finding (ops-aws): 2026-05-13 - coily ops aws drops trailing --query and --output flags despite the -- separator #37

New issue

Open

opened 2026-05-23 20:54:00 +00:00 by coilysiren · 0 comments

coilysiren commented 2026-05-23 20:54:00 +00:00

Owner

Copy link

Originally filed by @coilysiren on 2026-05-18T03:42:48Z - https://github.com/coilysiren/coily/issues/220

Migrated from coily-ops-aws-meta/findings/2026-05-13-ops-aws-passthrough-mangles-query-output-flags.md on 2026-05-17 as part of coilysiren/coily#215. Original file preserved in git history; see deletion commit on coilysiren/coily#215.

2026-05-13 - coily ops aws drops trailing --query and --output flags despite the -- separator

What was observed

While fetching three SSM parameters during webhook setup (agentic-os-kai#405), three consecutive coily ops aws invocations of the shape

coily --commit-scope=/home/kai/projects/coilysiren/agentic-os-kai ops aws -- ssm get-parameter --name /coily/discord-webhook-url --with-decryption --query Parameter.Value --output text

failed with aws rejecting --query, Parameter.Value, --output, and text as four separate "Unknown options." Audit rows: 019e23b4-73d9-7829-be9f-dd2529090b90, 019e23b4-7545-75a7-8dcd-110e7ed0c7b3, 019e23b4-76a0-7e75-8be4-04ffb5cc3539 (all ts 1778715489, verb ops.aws, decision accept, exit_code 1). Each audit row recorded the full argv including --query/--output, so the mangling happens between coily-side audit capture and the actual exec of aws.

Workaround that worked first try: drop the --query/--output flags and parse the JSON response with jq -r '.Parameter.Value'. The rest of the argv (--name, --with-decryption, the SSM path) passed through unchanged.

Why it slipped

The contract for coily ops <tool> -- <args> is that argv after -- is forwarded byte-for-byte to the underlying binary. That contract is implicit in the verb's name ("passthrough"), not enforced by a test against the most common scripting flags of each wrapped tool. --query and --output are the two flags any aws scripting use will reach for first, so this fails on contact with normal use, not at some exotic edge.

The boundary itself accepted the calls and wrote correct audit rows. The friction is in the passthrough, not in the gate. But friction in a passthrough erodes the boundary the gate protects: an agent who hits "Unknown options" three times in a row is tempted to drop back to bare aws, which is exactly what the lockdown is supposed to prevent. A passthrough that is not a faithful proxy is a tax on doing the right thing.

Rule it produced

Anti-signal candidate (not promoted, just data for now): "the -- separator is sufficient to forward argv verbatim through a coily passthrough." Today it is not, at least for ops.aws with --query/--output. Forward action filed at coily#147.

_Originally filed by @coilysiren on 2026-05-18T03:42:48Z - [https://github.com/coilysiren/coily/issues/220](https://github.com/coilysiren/coily/issues/220)_ _Migrated from `coily-ops-aws-meta/findings/2026-05-13-ops-aws-passthrough-mangles-query-output-flags.md` on 2026-05-17 as part of coilysiren/coily#215. Original file preserved in git history; see deletion commit on coilysiren/coily#215._ # 2026-05-13 - coily ops aws drops trailing --query and --output flags despite the `--` separator ## What was observed While fetching three SSM parameters during webhook setup (agentic-os-kai#405), three consecutive `coily ops aws` invocations of the shape ``` coily --commit-scope=/home/kai/projects/coilysiren/agentic-os-kai ops aws -- ssm get-parameter --name /coily/discord-webhook-url --with-decryption --query Parameter.Value --output text ``` failed with `aws` rejecting `--query`, `Parameter.Value`, `--output`, and `text` as four separate "Unknown options." Audit rows: `019e23b4-73d9-7829-be9f-dd2529090b90`, `019e23b4-7545-75a7-8dcd-110e7ed0c7b3`, `019e23b4-76a0-7e75-8be4-04ffb5cc3539` (all ts 1778715489, verb `ops.aws`, decision accept, exit_code 1). Each audit row recorded the full argv including `--query`/`--output`, so the mangling happens between coily-side audit capture and the actual exec of `aws`. Workaround that worked first try: drop the `--query`/`--output` flags and parse the JSON response with `jq -r '.Parameter.Value'`. The rest of the argv (`--name`, `--with-decryption`, the SSM path) passed through unchanged. ## Why it slipped The contract for `coily ops <tool> -- <args>` is that argv after `--` is forwarded byte-for-byte to the underlying binary. That contract is implicit in the verb's name ("passthrough"), not enforced by a test against the most common scripting flags of each wrapped tool. `--query` and `--output` are the two flags any aws scripting use will reach for first, so this fails on contact with normal use, not at some exotic edge. The boundary itself accepted the calls and wrote correct audit rows. The friction is in the passthrough, not in the gate. But friction in a passthrough erodes the boundary the gate protects: an agent who hits "Unknown options" three times in a row is tempted to drop back to bare `aws`, which is exactly what the lockdown is supposed to prevent. A passthrough that is not a faithful proxy is a tax on doing the right thing. ## Rule it produced Anti-signal candidate (not promoted, just data for now): "the `--` separator is sufficient to forward argv verbatim through a coily passthrough." Today it is not, at least for `ops.aws` with `--query`/`--output`. Forward action filed at [coily#147](https://github.com/coilysiren/coily/issues/147).

