BUG: [boundary-condition] Missing Validation for `--project` in `use_action` #3714

New issue

Open

opened 2026-04-05 22:17:06 +00:00 by freemo · 0 comments

freemo commented

2026-04-05 22:17:06 +00:00

Owner

Metadata

Branch: fix/boundary-condition-use-action-project-validation
Commit Message: fix(cli): validate --project names exist before building plan in use_action
Milestone: None (Backlog)
Parent Epic: #362

Background

The --project option (and positional projects argument) in the use_action function (src/cleveragents/cli/commands/plan.py, lines 1598–1936) accepts one or more project names to apply an action on. However, there is no validation to confirm that the specified project names actually exist before the function proceeds to build ProjectLink objects and create the plan.

If a user supplies an invalid or non-existent project name, the function silently passes the bad name downstream, where it may cause a PlanError, a repository lookup failure, or other unexpected runtime behaviour — with no clear, user-facing error message pointing to the invalid input.

This is a boundary-condition bug: the function does not enforce the precondition that all supplied project names must resolve to real projects.

Current Behaviour

# Merge positional projects and --project option
all_projects: list[str] = list(projects or []) + list(project or [])
...
# Build project links from project names — no existence check
project_links = [ProjectLink(project_name=p) for p in all_projects]

An invalid project name passes through unchecked, leading to a downstream PlanError or similar exception with a confusing error message.

Expected Behaviour

Before constructing ProjectLink objects, use_action should query ProjectService (or the equivalent repository) for each project name in all_projects. If any name does not resolve to an existing project, the function must raise a ValidationError (or surface a typer.BadParameter) with a clear, actionable message such as:

Project 'unknown-project' does not exist. Use `agents project list` to see available projects.

Suggested Fix

Add a fail-fast validation loop immediately after all_projects is assembled:

for project_name in all_projects:
    if not project_service.project_exists(project_name):
        raise typer.BadParameter(
            f"Project '{project_name}' does not exist.",
            param_hint="'--project' / 'projects'",
        )

Subtasks

Write a TDD issue-capture Behave scenario (tagged @tdd_expected_fail) that demonstrates the crash/unexpected behaviour when an invalid project name is supplied to use_action
Add project_exists (or equivalent) lookup to ProjectService / ProjectRepositoryProtocol if not already present
Implement fail-fast validation in use_action for all project names in all_projects before ProjectLink construction
Remove the @tdd_expected_fail tag and confirm the scenario passes
Add a Robot Framework integration test that exercises the invalid-project-name path end-to-end
Ensure all nox sessions pass (nox -e lint, nox -e typecheck, nox -e unit_tests, nox -e integration_tests, nox -e coverage_report)

Definition of Done

TDD issue-capture scenario exists and is tagged @tdd_expected_fail before the fix
use_action validates all project names against ProjectService before creating ProjectLink objects
A ValidationError / typer.BadParameter with a clear message is raised for any non-existent project name
The @tdd_expected_fail tag is removed and the Behave scenario passes green
Robot Framework integration test covers the invalid-project-name path
All nox stages pass
Coverage >= 97%

Backlog note: This issue was discovered during autonomous operation
on milestone None. It does not block milestone completion and has been
placed in the backlog for human review and future milestone assignment.

Automated by CleverAgents Bot
Supervisor: BUG-HUNT | Agent: ca-new-issue-creator

## Metadata - **Branch**: `fix/boundary-condition-use-action-project-validation` - **Commit Message**: `fix(cli): validate --project names exist before building plan in use_action` - **Milestone**: None (Backlog) - **Parent Epic**: #362 ## Background The `--project` option (and positional `projects` argument) in the `use_action` function (`src/cleveragents/cli/commands/plan.py`, lines 1598–1936) accepts one or more project names to apply an action on. However, there is no validation to confirm that the specified project names actually exist before the function proceeds to build `ProjectLink` objects and create the plan. If a user supplies an invalid or non-existent project name, the function silently passes the bad name downstream, where it may cause a `PlanError`, a repository lookup failure, or other unexpected runtime behaviour — with no clear, user-facing error message pointing to the invalid input. This is a boundary-condition bug: the function does not enforce the precondition that all supplied project names must resolve to real projects. ## Current Behaviour ```python # Merge positional projects and --project option all_projects: list[str] = list(projects or []) + list(project or []) ... # Build project links from project names — no existence check project_links = [ProjectLink(project_name=p) for p in all_projects] ``` An invalid project name passes through unchecked, leading to a downstream `PlanError` or similar exception with a confusing error message. ## Expected Behaviour Before constructing `ProjectLink` objects, `use_action` should query `ProjectService` (or the equivalent repository) for each project name in `all_projects`. If any name does not resolve to an existing project, the function must raise a `ValidationError` (or surface a `typer.BadParameter`) with a clear, actionable message such as: ``` Project 'unknown-project' does not exist. Use `agents project list` to see available projects. ``` ## Suggested Fix Add a fail-fast validation loop immediately after `all_projects` is assembled: ```python for project_name in all_projects: if not project_service.project_exists(project_name): raise typer.BadParameter( f"Project '{project_name}' does not exist.", param_hint="'--project' / 'projects'", ) ``` ## Subtasks - [ ] Write a TDD issue-capture Behave scenario (tagged `@tdd_expected_fail`) that demonstrates the crash/unexpected behaviour when an invalid project name is supplied to `use_action` - [ ] Add `project_exists` (or equivalent) lookup to `ProjectService` / `ProjectRepositoryProtocol` if not already present - [ ] Implement fail-fast validation in `use_action` for all project names in `all_projects` before `ProjectLink` construction - [ ] Remove the `@tdd_expected_fail` tag and confirm the scenario passes - [ ] Add a Robot Framework integration test that exercises the invalid-project-name path end-to-end - [ ] Ensure all nox sessions pass (`nox -e lint`, `nox -e typecheck`, `nox -e unit_tests`, `nox -e integration_tests`, `nox -e coverage_report`) ## Definition of Done - [ ] TDD issue-capture scenario exists and is tagged `@tdd_expected_fail` before the fix - [ ] `use_action` validates all project names against `ProjectService` before creating `ProjectLink` objects - [ ] A `ValidationError` / `typer.BadParameter` with a clear message is raised for any non-existent project name - [ ] The `@tdd_expected_fail` tag is removed and the Behave scenario passes green - [ ] Robot Framework integration test covers the invalid-project-name path - [ ] All nox stages pass - [ ] Coverage >= 97% > **Backlog note:** This issue was discovered during autonomous operation > on milestone None. It does not block milestone completion and has been > placed in the backlog for human review and future milestone assignment. --- **Automated by CleverAgents Bot** Supervisor: BUG-HUNT | Agent: ca-new-issue-creator

freemo added a new dependency

2026-04-05 22:17:22 +00:00

#362 Epic: Security & Safety Hardening

freemo referenced this issue

2026-04-05 22:22:42 +00:00

[Automated] CleverAgents Build Session - 2026-04-05 (Resumed) #3654