Skip to content

docs(carto-develop-app): document wildcard patterns in --source grants#38

Open
palenz wants to merge 3 commits into
masterfrom
feat/wildcard-grants
Open

docs(carto-develop-app): document wildcard patterns in --source grants#38
palenz wants to merge 3 commits into
masterfrom
feat/wildcard-grants

Conversation

@palenz

@palenz palenz commented May 22, 2026

Copy link
Copy Markdown
Contributor

Summary

API access tokens now accept wildcard patterns in the source grant (shipped in cloud-native#24591). Without this hint, agents fall back to minting one grant per table (or one token per table) for cases where carto.shared.CARTO_* would do the job.

Changes

  • skills/carto-develop-app/SKILL.md: one-line addition to the always-on guidance, noting that --source accepts patterns and listing the rules briefly.
  • skills/carto-develop-app/references/auth-public-token.md: new Wildcard patterns in --source section covering syntax, validation rules, when to prefer patterns vs explicit sources, and the shell-globbing footgun (always single-quote the pattern). Flag reference updated to point at the new section.

Test plan

  • Read the updated reference end to end — the wildcard section sits naturally between "Multi-grant syntax" and "Flag reference".
  • Verify no other skill in the repo claims --source is "table only".

🤖 Generated with Claude Code

palenz and others added 2 commits May 22, 2026 15:09
API access tokens now accept wildcard patterns in the source grant. Teach
the skill that a single grant can cover a whole namespace or a prefix
(e.g. 'carto.shared.CARTO_*') instead of minting one grant per table. Add
a dedicated "Wildcard patterns in --source" section in auth-public-token.md
covering syntax, rules, when to prefer patterns vs explicit sources, and
the shell-globbing footgun.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
API access tokens never expire by default, which is fine for long-lived
production apps but a foot-gun for demos, keynotes, and pilots that end
up living forever in old slides. Teach the skill that --expiration-date
exists and how to use it (ISO date or 30d/1y shorthand), and update the
"tokens don't expire by default" gotcha to point at the flag.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@palenz palenz requested a review from srtena May 22, 2026 13:48
@palenz palenz marked this pull request as ready for review May 22, 2026 13:48
Comment thread skills/carto-develop-app/references/auth-public-token.md Outdated
…ed pattern

Reviewer caught that the docs grouped bare '*' with '**' and 'table*' as
rejected. Bare '*' is the existing "all sources on this connection" sentinel
and is still accepted as-is. Updated SKILL.md hint and auth-public-token.md
rules to call this out explicitly, and to phrase the dot requirement as
"two dot-separated segments" to match the backend error.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@palenz palenz requested a review from srtena May 22, 2026 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants