Skip to content

fix: make CLI help parsing command-wide#477

Open
mashenjun wants to merge 9 commits into
mainfrom
fix-cli-help-args
Open

fix: make CLI help parsing command-wide#477
mashenjun wants to merge 9 commits into
mainfrom
fix-cli-help-args

Conversation

@mashenjun

@mashenjun mashenjun commented May 29, 2026

Copy link
Copy Markdown
Collaborator

Fixes #474.

Summary

  • Add shared IsHelpArgs that treats explicit help tokens as command intent before normal parsing, while respecting -- as the boundary for data or nested command args.
  • Apply help-before-parse behavior across create, ctx, fs, token, vault, journal, mount, umount, doctor fuse, and dormant db sql command paths.
  • Add focused usage helpers and regression coverage for help tokens that appear after another flag, e.g. ctx import --from-file --help.
  • Preserve an escape path for help-like data where relevant, e.g. ctx rm -- --help.

Validation

  • git diff --check
  • /usr/local/go/bin/go test ./cmd/drive9 ./cmd/drive9/cli -count=1
  • /usr/local/go/bin/go test ./...
  • Built /tmp/drive9-help-test and smoke-tested representative help paths:
    • ctx import --from-file --help
    • fs cp --tag --help
    • vault put /n/vault/aws --from --help
    • mount vault --server --help
    • token issue --ttl --help

Summary by CodeRabbit

  • New Features

    • Consistent, early --help handling: subcommands print focused usage to stdout and exit without performing actions
    • Centralized, standardized usage text for many commands; improved error messages reference these helpers
    • Explicit escaping via -- supported so names/values like --help are accepted literally
  • Bug Fixes

    • Avoids treating help-like tokens as operations or flag errors in numerous commands
  • Tests

    • Many CLI tests added to validate help detection and literal handling of dash-prefixed values

Review Change Stack

@coderabbitai

coderabbitai Bot commented May 29, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@mashenjun, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 44 minutes and 26 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5a659288-8fe5-44f2-9396-4489f008d8bb

📥 Commits

Reviewing files that changed from the base of the PR and between fe28807 and df903b9.

📒 Files selected for processing (5)
  • cmd/drive9/cli/find.go
  • cmd/drive9/cli/grep_find_test.go
  • cmd/drive9/cli/help.go
  • cmd/drive9/main.go
  • cmd/drive9/main_test.go
📝 Walkthrough

Walkthrough

Centralizes help-argument detection and usage text across CLI commands by adding IsHelpArgs variants, per-command usage helpers, and early-return help handling; replaces many hardcoded usage literals and extends tests for help/escape behaviors.

Changes

CLI Help Handling Refactor

Layer / File(s) Summary
Help infrastructure: IsHelpArgs and usage helper functions
cmd/drive9/cli/help.go
Adds IsHelpArgs() and IsHelpArgsWithValueFlags() scanning that stop at --, IsCpHelpArgs() wrapper, stripLeadingDashDash(), FSSubcommandUsage(), and fs*Usage() helpers returning canonical usage: drive9 fs ... strings.
Filesystem commands: early help detection and unified usage
cmd/drive9/cli/cat.go, chmod.go, cp.go, find.go, grep.go, ls.go, mkdir.go, mv.go, rm.go, sh.go, stat.go, symlink.go
These fs subcommands now detect help via IsHelpArgs() / IsCpHelpArgs(), print the corresponding fs*Usage() to stdout and return nil, and replace hardcoded usage literals in error paths. Sh now accepts args.
Main FS dispatch: help handling before subcommand selection
cmd/drive9/main.go
Moves fs help handling earlier in runFS to detect top-level or subcommand-specific help and print fsUsageText() or the per-subcommand usage via FSSubcommandUsage() before dispatch.
Context commands: per-subcommand usage helpers and escaped-name support
cmd/drive9/cli/ctx.go
Introduces ctx*Usage() helpers; leaf ctx subcommands detect help early and return usage text; use and rm accept a leading -- sentinel so names like --help are treated as data.
Vault/secret commands: vault*Usage, escaping, and parsing fixes
cmd/drive9/cli/secret.go, secret_put.go
Adds vault*Usage() helpers; many secret subcommands short-circuit on help, support -- escaping for dash-prefixed names, and use helpers for error messages; SecretGrant/SecretWith parsing updated to honor -- sentinel.
Mount, journal, and database commands: usage extraction and help handling
cmd/drive9/cli/mount.go, mount_vault.go, journal.go, db.go
Adds mount*, umount, journal*, and createUsage() helpers; mount and journal subcommands and drive9 create check help before parsing and use helpers for errors; Find flag parsing refactored with nextValue.
Token, SQL, and doctor commands: usage helpers and help detection
cmd/drive9/cli/token.go, sql.go, doctor.go
Adds token/SQL/doctor usage helpers; token subcommands detect help early (including deprecated alias forms) and TokenRevoke gates stdin sentinel handling on escaping; SQL and doctor fuse detect help and use centralized usage helpers.
Find/Grep parsing changes
cmd/drive9/cli/find.go, grep.go
Find adds early help handling and a shared nextValue helper for flag values; Grep checks help up front and uses fsGrepUsage() for errors.
CLI tests: expanded help-parsing and escaping coverage
cmd/drive9/cli/*_test.go, cmd/drive9/main_test.go
Adds tests asserting IsHelpArgs stops at --, that leaf subcommands print focused usage lines for many --help placements, and that dash-prefixed names/flag values passed after -- are treated as data across cp, ctx, db, secret, grep/find, and token revoke tests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Suggested reviewers

  • qiffang
  • srstack

"🐰 I hopped through args, nose twitching, bright—
Found --help and made usage print just right.
No more stray unknown flags in the night,
Drive9 says usage: and exits light. ✨"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 27.33% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix: make CLI help parsing command-wide' accurately summarizes the main change: introducing command-wide help argument detection helpers and applying help-before-parse behavior across many CLI commands.
Linked Issues check ✅ Passed The PR addresses all coding requirements from issue #474: adds IsHelpArgs and IsHelpArgsWithValueFlags helpers to detect help tokens before parsing, applies help-aware parsing to ctx subcommands and related commands, adds focused usage helpers (e.g., ctxImportUsage), and includes regression tests for help invocation.
Out of Scope Changes check ✅ Passed All changes are directly related to help argument detection and handling. The modifications consistently apply help-before-parse patterns across commands (ctx, fs, vault, token, etc.), add focused usage helpers, extract shared help logic into helpers, and add regression tests—all within the scope of fixing help parsing behavior.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-cli-help-args

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3e2eaf0d80

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread cmd/drive9/cli/ctx.go Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
cmd/drive9/cli/cat.go (1)

22-26: ⚡ Quick win

Help output bypasses the out writer.

catWithWriter takes out io.Writer so callers/tests can capture output, but the help path writes to os.Stdout directly. This is inconsistent and makes the help branch untestable via the injected writer. Prefer writing to out.

