
Use sed to print from "Error:" to end of file.
Co-authored-by: Isaac
lennartkats-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
lennartkats-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
Co-authored-by: Isaac
lennartkats-db
changed the title
Co-authored-by: Isaac
- Drop the //nolint comment that was carried over from the original bind error (no longer needed with the rewritten message). - Remove the trailing period from the lock conflict error to satisfy ST1005 (error strings should not end with punctuation). Co-authored-by: Isaac
lennartkats-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
lennartkats-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
The earlier merge with main brought back engine/direct changelog entries that have since been released. Keep only the new entry for this PR. Co-authored-by: Isaac
lennartkats-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
lennartkats-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
This improves warnings like "current console does not support prompting. Please specify --auto-approve if you would like to skip prompts and proceed" for better understandability by agents. Right now there's risk they dismiss any warnings and proceed without human consent.
Tests