coilysiren referenced this issue 2026-05-27 00:14:48 +00:00

release: bump-formula job has failed on every release since run 33 #103

coilysiren added the

P3

label 2026-05-31 01:52:47 +00:00

coilysiren added

P4

and removed

P3

labels 2026-05-31 06:59:51 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dispatch/issue-306

args-file-mcporter

claude/coily-docker-image-FF2Rw

claude/busy-almeida-0168e4

v2.50.0

v2.49.1

v2.49.0

v2.48.0

v2.47.0

v2.46.0

v2.45.0

v2.44.1

v2.44.0

v2.43.2

v2.43.1

v2.43.0

v2.42.0

v2.41.0

v2.40.2

v2.40.1

v2.40.0

v2.39.0

v2.37.2

v2.38.0

v2.23.0

v2.37.1

v2.37.0

v2.36.0

v2.35.0

v2.34.0

v2.33.0

v2.32.0

v2.31.0

v2.30.0

v2.29.2

v2.29.1

v2.29.0

v2.28.0

v2.27.0

v2.26.0

v2.25.0

v2.24.0

v2.22.0

v2.21.0

v2.20.0

v2.19.0

v2.18.1

v2.18.0

v2.17.0

v2.16.0

v2.15.2

v2.15.1

v2.15.0

v2.14.0

v2.13.1

v2.13.0

v2.12.0

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.1

v2.7.0

v2.6.0

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.0

v2.0.1

v2.0.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.0

v1.13.0

v1.12.0

v1.11.0

v1.10.0

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.123

v1.5.122

v1.5.121

v1.5.120

v1.5.119

v1.5.118

v1.5.117

v1.5.116

v1.5.115

v1.5.114

v1.5.113

v1.5.112

v1.5.111

v1.5.110

v1.5.109

v1.5.108

v1.5.107

v1.5.106

v1.5.105

v1.5.104

v1.5.103

v1.5.102

v1.5.101

v1.5.100

v1.5.99

v1.5.98

v1.5.97

v1.5.96

v1.5.95

v1.5.94

v1.5.93

v1.5.92

v1.5.91

v1.5.90

v1.5.89

v1.5.88

v1.5.87

v1.5.86

v1.5.85

v1.5.84

v1.5.83

v1.5.82

v1.5.81

v1.5.80

v1.5.79

v1.5.78

v1.5.77

v1.5.76

v1.5.75

v1.5.74

v1.5.73

v1.5.72

v1.5.71

v1.5.70

v1.5.69

v1.5.68

v1.5.67

v1.5.66

v1.5.65

v1.5.64

v1.5.63

v1.5.62

v1.5.61

v1.5.60

v1.5.59

v1.5.58

v1.5.57

v1.5.56

v1.5.55

v1.5.54

v1.5.53

v1.5.52

v1.5.51

v1.5.50

v1.5.49

v1.5.48

v1.5.47

v1.5.46

v1.5.45

v1.5.44

v1.5.43

v1.5.42

v1.5.41

v1.5.40

v1.5.39

v1.5.38

v1.5.37

v1.5.36

v1.5.35

v1.5.34

v1.5.33

v1.5.32

v1.5.31

v1.5.30

v1.5.29

v1.5.28

v1.5.27

v1.5.26

v1.5.25

v1.5.24

v1.5.23

v1.5.22

v1.5.21

v1.5.20

v1.5.19

v1.5.18

v1.5.17

v1.5.16

v1.5.15

v1.5.14

v1.5.13

v1.5.12

v1.5.11

v1.5.10

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.1

v1.4.0

v1.3.0

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.0

v0.3.2

v0.3.1

v0.3.0

v0.2.0

v0.1.0

v0.0.38

v0.0.37

v0.0.36

v0.0.35

v0.0.34

v0.0.33

v0.0.32

v0.0.31

v0.0.30

v0.0.29

v0.0.28

v0.0.27

v0.0.26

v0.0.25

v0.0.24

v0.0.23

v0.0.22

v0.0.21

v0.0.20

v0.0.19

v0.0.18

v0.0.17

v0.0.16

v0.0.15

v0.0.14

v0.0.13

v0.0.12

v0.0.11

v0.0.10

v0.0.9

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

tools-latest

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-bridge/coily#37

No description provided.