♻️ Proposed fix
 func catWithWriter(c *client.Client, args []string, out io.Writer) error {
 	if IsHelpArgs(args) {
-		_, _ = fmt.Fprintln(os.Stdout, fsCatUsage())
+		_, _ = fmt.Fprintln(out, fsCatUsage())
 		return nil
 	}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/drive9/cli/cat.go` around lines 22 - 26, The help branch in catWithWriter
currently writes to os.Stdout, bypassing the injected out writer; change the
call that prints the usage (where IsHelpArgs(args) is true) to write to the
provided out writer (use fmt.Fprintln(out, fsCatUsage()) or equivalent) so
fsCatUsage() output is testable via catWithWriter's out parameter and behavior
remains the same otherwise.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/drive9/cli/help.go`:
- Around line 16-26: IsHelpArgs currently treats a bare "help" token anywhere
before "--" as help intent and thereby swallows legitimate positional data;
update IsHelpArgs so that bare unprefixed "help" is only treated as help when it
appears as the first argument, while keeping dash-prefixed forms (IsHelpArg
matches like "-h", "-help", "--help") valid in any position; modify the loop in
IsHelpArgs to check the argument index and only return true for the bare "help"
case when index == 0, otherwise continue scanning for prefixed help flags and
respect the existing "--" escape logic.

In `@cmd/drive9/main_test.go`:
- Around line 177-182: The vault subcommand help strings are missing the colon
after "usage", causing inconsistency; update the help/usage text returned by the
vault helper functions in cmd/drive9/cli/secret.go and
cmd/drive9/cli/secret_put.go to use the same "usage: drive9 ..." prefix (i.e.,
add the colon) so the output matches other commands; update the string literals
used in the vault command's usage/help generators (the functions that
build/return the usage string for the vault and vault put commands) to include
the colon.

---

Nitpick comments:
In `@cmd/drive9/cli/cat.go`:
- Around line 22-26: The help branch in catWithWriter currently writes to
os.Stdout, bypassing the injected out writer; change the call that prints the
usage (where IsHelpArgs(args) is true) to write to the provided out writer (use
fmt.Fprintln(out, fsCatUsage()) or equivalent) so fsCatUsage() output is
testable via catWithWriter's out parameter and behavior remains the same
otherwise.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 96d7d546-61a4-4bf5-a557-0f06c3ddc6a8

📥 Commits

Reviewing files that changed from the base of the PR and between 3455503 and 3e2eaf0.

📒 Files selected for processing (26)
  • cmd/drive9/cli/cat.go
  • cmd/drive9/cli/chmod.go
  • cmd/drive9/cli/cli_consolidation_test.go
  • cmd/drive9/cli/cp.go
  • cmd/drive9/cli/ctx.go
  • cmd/drive9/cli/db.go
  • cmd/drive9/cli/doctor.go
  • cmd/drive9/cli/find.go
  • cmd/drive9/cli/grep.go
  • cmd/drive9/cli/help.go
  • cmd/drive9/cli/journal.go
  • cmd/drive9/cli/ls.go
  • cmd/drive9/cli/mkdir.go
  • cmd/drive9/cli/mount.go
  • cmd/drive9/cli/mount_vault.go
  • cmd/drive9/cli/mv.go
  • cmd/drive9/cli/rm.go
  • cmd/drive9/cli/secret.go
  • cmd/drive9/cli/secret_put.go
  • cmd/drive9/cli/sh.go
  • cmd/drive9/cli/sql.go
  • cmd/drive9/cli/stat.go
  • cmd/drive9/cli/symlink.go
  • cmd/drive9/cli/token.go
  • cmd/drive9/main.go
  • cmd/drive9/main_test.go

Comment thread cmd/drive9/cli/help.go
Comment thread cmd/drive9/main_test.go
@mashenjun

Copy link
Copy Markdown
Collaborator Author

@codex review

Review PR #477 as an incremental review after responder fixes. Current head SHA is 493af8a8317cb936772560922d3d605c029bc07b. Do not load or run second-opinion; this prompt is self-contained.

Focus on concrete bugs only. Report findings only when there is a plausible failure path in the current head. Do not report speculative, style-only, preference-only, or duplicate findings. Do not suppress risky changed paths merely because a prior responder concluded they are safe.

Review Discipline

Round classification: incremental review.

Use the previous Codex/CodeRabbit review/comment baseline as already reviewed context, then focus on the diff since that baseline plus any touched prior findings. Still scan in-scope changes for high-severity correctness, security, data consistency, performance, compatibility, observability, and testing risks.

If no issues are found, state No issues found and list the concrete checks performed.

Stable Invariants

  1. Help intent should be legible and consistent across commands and subcommands.
  2. Dash-prefixed help flags such as -h, -help, and --help should be recognized before normal command flag parsing, unless they appear after --.
  3. -- is the escape boundary for treating later tokens as data rather than help/control tokens.
  4. Bare help must not make legitimate positional data unreachable.
  5. Context names that are legal to create must remain addressable from the CLI.
  6. Usage text should be focused to the command/subcommand being invoked and should follow the repo's visible usage: drive9 ... convention unless an existing command intentionally differs.
  7. Existing command behavior unrelated to help dispatch should not change.

Severity Rubric

  • Blocker: prevents merge due to data loss, security exposure, corruption, broken core workflow, or irreversible operational risk.
  • High: likely user-visible correctness, concurrency, compatibility, migration, or reliability failure.
  • Medium: real defect with bounded impact, edge-case trigger, or missing validation that can cause incorrect behavior.
  • Low: non-blocking issue with clear value and low risk.

Finding Contract

Order findings by severity, then confidence.

Each finding must include:

  • Severity: one of Blocker, High, Medium, Low
  • Confidence: one of High, Medium, Low
  • What
  • Evidence
  • Impact
  • Fix
  • Verify

Do not duplicate the same finding across multiple comments.

Changes Since Previous Review Baseline

Commit 493af8a8317cb936772560922d3d605c029bc07b (fix: preserve data args in help scanning) was pushed after the prior review/comment baseline. It changes:

  • cmd/drive9/cli/help.go: IsHelpArgs now treats bare help as help intent only at argument index 0; non-leading bare help is data and scanning continues for later dash-prefixed help flags before --.
  • cmd/drive9/cli/ctx.go: ctx use now supports ctx use -- <name> and advertises usage: drive9 ctx use [--] <name>.
  • cmd/drive9/cli/secret.go and cmd/drive9/cli/secret_put.go: vault usage helpers now use the repo convention usage: drive9 ..., including vault put.
  • cmd/drive9/cli/cat.go: catWithWriter help output now writes to the injected out writer instead of os.Stdout.
  • Tests in cmd/drive9/cli/cli_consolidation_test.go, cmd/drive9/cli/cat_test.go, and cmd/drive9/main_test.go cover the above changes, including non-leading bare help as data, scanning past bare data to later --help, escaped help-like context names for ctx use, vault usage colons, and cat writer routing.

