docs(carto-develop-app): document wildcard patterns in --source grants#38
Open
palenz wants to merge 3 commits into
Open
docs(carto-develop-app): document wildcard patterns in --source grants#38palenz wants to merge 3 commits into
palenz wants to merge 3 commits into
Conversation
API access tokens now accept wildcard patterns in the source grant. Teach the skill that a single grant can cover a whole namespace or a prefix (e.g. 'carto.shared.CARTO_*') instead of minting one grant per table. Add a dedicated "Wildcard patterns in --source" section in auth-public-token.md covering syntax, rules, when to prefer patterns vs explicit sources, and the shell-globbing footgun. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
API access tokens never expire by default, which is fine for long-lived production apps but a foot-gun for demos, keynotes, and pilots that end up living forever in old slides. Teach the skill that --expiration-date exists and how to use it (ISO date or 30d/1y shorthand), and update the "tokens don't expire by default" gotcha to point at the flag. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
srtena
reviewed
May 22, 2026
…ed pattern Reviewer caught that the docs grouped bare '*' with '**' and 'table*' as rejected. Bare '*' is the existing "all sources on this connection" sentinel and is still accepted as-is. Updated SKILL.md hint and auth-public-token.md rules to call this out explicitly, and to phrase the dot requirement as "two dot-separated segments" to match the backend error. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
srtena
approved these changes
May 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
API access tokens now accept wildcard patterns in the source grant (shipped in cloud-native#24591). Without this hint, agents fall back to minting one grant per table (or one token per table) for cases where
carto.shared.CARTO_*would do the job.Changes
skills/carto-develop-app/SKILL.md: one-line addition to the always-on guidance, noting that--sourceaccepts patterns and listing the rules briefly.skills/carto-develop-app/references/auth-public-token.md: new Wildcard patterns in --source section covering syntax, validation rules, when to prefer patterns vs explicit sources, and the shell-globbing footgun (always single-quote the pattern). Flag reference updated to point at the new section.Test plan
--sourceis "table only".🤖 Generated with Claude Code