feat(agent-bff): reject nested relation field paths in top-level list and count#1736
Open
nbouliol wants to merge 1 commit into
Open
Conversation
… and count Add a pure syntactic guard that rejects any top-level field path carrying the relation separator ":" with 422 relation_field_not_supported. Closes an agent authority gap where a relation-target field could be projected without the target collection browse/scope check. Guard + tests only; wiring into live list/count handlers belongs to the data-endpoints slice. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013GqCtMftj4gwCo2AwicMNL
|
Coverage Impact This PR will not change total coverage. Modified Files with Diff Coverage (2)
🛟 Help
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

What
Adds a pure, syntactic guard in
agent-bffthat rejects any top-level list/count field path carrying the relation separator:(e.g.company:name) with422 relation_field_not_supported.Why
The agent has an authority gap: a top-level
listchecks browse/scope on the top collection only (packages/agent/src/routes/access/list.ts), whereaslistRelatedbrowse-checks the foreign collection (list-related.ts). A relation-target field can thus be projected without the target collection browse/scope check. The BFF must not propagate that gap, so v1 rejects nested relation paths on top-level list/count outright.Scope
relationFieldNotSupported(fields)factory on the existingBffHttpErrorcontract — envelope{ error: { type, status, message, details: { fields } } },details.fieldsalways an array.assertNoRelationFieldPaths(paths)— throwing guard; offending paths deduped, first-seen order; direct-only and empty input pass through. Syntactic only (no schema/allow-list consulted).index.ts.Non-goals
listRelated/countRelated, allow-list validation, capabilities validation.Tests
10 focused unit tests: nested path in projection/filter/sort (list) and filter (count); multiple offending; single-as-array; dedupe + order; direct-field & empty pass-through; one
toErrorBodywire-envelope assertion. Fullagent-bffsuite green (374/374), lint clean.Fixes PRD-669
🤖 Generated with Claude Code
Note
Reject nested relation field paths in top-level list and count requests
assertNoRelationFieldPathsthat scans field paths for:(relation separator) and throws a 422 error listing the offending paths if any are found.relationFieldNotSupportederror factory producing aBffHttpErrorwith status 422, typerelation_field_not_supported, and the offending fields indetails.fields.Macroscope summarized 843b80c.