GitHub review thread refresh at current head showed zero unresolved review threads.

Accepted Findings Fixed: Do Not Repeat Unless New Failure Path Exists

  • PRRT_kwDORwLuJc6Fkd21 / Codex: drive9 ctx use help made legal help-like context names unreachable. Fixed in 493af8a by adding ctx use -- <name> and regression coverage for help, -h, -help, and --help.
  • PRRT_kwDORwLuJc6Fkgky / CodeRabbit: IsHelpArgs swallowed non-leading bare help as positional data. Fixed in 493af8a by restricting bare help intent to index 0 while keeping dash-prefixed help forms valid anywhere before --.
  • PRRT_kwDORwLuJc6Fkgk3 / CodeRabbit: vault usage helpers used usage drive9 ... without the colon. Fixed in 493af8a by normalizing vault usage helpers and tests to usage: drive9 ....
  • CodeRabbit review-body nitpick: catWithWriter help wrote to os.Stdout instead of the injected writer. Fixed in 493af8a with TestCatHelpWritesToInjectedWriter.

Do not re-report those exact accepted findings unless the current head introduces a new, distinct failure path.

Risky Changed Paths To Verify

  • cmd/drive9/cli/help.go: help-token semantics, especially bare help at index 0 versus later positions; continuing scan after non-leading bare help; stopping at --.
  • cmd/drive9/cli/ctx.go: ctx use -- <name> behavior for help, -h, -help, --help; preservation of normal ctx use <name> behavior; no accidental activation when user intended help.
  • cmd/drive9/cli/secret.go and cmd/drive9/cli/secret_put.go: all vault usage helpers and error paths still match command behavior and do not alter vault data operations.
  • cmd/drive9/cli/cat.go: help output respects the injected writer, while normal read/range behavior still writes file bytes to the same writer.
  • cmd/drive9/cli/cli_consolidation_test.go, cmd/drive9/cli/cat_test.go, and cmd/drive9/main_test.go: tests cover the intended edge cases without encoding a wrong behavior that hides a real CLI regression.
  • Also keep the broader PR's help-dispatch touch points in view where they interact with IsHelpArgs: cmd/drive9/main.go runFS, cmd/drive9/cli/{chmod,cp,db,doctor,find,grep,journal,ls,mkdir,mount,mount_vault,mv,rm,sh,sql,stat,symlink,token}.go.

Please review the current head and return only concrete bugs with plausible failure paths under the finding contract above.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 493af8a831

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread cmd/drive9/cli/help.go Outdated
Comment thread cmd/drive9/cli/cp.go Outdated
Comment thread cmd/drive9/cli/secret.go Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
cmd/drive9/cli/cp_test.go (1)

463-476: 💤 Low value

Optional: simplify cwd handling with t.Chdir(tmp)

This test can replace the os.Getwd/os.Chdir + cleanup restore with t.Chdir(tmp) (available in Go 1.24+), avoiding global-state footguns around working directory changes.

♻️ Proposed simplification
 	tmp := t.TempDir()
-	oldWD, err := os.Getwd()
-	if err != nil {
-		t.Fatalf("Getwd: %v", err)
-	}
-	if err := os.Chdir(tmp); err != nil {
-		t.Fatalf("Chdir(%q): %v", tmp, err)
-	}
-	t.Cleanup(func() {
-		if err := os.Chdir(oldWD); err != nil {
-			t.Fatalf("restore cwd: %v", err)
-		}
-	})
+	t.Chdir(tmp)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/drive9/cli/cp_test.go` around lines 463 - 476, Replace the manual
working-directory save/restore in TestCpTreatsHelpLikeSourcesAsData with
t.Chdir(tmp): remove the os.Getwd/Chdir/cleanup block and call t.Chdir(tmp)
right after creating tmp so the testing framework handles restoring the original
cwd; update references in the TestCpTreatsHelpLikeSourcesAsData function
accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@cmd/drive9/cli/cp_test.go`:
- Around line 463-476: Replace the manual working-directory save/restore in
TestCpTreatsHelpLikeSourcesAsData with t.Chdir(tmp): remove the
os.Getwd/Chdir/cleanup block and call t.Chdir(tmp) right after creating tmp so
the testing framework handles restoring the original cwd; update references in
the TestCpTreatsHelpLikeSourcesAsData function accordingly.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b4bbf996-ec62-49be-8bda-6f1fe5937f92

📥 Commits

Reviewing files that changed from the base of the PR and between 3e2eaf0 and 8022a3b.

📒 Files selected for processing (12)
  • cmd/drive9/cli/cat.go
  • cmd/drive9/cli/cat_test.go
  • cmd/drive9/cli/cli_consolidation_test.go
  • cmd/drive9/cli/cp.go
  • cmd/drive9/cli/cp_test.go
  • cmd/drive9/cli/ctx.go
  • cmd/drive9/cli/help.go
  • cmd/drive9/cli/secret.go
  • cmd/drive9/cli/secret_commands_test.go
  • cmd/drive9/cli/secret_put.go
  • cmd/drive9/main.go
  • cmd/drive9/main_test.go
🚧 Files skipped from review as they are similar to previous changes (8)
  • cmd/drive9/cli/cp.go
  • cmd/drive9/cli/cat.go
  • cmd/drive9/cli/secret_put.go
  • cmd/drive9/cli/help.go
  • cmd/drive9/main.go
  • cmd/drive9/cli/ctx.go
  • cmd/drive9/cli/secret.go
  • cmd/drive9/cli/cli_consolidation_test.go

@mashenjun

Copy link
Copy Markdown
Collaborator Author

@codex review

Review PR #477 as an incremental review after round 2 responder fixes. Current head SHA is 8022a3be9462013d520091444315a17c31524e8b. Do not load or run second-opinion; this prompt is self-contained.

Focus on concrete bugs only. Report findings only when there is a plausible failure path in the current head. Do not report speculative, style-only, preference-only, or duplicate findings. Do not suppress risky changed paths merely because a prior responder concluded they are safe.

Review Discipline

Round classification: incremental review.

