Skip to content

feat(team): Full CRUD operations and member management#10

Merged
azconger merged 7 commits intomainfrom
feature/team-management
Jan 19, 2026
Merged

feat(team): Full CRUD operations and member management#10
azconger merged 7 commits intomainfrom
feature/team-management

Conversation

@azconger
Copy link
Copy Markdown
Contributor

@azconger azconger commented Jan 19, 2026

Summary

This PR adds comprehensive team management capabilities to HawkOp, enabling both interactive use and programmatic scripting (SCIM-like automation).

New Commands (10 total)

  • CRUD: team list, team get, team create, team rename, team delete
  • Member Management: team add-user, team remove-user, team set-users
  • App Assignment: team add-app, team remove-app, team set-apps

Key Features

  • Flexible identifiers: Accept team names OR UUIDs, user emails OR UUIDs, app names OR UUIDs
  • Dry-run mode: --dry-run on all mutating commands to preview changes
  • SCIM-style sync: set-users and set-apps for IdP membership sync with diff display
  • Stdin support: Bulk operations via --stdin for scripting
  • Shell completions: Dynamic completions for teams, users, and apps
  • Cache safety: Fresh reads before mutations, cache invalidation after

API Quirks Documented

  • PUT /team/{id} is REPLACE-ALL, not PATCH - must send all 5 fields
  • Documented in .claude/skills/stackhawk-api-sherpa/dangerous-apis.md

Commits

  • feat(team): add full CRUD operations and member management
  • fix(cache): ensure fresh reads before team mutations
  • test(team): add mock client TeamApi and unit tests
  • style(cli): standardize navigation hints to use → arrow
  • feat(team): enhance team commands with pre-delivery polish
  • fix(api): include organization_id in team updates to prevent data loss
  • docs: add StackHawk API intelligence for Claude Code

Test Plan

  • cargo test - 186 tests pass
  • cargo clippy -- -D warnings - No warnings
  • Manual testing with ./tmp/test-team-commands.sh script
  • All 10 commands verified with real API

🤖 Generated with Claude Code

azconger and others added 7 commits January 17, 2026 21:01
@azconger @claude
docs: add StackHawk API intelligence for Claude Code
3f673d7 
Add comprehensive API reference and design workflow skill to help Claude
understand and navigate the StackHawk API when building HawkOp features.

Changes:
- Add .claude/context/stackhawk-api.md: comprehensive API reference
  - Documents all 51 endpoints with implementation status (✅/🔲)
  - Data model relationships diagram
  - API quirks and gotchas (string numbers, pagination, etc.)
  - Feature ideas for unimplemented endpoints

- Add .claude/skills/stackhawk-api-sherpa: API design workflow skill
  - Spec freshness checks with refresh instructions
  - User value assessment questions
  - Endpoint selection decision trees
  - CLI UX design integration with cli-designer
  - Implementation checklist and file patterns

- Update CLAUDE.md: reflect current v0.4.0 state
  - Fix Rust edition: 2021 → 2024
  - Add tech stack section with all dependencies
  - Update project structure with cache/, args/, handlers/
  - Add cache commands and --no-cache flag
  - Add configuration section with env vars and precedence

- Remove .claude/context.md: consolidate to standard CLAUDE.md location

- Update stackhawk-openapi.json: refresh to latest spec (193 schemas)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@azconger @claude
feat(team): add full CRUD operations and member management
0d8e7a3 
Implements complete team management commands following the SCIM-like
automation pattern for enterprise use cases.

New commands:
- team get: View team details with members and applications
- team create: Create new teams with optional initial members
- team delete: Delete teams with confirmation prompt
- team update: Rename teams
- team add-user/remove-user: Manage team membership
- team set-users: Replace all members (for IdP sync)
- team add-app/remove-app: Manage application assignments
- team set-apps: Replace all app assignments

Enhancements:
- team list now shows USERS and APPS count columns
- Dynamic shell completions for team names and user emails
- Cache invalidation after all team mutations
- Enterprise-grade parallel pagination for large organizations
- Flexible identifier resolution (accepts name or UUID)
- Dry-run mode for all mutating operations
- Stdin support for bulk user operations

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@azconger @claude
fix(cache): ensure fresh reads before team mutations
4d35376 
- Reduce team cache TTL from 1 hour to 1 minute for faster invalidation
- Add get_team_fresh() method to TeamApi trait that bypasses cache
- Update all mutation handlers (update, delete, add-user, remove-user,
  set-users, add-app, remove-app, set-apps) to use fresh reads
- Fresh reads still populate cache for subsequent read operations

This prevents race conditions where cached team data could cause
mutations to be applied to stale state (e.g., overwriting concurrent
membership changes from another user).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@azconger @claude
test(team): add mock client TeamApi and unit tests
6fd4531 
- Add TeamApi implementation to MockStackHawkClient with full CRUD support
- Add team_details storage and call counters (get/create/update/delete)
- Add with_team_details() builder method for test setup
- Add 7 mock client tests for TeamApi operations
- Add 3 unit tests for looks_like_uuid() helper function
- Add navigation hints after successful team operations
- Update API reference: 14→20 endpoints implemented (~39%)
- Mark team endpoints as implemented in documentation

Test count: 176 → 184 (+8 tests)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@azconger @claude
style(cli): standardize navigation hints to use → arrow
daf0441 
Replace "Continue:" with "→" prefix for consistent CLI UX:
- "→ Drill down: hawkop scan get ..." (scan overview → plugin detail)
- "→ Drill down: hawkop scan get ... --uri-id" (plugin → URI detail)
- "→ View HTTP message: hawkop scan get ... -m" (URI → message)

This matches the team command convention established in the previous commit.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@azconger @claude
feat(team): enhance team commands with pre-delivery polish
cea26ef 
Phase 10 Enhancements:
- Add --apps flag to team create command
- Add filters (--name, --member, --app) to team list
- Rename `team update` to `team rename` with positional args
- Detect duplicate team/app names for safety
- Prevent creating teams with duplicate names
- Disallow empty team names in create/rename
- Fail rename if target name already exists

Review Fixes:
- Add --stdin support to remove-user, add-app, remove-app, set-apps
- Add visible_alias "g" to team get
- Remove local --format from team get (use global)
- Fix empty list JSON output format
- Update mock client to properly handle user/app updates

Bug Fix:
- Fix 500 error: don't serialize team_id in UpdateTeamRequest
  (API marks teamId as readOnly - it's in URL path)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@azconger @claude
fix(api): include organization_id in team updates to prevent data loss
30f1ca4 
The StackHawk Team API requires all 5 fields (teamId, organizationId, name,
userIds, applicationIds) despite OpenAPI marking some as readOnly. Missing
fields default to empty, which silently erases data.

Changes:
- Add organization_id to UpdateTeamRequest struct
- Update all team mutation calls to include organization_id
- Add dangerous-apis.md documenting API quirks
- Add request body debug logging
- Add unit tests for UpdateTeamRequest serialization

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@azconger azconger merged commit ac36315 into main Jan 19, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@azconger