Skip to content

Fix template updates to require explicit version labels#196

Draft
cursor[bot] wants to merge 3 commits into
mainfrom
cursor/critical-bug-inspection-891e
Draft

Fix template updates to require explicit version labels#196
cursor[bot] wants to merge 3 commits into
mainfrom
cursor/critical-bug-inspection-891e

Conversation

@cursor
Copy link
Copy Markdown
Contributor

@cursor cursor Bot commented May 14, 2026

Description

Fixes a high-impact template update bug where harness_update(resource_type="template") silently defaulted missing version_label to v1. That could mutate the wrong template version when callers intended to update another version such as stable.

The handler now resolves the target version only from explicit inputs: params.version_label, body.version_label, body.versionLabel, or body.label. If no version is provided, it returns a user-fixable error before dispatching any Harness API request.

Type of Change

  • Bug fix
  • New feature
  • Refactor
  • Documentation
  • Other

Checklist

  • Tests pass
  • Typecheck passes

Verification:

  • pnpm test tests/tools/tool-handlers.test.ts
  • pnpm typecheck
  • pnpm build
  • pnpm test
Open in Web View Automation 

cursoragent and others added 2 commits May 14, 2026 11:08
@cursoragent @thisrohangupta
fix: require explicit template update version
806c911 
Co-authored-by: Rohan Gupta <thisrohangupta@users.noreply.github.com>
@cursoragent @thisrohangupta
docs: record critical bug inspection
6f234e2 
Co-authored-by: Rohan Gupta <thisrohangupta@users.noreply.github.com>
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 14, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@cursoragent @thisrohangupta
docs: complete critical inspection log
601835c 
Co-authored-by: Rohan Gupta <thisrohangupta@users.noreply.github.com>
cursor[bot]
cursor Bot commented May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found 1 architecture-level issue to address before merge.

I verified the branch on a clean PR snapshot with pnpm test tests/tools/tool-handlers.test.ts, pnpm typecheck, pnpm build, and full pnpm test (53 files / 1308 tests passing). CI is also green. The remaining problem is a shared-tool contract gap in harness_update for template updates.

Open in Web View Automation 

Sent by Cursor Automation: Sunil On Demand Architecture Review

Comment thread src/tools/harness-update.ts
input[primaryField] = args.resource_id;
}
const versionLabel = asString(input.version_label);
const bodyRecord = isRecord(args.body) ? args.body : undefined;
Copy link
Copy Markdown
Contributor Author

@cursor cursor Bot May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

harness_update() already coerces JSON-string bodies into objects via coerceRecord(body), but this template-specific version extraction reads args.body instead of the coerced form. That leaves a supported shared-tool input path broken: body: JSON.stringify({ label: "stable", template_yaml: "..." }) still returns version_label is required... instead of targeting /versions/stable.

I reproduced this on the PR head with a focused Vitest case against the registered tool handler. Please read the version aliases from coercedBody (or input.body) here and add a tool-level regression test for the JSON-string body path so the generic update contract stays consistent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CLAassistant @cursoragent