Skip to content

Make pscale agent-friendly: JSON auth, sql command, AGENTS.md#1280

Open
no-itsbackpack wants to merge 5 commits into
mainfrom
cli/agent-onboarding
Open

Make pscale agent-friendly: JSON auth, sql command, AGENTS.md#1280
no-itsbackpack wants to merge 5 commits into
mainfrom
cli/agent-onboarding

Conversation

@no-itsbackpack

Copy link
Copy Markdown
Contributor

Summary

Automated agents and scripts can use pscale without a TTY by following AGENTS.md and passing --format json. This PR adds structured onboarding, a non-interactive SQL command, and guardrails against accidental destructive queries.

  • AGENTS.md — agent guide: flag placement (--org on subcommands, positionals before flags), auth workflow, pscale sql usage, destructive SQL approval flow. Uses placeholders only (<org>, <database>, <branch>).
  • pscale auth check --format json — reports status, authenticated, issues, and next_steps so agents know whether to log in, pick an org, or proceed.
  • pscale auth login --format json — device flow with pending JSON (verification_url, user_code, browser_opened); polls until approved without requiring an interactive shell.
  • pscale sql — run a single query without pscale shell. Default role is reader (unlike shell’s admin default). JSON response includes status, columns, rows, and next_steps on error.
  • Destructive SQL gating — queries containing DELETE, DROP, or TRUNCATE (word match) return status: action_required until the user approves and the agent re-runs with --force.
  • Shared helpersResolveAccessRole, PostgresInheritedRoles, and agent_steps next-step strings (correct flag order), shared by auth, sql, and shell.

Agent workflow

pscale auth check --format json
pscale org list --format json
pscale database list --org <org> --format json
pscale branch list <database> --org <org> --format json
pscale sql <database> <branch> --org <org> --format json --query "SELECT 1"

Test plan

  • go test ./internal/cmdutil/... ./internal/cmd/auth/... ./internal/cmd/sql/... ./internal/sqlquery/...
  • staticcheck / golangci-lint on changed packages
  • Manual: pscale auth check --format json on authenticated machine
  • Manual: pscale sql <database> <branch> --org <org> --format json --query "SELECT 1"
  • Manual: destructive query returns action_required JSON; --force required after user approval

Follow-ups

  • Global JSON consistency — extend structured status / issues / next_steps responses across other commands. Auth and sql use typed JSON envelopes today; most commands still emit a plain {"error": "..."} on stderr. A shared JSON error/onboarding helper would reduce per-command one-offs.

no-itsbackpack and others added 4 commits July 2, 2026 22:32
Extract ResolveAccessRole and PostgresInheritedRoles for shell and sql,
add agent next_steps command builders, JSONReportedError, and TryOpenBrowser.

Co-authored-by: Cursor <cursoragent@cursor.com>
auth check and login emit structured status, issues, and next_steps for
non-interactive device flow onboarding.

Co-authored-by: Cursor <cursoragent@cursor.com>
Run read/write SQL with JSON output, reader default role, and destructive
query gating that requires explicit user approval via --force.

Co-authored-by: Cursor <cursoragent@cursor.com>
Document flag placement, auth workflow, sql conventions, and destructive
query approval for any agent or script using the CLI.

Co-authored-by: Cursor <cursoragent@cursor.com>
@no-itsbackpack no-itsbackpack requested a review from a team as a code owner July 3, 2026 03:35

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default effort and found 3 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit f945d7d. Configure here.

Comment thread internal/cmd/auth/check.go Outdated
Comment thread internal/cmd/auth/login.go Outdated
Comment thread internal/cmd/auth/login.go Outdated
auth check exits non-zero for action_required (including NO_ORG), login
writes pending JSON to stderr and always emits a final stdout envelope
after credentials are saved, and org setup failures report ORG_SETUP_FAILED.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant