Skip to content

fix(cli): resolve list/wait projects by repo URL, not directory name (COR-1577)#122

Open
juangaitanv wants to merge 2 commits into
mainfrom
worktree-COR-1577
Open

fix(cli): resolve list/wait projects by repo URL, not directory name (COR-1577)#122
juangaitanv wants to merge 2 commits into
mainfrom
worktree-COR-1577

Conversation

@juangaitanv

Copy link
Copy Markdown
Contributor

What & why

corgea list, corgea list --issues, and standalone corgea wait resolved "which project" by the current-directory basename and asked the backend for an exact, case-sensitive match against Project.name. When the checkout directory name differs from the stored project name — the Bank of Hope case, dir dotnet-azure-web-tsb vs project bohappdev/dotnet-azure-web-tsb — three commands misbehaved:

  • corgea list --issues → exit 1, "Project with name '…' doesn't exist."
  • corgea list → exit 0, silent empty scan table (no error)
  • corgea wait (no --scan-id) → exit 1, "Error querying scan list"

This is the residual of COR-1493 (which fixed only the corgea scan → report-results path). Relates to COR-1577.

Approach (CLI-only)

The ticket suggested threading project_id/scan_id, but the listing endpoints accept neither as a query param. Instead this uses an identity the CLI already has and the backend already indexes — the repo URL:

  • Resolve the canonical project via GET /api/v1/projects?repo_url=<git remote slug>, then drive the existing name-based query_scan_list / get_scan_issues with the returned canonical name.
  • Old-backend safety guard: keep only candidates whose returned repo_url contains the slug. Pre-COR-1426 doghouse ignores the param and returns all projects; the guard rejects that, so resolution falls back cleanly.
  • CWD-name fallback when there is no git remote (no regression for non-git checkouts or older backends).
  • Drop the now-wrong client-side scan.project == project_name filter.
  • Add mutually-exclusive --project-name / --repo override flags to list and wait.
  • Replace the silent empty table and the bare "Error querying scan list" with clear miss messages that name the identifier tried.

No doghouse changes, no new persisted CLI state, no new backend query param.

Files

  • src/utils/generic.rsextract_repo_slug (org/repo slug; keeps Azure _git).
  • src/utils/api.rs/projects resolver (resolve_project_by_repo) with the old-backend guard, and the resolve_project orchestrator.
  • src/main.rs--project-name / --repo flags on List/Wait, threaded through.
  • src/list.rs — resolve once (non-SCA arm), drop the client filter, clear miss messaging, keep --json stdout clean.
  • src/wait.rs — resolve once, build the scan URL from the resolved numeric id, actionable miss message.
  • src/scan.rs — semgrep/snyk paths now thread their existing project_name as the override (the wait::run project_id arg was not dead after all). BLAST flow untouched.
  • tests/ — 14 new integration tests (list_resolution.rs, wait_resolution.rs) + shared helpers, plus 5 new unit tests.

Testing

  • cargo build, cargo clippy --all-targets -- -D warnings, cargo fmt --check: clean.
  • cargo test: 456 passed, 0 failed.
  • The three baseline failures are reproduced and proven fixed by the new integration tests (mock backend faithful to the doghouse contract).

Notes for reviewers / ship-gates

  • On-prem version floor: the repo-URL fix takes effect on doghouse ≥ COR-1426 (2026-06-11). Older instances keep working via the CWD-name fallback (no regression) until upgraded.
  • src/scan.rs change is display-only for the semgrep/snyk post-scan results URL; the primary BLAST scan flow uses a separate UploadZipResult and never calls the modified wait::run.
  • Manual checks needing live backends (out of scope for this PR's automated tests): list/list --issues/wait on a mismatched checkout against doghouse ≥ COR-1426; the fallback path against a pre-COR-1426 instance; --repo <unknown slug>; the semgrep/snyk results link.

…(COR-1577)

list/wait now resolve the canonical project via GET /api/v1/projects?repo_url= (with an old-backend safety guard and CWD-name fallback when there's no git remote); dropped the brittle client-side scan.project==name filter; added mutually-exclusive --project-name/--repo override flags; replaced the silent empty table and bare "Error querying scan list" with clear miss messages. CLI-only — no backend/persisted-state changes. Residual of COR-1493.
Comment thread src/utils/api.rs Outdated
Comment thread src/utils/api.rs Outdated
Comment thread src/utils/api.rs Outdated
Comment thread src/list.rs Outdated
Addresses four review findings on the COR-1577 repo-URL resolver:

1. Boundary-aware repo match (was a substring `contains`): the backend's
   `repo_url__icontains` returns siblings like `org/repo-v2` for slug
   `org/repo`, and the old guard could confirm the wrong project. Now matches
   on a path-segment boundary (equal or ends-with `/<slug>`, after stripping
   `.git`/trailing slash).
2. Subdirectory invocation: resolution used `Repository::open`, which only
   succeeds at the repo root, so `list`/`wait` from a subdir fell back to the
   subdir basename. New `discover_repo_url` walks up via `Repository::discover`.
3. Surface hard resolver failures: `resolve_project` now returns a Result and
   propagates network/auth/5xx from `/projects` instead of silently falling
   back to the local-directory project; a clean no-match (or 404 on an old
   backend) stays a soft fallback.
4. Skip redundant resolution: `list --issues --scan-id` hits
   `/scan/{id}/issues`, which ignores the project, so the extra `/projects`
   round-trip is now skipped.

Adds unit tests (boundary match, sibling rejection, 404-soft vs 5xx-hard) and
integration tests (no `/projects` call for `--issues --scan-id`, resolution
from a subdirectory).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant