Migrate paywalled flags to entitlements #2024
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
4 issues found across 54 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="tests/temporal/test_durable_agent_workflow.py">
<violation number="1" location="tests/temporal/test_durable_agent_workflow.py:65">
P3: Move the `tracecat.tiers` import to the module level to follow the repository rule against function-level imports.</violation>
</file>
<file name="tests/unit/test_validation.py">
<violation number="1" location="tests/unit/test_validation.py:972">
P3: Move this import to module scope to follow the project rule against function-level imports (avoids hidden import side effects and keeps import ordering consistent).</violation>
</file>
<file name="tracecat/registry/actions/schemas.py">
<violation number="1" location="tracecat/registry/actions/schemas.py:459">
P2: RegistryActionUpdate.from_bound does not propagate the new required_entitlements option, so updates built from a bound action will clear entitlements. Include required_entitlements in the options mapping to avoid losing this metadata.</violation>
</file>
<file name="tracecat/validation/service.py">
<violation number="1" location="tracecat/validation/service.py:402">
P2: Avoid raising a ValueError for missing organization_id inside validation; it will bubble up as a 500. Treat this as a validation failure by defaulting to not entitled and letting the existing ValidationDetail path return a user-facing error instead.
(Based on your team's feedback about error handling posture.) [FEEDBACK_USED]</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| loc=(act_stmt.ref, "tool_approvals"), | ||
| if agent_approvals_entitled is None: | ||
| if role.organization_id is None: | ||
| raise ValueError( |
Contributor
There was a problem hiding this comment.
P2: Avoid raising a ValueError for missing organization_id inside validation; it will bubble up as a 500. Treat this as a validation failure by defaulting to not entitled and letting the existing ValidationDetail path return a user-facing error instead.
(Based on your team's feedback about error handling posture.)
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tracecat/validation/service.py, line 402:
<comment>Avoid raising a ValueError for missing organization_id inside validation; it will bubble up as a 500. Treat this as a validation failure by defaulting to not entitled and letting the existing ValidationDetail path return a user-facing error instead.
(Based on your team's feedback about error handling posture.) </comment>
<file context>
@@ -390,23 +392,31 @@ async def validate_dsl_actions(
- loc=(act_stmt.ref, "tool_approvals"),
+ if agent_approvals_entitled is None:
+ if role.organization_id is None:
+ raise ValueError(
+ "Role must have organization_id to validate entitlements"
+ )
</file context>
| """Enable agent approvals feature flag for all tests in this module.""" | ||
| def enable_agent_approvals_entitlement(monkeypatch): | ||
| """Enable agent approvals entitlement for all tests in this module.""" | ||
| from tracecat.tiers import defaults as tier_defaults |
Contributor
There was a problem hiding this comment.
P3: Move the tracecat.tiers import to the module level to follow the repository rule against function-level imports.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/temporal/test_durable_agent_workflow.py, line 65:
<comment>Move the `tracecat.tiers` import to the module level to follow the repository rule against function-level imports.</comment>
<file context>
@@ -57,17 +56,18 @@
- """Enable agent approvals feature flag for all tests in this module."""
+def enable_agent_approvals_entitlement(monkeypatch):
+ """Enable agent approvals entitlement for all tests in this module."""
+ from tracecat.tiers import defaults as tier_defaults
+
monkeypatch.setattr(
</file context>
| # Ensure feature flag disabled | ||
| monkeypatch.setattr(config, "TRACECAT__FEATURE_FLAGS", set()) | ||
| # Ensure entitlement disabled | ||
| from tracecat.tiers import defaults as tier_defaults |
Contributor
There was a problem hiding this comment.
P3: Move this import to module scope to follow the project rule against function-level imports (avoids hidden import side effects and keeps import ordering consistent).
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/unit/test_validation.py, line 972:
<comment>Move this import to module scope to follow the project rule against function-level imports (avoids hidden import side effects and keeps import ordering consistent).</comment>
<file context>
@@ -965,13 +963,21 @@ async def test_validate_dsl_with_optional_oauth_credentials(
- # Ensure feature flag disabled
- monkeypatch.setattr(config, "TRACECAT__FEATURE_FLAGS", set())
+ # Ensure entitlement disabled
+ from tracecat.tiers import defaults as tier_defaults
+
+ monkeypatch.setattr(
</file context>
Contributor
|
Found 1 test failure on Blacksmith runners: Failure
|
daryllimyt
force-pushed
the
refactor/migrate-flags-to-entitlements
branch
from
c04ec8c to
d8cd821
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Testing
uv run ruff check .uv run pyright tracecat/registry/actions/service.py tracecat/registry/actions/schemas.py tracecat/registry/actions/bound.py tracecat/registry/repository.py tracecat/api/app.py tests/unit/test_registry.py packages/tracecat-registry/tracecat_registry/_internal/registry.py packages/tracecat-registry/tracecat_registry/config.py packages/tracecat-registry/tracecat_registry/core/ee/__init__.py packages/tracecat-registry/tracecat_registry/core/ee/durations.py packages/tracecat-registry/tracecat_registry/core/ee/tasks.py packages/tracecat-registry/tracecat_registry/core/agent.py alembic/versions/a91c2b7d4e3f_add_required_entitlements_to_registry_actions.pypnpm -C frontend generate-client-ciuv run pytest tests/unit/test_registry.py(fails: missingTRACECAT__SERVICE_KEYin env)Rollout / Risk
Issue
Screenshots
Summary by cubic
Migrated paywalled feature flags to organization tier entitlements and enforced gating across backend APIs, registry UDFs, and frontend UI. This aligns EE feature access with org tiers and prevents accidental exposure.
Refactors
Migration
Written for commit b9638a1. Summary will update on new commits.