Use the previous Codex review/comment baseline as already reviewed context, then focus on the diff since that baseline plus any touched prior findings. Still scan all in-scope changed behavior for high-severity correctness, security, data consistency, performance, compatibility, observability, and testing risks. Focus areas below are minimum requirements, not the full scope.

If no issues are found, state No issues found and list the concrete checks performed.

Stable Invariants

  1. Help intent should be legible and consistent across commands and subcommands.
  2. Dash-prefixed help flags such as -h, -help, and --help should be recognized before normal command flag parsing, unless they appear after --.
  3. -- is the escape boundary for treating later tokens as data rather than help/control tokens.
  4. Bare help must not make legitimate positional data unreachable.
  5. Context names that are legal to create must remain addressable from the CLI.
  6. Usage text should be focused to the command/subcommand being invoked and should follow the repo's visible usage: drive9 ... convention unless an existing command intentionally differs.
  7. Existing command behavior unrelated to help dispatch should not change.

Severity Rubric

  • Blocker: prevents merge due to data loss, security exposure, corruption, broken core workflow, or irreversible operational risk.
  • High: likely user-visible correctness, concurrency, compatibility, migration, or reliability failure.
  • Medium: real defect with bounded impact, edge-case trigger, or missing validation that can cause incorrect behavior.
  • Low: non-blocking issue with clear value and low risk.

Finding Contract

Order findings by severity, then confidence.

Each finding must include:

  • Severity: one of Blocker, High, Medium, Low
  • Confidence: one of High, Medium, Low
  • What
  • Evidence
  • Impact
  • Fix
  • Verify

Do not duplicate the same finding across multiple comments.

Changes Since Previous Codex Review Baseline

Commit 8022a3be9462013d520091444315a17c31524e8b (fix: keep help-like operands reachable) was pushed after the previous Codex review/comment baseline 493af8a8317cb936772560922d3d605c029bc07b. The incremental diff is one commit and changes:

  • cmd/drive9/cli/help.go: IsHelpArgs now recognizes only dash-prefixed help tokens (-h, -help, --help) before --. Bare help is no longer treated as help by this helper; command-dispatch positions still use IsHelpArg.
  • cmd/drive9/cli/cp.go: Cp now handles -- in its custom option-filter loop. The separator is stripped, option parsing stops, and following tokens are preserved as positional operands.
  • cmd/drive9/cli/secret.go: SecretRm now strips one leading -- before help scanning and arity checks, so escaped dash-prefixed secret names can be deleted while unescaped dash-prefixed help still prints usage.
  • cmd/drive9/cli/cli_consolidation_test.go: IsHelpArgs([]string{"help"}) expectation changed from help intent to data.
  • cmd/drive9/cli/cp_test.go: added regression coverage for uploading local sources named help and escaped --help.
  • cmd/drive9/cli/secret_commands_test.go: added regression coverage for deleting secret names help and escaped --help.

GitHub review-thread refresh at current head showed all review threads resolved. Treat that as context only; verify the current head directly.

Accepted Findings Fixed: Do Not Repeat Unless New Failure Path Exists

  • PRRT_kwDORwLuJc6Fkd21 / Codex: drive9 ctx use help made legal help-like context names unreachable. Fixed by the current series; bare help is data at leaf positions, and dash-prefixed context names remain reachable through ctx use -- <name>.
  • PRRT_kwDORwLuJc6Fkgky / CodeRabbit: IsHelpArgs swallowed bare help as positional data. Fixed by the current series; IsHelpArgs now ignores bare help entirely and leaves command-dispatch recognition to IsHelpArg.
  • PRRT_kwDORwLuJc6Fkgk3 / CodeRabbit: vault usage helpers used usage drive9 ... without the colon. Fixed in 493af8a by normalizing vault usage helpers and tests to usage: drive9 ....
  • CodeRabbit review-body nitpick: catWithWriter help wrote to os.Stdout instead of the injected writer. Fixed in 493af8a with TestCatHelpWritesToInjectedWriter.
  • PRRT_kwDORwLuJc6Fk9Lo / Codex: leading bare help was still reserved for leaf command operands, so valid inputs like drive9 fs grep help /docs and drive9 fs cp help :/dst printed usage. Fixed in 8022a3b by narrowing IsHelpArgs to dash-prefixed help tokens only and adding cp coverage for a local source named help.
  • PRRT_kwDORwLuJc6Fk9Lq / Codex: drive9 fs cp -- --help :/dst treated -- itself as an operand and failed arity checks instead of uploading a local file named --help. Fixed in 8022a3b by stripping the -- option boundary in Cp and preserving following operands.
  • PRRT_kwDORwLuJc6Fk9Ls / Codex: legal vault secret names such as --help were unreachable for vault rm, and drive9 vault rm -- --help failed arity checks. Fixed in 8022a3b by stripping a leading -- in SecretRm before help scanning and arity checks.

Do not re-report those exact accepted findings unless the current head introduces a new, distinct failure path.

Risky Changed Code Paths To Verify

  • cmd/drive9/cli/help.go: split semantics between IsHelpArg and IsHelpArgs; bare help should remain valid only at command-dispatch positions and should be data in leaf-command argument lists.
  • cmd/drive9/main.go runFS: interaction between IsHelpArg(sub), IsHelpArgs(rest), FSSubcommandUsage, and normal leaf command execution, especially for unknown subcommands and operands named help.
  • cmd/drive9/cli/cp.go: the -- boundary in the custom cp option parser; no options after -- should be parsed as flags, existing --resume, --append, --tag, --description, and recursive validation should remain unchanged before --, and arity should be checked after filtering.
  • cmd/drive9/cli/secret.go SecretRm: escaped versus unescaped behavior for help, -h, -help, and --help; deletion should not accidentally run when the user asked for unescaped help, and legal escaped names should remain reachable.
  • Other vault positional secret-name paths in cmd/drive9/cli/secret.go and cmd/drive9/cli/secret_put.go: verify the broad IsHelpArgs change did not hide a real inconsistency around legal names, -- boundaries, or command payloads, especially where validateSecretName permits names that look like help flags.
  • cmd/drive9/cli/ctx.go: ctx use and ctx rm escaped and unescaped name handling after IsHelpArgs stopped recognizing bare help.
  • cmd/drive9/cli/cli_consolidation_test.go, cmd/drive9/cli/cp_test.go, and cmd/drive9/cli/secret_commands_test.go: tests should prove intended behavior without encoding a wrong CLI contract or missing related edge cases.
  • Broader PR help-dispatch touch points that call IsHelpArgs: cmd/drive9/cli/{cat,chmod,db,doctor,find,grep,journal,ls,mkdir,mount,mount_vault,mv,rm,sh,sql,stat,symlink,token}.go.

