feat(auth): sort scopes alphabetically wherever they're displayed#483
Merged
platinummonkey merged 2 commits intoMay 9, 2026
Merged
Conversation
Scopes arrive from the OAuth issuer in non-deterministic order, which makes pup's various scope-display surfaces hard to scan and unstable between invocations. Sort them at every point we render to a user: - `pup auth login` pre-launch print: alphabetised before the joined display line. - `pup auth list` JSON: scopes array now sorted. - `pup auth status` JSON: same. - `dcr::build_authorization_url`: the printed authorize URL's `scope=` parameter is sorted too. OAuth treats scope as an unordered set so this is a no-op for the issuer; for users it makes the URL stable enough to grep/diff across runs. A small `sorted_scopes(&str) -> Vec<&str>` helper de-duplicates the parse-and-sort step shared by list and status. The schema of the JSON output is unchanged (still an array of strings); only the order changes.
…h-list-scopes # Conflicts: # src/auth/dcr.rs # src/commands/auth.rs
platinummonkey
approved these changes
May 9, 2026
gh-worker-dd-devflow-36fce6
Bot
added
mergequeue-status: done
and removed
mergequeue-status: waiting
labels
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Scopes arrive from the OAuth issuer in non-deterministic order, which makes pup's various scope-display surfaces unstable across invocations and hard to scan or diff. Sort them alphabetically at every display point.
Surfaces touched
pup auth loginpre-launch print (the🔑 Requesting N scope(s): ...line when scope count is small enough to be inlined).pup auth listJSON output: each session'sscopesarray is now sorted.pup auth statusJSON output: same.dcr::build_authorization_url: the printed authorize URL'sscope=parameter is sorted too. OAuth treats scope as an unordered set so this is a no-op for the issuer; for users it makes the URL stable enough to grep or diff across runs.A small
sorted_scopes(scope_claim: &str) -> Vec<&str>helper deduplicates the parse-and-sort step shared bylistandstatus.Schema
The JSON output schema is unchanged (
scopesstays aVec<String>array). Only the order changes, so existing snapshot fixtures attests/snapshots/auth_list__{human,agent}.jsoncontinue to pass.Test plan
cargo test --bin pup— 67 auth-related tests pass, 2 new forsorted_scopes.cargo clippy --bin pup --all-targets -- -D warningsclean.cargo fmt --checkclean.sessions.json+ tokens viaPUP_CONFIG_DIRandDD_TOKEN_STORAGE=file:pup auth listandpup auth statusboth emit alphabetised arrays.