Summary
OAuth device flow grants user-level permissions across all organizations. For agents and CLI users, this is too broad — there are no guardrails on destructive operations.
For beta launch, we need to enforce that OAuth tokens are read-only. Destructive commands (create, update, delete, start, stop, scale, etc.) should only work with API key authentication.
Changes needed
CLI enforcement
- Pre-check gate: Before executing a write command with OAuth auth, fail early with a clear message explaining API key auth is required
- 403 error handling: If the API rejects with 403 when using OAuth, enhance the error message with guidance
- Command classification: Every cloud command must be explicitly classified as read or write (compiler-enforced, no wildcards) so new commands can't be introduced without classification
UX
cloud auth status should show [read-only] for OAuth and [read/write] for API keys- Error messages should work for both humans and agents, with clear instructions on how to switch to API key auth
Documentation
- Update help text and CONTEXT FOR AGENTS sections to explain OAuth is read-only
- Update README authentication section
- Follow-up: update agent skills in ClickHouse/agent-skills repo
Classification
Read-only: org list/get/prometheus/usage, service list/get/client/prometheus, backup list/get, backup-config get, member list/get, invitation list/get, key list/get, activity list/get, query-endpoint get, private-endpoint get-config, all auth commands
Write (destructive): org update, service create/delete/start/stop/update/scale/reset-password, backup-config update, member update/remove, invitation create/delete, key create/update/delete, query-endpoint create/delete, private-endpoint create
Summary
OAuth device flow grants user-level permissions across all organizations. For agents and CLI users, this is too broad — there are no guardrails on destructive operations.
For beta launch, we need to enforce that OAuth tokens are read-only. Destructive commands (create, update, delete, start, stop, scale, etc.) should only work with API key authentication.
Changes needed
CLI enforcement
UX
cloud auth statusshould show[read-only]for OAuth and[read/write]for API keysDocumentation
Classification
Read-only: org list/get/prometheus/usage, service list/get/client/prometheus, backup list/get, backup-config get, member list/get, invitation list/get, key list/get, activity list/get, query-endpoint get, private-endpoint get-config, all auth commands
Write (destructive): org update, service create/delete/start/stop/update/scale/reset-password, backup-config update, member update/remove, invitation create/delete, key create/update/delete, query-endpoint create/delete, private-endpoint create