Skip to content

Fix trust command UX bugs (ANSI leak, error messages)#45

Merged
thebenignhacker merged 1 commit intomainfrom
fix/trust-ux-bugs
Mar 14, 2026
Merged

Fix trust command UX bugs (ANSI leak, error messages)#45
thebenignhacker merged 1 commit intomainfrom
fix/trust-ux-bugs

Conversation

@thebenignhacker
Copy link
Copy Markdown
Contributor

@thebenignhacker thebenignhacker commented Mar 14, 2026

Summary

  • Fix ANSI escape codes leaking in piped/non-TTY output
  • Show friendly "Package not found" message instead of raw JSON on 404
  • Show "File not found: " instead of raw ENOENT for missing files

Quality gate

  • Build passes (908 tests)
  • Pre-push review passed (phases 1-4, 7)
  • New-user walkthrough: 9/9 pass (fresh install, all modes tested)
  • Piped output verified clean (no escape codes via cat -v)

Test plan

  • hackmyagent trust express | cat -- no ANSI codes
  • hackmyagent trust nonexistent-pkg -- friendly not-found message
  • hackmyagent trust --audit missing.json -- friendly file-not-found

@thebenignhacker
Fix trust command UX bugs for non-TTY and error messages
b3c5cc9 
- Fix ANSI escape codes leaking when output is piped: isTTY is
  undefined (not false) in non-TTY contexts, so use !isTTY instead
  of === false
- Show friendly message for 404 errors instead of raw JSON body
- Catch ENOENT in parseDepsFile and show readable file-not-found error
github-actions[bot]
github-actions bot approved these changes Mar 14, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

VERDICT: APPROVE

SUMMARY: This PR contains three small UX improvements for the trust command: fixing ANSI escape code detection logic, adding friendly error messages for 404 responses (package not found, batch endpoint not found), and wrapping file I/O in a try-catch to show "File not found" instead of raw ENOENT. All changes are low-risk UX enhancements with no security implications.

DETAILED REVIEW

Change 1: ANSI escape code detection (line 94)

Before: process.stdout.isTTY === false
After: !process.stdout.isTTY

Analysis: Simplifies boolean check. Both are equivalent — isTTY is boolean | undefined, so !process.stdout.isTTY correctly handles both false and undefined cases.

Verification: No mitigation needed (style improvement, no security impact).

Change 2: Friendly 404 message for single package lookup (lines 4656-4658)

Before: Returns generic HTTP error message
After: Returns Package "{name}" not found in the OpenA2A Registry.

Analysis: HTTP response handling improvement. Only affects error messaging — does not change control flow or data handling.

Verification:

  • Checked for injection risk: name is passed directly to error message constructor, but this is safe because JavaScript Error messages are not interpreted as code.
  • The name parameter comes from CLI argument (line 4912) and is used in URL construction (line 4649), but URL encoding is handled by URLSearchParams (line 4646).

Mitigation check: No injection risk — Error constructor sanitizes strings.

Change 3: Friendly 404 message for batch endpoint (lines 4684-4686)

Before: Returns generic HTTP error message
After: Returns Registry batch endpoint not found. The registry may be unavailable.

Analysis: Static error message, no user input involved.

Verification: No security implications — message is hardcoded.

Change 4: Friendly file-not-found message (lines 4838-4846)

Before: Raw fs.readFileSync call without error handling
After: Wrapped in try-catch, checks for ENOENT and throws File not found: <path>

Analysis:

  • Path Traversal Check: The filePath parameter comes from opts.audit (line 4932), which is a CLI argument. However, this path is used ONLY for reading (never writing), and Node.js fs.readFileSync does not follow symlinks by default unless explicitly configured.
  • Error Message Injection: The path is included in the error message via template literal. JavaScript Error messages are not interpreted as code, so this is safe.
  • Race Condition: There is a TOCTOU gap between the file existence check (implicit in readFileSync) and the read operation, but this is acceptable for a read-only CLI tool scanning local files.

Verification:

  • Searched for path validation at call site (line 4932) — none present, but this is acceptable because:
    1. The command is trust --audit <file>, where the user explicitly provides a file path to audit
    2. The file is only READ, never written or executed
    3. Worst case: user provides a path outside the intended scope, but they can only read files they already have permission to read (no privilege escalation)

Mitigation check: Path traversal risk is acceptable for a read-only audit command. If the user provides --audit /etc/passwd, they would get a JSON parsing error, not a security breach.

CONCLUSION

All changes are purely cosmetic UX improvements with no security impact:

  1. ANSI detection fix is a style improvement
  2. 404 error messages are hardcoded or safely interpolated
  3. File-not-found handling improves error clarity without introducing vulnerabilities

No CRITICAL or HIGH findings. All changes improve user experience without compromising security.

Reviewed 1 files changed (1830 bytes)

@thebenignhacker thebenignhacker merged commit dc13824 into main Mar 14, 2026
1 check passed
@thebenignhacker thebenignhacker deleted the fix/trust-ux-bugs branch March 14, 2026 23:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thebenignhacker