Current state
The CLI now has the minimal viable legal-handling path:
- In src/cli/src/lib.rs, the CLI now recognizes the backend 403 response with code:
"legal_acceptance_required". - Instead of a generic API failure, it prints a targeted message telling the user they need to accept updated
legal documents in the web app before continuing. - I wired that into the main authenticated command paths, including app/resource operations and a few signed
flows.
What CLI users experience now:
- They log in successfully.
- If they try to use a protected command while outdated on blocking legal docs, the command fails with a clear
message like:- they need to accept updated legal documents
- which document is blocking them
- go to the web app dashboard to accept
What it does not do yet:
- it does not let users review/accept ToS or Privacy directly inside the CLI
- it does not automatically retry the command after acceptance
Future desired CLI path:
When a CLI user is blocked by updated legal documents, the CLI should handle it end-to-end instead of sending them to the browser.
Recommended flow:
- CLI receives 403 with code: "legal_acceptance_required"
- CLI calls GET /api/user/status
- CLI shows which document(s) require action
- CLI prints the public document URLs so the user can review them
- CLI asks for explicit confirmation per document
- CLI calls POST /api/legal/accept for each required doc
- CLI either retries the original command automatically or tells the user to rerun it
Nice-to-have additions:
- a dedicated command like caution legal status
- a dedicated command like caution legal accept
- a caution legal review command that opens the URLs in browser or prints them clearly
- better handling when both ToS and Privacy Notice are outdated
- optional display of accepted timestamp / current effective date
Important design constraint:
- the CLI should help users review the real public documents, not just accept blindly in terminal
- so the document URLs should stay part of the flow even if acceptance happens in CLI
Summary:
- Add first-class CLI legal acceptance flow for users blocked by legal_acceptance_required
- Fetch legal status from /api/user/status
- Display outdated docs and review URLs
- Prompt for explicit acceptance
- Submit acceptance via /api/legal/accept
- Retry or resume the blocked operation afterward
# Current state
The CLI now has the minimal viable legal-handling path:
- In src/cli/src/lib.rs, the CLI now recognizes the backend 403 response with code:
"legal_acceptance_required".
- Instead of a generic API failure, it prints a targeted message telling the user they need to accept updated
legal documents in the web app before continuing.
- I wired that into the main authenticated command paths, including app/resource operations and a few signed
flows.
### What CLI users experience now:
- They log in successfully.
- If they try to use a protected command while outdated on blocking legal docs, the command fails with a clear
message like:
- they need to accept updated legal documents
- which document is blocking them
- go to the web app dashboard to accept
### What it does not do yet:
- it does not let users review/accept ToS or Privacy directly inside the CLI
- it does not automatically retry the command after acceptance
# Future desired CLI path:
When a CLI user is blocked by updated legal documents, the CLI should handle it end-to-end instead of sending them to the browser.
### Recommended flow:
- CLI receives 403 with code: "legal_acceptance_required"
- CLI calls GET /api/user/status
- CLI shows which document(s) require action
- CLI prints the public document URLs so the user can review them
- CLI asks for explicit confirmation per document
- CLI calls POST /api/legal/accept for each required doc
- CLI either retries the original command automatically or tells the user to rerun it
### Nice-to-have additions:
- a dedicated command like caution legal status
- a dedicated command like caution legal accept
- a caution legal review command that opens the URLs in browser or prints them clearly
- better handling when both ToS and Privacy Notice are outdated
- optional display of accepted timestamp / current effective date
### Important design constraint:
- the CLI should help users review the real public documents, not just accept blindly in terminal
- so the document URLs should stay part of the flow even if acceptance happens in CLI
### Summary:
- Add first-class CLI legal acceptance flow for users blocked by legal_acceptance_required
- Fetch legal status from /api/user/status
- Display outdated docs and review URLs
- Prompt for explicit acceptance
- Submit acceptance via /api/legal/accept
- Retry or resume the blocked operation afterward