Please review the current head and return only concrete bugs with plausible failure paths under the finding contract above.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8022a3be94

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread cmd/drive9/cli/secret.go Outdated
Comment thread cmd/drive9/cli/grep.go
Comment thread cmd/drive9/cli/find.go Outdated
Comment thread cmd/drive9/cli/token.go Outdated
Comment thread cmd/drive9/cli/ctx.go Outdated
@mashenjun

Copy link
Copy Markdown
Collaborator Author

@codex review

Review PR #477 as an incremental review after round 3 responder fixes. Current head SHA is f995c8baeec03327d8c3d4519200f4182a4baf71. Do not load or run second-opinion; this prompt is self-contained.

Focus on concrete bugs only. Report findings only when there is a plausible failure path in the current head. Do not report speculative, style-only, preference-only, or duplicate findings. Do not suppress risky changed paths merely because a prior responder concluded they are safe.

Review Discipline

Round classification: incremental review.

Use the previous Codex review/comment baseline as already reviewed context, then focus on the diff since that baseline plus any touched prior findings. Still scan all in-scope changed behavior for high-severity correctness, security, data consistency, performance, compatibility, observability, and testing risks. Focus areas below are minimum requirements, not the full scope.

If no issues are found, state No issues found and list the concrete checks performed.

Stable Invariants

  1. Help intent should be legible and consistent across commands and subcommands.
  2. Dash-prefixed help flags such as -h, -help, and --help should be recognized before normal command flag parsing, unless they appear after --.
  3. -- is the escape boundary for treating later tokens as data rather than help/control tokens.
  4. Bare help must not make legitimate positional data unreachable.
  5. Context names that are legal to create must remain addressable from the CLI.
  6. Usage text should be focused to the command/subcommand being invoked and should follow the repo's visible usage: drive9 ... convention unless an existing command intentionally differs.
  7. Existing command behavior unrelated to help dispatch should not change.

Severity Rubric

  • Blocker: prevents merge due to data loss, security exposure, corruption, broken core workflow, or irreversible operational risk.
  • High: likely user-visible correctness, concurrency, compatibility, migration, or reliability failure.
  • Medium: real defect with bounded impact, edge-case trigger, or missing validation that can cause incorrect behavior.
  • Low: non-blocking issue with clear value and low risk.

Finding Contract

Order findings by severity, then confidence.

Each finding must include:

  • Severity: one of Blocker, High, Medium, Low
  • Confidence: one of High, Medium, Low
  • What
  • Evidence
  • Impact
  • Fix
  • Verify

Do not duplicate the same finding across multiple comments.

Changes Since Previous Codex Review Baseline

Commit f995c8baeec03327d8c3d4519200f4182a4baf71 (fix: honor escaped help-like cli values) was pushed after the previous Codex review/comment baseline 8022a3be9462013d520091444315a17c31524e8b. The incremental diff is one commit and changes:

  • cmd/drive9/cli/help.go: added IsHelpArgsWithValueFlags so command-wide help scanning can skip known flag value positions before matching -h, -help, or --help; added shared stripLeadingDashDash.
  • cmd/drive9/cli/ctx.go: ctx add, ctx import, and ctx fork now use value-aware help scanning for --name, --from, --from-file, --api-key, and --server value positions, preserving dash-prefixed context names and values while still recognizing real help flags outside value positions.
  • cmd/drive9/cli/secret.go: vault set and vault get strip one leading -- before secret-name parsing while preserving unescaped help as usage; vault rm now uses the shared helper; vault grant treats -- as the end of option parsing and appends following tokens as scopes.
  • cmd/drive9/cli/grep.go: fs grep strips a leading -- after help scanning and before assigning query/path, so escaped dash-prefixed search patterns are data.
  • cmd/drive9/cli/find.go: value-taking filters -name, -tag, -newer, -older, and -size now consume -- <value> as an escaped value before continuing parse.
  • cmd/drive9/cli/token.go: token revoke strips one leading -- after help detection and before collecting the revoke target.
  • Tests changed in cmd/drive9/cli/cli_consolidation_test.go, cmd/drive9/cli/ctx_test.go, cmd/drive9/cli/grep_find_test.go, cmd/drive9/cli/secret_commands_test.go, cmd/drive9/cli/token_test.go, and cmd/drive9/main_test.go to cover value-aware context help, escaped vault set/get/grant names/scopes, escaped grep patterns, escaped find filter values, escaped token revoke names, and focused help dispatch cases.

GitHub review-thread refresh at current head showed all review threads resolved. GitHub metadata showed PR head f995c8baeec03327d8c3d4519200f4182a4baf71, base main, branch fix-cli-help-args, open and mergeable. Treat that as context only; verify the current head directly.

Accepted Findings Fixed: Do Not Repeat Unless New Failure Path Exists

  • PRRT_kwDORwLuJc6Fkd21 / Codex: drive9 ctx use help made legal help-like context names unreachable. Fixed by the current series; bare help is data at leaf positions, and dash-prefixed context names remain reachable through ctx use -- <name>.
  • PRRT_kwDORwLuJc6Fkgky / CodeRabbit: IsHelpArgs swallowed bare help as positional data. Fixed by the current series; IsHelpArgs now ignores bare help entirely and leaves command-dispatch recognition to IsHelpArg.
  • PRRT_kwDORwLuJc6Fkgk3 / CodeRabbit: vault usage helpers used usage drive9 ... without the colon. Fixed in 493af8a by normalizing vault usage helpers and tests to usage: drive9 ....
  • CodeRabbit review-body nitpick: catWithWriter help wrote to os.Stdout instead of the injected writer. Fixed in 493af8a with TestCatHelpWritesToInjectedWriter.
  • PRRT_kwDORwLuJc6Fk9Lo / Codex: leading bare help was still reserved for leaf command operands, so valid inputs like drive9 fs grep help /docs and drive9 fs cp help :/dst printed usage. Fixed in 8022a3b by narrowing IsHelpArgs to dash-prefixed help tokens only and adding cp coverage for a local source named help.
  • PRRT_kwDORwLuJc6Fk9Lq / Codex: drive9 fs cp -- --help :/dst treated -- itself as an operand and failed arity checks instead of uploading a local file named --help. Fixed in 8022a3b by stripping the -- option boundary in Cp and preserving following operands.
  • PRRT_kwDORwLuJc6Fk9Ls / Codex: legal vault secret names such as --help were unreachable for vault rm, and drive9 vault rm -- --help failed arity checks. Fixed in 8022a3b by stripping a leading -- in SecretRm before help scanning and arity checks.
  • PRRT_kwDORwLuJc6FlGyZ / Codex: vault set -- --help KEY=VALUE, vault get -- --help, and related grant scope cases failed to consume the escape before positional name/scope parsing. Fixed in f995c8b by stripping one leading -- for set/get names and honoring -- before grant scopes.
  • PRRT_kwDORwLuJc6FlGyf / Codex: drive9 fs grep -- --help /docs used -- as the query and --help as the path instead of searching literal pattern --help under /docs. Fixed in f995c8b by stripping a leading -- before query/path assignment.
  • PRRT_kwDORwLuJc6FlGyh / Codex: drive9 fs find -name -- --help stored -- as the filter value and rejected --help as an unknown flag. Fixed in f995c8b by allowing value-taking filters to consume -- <value>.
  • PRRT_kwDORwLuJc6FlGyk / Codex: drive9 token revoke -- --help treated the escape as an extra positional instead of revoking a legal local token/context named --help. Fixed in f995c8b by stripping one leading -- before revoke target collection.
  • PRRT_kwDORwLuJc6FlGyo / Codex: context-name flag values such as ctx add --name --help, ctx import --name --help, and ctx fork --from --help were intercepted by command-wide help scanning before flag parsing knew the token was data. Fixed in f995c8b with value-aware help scanning and regressions for add/import/fork.

