Skip to content

Draft: remove tools if permissions are missing#24

Merged
timothedelion merged 4 commits intomainfrom
gg-hh/-/remove_tool_if_no_permission
Oct 23, 2025
Merged

Draft: remove tools if permissions are missing#24
timothedelion merged 4 commits intomainfrom
gg-hh/-/remove_tool_if_no_permission

Conversation

@GG-HH
Copy link
Copy Markdown
Member

@GG-HH GG-HH commented Oct 17, 2025

If permissions are not granted, do not display tools

@timothedelion
Copy link
Copy Markdown
Member

timothedelion commented Oct 17, 2025
edited
Loading

@GG-HH From my experience, the problem was not registering unusable tools, but just being blocked in the browser authentication flow (not able to click Continue) because we trigger it with permissions I can't obtain.

Does this fix solve this problem ?

image

@GG-HH
Copy link
Copy Markdown
Member Author

GG-HH commented Oct 17, 2025

No it doesn't, this is mostly a UX improvement but I don't know if we want to do this as it removes visibility over these tools.
I am also working on the server side to unblock the creation of a token if permissions are missing.

@timothedelion timothedelion force-pushed the gg-hh/-/remove_tool_if_no_permission branch from fbc866e to 2f111bf Compare October 23, 2025 10:51
@cursor
Copy link
Copy Markdown

cursor bot commented Oct 23, 2025

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

@cursor
Copy link
Copy Markdown

cursor bot commented Oct 23, 2025

Bug: Scope Delegation Causes Authentication Failures

The get_developer_scopes() function now delegates to get_secops_scopes(), causing it to request honeytoken scopes for SaaS instances. This can lead to OAuth authentication failures if developers lack permission to grant these scopes, preventing them from using the application. This behavior goes against the intent to hide unavailable tools after successful authentication.

Fix in Cursor Fix in Web

@cursor
Copy link
Copy Markdown

cursor bot commented Oct 23, 2025

Bug: Static Scopes Misalignment Across Client Instances

The default DEVELOPER_SCOPES are determined at module import time, not dynamically per client instance. This can lead to incorrect scopes being applied if a client's api_url (e.g., for self-hosted instances) differs from the environment's configuration. The module-level import of DEVELOPER_SCOPES is also unused.

Fix in Cursor Fix in Web

@timothedelion timothedelion force-pushed the gg-hh/-/remove_tool_if_no_permission branch 2 times, most recently from fc3b55c to efe0c26 Compare October 23, 2025 14:03
@timothedelion
Copy link
Copy Markdown
Member

timothedelion commented Oct 23, 2025

Works well :

image image

@timothedelion timothedelion force-pushed the gg-hh/-/remove_tool_if_no_permission branch from efe0c26 to f5c17ec Compare October 23, 2025 14:11
@timothedelion timothedelion merged commit 4bef3f0 into main Oct 23, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timothedelion timothedelion timothedelion approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GG-HH @timothedelion