9
2
Fork
You've already forked platform
2

Implement a full ToS/Privacy acceptance flow via CLI #175

Open
opened 2026年04月10日 05:15:47 +02:00 by xenushka · 0 comments

Current state

The CLI now has the minimal viable legal-handling path:

  • In src/cli/src/lib.rs, the CLI now recognizes the backend 403 response with code:
    "legal_acceptance_required".
  • Instead of a generic API failure, it prints a targeted message telling the user they need to accept updated
    legal documents in the web app before continuing.
  • I wired that into the main authenticated command paths, including app/resource operations and a few signed
    flows.

What CLI users experience now:

  • They log in successfully.
  • If they try to use a protected command while outdated on blocking legal docs, the command fails with a clear
    message like:
    • they need to accept updated legal documents
    • which document is blocking them
    • go to the web app dashboard to accept

What it does not do yet:

  • it does not let users review/accept ToS or Privacy directly inside the CLI
  • it does not automatically retry the command after acceptance

Future desired CLI path:

When a CLI user is blocked by updated legal documents, the CLI should handle it end-to-end instead of sending them to the browser.

  • CLI receives 403 with code: "legal_acceptance_required"
  • CLI calls GET /api/user/status
  • CLI shows which document(s) require action
  • CLI prints the public document URLs so the user can review them
  • CLI asks for explicit confirmation per document
  • CLI calls POST /api/legal/accept for each required doc
  • CLI either retries the original command automatically or tells the user to rerun it

Nice-to-have additions:

  • a dedicated command like caution legal status
  • a dedicated command like caution legal accept
  • a caution legal review command that opens the URLs in browser or prints them clearly
  • better handling when both ToS and Privacy Notice are outdated
  • optional display of accepted timestamp / current effective date

Important design constraint:

  • the CLI should help users review the real public documents, not just accept blindly in terminal
  • so the document URLs should stay part of the flow even if acceptance happens in CLI

Summary:

  • Add first-class CLI legal acceptance flow for users blocked by legal_acceptance_required
  • Fetch legal status from /api/user/status
  • Display outdated docs and review URLs
  • Prompt for explicit acceptance
  • Submit acceptance via /api/legal/accept
  • Retry or resume the blocked operation afterward
# Current state The CLI now has the minimal viable legal-handling path: - In src/cli/src/lib.rs, the CLI now recognizes the backend 403 response with code: "legal_acceptance_required". - Instead of a generic API failure, it prints a targeted message telling the user they need to accept updated legal documents in the web app before continuing. - I wired that into the main authenticated command paths, including app/resource operations and a few signed flows. ### What CLI users experience now: - They log in successfully. - If they try to use a protected command while outdated on blocking legal docs, the command fails with a clear message like: - they need to accept updated legal documents - which document is blocking them - go to the web app dashboard to accept ### What it does not do yet: - it does not let users review/accept ToS or Privacy directly inside the CLI - it does not automatically retry the command after acceptance # Future desired CLI path: When a CLI user is blocked by updated legal documents, the CLI should handle it end-to-end instead of sending them to the browser. ### Recommended flow: - CLI receives 403 with code: "legal_acceptance_required" - CLI calls GET /api/user/status - CLI shows which document(s) require action - CLI prints the public document URLs so the user can review them - CLI asks for explicit confirmation per document - CLI calls POST /api/legal/accept for each required doc - CLI either retries the original command automatically or tells the user to rerun it ### Nice-to-have additions: - a dedicated command like caution legal status - a dedicated command like caution legal accept - a caution legal review command that opens the URLs in browser or prints them clearly - better handling when both ToS and Privacy Notice are outdated - optional display of accepted timestamp / current effective date ### Important design constraint: - the CLI should help users review the real public documents, not just accept blindly in terminal - so the document URLs should stay part of the flow even if acceptance happens in CLI ### Summary: - Add first-class CLI legal acceptance flow for users blocked by legal_acceptance_required - Fetch legal status from /api/user/status - Display outdated docs and review URLs - Prompt for explicit acceptance - Submit acceptance via /api/legal/accept - Retry or resume the blocked operation afterward
xenushka removed their assignment 2026年04月10日 21:07:38 +02:00
Sign in to join this conversation.
No Branch/Tag specified
main
feat/paddle-byoc-subscriptions
feat/legal-publish-doc
fix/issue-116-duplicate-ssh-key
fix/issue-307-remove-apps
fix/issue-265-http-port-private
fix/issue-330-remove-build-binary
feat/issue-164-account-id
fix/issue-119-logout-confirmation
feat/add-tofu-lockfile-cache
feat/webauthn-discoverable-login
docs/issue-339-install-instructions
fix/issue-336-split-qr-login-tokens
fix/verify-app-source-preflight
fix/many-git-push-deploy
fix/issue-334-email-verification-throttle
fix/issue-273-billing-url
fix/issue-333-final-usage-collection
fix/issue-270-low-credit-email
fix/issue-301-remove-auto-topup
fix/issue-320-byoc-auth-first
fix/issue-348-git-progress-checklist
fix/issue-321-byoc-caution-hcl
fix/issue-332-resource-id-suspension
fix/eif-app-mode-normalization
feat/cli-stagex-container
fix/eif-s3-layer-cache
fix/authz-role-checks
fix/paddle-customdata-credit-mint
fix/cli-hangs-unsupported-ssh-url
feat/print-platform-commit-dashboard
anton/feat/multi-user
fix/config-domain-validation
anton/support-ssh-destroy-get
fix/cli-config-dir
feat/publish-build-inputs
feat/locksmith-polishing
fix/procfile-run-command-no-split
anton/byoc-require-login
fix/hcl-init-template
feat/egress-default-deny
ryansquared/hcl
quotas
anton/feat/region-routing-resource-unavailable-alert
fix/attestation-502-dashboard
ryansquared/systemdize
fix/verify-git-credential-hang
anton/fix-low-credits-alert
xenushka/rename-byoc
ryansquared/add-download-eif
add-debug-flag
test/pr1-integration-harness
anton/fix/only-pass-required-env-vars
ryansquared/add-database-bucket
No results found.
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
Component/Enclave-Builder
This issue affects Enclave Builder (git-push and CLI)
Component/Infrastructure
This issue affects generic Caution hosted infra components
Deploy/BYOC
Relates to Caution Bring-your-own-compute
Deploy/Full-managed
Relates to Caution fully managed cloud
Deploy/Self-hosted
Relates to Caution deployed on self-hosted infra
Interface/API
This issue affects the API
Interface/CLI
This issue affects the command line interface
Interface/Git
This issue affects the Git `push` interface
Interface/Web
This issue affects the web dashboard
Kind/Bug
Something is not working
Kind/Documentation
Documentation changes
Kind/Enhancement
Improve existing functionality
Kind/Feature
New functionality
Kind/Security
This is security issue
Kind/Testing
Issue or pull request related to testing
Priority
Critical
The priority is critical
Priority
High
The priority is high
Priority
Low
The priority is low
Priority
Medium
The priority is medium
Reviewed
Confirmed
Issue has been confirmed
Reviewed
Duplicate
This issue or pull request already exists
Reviewed
Invalid
Invalid issue
Reviewed
Won't Fix
This issue won't be fixed
Status
Abandoned
Somebody has started to work on this but abandoned work
Status
Blocked
Something is blocking this issue or pull request
Status
Need More Info
Feedback is required to reproduce issue or to continue work
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
caution/platform#175
Reference in a new issue
caution/platform
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?