Do not re-report those exact accepted findings unless the current head introduces a new, distinct failure path.

Risky Changed Code Paths To Verify

  • cmd/drive9/cli/help.go: IsHelpArgsWithValueFlags skip semantics, especially missing values, repeated value flags, -- boundaries, dash-prefixed help outside value positions, and interaction with IsHelpArgs/IsHelpArg; stripLeadingDashDash callers should strip only one leading escape where intended.
  • cmd/drive9/cli/ctx.go: value-aware scans for ctx add, ctx import, and ctx fork; confirm real help still prints focused usage outside value positions, dash-prefixed values are accepted only where they are valid data, and normal validation/error behavior for missing --api-key, --name, --from-file, --server, and --from values is unchanged.
  • cmd/drive9/cli/secret.go: SecretSet, SecretGet, SecretRm, and SecretGrant; escaped versus unescaped behavior for help, -h, -help, and --help; arity and validation after stripping; grant option parsing after --; and preservation of existing vault operations, payloads, and permission/scope behavior.
  • cmd/drive9/cli/grep.go: leading -- stripping before query/path assignment; verify no regression for normal pattern/path arity, default path behavior, or searching patterns that are literally -- or contain dash prefixes.
  • cmd/drive9/cli/find.go: nextValue behavior for all value-taking filters; handling of missing values, -- with no following value, escaped --help/dash-prefixed values, path position after filters, size parsing for escaped negative values, and unknown flag behavior.
  • cmd/drive9/cli/token.go: token revoke help scan, -- stripping, local context lookup, API key file handling, arity errors, and ensuring unescaped help still prints usage rather than revoking.
  • Test files changed in cmd/drive9/cli/cli_consolidation_test.go, cmd/drive9/cli/ctx_test.go, cmd/drive9/cli/grep_find_test.go, cmd/drive9/cli/secret_commands_test.go, cmd/drive9/cli/token_test.go, and cmd/drive9/main_test.go: tests should prove intended behavior without encoding a wrong CLI contract or missing adjacent edge cases.
  • Broader PR help-dispatch touch points that call IsHelpArgs or IsHelpArgsWithValueFlags, including cmd/drive9/main.go runFS and cmd/drive9/cli/{cat,chmod,cp,db,doctor,find,grep,journal,ls,mkdir,mount,mount_vault,mv,rm,secret,sh,sql,stat,symlink,token}.go.

Please review the current head and return only concrete bugs with plausible failure paths under the finding contract above.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f995c8baee

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread cmd/drive9/cli/token.go Outdated
Comment thread cmd/drive9/cli/db.go Outdated
Comment thread cmd/drive9/cli/secret.go Outdated
Comment thread cmd/drive9/cli/secret_put.go Outdated
Comment thread cmd/drive9/cli/secret.go Outdated
@mashenjun

Copy link
Copy Markdown
Collaborator Author

@codex review

Please perform an incremental review of PR #477.

Current head SHA to review: c48c560263e7caf8d10512cb88ed54f980fe8d30.

Previous Codex review baseline: f995c8baeec03327d8c3d4519200f4182a4baf71.

Round classification: incremental review. Focus on the diff from f995c8baeec03327d8c3d4519200f4182a4baf71 to c48c560263e7caf8d10512cb88ed54f980fe8d30, plus any prior finding whose code path was touched by the new changes. Do not re-report already fixed prior findings unless the current head has reintroduced the failure path.

Stable Review Charter

Core invariants for this PR:

  1. Help intent should be legible and consistent across commands and subcommands.
  2. Dash-prefixed help flags such as -h, -help, and --help should be recognized before parsing normal command flags, unless they appear after --.
  3. -- is the escape boundary for treating later tokens as data rather than help/control tokens.
  4. Bare help must not make legitimate positional data unreachable.
  5. Context names that are legal to create must remain addressable from the CLI.
  6. Usage text should be focused to the command/subcommand being invoked and should follow the repo's visible usage: drive9 ... convention unless an existing command intentionally differs.
  7. Existing command behavior unrelated to help dispatch should not change.

Known non-goals:

  1. Do not redesign the CLI parser wholesale.
  2. Do not introduce a new command framework.
  3. Do not change remote Drive9 server behavior.
  4. Do not force-push or rebase the PR branch.
  5. Keep fixes minimal and scoped to still-valid review findings.

Severity Rubric

  • Blocker: prevents merge due to data loss, security exposure, corruption, broken core workflow, or irreversible operational risk.
  • High: likely user-visible correctness, concurrency, compatibility, migration, or reliability failure.
  • Medium: real defect with bounded impact, edge-case trigger, or missing validation that can cause incorrect behavior.
  • Low: non-blocking issue with clear value and low risk.

Review Discipline And Finding Contract

Review scope:

  1. This is an incremental review, not a first review.
  2. Focus on the new diff since f995c8baeec03327d8c3d4519200f4182a4baf71.
  3. Re-check prior findings only when the current diff touched the same behavior or created a nearby regression risk.
  4. Always scan in-scope changes for concrete correctness, security, data consistency, performance, compatibility, observability, and testing risks.
  5. Report only concrete bugs with plausible failure paths. Do not report speculative, style-only, or preference-only findings.

Every finding must include:

  1. Severity
  2. Confidence
  3. What
  4. Evidence
  5. Impact
  6. Fix
  7. Verify

Order findings by severity, then confidence. Do not duplicate the same finding across multiple comments. If no issues are found, state No issues found and list the concrete checks performed.

