feat(security): add findings mute and rules bulk-convert commands#545
Merged
platinummonkey merged 2 commits intoMay 30, 2026
Conversation
- pup security findings mute: wraps MuteSecurityFindings (stable, SDK #1519/#1660) - pup security rules bulk-convert: wraps BulkConvertExistingSecurityMonitoringRules (#1675) Co-Authored-By: Claude <noreply@anthropic.com>
The new `pup security findings mute` command calls mute_security_findings, which the Datadog API gates behind the security_monitoring_findings_write authorization scope. default_scopes() only requested security_monitoring_findings_read, so OAuth2 users would get a 403 on mute while API/app-key users (with full app-key permissions) succeeded. Add security_monitoring_findings_write to default_scopes() so `pup auth login` requests it. Left out of read_only_scopes() since it is a write scope. Co-Authored-By: Claude <noreply@anthropic.com>
platinummonkey
merged commit 10c51d3
into
chore/upgrade-dd-sdk-to-master
6 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds two security-monitoring commands surfacing endpoints from the SDK upgrade (base
chore/upgrade-dd-sdk-to-master, PR #539).Changes
src/commands/security.rs—findings_mute(MuteSecurityFindings, now stable per SDK #1519/#1660) andrules_bulk_convert(BulkConvertExistingSecurityMonitoringRules, SDK #1675)src/main.rs—pup security findings mute --fileandpup security rules bulk-convert --filesubcommands + dispatchsrc/auth/types.rs— addsecurity_monitoring_findings_writetodefault_scopes(). Muting findings requires this scope; previously onlysecurity_monitoring_findings_readwas requested atpup auth login, so OAuth2 users would have hit a 403 on mute (API/app-key users were unaffected). Left out ofread_only_scopes()since it is a write scope.docs/COMMANDS.md— documented the new commandsNeither endpoint is gated as an unstable op, so
client.rsis unchanged.New commands
Testing
test_findings_mute_ok/_error,test_rules_bulk_convert_ok/_error(happy + error paths)cargo testgreen,cargo clippyclean (no warnings in pup code). Request-body fixtures match the SDK schemas (MuteFindingsRequestwithmute/reason/relationships; convert payload uses theruleIdsserde field name).default_scopes/read_only_scopestests (contains-based, plus the read-only ⊆ default invariant); no count assertions affected.🤖 Generated with Claude Code
Generated by Claude Code