Skip to content

feat: add read-only mode for safe AI agent usage#74

Merged
pchuri merged 3 commits intomainfrom
feat/read-only-mode
Mar 11, 2026
Merged

feat: add read-only mode for safe AI agent usage#74
pchuri merged 3 commits intomainfrom
feat/read-only-mode

Conversation

@pchuri
Copy link
Owner

@pchuri pchuri commented Mar 11, 2026

Pull Request Template

Description

Add profile-level read-only mode that blocks all write operations at the CLI level, designed for safe AI agent usage. Resolves #73.

When readOnly is enabled (via profile config or CONFLUENCE_READ_ONLY=true env var), the following 13 write commands are blocked: create, create-child, update, move, delete, edit, attachment-upload, attachment-delete, property-set, property-delete, comment, comment-delete, copy-tree.

Type of Change

  • New feature (non-breaking change which adds functionality)
  • Documentation update

Testing

  • Tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • Any dependent changes have been merged and published in downstream modules

Changes

lib/config.js

  • getConfig() returns readOnly field from profile or CONFLUENCE_READ_ONLY env var
  • saveConfig() persists readOnly flag
  • listProfiles() includes readOnly status
  • initConfig() accepts readOnly option

bin/confluence.js

  • assertWritable(config) guard function — exits with code 1 when readOnly is true
  • Guard applied to all 13 write commands
  • --read-only option on init and profile add commands
  • [read-only] badge in profile list output

tests/read-only.test.js (new)

  • Env var behavior (default false, true, false override)
  • Config file readOnly field with mocked fs
  • Env var overrides config file
  • assertWritable() function behavior
  • listProfiles() includes readOnly flag

README.md / SKILL.md

  • Read-only mode section with usage examples
  • --read-only flag documented for init and profile add
  • CONFLUENCE_READ_ONLY env var documented
  • Commands table updated

@pchuri
feat: add read-only mode for safe AI agent usage (#73)
42566a0 
Add profile-level readOnly flag that blocks all write operations at the
CLI level. Supports CONFLUENCE_READ_ONLY env var override and --read-only
flag on init/profile add commands.

- Add readOnly field to config profiles and getConfig()
- Add assertWritable() guard to 13 write commands
- Show [read-only] badge in profile list
- Add CONFLUENCE_READ_ONLY env var (overrides profile setting)
- Add --read-only flag to init and profile add commands
- Add tests for read-only mode behavior
- Update README.md and SKILL.md documentation
@pchuri pchuri requested a review from Copilot March 11, 2026 14:25
Copilot AI reviewed Mar 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a profile-level read-only mode to prevent accidental Confluence writes (particularly for AI agent usage), enforced at the CLI command layer and configurable via profile config or CONFLUENCE_READ_ONLY.

Changes:

  • Add readOnly support to config loading/saving and profile listing.
  • Add an assertWritable() guard and apply it to all write commands; add --read-only to init and profile add.
  • Add read-only mode documentation and a new Jest test suite covering the behavior.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
lib/config.js Reads CONFLUENCE_READ_ONLY, persists readOnly in profiles, and exposes it via getConfig() / listProfiles().
bin/confluence.js Introduces assertWritable(config) and applies it to write commands; adds --read-only to profile creation flows and shows a [read-only] badge.
tests/read-only.test.js Adds tests for env/config precedence, assertWritable(), and listProfiles() readOnly field.
README.md Documents read-only mode, env var, flags, and command table updates.
.claude/skills/confluence/SKILL.md Updates the skill doc to include read-only mode guidance and error pattern.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pchuri
fix: env var CONFLUENCE_READ_ONLY=false now overrides profile readOnl…
7ff23e0 
…y=true

When CONFLUENCE_READ_ONLY is set, its value takes full precedence over
the profile's readOnly field. Previously the || logic prevented false
from overriding a true profile setting. Also adds missing create-child
to the blocked commands list in README.
@pchuri pchuri self-assigned this Mar 11, 2026
@pchuri pchuri merged commit 20de9de into main Mar 11, 2026
6 checks passed
github-actions bot pushed a commit that referenced this pull request Mar 11, 2026
@semantic-release-bot
chore(release): 1.27.0 [skip ci]
d321347 
# [1.27.0](v1.26.0...v1.27.0) (2026-03-11)

### Features

* add read-only mode for safe AI agent usage ([#74](#74)) ([20de9de](20de9de)), closes [#73](#73)
@github-actions
Copy link

github-actions bot commented Mar 11, 2026

🎉 This PR is included in version 1.27.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@pchuri pchuri

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] read only mode

2 participants

@pchuri