Changes Since Previous Codex Review

Commit under review:

  • c48c560263e7caf8d10512cb88ed54f980fe8d30 - fix: preserve help-like flag values

Diff summary from f995c8b..c48c560:

  • cmd/drive9/cli/db.go: Create now uses IsHelpArgsWithValueFlags(args, "--name", "--server").
  • cmd/drive9/cli/secret.go: SecretGrant now uses value-aware help scanning for --agent, --ttl, and --perm; SecretAudit now uses value-aware help scanning for --secret, --agent, --since, and --limit.
  • cmd/drive9/cli/secret_put.go: SecretPut now uses value-aware help scanning for --from.
  • cmd/drive9/cli/token.go: TokenRevoke now preserves whether a leading -- escape was present; escaped input must provide exactly one target and bypasses normal option parsing and unescaped stdin-special handling.
  • Tests added or updated in cmd/drive9/cli/db_test.go, cmd/drive9/cli/token_test.go, cmd/drive9/cli/secret_commands_test.go, cmd/drive9/cli/secret_put_test.go, and cmd/drive9/main_test.go.

Diff stat:

cmd/drive9/cli/db.go                   |  2 +-
cmd/drive9/cli/db_test.go              | 46 +++++++++++++++++++++++++
cmd/drive9/cli/secret.go               |  4 +--
cmd/drive9/cli/secret_commands_test.go | 63 ++++++++++++++++++++++++++++++++++
cmd/drive9/cli/secret_put.go           |  2 +-
cmd/drive9/cli/secret_put_test.go      | 20 +++++++++++
cmd/drive9/cli/token.go                | 29 ++++++++++------
cmd/drive9/cli/token_test.go           | 40 +++++++++++++++++++++
cmd/drive9/main_test.go                |  4 +--

Risky changed paths to inspect:

  • cmd/drive9/cli/help.go, especially IsHelpArgsWithValueFlags, because the Round 4 fix depends on its value-consuming semantics even though this helper itself was introduced earlier.
  • cmd/drive9/cli/token.go, especially TokenRevoke interactions among --, --api-key-file, - stdin, local context names, legacy ids, and direct token-secret rejection.
  • cmd/drive9/cli/db.go, especially Create behavior for value flags versus explicit help outside value positions.
  • cmd/drive9/cli/secret.go, especially SecretGrant and SecretAudit flag-value scanning and -- scope handling.
  • cmd/drive9/cli/secret_put.go, especially SecretPut ordering between help detection, stdin rejection, and --from directory validation.
  • Dispatch tests in cmd/drive9/main_test.go, because some help examples changed from value-position --help to explicit-help positions.

Current Review Thread State

Live GitHub review-thread query at head c48c560263e7caf8d10512cb88ed54f980fe8d30 reported:

  • Total review threads: 16
  • Unresolved review threads: 0

Accepted and fixed in Round 4:

  1. PRRT_kwDORwLuJc6FlSd4: TokenRevoke escaped flag-shaped names such as drive9 token revoke -- --api-key-file should be treated as local token/context names, not as options.
  2. PRRT_kwDORwLuJc6FlSd6: drive9 create --name --help --server <url> should provision a context named --help.
  3. PRRT_kwDORwLuJc6FlSd9: drive9 vault audit --secret --help should query audit events for secret --help.
  4. PRRT_kwDORwLuJc6FlSd-: drive9 vault put /n/vault/s --from --help should treat --help as the directory value and reach directory validation, not usage.
  5. PRRT_kwDORwLuJc6FlSeB: drive9 vault grant --agent --help --ttl 1h --perm read aws-prod should treat --help as the agent id.

Rejected findings: none.

Still-open findings: none known from GitHub review threads.

Do-Not-Repeat List For Fixed Findings

Do not repeat these as findings unless current head c48c560263e7caf8d10512cb88ed54f980fe8d30 demonstrably reintroduces the same failure path:

  1. ctx use help and legal context names like help, -h, -help, and --help are reachable through the explicit ctx use -- <name> escape.
  2. Bare help is no longer globally reserved as leaf positional data; IsHelpArgs detects only dash-prefixed help forms before --.
  3. Vault usage text was normalized to usage: drive9 ....
  4. catWithWriter help output was changed to use the injected writer.
  5. fs cp now consumes a leading -- before operands such as --help.
  6. vault rm strips a leading -- for positional secret names.
  7. vault set, vault get, and vault grant positional secret/scope handling now support escaped dash-prefixed names where fixed in prior rounds.
  8. fs grep -- --help /docs and fs find -name -- --help /docs were addressed in prior rounds.
  9. token revoke -- --help was addressed in prior rounds; Round 4 specifically extends this to escaped names that collide with revoke options.
  10. Context value flags such as ctx add/import --name --help and ctx fork --from --help were addressed in prior rounds.
  11. Round 4 value-position fixes for create --name, vault audit --secret, vault put --from, and vault grant --agent should not be repeated unless a current-head command path still swallows those values as help.

Current Validation Evidence

Responder-reported local validation for commit c48c560263e7caf8d10512cb88ed54f980fe8d30:

  • Focused Round 4 regressions: pass.
  • go test ./cmd/drive9/cli ./cmd/drive9 -count=1: pass.
  • go test ./...: pass.
  • make lint: pass.
  • git diff --check: pass.

Live GitHub checks at prompt-generation time:

  • CodeRabbit: pass.
  • drive9-server-local e2e smoke: pass.
  • ci: fail in the Failpoint test step.

The failing CI log shows TestSemanticWorkerRenewsLeaseForLongImageTaskWithFailpoint in pkg/server/semantic_worker_failpoint_test.go failed with:

task img-task-renew-failpoint status="processing", want "succeeded"
--- FAIL: TestSemanticWorkerRenewsLeaseForLongImageTaskWithFailpoint
FAIL github.com/mem9-ai/dat9/pkg/server
make: *** [Makefile:86: test-failpoint] Error 1

This failure is outside the CLI files changed by c48c560, but do not ignore it if you can identify a concrete causal path from the PR diff. Do not report it merely as an unrelated flaky/ambient CI failure without a plausible link to the current changes.

Concrete Review Focus

Please specifically verify:

  1. IsHelpArgsWithValueFlags handles value flags correctly when the value is --help, -h, -help, help, --, or missing.
  2. Explicit help still works outside value positions after the Round 4 value-aware changes.
  3. TokenRevoke escaped mode does not accidentally break legitimate --api-key-file, stdin -, local context, legacy-id, or direct token-secret rejection behavior.
  4. The list of value flags passed to IsHelpArgsWithValueFlags is complete for each changed command. In particular, do not assume all flag values are safe merely because the helper exists; check command-specific flags and any value flags not included in the Round 4 diff.
  5. SecretGrant still handles the -- scope boundary correctly after value-aware scanning for --agent, --ttl, and --perm.
  6. SecretAudit still reports help when help is explicit and not consumed as a value, while preserving help-like filter values.
  7. SecretPut still preserves its documented error priority: stdin-present rejection before argv parsing, then path shape, credentials, and directory semantics.
  8. Dispatch-level help tests still model real user behavior and did not hide a reachable command that should print usage.

