don't ask the "unsafe" question in noninteractive login

[michalskrivanek]

caller has to use --unsafe or --allow

Summary by CodeRabbit

• Bug Fixes
  • Non-interactive mode now defaults to safe behavior (unsafe disabled) and skips the interactive prompt to avoid blocking automation.
  • Error message in non-interactive contexts updated to clearly require explicit flags when no allowed driver packages are provided.
  • Interactive workflows and prompts remain unchanged.

[coderabbitai]

Walkthrough

In the CLI login flow, non-interactive mode now defaults unsafe=False (skipping the unsafe-import prompt). The prompt for allowed driver packages is only shown in interactive mode. In non-interactive mode, if no allow list is provided the error now states: "--allow TEXT or --unsafe is required in non-interactive mode."

Changes

Cohort / File(s)	Summary of changes
CLI Login Flow packages/jumpstarter-cli/jumpstarter_cli/login.py	Default unsafe=False in non-interactive mode (skip unsafe prompt); only prompt for allowed driver packages in interactive mode; updated non-interactive error message to: "--allow TEXT or --unsafe is required in non-interactive mode."

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant CLI as CLI Login
  participant Prompt as Prompt Handler
  participant Config as Config/Validator

  rect rgb(240,248,255)
  note over CLI: Interactive mode (unchanged)
  User->>CLI: login
  CLI->>Prompt: Ask "Allow unsafe driver client imports?"
  Prompt-->>CLI: User choice (allow/deny)
  CLI->>Config: Apply choice and validate allow list
  Config-->>CLI: Result (ok/error)
  CLI-->>User: Outcome
  end

  rect rgb(245,245,245)
  note over CLI: Non-interactive mode (changed)
  User->>CLI: login --non-interactive
  CLI->>CLI: Set unsafe = False (default)
  CLI->>Prompt: Skip prompt
  alt allow list provided
    CLI->>Config: Validate allow list
    Config-->>CLI: Result (ok/error)
    CLI-->>User: Outcome
  else no allow list
    CLI-->>User: Error: "--allow TEXT or --unsafe is required in non-interactive mode."
  end
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I’m a rabbit in a quiet shell,
I skip the question, all is well.
Safe by default, I hop and check,
If lists are missing — pause, reflect.
A tiny tweak, a tidy trail. 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly captures the primary change of the pull request by indicating that the CLI will no longer prompt for the "unsafe" option in noninteractive mode, which directly reflects the updated default behavior and error messaging in login.py.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[netlify]

✅ Deploy Preview for jumpstarter-docs ready!

Name	Link
🔨 Latest commit	df57e6f
🔍 Latest deploy log	https://app.netlify.com/projects/jumpstarter-docs/deploys/68e759a93ae4e5000896f3d5
😎 Deploy Preview	https://deploy-preview-699--jumpstarter-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/jumpstarter-cli/jumpstarter_cli/login.py (1)

87-92: Consider clarifying "safe mode" in the error message.

The logic is correct, and changing the error message from "non-interactive mode" to "safe mode" better describes the actual constraint. However, "safe mode" might not be immediately clear to users.

Consider enhancing the error message for clarity:

                 if nointeractive:
-                    raise click.UsageError("Allowed driver packages are required in safe mode.")
+                    raise click.UsageError("Allowed driver packages are required in safe mode. Use --allow or --unsafe.")

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6373b76 and 809cbb3.

📒 Files selected for processing (1)

• packages/jumpstarter-cli/jumpstarter_cli/login.py (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Redirect rules - jumpstarter-docs
• GitHub Check: Header rules - jumpstarter-docs
• GitHub Check: Pages changed - jumpstarter-docs
• GitHub Check: build
• GitHub Check: pytest-matrix (macos-15, 3.11)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.13)
• GitHub Check: pytest-matrix (macos-15, 3.13)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.12)
• GitHub Check: pytest-matrix (macos-15, 3.12)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.11)
• GitHub Check: e2e

🔇 Additional comments (1)

packages/jumpstarter-cli/jumpstarter_cli/login.py (1)

86-86: LGTM! Safe default for non-interactive mode.

Defaulting unsafe to False in non-interactive mode is the correct security posture, requiring callers to explicitly opt in via --unsafe flag when needed.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 809cbb3 and df57e6f.

📒 Files selected for processing (1)

• packages/jumpstarter-cli/jumpstarter_cli/login.py (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: Redirect rules - jumpstarter-docs
• GitHub Check: Header rules - jumpstarter-docs
• GitHub Check: Pages changed - jumpstarter-docs
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.12)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.11)
• GitHub Check: pytest-matrix (macos-15, 3.12)
• GitHub Check: pytest-matrix (macos-15, 3.11)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.13)
• GitHub Check: pytest-matrix (macos-15, 3.13)
• GitHub Check: e2e

🔇 Additional comments (1)

packages/jumpstarter-cli/jumpstarter_cli/login.py (1)

86-86: LGTM: Correct default behavior in non-interactive mode.

The logic correctly defaults unsafe to False in non-interactive mode, avoiding the interactive prompt. This is the secure choice and aligns with the PR objective.

[jumpstarter-backport-bot]

Successfully created backport PR for release-0.7:

• [Backport release-0.7] don't ask the "unsafe" question in noninteractive login #702