Again: report only concrete bugs with evidence and a plausible failure path. If no issues are found, say No issues found and list the checks performed.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c48c560263

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread cmd/drive9/cli/token.go

Copy link
Copy Markdown
Collaborator Author

@codex review

Please run a fresh final verification review on current PR head 196c4e456ba1ad79812a3fe5baa515c50d2065b2.

Context: prior Codex and CodeRabbit findings were addressed and resolved through the review loop. Focus on concrete new correctness, compatibility, security, data consistency, performance, observability, or test coverage issues with plausible failure paths. Do not repeat previously resolved findings unless the current head introduces a new failure path. If no issues remain, please state that no issues were found and list the checks performed.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 196c4e456b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread cmd/drive9/main.go Outdated

Copy link
Copy Markdown
Collaborator Author

@codex review

Please run a fresh final verification review on current PR head fe28807443bfb093199716a97e8a41f45cf7b6fa.

Context: the prior final-review finding about drive9 fs cp --description --help ... was fixed, tested, pushed, and its review thread was resolved. Focus on concrete new correctness, compatibility, security, data consistency, performance, observability, or test coverage issues with plausible failure paths. Do not repeat previously resolved findings unless the current head introduces a new failure path. If no issues remain, please state that no issues were found and list the checks performed.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fe28807443

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread cmd/drive9/main.go

Copy link
Copy Markdown
Collaborator Author

@codex review

Please run a fresh final verification review on current PR head df903b93e099a0803e1cc2a72af59baf26a2ed65.

Context: the prior final-review findings about drive9 fs cp --description --help ... and drive9 fs find ... -name --help / other find value flags were fixed, tested, pushed, and their review threads were resolved. Focus on concrete new correctness, compatibility, security, data consistency, performance, observability, or test coverage issues with plausible failure paths. Do not repeat previously resolved findings unless the current head introduces a new failure path. If no issues remain, please state that no issues were found and list the checks performed.

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. You're on a roll.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@qiffang qiffang left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requesting changes. The broad help handling mostly fixes Issue #474, and the targeted tests pass locally, but the implementation currently breaks the escape path for help-like operands on several filesystem subcommands.

The new IsHelpArgs contract says scanning stops at -- because arguments after it are data/nested command args. runFS follows that contract, but several leaf parsers do not consume the sentinel before arity/path parsing. That means users who need a literal --help operand cannot recover the pre-PR behavior with the documented escape boundary.

Concrete repros from this PR head:

cli.Mkdir(c, []string{"--", "--help"})
=> usage: drive9 fs mkdir <path>

cli.Symlink(c, []string{"--", "--help", ":/link"})
=> usage: drive9 fs symlink <target> <link>

cli.Mv(c, []string{"--", "--help", ":/new"})
=> usage: drive9 fs mv <old> <new>

cli.Find(c, []string{"--", "--help"})
=> unknown flag "--"

This is not just a theoretical edge case: symlink explicitly supports relative literal targets, and rm / grep already implement the -- escape correctly, so the behavior is inconsistent across sibling fs commands.

Please either:

  • add -- sentinel handling to every fs leaf whose operands can be path/data (mv, mkdir, chmod, symlink, find, and any similar parser), with regression tests for literal --help, or
  • document and test a narrower rule that those commands intentionally cannot accept dash-prefixed operands.

Given the PR body promises help-like data escape paths, the first option is the correct fix.

Local validation run:

  • /usr/local/go/bin/go test ./cmd/drive9 ./cmd/drive9/cli -count=1
  • git diff --check
  • /usr/local/go/bin/go test ./cmd/drive9/cli -run 'Test(IsHelpArgs|.*Help|.*help|.*Literal|.*literal|.*Dash)' -count=1

@qiffang qiffang left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dat9-dev1 Review — PR #477 (CLI help parsing)

Verdict: REQUEST_CHANGES

What works well

  1. Centralized usage functions — Single source of truth for each command's usage string, replacing scattered inline literals. This is a net improvement for maintenance.
  2. IsHelpArgs / IsHelpArgsWithValueFlags core design — Clean separation of scanning logic with -- boundary and value-flag awareness. The IsFindHelpArgs and IsCpHelpArgs specializations correctly skip help-like filter values.
  3. Test coverage is thorough for the commands that received full treatment — cp, find, grep, ctx, secret, token revoke all have proper escape-path regression tests.
  4. Vault usage typo fix ("usage drive9 vault""usage: drive9 vault") — good catch.

Blocker: -- escape path incomplete for positional-only fs leaf commands

I agree with @dat9-dev2's blocker. The PR's contract is: "scanning stops at -- because arguments after that separator belong to a nested command or data payload." But several leaf commands do NOT consume --, so the escape path is broken:

Affected commands (all use IsHelpArgs(args) which correctly stops at --, but then the argument parser itself treats -- as an extra positional):

Command Symptom for ["--", "--help"]
mkdir len(args) != 1 → usage error (args has 2 elements)
symlink len(args) != 2 → usage error (needs target + link but -- is counted)
mv len(args) != 2 → same
chmod len(args) != 2 → same
stat strings.HasPrefix("--", "-") → falls to usage error
ls -l check sees "--" as unknown → potentially errors

Fix: Each of these needs args, _ = stripLeadingDashDash(args) after the IsHelpArgs check (same pattern already applied in Grep, SecretSet, SecretGet, SecretRm, ctxUse, ctxRm, TokenRevoke). Add regression tests for each.

Observation: TokenForget still rejects dash-prefixed names

Line ~2079: if len(args) != 1 || strings.HasPrefix(args[0], "-") — this blocks any dash-prefixed token name even with a -- escape. Since TokenForget is deprecated (alias for ctx rm), this is low priority, but worth noting for consistency.

Observation: dual help dispatch in runFS

fsSubcommandHasHelp() in main.go checks help at the dispatch level AND each command checks internally. The dispatch path short-circuits first, so the per-command check is dead code for the fs subcommands. Not a bug — just redundant. The per-command checks are still useful for non-fs entry points (e.g., vault, ctx, token which don't go through runFS).

Summary

The core IsHelpArgs family is well-designed. The gap is mechanical — 6 leaf commands need stripLeadingDashDash + test coverage, same pattern already established elsewhere in the PR. After that fix, LGTM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

ctx import --help exits with unknown flag instead of showing help

2 participants